Wiley 2015 p2

ACPEN 2010
Business Fraud, Internal Controls,

and Forensic Analysis for the
Accountability Professional
November 10, 2010
Copyright 2010
Accounting Continuing Professional Education Network

&
Business Professionals’ Network, Inc.
2010-2011 Annual Curriculum
With Live Webcast Replays™
Final
Date Subject
May 19, 2010 Farm and Ranch Accounting & Tax Update
Live Webcast Replays:

Second Chance Live Replay: June 2, 2010
Last Chance CPE Replays: December 14, 2010
Best of ACPEN Replay Series: January 11, 2011
June 23, 2010 Not-For-Profit Accounting, Auditing & Tax Update

Second Chance Live Replay: July 7, 2010
July 21, 2010 Governmental Accounting & Auditing Update

Second Chance Live Replay: August 4, 2010
August 25, 2010 Compilation and Review Update

Second Chance Live Replay: September 14, 2010
September 22, 2010 Representing Clients in the Marriage Dissolution

Process: Accounting, Tax, Estate and Financial
Planning Issues
Second Chance Live Replay: October 6, 2010
October 20, 2010 Annual Accounting & Auditing Update

Second Chance Live Replay: November 3, 2010
November 10, 2010 Business Fraud, Internal Controls, and Forensic

Analysis for the Accountability Professional

Second Chance Live Replay: November 30, 2010
December 8, 2010 Annual Tax Update

Second Chance Live Replay: December 16, 2010
May 18, 2011 Construction Industry Accounting & Tax Issues

Second Chance Live Replay: June 1, 2011
Last Chance CPE Replays: December, 2011--TBD
Best of ACPEN Replay Series: January, 2012--TBD
Notes:
1. The above ACPEN courses will be available as live satellite and live webcast events on the
original date of production. The original production day is always a Wednesday. Live
Webcast Replay™ dates may Each course will begin at 9:00 am, central time and end at 5:00
pm, central time. There is a lunch break at 12:30 pm, central time, and two ten minute breaks,
one in the morning and one in the afternoon.
2. Each of these ACPEN courses provides 8 CPE hours of credit (400 minutes).
Ethics credit (General only—not state specific) will be awarded for appropriate topics.
Governmental A & A Update (July 21) will provide 8 hours of Yellow Book credit (24 Hour
Requirement). The Accounting and Auditing Update (October 20) will provide 4 Hours Yellow
Book (24 Hour Requirement) and 4 Hours Yellow Book (56 Hour Requirement).
ACPEN will award CFP credit for appropriate courses. Marketing information distributed for each
course will provide professional credit details)
3. A Live Webcast Replay™ is a webcast of the videotape of a recently produced CPE course, with
faculty members standing by, in real time, to answer questions from webcast viewers. (See,
NASBA Statement on Standards for CPE Programs, Section 400.07). Replays are not available
using satellite technology but can be used at group sites, using broadband internet technology.
For additional information or questions contact

Jim Parente at 972-208-0302/ jim.parente@acpen.com or Anne Taylor at 972-377-
8199/ anne.taylor@acpen.com
What is ACPEN?
The Accounting Continuing Professional Education Network is a cooperative venture
between Business Professionals' Network, Inc. and more than 40 state CPA societies and other
professional accounting associations dedicated to bringing high quality, affordable CPE to
society members and other accounting and financial professionals.
Want to Learn More About ACPEN?

Go to the ACPEN homepage! Find out more about ACPEN, find out about upcoming programs
and help design programs by offering your ideas for content.
http:/ /www.ACPEN.com
The ACPEN homepage will also tell you about how you can receive broadcasts live in your
company or firm, by satellite or as a webcast, or purchase ACPEN programs on DVD for in
house group study. ACPEN distance learning technology makes this the most interactive and
cutting-edge professional education you can get!!
For additional information about ACPEN products and services contact:
By email:
Anne.taylor@acpen.com
Write:
Business Professionals' Network, Inc.
P.O. Box 250703
Plano, TX 75025-0703
Or Call:
972-377-8199
You are part of the broadcast!
ACPEN broadcasts are designed to be interactive!
We encourage you to ask questions of our national experts or add your insights and
perspective on the broadcast topic.
It’s as simple as calling in a question, sending a fax, or emailing the panelists during the
broadcast.
An ACPEN representative will jot down your call, receive your fax or email question and
give it to the appropriate panel member for a quick and informative answer.
Its easy to ask questions during the broadcast:

Simply telephone or send a fax to the numbers shown on the screen during the course
If you prefer email or are watching as a live webcast, the email address will be shown
periodically during the broadcast
The Learning Continues After the Broadcast!
To continue the learning after the broadcast, you may send your questions to panelists by email.
For two days after each broadcast you may send your questions to:
postquestions@acpen.com
Simply identify the panelist you would like to respond, if you have a preference, and they will
respond to your question, if possible. (Due to speaker schedules and commitments, and the
possible volume of questions from a national audience, answers to any particular question
cannot be guaranteed. Experience to date has been that almost all questions are answered!)
ACPEN On-Site Group Study
The following subjects are ACPEN broadcasts and webcasts are available as
Group Study On-Site programs, either by joining the live course as a Group Webcast or
using DVDs of the recorded event, on your own schedule. These allow your whole firm or
company to use ACPEN broadcasts in a very efficient and economical way, as the basis for
high quality, firm specific, in-house group study programming. Pricing is based on the number
of professionals in the firm and the number of titles purchased.
The Group Webcast option allows your firm to join the live event and interact with the faculty
directly.
When you purchase an On-Site DVDGroup Study program from ACPEN, you receive the
entire ACPEN course in DVD format. Each course qualifies for eight hours of CPE credit, for full
day courses, shorter webcasts carry the appropriate amount of credit based on the standard 50
minute hour. You also receive a Facilitator’s Guide, and written course materials in the form
of a print master, for easy duplication.
Plus, ACPEN On-Site Group Study becomes an even better value because your staff will
receive CPE credit for actual discussion time, in addition to the running time of the DVD.
An 8 CPE hour ACPEN program could well yield 10 or even 12 hours of CPE credit, with the
discussion that is sure to flow from the engaging DVD!
currently available:
Accounting & Auditing
Detecting Fraud in Government & Non-Profit Organizations
(Yellow Book)
Compilation & Review Clinic: Basic and Advanced Issues
Understanding and Responding to Business Fraud: Practical Skills for Controllers and
Auditors
An Accountant’s Guide to Handling Clients’ Investments---Accounting, Tax and Planning

Issues in a Volatile Economy
2009 Accounting & Auditing Update
2009 Governmental Accounting & Auditing Update
2009 Not-For Profit Accounting, Auditing, and Tax Update
Understanding & Controlling Business Fraud: Accounting & Legal Issues
Detecting & Controlling Business Fraud
Business Fraud Challenges & Responses: Accounting, Auditing & Legal Issues
Tax
Tax Controversy Tool Kit
Tax Practice in Light of the New Tax Preparer Penalties and Ethical Standards
Estate & Financial Planning for the Small Business Owner
Tax Planning for Small Businesses
Partnership and LLCs Tax Update
Effective Handling of Tax Audits and Appeals

Partnership Taxation Update

2009 Annual Tax Update
Estate, Retirement & Financial Planning Principles & Techniques for CPAs
How to Get the Kids Through College after the 2001 Tax Act
Personal Development, Corporate & Industry Subjects

Enterprise Risk Management (ERM): Cutting Edge Skills for Small Businesses

(Yellow Book)
Auditors
2008 Accounting & Auditing Update
Controllership—Restoring Credibility in a Tarnished Profession
Effective Controllership Skills
Financial Leadership Skills for Corporate Career Success: A Guide for Running with the
Bulls Without Getting Gored!
The Controller as Value-added Contributor
Key Skills for the 21 st Century Industry Accountant
A CPA’s Guide to Buying & selling Businesses
2008 Governmental Accounting & Auditing Update
Understanding & Controlling Business Fraud:

Accounting & Legal Issues
Detecting & Controlling Business Fraud
Business Fraud Challenges & Responses:

Accounting, Auditing & Legal Issues
Estate & Financial Planning Services
Personal Financial & Estate Planning in Cases of Marital Dissolution

College Financial Planning for CPAs
Representing the Elderly Client
Tax & Financial Planning for College Expenses: What Every CPA Needs to Know
Tax & Financial Planning for College Expenses after the 2001 Tax Act:
What Every CPA Needs to Know
Estate, Retirement & Financial Planning Principles & Techniques for CPAs
Personal Financial Planning for CPAs: Building and Managing a Financial Advisory
Practice in Difficult Times
Estate Planning Skills
Effective Estate Planning & Administration Techniques
Developing & Expanding Your Personal Financial Planning Practice
Business Client Services
Enterprise Risk Management (ERM): Cutting Edge Skills for Small Businesses

(Yellow Book)
Partnership and LLCs Tax Update
Auditors

Personal Financial Planning for CPAs: Building and Managing a Financial Advisory
Practice in Difficult Times
Why and How CPA Professionals Should Provide Investment Advisory Services to
Clients...An Effective Strategy for the Next Century
A CPA’s Guide to Buying & Selling Businesses
Business Fraud Challenges & Responses: Accounting, Auditing & Legal Issues
Health Care Issues and Accounting Challenges
Practice Management
Accountants’ Civil Liability: What Every CPA Needs to Know to Protect the Practice
Evolving Your Accounting Practice to Succeed in the New Millennium: A Tool Kit for the
21st Century Accountant
Budgeting and Planning for your Firm’s Technology Needs in the Next 5 Years. (4 hours)
Accountants Can Make a Difference—Adding Value to Clients Through Business

Development Processes. (4 Hours)
Employee Benefit and Management Skills for CPAs
Understanding and Planning for Employee Benefits (4 Hours)
Employee Relations Problem Solving (4 Hours)

* * *
Future ACPEN On-Site Group Study Programs:
(Future Titles, on DVD, will be available for release two weeks after each broadcast)
2009-2010
Annual Curriculum
Original
Broadcast
Date Subject
May 19, 2010 Farm and Ranch Accounting & Tax Update
June 23, 2010 Not-For-Profit Accounting, Auditing & Tax Update
July 21, 2010 Governmental Accounting & Auditing Update

(Yellow Book)
August 25, 2010 Compilation and Review Update
September 22, 2010 Representing Clients in the Marriage Dissolution

Process: Accounting, Tax, Estate and Financial
Planning Issues
October 20, 2010 Annual Accounting & Auditing Update
November 10, 2010 Business Fraud, Internal Controls, and Forensic Analysis for
the Accountability Professional
December 8, 2010 Annual Tax Update
May 18, 2011 Construction Industry Accounting & Tax Issues
ACPEN courses provide 8 CPE hours of credit (400 contact minutes).
For ordering Information, contact your state society or ACPEN, at

972-377-8199
Accounting Continuing Professional Education Network
Advantages and Important Features

Each ACPEN On-Site Group Study program, produced by Business Professionals'
Network, Inc., has the following advantages or special features.
Program Content:
• Unlike some recorded programs, ACPEN On-Site Group Study programs cover
a specific, complete subject, rather than providing a subscription for generic
news or information that may or may not be of interest to accounting
professionals.
• Your firm may participate in an ACPEN course in two ways, either in the live
event, as a group webcast right in your firm, or archived, delivered as a DVD.
• Business Professionals' Network, Inc. has many topics available and each year new
titles are produced covering virtually every area of interest to accountants and
financial professionals in public practice and industry.
• ACPEN group study programs are created by and for the accounting professional by
state accounting societies through the Accounting Continuing Professional
Education Network, so you know that the content will be geared for professional
accountants and will help them succeed.
• The ACPEN network is able to attract nationally known experts in the subject area of
each broadcast, CPAs, attorneys, industry financial professionals, financial services
professionals, regulatory agency and standard setting body representatives, so that
users will receive the best possible and most up to date information.
• The program format is a highly engaging, structured, but lively discussion among
several panelists. This means that the user receives several perspectives on every
issue and the educational experience “feels” very interactive.
• Each On-Site Group Study program comes complete with a set of written materials
that helps illustrate the discussion and that provides a resource for future reference.
On-Site Group Study Product Features:
• Each program is either available a live group webcast or a complete set of DVDs of
the live, interactive CPE program that captures the original event and both provide 8
hours of CPE credit. In addition, because it is an on-site group study product, your
staff will receive additional credit for the additional time devoted to professional
discussion of the live or archived course. Thus, the 8 hour program can provide 9,
or more hours of CPE credit for each participant.
• Business Professionals' Network, Inc. provides you with a complete educational

package that includes a Facilitator’s Guide that will enable you to get the most out of
the program.
• The On-Site Group Study program will be provided on DVDs that are easy and
convenient to use.
• The written materials are provided in a convenient “printmaster” format or available

for downloading from the ACPEN website. Either way, it is easy to duplicate the
number of copies that you need.
• To make it easy to keep track of attendance for CPE credit purposes, Business
Professionals' Network provides attendance forms and will provide completion
certificates for all attendees who are certified as completing the course..
Pricing:
• Accounting Continuing Professional Education Network On-Site Group Study

programs are priced to maximize the number of hours your firm can receive at the
lowest price, for a high quality educational program. This allows small, medium and
large firms to all use Accounting Continuing Professional Education Network
programming to meet their CPE needs at the lowest price.
• Business Professionals' Network, Inc. makes ACPEN On-Site Group Study

programs available at a discount if multiple titles are purchased.
• Participating state societies receive a substantial royalty from all ACPEN On-Site
Group Study Sales in their jurisdiction by agreement with Business Professionals
Network
Adds Convenience to CPE:

• Unlike live seminars or conferences, On-Site Group Study programs, in DVD format,
from ACPEN offer the ultimate flexibility to meet your firm’s needs. You may
schedule the program to be held whenever you like, you may break it up into two,
three or more parts. They may be reviewed after completion as a reference or for
new staff persons.
For more information about ACPEN Courses for In-House Use:
Call ACPEN at 972-377-8199, or your state society.
Notice
The authors and presenters who contributed articles and/or insights to these materials, to the
broadcast event, or to the Live Webcast Replay™ of the original event were carefully selected
for their knowledge and experience in the subject area. The analysis, conclusions and opinions
expressed in articles contained in these materials and by presenters participating in this
continuing education event, whether live or in a recorded medium, are solely those of the
individual author or presenter. Unless otherwise expressly agreed, any such conclusions and
opinions do not represent the official position or opinions of the state CPA society or other
professional organization sponsoring this event, the Accounting Continuing Professional
Education Network (ACPEN), or of Business Professionals' Network, Inc.
Written materials were not edited for content by the Accounting Continuing Professional
Education Network nor by the sponsoring entity. Such information is believed to be accurate at
the time it was first published or broadcast. Neither the Accounting Continuing Professional
Education Network, the sponsoring organization, Business Professionals' Network, Inc., nor the
authors and p resenters can warrant that the information contained in this book, any constituent
article, or the broadcast will continue to be accurate, nor do they warrant them to be completely
free of errors when published or broadcast.
It is the sole responsibility of attendees and users to verify the accuracy of all information
contained herein and derived from the original broadcast event. This material and the
broadcast event, whether live or recorded, are not appropriate to serve as the sole basis for any
professional opinion or action. It should be supplemented for such purposes by reference to
other current authoritative materials and the exercise of professional experience and judgement.
IRS Circular 230 Disclosure
Any tax advice contained in any portion of this manual is not written or i ntended by the author(s)
to be used, and cannot be used, for the purpose of (1) avoiding penalties that may be imposed
on the recipient or any taxpayer or (2) promoting, recommending or marketing to another party
any transaction or matter discussed herein.
Copyright 2010
ACPEN/B P N, Inc.
This Broadcast is Presented by…
The Accounting Continuing Professional Education Network

(ACPEN)
A service of Business Professionals' Network, Inc. to the Accounting Profession

in cooperation with State Societies since 1997
Webcast Accreditation

ACPEN Webcasts are sponsored by Business Professionals' Network, Inc.
Business Professionals’ Network, Inc., which produces the Accounting Professional Education
Network (ACPEN), is registered with the National Association of State Boards of Accountancy
(NASBA) as a sponsor of continuing professional education on the National Registry of CPE
Sponsors. State boards of accountancy have final authority on the acceptance of individual
courses for CPE credit.
Complaints regarding registered sponsors may be addressed to the National Registry of CPE
Sponsors, 150 Fourth Avenue North, Nashville, TN, 37219-2417. Telephone: 615.880.4200.
Web site: www.nasba.org
Business Professionals' Network, Inc’s National Registry Sponsor Number is 107810.

ACPEN
PARTICIPANT EVALUATION
Course Title: Business Fraud, Internal Controls, and Forensic Analysis Date: ____________
City/State: ____________________________________ Check if Webcast: _____
Participant’s Name: Phone:
To assist us in improving our programs, please indicate your opinions by rating each speaker and
other program elements using the appropriate number from the scale below.
SCALE: 5=Excellent, 4=Very Good, 3=Good, 2=Fair, 1=Poor

Effectiveness of the Discussion Leaders
1. David Cotton, CPA, CFE, CGFM
Knowledge of Subject Matter 5( ) 4( ) 3( ) 2( ) 1( )
Presentation Skills 5( ) 4( ) 3( ) 2( ) 1( )
2. Dennis F. Dycus, CPA, CFE, CGFM, ACFE Fellow

3. Marshall B. Romney, PhD, CPA, CFE

4. Robert H. Spencer, PhD

5. Margie F. Reinhart, CPA, CFE, CFF

6. Toby J.F. Bishop, CPA, CFE

7. Charles Blau, JD, LLM

8. Paul E. Coggins, JD
9. Alan M. Buie, JD, AUSA

Overall Course Evaluations
There were no pre-requisites for this course and there were no advance preparation materials.
A. The learning objectives were accurately described in the promotional material:

5( ) 4( ) 3( ) 2( ) 1( )
B. Overall, were the learning objectives of this course met? 5( ) 4( ) 3( ) 2( ) 1( )
C. The written materials were accurate, relevant, and contributed to achievement of Learning
Objectives: 5( ) 4( ) 3( ) 2( ) 1( )
D. Was the Program content timely? 5( ) 4( ) 3( ) 2( ) 1( )
E. For Group Site Attendees: Rate the facility and learning environment (Note
shortcomings below): 5( ) 4 ( ) 3 ( ) 2 ( ) 1 ( )
F. For Webcast Viewers: Rate the performance of the internet technology for this
course: 5( ) 4( ) 3( ) 2( ) 1( )
Narrative Comments & Future Subject Suggestions:
___________________________________________________________________
Group location participants should return the completed evaluation to the site proctor.
Webcast Viewers Should fax their Evaluation to ACPEN at: 972-208-1265

or email them to: evaluations@acpen.com
(No coversheet needed)

Business Fraud, Internal Controls, and Forensic Analysis
for the Accountability Professional
Faculty Information
David L. Cotton, CPA, CFE, CGFM, is chairman of Cotton & Company LLP, Certified Public Accountants. Cotton &
Company is headquartered in Alexandria, Virginia. The firm has a practice concentration in assisting Federal and State
agencies, inspectors general, and government grantees and contractors with a variety of government program-related as-
surance and advisory services. Cotton & Company has performed grant and contract, indirect cost rate, financial state-
ment, financial related, and performance audits for more than two dozen Federal inspectors general as well as numerous
other Federal and State agencies and programs. Cotton & Company’s Federal agency audit clients have included the U.S.
Government Accountability Office, the U.S. House of Representatives, the U.S. Small Business Administration, the U.S.
Bureau of Prisons, and the U.S. Marshals Service. Cotton & Company also assists numerous Federal agencies in preparing
financial statements and improving financial management and accounting systems. Mr. Cotton received his BS in mechan-
ical engineering (1971) and an MBA in management science and labor relations (1972) from Lehigh University in Beth-
lehem, PA. He also pursued graduate studies in accounting and auditing at the University of Chicago, Graduate School
of Business (1977 to 1978). Mr. Cotton is presently serving on the Advisory Council on Government Auditing Standards.
He is a member of the Advisory Council of the Academy for Government Accountability. He is also a member of the
advisory board of the Institute for Truth in Accounting. He is serving on the Institute of Internal Auditors (IIA) Anti-
Fraud Programs and Controls Task Force, and is a former member of the American Institute of CPAs (AICPA) “Group of
100.” He served on the AICPA task force that wrote Management Override: The Achilles Heel of Fraud Prevention. He
is the past-chairman of the AICPA Federal Accounting and Auditing Subcommittee and has served on the AICPA Gov-
ernmental Accounting and Auditing Committee and the Government Technical Standards Subcommittee of the AICPA
Professional Ethics Executive Committee. Mr. Cotton served on the board of the Virginia Society of Certified Public
Accountants (VSCPA), and on the VSCPA Litigation Services Committee, Professional Ethics Committee, Quality Review
Committee, and Governmental Accounting and Auditing Committee. He is member of the Greater Washington Society
of CPAs (GWSCPA) and is serving on the GWSCPA Professional Ethics Committee. He is a member of the Association of
Government Accountants (AGA) and is past-advisory board chairman and past-president of the AGA Northern Virginia
Chapter. He is also a member of the Institute of Internal Auditors and the Association of Certified Fraud Examiners. Mr.
Cotton has testified as an expert in governmental accounting and auditing issues and fraud issues before the United States
Court of Federal Claims and other administrative and judicial bodies. Mr. Cotton served as a technical reviewer for the
1999 through 2003 editions of the AICPA Audit and Accounting Guide Audits of Federal Government Contractors. Mr.
Cotton is the author of the AICPA continuing education courses Fraud in Governmental and Not-for-Profit Audits—the
Auditor’s Responsibilities Under SAS 82 and Joint and Indirect Cost Allocations: How to Prepare and Audit Them. He has
lectured frequently on auditors’ fraud detection responsibilities under SAS 99, Consideration of Fraud in a Financial State-
ment Audit. He also has been an adjunct instructor at the Inspectors General Auditor Training Institute (Auditing the
Federal Contracting Process and Contract and Procurement Fraud) and currently teaches at the George Mason University
Small Business Development Center (Fundamentals of Accounting for Government Contracts).
Mr. Dennis F. Dycus, CFE, CPA, CGFM, presently serves as the Director of the Division of Municipal Audit for the Office
of the Comptroller of the Treasury, State of Tennessee. The Division is responsible for the annual audit of all municipali-
ties, utility districts, school activity and cafeteria funds, housing authorities, certain not-for-profit organizations and other
quasi-governmental entities in the State of Tennessee. In addition, the Division’s staff conducts numerous audits for fraud,
waste and abuse each year. From the beginning of his career with a national accounting firm, through the last 37 years of
involvement with the audits of all forms of governmental entities, he brings a wealth of practical experience to his pre-
sentations. A graduate of Western Kentucky University, Mr. Dycus is a frequent guest speaker/lecturer for various college
business/accounting classes, professional associations, local, state and national conferences and not-for-profit organiza-
tions. In 1996, the Eta Omicron Chapter of Beta Alpha Psi presented him with the Distinguished Alumnus Award in rec-
ognition of his support of the WKU Accounting Department. A 1986 graduate of the Tennessee Government Executive
Institute, Mr. Dycus is an active member of the American Institute of Certified Public Accountants where he previously
served on the Members in Government Committee, the Ad Hoc CPE Curriculum Task Force on Government and the
National CPE Curriculum Subcommittee. He is also a member of the Tennessee Society of Certified Public Accountants,
the Association of Government Accountants, where he previously served as chapter president; the Government Finance
Officers Association, and the Association of Certified Fraud Examiners, where he also served as chapter president and is a
former member of both the Association’s Board of Regent and ACFE Foundation as well as a member of their instructor
faculty on a national basis. In June, 2005, the Middle Tennessee Chapter honored him with the designation of president
emeritus in recognition of his longstanding contributions to the chapter. For the last several years, Mr. Dycus has devel-
oped and/or conducted training programs in all fifty states, Puerto Rico, Guam, Canada and Europe, for organizations
such as the Association of Certified Fraud Examiners; the American Institute of Certified Public Accountants; numerous
state CPA societies; the Government Finance Officers Association; the Association of Government Accountants; the Na-
tional Association of State Auditors, Comptrollers and Treasurers; Westcott Communications, Inc.; the Organization for
Security and Co-Operation in Europe; New York Presbyterian Hospital; IBM; HCA; NYC Presbyterian Hospital, Saturn,
Inc.; the US Department of Labor; the Government Accountability Office; the Internal Revenue Service; Bisk Education,
Inc.; Nichols Education, Inc.; numerous state audit organizations and individual professional firms. He is a frequent speak-
er at various professional conferences, both on a local and national level. In 1989 and again in 1997, he was the recipient
of the AGA’s, National Education and Training Award and has been presented with several Outstanding Discussion Leader
Awards by both the Tennessee and Florida Societies of Certified Public Accountants. In 1998 he was honored with the
Association of Certified Fraud Examiner’s, Distinguished Achievement Award for his meritorious service in the detection
and deterrence of fraud and in 2001 was one of only three individuals to receive the designation as a Fellow of the Associa-
tion of Certified Fraud Examiners in recognition for his contribution to expanding the Association’s body of knowledge
toward the detection of fraud. In 2003 he was the recipient of the Tennessee Society of CPA’s first ever, Outstanding CPA
in Government Award and in 2004 received the Association of Certified Fraud Examiners’ Outstanding CFE in Govern-
ment Award. In 2009 he was recognized as a Friend of the Association by the Tennessee Association of Utility Districts for
his contribution to the utility industry in Tennessee. This was only the second such recognition the association had made
in its 52 year history. In addition, he has authored articles on auditing for fraud for national publications.
Marshall B. Romney, PhD, CPA, CFE, is the John and Nancy Hardy Professor in the Marriott School of Management
at Brigham Young University. He is the recipient of the Marriott School’s outstanding professor award and the outstand-
ing researcher award. He is also the first recipient of Ernst & Young’s award for outstanding citizenship. Marshall holds
a Bachelor’s and Master’s degree from BYU. Upon graduation, Marshall went to work for Touche Ross where he got his
first exposure to fraud auditing as a member of the court-appointed team that investigated the Equity Funding fraud. For
the last 30 years, he has been involved in fraud prevention, detection, audit, and research. Marshall left public accounting
to earn a Ph.D. degree in accounting from the University of Texas at Austin. Marshall has published 23 different books,
including seven books on fraud and the leading text on Accounting Information Systems. He has developed 17 CPE
courses, including 13 on fraud. He authored 6 different articles on fraud for Groliers Encyclopedia. He has also had over
100 articles on fraud and other topics published in academic and professional journals or as chapters in books. Several of
the articles have been nominated for the journal’s article of the year award. Researchers in the US and in foreign countries
have cited his research numerous times, and a number of his publications have been translated and reprinted in journals
in other countries. His research on fraud has been the topic of a number radio and television interviews. Marshall has
taught for or consulted with over 50 different organizations and includes among his clients the Federal Bureau of Investi-
gation, three of the Big 4 CPA firms, the AICPA, the Arizona Auditor General’s Office, the Association of Certified Fraud
Examiners, the Institute of Internal Auditors, and twenty state CPA societies. Because of his extensive background in fraud
research, Marshall was asked to be the lead fraud researcher for the Treadway Commission. He had to turn the invita-
tion down due to other professional responsibilities. Marshall was an advisor to the National Commission on Fraudulent
Financial Reporting. Marshall is the recipient of eight research grants from CPA firms, the Institute of Internal Auditors,
and the American Accounting Association. He has made over 60 presentations at academic and professional conferences.
He has been on the editorial board of 10 academic and professional journals including the Journal of Forensic Account-
ing. Marshall is a past president of the Information Systems section of the AAA. He was a member of both the Informa-
tion Technology Executive Committee and the IT Practices Subcommittee of the American Institute of Certified Public
Accountants. He was the chairperson of the Information Technology committee for the Utah Association of CPAs, who
presented him with their outstanding chairperson award. At BYU, Marshall is the Associate Director of the School of
Accountancy and Information Systems and is the director of both the graduate and undergraduate Information Systems
programs.
Margie Reinhart, CPA, CFF, CFE, CA, has devoted her career to becoming highly skilled in the multi-facets of forensic
accounting, fraud consulting, white collar criminal investigations and forensic data analytics. Prior to founding Reinhart
Forensic Consulting, she spent over eleven years at a big four accounting firm and over three years managing the Dallas of-
fice of a boutique forensic accounting firm where she also served as the national government practice leader. Ms. Reinhart
works closely with government agencies, law firms and corporate executives, serving as an expert in forensic accounting
matters, fraud investigations, data analytics, interviews and interrogations, financial disputes, risk management, internal
audit special projects, and litigation consulting. She is a CPA, Certified in Financial Forensics, a Certified Fraud Examiner
and has practiced in both the United States and Canada.
Robert H. Spencer, PhD, for the past 30 plus years, has had many careers in business and technology , beginning with 13
years with the Department of Defense where he was part of the team that redesigned the Army’s accounting and military
pay systems. Next, Bob played key roles integrating microcomputers into training and education programs for the De-
partment of Navy in the early eighties. Along the way he owned and operated several successful companies including a
short career in real estate development and sales. Bob moved to private industry in 1984, joining a regional CPA firm as its
Director of Information Systems becoming a principal with the firm a few years later. Bob continues to consult with some
of the country’s most progressive accounting firms as well as many other industries including governmental, manufactur-
ing and distribution.
After retiring from his public accounting firm in 1995 he pursued a brief career in banking, but missing the diversity, he
returned to consulting and formed his own professional services firm. Bob believes that “Businesses today must extend
the life of their technology investment and this is done through strategic planning, management, and process engineer-
ing to more fully benefit from technology.” In today’s security-conscious world, Bob is also very active in assisting clients
with “hardening” their networks to minimize the threats of intrusion and regularly conducts security reviews and audits
for financial institutions. Dr. Spencer has pursued education with a passion throughout his career and has advanced
degrees in Computer Science and Administration as well as a Bachelors of General Studies that included studies in systems
engineering and accounting. He enjoys writing and has published a number of books over the past 20 years. In 2002 he
co-authored Technology Best Practices, published by John Wiley & Sons, with friend and partner Randy Johnston. Bob
and Randy also released their sixth edition of Accounting Software Solutions in 2005, which is available from K2 Enter-
prises at www.k2e.com. Bob has been published, and quoted, in hundreds of magazines, newspapers and journals over his
career. An estimated 26,000 CPAs read his commentaries monthly. He has been recognized by Who’s Who in Business
and Industry, Accounting Technology Magazine and many other professional organizations for his contributions. He is
invited to speak at more than 25 state, national, and international conferences each year and presents educational seminars
for CPAs as an associate of K2 Enterprises. Bob has been acknowledge as a respected and knowledgeable expert in the field
of technology and business.
Toby Bishop, CPA, CFE, is the director of the Deloitte Forensic Center for Deloitte Financial Advisory Services LLP
(Deloitte FAS). He has been named five times to Accounting Today’s Top 100 Most Influential People in the Accounting
Profession. He is co-author, with Frank Hydoski, of the book Corporate Resiliency: Managing the Growing Risk of Fraud
and Corruption (Wiley, 2009) and a related article in Harvard Business Review (October 2009). Toby is a contributing
author and a member of the board of editors of Business Crimes Bulletin, a member of the Institute of Internal Auditors’
(IIA) Board of Research and Education Advisors, a board member for the Institute for Fraud Prevention, has presented to
the Public Company Accounting Oversight Board’s (PCAOB) Standing Advisory Group, and serves on a task force for the
Center for Audit Quality’s Anti-Fraud Working Group. Toby co-authored the IIA/AICPA/ACFE guidance Managing the
Business Risk of Fraud: a practical guide. He also co-authored the AICPA guidance papers Management Antifraud Pro-
grams and Controls: Guidance to Help Prevent, Deter, and Detect Fraud and Management Override: The Achilles’ Heel of
Fraud Prevention — The Audit Committee and Oversight of Financial Reporting. Toby is the former president and chief
executive officer of the Association of Certified Fraud Examiners (ACFE), the professional association of over 50,000 anti-
fraud professionals in 125 countries. He is a thought leader in the area of fraud prevention and detection with a
special focus on the issue of financial statement fraud. A global commentator on fraud trends, Toby has been quoted in
major international publications such as The New York Times, London’s The Daily Telegraph and India Today. His mate-
rial has appeared in many publications including BusinessWeek, CFO magazine, Forbes.com, Fraud Magazine, Reuters,
USA Today, Accounting Today, The American Banker, The Auditor’s Report, Compliance and Ethics Magazine, Compli-
ance Week, Corporate Board Member, Corporate Counsel, The CPA Journal, Director’s Alert, GRC 360, Internal Auditing,
Journal of Accountancy, NACD Directorship, Rzeczpospolita, Sarbanes-Oxley Compliance Journal, Wall Street & Technol-
ogy, and White-Collar Crime Fighter. Toby has appeared on television in several countries. He has brought his thought-
provoking insights on fraud to events for organizations such as CFO Conferences, Financial Executives International, the
American Accounting Association, the American Institute of Certified Public Accountants (AICPA), state CPA societies,
the Association of Certified Fraud Examiners, Beta Alpha Psi, the Institute for International Research, the Institute of
Internal Auditors, the Institute of Management Accountants and the Wiley Faculty Network. He also provides executive
education on fraud for companies internationally. Dedicated to using education to empower others to fight fraud effec-
tively, Toby has given presentations to more than 1,000 professors to help them equip the next generation of accounting
and finance professionals. A popular invited speaker, he has given interactive presentations to thousands of undergraduate
and graduate students at universities around the world. A native of England, Toby is a graduate of Oxford University. He is
a CPA licensed in Illinois and Massachusetts, a CFE (Certified Fraud Examiner) and a fellow of the Institute of Chartered
Accountants in England & Wales (FCA).
Paul E. Coggins, JD, has been a Principal of Fish & Richardson P.C, in Dallas, Texas, since March 2001. He is the former
United States Attorney for the Northern District of Texas and, before that, Assistant United States Attorney in that office.
He is a former member, as well as Vice-Chair of Attorney General Janet Reno’s Advisory Committee. He was also a
former Texas Special Assistant Attorney General from1991-1993. In his practice, he concentrates in Complex Litigation,
Business Litigation, and White Collar Criminal Defense. His professional career also includes practice as a Partner with
Meadows, Owens, Collier, Reed & Coggins in Dallas, and with Johnson & Gibbs and with Hewett, Johnson, Swanson &
Barbee also in Dallas. He is an active member of the American, Texas and Dallas Bar Associations. He is a prolific author
of various professional books and articles and is a frequent presenter for various professional organizations, as well as
previous CLE Options courses.
Charles W. Blau, JD, is an attorney, in private practice, in Dallas, Texas. He focuses his practice on the representation of
individuals and entities that are accused of white collar crimes. Mr. Blau assists companies in discrete internal investiga-
tions both before and during governmental inquiries. He also aids corporations in fashioning, enacting and administering
compliance and ethics programs. He regularly advises clients how to prevent and detect criminal, civil and administrative
problems, often in conjunction with independent accountants and investigators. His practice concentration and experi-
ence includes criminal law and litigation: Tax Fraud, Criminal Anti-Trust and Securities Fraud, Defense Procurement
Fraud, Environmental Crimes, Health Care Fraud, Bank Fraud and Money Laundering Crimes. Mr. Blau was an Assis-
tant United States Attorney for the Southern District of Indiana in 1976 and held various federal prosecutorial positions
through 1987, including Associate Deputy Attorney General of the United States. He is a prolific author and speaker. He
is an active member of the ABA White Collar Crime Subcommittee and served as a co-chair of the Southwest Regional
Committee of the organization. He is member of the Florida, Indiana and Texas bar associations as well as many other
professional organizations. He received his undergraduate degree from Indiana University, his law degree from the Uni-
versity of Louisville and his L.L.M. in taxation from Georgetown University.
Alan M. Buie, JD, has been an Assistant United States Attorney for the Northern District of Texas since 2005. He is cur-
rently assigned to the fraud section of the criminal division in the Dallas office. Before joining the United States
Attorney’s Office, Mr. Buie was an enforcement attorney, then a branch chief and an assistant director, with the Fort Worth
office of the SEC from 2000 to 2005. He is currently focusing on the prosecution of securities-related crimes, but his
experience at the United States Attorney’s Offices in Dallas and Fort Worth has encompassed a variety of trial and appel-
late cases, including tax crimes, health care fraud, passport fraud, bank fraud, wire fraud, mail fraud, access device fraud,
and bankruptcy fraud, as well as mail theft, counterfeiting of U.S. currency, impersonation of federal officials, theft from
interstate shipments, threats against the president, bank robberies, immigration violations, international child kidnap-
ping, and firearms and narcotics offenses. Mr. Buie has been licensed to practice in Texas since 1992. He graduated from
Harvard Law School in 1992.
Table of Contents
Section Subject
1 ACFE 2010 Report to the Nations on Occupational Fraud and Abuse

(Reprinted with permission of ACFE)
2 Deterring and Detecting Financial Reporting Fraud:

A Platform for Action
(Copyright 2010, by the Center for Audit Quality, All rights reserved. Reprinted
with permission.)
3 5 C’s of Fraud
4 Business Fraud Update 2010

(Reprinted with permission of K2 Enterprises)
5 Managing the Business Risk of Fraud: A Practical Guide

(Copyright 2009, by the Institute of Internal Auditors, the American Institute of
Certified Public Accountants, and the Association of Certified Fraud Examiners.
All rights reserved. Reprinted with permission.)
6 AS 99-1 Workpaper: Cumulative Assessment of Fraud Risk
7 Management of Complex Criminal and Civil Investigations
8 Limited Selection of Criminal Statutes Commonly Charged in

Federal Business Fraud Cases
9 Federal Sentencing Guidelines--Chapter 8: Sentencing of

Organizations
Section 1
ACFE 2010 Report to the Nations on

Occupational Fraud and Abuse
(Reprinted with permission of ACFE)
November 10, 2010

REPORT TO THE NATIONS
O N O C C U PAT I O N A L F R A U D A N D A B U S E
2010 Global Fraud Study

Letter from the President
When the ACFE published its first Report to the Nation on Occupational Fraud and Abuse in 1996,
it broke new ground in anti-fraud research by providing an analysis of the costs, the methodologies
and the perpetrators of fraud within U.S. organizations. The collective body of knowledge con-
tained in the first five editions of the Report to the Nation — published between 1996 and 2008
— has become the most authoritative and widely quoted research publication on occupational
fraud.
Now, for the first time, the data contained in the Report have been drawn from fraud cases
throughout the world. As readers will see, it reflects the truly universal nature of occupational fraud. This expansion of
our research is denoted in the modified title for this study, which has now become the Report to the Nations on Occu-
pational Fraud and Abuse.
The information contained in this report is based on 1,843 cases of occupational fraud that were reported by the Certified
Fraud Examiners (CFEs) who investigated them. These offenses occurred in more than 100 countries on six continents,
and more than 43% took place outside the United States. What is perhaps most striking about the data we gathered is
how consistent the patterns of fraud are around the globe. While some regional differences exist, for the most part oc-
cupational fraud seems to operate similarly whether it occurs in Europe, Asia, South America or the United States.
The Report to the Nations is the brainchild of the ACFE’s founder and Chairman, Dr. Joseph T. Wells, CFE, CPA who
throughout his career has contributed more to the study of fraud and the development of the anti-fraud profession than
any other person. On behalf of the ACFE, and in honor of its founder, Dr. Wells, I am pleased to present the 2010 Report to
the Nations on Occupational Fraud and Abuse to practitioners, business and government organizations, academics, the
media and the general public throughout the world. The information contained in this Report will be invaluable to those
who seek to deter, detect, prevent or simply understand the global economic impact of occupational fraud.
James D. Ratley, CFE

President,
Association of Certified Fraud Examiners
2 | 2010 REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE

Table of Contents
Executive Summary .............................................................................................................................................................4
Introduction ..........................................................................................................................................................................6
The Cost of Occupational Fraud ..........................................................................................................................................8
t Distribution of Losses
How Occupational Fraud Is Committed ............................................................................................................................10
t Asset Misappropriation Sub-Schemes
t Duration of Fraud Schemes
Detection of Fraud Schemes .............................................................................................................................................16
t Initial Detection of Occupational Fraud Schemes
t Source of Tips
t Impact of Hotlines
t Detection Methods Based on Organization Type
t Detecting Fraud in Small Businesses
t Detection of Occupational Fraud Based on Region
Victim Organizations ..........................................................................................................................................................24
t Geographical Location of Organizations
t Type of Organizations
t Size of Organizations
t Methods of Fraud in Small Businesses
t Industry of Organizations
t Anti-Fraud Controls at Victim Organizations
t Anti-Fraud Controls at Small Businesses
t Anti-Fraud Controls by Region
t Effectiveness of Controls
t Importance of Controls in Detecting or Limiting Fraud
t Control Weaknesses that Contributed to Fraud
t Modification of Controls
Perpetrators ........................................................................................................................................................................48
t Perpetrator’s Position
t Perpetrator’s Gender
t Perpetrator’s Age
t Perpetrator’s Tenure
t Perpetrator’s Education Level
t Perpetrator’s Department
t Background Criminal and Employment History
t Behavioral Red Flags Displayed by Perpetrators
Methodology ......................................................................................................................................................................75
Appendix — Breakdown of Geographic Regions by Country ..........................................................................................78
Fraud Prevention Checklist ................................................................................................................................................80
About the ACFE ..................................................................................................................................................................82
2010 REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE | 3

Executive Summary
Summary of Findings
t Survey participants estimated that the typical This Report is based on data
organization loses 5% of its annual revenue to compiled from a study of 1,843
fraud. Applied to the estimated 2009 Gross World
Product, this figure translates to a potential total cases of occupational fraud that
fraud loss of more than $2.9 trillion.
occurred worldwide between
t The median loss caused by the occupational
fraud cases in our study was $160,000. Nearly
January 2008 and December
one-quarter of the frauds involved losses of at 2009. All information was pro-
least $1 million.
vided by the Certified Fraud Ex-
t The frauds lasted a median of 18 months before
being detected. aminers (CFEs) who investigated
t Asset misappropriation schemes were the most
those cases. The fraud cases in
common form of fraud in our study by a wide our study came from 106 nations
margin, representing 90% of cases — though they
were also the least costly, causing a median loss — with more than 40% of cases
of $135,000. Financial statement fraud schemes
were on the opposite end of the spectrum in both
occurring in countries outside
regards: These cases made up less than 5% of the United States — providing a
the frauds in our study, but caused a median loss
of more than $4 million — by far the most costly truly global view into the plague
category. Corruption schemes fell in the middle,
comprising just under one-third of cases and
of occupational fraud.
causing a median loss of $250,000.
t Occupational frauds are much more likely to be

detected by tip than by any other means. This
finding has been consistent since 2002 when we
began tracking data on fraud detection methods.
t Small organizations are disproportionately

victimized by occupational fraud. These
organizations are typically lacking in anti-fraud
controls compared to their larger counterparts,
which makes them particularly vulnerable to fraud. One-fourth of the frauds in this Report
t The industries most commonly victimized in our caused at least $1 million in losses.
study were the banking/financial services,
manufacturing and government/public
administration sectors. t High-level perpetrators cause the greatest
damage to their organizations. Frauds commit-
t Anti-fraud controls appear to help reduce the cost ted by owners/executives were more than three
and duration of occupational fraud schemes. We times as costly as frauds committed by managers,
looked at the effect of 15 common controls on and more than nine times as costly as employee
the median loss and duration of the frauds. Victim frauds. Executive-level frauds also took much
organizations that had these controls in place had longer to detect.
significantly lower losses and time-to-detection than
organizations without the controls.

t More than 80% of the frauds in our study t Surprise audits are an effective, yet underutilized,
were committed by individuals in one of six tool in the fight against fraud. Less than 30% of
departments: accounting, operations, sales, victim organizations in our study conducted
executive/upper management, customer service surprise audits; however, those organizations
or purchasing. tended to have lower fraud losses and to detect
frauds more quickly. While surprise audits can be
t More than 85% of fraudsters in our study had useful in detecting fraud, their most important
never been previously charged or convicted for benefit is in preventing fraud by creating a percep-
a fraud-related offense. This finding is consistent tion of detection. Generally speaking, occupational
with our prior studies. fraud perpetrators only commit fraud if they
believe they will not be caught. The threat of
t Fraud perpetrators often display warning signs surprise audits increases employees’ perception
that they are engaging in illicit activity. The most that fraud will be detected and thus has a strong
common behavioral red flags displayed by the deterrent effect on potential fraudsters.
perpetrators in our study were living beyond their
means (43% of cases) and experiencing financial t Small businesses are particularly vulnerable to
difficulties (36% of cases). fraud. In general, these organizations have far fewer
controls in place to protect their resources from
fraud and abuse. Managers and owners of small
Conclusions and Recommendations businesses should focus their control investments
t Occupational fraud is a global problem. Though on the most cost-effective mechanisms, such
some of our findings differ slightly from region to as hotlines and setting an ethical tone for their
region, most of the trends in fraud schemes, per- employees, as well as those most likely to help
petrator characteristics and anti-fraud controls are prevent and detect the specific fraud schemes that
similar regardless of where the fraud occurred. pose the greatest risks to their businesses.
t Fraud reporting mechanisms are a critical t Internal controls alone are insufficient to fully
component of an effective fraud prevention and prevent occupational fraud. Though it is important
detection system. Organizations should implement for organizations to have strategic and effective
hotlines to receive tips from both internal and anti-fraud controls in place, internal controls will
external sources. Such reporting mechanisms not prevent all fraud from occurring, nor will they
should allow anonymity and confidentiality, and detect most fraud once it begins.
employees should be encouraged to report
t Fraudsters exhibit behavioral warning signs of their
suspicious activity without fear of reprisal.
misdeeds. These red flags — such as living beyond
t Organizations tend to over-rely on audits. External one’s means or exhibiting control issues — will not
audits were the control mechanism most widely be identified by traditional controls. Auditors and
used by the victims in our survey, but they ranked employees alike should be trained to recognize the
comparatively poorly in both detecting fraud and common behavioral signs that a fraud is occurring
limiting losses due to fraud. Audits are clearly and encouraged not to ignore such red flags, as
important and can have a strong preventative they might be the key to detecting or deterring a
effect on fraudulent behavior, but they should not fraud.
be relied upon exclusively for fraud detection.
t Given the high costs of occupational fraud,
t Employee education is the foundation of effective fraud prevention measures are critical.
preventing and detecting occupational fraud. Organizations should implement a fraud prevention
Staff members are an organization’s top fraud checklist similar to that on page 80 in order to help
detection method; employees must be trained in eliminate fraud before it occurs.
what constitutes fraud, how it hurts everyone in
the company and how to report any questionable
activity. Our data show not only that most frauds
are detected by tips, but also that organizations
that have anti-fraud training for employees and
managers experience lower fraud losses.
Introduction
A wide variety of crimes and swindles fall under the um- The stated goals of the first Report were to:
brella of fraud. From Ponzi schemes and identity theft to
t Summarize the opinions of experts on the percentage
data breaches and falsified expense reports, the ways and amount of organizational revenue lost to all
perpetrators attempt to part victims from their money are forms of occupational fraud and abuse.
extremely diverse and continually evolving. At their core, t Examine the characteristics of the employees who
however, all frauds involve a violation of trust. commit occupational fraud and abuse.
t Determine what kinds of organizations are victims

For businesses, no trust violations have the potential to be of occupational fraud and abuse.
as harmful as those committed by the very individuals who t Categorize the ways in which serious fraud and
are relied upon to make the organization successful: its abuse occur.
employees. This report focuses on the category of fraud
— occupational fraud — in which an employee abuses his Since the inception of the Report to the Nation more than
or her position within the organization for personal gain. a decade ago, we have released five updated editions — in
More formally, occupational fraud may be defined as: 2002, 2004, 2006, 2008 and the current version in 2010. Like
the first Report, each subsequent edition has been based
The use of one’s occupation for personal enrichment on detailed case information provided by Certified Fraud Ex-
through the deliberate misuse or misapplication of aminers (CFEs). With each new edition of the Report, we
the employing organization’s resources or assets. add to and modify the questions we ask of our survey par-
ticipants in order to enhance the quality of the data we col-
This definition is very broad, encompassing a wide range lect. This evolution of the Report to the Nation has enabled
of misconduct by employees at every organizational level. us to continue to draw more meaningful information from
Occupational fraud schemes can be as simple as pilferage the experiences of CFEs and the frauds they encounter.
of company supplies or manipulation of timesheets, or as
complex as sophisticated financial statement frauds. In our 2010 Report, we have, for the first time ever, wid-
ened our study to include cases from countries outside
One of the ACFE’s primary missions is to educate anti- the United States. This expansion allows us to more fully
fraud professionals and the general public about the seri- explore the truly global nature of occupational fraud and
ous threat occupational fraud poses. To that end, we have provides an enhanced view into the severity and impact
undertaken extensive research to provide an in-depth look of these crimes. Additionally, we are able to compare the
at the costs and trends in occupational fraud. In 1996, the anti-fraud measures taken by organizations worldwide in
ACFE released its Report to the Nation on Occupational order to give fraud fighters everywhere the most appli-
Fraud and Abuse, which was the largest known privately cable and useful information to help them in their fraud
funded study on the subject at the time. prevention and detection efforts.
A Note to Readers: Throughout this Report, we have included several comparisons of our current findings with those from our 2008 Report. However, it is important to note that
the 2010 data include reported frauds from CFEs in 106 countries, while the 2008 data pertain to frauds reported only by CFEs in the United States. Although the populations of
respondents for the two studies are not entirely analogous, we have nonetheless included these prior-study comparisons, as we believe interesting and useful trends can be seen
by comparing and contrasting the frauds reported in the two studies. To enhance data clarity, we have included comparisons of 2008 data with both all-case data and U.S.-only data
from our 2010 research when noteworthy discrepancies in our current findings are present.

Occupational Fraud and Abuse Classification System
Corruption Asset Fraudulent

Misappropriation Statements
Conflicts of Bribery Illegal Economic Financial Non-

Interest Gratuities Extortion Financial
Purchasing Invoice Asset/Revenue Asset/Revenue Employment

Schemes Kickbacks Overstatements Understatements Credentials
Timing Internal
Sales Bid Rigging Differences Documents
Schemes
Ficticious External
Revenues Documents
Other Other
Concealed
Liabilities and
Expenses
Improper
Disclosures
Improper
Asset
Valuations
Cash Non-Cash
Larceny Skimming Misuse Larceny
Refunds Asset
Cash on Sales Receivables Requisitions
Hand and Other
and Transfers
From the Unrecorded Write-off False Sales

Deposit Schemes and Shipping
Other Understated Lapping Purchasing

Schemes and Receiving
Unconcealed Unconcealed
Fraudulent Larceny
Disbursements
Expense Register
Billing Schemes Payroll Schemes Reimbursement Check Tampering Disbursements
Schemes
Ghost Mischaracterized
Shell Company Expenses Forged Maker False Voids
Employees
Non-Accomplice Commission Overstated Forged

Vendor Schemes Expenses Endorsement False Refunds
Personal Workers Fictitious

Purchases Compensation Altered Payee
Expenses
Falsified Wages Concealed

Multiple Checks
Reimbursements
Authorized
Maker

The Cost of Occupational Fraud
Measuring the cost of occupational fraud is an important,

yet incredibly challenging, endeavor. Arguably, the true
Fraud, by its very nature, does
cost is incalculable. The inherently clandestine nature
not lend itself to being scien-
of fraud means that many cases will never be revealed,
and, of those that are, the full amount of losses might not tifically observed or measured
be uncovered, quantified or reported. Consequently, any in an accurate manner. One of
measurement of occupational fraud costs will be, at best, the primary characteristics of
an estimate. Nonetheless, determining such an approxi-
fraud is that it is clandestine,
mation is critical to illustrate the pandemic and destruc-
or hidden; almost all fraud in-
tive nature of white-collar crime.
volves the attempted conceal-
We asked each CFE who participated in our survey to pro- ment of the crime.
vide his or her best estimate of the percentage of annual
revenues that the typical organization loses to fraud in a
given year. The median response was that the average
organization annually loses 5% of its revenues to fraud.
Applying this percentage to the 2009 estimated Gross
World Product of $58.07 trillion1 would result in a pro-
jected total global fraud loss of more than $2.9 trillion.
Readers should note that this estimate is based solely
on the opinions of 1,843 anti-fraud experts, rather than
any specific data or factual observations; accordingly, it
should not be interpreted as a literal representation of the
worldwide cost of occupational fraud. However, because
there is no way to precisely calculate the size of global The typical organization loses 5% of its
fraud losses, the best estimate of anti-fraud profession- annual revenues to occupational fraud.
als with a frontline view of the problem may be as reli-
able a measure as we are able to make. In any event, it 1
United States Central Intelligence Agency, The World Factbook (https://www.cia.gov/
library/publications/the-world-factbook/geos/xx.html)
is undeniable that the overall cost of occupational fraud
is immense, certainly costing organizations hundreds of
billions or trillions of dollars each year.

Distribution of Losses
We received information about the total dollar loss for 1,822 of the 1,843 frauds reported to us in our study.2 The median
loss for these cases was $160,000. Nearly one-third of the fraud schemes caused a loss to the victim organization of
more than $500,000, and almost one-quarter of all reported cases topped the $1 million threshold.
Distribution of Dollar Losses
30%
29.3%
25%
23.7%
20%
Percent of Cases
18.4%
15%
10%
10.6%
8.4%
7.2%
5%
2.4%
0%
Less than $1,000 – $10,000 – $50,000 – $100,000 – $500,000 – $1,000,000
$1,000 $9,999 $49,999 $99,999 $499,999 $999,999 and up
Dollar Loss
2
Although this Report includes fraud cases from more than 100 nations, all monetary amounts presented throughout this Report are in U.S. dollars.

How Occupational Fraud Is Committed
Previous ACFE research has identified three primary cat-

egories of occupational fraud used by individuals to de- Based on previous ACFE
fraud their employers. Asset misappropriations are those
research we have broken down
schemes in which the perpetrator steals or misuses an
organization’s resources. These frauds include schemes
the schemes reported to us
such as skimming cash receipts, falsifying expense re- into three primary categories:
ports and forging company checks. asset misappropriation,
corruption, and financial
Corruption schemes involve the employee’s use of his or statement fraud.
her influence in business transactions in a way that vio-
lates his or her duty to the employer for the purpose of
obtaining a benefit for him- or herself or someone else.
Examples of corruption schemes include bribery, extor-
tion and a conflict of interest.
Financial statement fraud schemes are those involving

the intentional misstatement or omission of material in-
formation in the organization’s financial reports. Common
methods of fraudulent financial statement manipulation
include recording fictitious revenues, concealing liabili-
ties or expenses and artificially inflating reported assets.
As indicated in the following charts, asset misappropriations Financial statement fraud is the most
are by far both the most frequent and the least costly form costly form of occupational fraud, causing
of occupational fraud. On the other end of the spectrum are a median loss of more than $4 million.
cases involving financial statement fraud. These schemes
were present in less than 5% of the cases reported to us,
but caused a median loss of more than $4 million. Corrup-
tion schemes fell in the middle category in both respects,
occurring in just under one-third of all cases involved in our
study and causing a median loss of $250,000.

Occupational Frauds by Category — Frequency3
2010
86.3%
Asset
Misappropriation 2008
88.7%
Type of Fraud
32.8%
Corruption
26.9%
4.8%
Financial
Statement Fraud
10.3%
0% 20% 40% 60% 80% 100%
Percent of Cases
Occupational Frauds by Category — Median Loss
2010
Financial $4,100,000
Statement Fraud 2008
$2,000,000
Type of Fraud
$250,000
Corruption
$375,000
$135,000
Asset
Misappropriation
$150,000
$0 $1,000,000 $2,000,000 $3,000,000 $4,000,000 $5,000,000
Median Loss
3
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.

As previously mentioned, our 2010 data include fraud cases from countries throughout the world, while our 2008 data
contain only U.S.-based cases. In the following charts, we isolated the U.S. cases from our current study to make a more
direct comparison to our 2008 data. Interestingly, while financial statement fraud remained the least common and most
costly form of fraud among U.S. cases, there was a much lower percentage of financial statement cases in this study
(four percent) as compared to 2008 (ten percent). Additionally, the median losses for all three categories of fraud were
notably smaller in 2010 than they were in 2008.
Occupational Frauds by Category (U.S. only) — Frequency4
2010
89.8%
Asset
Misappropriation 2008
88.7%
Type of Fraud
21.9%
Corruption
26.9%
4.3%
Financial
Statement Fraud
10.3%
0% 20% 40% 60% 80% 100%
Percent of Cases
4

Occupational Frauds by Category (U.S. only) — Median Loss
2010
Financial $1,730,000
Statement Fraud 2008
$2,000,000
Type of Fraud
$175,000
Corruption
$375,000
$100,000
Asset
Misappropriation
$150,000
$0 $500,000 $1,000,000 $1,500,000 $2,000,000
Median Loss
In addition to observing the frequency and median losses Percent of Total Reported Dollar Losses
caused by the three categories of fraud, we analyzed the
proportion of the total losses suffered based on scheme Asset Misappropriation
20.8%
category. The cases in our study represented a combined
Corruption
total loss of more than $18 billion. As indicated in the chart 11.3%
to the right, of the total reported losses that were attribut-
able to a specific scheme type, 21% were caused by asset
misappropriation schemes, 11% by corruption and 68%
Financial Statement Fraud
by fraudulent financial statements. 68.0%

Asset Misappropriation Sub-Schemes

With nearly 90% of occupational frauds involving some form of asset misappropriation, it is instructional to further de-
lineate the methods used by employees to embezzle organizational assets. We divided asset misappropriation schemes
into nine sub-categories, as illustrated in the table on page 15. The first eight sub-categories represent schemes target-
ing cash; these frauds account for approximately 85% of all asset misappropriations.
Two of the sub-schemes — skimming and cash larceny — involve pilfering incoming cash receipts, such as sales revenues
and accounts receivable collections. The next five sub-categories — billing, expense reimbursement, check tampering,
payroll and fraudulent register disbursement schemes — involve fraudulent disbursements of cash. The eighth form of
cash misappropriation targets cash the organization has on hand, such as petty cash funds or cash in a vault. The final
sub-category of asset misappropriations covers the theft or misuse of non-cash assets, including inventory, supplies, fixed
assets, investments, intellectual property and proprietary information. The table on page 15 provides the frequency and
median loss associated with each asset misappropriation sub-category.
Duration of Fraud Schemes

In addition to examining the monetary cost of the fraud cases reported to us, we analyzed the length of time these schemes
lasted before being detected. The median duration — the time period from when the fraud first occurred to when it was
discovered — for all cases in our study was 18 months. Not surprisingly, cases involving financial statement fraud — the
most costly form of fraud — lasted the longest, with a median duration of 27 months. Fraudulent register disbursements,
on the other hand, were not only the least costly form of fraud in our study, but also tended to be detected the soonest.
Median Duration of Fraud Based on Scheme Type
Financial Statement Fraud 27

Check Tampering 24
Expense Reimbursements 24
Scheme Type
Payroll 24
Billing 24
Corruption 18
Cash on Hand 18
Skimming 18
Larceny 18
Non-Cash 15
Register Disbursement 12
0 5 10 15 20 25 30
Median Months to Detection

Note: Because asset misappropriation schemes are both so common and so diverse in their methods, for the remainder
of the Report, we will break down our analysis of the fraud schemes into 11 categories — corruption, financial statement
fraud and the nine sub-categories of asset misappropriation — so as to provide a meaningful understanding of the full
spectrum of ways in which employees defraud their employing organizations.
Asset Misappropriation Sub-Categories
Cases Percent of Median

Category Description Examples
Reported all cases5 Loss
Schemes Involving Theft of Cash Receipts

Skimming Any scheme in which cash is stolen from t Employee accepts payment from a 267 14.5% $60,000
an organization before it is recorded on the customer, but does not record the sale,
organization’s books and records and instead pockets the money
Cash Larceny Any scheme in which cash is stolen from t Employee steals cash and checks from 181 9.8% $100,000
an organization after it has been recorded daily receipts before they can be
on the organization’s books and records deposited in the bank
Schemes Involving Fraudulent Disbursements of Cash

Billing Any scheme in which a person causes t Employee creates a shell company and 479 26.0% $128,000
his employer to issue a payment by bills employer for services not actually
submitting invoices for fictitious goods or rendered
services, inflated invoices or invoices for
t Employee purchases personal items
personal purchases
and submits invoice to employer for
payment
Expense Any scheme in which an employee makes t Employee files fraudulent expense 278 15.1% $33,000
Reimbursements a claim for reimbursement of fictitious or report, claiming personal travel,
inflated business expenses nonexistent meals, etc.
Check Tampering Any scheme in which a person steals his t Employee steals blank company 274 13.4% $131,000
employer’s funds by intercepting, forging checks, makes them out to himself or
or altering a check drawn on one of the an accomplice
organization’s bank accounts
t Employee steals outgoing check to a
vendor, deposits it into his own bank
account
Payroll Any scheme in which an employee causes t Employee claims overtime for hours not 157 8.5% $72,000
his employer to issue a payment by worked
making false claims for compensation
t Employee adds ghost employees to the
payroll
Cash Register Any scheme in which an employee makes t Employee fraudulently voids a sale on 55 3.0% $23,000
Disbursements false entries on a cash register to conceal his cash register and steals the cash
the fraudulent removal of cash
Other Asset Misappropriation Schemes

Cash on Hand Any scheme in which the perpetrator t Employee steals cash from a company 121 12.6% $23,000
Misappropriations misappropriates cash kept on hand at the vault
victim organization’s premises
Non-Cash Any scheme in which an employee steals t Employee steals inventory from a 156 16.3% $90,000
Misappropriations or misuses non-cash assets of the victim warehouse or storeroom
organization
t Employee steals or misuses confidential
customer financial information
5
The sum of percentages in this table exceeds 100% because several cases involved asset misappropriation schemes from more than one category.

Detection of Fraud Schemes
One of the principal goals of our research is to identify

how past frauds were detected so that organizations can
Respondents to our survey
apply that knowledge to their future anti-fraud efforts.
were asked to identify how the
Tips were by far the most common detection method in
our study, catching nearly three times as many frauds as frauds were first discovered.
any other form of detection. This is consistent with the Three times as many frauds in
findings in our prior reports. Tips have been far and away our study were uncovered by a
the most common means of detection in every study
tip as by any other method.
since 2002, when we began tracking the data.
Management review and internal audit were the second

and third most common forms of detection, uncovering
15% and 14% of frauds, respectively. It is also noteworthy
that 11% of frauds were detected through channels that
lie completely outside of the traditional anti-fraud control
structure: accident, police notification and confession. In
other words, 11% of the time, the victim organization ei-
ther had to stumble onto the fraud or be notified of it by a Frauds are much more likely to be
third party in order to detect it.
detected by tips than by any other method.
Initial Detection of Occupational Frauds
Tip 40.2%
Management Review 15.4%
Detection Method
Internal Audit 13.9%

By Accident 8.3%
Account Reconciliation 6.1%
Document Examination 5.2%
External Audit 4.6%
Surveillance/Monitoring 2.6%
Notified by Police 1.8%
Confession 1.0%
IT Controls 0.8%
0% 10% 20% 30% 40% 50%
Percent of Cases

Source of Tips Source of Tips
Not surprisingly, employees were the most common 49.2%
50%
source of fraud tips. However, customers, vendors, com-
petitors and acquaintances (i.e., non-company sources)
40%
provided at least 34% of fraud tips, which suggests that
Percent of Tips
fraud reporting policies and programs should be publi-
30%
cized not only to employees, but also to customers, ven-
dors and other external stakeholders. 17.8%
20%
13.4%
12.1%
Impact of Anonymous Reporting 10%
Mechanisms (Hotlines) 3.7%
2.5% 1.8%
While tips have consistently been the most common way 0%
ee
nc s
s
or
r
er
n /
to detect fraud, the impact of tips is, if anything, understat-
do
ta r'
ou
w er
e
om
tit
in ato
oy
Co er
O old
n
m
pe
pl
Ve
ua tr
st
ny
eh
m
Em
cq pe
ed by the fact that so many organizations fail to implement
Cu
no
ar
A r
Pe
A
Sh
fraud reporting systems. Such systems enable employees
to anonymously report fraud or misconduct by phone or Source of Tips
6
through a web-based portal. The ability to report fraud
anonymously is key because employees often fear making repeatedly been shown to be the most effective way to
reports due to the threat of retaliation from superiors or catch fraud. The better an organization is at collecting and
negative reactions from their peers. Also, most third-party responding to fraud tips, the better it should be at detect-
hotline systems offer programs to raise awareness about ing fraud and limiting losses.
how to report misconduct. Consequently, one would ex-
pect that the presence of a fraud hotline would enhance In 67% of the cases where there was an anonymous
fraud detection efforts and foster more tips. tip, that tip was reported through an organization’s fraud
hotline. This strongly suggests that hotlines are an effec-
This turns out to be true. As seen on page 18, the pres- tive way to encourage tips from employees who might oth-
ence of fraud hotlines correlated with an increase in the erwise not report misconduct. Perhaps most important, as
number of cases detected by a tip. In organizations that noted on page 43, organizations that had fraud hotlines suf-
had hotlines, 47% of frauds were detected by tips, while fered much smaller fraud losses than organizations without
in organizations without hotlines, only 34% of cases were hotlines. Those organizations also tended to detect frauds
detected by tips. This is important because tips have seven months earlier than their counterparts.
6
For simplicity’s sake, we will refer to all reporting mechanisms as hotlines in this study.

Impact of Hotlines
47.1%
Tip 33.8%
Organizations With Hotlines

11.2%
Organizations Without Hotlines
15.7%
Account Reconcilliation 4.7%

7.8%
Detection Method
4.6%
By Accident 11.9%
3.7%
3.0%
Surveillance/Monitoring
2.2%
1.4%
External Audit
7.3%
1.4%
IT Controls
0.4%
1.0%
Notified by Police
2.3%
Confession 0.9%
1.1%
0% 10% 20% 30% 40% 50%
Percent of Cases
Detection Methods Based on Organization Type

The chart on page 19 shows how frauds were detected based on the victim’s organization type. We see that privately
owned companies tended to have the fewest frauds detected by tip and the most frauds caught by accident, both of
which were also true in our 2008 study. Publicly held companies tended to detect more frauds by management review
and internal audit than their counterparts. Government agencies had the highest rate of detection by tips and had a pro-
portionately high rate of frauds caught through external audit.
Detecting Fraud in Small Businesses

Small businesses historically tend to suffer disproportionately high occupational fraud losses, according to our previ-
ous reports. The trend was not as pronounced in this study as in past years, but we still saw that 31% of all occupa-
tional frauds were committed against small businesses (the highest rate of any category) and the median loss in those
schemes was $155,000 (see page 29). One reason that small businesses are particularly good targets for occupational
fraud is that they tend to have far fewer anti-fraud controls than larger organizations (see page 39).

Initial Detection Method by Organization Type
43.2%
Tip 35.8% Not-for-Profit
41.1%
46.3%
13.0%
Management Review 15.4% Private Company
17.6%
11.6%
10.7%
Internal Audit 11.6% Public Company
16.7%
15.1%
6.5%
By Accident 11.2% Government
6.8%
5.3%
8.9%
Detection Method

3.9%
4.6%
6.5%
5.0%
3.9%
6.5%
External Audit 5.2%
2.3%
7.4%
1.2%
3.0%
2.8%
1.8%
1.2%
1.4%
1.2%
Confession 1.0%
1.1%
1.4%
0.6%
IT Controls 0.5%
1.2%
0.4%
0% 10% 20% 30% 40% 50%
Percent of Cases
When we look at how small businesses detect frauds, it is apparent that they catch a much lower proportion of schemes
through tips or internal audits than larger organizations. According to the chart on page 20, only 33% of small business
frauds are detected by a tip, and only 8% are detected by an internal audit. Additionally, a relatively large percentage
of frauds are caught by accident at small companies — nearly twice as many as at larger organizations. Many of these
discrepancies are likely due to the low rates of control implementation at small businesses.

Initial Detection of Frauds in Small Businesses
Tip 33.3% <100 Employees

43.4%
15.8% 100+ Employees
By Accident 12.1%
6.4%
9.2%
Detection Method

Internal Audit 8.2%
16.0%
4.1%
External Audit 7.1%
3.3%
1.5%
2.7%
Confession 1.7%
0.7%
IT Controls 0.2%
1.0%
0% 10% 20% 30% 40% 50%
Percent of Cases
Detection of Occupational Fraud Based on Region

The following charts show how frauds were detected based on the region in which they occurred.7 In every region, tips
were responsible for detecting the most occupational frauds by a wide margin. The percentage of cases detected by tips
ranged from a high of 50% (in Africa) to a low of 38% (in the United States). In all but two regions, management review
and internal audit were the second and third most common means of detection, following tips.
Detection in the United States — 1,001 Cases

Tip 37.8%
Detection Method

By Accident 9.3%
External Audit 4.2%
IT Controls 1.2%
Confession 0.8%
0% 10% 20% 30% 40% 50%
Percent of Cases
7
See Appendix for a listing of countries included in each region.

Detection in Asia — 293 Cases
Tip 42.3%
Detection Method

By Accident 8.9%
External Audit 5.8%
Confession 2.4%
IT Controls 0.7%
0% 10% 20% 30% 40% 50%
Percent of Cases
Detection in Europe — 155 Cases

Tip 40.0%
Detection Method

By Accident 6.5%
External Audit 3.9%
IT Controls 0.6%
Confession 0.0%
0% 10% 20% 30% 40% 50%
Percent of Cases

Detection in Africa — 111 Cases

Tip 49.5%
Detection Method
Internal Audit 9.9%

By Accident 9.0%
External Audit 1.8%
Confession 0.9%
IT Controls 0.0%
0% 10% 20% 30% 40% 50%
Percent of Cases
Detection in Canada — 97 Cases

Tip 46.4%
Detection Method

By Accident 5.2%
External Audit 4.1%
Confession 1.0%
IT Controls 0.0%
0% 10% 20% 30% 40% 50%
Percent of Cases

Detection in Central/South America and the Caribbean — 70 Cases
Tip 44.3%
Detection Method
External Audit 12.9%

Confession 1.4%
By Accident 0.0%
IT Controls 0.0%
0% 10% 20% 30% 40% 50%
Percent of Cases
Detection in Oceania — 40 Cases

Tip 45.0%
Detection Method
By Accident 12.5%
External Audit 2.5%
Confession 0.0%
IT Controls 0.0%
0% 10% 20% 30% 40% 50%
Percent of Cases

Victim Organizations
Geographical Location of Organizations

As mentioned previously, for the first time in the history As part of our survey, we asked
of our research on occupational fraud, we opened up our
each respondent to provide
study to include fraud cases investigated by CFEs out-
demographic information
side the United States. As a result, the cases discussed in
this Report represent frauds perpetrated in 106 countries about the organization that
around the world. We received information on the location was defrauded.
of 1,797 of the cases that were reported to us. Of these,
43% occurred outside the United States, providing us with
a true insight into the global plague of occupational fraud.
The chart below shows the number and median loss of

the cases reported to us, broken down by region. For vic-
tim organizations with locations in more than one coun-
try, we asked survey participants to choose the location
where the primary perpetrator was located. For example,
a fraud perpetrated at a European arm of a Japanese com-
pany would be classified as occurring in Europe. Similarly, Small organizations are particularly
a case involving fraud perpetrated at the Canadian office vulnerable to fraud.
of a South American company would be considered a
fraud that occurred in Canada. The regional breakdowns large number of U.S. cases reported, we separated North
on case data throughout this Report should consequently America into the United States and Canada, and grouped
be read within this framework. Additionally, due to the the remaining countries by continent.
Geographical Location of Victim Organizations8

Region Number of Cases Percent of Cases Median Loss (in U.S. dollars)
United States 1,021 56.8% $105,000
Asia 298 16.6% $274,000
Europe 157 8.7% $600,000
Africa 112 6.2% $205,000
Canada 99 5.5% $125,000
Central/South America and the Caribbean 70 3.9% $186,000
Oceania 40 2.2% $338,000
8
See Appendix for a listing of countries included in each region.

The following tables illustrate the frequency of the 11 occupational fraud schemes — financial statement fraud, corrup-
tion and the nine asset misappropriation sub-schemes — for each region.9
United States — 1,021 Cases Asia — 298 Cases

Number of Percent of Number of Percent of
Scheme Scheme
Cases Cases Cases Cases
Billing 282 27.6% Corruption 152 51.0%
Corruption 224 21.9% Billing 56 18.8%
Check Tampering 173 16.9% Non-Cash 55 18.5%
Skimming 165 16.2% Expense Reimbursements 43 14.4%
Non-Cash 160 15.7% Skimming 38 12.8%
Expense Reimbursements 154 15.1% Cash on Hand 34 11.4%
Cash on Hand 117 11.5% Cash Larceny 26 8.7%
Payroll 108 10.6% Financial Statement Fraud 21 7.0%
Cash Larceny 98 9.6% Check Tampering 21 7.0%
Financial Statement Fraud 44 4.3% Payroll 12 4.0%
Register Disbursements 25 2.4% Register Disbursements 6 2.0%
Europe — 157 Cases Africa — 112 Cases

Number of Percent of Number of Percent of
Scheme Scheme
Cases Cases Cases Cases
Corruption 79 50.3% Corruption 55 49.1%
Billing 41 26.1% Billing 38 33.9%
Non-Cash 31 19.7% Non-Cash 24 21.4%
Expense Reimbursements 24 15.3% Expense Reimbursements 19 17.0%
Cash on Hand 23 14.6% Cash on Hand 16 14.3%
Skimming 17 10.8% Cash Larceny 15 13.4%
Cash Larceny 12 7.6% Skimming 13 11.6%
Financial Statement Fraud 10 6.4% Check Tampering 11 9.8%
Payroll 10 6.4% Payroll 6 5.4%
Check Tampering 5 3.2% Financial Statement Fraud 2 1.8%
9
The sum of percentages in these tables exceeds 100% because several cases
involved schemes from more than one category.

Canada — 99 Cases Central/South America and the Caribbean

Number of Percent of — 70 Cases
Scheme
Cases Cases Number of Percent of
Scheme
Billing 21 21.2% Cases Cases
Expense Reimbursements 20 20.2% Billing 20 28.6%
Non-Cash 15 15.2% Cash Larceny 10 14.3%
Payroll 12 12.1% Skimming 9 12.9%
Skimming 12 12.1% Cash on Hand 8 11.4%
Cash Larceny 10 10.1% Expense Reimbursements 8 11.4%
Cash on Hand 9 9.1% Financial Statement Fraud 7 10.0%
Register Disbursements 8 8.1% Check Tampering 6 8.6%
Register Disbursements 1 1.4%
Oceania — 40 Cases
Number of Percent of Corruption Cases by Region
Scheme
Cases Cases We compared the proportion and cost of cases involving
Corruption 16 40.0% corruption among the regional categories in our study. The
Non-Cash 12 30.0%
results are presented in the following table.
Billing 11 27.5%
Check Tampering 7 17.5%
Readers should keep in mind that this data does not neces-
Skimming 5 12.5%
sarily reflect overall corruption levels within each region; it
Cash on Hand 4 10.0%
only reflects the specific fraud cases that were investigated
Expense Reimbursements 4 10.0%
Cash Larceny 3 7.5% and reported to us by the CFEs who took part in our study.
Payroll 2 5.0%
Financial Statement Fraud 1 2.5%
Corruption Cases by Region

Region Number of Corruption Cases Percent of all Cases in Region Median Loss
Asia 152 51.0% $330,000
Europe 79 50.3% $1,000,000
Africa 55 49.1% $208,000
Central/South America and the Caribbean 33 47.1% $250,000
Oceania 16 40.0% $800,000
United States 224 21.9% $175,000
Canada 21 21.2% $163,000

Type of Organizations
More than 40% of victim organizations in our study were privately owned businesses, and nearly one-third were publicly
traded companies, meaning that almost three-quarters of the victims represented in our study came from for-profit enter-
prises. Sixteen percent of the frauds reported to us occurred at government agencies. Not-for-profit organizations were the
least represented category, with less than 10% of frauds taking place at these entities.
In addition to experiencing the most frauds, private and public companies were also victim to the costliest schemes in
our study; the median loss for the cases at these businesses was $231,000 and $200,000, respectively (see page 28).
In contrast, the losses experienced by government agencies and not-for-profit organizations were about half as much.
Government agencies had a median loss of $100,000, while not-for-profits lost a median of $90,000.
Organization Type of Victim — Frequency
2010
42.1%
Private Company
39.1%
Type of Victim Organization
2008
32.1%
Public Company
28.4%
16.3%
Government
18.1%
9.6%
Not-for-Profit
14.3%
0% 10% 20% 30% 40% 50%
Percent of Cases

Organization Type of Victim — Median Loss
2010
$231,000
Private Company
$278,000
Type of Victim Organization
2008
$200,000
Public Company
$142,000
$100,000
Government
$100,000
$90,000
Not-for-Profit
$109,000
$0 $50,000 $100,000 $150,000 $200,000 $250,000 $300,000
Median Loss
Size of Organizations
Continuing the trend observed in our prior studies, small Additionally, our research has historically shown that
organizations — those with fewer than 100 employees — smaller organizations suffer disproportionately large loss-
suffered the greatest percentage of the frauds in our 2010 es due to occupational fraud. Organizations with fewer
study, accounting for more than 30% of the victim orga- than 100 employees experienced the greatest median
nizations. However, the variation between size categories loss of all categories of victim organizations in our 2008
is relatively small, with 23% of victims having between study. The same was true in our 2006 study. However,
100 and 999 employees, 26% having 1,000 to 9,999 em- that was not the case when we looked at the full body
ployees and 21% having more than 10,000 employees. of data from our current survey. Consequently, we under-
This relatively small disparity contrasts with our previous took additional analyses to see what effect, if any, the in-
studies, in which small organizations were involved in a clusion of cases from countries outside the United States
much higher percent of frauds than any other category. had on these findings.

Size of Victim Organization — Frequency
2010
30.8%
<100
38.2%
2008
Number of Employees
22.8%
100 — 999
20.0%
25.9%
1,000 — 9,999
23.0%
20.6%
10,000+
18.9%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Percent of Cases
Size of Victim Organization — Median Loss
2010
$155,000
<100
$200,000
2008
Number of Employees
$200,000
100 — 999
$176,000
$139,000
1,000 — 9,999
$116,000
$164,000
10,000+
$147,000
$0 $50,000 $100,000 $150,000 $200,000
Median Loss

If we make a direct comparison of the U.S. cases from our current study to the data from 2008, we can see that, though
the median loss in each category is smaller absolutely, the median losses suffered by the smallest organizations are
greater than those suffered by larger organizations. This finding is similar to our observations in previous studies and
suggests that small companies in the United States are indeed disproportionately harmed by occupational fraud.
Size of Victim Organization (U.S. cases only) — Median Loss
2010 (U.S. only)

$150,000
<100
$200,000
2008
Number of Employees
$150,000
100 — 999
$176,000
$60,000
1,000 — 9,999
$116,000
$84,000
10,000+
$147,000
$0 $50,000 $100,000 $150,000 $200,000
Median Loss
An analysis of the nature of losses at small businesses becomes more interesting when we expand our examination to each
region represented. For the frauds perpetrated in Europe, Asia, Canada and the United States, the median losses were signifi-
cantly greater at small organizations than at those with more than 100 employees. Conversely, the median losses experienced by
small organizations in Central/South America and the Caribbean, Africa and Oceania were notably less than those experienced
by their larger counterparts.

Size of Victim Organizations — Median Loss by Region
$875,000 <100 Employees

Europe
$513,000
100+ Employees
$387,000
Asia
$250,000
$200,000
Canada
$110,000
Region
$150,000
United States
$80,000
Central/South America $135,000

and the Caribbean $200,000
$65,000
Africa
$258,000
$195,000
Oceania
$574,000
$0 $200,000 $400,000 $600,000 $800,000 $1,000,000
Median Loss
Methods of Fraud in Small Businesses Small Businesses

Because the challenges faced by small businesses in (<100 Employees) — 537 Cases
combating occupational fraud are numerous and unique, Scheme
Number of Percent of
Cases Cases10
it is helpful to know the types of frauds that are most
Billing 154 28.7%
prevalent within these organizations. Such observations Check Tampering 140 26.1%
may help small businesses target their limited resources Corruption 137 25.5%
to those areas that pose the greatest risk. Skimming 116 21.6%
Expense Reimbursements 90 16.8%
Non-Cash 80 14.9%
Of course, the specific risks faced by any organization are
largely dependent on its particular industry, operating envi-
Payroll 72 13.4%
ronment, processes, culture and many other factors. None- Larceny 66 12.3%
theless, examining which fraud schemes are most com- Financial Statement Fraud 30 5.6%
monly perpetrated at small companies can aid us in better
10
The sum of percentages in this table exceeds 100% because several cases involved
understanding the fraud issues faced by these businesses. schemes from more than one category.

As the chart below illustrates, check tampering schemes were much more common at small organizations than at all
other entities. Skimming and payroll frauds were also more common in small organizations. These trends stand to rea-
son, as the functions affected by such schemes — the check writing, cash collection and payroll functions, respectively
— are more likely to be performed by a single individual, such as a bookkeeper, and are often subject to less oversight
within a small organization than in a large company where duties are more segregated and authorization of transactions
is more formalized. In contrast, although corruption schemes were the third most common fraud scheme faced by small
businesses, they were less frequent within small companies than in bigger organizations.
Methods of Fraud by Size of Victim Organization
28.7%
Billing 24.9%
<100 Employees
26.1%
Check Tampering
8.0%
100+ Employees
Corruption 25.5%
35.2%
21.6%
Skimming 11.0%
Type of Scheme
16.8%
Expense Reimbursement 14.2%
14.9%
Non-Cash 18.1%
14.7%
Cash on Hand 10.7%
13.4%
Payroll 6.5%
Larceny 12.3%
8.4%
5.6%
Financial Statement Fraud 4.5%
3.0%
Register Disbursements
2.9%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Percent of Cases

Industry of Organizations
We looked at the industry classification of the organizations victimized by the fraud cases in our study. It is important to view
this data as a representation of the companies that had CFEs investigate internal fraud cases within the last two years, rather
than as an indication of which industries are more or less likely to be victimized by fraud. However, the following tables do
draw attention to some differences in the frequency and cost associated with occupational frauds among different sectors.
For example, the banking and financial services industry had the most cases, accounting for more than 16% of the frauds
reported to us. The period of time covered by our survey — calendar years 2008 and 2009 — was filled with news stories of
fraud in the banking sector, so this finding is not unexpected. In contrast, the mining industry experienced the fewest frauds
in our study, but those cases caused a median loss of $1 million — by far the largest of any of the industries we examined.11
Industry of Victim Organizations Industry of Victim Organizations

(sorted by Frequency) (sorted by Median Loss)
Number Percent Median Number Percent Median
Industry Industry
of Cases of Cases Loss of Cases of Cases Loss
Banking/Financial Services 298 16.6% $175,000 Mining 12 0.7% $1,000,000
Manufacturing 193 10.7% $300,000 Wholesale Trade 42 2.3% $513,000
Government and Public 176 9.8% $81,000 Oil and Gas 57 3.2% $478,000
Administration
Real Estate 57 3.2% $475,000
Retail 119 6.6% $85,000
Agriculture, Forestry, Fishing 27 1.5% $320,000
Healthcare 107 5.9% $150,000 and Hunting
Insurance 91 5.1% $197,000 Manufacturing 193 10.7% $300,000
Education 90 5.0% $71,000 Transportation and 62 3.4% $300,000
Warehousing
Services (other) 88 4.9% $109,000
Technology 65 3.6% $250,000
Construction 77 4.3% $200,000
Construction 77 4.3% $200,000
Technology 65 3.6% $250,000
Insurance 91 5.1% $197,000
Transportation and 62 3.4% $300,000
Warehousing Arts, Entertainment and 49 2.7% $180,000
Recreation
Oil and Gas 57 3.2% $478,000
Banking/Financial Services 298 16.6% $175,000
Real Estate 57 3.2% $475,000
Healthcare 107 5.9% $150,000
Services (professional) 51 2.8% $110,000
Telecommunications 37 2.1% $131,000
Arts, Entertainment and 49 2.7% $180,000
Recreation Utilities 45 2.5% $120,000
Utilities 45 2.5% $120,000 Services (professional) 51 2.8% $110,000
Wholesale Trade 42 2.3% $513,000 Communications/Publishing 16 0.9% $110,000
Religious, Charitable or 41 2.3% $75,000 Services (other) 88 4.9% $109,000
Social Services
Retail 119 6.6% $85,000
Telecommunications 37 2.1% $131,000
Government and Public 176 9.8% $81,000
Agriculture, Forestry, Fishing 27 1.5% $320,000 Administration
and Hunting
Religious, Charitable or Social 41 2.3% $75,000
Communications/Publishing 16 0.9% $110,000 Services
Mining 12 0.7% $1,000,000 Education 90 5.0% $71,000
11
There was a small sample of only 12 cases in this industry, which may impact the reliability of the median loss data.

In the following tables, we have presented the distribution of fraud schemes for all industries in which there were more
than 50 reported cases.12 Many of the findings are not surprising. For example, theft of cash on hand — which includes the
theft of cash from a bank vault — accounted for just 12% of all cases combined, but occurred in 22% of the cases involv-
ing the banking and financial services industry. Similarly, both theft of non-cash assets and fraudulent register disburse-
ments were much more common in the retail industry than in other sectors. This makes sense, as retail establishments
tend to have more inventory- and cash-register-based transactions than entities in other industries. Examining the variation
in schemes among industries underscores the need for organizations to consider the specific fraud risks they face when
determining which processes and functions merit additional resources devoted to fraud prevention and detection.
Banking/Financial Services — 298 Cases Manufacturing — 193 Cases

Scheme Number of Cases Percent of Cases Scheme Number of Cases Percent of Cases
Cash on Hand 64 21.5% Billing 73 37.8%
Billing 37 12.4% Non-Cash 45 23.3%
Check Tampering 35 11.7% Expense 43 22.3%
Reimbursements
Non-Cash 33 11.1%
Skimming 32 10.7%
Skimming 20 10.4%
Larceny 29 9.7%
Payroll 20 10.4%
Expense 20 6.7%
Reimbursements Cash on Hand 15 7.8%
Financial Statement Fraud 16 5.4% Larceny 14 7.3%
Government and Public Retail — 119 Cases

Administration — 176 Cases Scheme Number of Cases Percent of Cases
Scheme Number of Cases Percent of Cases Non-Cash 39 32.8%
Billing 43 24.4% Skimming 19 16.0%
Expense 32 18.2% Larceny 17 14.3%
Reimbursements
Billing 16 13.4%
Non-Cash 30 17.0%
Larceny 25 14.2%
Skimming 23 13.1%
Expense 8 6.7%
Cash on Hand 21 11.9% Reimbursements
12
The sum of percentages in these tables exceeds 100% because several cases
involved schemes from more than one category.

Healthcare — 107 Cases Insurance — 91 Cases
Skimming 24 22.4% Billing 19 20.9%
Billing 23 21.5% Check Tampering 15 16.5%
Non-Cash 21 19.6% Skimming 13 14.3%
Expense 12 11.2% Cash on Hand 9 9.9%
Reimbursements
Larceny 8 8.8%
Payroll 10 9.3%
Expense 7 7.7%
Cash on Hand 9 8.4% Reimbursements
Larceny 8 7.5% Payroll 6 6.6%
Financial Statement Fraud 4 3.7% Financial Statement Fraud 3 3.3%
Education — 90 Cases Services (other) — 88 Cases

Billing 38 42.2% Corruption 25 28.4%
Corruption 22 24.4% Skimming 22 25.0%
Skimming 19 21.1% Billing 22 25.0%
Expense 15 16.7% Check Tampering 14 15.9%
Reimbursements
Payroll 13 14.8%
Non-Cash 11 12.2%
Expense 12 13.6%
Larceny 11 12.2% Reimbursements
Payroll 9 10.0% Non-Cash 11 12.5%
Check Tampering 7 7.8% Larceny 9 10.2%
Cash on Hand 7 7.8% Cash on Hand 8 9.1%
Financial Statement Fraud 1 1.1% Financial Statement Fraud 7 8.0%
Construction — 77 Cases Technology — 65 Cases

Skimming 12 15.6% Reimbursements
Non-Cash 12 15.6% Non-Cash 16 24.6%

Expense 10 13.0% Check Tampering 10 15.4%
Reimbursements
Payroll 7 9.1%
Skimming 6 9.2%
Larceny 7 9.1%
Cash on Hand 5 7.7%
Payroll 4 6.2%
Cash on Hand 3 3.9%
Larceny 4 6.2%

Transportation and Warehousing — 62 Cases Oil and Gas — 57 Cases

Non-Cash 16 25.8% Expense 9 15.8%
Reimbursements
Payroll 9 14.5%
Non-Cash 8 14.0%
Skimming 8 12.9%
Larceny 7 11.3%
Skimming 4 7.0%
Financial Statement 5 8.1%
Fraud Cash on Hand 4 7.0%
Check Tampering 5 8.1% Larceny 3 5.3%
Expense 5 8.1% Financial Statement 2 3.5%
Reimbursements Fraud
Cash on Hand 4 6.5% Payroll 2 3.5%
Real Estate — 57 Cases Services (professional) — 51 Cases

Reiumbursements
Corruption 12 21.1%
Expense 12 21.1%
Reiumbursements Skimming 9 17.6%
Skimming 11 19.3% Corruption 6 11.8%
Larceny 9 15.8% Payroll 5 9.8%
Payroll 8 14.0% Cash on Hand 5 9.8%
Cash on Hand 8 14.0% Larceny 5 9.8%
Non-Cash 7 12.3% Financial Statement 4 7.8%
Fraud
Financial Statement 2 3.5%
Fraud Non-Cash 2 3.9%

Corruption Cases by Industry
Just as corruption is often observed to be particularly prominent in specific regions, certain industries are frequently
thought to be more susceptible to corrupt business practices than others. For example, the mining, oil and gas, and con-
struction industries all appear in the top five sectors for both bribery and state capture (two types of corrupt practices)
in Transparency International’s 2008 Bribe Payers Index.13 These three industries had three of the four highest rates of
corruption cases in our study. More than 45% of the frauds that occurred in these industries, along with those in the
wholesale trade sector, involved some form of corruption.
Corruption Cases by Industry

Industry Number of Cases Number of Corruption Cases Percent of Corruption Cases
Mining 12 7 58.3%
Oil and Gas 57 31 54.4%
Wholesale Trade 42 20 47.6%
Construction 77 35 45.5%
Technology 65 28 43.1%
Manufacturing 193 75 38.9%
Agriculture, Forestry, Fishing and Hunting 27 10 37.0%
Utilities 45 16 35.6%
Transportation and Warehousing 62 22 35.5%
Banking/Financial Services 298 101 33.9%
Insurance 91 30 33.0%
Government and Public Administration 176 57 32.4%
Communications/Publishing 16 5 31.3%
Healthcare 107 31 29.0%
Services (other) 88 25 28.4%
Arts, Entertainment and Recreation 49 13 26.5%
Education 90 22 24.4%
Retail 119 26 21.8%
Telecommunications 37 8 21.6%
Real Estate 27 12 21.1%
Religious, Charitable or Social Services 41 6 14.6%
Services (professional) 51 6 11.8%
13
Transparency International, 2008 Bribe Payers Index (Berlin: Transparency International, 2008). http://www.transparency.org/content/download/39275/622457

Anti-Fraud Controls at Victim Organizations

We asked survey participants which of several common anti-fraud controls were in place at the victim organization during
the perpetration of the fraud. A distinction should be made between the following data and the prior discussion on fraud
detection methods. The following analysis covers the mere presence of each control — not necessarily its role in detect-
ing the fraud once it started. More than three-quarters of the victim organizations in our study had their financial statements
audited by external auditors, while two-thirds had dedicated internal audit or fraud examination departments, and almost 60%
had independent audits of their internal controls over financial reporting. Additionally, nearly 70% of the organizations had a
formal code of conduct in place at the time of the fraud, though only 39% extended that to include a formal anti-fraud policy.
As mentioned in our discussion on fraud detection methods (see page 16), tips are the number one means by which fraud
is detected. However, less than half of the victim organizations in our study had a hotline in place at the time the fraud oc-
curred. There is evidence that the presence of a hotline improves organizations’ ability to detect fraud and limit fraud losses
(see page 43), which should cause more organizations to implement fraud hotlines.
Frequency of Anti-Fraud Controls14
External Audit of F/S 76.1%

Code of Conduct 69.9%
Internal Audit/FE Department 66.4%
External Audit of ICOFR 59.3%

Anti-Fraud Control15
Management Certification of F/S 58.9%

Independent Audit Committee 53.2%
Hotline 48.6%
Employee Support Programs 44.8%
Fraud Training for Managers/Executives 41.5%
Fraud Training for Employees 39.6%
Anti-Fraud Policy 39.0%
Surprise Audits 28.9%

Job Rotation/Mandatory Vacation 14.6%
Rewards for Whistleblowers 7.4%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Percent of Cases
14
The sum of percentages in this chart exceeds 100% because many victim organizations had more than one anti-fraud control in place at the time of the fraud.
15
KEY:
t External Audit of F/S = Independent external audits of the organization’s financial statements
t Internal Audit / FE Department = Internal audit department or fraud examination department
t External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
t Management Certification of F/S = Management certification of the organization’s financial statements

Anti-Fraud Controls at Small Businesses
We have long hypothesized that many small companies are particularly susceptible to fraud at least partially due to the
limited resources they devote to anti-fraud controls. To test this theory, we compared the presence of anti-fraud controls at
those companies with fewer than 100 employees to the controls at companies with more than 100 employees. Our findings
confirm what we suspected: The small companies in our study did indeed have fewer controls in place than the larger orga-
nizations, a factor that may contribute to the disproportionate impact of fraud on these companies. While discrepancies in
levels of certain controls are somewhat expected given the associated costs or resources required to enact them, the gap
between controls in small businesses as opposed to larger organizations is striking. For example, it would be expected that
small businesses would have a lower rate of external audits and that fewer small companies would have a formal internal
audit or fraud examination function. But even less expensive controls were often absent in small businesses. While 64% of
large companies had some sort of management review of controls, processes, accounts or transactions, less than half as
many small businesses had the same type of monitoring in place. Likewise, formal codes of conduct and anti-fraud policies
cost very little to implement, but serve as an effective way to make a clear and explicit statement against fraudulent and
unethical conduct within an organization. Yet only 41% and 16% of small businesses had these policies (respectively) in
place when the fraud occurred — numbers dwarfed by the 83% and 50% rates of larger organizations.
Perhaps most concerning is that only 15% of small businesses had a hotline in place, compared to 64% of larger orga-
nizations. As previously discussed, our research shows that hotlines are consistently the most effective fraud detection
method. Further, as discussed on page 43, the median loss for frauds at companies with hotlines was 59% smaller than
the median loss for frauds at organizations without such a mechanism. Arguably, enacting hotlines would go a long way
in helping small-business owners protect their assets from dishonest employees.
Frequency of Anti-Fraud Controls by Size of Victim Organization

88.0% <100 Employees
83.2%
Management Certification of F/S 32.6% 100+ Employees
71.7%
63.8%
82.6%
Anti-Fraud Control

73.2%
Independent Audit Committee 22.7%
67.4%
57.4%
53.1%
50.0%
Hotline 15.1%
64.2%
51.4%
36.9%
18.3%
9.3%
0% 20% 40% 60% 80% 100%
Percent of Cases

Anti-Fraud Controls by Region

To examine how organizations in different regions approached the fight against fraud, we analyzed the presence of
controls in victim organizations based on where they were located. The following tables illustrate the percentage of
organizations within each region that had the corresponding control in place at the time of the fraud.
It is interesting to note the variations in use of controls by region. Specifically, for some anti-fraud controls, the propor-
tion of victim organizations utilizing the control was markedly greater in regions containing developing countries than in
those regions primarily made up of developed nations. For example, the organizations in Central/South America and the
Caribbean had the highest rate of external audits of both financial statements and internal controls over financial report-
ing, as well as of hotlines. Similarly, codes of conduct, internal audit or fraud examination departments, management
certification of financial statements, independent audit committees, anti-fraud policies and rewards for whistleblowers
were all most common among the African organizations in our study, and management review, surprise audits and job
rotation or mandatory vacation policies were most often implemented by Asian organizations. On the opposite end of
the spectrum, the United States had the lowest rate of presence for several of these controls.
External Audit of Financial Statements Code of Conduct

Region Percent of Cases Region Percent of Cases
Central/South America and the Caribbean 87.1% Africa 80.4%
Europe 86.0% Central/South America and the Caribbean 74.3%
Africa 85.7% Europe 73.9%
Asia 83.9% Canada 73.7%
Canada 80.8% Oceania 72.5%
Oceania 75.0% Asia 68.5%
United States 70.4% United States 68.0%
Internal Audit/Fraud Examination Department External Audit of ICOFR16

Africa 84.8% Central/South America and the Caribbean 65.7%
Europe 76.4% Asia 64.4%
Asia 73.2% Africa 64.3%
Central/South America and the Caribbean 72.9% United States 58.2%
Canada 61.6% Canada 57.6%
United States 60.9% Europe 56.7%
Oceania 50.0% Oceania 52.5%
16
External Audit of ICOFR = Independent audits of the organization’s internal controls
over financial reporting.

Management Certification Management Review
of Financial Statements Region Percent of Cases
Region Percent of Cases Asia 59.4%
Canada 65.7% Canada 53.5%
Oceania 65.0% Africa 52.7%
Asia 62.8% Oceania 52.5%
Europe 62.4% United States 51.6%
United States 56.0% Central/South America and Caribbean 50.0%
Central/South America and Caribbean 51.4%
Hotline
Independent Audit Committee Region Percent of Cases
Region Percent of Cases Central/South America and Caribbean 52.9%
Africa 63.4% United States 52.0%
Canada 59.6% Africa 47.3%
Oceania 57.5% Europe 45.9%
Asia 54.7% Asia 43.3%
Central/South America and Caribbean 54.3% Canada 41.4%
Europe 54.1% Oceania 25.0%
United States 50.8%
Fraud Training for

Employee Support Programs Managers/Executives
Canada 57.6% United States 44.5%
United States 54.8% Africa 41.1%
Oceania 45.0% Asia 40.9%
Central/South America and Caribbean 30.0% Central/South America and Caribbean 37.1%
Europe 28.0% Canada 30.3%
Asia 22.5% Oceania 25.0%
Fraud Training for Employees Anti-Fraud Policy

United States 42.7% Africa 49.1%
Africa 39.3% United States 38.7%
Europe 37.6% Central/South America and Caribbean 38.6%
Asia 37.2% Canada 38.4%
Central/South America and Caribbean 32.9% Asia 36.6%
Canada 29.3% Europe 36.3%

Surprise Audits Job Rotation/Mandatory Vacation

Asia 39.3% Asia 21.8%
Africa 30.4% Africa 20.5%
Canada 28.3% Europe 14.0%
United States 27.2% Canada 13.1%
Europe 24.8% United States 12.6%
Central/South America and Caribbean 24.3% Central/South America and Caribbean 11.4%
Rewards for Whistleblowers

Region Percent of Cases
Africa 9.8%
Asia 9.4%
United States 7.4%
Central/South America and Caribbean 5.7%
Canada 4.0%
Europe 3.8%
Oceania 2.5%
Effectiveness of Controls
We compared the median loss experienced by those organizations that had a particular anti-fraud control against the
median loss for those organizations without that control at the time of the fraud. Hotlines were the control with the great-
est associated reduction in median loss, reinforcing their value as an effective anti-fraud measure. Employee support
programs, surprise audits and fraud training for staff members at all levels were also associated with median loss reduc-
tions of more than 50%. Interestingly, financial statement audits — the most commonly implemented control — was
among the controls with the smallest associated reduction in median loss.

Median Loss Based on Presence of Anti-Fraud Controls
Control17 Percent of Cases Implemented Control in Place Control Not in Place Percent Reduction
Hotline 48.6% $100,000 $245,000 59.2%
Employee Support Programs 44.8% $100,000 $244,000 59.0%
Surprise Audits 28.9% $97,000 $200,000 51.5%
Fraud Training for Employees 39.6% $100,000 $200,000 50.0%
Fraud Training for Managers/Execs 41.5% $100,000 $200,000 50.0%
Job Rotation/Mandatory Vacation 14.6% $100,000 $188,000 46.8%
Code of Conduct 69.9% $140,000 $262,000 46.6%
Anti-Fraud Policy 39.0% $120,000 $200,000 40.0%
Management Review 53.3% $120,000 $200,000 40.0%
External Audit of ICOFR 59.3% $140,000 $215,000 34.9%
Internal Audit/FE Department 66.4% $145,000 $209,000 30.6%
Independent Audit Committee 53.2% $140,000 $200,000 30.0%
Management Certification of F/S 58.9% $150,000 $200,000 25.0%
External Audit of F/S 76.1% $150,000 $200,000 25.0%
Rewards for Whistleblowers 7.4% $119,000 $155,000 23.2%
Similarly, we compared the duration of fraud schemes at organizations with and without anti-fraud controls. As reflected
in the table below, the presence of each control correlated with a reduction in the duration of fraud. We found it interest-
ing that the controls associated with the greatest reduction in scheme lengths are not the same as the ones that had the
most impact on median loss.
Duration Based on Presence of Anti-Fraud Controls

17
Control Percent of Cases Implemented Control in Place Control Not in Place Percent Reduction
Management Review 53.3% 12 months 24 months 50.0%
Internal Audit/FE Department 66.4% 14 months 24 months 41.7%
External Audit of ICOFR 59.3% 15 months 24 months 37.5%
Code of Conduct 69.9% 15 months 24 months 37.5%
Surprise Audits 28.9% 12 months 19 months 36.8%
Hotline 48.6% 13 months 20 months 35.0%
Management Certification of F/S 58.9% 15 months 23 months 34.8%
Rewards for Whistleblowers 7.4% 12 months 18 months 33.3%
Job Rotation/Mandatory Vacation 14.6% 12 months 18 months 33.3%
External Audit of F/S 76.1% 16 months 24 months 33.3%
Anti-Fraud Policy 39.0% 13 months 18 months 27.8%
Fraud Training for Employees 39.6% 13 months 18 months 27.8%
Fraud Training for Managers/Execs 41.5% 13 months 18 months 27.8%
Independent Audit Committee 53.2% 15 months 20 months 25.0%
Employee Support Programs 44.8% 15 months 18 months 16.7%
17
KEY:

Importance of Controls in Detecting or Limiting Fraud

Not all controls are effective against all frauds. Most control mechanisms are more likely to detect or deter some fraud
schemes than others. Likewise, some perpetrators are more adept than others at circumventing particular controls, and
some controls are more susceptible to being overridden than others.
We thought it useful to examine which controls had the greatest effect on the frauds reported in our study. We asked the
CFEs who took part in our survey to rank the importance of several anti-fraud controls in detecting or limiting the fraud.
The following chart shows the respondents’ opinions regarding each control’s usefulness.
Importance of Control in Detecting or Limiting Fraud
Internal Audit/ 60.8% Very Important

17.9%
FE Department 19.2%
50.3% Somewhat Important
21.4%
49.0% Not at all Important
23.5%
42.0%
Control18
Job Rotation/ 25.3%

Mandatory Vacation 31.2%
41.3%
Hotline 19.3%
38.3%
Rewards for 36.0%

32.4%
Whistleblowers 29.4%
External Audit 31.5%

24.5%
of ICOFR 40.7%
27.9%
45.4%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Percent of Respondents
18
KEY:

Control Weaknesses That Contributed to Fraud
We also asked survey respondents to identify which of several common issues they considered to be the primary factor that
allowed the fraud to occur. A lack of internal controls, such as segregation of duties, was cited as the biggest deficiency in 38%
of the cases. In more than 19% of the cases, internal controls were in place but were overridden by the perpetrator or perpetra-
tors in order to commit and conceal the fraud. Interestingly, even though hotlines are consistently the most effective detective
control mechanism, and even though less than half of the victim organizations had a hotline in place at the time of the fraud, a
lack of reporting mechanism was the control deficiency least commonly cited by the CFEs who participated in our study.
Primary Internal Control Weakness Observed by CFEs
Lack of Independent
Checks/Audits Lack of Employee
Lack of Competent 5.6% Fraud Education
Personnel in 1.9%
Oversight Roles
6.9% Lack of Clear Lines
of Authority
Poor Tone at the Top 1.8%
8.4%
Lack of Lack of Reporting

Management Mechanism
Review 0.6%
17.9% Lack of Internal
Controls
Override of Existing 37.8%
Internal Controls
19.2%
To further examine the unique challenges faced by small businesses, we compared internal control weaknesses at orga-
nizations with fewer than 100 employees to those at larger organizations. As shown in the chart at the top of page 46, the
small organizations had a noted deficiency in internal controls that allowed fraud to occur. In nearly half of the cases at small
companies, a lack of internal controls was cited as the factor that most contributed to the occurrence of the fraud. Control
overrides were markedly less common at small companies than at their larger counterparts, most likely because the lack of
controls in so many small organizations meant there was nothing to override.
We were also interested to see what factors led to the success of the largest frauds in our study — those causing losses of
more than $1 million. Clearly, one deficiency is much more common in the million-dollar frauds than in smaller frauds: a poor
tone at the top. This weakness was cited nearly three times as often in million-dollar cases as in cases with smaller losses.

Primary Internal Control Weakness by Size of Victim Organization
47.0% <100 Employees

Lack of Internal Controls 33.7%
Most Important Contributing Factor
17.5%
Lack of Management Review 100+ Employees
17.8%
12.0%
Override of Existing Internal Controls 22.3%
7.8%
Poor Tone at the Top 8.5%
7.0%
Lack of Independent Checks/Audits 5.2%
Lack of Competent Personnel 5.8%

in Oversight Roles 7.8%
1.6%
Lack of Clear Lines of Authority 2.0%
1.2%
Lack of Employee Fraud Education 2.0%
0.2%
Lack of Reporting Mechanism 0.9%
0% 10% 20% 30% 40% 50%
Percent of Cases
Primary Internal Control Weakness in Largest Cases
32.7% $1 Million+ Cases

Lack of Internal Controls
39.7%
Most Important Contributing Factor
19.0%
Override of Existing Internal Controls 19.1%
<$1 Million Cases
16.8%
Lack of Management Review 18.2%
16.3%
Poor Tone at the Top
5.8%
Lack of Competent Personnel 6.7%

in Oversight Roles 7.0%
6.5%
Lack of Independent Checks/Audits
5.3%
0.7%
Lack of Employee Fraud Education
2.3%
0.7%
Lack of Clear Lines of Authority
2.0%
0.5%
Lack of Reporting Mechanism
0.7%
0% 10% 20% 30% 40% 50%
Percent of Cases

Modification of Controls Victim Organizations That Modified
In response to the discovery of the fraud, more than 80% of Controls After Discovery of Fraud
the victim organizations in our study implemented or modi-
fied internal controls. While this percentage is quite high, it Did Not
Modify Controls
indicates that nearly one out of five victims retained the same 19.4%
control system — or lack thereof — that was ineffective in
preventing the reported fraud schemes. Of those organiza-
tions that did implement or modify their internal controls in Did Modify Controls
80.6%
response to the fraud, more than 60% increased segregation
of duties, more than half added formal review of internal con-
trols by management and 23% implemented surprise audits.
Internal Controls Modified or Implemented in Response to Fraud19
Increased Segregation of Duties 61.2%

Control Implemented/Modified20
Hotline 7.9%
Indpendent Audit Committee 6.0%
Management Certification of F/S 5.9%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Percent of Cases
19
The sum of percentages in this chart exceeds 100% because many victim organizations modified more than one anti-fraud control in response to the fraud.
20
KEY:

Perpetrators
We asked respondents to provide information about the

fraud perpetrators in their cases so we could better un-
We collected information about
derstand how occupational fraud levels and losses are
the individuals responsible for
related to demographic information such as age, job
type, gender, education and position of authority. In cas- occupational fraud in order to
es where there were multiple offenders, the responses better understand the character-
relate to the principal perpetrator — the person identified istics of those who commit fraud.
by the CFE as the primary culprit in the case. The follow-
ing is a summary of the data we received.
Perpetrator’s Position
We asked survey respondents whether the perpetrator
was an employee, a manager or an owner/executive. Be-
low we see that the distribution of cases based on the
perpetrator’s position was fairly similar to what we found
in our 2008 study, although the 2010 distribution was
slightly more skewed toward employees and managers.
Not surprisingly, there was a strong correlation between the More than 80% of the frauds in our study
perpetrator’s position of authority and the losses caused by were committed by individuals in six
fraud. The median loss in owner/executive frauds was more
departments: accounting, operations,
than three times the loss caused by managers, and more
sales, executive/upper management,
customer service and purchasing.
than nine times higher than losses in employee fraud cases.
Position of Perpetrator — Frequency
2010
42.1%
Employee
Position of Perpetrator
39.7% 2008
41.0%
Manager
37.1%
16.9%
Owner/Executive
23.3%
0% 10% 20% 30% 40% 50%
Percent of Cases

Position of Perpetrator — Median Loss
2010
$80,000
Employee
$70,000 2008
$200,000
Manager
$150,000
$723,000
Owner/Executive
$834,000
$0 $200,000 $400,000 $600,000 $800,000 $1,000,000
Median Loss
As the following table illustrates, frauds committed by

Months to Detection Based on Position
higher-level perpetrators also took longer to detect. Cases
Position Median Months to Detect
perpetrated by owners and executives typically lasted for
Employee 13
two years before they were detected — nearly twice as
Manager 18
long as employee frauds.
Owner/Executive 24
Position of Perpetrators by Region

The charts on pages 50-52 present the distribution of perpetrators by level of authority for each region. In every region,
owners/executives accounted for between 12% and 18% of reported frauds, and the losses caused by owners/execu-
tives were significantly higher than those caused by managers or employees.
In the United States and Canada, employees were the largest block of fraud perpetrators (46% in each country). In Europe,
Asia and Central/South America, however, managers accounted for 50% or more of the reported occupational frauds. In
Africa and Oceania, the number of frauds committed by managers and employees were roughly equal.

Perpetrators
Position of Perpetrator in the United States — 968 Cases

(percent of cases)
Employee (46.2%) $50,000
Manager (36.7%) $150,000
Owner/Executive (17.1%) $485,000
$0 $100,000 $200,000 $300,000 $400,000 $500,000
Median Loss
Position of Perpetrator in Asia — 259 Cases

(percent of cases)
Employee (32.8%) $143,000
Manager (50.6%) $220,000
Owner/Executive (16.6%) $1,000,000
$0 $200,000 $400,000 $600,000 $800,000 $1,000,000
Median Loss
Position of Perpetrator in Europe — 141 Cases

$340,000
(percent of cases)
Employee (31.9%)
Manager (50.4%) $350,000
$0 $500,000 $1,000,000 $1,500,000 $2,000,000
Median Loss

Position of Perpetrator in Africa — 108 Cases
$150,000
(percent of cases)
Employee (44.4%)
Manager (43.5%) $270,000
$0 $200,000 $400,000 $600,000 $800,000 $1,000,000
Median Loss
Position of Perpetrator in Canada — 89 Cases

(percent of cases)
Employee (46.1%) $63,000
Manager (36.0%) $250,000
$0 $100,000 $200,000 $300,000 $400,000
Median Loss
Position of Perpetrator in Central/South America and the Caribbean — 64 Cases

$31,000
(percent of cases)
Employee (32.8%)
Manager (50.0%) $250,000
$0 $500,000 $1,000,000 $1,500,000
Median Loss

Perpetrators
Position of Perpetrator in Oceania — 40 Cases

$338,000
(percent of cases)
Employee (40.0%)
Manager (45.0%) $300,000
$0 $200,000 $400,000 $600,000 $800,000
Median Loss
Perpetrator’s Gender
Two-thirds of the frauds in our study were committed by males, which is a higher percentage than we encountered in 2008,
but consistent with the overall trend noted in prior reports that most occupational frauds are committed by men.
Gender of Perpetrator — Frequency

Gender of Perpetrator
2010
66.7%
Male 2008
59.1%
33.3%
Female
40.9%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Percent of Cases

The following chart shows the gender of perpetrators based on the region in which frauds occurred. Asia had the highest
ratio of male perpetrators (87%), while the United States had the lowest (57%).
Gender of Perpetrator Based on Region
86.7% Male
Asia
13.3%
Female
82.1%
Europe
17.9%
Central/South America 80.9%

and the Caribbean 19.1%
Region
75.7%
Africa
24.3%
67.5%
Oceania
32.5%
58.1%
Canada
41.9%
57.2%
United States
42.8%
0% 20% 40% 60% 80% 100%
Percent of Cases
Males accounted for significantly higher median fraud losses than females, which is also consistent with our previous studies.
The median loss caused by a male perpetrator was more than twice as high as the median loss caused by a female.
Gender of Perpetrator — Median Loss

2010
Gender of Perpetrator
$232,000
Male 2008
$250,000
$100,000
Female
$110,000
$0 $50,000 $100,000 $150,000 $200,000 $250,000
Median Loss

Perpetrators
When broken down by region, we see that fraud losses caused by male perpetrators were higher than females in every
region. The gap was particularly large in Europe and Oceania.21
Median Loss Based on Gender and Region of Perpetrator
$300,000 Male
Asia
$200,000
Female
$680,000
Europe
$160,000
Central/South America $200,000

and the Caribbean $124,000
Region
$238,000
Africa
$182,000
$500,000
Oceania
$230,000
$145,000
Canada
$125,000
$167,000
United States
$82,000
$0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000 $700,000 $800,000
Median Loss
To some extent, the higher losses caused by males are attributable to the fact that they tended to occupy higher posi-
tions of authority within the victim organizations. There were an equal number of male and female fraudsters at the
employee level, but the manager and owner/executive levels — which tend to cause higher losses — were dominated
by males. Seventy-four percent of all managers and 88% of all owners/executives in the study were male.
Surprisingly, though, even when we compared median losses within each position group, male fraud losses tended to be
higher. At the employee level, losses caused by males were 36% higher than those caused by females; at the manager
level, they were 67% higher, and at the owner/executive level, they were 325% higher.22
21
There was a small sample of only 40 cases in Oceania, which may impact the reliability of the findings from that region.
22
There was a small sample of only 35 frauds committed by female owners and executives, which may impact the reliability of that data.

It is unclear exactly why this trend appears in our data, but one possible explanation is that even within each position
group, there tend to be bands of authority — meaning some managers or executives have more authority than others. We
could be seeing the effect of higher male authority within each position.
Position of Perpetrator Based on Gender
Male
356
Employee
356 Female
514
Manager
184
247
Owner/Executive
35
0 100 200 300 400 500 600
Number of Cases
Position of Perpetrator — Median Loss Based on Gender
Male
$95,000
Employee
$70,000 Female
$250,000
Manager
$150,000
$850,000
Owner/Executive
$200,000
$0 $200,000 $400,000 $600,000 $800,000 $1,000,000
Median Loss

Perpetrators
Perpetrator’s Age
The distribution of perpetrators based on their age was similar to our 2008 study, but the 2010 perpetrators tended to be
slightly younger. Our past reports have generally shown the highest levels of fraud to occur in the 36–50 age range, but this
year we found more than half of all cases were committed by individuals between the ages of 31 and 45. Generally speak-
ing, median losses tended to rise with the age of the perpetrator, which is consistent with our prior research. The most
notable difference between 2008 and 2010 is the losses caused by perpetrators older than 60. In each study, however,
we were dealing with fewer than 40 cases in that category. Given the small sample size, we believe this is more likely to
be an anomaly than an indication of any particular trend.
Age of Perpetrator — Frequency

20% 19.3% 19.3%
2010
18.1%
17.5%
16.1% 16.2% 2008
15%
13.7%
12.8%
Percent of Cases
12.0%
10% 9.6% 9.4%

8.1%
6.9%
5.2% 5.2%
5% 4.6%
3.9%
2.2%
0%
<26 26 – 30 31 – 35 36 – 40 41 – 45 46 – 50 51 – 55 56 – 60 >60
Age of Perpetrator

Age of Perpetrator — Median Loss
$1,000,000
2010
$974,000
2008
$800,000
Median Loss
$636,000
$600,000
$435,000
$428,000
$400,000
$360,000
$344,000
$145,000
$321,000
$127,000
$120,000
$113,000
$270,000
$265,000
$60,000
$200,000
$50,000
$200,000
$25,000
$15,000
$0
<26 26 – 30 31 – 35 36 – 40 41 – 45 46 – 50 51 – 55 56 – 60 >60
Age of Perpetrator
Perpetrator’s Tenure
Tenure may have an effect on occupational fraud rates and losses because individuals who work for an organization for
a longer period of time tend to engender more trust from their co-workers and superiors. They also may acquire higher
levels of authority, and they tend to develop a better understanding of the organization’s internal practices and proce-
dures, which can help them design frauds that will evade internal controls.
The distribution of fraudsters based on their tenure in this study was very similar to what we found in 2008. More than
40% of perpetrators had between one and five years of experience at the victim organization when they committed the
fraud, while a very small percentage had been with the victim organization for less than a year. About half of all fraudsters
had been with the victim for more than five years (see page 58).
As would be expected, losses tended to rise as the perpetrators’ tenure increased. Employees who had more than five
years of tenure with the victim organization caused median losses of more than $200,000. Those who had been with the
victim for five years or less caused much lower losses.

Perpetrators
Tenure of Perpetrator — Frequency

50%
45.7% 2010
40.5% 2008
40%
Percent of Cases
30% 27.5%
24.6% 25.4%
23.2%
20%
10% 7.4%
5.7%
0%
Less than 1 year 1 – 5 years 6 – 10 years 10 years or more
Tenure of Perpetrator
Tenure of Perpetrator — Median Loss

$300,000 $289,000
2010
$261,000
$250,000
$250,000 2008
$231,000
$200,000
Median Loss
$150,000 $142,000
$114,000
$100,000
$47,000 $50,000
$50,000
$0
Less than 1 year 1 – 5 years 6 – 10 years 10 years or more
Tenure of Perpetrator

Perpetrator’s Education Level
Education level may also affect fraud rates and losses, because more highly educated individuals tend to have greater
levels of responsibility and perhaps greater technical ability to design sophisticated fraud schemes. The following chart
shows the distribution of perpetrators in this study based on their education level. Fifty-two percent of all perpetrators
had a college or postgraduate degree, which was up slightly from our 2008 findings. As would be expected, median
losses rose in correlation with increased education levels, but losses caused by individuals with a postgraduate degree
were much lower in 2010 than in our 2008 study.
Education of Perpetrator — Frequency
2010
Education Level of Perpetrator
14.0%
Postgraduate Degree
10.9%
2008
38.0%
College Degree
34.4%
17.1%
Some College
20.8%
28.8%
High School Graduate
33.9%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Percent of Cases
Education of Perpetrator — Median Loss
2010
Education Level of Perpetrator
$300,000
Postgraduate Degree
$550,000
2008
$234,000
College Degree
$210,000
$136,000
Some College
$196,000
$100,000
High School Graduate
$100,000
$0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000
Median Loss

Perpetrators
Perpetrator’s Department
The table below left shows how frauds were distributed across various departments within the victim organizations. Inter-
estingly, 80% of all frauds in this study were committed by employees in six departments: accounting, operations, sales,
executive/upper management, customer service and purchasing. In our 2008 study, these six departments accounted for
83% of all cases. Additionally, the frauds in these six departments also accounted for 95% of all losses in our 2010 study,
and 99% in 2008.
The table below right presents the same data on frauds by department, but is sorted based on median losses. Among
the six highest-frequency departments we see that upper management ($829,000) and purchasing ($500,000) caused
the highest median losses. Frauds committed in the sales ($95,000) and customer service ($46,000) departments tended
to result in much lower losses.
Number of Cases Based Median Loss Based

on Perpetrator’s Department on Perpetrator’s Department
Number Median Number Median
Department Percentage Department Percentage
of Cases Loss of Cases Loss
Accounting 367 22.0% $180,000 Executive/Upper 224 13.5% $829,000
Management
Operations 299 18.0% $105,000
Board of Directors 24 1.4% $800,000
Sales 225 13.5% $95,000
Legal 8 0.5% $566,000
Executive/Upper 224 13.5% $829,000
Management Purchasing 103 6.2% $500,000
Customer Service 120 7.2% $46,000 Finance 70 4.2% $450,000
Purchasing 103 6.2% $500,000 Marketing/Public 34 2.0% $248,000
Relations
Warehousing/Inventory 78 4.7% $239,000
Warehousing/Inventory 78 4.7% $239,000
Finance 70 4.2% $450,000
Human Resources 22 1.3% $200,000
Information Technology 47 2.8% $71,400
Accounting 367 22.0% $180,000
Marketing/Public 34 2.0% $248,000
Relations Manufacturing and 28 1.7% $150,000
Production
Manufacturing and 28 1.7% $150,000
Production Operations 299 18.0% $105,000
Board of Directors 24 1.4% $800,000 Research and 13 0.8% $100,000
Development
Human Resources 22 1.3% $200,000
Sales 225 13.5% $95,000
Research and 13 0.8% $100,000
Development Information Technology 47 2.8% $71,400
Legal 8 0.5% $566,000 Customer Service 120 7.2% $46,000
Internal Audit 3 0.2% $13,000 Internal Audit 3 0.2% $13,000

Perpetrator’s Department Based on Region
The following tables show the distribution of perpetrators based on their department for each region. In every region but
Asia, accounting departments were associated with the greatest number of frauds. Overall, the distribution of cases was
very similar regardless of region. The six highest-frequency departments (accounting, operations, sales, executive/upper
management, customer service and purchasing) accounted for between 70% and 85% of the cases in every region.
United States — 913 Cases Asia — 272 Cases

Number Percent Number Percent
Department Department
of Cases of Cases of Cases of Cases
Accounting 222 24.3% Sales 57 21.0%
Operations 189 20.7% Operations 42 15.4%
Executive/Upper Management 127 13.9% Accounting 41 15.1%
Sales 120 13.1% Executive/Upper Management 38 14.0%
Customer Service 77 8.4% Purchasing 29 10.7%
Purchasing 39 4.3% Finance 11 4.0%
Warehousing/Inventory 36 3.9% Warehousing/Inventory 11 4.0%
Finance 28 3.1% Customer Service 9 3.3%
Information Technology 26 2.8% Board of Directors 8 2.9%
Manufacturing and Production 11 1.2% Marketing/Public Relations 8 2.9%
Marketing/Public Relations 11 1.2% Human Resources 6 2.2%
Legal 7 0.8% Manufacturing and Production 6 2.2%
Board of Directors 6 0.7% Information Technology 4 1.5%
Human Resources 6 0.7% Internal Audit 1 0.4%
Research and Development 6 0.7% Research and Development 1 0.4%
Internal Audit 2 0.2%
Africa — 105 Cases

Europe — 146 Cases Number Percent
Department
Number Percent of Cases of Cases
Department
of Cases of Cases Accounting 31 29.5%
Accounting 26 17.8% Operations 13 12.4%
Executive/Upper Management 23 15.8% Finance 11 10.5%
Operations 21 14.4% Customer Service 9 8.6%
Purchasing 13 8.9% Executive/Upper Management 9 8.6%
Sales 13 8.9% Purchasing 7 6.7%
Finance 11 7.5% Warehousing/Inventory 6 5.7%
Customer Service 8 5.5% Human Resources 5 4.8%
Warehousing/Inventory 8 5.5% Sales 5 4.8%
Board of Directors 6 4.1% Information Technology 3 2.9%
Information Technology 6 4.1% Manufacturing and Production 3 2.9%
Marketing/Public Relations 5 3.4% Board of Directors 1 1.0%
Research and Development 4 2.7% Legal 1 1.0%
Human Resources 1 0.7% Marketing/Public Relations 1 1.0%
Manufacturing and Production 1 0.7%

Perpetrators
Canada — 89 Cases Central/South America and

Number Percent the Caribbean — 66 Cases
Department
of Cases of Cases Number Percent
Department
Accounting 22 24.7% of Cases of Cases
Operations 18 20.2% Accounting 10 15.2%
Executive/Upper Management 12 13.5% Executive/Upper Management 9 13.6%
Customer Service 9 10.1% Sales 8 12.1%
Sales 9 10.1% Purchasing 7 10.6%
Warehousing/Inventory 7 7.9% Customer Service 6 9.1%
Information Technology 4 4.5% Operations 6 9.1%
Finance 2 2.2% Finance 5 7.6%
Human Resources 2 2.2% Marketing/Public Relations 5 7.6%
Purchasing 2 2.2% Manufacturing and Production 4 6.1%
Board of Directors 1 1.1% Warehousing/Inventory 3 4.5%
Marketing/Public Relations 1 1.1% Board of Directors 1 1.5%
Human Resources 1 1.5%
Information Technology 1 1.5%
Number Percent
Department
of Cases of Cases
Accounting 12 31.6%
Operations 5 13.2%
Sales 5 13.2%
Warehousing/Inventory 4 10.5%
Executive/Upper Management 3 7.9%
Information Technology 2 5.3%
Purchasing 2 5.3%
Research and Development 2 5.3%
Customer Service 1 2.6%
Finance 1 2.6%
Marketing/Public Relations 1 2.6%

Schemes Based on Perpetrator’s Department
We broke down the distribution of fraud schemes based on the perpetrator’s department to see how methods of fraud
varied depending on where the perpetrator worked within an organization. We limited our inquiry to the six highest-
frequency departments: accounting, operations, sales, executive/upper management, customer service and purchasing.
As noted earlier, those six departments accounted for 80% of all cases.
Accounting Department
The most common schemes committed by fraudsters in the accounting department were check tampering and billing fraud,
each of which occurred in over 30% of cases. When compared to the overall distribution, we see that accounting personnel
are much more likely than other employees to commit check tampering and payroll fraud, but less likely to engage in corrup-
tion or steal non-cash assets. This distribution was similar to what we encountered in 2008.
Schemes Committed by Perpetrators in the Accounting Department — 367 Cases23
Check Tampering 33.2%

13.4% Accounting
30.8%
Billing
26.0%
All Cases
18.3%
Skimming
14.5%
16.3%
Cash Larceny
9.8%
15.8%
Payroll
Scheme Type
8.5%
13.1%
Cash on Hand 12.0%
11.4%
Expense Reimbursement
15.1%
10.4%
Corruption
32.8%
5.7%
Non-Cash
17.5%
4.1%
4.8%
2.2%
3.0%
0% 5% 10% 15% 20% 25% 30% 35%
Percent of Cases
23

Perpetrators
Primary Operations
Fraudsters who worked in the primary operations of the victim organization most often engaged in corruption (31% of
cases) and billing fraud (22%). The distribution of frauds by operations staff was consistent with the overall distribution
of frauds.
Schemes Committed by Perpetrators in the Primary

Operations of the Victim Organization — 299 Cases24
30.8% Operations
Corruption 32.8%
22.1%
Billing 26.0%
All Cases
15.7%
15.4%
Non-Cash 17.5%
14.7%
Scheme Type
Skimming 14.5%
13.0%
Cash on Hand 12.0%
11.0%
9.4%
Payroll 8.5%
9.0%
Cash Larceny 9.8%
2.7%
2.0%
Register Disbursements 3.0%
0% 5% 10% 15% 20% 25% 30% 35%
Percent of Cases
24

Sales Department
The most common frauds in the sales department were corruption (34% of cases) and theft of non-cash assets (24%).
Fraudsters in the sales department were somewhat more likely than others to steal non-cash assets. Conversely, they
were much less likely to engage in billing schemes, check tampering or payroll fraud.
Schemes Committed by Perpetrators in the Sales Department — 225 Cases25
33.8%
Corruption Sales
32.8%
23.6%
Non-Cash
17.5%
All Cases
16.4%
Skimming
14.5%
15.6%
13.8%
Billing
Scheme Type
26.0%
12.0%
Cash on Hand 12.0%
9.3%
Cash Larceny
9.8%
8.0%
4.0%
Check Tampering
13.4%
3.6%
4.8%
1.8%
Payroll
8.5%
0% 5% 10% 15% 20% 25% 30% 35%
Percent of Cases
25

Perpetrators
Executive or Upper Management

When fraud occurred in the executive suite, nearly half of the cases involved corruption. Billing fraud (41%) and expense
reimbursement schemes (30%) were also very common. All three of these schemes occurred with much more frequen-
cy among executives than other employees. Financial statement fraud schemes were also much more common among
executives and upper management.
Schemes Committed by Perpetrators in Executive/

Upper Management Positions — 224 Cases26
Corruption 48.7% Executive/

32.8% Upper Management
Billing 40.6%
26.0%
All Cases
15.1%
Non-Cash 18.3%
17.5%
Payroll 16.1%
Scheme Type
8.5%

13.4%
Skimming 13.8%
12.0%

4.8%
Cash on Hand 12.5%

12.0%
Cash Larceny 11.6%

9.8%

3.0%
0% 10% 20% 30% 40% 50%
Percent of Cases
26

Customer Service Department
Corruption was the most common form of fraud among customer service employees (22% of cases), but compared
to the distribution for all cases, we see that corruption was actually much less likely to occur in customer service than
elsewhere. Conversely, skimming, theft of cash on hand and fraudulent register disbursements were more likely to occur
in customer service than in other areas of the organization.
Schemes Committed by Perpetrators in the Customer Service Department — 120 Cases27
Corruption 21.7%
Customer Service
32.8%
19.2%
Skimming
14.5%
All Cases
18.3%
Cash on Hand
12.0%
17.5%
Non-Cash
17.5%
9.2%
Cash Larceny
Scheme Type
9.8%
8.3%
Billing
26.0%
8.3%
Check Tampering
13.4%
8.3%
3.3%
Expense Reimbursement
15.1%
1.7%
4.8%
0.8%
Payroll
8.5%
0% 5% 10% 15% 20% 25% 30% 35%
Percent of Cases
27

Perpetrators
Purchasing Department
The vast majority of frauds in the purchasing department involved corruption (72% of cases), and billing schemes also
occurred at a very high rate (43%). Both of these schemes were more likely to occur in the purchasing department than
in any other area of the organization, which is not surprising because the purchasing function often lends itself to bribery,
overbilling and bid rigging schemes, which are among the most costly forms of occupational fraud.
Schemes Committed by Perpetrators in the Purchasing Department — 103 Cases28
71.8%
Corruption Purchasing
32.8%
42.7%
Billing
26.0%
All Cases
13.6%
Non-Cash
17.5%
9.7%
5.8%
Skimming
Scheme Type
14.5%
4.9%
Cash on Hand 12.0%
4.9%
Check Tampering
13.4%
2.9%
Cash Larceny 9.8%
1.9%
Payroll
8.5%
0.0%
4.8%
0.0%
3.0%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Percent of Cases
28

Perpetrator’s Criminal and Employment Perpetrator’s Criminal Background
History
100%
2010
85.7% 87.4%
Perpetrator’s Criminal Background 2008
80%
Percent of Cases
Only 7% of the fraud perpetrators in our study had been
previously convicted of a fraud-related offense, which
60%
was virtually identical to our finding in 2008. Eighty-six
percent had never been charged with or convicted of a 40%
prior offense. The low rate of prior convictions suggests
that criminal background checks may have some effect in 20%
preventing fraud, but the effect is probably limited. 6.7% 6.8% 7.7% 5.7%
0%
Never Charged Prior Charged But
Perpetrator’s Employment Background or Convicted Convictions Not Convicted
In addition to criminal history, past employment issues
may indicate that an employee is more likely to engage Criminal Background
in fraudulent conduct in the future. Of the respondents in
our survey, 791 were able to provide information about
the perpetrator’s prior employment history. Among those Perpetrator’s Employment Background
cases, about 8% of perpetrators had been previously
100%
punished and 10% had been previously terminated for 2010
82.4% 82.6%
fraud-related conduct. 2008
80%
Percent of Cases
Behavioral Red Flags Displayed by 60%

Perpetrators
While a fraud is ongoing, the perpetrator often displays
40%
certain behaviors or characteristics that might indicate he
or she has a heightened risk of committing fraud. On their 20%
12.3%
own, these behavioral red flags do not prove an individual 9.5% 8.1%
5.1%
is engaged in a fraud, but they should raise warning sig- 0%
Never Punished Previously Previously
nals to the individual’s co-workers and managers, as well
or Terminated Terminated Punished
as the organization’s anti-fraud staff. When these red flags
exist alongside other indicators of misconduct, this can be Employment Background
a strong clue that something is wrong. As discussed earlier
in this report, occupational frauds often last for months or
years before they are caught, so the ability to detect frauds
as early as possible can have a big effect in limiting losses.

Perpetrators
We presented survey respondents with a list of common behavioral red flags and asked them to identify which of these
warning signs had been displayed by the perpetrator prior to detection of the fraud. As shown in the chart below, the most
common red flags displayed by perpetrators were living beyond financial means (43% of cases), experiencing financial
difficulties (36%), excessive control issues with regard to their jobs (23%) and an unusually close association with vendors
or customers (22%). This distribution is very similar to what we found in our 2008 study. As we continue to track this
data in future studies, we hope to be able to identify consistent relationships between behavioral warning signs and
the occurrence of occupational fraud. Ideally, this data will help organizations build better fraud-detection programs that
incorporate behavioral data in addition to more standard anti-fraud controls.
Behavioral Red Flags of Perpetrators29
43.0% 2010
Living beyond means 38.6%
36.4%
Financial difficulties 34.1% 2008
22.6%
Control issues, unwillingness to share duties 18.7%
22.1%
Unusually close association with vendor/customer 15.2%
19.2%
Wheeler-dealer attitude 20.3%
17.6%
Divorce/family problems 17.1%
14.1%
Behavioral Red Flag
Irritability, suspiciousness or defensiveness 13.6%
11.9%
Addiction problems 13.3%
10.2%
Refusal to take vacations 6.8%
9.3%
Past employment-related problems 7.9%
7.9%
Complained about inadequate pay 7.3%
7.5%
Excessive pressure from within organization 6.5%
6.3%
Past legal problems 8.7%
5.6%
Instability in life circumstances 4.9%
5.1%
Excessive family/peer pressure for success 4.2%
4.6%
Complained about lack of authority 3.6%
0% 10% 20% 30% 40% 50%
Percent of Cases
29
The sum of percentages in this chart exceeds 100% because in many cases perpetrators displayed more than one behavioral red flag.

Red Flags Based on Perpetrator’s Position
The behavioral indicators that a fraud perpetrator displays can vary depending on a number of factors. The following
chart shows the distribution of red flags based on the perpetrator’s level of authority. Among employee-level fraudsters,
the most common behavioral red flag was financial difficulties, which was present in nearly half of all employee fraud
cases. Because employee-level fraudsters generally have lower incomes than managers or owners/executives, we would
expect their motivation for committing fraud to more often be based on an immediate, pressing financial need, which
explains why this red flag shows up so often. While financial difficulty was still frequently cited in cases involving manag-
ers and owners/executives, it occurred much less often. Conversely, owners/executives and managers were much more
likely than employees to display control issues, to have unusually close associations with vendors or customers or to
exhibit a “wheeler-dealer” attitude. Each of these red flags tends to reflect the authority level of owners/executives and
managers, who are in a better position than employees to influence organizational decision-making, arrange deals with
outside parties and exert their control over the direction or tone of the organization.
Behavioral Red Flags of Perpetrators Based on Position30
40.7%
Living beyond means 43.8% Employee
48.3%
47.6%
Financial difficulties 30.7%
26.1% Manager
15.2%
33.0%
Owner/Executive
12.1%
24.9%
10.7%
35.2%
19.3%
16.5%
9.8%
Behavioral Red Flag
16.5%
12.1%
10.7%
11.6%
7.7%
11.1%
8.4%
9.8%
7.3%
4.8%
8.4%
6.3%
7.7%
6.6%
5.7%
5.8%
5.7%
2.6%
2.7%
0% 10% 20% 30% 40% 50%
Percent of Cases
30

Perpetrators
Red Flags Based on Scheme Type

We also broke down the distribution of red flags based on the type of fraud. Different forms of occupational fraud result
from different factors and circumstances, which we would expect to show up in the fraudsters’ behavior. As the chart
below illustrates, individuals who engaged in financial statement frauds were much more likely than other perpetrators
to exhibit control issues or to be under excessive pressure to perform within their organization. Meanwhile, living beyond
one’s means and experiencing financial difficulties were not as common among financial statement fraudsters as oth-
ers. This makes sense, because while asset misappropriations and corruption schemes are almost always committed to
enrich the fraudster, in many financial statement schemes, other factors — such as meeting earnings forecasts or hitting
budget targets — may be as much of a motivator as personal financial gain. An unusually close association with a vendor
or customer was noted as a red flag in 45% of corruption cases, which is not surprising given that most corruption frauds
involve bribery or some kind of illicit benefit. A “wheeler-dealer” attitude was also more common in corruption cases than
in other forms of fraud, and 42% of all corruption perpetrators were identified as living beyond their means. Among those
who misappropriated assets, living beyond one’s means and financial difficulties were the two most common red flags.
Behavioral Red Flags of Perpetrators Based on Scheme Type31

22.7%
Living beyond means 42.0% Financial Statement Fraud
44.8%
24.0%
Financial difficulties 25.2%
39.3% Corruption
33.3%
22.2%
Asset Misappropriation
20.0%
19.3%
26.7%
18.5%
8.0%
19.0%
18.7%
Behavioral Red Flag
14.3%
9.3%
12.9%
14.7%
10.7%
10.7%
9.1%
6.7%
8.6%
21.3%
6.4%
8.0%
6.4%
2.7%
5.9%
9.3%
5.4%
4.0%
4.7%
0% 10% 20% 30% 40% 50%
Percent of Cases
31

Red Flags Based on Region
The following tables present the distribution of behav-
Asia — 271 Cases
ioral red flags based on the region in which the fraud
Number Percent
Behavioral Red Flag
occurred.32 In every region, financial difficulties or living of Cases of Cases
beyond one’s means was cited as the most common red Living beyond means 96 35.4%
Unusually close association with vendor 94 34.7%
flag. We also noted that unusually close associations with
Financial difficulties 62 22.9%
vendors or customers was among the three most com-
Control issues, unwillingness to share duties 46 17.0%
mon red flags in every region except the United States Excessive pressure from within organization 41 15.1%
and Canada, where it ranked 6th and 9th, respectively. Wheeler-dealer attitude 39 14.4%
Refusal to take vacations 31 11.4%
Irritability, suspiciousness or defensiveness 27 10.0%
United States — 876 Cases
Complaining about inadequate pay 25 9.2%
Number Percent
Behavioral Red Flag Complaining about lack of authority 19 7.0%
of Cases of Cases
Addiction problems 18 6.6%
Financial difficulties 392 44.7%
Past employment-related problems 15 5.5%
Living beyond means 391 44.6%
Divorce/family problems 14 5.2%
Control issues, unwillingness to share duties 205 23.4%
Excessive family/peer pressure 13 4.8%
Instability in life circumstances 8 3.0%
Wheeler-dealer attitude 173 19.7%
Past legal problems 6 2.2%
Unusually close association with vendor 141 16.1%
Irritability, suspiciousness or defensiveness 127 14.5%
Addiction problems 124 14.2% Europe — 129 Cases
Past employment-related problems 85 9.7% Number Percent
Behavioral Red Flag
Past legal problems 75 8.6% of Cases of Cases
Refusal to take vacations 74 8.4% Living beyond means 54 41.9%
Complaining about inadequate pay 64 7.3% Unusually close association with vendor 36 27.9%
Instability in life circumstances 54 6.2% Control issues, unwillingness to share duties 33 25.6%
Excessive pressure from within organization 51 5.8% Financial difficulties 32 24.8%
Excessive family/peer pressure 39 4.5% Wheeler-dealer attitude 29 22.5%
Complaining about lack of authority 37 4.2% Irritability, suspiciousness or defensiveness 22 17.1%
32
The sum of percentages in these tables exceeds 100% because in many cases Past employment-related problems 17 13.2%
perpetrators displayed more than one behavioral red flag.
Refusal to take vacations 16 12.4%
Addiction problems 10 7.8%
Excessive pressure from within organization 10 7.8%
Complaining about inadequate pay 8 6.2%
Complaining about lack of authority 7 5.4%
Excessive family/peer pressure 6 4.7%

Perpetrators
Africa — 102 Cases Canada — 84 Cases

Number Percent Number Percent
Behavioral Red Flag Behavioral Red Flag
of Cases of Cases of Cases of Cases
Living beyond means 62 60.8% Financial difficulties 29 34.5%
Unusually close association with vendor 33 32.4% Control issues, unwillingness to share duties 29 34.5%
Financial difficulties 26 25.5% Living beyond means 28 33.3%
Control issues, unwillingness to share duties 25 24.5% Wheeler-dealer attitude 22 26.2%
Wheeler-dealer attitude 20 19.6% Irritability, suspiciousness or defensiveness 18 21.4%
Refusal to take vacations 17 16.7% Addiction problems 17 20.2%
Irritability, suspiciousness or defensiveness 15 14.7% Divorce/family problems 14 16.7%
Complaining about inadequate pay 12 11.8% Refusal to take vacations 12 14.3%
Divorce/family problems 11 10.8% Unusually close association with vendor 11 13.1%
Excessive pressure from within organization 11 10.8% Complaining about inadequate pay 10 11.9%
Excessive family/peer pressure 10 9.8% Past employment-related problems 10 11.9%
Addiction problems 7 6.9% Instability in life circumstances 7 8.3%
Past employment-related problems 5 4.9% Complaining about lack of authority 3 3.6%
Complaining about lack of authority 4 3.9% Excessive family/peer pressure 3 3.6%
Instability in life circumstances 4 3.9% Past legal problems 1 1.2%
Past legal problems 2 2.0% Excessive pressure from within organization 1 1.2%
Central/South America and Oceania — 37 Cases

the Caribbean — 60 Cases Number Percent
Behavioral Red Flag
Number Percent of Cases of Cases
Behavioral Red Flag
of Cases of Cases Living beyond means 20 54.1%
Financial difficulties 24 40.0% Wheeler-dealer attitude 13 35.1%
Living beyond means 19 31.7% Unusually close association with vendor 11 29.7%
Unusually close association with vendor 16 26.7% Addiction problems 9 24.3%
Divorce/family problems 10 16.7% Divorce/family problems 9 24.3%
Irritability, suspiciousness or defensiveness 10 16.7% Financial difficulties 8 21.6%
Control issues, unwillingness to share duties 10 16.7% Control issues, unwillingness to share duties 8 21.6%
Wheeler-dealer attitude 9 15.0% Past employment-related problems 6 16.2%
Past employment-related problems 6 10.0% Refusal to take vacations 5 13.5%
Excessive family/peer pressure 5 8.3% Irritability, suspiciousness or defensiveness 4 10.8%
Refusal to take vacations 5 8.3% Excessive family/peer pressure 4 10.8%
Addiction problems 4 6.7% Past legal problems 2 5.4%
Complaining about inadequate pay 3 5.0% Excessive pressure from within organization 2 5.4%
Complaining about lack of authority 3 5.0% Instability in life circumstances 1 2.7%
Excessive pressure from within organization 1 1.7%

Methodology
The 2010 Report to the Nations on Occupational Fraud and

Abuse is based on the results of an online survey distrib-
The 2010 Report to the Nations
uted to 22,927 Certified Fraud Examiners (CFEs) in Octo-
on Occupational Fraud and
ber 2009. As part of the survey, respondents were asked
to provide a detailed narrative of the single largest fraud Abuse is based on the results of
case they had investigated that met four explicit criteria: an online survey distributed
1. The case must have involved occupational fraud to 22,927 Certified Fraud
(defined as internal fraud, or fraud committed by Examiners (CFEs) in late 2009.
a person against the organization for which he or
she works).
2. The investigation must have occurred between

January 2008 and the time of survey participation.
3. The investigation must have been completed.
4. The CFE must have been reasonably sure the

perpetrator(s) was/were identified.
Respondents were also presented with 87 questions to

answer. These questions covered particular details of the
scheme, including information about the perpetrator, the
victim organization and the methods of fraud employed, as
well as fraud trends in general. Overall, we received 1,939
responses to the survey, 1,843 of which were usable for
purposes of this Report. The data contained herein is based The data in this study is based on 1,843
solely on the information provided in these 1,843 cases. cases of occupational fraud that were
reported by CFEs.
Who Provided the Data?
We sent the survey to all CFEs in good standing at the Primary Occupation
time of the survey launch. We asked respondents to pro- More than half of the CFEs who participated in our study
vide certain information about their professional experi- identified themselves as either fraud examiners or internal
ence and qualifications so that we could gather a fuller auditors. Another 12% stated that they are accountants,
understanding of who was involved in investigating the and just over 7% indicated they work as law enforcement
frauds reported to us as part of our research. officers.

Methodology
Primary Occupations of Survey Participants

61.2%
Fraud Examiner 28.0%
Internal Auditor 26.8%
Accountant 11.6%
Respondent’s Occupation
Law Enforcement 7.2%
Consultant 7.1%
Corporate Security 6.0%
Private Investigator 3.6%
External Auditor 2.5%
Governance, Risk and Compliance 2.4%
IT/Computer Forensic Specialist 1.3%
Bank Examiner 1.1%
Attorney 1.0%
Forensic Accountant 1.0%
Educator 0.5%
0% 5% 10% 15% 20% 25% 30%
Percent of Respondents
Experience
The professionals who took part in our study had a median of 12 years of experience in the fraud examination field. Over
80 percent of respondents had more than five years of anti-fraud experience, and nearly one-quarter of the participants
have worked in fraud examination for more than 20 years.
Nature of Fraud Examinations

Fifty-four percent of the respondents to our survey stated that they work in-house at an organization for which they
conduct internal fraud examinations. This category typically includes professionals such as internal auditors and fraud
examiners. Thirty-four percent of the survey participants identified themselves as working for a professional services firm
that conducts fraud examinations on behalf of other companies or agencies, and 12% of respondents work for a law
enforcement agency.

Experience of Survey Participants
30%
25% 26.5%
Percent of Participants
24.4%
20%
17.8% 17.9%
15%
13.4%
10%
5%
7.2%
0%
5 years or less 6 to 10 years 11 to 15 years 15 to 20 years More than 20 years
Experience
Nature of Survey Participants’ Fraud Examination Work
Law Enforcement
11.9%
In-house Examiner
53.8%
Professional
Services Firm
34.4%

Appendix
Breakdown of Geographic Regions by Country
Africa — 112 Cases Asia — 298 Cases

Number Number
Country Country
of Cases of Cases
Cameroon 1 Afghanistan 1
Democratic Republic of the Congo 1 Bahrain 1
Egypt 5 Cambodia 2
Ethiopia 1 China 62
Ghana 4 Cyprus 3
Guinea 1 India 37
Kenya 7 Indonesia 27
Liberia 1 Iran 1
Malawi 1 Iraq 1
Mauritius 2 Japan 16
Mozambique 2 Jordan 4
Nigeria 21 Kuwait 3
Republic of the Congo 1 Kyrgyzstan 1
Senegal 1 Lebanon 4
South Africa 47 Malaysia 22
Sudan 1 Oman 4
Tanzania 4 Pakistan 8
Tunisia 1 Philippines 16
Uganda 5 Qatar 5
Zambia 2 Saudi Arabia 9
Zimbabwe 3 Singapore 7
South Korea 5
Sri Lanka 2
Taiwan 4
Tajikistan 1
Thailand 2
Turkey 20
Turkmenistan 2
United Arab Emirates 27
Vietnam 1

Central/South America and Europe — 157 Cases
the Caribbean — 70 Cases Number
Country
Number of Cases
Country
of Cases Austria 3
Argentina 7 Belgium 9
Bahamas 1 Bulgaria 3
Barbados 1 Czech Republic 5
Belize 1 Estonia 1
Bolivia 1 Finland 3
Brazil 12 France 1
Chile 1 Germany 19
Colombia 3 Greece 6
Costa Rica 1 Hungary 3
Dominican Republic 2 Ireland 1
Grenada 1 Italy 7
Honduras 1 Kosovo 1
Jamaica 4 Liechtenstein 1
Mexico 20 Luxembourg 1
Nicaragua 2 Montenegro 1
Panama 1 Netherlands 14
Peru 3 Poland 9
Saint Lucia 1 Portugal 2
Saint Vincent and the Grenadines 2 Romania 5
Trinidad and Tobago 4 Russia 18
Venezuela 1 Serbia 1
Slovakia 1
Slovenia 1
Spain 8
Number
Country Switzerland 4
of Cases
Australia 29 Ukraine 1
Fiji 2 United Kingdom 28
Micronesia 1
New Zealand 8

Fraud Prevention Checklist
The most cost-effective way to limit fraud losses is to prevent fraud from occurring. This checklist is designed to
help organizations test the effectiveness of their fraud prevention measures.
1. Is ongoing anti-fraud training provided to all employees of the organization?
q Do employees understand what constitutes fraud?
q Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss
and decreased morale and productivity — been made clear to employees?
q Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that
they can speak freely?
q Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
2. Is an effective fraud reporting mechanism in place?
q Have employees been taught how to communicate concerns about known or potential wrongdoing?
q Is there an anonymous reporting channel available to employees, such as a third-party hotline?
q Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear
of reprisal?
q Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
3. To increase employees’ perception of detection, are the following proactive measures taken and publicized to
employees?
q Is possible fraudulent conduct aggressively sought out, rather than dealt with passively?
q Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment
questioning by auditors?
q Are surprise fraud audits performed in addition to regularly scheduled fraud audits?
q Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known
throughout the organization?
4. Is the management climate/tone at the top one of honesty and integrity?
q Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity?
q Are performance goals realistic?
q Have fraud prevention goals been incorporated into the performance measures against which managers are
evaluated and which are used to determine performance-related compensation?
q Has the organization established, implemented and tested a process for oversight of fraud risks by the board of
directors or others charged with governance (e.g., the audit committee)?

5. Are fraud risk assessments performed to proactively identify and mitigate the company’s vulnerabilities to
internal and external fraud?
6. Are strong anti-fraud controls in place and operating effectively, including the following?
q Proper separation of duties
q Use of authorizations
q Physical safeguards
q Job rotations
q Mandatory vacations
7. Does the internal audit department, if one exists, have adequate resources and authority to operate
effectively and without undue influence from senior management?
8. Does the hiring policy include the following?
q Past employment verification
q Criminal and civil background checks
q Credit checks
q Drug screening
q Education verification
q References check
9. Are employee support programs in place to assist employees struggling with addictions, mental/emotional
health, family or financial problems?
10. Is an open-door policy in place that allows employees to speak freely about pressures, providing
management the opportunity to alleviate such pressures before they become acute?
11. Are anonymous surveys conducted to assess employee morale?

About the ACFE
The ACFE is the world’s largest anti-fraud organization

and premier provider of anti-fraud training and education.
The Association of Certified
Together with more than 50,000 members in more than
Fraud Examiners serves more
140 countries, the ACFE is reducing business fraud world-
wide and providing the training and resources needed to than 50,000 members in 140
fight fraud more effectively. countries worldwide.
Founded in 1988 by Dr. Joseph T. Wells, CFE, CPA, the

ACFE provides educational tools and practical solutions
for anti-fraud professionals through initiatives including:
t Global conferences and seminars led by anti-fraud

experts
t Instructor-led, interactive professional training
t Comprehensive resources for fighting fraud,

including books, self-study courses and articles
t Leading anti-fraud periodicals including Fraud

Magazine®, The Fraud Examiner and FraudInfo
t Local networking and support through ACFE

chapters worldwide
t Anti-fraud curriculum and educational tools for

colleges and universities
The positive effects of anti-fraud training are far-reaching.

Clearly, the only way to combat fraud is to educate any-
For more information about the ACFE,
visit ACFE.com.
one engaged in fighting fraud on how to effectively pre-
vent, detect and investigate it. By educating, uniting and
supporting the global anti-fraud community with the tools The ACFE offers its members the opportunity for profes-
to fight fraud more effectively, the ACFE is reducing busi- sional certification. The CFE credential is preferred by
ness fraud worldwide and inspiring public confidence in businesses and government entities around the world and
the integrity and objectivity within the profession. indicates expertise in fraud prevention and detection.

Certified Fraud Examiners
CFEs are anti-fraud experts who have demonstrated knowledge in four critical areas: Fraudulent Financial Transactions,
Fraud Investigation, Legal Elements of Fraud, and Fraud Prevention and Deterrence. In support of CFEs and the CFE
credential, the ACFE:
t Provides bona fide qualifications for CFEs through administration of the Uniform CFE Examination
t Requires CFEs to adhere to a strict code of professional conduct and ethics
t Serves as the global representative for CFEs to business, government and academic institutions
t Provides leadership to inspire public confidence in the integrity, objectivity, and professionalism of CFEs
Membership
Immediate access to world-class anti-fraud knowledge and tools is a necessity in the fight against fraud. Members of
the ACFE include accountants, internal auditors, fraud investigators, law enforcement personnel, lawyers, business
leaders, risk/compliance professionals and educators, all of whom have access to expert training, educational tools and
resources.
Members all over the world have come to depend on the ACFE for solutions to the challenges they face in their
professions. Whether their career is focused exclusively on preventing and detecting fraudulent activities or they
just want to learn more about fraud, the ACFE provides the essential tools and resources necessary for anti-fraud
professionals to accomplish their objectives.
To learn more, visit ACFE.com or call (800) 245-3321 / +1 (512) 478-9000.

803-%)&"%26"35&34t5)&(3&(03#6*-%*/(
8FTU"WFt"VTUJO 59t64"
Phone: (800) 245-3321 / +1 (512) 478-9000
8FC"$'&DPNtJOGP!"$'&DPN
©2010 Association of Certified Fraud Examiners, Inc.
The ACFE logo, ACFE seal, Certified Fraud Examiner and Fraud Magazine®
are trademarks owned by the Association of Certified Fraud Examiners, Inc.
Section 2
Deterring and Detecting Financial

Reporting Fraud: A Platform for Action
(Copyright 2010, by the Center for Audit Quality,
All rights reserved. Reprinted with permission.)
November 10, 2010

DETERRING and DETECTING
FINANCIAL REPORTING FRAUD
A Platform for Action
October 2010
THE CENTER FOR AUDIT QUALITY AND ITS VISION
The Center for Audit Quality (CAQ) is dedicated to enhancing investor confidence
and public trust in the global capital markets by:
³ Fostering high-quality performance by public company auditors
³ Convening and collaborating with other stakeholders to advance the

discussion of critical issues requiring action and intervention
³ Advocating policies and standards that promote public company auditors’

objectivity, effectiveness, and responsiveness to dynamic market conditions
The CAQ is an autonomous public policy organization based in Washington, D.C.

It is governed by a board comprised of leaders from the public company audit firms,
the American Institute of Certified Public Accountants (AICPA), and three individuals
independent of the profession. The organization is affiliated with the AICPA.
ABOUT THIS REPORT
This report focuses on financial reporting fraud at publicly-traded companies of all

sizes, and its recommendations are intended to be scalable to different situations.
While the report addresses specific structures, such as an internal audit function or
a formal fraud risk management program, it is not intended to suggest that one
size fits all, or to be limited to any single implementation approach. It is important
that each company consider the concepts presented and tailor them to its particu-
lar characteristics. While not the specific focus of this report, many of the points
may be applicable to other types of organizations, such as privately-owned compa-
nies, not-for-profit organizations, and governmental entities.
ACKNOWLEDGEMENTS
We would like to thank all those who participated in the discussions and interviews,
and the drafting of this document; this report would not have been possible
without you. We appreciate the wisdom shared throughout this process. While
there are too many who contributed to name, we would like to mention one —
Elizabeth Rader, director at Deloitte LLP — for her immense contribution in
reviewing the material and drafting this report.
b C A PLATFORM FOR ACTION AGAINST FINANCIAL REPORTING FRAUD

515,5*&-5.)5*,-(.5."#-5,*),.5)(5+)) %2
%2++ %2 %% #2'&)+ %2),L2#+&)$2&)2+ &%92#((#&5,*),.#(!5 ,/ZV(5
),5."#-5,*),.5-5U5'.,#&5'#-,*,-(..#)(5,-/&.#(!5 ,)'5(5#(.(.#)(&5 #&/,5.)5,*),.5V((#&5
#( ),'.#)(5#(5),(51#."5!(,&&35*.5)/(.#(!5*,#(#*&-YZ#-55-,#)/-5)(,(5 ),5#(0-.),-5
(5).",5*#.&5',%.5-.%")&,-@5",5#-5()5135.)5*,#.51")51#&&5)''#.5 ,/@55 ),)0,>5/-5
,/5#-5#(.(.#)(&&35)(&535."5*,*.,.),->5#.5) .(5#-5#\/&.5.)5..5 ),5-)'5.#'@5 /&.#*&5--5
) 5V((#&5,*),.#(!5 ,/5"05/(,'#(5)(V(5#(5."5@@5*#.&5',%.-5#(5."5*-.5 15-@5
"55#-5)''#..5.)5("(#(!5#(0-.),5)(V(5(5*/&#5.,/-.5#(5."5*#.&5',%.-@550).5
*)&##-5(5-.(,-5.".5 )-.,5."5"#!"-.?+/&#.35*, ),'(535*/&#5)'*(35/#.),->5(515.5-5
5)(0(,5(5)&&),.),51#."5).",5-.%")&,-5.)5 )-.,5#( ),'5#-/--#)(-5)(5#--/-5*,.#(#(!5.)5
."5#(.!,#.35) 5V((#&5,*),.#(!@
/,#(!5DBBK5(5,&35DBCB>5."55-*)(-),55-,#-5) 5#-/--#)(-5(5#(?*."5#(.,0#1-5.)5).#(5
*,-*.#0-5)(5 ,/5.,,(5(5..#)(5'-/,-5.".5"051),%>5(5)(5#-5 ),5(15**,)"-@5
"5*,.##*(.-5#(&/5."5 /&&5-*.,/'5) 5-.%")&,-51#."5(5#(.,-.5#(5."5#(.!,#.35) 5V((#&5,*),.-5
) 5*/&#&3?.,5)'*(#-L5),*),.52/.#0->5'',-5) 5),-5) 5#,.),-5(5/#.5)''#..->5
#(.,(&5/#.),->52.,(&5/#.),->5#(0-.),->5,!/&.),->5'#->5(5).",-@
"#-5,*),.5#-5."5,-/&.5) 5.")-5#-/--#)(-5(5#(.,0#1->5)(-#,5#(5&#!".5) 5,&.5,-,"5(5
!/#(5)(5."5.)*#@5"5,*),.5)(.#(-5(/',)/-5#-5 ),5'#.#!.#(!5."5,#-%5) 5V((#&5,*),.#(!5
,/>5-51&&5-5*)#(.-5.)5*)(,@5).&3>5#-/--#)(5*,.##*(.-5-.,)(!&35&#05.".5)(!)#(!5)&&),?
.#)(5(5."5)&&.#05-",#(!5) 5#-5(5,-)/,-51)/&5!,.&350(5[),.-5.)5'#.#!.5V((#&5
,*),.#(!5 ,/@5
),#(!&3>5."#-5,*),.5,*,-(.-55V,-.5-.*5#(5&)(!,?.,'5#(#.#.#0-5(5)&&),.#)(-5 ),5."5.,?
,(5(5..#)(5) 5V((#&5,*),.#(!5 ,/>5.)5(V.5#(0-.),-5(5).",5*,.##*(.-5#(5."5*#.&5',?
%.-@5"55*&(-5.)5*&355&,-"#*5,)&5#(5()/,!#(!5)&&),.#05.#)(5.)50(5."5/(,-.(#(!5
) 5)(#.#)(-5.".5)(.,#/.5.)5 ,/5(50&)*5("(5.,,(5(5..#)(5."(#+/-5(5.))&-5 ),5
&&5*,.##*(.-5#(5."5V((#&5,*),.#(!5*,)-->5#(&/#(!5'(!'(.>5),-5) 5#,.),->5/#.5)''#.?
.->5#(.,(&5/#.),->5(52.,(&5/#.),-@55#(.(5."-5[),.-5.)5)'*&'(.5."5.#0#.#-5) 5."5/&#5
)'*(35)/(.#(!50,-#!".5),9-5:;5#((#&5*),.#(!5,/5-)/,5(.,>5(5&))%5 ),?
1,5.)5)**),./(#.#-5 ),5)&&),.#)(51#."5."5(.,@
5,5&#!".5.)5(()/(5.".5#((#&52/.#0-5 (.,(.#)(&>5"5 (-.#./.5) 5 (.,(&5/#.),->5
(5."5.#)(&5--)#.#)(5) 5),*),.5#,.),->5),!(#4.#)(-5.".5&,35,5.#0&35(!!5#(5[),.-5
.)5'#.#!.5."5,#-%5) 5V((#&5,*),.#(!5 ,/>5*&(5.)5)&&),.51#."5."55)(5."-5#(#.#.#0-@5
5")*5."#-5,*),.5*,)0#-5 ))5 ),5.")/!".5(5-*/,-5-.%")&,-5.)5&0,!5)/,5,-)/,-5.)50(5
."5.,,(5(5..#)(5) 5V((#&5,*),.#(!5 ,/@55&))%5 ),1,5.)51),%#(!51#."5&&5#(.,-.5*,.#-5
#(5."5 /./,@

&8 2 )72&-)% %2&)2 /,+ -2 )+&)
%+)2&)2, +2,# +02 2 %+)2&)2, +2,# +0
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C /

Contents
Executive Summary5 0
Prologue5 #((#&5*),.#(!5,/L5".5 .5 -5(5 C

5 "35."5(.,5 ),5/#.5/&#.35,-]]
5 5 5
Chapter 15 (,-.(#(!5."5(-*5 E
55
Chapter525 )(5.5."5)*L5"5)1,5) 5),*),.5/&./,5 CB
Chapter535 %*.##-'L5(5('35) 5,/5 CK
Chapter 45 )''/(#.#)(-L5()1&!5",#(!5.)55 DH

5 .,5(5..5,/5
Chapter 55 5 "5-5 ),5)&&),.#)(L5 (,-#(!5[.#0(--55

EB
,)--5."5#((#&5*),.#(!5/**&35"#(5
5
Endnotes 5 EE
Appendix 15 5,.##*(.-5#(55#-/--#)(-5(5 (?*."5 (.,0#1-5 EG
Appendix 25 #&#)!,*"35 EK
Appendix 35 ."))&)!#&5..'(.5 FE
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C ///
Executive Summary
(55(/',5) 5)-#)(-5)0,5."5*-.5 15->5'$),5 Understanding the Landscape

*/&#5 )'*(#-5 "05 2*,#(5 V((#&5 ,*),.#(!5
& &(&"),.#&&3>5(3)(5"-5."5*).(?
,/>5,-/&.#(!5#(5./,')#&5#(5."5@@5*#.&5',%.->55&)--5
.#&5 .)5 (!!5 #(5 V((#&5 ,*),.#(!5 ,/M5 #(>5 -)'5
) 5-",")&,50&/>5(>5#(5-)'5-->5."5(%,/*.35) 5
#(#0#/&-5 1")5 )''#.5 ,/5 "5 *,0#)/-5 ,*/..#)(-5
."5 )'*(35 #.-& @5 "5 ,(-?2&35 .5 ) 5 DBBD5 "-5
),5"#!"5#(.!,#.3@5",5 .),->5, ,,5.)5-5."5U ,/5
)(5 '/"5 .)5 #'*,)05 ),*),.5 !)0,((5 (5 .,5
.,#(!&>Y5 ) .(5 )'#(5 .)5 &5 #(#0#/&-5 .)5 )''#.5
,/M5 ")10,>5 V((#&5 ,*),.#(!5 ,/Z(5 #(.(.#)(&>5
,/L5*,--/,5),5(5#((.#05.)5(!!5#(5 ,/M55*,?
'.,#&5 '#-,*,-(..#)(5 ) 5 5 )'*(39-5 V((#&5 -..?
#05)**),./(#.3M5(5."5#&#.35.)5,.#)(&#45 ,//?
'(.-Z,'#(-5 5 -,#)/-5 )(,(5 ),5 #(0-.),-5 (5 ).",5
&(.5"0#),@5
*#.&5',%.-5-.%")&,-@5
,.##*(.-5 #(5 ."5 5 #-/--#)(-5 #(.#V5 ."5 .)*5
(5 DBBK>5 ."5 (.,5 ),5 /#.5 /&#.35 :;>5 1"#"5 #-5
.",5*,--/,-5 ),5 ,/5-5*,-)(&5!#(5:#(&/#(!5'2#?
)''#..5 .)5 ("(#(!5 #(0-.),5 )(V(5 (5 */&#5
'#4#(!5 *, ),'(5 )(/--5 (5 -.)%?-5 )'*(-?
.,/-.5 #(5 ."5 *#.&5 ',%.->5 )(0(5 V05 ,)/(.&5 #-?
.#)(;M5 ."5 (5 .)5 '.5 -"),.?.,'5 V((#&5 2*..#)(-M5
/--#)(-5 : )/,5 #(5 ."5 (#.5 ..->5 )(5 #(5 )()(;5 1#."5
(55-#,5.)5"#55(1-@5**),./(#.#-5 ),5 ,/5/-/?
'),5 ."(5 CBB5 *,.##*(.->5 )&&)15 35 '),5 ."(5 DB5 #(?
&&35,5!,.-.51"(5."5.)(5.5."5.)*5#-5&25),5)(.,)&-5
*."5#(.,0#1->5#(5),,5.)5*./,5*,-*.#0-5)(5 ,/5
,5#([.#0>5&.")/!"50(5."5-.5)(.,)&-5(().5)'?
.,,(5 (5 ..#)(5 '-/,-5 .".5 "05 1),%5 (5
*&.&35&#'#(.5."5,#-%5) 5 ,/@5#(&&3>5#(#0#/&-51")5
#-5 ),5(15**,)"-@5"5*,.##*(.-5#(&/5),*)?
)''#.5V((#&5,*),.#(!5 ,/5'/-.55&5.)5$/-.# 35),5
,.5 2/.#0->5 '',-5 ) 5 ),-5 ) 5 #,.),-5 (5 /#.5
2*&#(5135."#,5 ,//&(.5.#)(-@5
)''#..->5 #(.,(&5 /#.),->5 2.,(&5 /#.),->5 #(0-.),->5
3*#&&3>5 V((#&5 '#--..'(.5 ),5 '(#*/&.#)(5 -.,.-5
,!/&.),->5'#->5(5).",-@5
-'&&>5#(.(5-5U$/-.55&#..&5$/-.'(.Y5.)5#'*,)05,?
"5)-,0.#)(-5#(5."#-5,*),.5,5,#05 ,)'5.")-5
-/&.-@5/.5-5."5(5.)5'#(.#(5."5*.#)(5)(.#(/->5
#-/--#)(-5 (5 #(.,0#1->5 )(-#,5 #(5 &#!".5 ) 5 ,&.5
)(5 '#--..'(.5 &-5 .)5 ().",5 /(.#&5 ."5 *,*.,.),5 #-5
,-,"5 (5 !/#(5 )(5 ."5 .)*#@5 "5 ,*),.5 )(.#(-5
&)%5 #(>5 &)--5 )$.#0#.3>5 (5 "-5 )1(5 ."5 U-&#**,35
#-5 ),5'#.#!.#(!5."5,#-%5) 5V((#&5,*),.#(!5 ,/>5-5
-&)*Y5.)5)''#.5'$),5 ,/@
1&&5-5,&.5*)#(.-5.)5*)(,@5 .5,*,-(.-55V,-.5-.*5#(5
#-.),#&&3>5')-.5'$),5V((#&5-..'(.5 ,/-5"05
0(#(!5 &)(!,?.,'5 #(#.#.#0-5 (5 )&&),.#)(-5 ),5
#(0)&05-(#),5'(!'(.>51")5,5#(55/(#+/5*)-#.#)(5
."5.,,(5(5..#)(5) 5V((#&5,*),.#(!5 ,/>5
.)5*,*.,.5 ,/535)0,,##(!5)(.,)&-5(5.#(!5#(5)&?
.)5 (V.5 #(0-.),-5 (5 ).",5 *,.##*(.-5 #(5 ."5 *#.&5
&/-#)(5 1#."5 ).",5 '*&)3-@5 "(5 ,/5 )/,-5 .5 &)1,5
',%.-@5
&0&-5#(5(5),!(#4.#)(>5#(#0#/&-5'35().5#(#.#&&35,&#45
.".5."35,5)''#..#(!5 ,/M5."35'35-5."'-&0-5-5
-#'*&35)#(!51".5#-52*.5.)5U'%5."#,5(/',-@Y5
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C <
& &
& $& (5 (!'(.>5 ."5 ,#!".5 ."#(!Y5 (5 )/(.,.-5 *,--/,5 (5 #((.#0-5 .)5
),-5) 5#,.),->5/#.5)''#..->5#(.,(&5/#.),->5(5 )''#.5 ,/@5(5."#&5/&./,5&-)5-/**),.-51&&?-#!(>5
2.,(&5/#.),-5'%5/*5."5*/&#5)'*(35V((#&5,? [.#05 )(.,)&-5 .".5 #'#(#-"5 )**),./(#.#-5 ),5 ,/5 (5
*),.#(!5*,)--5),5U-/**&35"#(Y5(5"05)'*&'(.,35 #(,-5."5&#%&#"))5.".5 ,/51#&&55..5+/#%&3@5 (5
(5#(.,)((.5,)&-5#(5&#0,#(!5"#!"?+/&#.35V((#&5 #.#)(>55/&./,5) 5")(-.35(5#(.!,#.35-0,&35&#'#.-5(5
,*),.#(!5 .)5 ."5 #(0-.#(!5 */&#>5 #(&/#(!5 ."5 .,,(5 #(#0#/&9-5#&#.35.)5,.#)(&#45 ,//&(.5.#)(-@
(5..#)(5) 5 ,/@ 5 #-/--#)(5 *,.##*(.-5 !,5 .".5 '(!'(.5
(!'(.5"-5*,#',35,-*)(-##&#.35 ),5."5V((#&5 *&3-5."5')-.5,#.#&5,)&5#(5/#&#(!55-.,)(!5."#&5/&?
,*),.#(!5 *,)--5 (5 ),5 #'*&'(.#(!5 )(.,)&-5 .)5 .,5 ./,@5 "35 '*"-#45 .".>5 .)5 )5 -)>5 -(#),5 '(!'(.5
(5..5V((#&5,*),.#(!5 ,/@5),-5) 5#,.),-5(5 '/-.5 &,&35 )''/(#.5 ."#&5 2*..#)(-5 (5 0#-#&35
/#.5)''#..-5,5,-*)(-#&5 ),5)0,-#!".5) 5."5/-#? &#0535."'@5 '*),.(.&3>5'*&)3-5(5.)5",5."5-'5
(--5 (5 ."5 )(.,)&5 (0#,)('(.@5 "5 /#.5 )''#..5 '--!-5 ,)'5 ."#,5 #''#.5 -/*,0#-),->5 /-5."35
)0,--5."5V((#&5,*),.#(!5*,)-->5."5#(.,(&5/#.5 "05 ."5 ')-.5 *)1, /&5 (5 #,.5 #(W/(5 )(5 ."5 ."#&5
/(.#)(>5(5."5)'*(39-52.,(&5/#.),-@5 $/!'(.-5) 5."#,5'*&)3-@
(.,(&5/#.),-5*&355%35,)&5#(55)'*(39-5#(.,(&5 )(5.5."5.)*5#-5,#( ),5.",)/!"5."5-.&#-"'(.5
)(.,)&5 -.,/./,5 (5 "05 5 *,) --#)(&5 ,-*)(-##&#.35 .)5 ) 55)'*,"(-#05 ,/5,#-%5'(!'(.5*,)!,'51#."55
0&/.5."5*).(.#&5 ),5."5)/,,(5) 5 ,/5(5")15 ,#&35--#&5)(V(.#&51"#-.&&)1,5*,)!,'@5 (5
."5),!(#4.#)(5'(!-5 ,/5,#-%@52.,(&5/#.),-5'/-.5 .>5-./#-5-")15.".5 ,/5')-.5) .(5#-5..5.",)/!"5
5#(*((.5) 5."5)'*(35."35/#.5(5*,)0#55*/? .#*-@5 (5'/&.#(.#)(&5),!(#4.#)(->5#.5#-5,#.#&5.".5."#-5
&#5,*),.5)(5."5(.#.39-5((/&5V((#&5-..'(.->5#(&/? (5 ,/5 .,,(5 *,)!,'-5 &-)5 )/(.5 ),5 /&./,&5
#(!Z ),5@@5*/&#5)'*(#-51#."56IG5'#&&#)(5),5'),5#(5 #[,(-@
',%.5*#.&#4.#)(Z(5)*#(#)(5)(5."5[.#0(--5) 5."5 ),-5(5/#.5)''#..-5-/**),.5(5,#( ),5."5
(.#.39-5#(.,(&5)(.,)&5)0,5V((#&5,*),.#(!@ .)(5 .5 ."5 .)*5 #(5 *,.5 35 "))-#(!5 ."5 ,#!".5 '(!'(.5
.'@5 /#.5 )''#..-5 )0,-5 ."5 V((#&5 ,*),.#(!55
*,)-->5 #(&/#(!5 ')(#.),#(!5 ,/5 ,#-%5 (5 ."5 ,#-%5 ) 5
Fraud Deterrence and Detection
'(!'(.5)0,,#5) 5)(.,)&-@5),->5.",)/!"5."5)'?
)15(5.")-5#(5."5V((#&5,*),.#(!5-/**&35"#(5#(#? *(-.#)(5(5/#.5)''#..->5&-)5,#( ),5."5)'*?
0#/&&35 (5 )&&),.#0&35 '#.#!.5 ."5 ,#-%5 ) 5 V((#&5 (39-5 ."#&5 0&/-5 35 ,0#1#(!5 )'*(-.#)(5 *&(->5
,*),.#(!5 ,/Q5"#&5.",5#-5()5U-#&0,5/&&.>Y5."55 -*#&&35 .")-5 ),5 -(#),5 '(!'(.>5 ),5 /(#(.(.#)(&5
#-/--#)(5*,.##*(.-5)(-#-.(.&35#(.#V5.",5."'-L #((.#0-5.)5)''#.5V((#&5,*),.#(!5 ,/@
"5#(.,(&5/#.5 /(.#)(5.-.-5(5')(#.),-5."5-#!(5
³5 5-.,)(!>5"#!"&35."#&5.)(5.5."5.)*5.".5*,'.-5."5
(5 [.#0(--5 ) 5 ,/5 *,)!,'-5 (5 #(.,(&5 )(.,)&5
),*),.5 /&./,5 :(5 [.#05 ,/5 ,#-%5 '(!'(.5
)0,5V((#&5,*),.#(!@5),#(!5.)5"5 (-.#./.5) 5 (.,?
*,)!,'5#-55%35)'*)((.5) 5."5.)(5.5."5.)*;
(&5 /#.),-5 :"5 ;>5 #(.,(&5 /#.5 -")/&5 )*,.5 1#."5
³5 %*.##-'>55+/-.#)(#(!5'#(-.5.".5-.,(!."(-5*,)? ),!(#4.#)(&5#(*((>51"#"5)'')(&35#(&/-5#?
--#)(&5)$.#0#.3>5)(5."5*,.5) 5&&5*,.##*(.-5#(5."5 ,.5 ,*),.#(!5 .)5 ."5 /#.5 )''#..5 (5 /(,-.,#.5 ?
V((#&5,*),.#(!5-/**&35"#( --5 .)5 ."5 ),5 (5 /#.5 )''#..5 -")/&5 '..,-5 ) 5
)(,(5 ,#-@5 2.,(&5 /#.),-5 "05 ."5 ,-*)(-##&#.35 .)5
³5 .,)(!5)''/(#.#)(5')(!5-/**&35"#(5*,.##*(.-
*&(5 (5 *, ),'5 (5 /#.5 .)5 ).#(5 ,-)(&5 --/,(5
& & & (& 5 -.,)(!5 ."#&5 /&./,5 -.,.-5 .5 ."5 .)*5 .".5 ."5 V((#&5 -..'(.-5 ,5 ,5 ) 5 '.,#&5 '#--..?
1#."55)'*(39-5')-.5-(#),5&,-5(5--5.",)/!"5 '(.>51".",5/-535,,),5),5 ,/@5
."5(.#,5),!(#4.#)(5.)5,.>5#(5."51),-5) 555#-?
/--#)(5*,.##*(.>55U'))5#(5."5'#&Y5(55U/445.5 (&%*.##-'5#(0)&0-5."50&#.#)(5) 5#( ),'?
."5)..)'Y5.".5,W.5(5,#( ),5."5.)(5.5."5.)*@5 .#)(5 .",)/!"5 *,)#(!5 +/-.#)(->5 ."5 ,#.#&5 ----'(.5 ) 5
),*),.5/&./,5#(W/(-5&&5.",5-#-5) 5."5 ,/5.,#? 0#(>5(5..(.#)(5.)5#()(-#-.(#-@5%*.##-'5#-5().5
(!&@55-.,)(!5."#&5/&./,5,.-5(52*..#)(5.)5U)5 (5(5#(5#.-& 5(5#-5().5'(.5.)5()/,!55")-.#&5.')?
</ C DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION
-*",5),5'#,)?'(!'(.M5#.5#-5(5--(.#&5&'(.5) 5 *(5(5,)/-.52"(!-5.".5)(-#)/-&35-.,#05.)50)#5
."5*,) --#)(&5)$.#0#.35,+/#,5) 5&&5*,.##*(.-5#(5."5 '#(#'&#-.>5)'*&#(?),#(.5#-/--#)(-51#&&53#&5'2?
V((#&5,*),.#(!5-/**&35"#(@5%*.##-'5.",)/!")/.5."5 #'/'5(V.-5 ),5&&5*,.#-@5
-/**&35"#(5#(,--5().5)(&35."5# "# &&5.".5 ,/51#&&5
5..>5/.5&-)5."5')'+ &%5.".5 ,/51#&&55..?
The Case for Collaboration: Increasing
>51"#"5,/-5."5,#-%5.".5 ,/51#&&55..'*.@5
Effectiveness Across the Financial Reporting
5#-/--#)(5*,.##*(.-5().5.".5'(!'(.52?
Supply Chain
,#--5-%*.##-'535*,#)#&&35.-.#(!5--/'*.#)(-5)/.5
V((#&5 ,*),.#(!5 *,)---5 (5 )(.,)&->5 (5 ,'#(#(!5 5 #-/--#)(5 *,.##*(.-5 !,5 .".5 1"#&5 -/**&35
)!(#4(.5) 5."5*).(.#&5 ),5 ,/>5*,.#/&,&35# 5."5),!? "#(5 *,.##*(.-5 1),%5 .)5 .,5 (5 ..5 V((#&5 ,?
(#4.#)(5 #-5 /(,5 V((#&5 *,--/,@5 "35 '*"-#45 ."5 *),.#(!5 ,/5)(5)'*(35.55.#'>5."5)&&.#05-",#(!5
#'*),.(5) 5"0#(!5),-5(5/#.5)''#..-5'*&)355 ) 5 #-5 (5 ,-)/,-5 1)/&5 !,.&35 0(5 [),.-5 .)5
-%*.#&5**,)"5#(5#-",!#(!5."#,5)0,-#!".5,-*)(-#? '#.#!.5V((#&5,*),.#(!5 ,/@
#&#.#-@5 )5 2,#-5 -%*.##-'5 [.#0&3>5 ),5 (5 /#.5 "55&#0-5.".5-/"5)&&),.#)(51)/&5#(5
)''#..5 '',-5 (5 5 ."),)/!"5 %()1&!5 ) 5 ."5 ("(5."5#&#.35) 5*,.##*(.-5#(5."5V((#&5,*),.#(!5
)'*(39-5/-#(--5:-*#&&35."5,#0,-5) 5#.-5,0(/5(5 -/**&35 "#(5 .)5 .,5 (5 ..5 V((#&5 ,*),.#(!5 ,/5
*,)V.#&#.3;>5#.-5#(/-.,35(5)'*.#.#05(0#,)('(.>5(5 (5.",35-/-.#(5(5("(5)(V(5#(5."5*#.&5
%35,#-%-@5 ',%.-5 )0,5 ."5 &)(!5 .,'@5 (5 #.#)(5 .)5 ."5 #-/--#)(5
),5)."5#(.,(&5(52.,(&5/#.),->5-%*.##-'5#-5(5 *,.##*(.->5 ."5 5 -)/!".5 #(*/.5 )(5 ."#-5 ,*),.5 ,)'55
#(.!,&5*,.5) 5."5)(/.5) 5."#,5*,) --#)(&5/.#->5#(? #((#&5 2/.#0-5 (.,(.#)(&5 : ;>5 ."5 .#)(&5 -?
&/#(!5."5)(-#,.#)(5) 5."5,#-%5) 5'(!'(.5)0,? -)#.#)(5) 5),*),.5#,.),-5:;>5(5"5 >5),?
,#5 ) 5 )(.,)&-@5 (.,(&5 (5 2.,(&5 /#.),-5 (5 &-)5 !(#4.#)(-5 .".5 &,35 ,5 .#0&35 (!!5 #(5 [),.-5 .)5
*,)0#5 #(-#!".5 #(.)5 ."5 )'*(39-5 ."#&5 /&./,5 (5 ."5 '#.#!.5."5,#-%5) 5V((#&5,*),.#(!5 ,/@5"5) 5."-5
[.#0(--5) 5#.-5#(.,(&5)(.,)&-5.)5--#-.5),5(5/#.5 ),!(#4.#)(-5*,)0#5-#!(#V(.5-/**),.5(5#(-#!".->5(5
)''#..5'',-5#(52,#-#(!5-%*.##-'@ 2*,--5#(.,-.5#(5 /,.",5)&&),.#)(@
(5&#!".5) 5."5*)-#.#05,*.#)(5."#-5[),.5"-5,#05
& & & &
& $& (5."5#'*),.(5) 5."#-5#--/5.)5#(0-.),5)(V(>5."5
(&,.##*(.-5#(5."55#-/--#)(-5-.,--5.".5V? 5*&(-5.)5*&355&,-"#*5,)&535()/,!#(!5)(.#(?
((#&5,*),.#(!5-/**&35"#(5*,.##*(.-5-")/&5&0,!5 /5 )&&),.#)(5 1#."5 ."-5 %35 -.%")&,-5 :(5 ).",5
."#,5 )'*&'(.,35 (5 #(.,)((.5 ,-*)(-##&#.#-5 *,) --#)(&5 ),!(#4.#)(-5 1",5 **,)*,#.;5 .)5 &0,!5
.",)/!"5 ,+/(.5 (5 ,)/-.5 )''/(#.#)(-5 .)5 -",5 #(? 2#-.#(!5,-)/,->5-",5#->5(5*,#),#.#45 /./,5.#0#?
-#!".-5(5&#'#(.5!*-5#(5."#,5)&&.#05[),.-@5 .#-5.)50(5."5.,,(5(5..#)(5) 5V((#&5,?
"5/#.5)''#..5#-55"/5 ),5'(35) 5."-5)''/? *),.#(!5 ,/@551#&&5 )/-5)/,5#(#.#&5[),.-5#(5 )/,5,-L
(#.#)(-5/-5#.5"-5#,.5,*),.#(!5&#(-5 ,)'5'(!?
³5 0(5."5/(,-.(#(!5) 5)(#.#)(-5.".5)(.,#?
'(.>5 ."5 #(.,(&5 /#.),>5 (5 ."5 2.,(&5 /#.),@5 (5
/.5.)5 ,/
#.#)(5.)5,!/&,5)''/(#.#)(-51#."5."-5!,)/*->52?
³5 ,)').5#.#)(&5[),.-5.)5#(,-5-%*.##-'
/.#05---#)(-51#."5"5) 5."'>5-51&&5-51#."5-&.5
³5 ),.5 ."5 ,#-%-5 ) 5 )/-#(!5 )(&35 )(5 -"),.?.,'5
%35'*&)3->5(5550&/&5.))&5 ),5),-5(5/#.5
,-/&.-
)''#..-5.)5).#(55,)5*,-*.#05)(5."5)'*(39-5
³5 2*&),5."5,)&5) 5#( ),'.#)(5."()&)!35#(5 #&#..?
V((#&5,*),.#(!5(0#,)('(.@5&-)>5,!/&,5)''/(#?
#(!5."5.,,(5(5..#)(5) 5 ,//&(.5V((#&5
.#)(5')(!5'(!'(.>5."5#(.,(&5/#.),>5(5."52.,?
,*),.#(!5555
(&5/#.),5#-5#(.!,&5.)5."5)'*&#-"'(.5) 5"5*,.39-5
,-*)(-##&#.#-@5 "-5,-5,*,-(.5."5!#((#(!5) 55 )/-5(5)),?
)!.",>5."-5)''/(#.#)(-5(&5."5-",#(!5) 5#(? #(.5 [),.5 .)5 '#.#!.5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5
),'.#)(>5 *,-*.#0->5 (5 )(,(-5 .".5 *,)0#5 5 0#15 ,/5(5."5'!5#.5(5/-5.)5#(#0#/&5)'*(#-5
#(.)5."5)'*(35.".5#-5U!,.,5."(5."5-/'5) 5#.-5*,.-@Y5 (5."5*#.&5',%.-@5
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C <//
PROLOGUE
Financial Reporting Fraud

What It Is and Why the Center for Audit Quality Cares
0,5."5*-.5 15->5'/&.#*&5"&#(?!,#(!5--5 ,/-5 #(0-.#!.5 35 ."5 @@5 /,#.#-5 (5 2"(!5
) 5V((#&5,*),.#(!5 ,/5.5*/&#5)'*(#-5"05,)%5 )''#--#)(5:;5 ,)'5CKKJ5.)5DBBI5(5 )/(5.".5."5
."5*#.&5',%.-@5"-5 ,/-5"055(!.#05#'*.5)(5 '#(5 )&&,5 ')/(.5 ) 5 "5 #(-.(5 ) 5 ,/5 "5 #(?
."5*#.&5',%.-5(5,)5."5.,/-.5) 5."5#(0-.#(!5*/? ,-5.",5.#'-5 ,)'5."5&0&5#(55-#'#&,5CKKK5-./3>5
&#@5#((#&5,*),.#(!5 ,/5(5&-)5"0550-..#(!5#'? ,)'55'#(5) 56F@C5'#&&#)(5#(5."5CKKK5-./35.)56CD5'#&?
*.5)(55)'*(39-5,*/..#)(>5.)5."5*)#(.5) 5$)*,#4#(!5 &#)(@5 (5#.#)(>5."5'#(5-#45) 5."5)'*(35#(0)&05
#.-52#-.(@5 #(5 ,//&(.5V((#&5,*),.#(!5#(,-5**,)2#'.&35
"5 ,(-?2&35 .5 ) 5 DBBD5 :."5 U,(-?2&35 -#2? )&>5 ,)'56CH5'#&&#)(5.)56KE5'#&&#)(5#(5.).&5--.-5(5
.Y5),5U."5.Y;51-5(.5#(5,-*)(-5.)5."5),*),.5 ,)'56CE5'#&&#)(5.)56ID5'#&&#)(5#(5,0(/-@5
-(&-5) 5."5&.5CKKB-5(5,&35DBBB->51"#"5,-/&.5#(5
³5 5DBBK5 5-/,035) 5DBF52/.#0-5) 5@@5)'*?
'$),5&)---5 ),5#(0-.),-5(55*,#*#.)/-5&#(5#(5#(0-?
(#-51#."5((/&5,0(/-5) 56DGB5'#&&#)(5),5'),5 )/(5
.),5)(V(5#(5."5@@5*#.&5',%.-@5"5,+/#,'(.-5
.".5HG5*,(.5) 5."5,-*)((.-5)(-#,5 ,/5.)55
) 5."5,(-?2&35.51,5#(.(5.)5-.,(!."(5*/?
5-#!(#V(.5,#-%5.)5."#,5),!(#4.#)(-5#(5."5(2.53,>5
&#5)'*(#-95#(.,(&5)(.,)&-5)0,5V((#&5,*),.#(!5(5
(5'),5."(5)(?."#,5) 5.")-5#(.#V5V((#&5,?
"05 -,05 .)5 -",*(5 ."5 )/-5 ) 5 -(#),5 '(!'(.>5
*),.#(!5 ,/5-5)(5) 5."5"#!"-.5,#-%-@C5
),-5) 5#,.),->5/#.5)''#..->5#(.,(&5/#.5*,.?
'(.->5(52.,(&5/#.),-5)(5."#,5,-*)(-##&#.#-5 ),5,? ³5 # .3?-#25 *,(.5 ) 5 ."5 **,)2#'.&35 D>CBB5 /-#(--5
&#&5V((#&5,*),.#(!@5&.")/!"5#.5#-5!(,&&35*.5 *,) --#)(&-5-/,035/,#(!55&)#..5),(-#5(?
.".5."5,(-?2&35.5"-5#'*,)05),*),.5!)0,? .,5 1-.5 )/.5 ,/#(!5 ,/5 ,#-%5 *,#.5 .".5
((5(5,-5."5#(#(5) 5 ,/>5,(.5-./#-5 '),5V((#&5-..'(.5 ,/51)/&55/()0,5#(5
(5 -/,03-5 #(#.5 .".5 #(0-.),-5 (5 '(!'(.5 )(? DBCB5(5DBCC5-5)'*,5.)5."5*,0#)/-5.",53,-@5
.#(/5.)5"05)(,(-5)/.5V((#&5-..'(.5 ,/@5),5 &')-.5 "& 5 ) 5 .")-5 -/,035 :FH5 *,(.;5 *)#(.5 .)5
2'*&L5 ."5,--#)(5-5."5,-)(5 ),5."#-5#(,-@D5
³5 "5--)#.#)(5) 5,.#V5,/52'#(,-95:;5 /-5 ,/5(5"05-/"550-..#(!5#'*.>5."5>5

<:;:2 '&)+2 +&2 +2 + &%*2 &%2 ,'+ &%#2 ),2 %2 )(-#-.(.5 1#."5 #.-5 '#--#)(>5 )(0(5 V05 ,)/(.&5 #-?
,*2 )/(5.".5V((#&5-..'(.5 ,/>51"#&5,*,? /--#)(-5#(5DBBK@5*,-(..#0-5) 5&&5-.%")&,-5[.?
-(.#(!5&--5."(5V05*,(.5) 5."5--5) 5 ,/5#(5#.-5 5 35 ,/5 1,5 &5 .)5 -",5 *,-*.#0->5 2*,#(->5
,*),.>51-535 ,5."5')-.5)-.&3>51#."55'#(5&)--5) 5 -/-- /&5(.#? ,/5'-/,->5(5#-5 ),5(15**,)"?
6C@I5'#&&#)(5*,5#(#(.@ -@5 "5 *,.##*(.-5 #(5 ."-5 #-/--#)(-5 #(&/>5 ')(!5
).",->5),*),.52/.#0->5'',-5) 5),-5) 5#,.),-5
³5 ),,#%+2 %% #2'&)+ %D2;CCBJ<::A5 ,)'5."5)'?
(5 /#.5 )''#..->5 #(.,(&5 /#.),->5 2.,(&5 /#.),->5
'#..5 ) 5 *)(-),#(!5 ,!(#4.#)(-5 ) 5 ."5 ,135
,/5-*#&#-.->5#(0-.),->5,!/&.),->5(5'#-@5 (5),?
)''#--#)(5:."5<:;:52),2'&)+;>5(&345EFI5
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C

,5.)5 #&#..55 ,5W)15) 5#->5."5,)/(.&5#-/-? ."#-5 ,*),.>5 1",5 )-,0.#)(-5 #(#.5 .".5 *,.##*(.-5
-#)(-5 1,5 )(/.5 1#."5 ()5 */&#5 ..,#/.#)(5 ) 5 )'? !,5)(55*,.#/&,5*)#(.>5#.5#-5'(.5.)5#(#.5!(,&5
'(.-5 .)5 #(#0#/&5 *,.##*(.-@5 "-5 #-/--#)(-5 1,5 )(-(-/->5().5(--,#&35.".5.",51-5/((#'#.3@5"5#(?
)&&)15 #(5 ,&35 DBCB5 35 #(?*."5 #(.,0#1-5 1#."5 '),5 -#!".-5 ,)'5."5#-/--#)(-51,5)(-#,5#(5&#!".5) 5,?
."(5DB5) 5."5,)/(.&5*,.##*(.-5)(/.535(5#(? &.5 ,-,">5 (5 ."35 #(&/5 )."5 -*#V5 #-5 ),5
*((.5,-,"5V,'@5"5#(.,0#1-5&05 /,.",5#(.)5 )(-#,.#)(5 35 #(#0#/&5 -.%")&,5 !,)/*->5 -5 1&&5 -5
."5 #(-#!".-5 (5 )-,0.#)(-5 ) 5 #(#0#/&5 *,.##*(.-5 #(5 -0,&5 &)(!,?.,'5 *,)*)-&-5 ),5 )&&),.#)(5 ')(!5 &&5
."5#-/--#)(5!,)/*->5(5*,.##*(.-5!,5.)55+/).5 -.%")&,-@5)!.",>5."-5*,)*)-&-5,*,-(.5."5!#(?
#(5."#-5,*),.@5"5#-/--#)(-5(5#(.,0#1-5 )/-5)(55 (#(!5) 55&)(!?.,'5[),.5.)50(5."5.,,(5(5?
*,.#/&,5 -/-.5 ) 5 ,/->5 .")-5 .".5 ,5 '.,#&5 (5 #(? ..#)(5) 5V((#&5,*),.#(!5 ,/>51#."5."5/&.#'.5!)&5) 5
0)&05 5 */&#5 )'*(39-5 V((#&5 ,*),.-@5 .",5 .3*-5 ) 5 (V.#(!5 #(0-.),->5 ).",5 /-,-5 ) 5 V((#&5 ,*),.->5 (5
,/>5-/"5-5."5'#-**,)*,#.#)(5) 5--.->51,5)/.-#5 *,.##*(.-5#(5."5*#.&5',%.-@5"#-5,*),.5(5."5#-5
."5-)*5) 5."5#-/--#)(-@5 !(,.5 ,)'5#.5,5#(.(5.)5-,05-55-*,#(!),5 ),5
"5)-,0.#)(-5(5,-5) 5 )/-5#(5."#-5,*),.5,5? )(!)#(!5 )&&),.#)(5 ')(!5 &&5 -.%")&,-5 .)5 #'#(#-"5
,#05 ,)'5 ."-5 #-/--#)(-5 (5 #(.,0#1-@5 ",)/!")/.5 ."5,#-%5) 5V((#&5,*),.#(!5 ,/@5
The Sarbanes-Oxley Act — Legislation for Strong Governance and Accountability

The Sarbanes-Oxley Act of 2002 was enacted in response to the corporate scandals of the late 1990s and early 2000s. The Act
mandated significant reforms to public companies’ governance structures and the oversight of public company accounting firms.
Many of its requirements were intended to raise the standard of corporate governance and mitigate the risk of fraudulent finan-
cial reporting. In particular, the Act:
³ Reinforces the responsibility of corporate officers for the accuracy and completeness of corporate financial reports, and adds a
requirement for the public certification of each periodic report filed with the SEC that includes financial statements. The chief
executive officer and chief financial officer must certify that each such periodic report complies with the requirements of the Se-
curities Exchange Act of 1934 and that the financial statements are fairly presented
³ Establishes criminal penalties for a willful and knowing untrue certification
³ Provides for the disgorgement of the bonuses and profits of executives involved in fraudulent financial reporting
³ Requires evaluations and increased disclosures of a company’s internal control over financial reporting by management, and
a related report by the external auditor for certain companies
³ Requires other enhanced disclosures, including whether the company has a code of ethics for senior financial officers
³ Enhances the role of the audit committee, including requirements for financial expertise and responsibility for oversight of
the company’s external auditor
³ Requires companies to establish whistleblower programs, and makes retaliation against whistleblowers unlawful
These provisions are generally held to have helped reduce financial reporting fraud and to serve as an ongoing deterrent to such
fraud. Several CAQ discussion participants emphasized the deterrent effect of the criminal penalties for untrue certifications by
the CEO or CFO.
C DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION

CHAPTER
1
Understanding the Landscape
Why Commit Fraud — The Seductive Triangle *,--/,5 )(.#(/-5 /(.>5 1#."5 ,,5 0('(.>5
)'*(-.#)(>5 (5 0(5 )(.#(/5 '*&)3'(.5 .5 ,#-%@5
",5 )(#.#)(-5 .3*#&&35 ,5 *,-(.5 1"(5 #(#0#/&-5 "(5*,--/,5#-5.,(- ),'5#(.)5(5)---#05.,'#?
)''#.5 ,/L5*,--/,5),5(5#((.#05.)5(!!5#(5 ,/>55 (.#)(5.)5"#05!)&-5()5'..,51".5."5)-.>5#.5)'-5
*,#05)**),./(#.3>5(5."5#&#.35.)5 /(&(5 (5 *).(.#&&35 -.,/?
,.#)(&#45 ,//&(.5 "0#),@5 "#-5 There is a pressure at an individual .#0@5".5#-51"(5#(#0#/&-5,5')-.5
U ,/5.,#(!&Y51-5V,-.50&)*535 level which I think is significantly &#%&35.)5,-),.5.)5+/-.#)(&5.#0#?
().5 .1(.#."5 (./,35 ,#'#()&)!#-.5 associated with compensation .#-5.".5'35&5.)5 ,/@
)(&5 ,--3@E5 "-5 .",5 )(#? arrangements in the organization. ,.##*(.-5#(5."55,)/(.&5
.#)(-5'352#-.51".",5."5)()'35#-5 There is also pressure at a corporate #-/--#)(-5 (5 #(.,0#1-5 #(.#V5
-.,)(!5),51%>5(>5),#(!&3>5 ,/5 level, when there is a negative ."5 .)*5 .",5 ').#0.),-5 ),5 ,/5 -5
(5 5 )''#..5 #(5 )."5 !))5 .#'-5 economic environment that makes ')*&%#2 %5 :#(&/#(!5 '2#'#4#(!5
(5@5)15."(5)5."-5 .),-5')? targets much harder to achieve. *, ),'(5)(/--5(5."50&/5) 5
.#0.5 ,/Q Both can create powerful incentives -.)%?-5 )'*(-.#)(;M5 - %2
for financial statement fraud. *&)+8+)$2 H%% #2 &#*5 :#.",5 #(?
& & & @5 ,--/,5 Ian Ball, Chief Executive Officer, .,(&5 .,!.-5 ),5 2.,(&5 (&3-.5 2?
(5 5 #.",5 5 *)-#.#05 ),5 5 (!.#05 International Federation of Accountants *..#)(-;M5(5 %22%.*2 ,)'5
),@5 "(5 !)&-5 ,5 "#0&>55 #(0-.),-5(5."5*#.&5',%.-@5#'?
*,--/,5)(.,#/.-5.)5,.#0#.3>5\#(3>5(5)'*.#? #&,&3>5 ."5 <:;:2 2 ),2 '&)+2 )/(5 .".5 ."5 ')-.5
.#0(--@5)10,>5.'*..#)(-5 ),5'#-)(/.5,#-51"(5 )'')(&35#.5').#0.#)(-5 ),5V((#&5-..'(.5 ,/5
!)&-5)5().5**,5.)55..#(&535(),'&5'(->53.5 1,5 U."5 (5 .)5 '.5 #(.,(&5 ),5 2.,(&5 ,(#(!-5 2?
The Fraud Triangle

Pressure
FRAUD
Opportunity Rationalization
*..#)(->5 (5 ..'*.5 .)5 )(&5 ."5 I think most people who come 1-5().5 )/(@5"5-./#-5#(#.5.".5
)'*(39-5.,#),.#(!5V((#&5)(? unstuck in this context of accounting ."5 ').#0.#)(5 ),5 ,/5 #-5 ) .(5 .)5 #(?
#.#)(>5 ."5 (5 .)5 #(,-5 ."5 -.)%5 misstatement are basically honest ,-5 ),5 *,0(.5 5 ,-5 #(5 -.)%5
*,#>5."5(5.)5)&-.,5V((#&5*,? people who get caught up and *,#@G
),'(5 ),5 *(#(!5 +/#.35 ),5 .5 then they get desperate. #((#&5'#--..'(.5),5'(#*/&?
V((#(!>5 ),5 ."5 -#,5 .)5 #(,-5 Jonathan Fisher QC, Barrister, .#)(5) .(5-.,.-5-'&&>5#(.(5-5U$/-.55
'(!'(.5 )'*(-.#)(5 -5 )(5 23 Essex Street Chambers; Trustee, &#..&5$/-.'(.Y5.)5'.5,(#(!-5.,?
V((#&5 ,-/&.-@Y5 (.,-.#(!&3>5 ? Fraud Advisory Panel !.-5 ),5 !#05 ."5 )'*(35 .#'5 .)5 #'?
'#5 ,-,"5 #(#.-5 .".5 ."5 ? *,)05,-/&.-@5 (#.#&&3>5."5#(#0#/&5#(?
-#,5.)5,)/*5),50)#5&)---5#-5'/"5'),5&#%&35.)5').#? 0)&05'35().50(5)(-#,51".5#-5)(5.)55/(*.&5
0.5(5#(#0#/&5.)5(!!5#(5.#0#.#-5.".5)/&5&5.)5 ),5 ,//&(.@5/.5-5."5(5.)5'#(.#(5."5*.#)(5)(?
,/5."(5."5-#,5 ),5*,-)(&5!#(@F5 .#(/->5)(5$/-.'(.5&-5.)5().",5(5."5-)*5) 5."5
.",5 ,-,"5 "-5 )/(5 .".5 2/.#0-5 (5 '#?&0&5 ,/52*(-5/(.#&5."5*,*.,.),5#-5&)%5#(5(5"5
'(!,-5 &5.".5."35 5)(.#(/&5*,--/,5.)5'.5/-#? )1(5."5U-&#**,35-&)*Y5.)5'$),5 ,/@5
(--5 )$.#0-5 -5 1&&5 -5 ."5 -"),.?.,'5 V((#&5 !)&-5 ) 5
(&3-.-5 (5 #(0-.),-@5 (5 ."5 5 DBBJXDBBK5 %+) +02 $& & @5 0(5 1"(5 *,--/,5 #-5 2.,'>5
,)-072 GK5 *,(.5 ) 5 '(!,-5 (5 '*&)3-5 %()1&? V((#&5,*),.#(!5 ,/5(().5)/,5/(&--5(5)**),./?
!5 &#(!5*,--/,5.)5)51".0,5#.5.%-5.)5'.5/-#? (#.35#-5*,-(.@5**),./(#.35"-5.1)5-*.-L5."5#(",(.5
(--5 .,!.-M5 GD5 *,(.5 &#05 .".5 -/-*.##&#.35 ) 5 ."5 )'*(39-5 ?
."35 1)/&5 5 ,1,5 -5 )(5 ,? When we are talking about material )/(.#(!5.)5'(#*/&.#)(>5(5."5)(?
-/&.-5 ,.",5 ."(5 ."5 '(-5 /-5 .)5 financial statement fraud, it is likely #.#)(-5 1#."#(5 ."5 )'*(35 .".5 '35
"#05."'M5(5FK5*,(.5 ,5&)-? that senior management either &&)15 5 ,/5 .)5 )/,@5 "5 (./,5 ) 5
#(!5."#,5$)-5# 5."35'#--5."#,5.,!.-@5 knows about it or has caused ."5 )'*(39-5 /-#(--5 (5 )/(.?
)(-#-.(.51#."5)''(.-5 ,)'5'/&.#? it by putting so much pressure #(!5(5*,)0#5-)/,-5) 5)**),./(#.35
*&55#-/--#)(5*,.##*(.->5-0,&5 on employees. ),5 ,/5#(5."5 ),'5) 5-#!(#V(.5,?
,(.5'#5-./#-5"05 )/(5.".5 &.?*,.35 .,(-.#)(-5 )/.-#5 ."5
Scott Taub, Managing Director,
2/.#0-5 .5 )'*(#-5 /-5 ) 5 V? Financial Reporting Advisors ),#(,35 )/,-5 ) 5 /-#(--M5 5 &,!5
((#&5 ,*),.#(!5 ,/5 5 !,.,5 V? 0)&/'5 ) 5 -.#'.-5 ) 5 --.->5 &##&#?
((#&5#((.#0-5.)5#(,-5-.)%5*,#>5#(5."5 ),'5) 5-.)%5 .#->5,0(/->5),52*(--5.".5,5-/$.#05),5#\/&.5.)5
),5)*.#)(5")&#(!->5."(52/.#0-5.5)'*(#-51",5 ,/5 ),,)),.M5 (5 #-)&.>5 &,!5 .,(-.#)(-@5 )'5 &,!5
.,(-.#)(->5-*#&&35.")-5&)-5.)5*,#)?(>5(5*)-5
)'*&25 U-/-.(5 )0,5 ),'Y5 +/-.#)(-5 .".5 *,)0#55
Perceived Root Causes of Misconduct )**),./(#.#-5 ),5 '(!'(.5 .)5 (!!5 #(5 ,//&(.55
(a survey of 5,065 working adults) ,*),.#(!@H5
"5)**),./(#.35 ),5 ,/5#-5&-)5[.5355)'*(39-5
Pressure to do “whatever it takes” to meet business 59%
#(.,(&5(0#,)('(.>51"#"5#-5&,!&35#(W/(535."5(?
targets
.#.39-5 /&./,5 (5 ."5 [.#0(--5 ) 5 #.-5 #(.,(&5 )(.,)&-@5
Believe will be rewarded for results, not means 52%
.,)(!5 )(.,)&-5 (5 -#!(#V(.&35 &#'#.5 *)--##&#.#-5 ),5 ."5
Believe code of conduct not taken seriously 51%
'(#*/&.#)(5) 5,-/&.-5),5 ),5 ,//&(.5.,(-.#)(-@5 .5#-5
Lack familiarity with standards for their jobs 51%
#'*),.(.5.)5'#(.#(55-",*5 )/-5)(5)(.,)&-5#(5)."5!))5
Lack resources to get job done without cutting corners 50%
(55)()'#5.#'-@5"(5,-/&.-5,5-.,)(!5(5',?
Fear losing job if miss targets 49%
%.-5 ,5 /*>5 .",5 (5 5 5 .((35 .)1,5 )'*&(3>5
Believe policies easy to bypass or override 47%
1#."5 #'#(#-"5 )/-5 )(5 #(.,(&5 )(.,)&-5 (5 ,/5
Seek to bend rules for personal gain 34%
-,/.#(35) 5,-/&.-@5 (5.)/!"5)()'#5.#'->5)'*(#-5.,3?
KPMG LLP (U.S.) Integrity Survey 2008–2009 #(!5.)5)5'),51#."5&--5'35/.5/!.-5#(5,-5.".5)'?
*,)'#-5 ."5 [.#0(--5 ) 5 #(.,(&5 )(.,)&-@5 )."5 ."5

,#1.,")/-))*,-5 <::C2 #&#2 The greatest risk of manipulation --,#&35/-5(5#(#0#/&5.)5(!!5#(5
&%&$ 2) $2+,05(5."5,(-.585 of financials is when management .#0#.#-5 .".5 )/&5 &5 .)5 ,/@5 )5
)/(!5<::C2,)&'%2),2,)-05#(? creates an impression that [the 1".52.&35#-5."5*,)V&5) 5."5*,-)(5
#.5.".5-.[5,/.#)(-51,5&#%&35 manipulation] is needed or expected 1")5)''#.-5 ,/Q
.)5 &5 .)5 #(..(.#)(5 .)5 (),'&5 V((? . . . Most of the people committing "),.#&&3>5 (3)(5 "-5 ."5 *)?
#&5)(.,)&5*,)/,-5(5."/-5,-/&.5 fraud are not doing it for personal .(.#&5 .)5 (!!5 #(5 ,/>5 (5 #(5 .5
#(55!,.,5,#-%5) 5 ,/@ gain. They are doing it because they -)'5 #(#0#/&-5 1")5 )''#.5 ,/5
feel it is necessary and appropriate. *,0#)/-&35"5,*/..#)(-5 ),5"#!"5#(?
%& & @5 (#0#/&-5 Norman Marks, Vice President, .!,#.35(5-.,)(!5."#&50&/-@5"(5
1")5 )''#.5 V((#&5 ,*),.#(!5 ,/5 Governance, Risk and Compliance, *,--/,-5 '%5 #(#0#/&-5 -*,.5
*)----5 5 *,.#/&,5 '#(-.5 .".5 &? SAP BusinessObjects (5 )**),./(#.35 #-5 *,-(.>5 V((#&5
&)1-5 ."'5 .)5 $/-.# 35 ),5 2/-5 ."#,5 ,*),.#(!5 ,/5 )'-5 5 ,&5 *)--#?
,//&(.5 .#)(-@5 5 #-/--#)(5 *,.##*(.-5 '*"? #&#.3@5-5)(5) 5."55#-/--#)(5*,.##*(.-5)-,0>5
-#45 .".5 *,-)(&5 #(.!,#.35 #-5 ,#.#&5 #(5 .,'#(#(!5 ')-.5 *)*&5 1")5 )''#.5 ,/5 )5 ().5 -.,.5 1#."5 5 )(?
1".",5 (5 #(#0#/&5 1#&&5 5 *,)(5 .)5 ,.#)(&#45 ,/@5 -#)/-5 -#,5 .)5 )5 -)L5 U"35 (5 /*5 .",5 /-5 ."5
)10,>5-5."5*,--/,5),5#((.#05#(,-->5#(#0#/&-5 1),&5."35,5)*,.#(!5#(5"-5&5."'5.)55"&&(!5?
'35 5 '),5 &#%&35 .)5 )(-.,/.5 -)'5 ,.#)(&#4.#)(5 ),5 3)(5."#,5*#&#.#-@Y
,//&(.5.#)(-@5),5#(-.(>5#(5(5(0#,)('(.5) 52? ,.##*(.-5 #(5 ."5 5 ,)/(.&5 #-/--#)(-5 &-)5
.,'5*,--/,5.)5'.5),*),.5V((#&5!)&->5'',-5 /(,-),5 .".5 ."5 !,.-.5 ,#-%5 ) 5 V((#&5 ,*),.#(!5
) 5'(!'(.5),5).",5'*&)3-5'35)(&/5.".5."35 ,/5,&.-5.)51".5"-5(5&&5."5U"#&&-95"&Y5
"05()5")#5/.5.)5,-),.5.)5 ,/5.)5-05."#,5)1(5$)-5 ) 5 ,/Z."5*)--##&#.35) 5'(!'(.5)0,,#5) 5)(?
),5."5$)-5) 5).",->5),5-#'*&35.)5%*5."5)'*(35&#05 .,)&-@I5 (!'(.5#-5#(55/(#+/5*)-#.#)(5.)5 *,*.,.5
U/(.#&5."5./,(,)/(5)'-@Y5 ,/5/-5#.5*)-----5."5*)1,5.)5)0,,#5)(.,)&->5
",5 ."5 ').#0.#)(5 ),5 ,/5 #-5 '(#*/&.5 ,),->5 (5 #&#..5
'),5&.,/#-.#5."(5*,-)(&Z.)5-05 The presence of a process to deter )&&/-#)(535**&3#(!5*,--/,5.)5'?
$)-5 ),5 %*5 ."5 )'*(35 W).Z."5 fraud doesn’t eliminate the threat *&)3-5 (5 #.",5 (&#-.#(!5 ),5 ,?
*,--/,5.)5)''#.5 ,/5&-)5(5? of people acting fraudulently. +/#,#(!5."#,5--#-.(@
)'5 ."5 ,.#)(&#4.#)(5 ),5 #.@5 "5 (5 -)'5 -#./.#)(->5 -(#),5 &,-5
Charles M. Elson, JD,
*,)--5) 5,.#)(&#4.#)(>5&#%5."5-&#*? )5().5*,*.,.55 ,/5#,.&3>5/.5
Edgar S. Woolard, Jr. Chair,
*,35 -&)*5 .)5 ,/>5 ) .(5 -.,.-5 1#."5 Professor of Law and Director of the #(-.5,5#(#,.&35,-*)(-#&5?
$/-.# 3#(!55-'&&5(/!5.)5."5)/(? John L. Weinberg Center for Corporate /-5."35*/.5#(),#(.5*,--/,5)(5
Governance, University of Delaware -/),#(.-5 .)5 "#05 ,-/&.-5 .".5
,#-5 ) 5 *.&5 "0#),5 /.5 ."(5
.,#),.-5 #(.)5 5 1")&-&5 &)--5 ) 5 ,5 #'*)--#&5 1#.")/.5 U))%#(!5 ."5
)$.#0#.3@5)10,>5#-/--#)(5*,.##*(.-5().5.".5# 5 ))%-@Y5 .5 &)1,5 &0&-5 #(5 ."5 ),!(#4.#)(>5 #(#0#/&-5
'*&)3-5 /(,-.(5 .".5 0#)&.#)(-5 ) 5 ."5 )'*(39-5 '35 ().5 #(#.#&&35 ,&#45 .".5 ."35 ,5 )''#..#(!5 ,/>5
."#&5-.(,-51#&&5().55.)&,.5(5# 5."35-5-? /.5 #(-.5 -5 ."'-&0-5 -5 -#'*&35 )#(!5 1".5 #-5 2?
(#),5 '(!'(.5 &#0#(!5 35 -.,#.5 ."#&5 -.(,-5 (5 *.5.)5U'%5."#,5(/',-Y5),5,-*)(#(!5.)5."5,?
)(-#-.(.&35')(-.,.#(!5"#!"5#(.!,#.3>5 ,//&(.5 ? +/-.5) 55-/*,0#-),@5
"0#),5)'-5#\/&.5.)5,.#)(&#4@5
POINT TO PONDER
-%2,%)2/+)$2')**,)72&%#022*$##2')%+2&2*% &)2
Who Commits Fraud
$%$%+2+,##02&$$ +*2),9202&2*&$2,"#2,%8
"5.",5-#-5) 5."5 ,/5.,#(!&5,5#(.,,&.@5,-? )2 ')**,)72 %2 &+)*2 %&+F2 02 %2 &.2 &2 &&2 '&'#2
-/,5 (5 /-5 -)')(5 .)5 .#0&35 -%5 )**),./(#.3>5 (5 *+)+2&.%2+2*# '')02*#&'2+&2),F2 *2 +22,%+ &%2&2 )8
*,--/,5(5)**),./(#.35(5()/,!5,.#)(&#4.#)(@5.5 ,$*+%*F2)2 *2 +22,%$%+#2)+)2I.F
."5-'5.#'>5()(5) 5."-5 .),->5&)(5),5.)!.",>5(?

Participants in the Financial Reporting Supply (5."5-5) 5V((#&5,*),.#(!5 ,/>5,#.#&5)(.,)&-5
Chain and Their Roles in Mitigating the Risk -.,.5 1#."5 ."5 ."#&5 .)(5 .5 ."5 .)*5 ) 5 ."5 ),!(#4.#)(5
of Financial Reporting Fraud (5#(&/55-.,)(!5)5) 5."#->5 ,/51,(--5.,#(?
#(!>5 ").&#(5 ,*),.#(!5 '"(#-'->5 ')(#.),#(!5 .))&->5 (5
(!'(.>5),-5) 5#,.),->5/#.5)''#..->5#(.,? *,)---5 .)5 #(0-.#!.>5 0&/.>5 (>5 1",5 (--,3>5
(&5/#.),->5(52.,(&5/#.),-5,5&&5%35*&3,-5#(5."5 */(#-"51,)(!)#(!@
*/&#5 )'*(35 V((#&5 ,*),.#(!5 *,)-->5 ),5 U-/**&35 (#),5'(!'(.5,*),.-5.)5."5),5) 5#,.),->51#."5
"#(>YJ5 1#."5 )'*&'(.,35 (5 #(.,)((.5 ,)&-5 #(5 -*#V5,*),.#(!5.)5."5/#.5)''#..5)(5'..,-5,&.5
&#0,#(!5"#!"?+/&#.35V((#&5,*),.#(!>5#(&/#(!5."5? .)5V((#&5,*),.#(!5(5."5,#-%5) 5V((#&5,*),.#(!5 ,/@5
.,,(5(5..#)(5) 5 ,/@5 "#&5 '',-5 ) 5 '(!'(.5 "05 ."5 ),')-.5 ,)&5 #(5
*,0(.#(!5 (5 ..#(!5 ,/>5 ."35 .3*#&&35 ,5 #(0)&05
Management 1"(5'.,#&5V((#&5,*),.#(!5 ,/5)-5)/,@5),?
',-5) 5'(!'(.5"05."5 ),')-.5,)&5#(5."5V? #(!5.)55#-/--#)(5*,.##*(.->5#(5."-5-#./.#)(->5'(?
((#&5 ,*),.#(!5 *,)-->5 1#."5 *,#',35 ,-*)(-##&#.35 ),5 !'(.5 #-5 /-/&&35 )/(5 #!(),#(!5 ."5 )'*(39-5 )5 ) 5
."5 .,,(5 (5 ..#)(5 ) 5 V((#&5 ,*),.#(!5 ,/@5 )(/.5(5)0,,##(!5#(.,(&5)(.,)&-@5-55)(-+/(>5
"35,5,-*)(-#&5 ),5."5'#(.((5) 5/,.5))%-5 ."5 ,)&-5 ) 5 ).",5 *,.#-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35
(5,),-5(5."5-#!(5(5#'*&'(..#)(5) 5(5[? "#(5,5,#.#&5#(5+/.&35,--#(!5."5,#-%5) 5V((#&5
.#05-3-.'5) 5#(.,(&5)(.,)&5)0,5V((#&5,*),.#(!@5"35 ,*),.#(!5 ,/@5
,5 &-)5 ,-*)(-#&5 ),5 0&/.#(!5 (5 '(!#(!5 ."55
)'*(39-5/-#(--5,#-%->5#(&/#(!5."5,#-%5) 5V((#&5,? Boards of Directors and Audit Committees
*),.#(!5 ,/>5(5."(5#'*&'(.#(!5(5')(#.),#(!5)'? -5 #-/--5 #(5 .#&5 #(5 -0,&5 */&#.#)(-5 ,)'5 ."5
*&#(51#."5**,)*,#.5#(.,(&5)(.,)&-5.)5'#.#!.5.")-5 >K5."5),5) 5#,.),-5(5/#.5)''#..5) 55*/?
,#-%-5.)5(5*.&5&0&@5 &#5)'*(35"05/&.#'.5,-*)(-##&#.35 ),5)0,-#!".5) 5."5
Shared Responsibility to the Investing Public for Mitigating the Risk of Financial Reporting Fraud
Principal Anti-Fraud Role

Board
) Oversight of tone at the top,
and Audit financial reporting, internal &
Committee external auditor
Governance and ) Solid knowledge of industry/business
oversight ) Understanding of fraud risks
Effective Communication
) Independence and objectivity
) Ability to challenge management,
Skepticism
the board, and the audit committee

External ) Assess fraud risks and monitor controls
Internal
Audit
Audit
External ) Independence and objectivity
Objective ) Ability to challenge management,
independent
assurance the board, and the audit committee
attestation
) Assess fraud risks as part of audit
planning and execution
Management ) Strong tone at the top

Primary responsibility ) Maintenance of effective
for financial reporting internal controls
process ) Robust fraud risk management
program
Financial Reporting Supply Chain

/-#(-->5 #(&/#(!5 ,#-%5 '(!'(.5 Most financial statement fraud Internal Audit
(5."5V((#&5,*),.#(!5*,)--@5 involves senior management of the ).5&&5*/&#5)'*(#-5"05(5#(.,?
"5,*),.5) 5."55#,2 &%2 company—either directly, because (&5 /#.5 /(.#)(@5 )10,>5 1",5
&$$ ** &%2 &%2 *"2 &-)%%75 &#%5 they are the perpetrators, or )'*(#-5 "05 (5 #(.,(&5 /#.5 ?
."5 (.,(&5)(.,)&5,'1),%50&? indirectly, because they have *,.'(.>5 .".5 !,)/*5 #-5 -,#5 35
)*5 35 >5 ,)!(#4-5 .".5 ."5 imposed difficult-to-reach "5 5-5U(5#(*((.>5)$.#05
)/(.#)(5 ),5 [.#05 !)0,((5 #-5 performance goals. --/,(5 (5 )(-/&.#(!5 .#0#.35 ?
),5 '',-5 1")5 ,5 )$.#0>5 ? Michael Oxley, Former Member of -#!(5.)550&/5(5#'*,)05(5),?
*&>5 (5 #(+/#-#.#0>5 1#."5 5 -)&#5 Congress; currently Of Counsel, !(#4.#)(9-5 )*,.#)(-@YCB5 5 ),#(!5
%()1&!5 ) 5 ."5 )'*(39-5 #(/-.,3>5 Baker & Hostetler LLP .)5 5 -.(,->5 #(.,(&5 /#.),-5
/-#(-->5 (5 )(.,)&5 (0#,)('(.@5 -")/&55#(*((.5) 5."5.#0#.#-5
5 #-/--#)(5 *,.##*(.-5 -.,--5 .".5 /#.5 )''#..5 ."35/#.5(5 ,5 ,)'5#(., ,(5#(5."5)(/.5) 5."#,5
'',-5-")/&5"05#(/-.,35(5(.#.35%()1&!>5#(&/? .#0#.#->5(5-")/&52,#-5/5*,) --#)(&5,@5/(?
#(!55-.,)(!5/(,-.(#(!5) 5."5)()'#-5) 5."5/-#(-->5 .#)(&&3>5."5"# 5/#.52/.#05)'')(&35,*),.-5.)5."5
#(5 ),,5 .)5 #(.# 35 (5 /(,-.(5 /-#(--5 (5 V((#&5 /#.5)''#..>51#."5'#(#-.,.#05,*),.#(!5')-.5) .(5
,#-%-5.".5'35#(,-5."5&#%&#"))5) 5 ,/@ .)5."5"# 52/.#05)\,>5!(,&5)/(-&>5),5"# 5V((?
"5/#.5)''#..5#-5,-*)(-#&5 ),5)0,-#(!5."5V? #&5)\,@
((#&5 ,*),.#(!5 *,)--5 (5 )(.,)&->5 ."5 #(.,(&5 /#.5 (,5 5 -.(,->5 #(.,(&5 /#.5 #-5 ,-*)(-#&>5
/(.#)(>5 (5 ."5 2.,(&5 /#.),->5 #(&/#(!5 ."5 **)#(.? ')(!5).",5."#(!->5 ),50&/.#(!5."5[.#0(--5) 5."5
'(.5) 5."5)'*(39-52.,(&5/#.),@5 .5)0,--5'(!? )'*(39-5,#-%5'(!'(.>5)(.,)&>5(5!)0,((5*,)?
'(.9-5#'*&'(..#)(5) 5*)&##-5.".5,5#(.(5.)5 )-.,5 ---@55#-/--#)(5*,.##*(.-5().5.".5#(.,(&5/?
(5."#&5(0#,)('(.5(5'#.#!.5V((#&5,*),.#(!5,#-%-@5 #.),-5 1#."5 -/"5 ,-*)(-##&#.#-5 -")/&5 "05 -/\#(.5
(5."#-5*,)-->5."5/#.5)''#..5"-5."5,-*)(-##&#.35.)5 %()1&!5.)50&/.5."5,#-%5) 5 ,/5(5."5'((,5#(5
-5.".5'(!'(.5 -#!(->5 )/'(.->5 (5 )*,.-5 ? 1"#"5#.5#-5'(!535."5),!(#4.#)(@
.#05)(.,)&-5.)5,/5."5,#-%5) 5V((#&5,*),.#(!5 ,/5 (.,(&5/#.),-5&-)5,5,-*)(-#&5 ),50&/.#(!5,#-%5
.)5 (5 *.&5 &0&@5 "5 ,(-?2&35 .5 &-)5 '%-5 2*)-/,-5,&.5.)5."5,&##&#.35(5#(.!,#.35) 5V((#&5
."5 /#.5 )''#..5 ,-*)(-#&5 ),5 -.&#-"#(!5 '"? #( ),'.#)(>5 (5 -*#V&&35 U."5 *).(.#&5 ),5 ."5 )/,?
(#-'-5 ),5."5,#*.>5,.(.#)(>5(5.,.'(.5) 5)'*&#(.-5 ,(5 ) 5 ,/5 (5 ")15 ."5 ),!(#4.#)(5 '(!-5 ,/5
,#0535."5)'*(35,!,#(!5)/(.#(!>5#(.,(&5? ,#-%@Y5 (5."#-5*,)-->5#(.,(&5/#.9-5,)&5.3*#&&35#(&/-5
)/(.#(!5)(.,)&->5),5/#.5'..,->5(5)(V(.#&>5()(3? )''/(#.#(!5.)5."5),>5/#.5)''#..>5(5'(!?
')/-5 -/'#--#)(-5 35 '*&)3-5 ) 5 )(,(-5 ,!,#(!5 '(.5.".5#(.,(&5)(.,)&->5#(&/#(!5)(.,)&-5.)5.,5(5
+/-.#)(&5)/(.#(!5(5/#.#(!5'..,-5:!(,&&35,? ..5 ,/>5,5-/\#(.5 ),5."5#(.#V5,#-%->5(50,#?
,,5.)5-5."5."#-5),51"#-.&&)1,5*,)!,';@ 3#(!5 .".5 ."5 )(.,)&-5 ,5 /(.#)(#(!5 [.#0&3@CC5
(5#.#)(>5#.5#-5#(,-#(!&35)'')(5 ),5."5/#.5)'? (.,(&5 /#.5 &-)5 '35 --#-.5 '(!'(.5 #(5 #(.# 3#(!5
'#..5 .)5 "05 5 &#(%5 1#."5 ."5 )'*(-.#)(5 )''#..5 (5----#(!5,#-%-5(5."5)(.,)&5(0#,)('(.@
.",)/!"5 )0,&**#(!5 '',->5 $)#(.5 '.#(!->5 ),5 ..(? (5#.#)(5.)5."-5/.#->5#(.,(&5/#.5'355#(0)&05
(5) 5."5/#.5)''#..5"#,5.5,.#(5)'*(-.#)(5 #(5')(#.),#(!5."51"#-.&&)1,5*,)!,'>5----#(!5)'*&#?
)''#..5'.#(!-@5"5)$.#05) 5."#-5*,)--5#-5.)5-.? (51#."5."5(.#.39-5)5) 5."#->5(5).",5.#0#.#-5#(5
#- 35)."5)''#..-5.".5."52/.#05)'*(-.#)(5-.,/? -/**),.5) 5."5),!(#4.#)(9-5."#&5/&./,@
./,5 *,)0#-5 -)/(5 #((.#0-5 ),5 "#0#(!5 ),*),.5
-.,.!#-51#.")/.5/(#(.(.#)(&&35*,)0##(!5').#0.#)(-5 ),5 External Audit
,/5),5).",5/(."#&5"0#),@5"5 )/-5)(5)'*(-? 2.,(&5/#.),-5,5#(*((.5) 5."5),!(#4.#)(5."35
.#)(5-.,/./,-51#&&5&#%&35#(,-5-55,-/&.5) 5&!#-&.#)(5 /#.5(5*,)0#55*/&#5,*),.5)(5."5)'*(39-5((/&5
(5,!/&.),35,/&-5,!,#(!5),*),.5)'*(-.#)(5*)&? V((#&5 -..'(.-@5 (,&&3>5 ),5 @@5 &#-.5 )'*(#-5
##-5(5*,.#-@5 1#."5 6IG5 '#&&#)(5 ),5 '),5 #(5 *#.&#4.#)(>5 ."5 /#.5 &-)55
#(&/-5 (5 )*#(#)(5 )(5 ."5 [.#0(--5 ) 5 ."5 #(.,(&55

)(.,)&-5)0,5V((#&5,*),.#(!5.".5'(!'(.5"-5#'? *,.#-5#(5V((#&5,*),.#(!5(5)(.,)&->5#(&/#(!5."5
*&'(.5.)5,--5."5,#-%5) 5'.,#&5'#--..'(.-5#(5 '#.#!.#)(5) 5 ,/5,#-%-@
V((#&5-..'(.-@
2.,(&5 /#.),-5 ,*),.5 #,.&35 .)5 ."5 /#.5 )''#.?
Themes Related to Deterrence and Detection
.>51"#"5(!!-5."'5(5)0,--5."5)(/.5) 5."5
/#.@5(,55/#.#(!5-.(,->5(5/#.5#-55? "5*,.##*(.-5.5."55,)/(.&5#-/--#)(-5(5#(?
..#)(5 '"(#-'5 -*#V&&35 -#!(5 .)5 ----5 ,/5 *."5#(.,0#1-5!,5.".5*,--/,>5)**),./(#.3>5(5,?
,#-%5(5..5$+) #5 ,/L5U(5R2.,(&S5/#.),5"-55 .#)(&#4.#)(5,5#(5%35.&3-.-5 ),5V((#&5,*),.#(!5
,-*)(-##&#.35.)5*&(5(5*, ),'5."5/#.5.)5).#(5,? ,/@5"35&-)5!,5.".5-(#),5'(!'(.5"-5."5*,#?
-)(&5--/,(5)/.51".",5."5V((#&5-..'(.-5 ',35,-*)(-##&#.35 ),5.,,#(!5(5..#(!5 ,/>51),%?
,5 ,5 ) 5 '.,#&5 '#--..'(.>5 #(!5 #(5 )(,.5 1#."5 ."5 ),5 ) 5
CD
1".",5/-535,,),5),5 ,/@Y 55 It’s quite plausible for senior #,.),-5(5/#.5)''#..5(5."5
/5 *,) --#)(&5 ,5 (5 -%*.#? management to rationalize #(.,(&5(52.,(&5/#.),-@
#-'5,5 /('(.&5*,#(#*&-5#(50? fraudulent behavior: “We are not 5 /('(.&5/(,*#((#(!5) 5(35
,3."#(!5 (5 2.,(&5 /#.),5 )-@5 -5 hurting anybody, we are not )'*(39-5 [),.-5 .)5 .,5 (5 ..5
*,.5) 5."#,5*,) --#)(&5,-*)(-##&#? spending any money, we are ,/5#-55,)/-.5-3-.'5) 5#(.,(&5)(?
.#->5 2.,(&5 /#.),-5 ,5 ,+/#,5 .)5 protecting jobs, we think the .,)&@5&&5%35*&3,-5#(5."5V((#&5,?
#-/--5 1#."5 ."5 /#.5 )''#..>5 -5 business is going to turn around *),.#(!5 -/**&35 "#(5 "05 -)'5
**&#&>5 '..,-5 -/"5 ->5 /.5 ().5 next year. We are just making sure ,-*)(-##&#.35 1#."5 ,-*.5 .)5 #(.,(&5
&#'#.5 .)>5 .")-5 .".5 '35 (.,5 #(.)5 that we are still here next year )(.,)&5 -3-.'-@5 )10,>5 ."5 ,#-%5 ) 5
."5 0&/.#)(5 ) 5 ."5 ,#-%5 ) 5 V((#&5 when the turnaround comes.” '(!'(.5 )0,,#5 ) 5 #(.,(&5 )(?
,*),.#(!5 ,/>5 ."5 $/-.'(.-5 .".5 .,)&-5 (5 ).",5 .),-5 '(-5 #.5 #-5 ().5
David Alexander, Director of
,-/&.5 ,)'5 ."5 /#.>5 ."5 /#.),9-5 Forensic Services, Smith and Williamson
()/!"5.)5 )/-5)(&35)(5."5-#!(5) 55
$/!'(.5)(5."5+/&#.35) 5."5(.#.39-5 )'*(39-5 -3-.'5 ) 5 #(.,(&5 )(.,)&@5
)/(.#(!5 *,#(#*&->5 -#!(#V(.5 )/(.#(!5 -.#'.->5 "/->5."5,/#&5+/-.#)(5#-5")15."5%35*&3,-5#(5."5V?
'.,#&51%(---5),5-#!(#V(.5V#(#-5#(5#(.,(&5 ((#&5,*),.#(!5-/**&35"#(>5)."5#(#0#/&&35(5)&&?
)(.,)&-5 #(.#V5 /,#(!5 ."5 /#.>5 (5 #-!,'(.-5 .#0&3>5(5[.#0&35'#.#!.5."5,#-%5.".5."5.",5 ),-5
1#."5 '(!'(.>5 # 5 (3@CE5 /-5 ) 5 ."#,5 2*,#(5 #(5."5 ,/5.,#(!&51#&&5&5.)5V((#&5-..'(.5 ,/@
1#."550,#.35) 5)'*(#->52.,(&5/#.),-5&-)5,5) ? ",5."'-5),5.!),#-5) 5 ,/5.,,(5(5?
.(5 #(5 5 *)-#.#)(5 .)5 *,)0#5 /- /&5 *,-*.#0-5 )(5 -.5 ..#)(5'-/,-5',!5 ,)'5."59-5#-/--#)(-5(5
Deterring and Detecting Financial Reporting Fraud

Because of the inherent limitations on the effectiveness of controls and the possibility for the override of controls, the risk of fraud
can be mitigated but not completely eliminated. Therefore, companies typically employ two strategies to mitigate fraud risks:
controls that focus primarily on deterring potential fraud and controls to detect fraudulent activity.
Controls to deter fraud, such as a strong ethical tone at the top and a proactive fraud management program, are highly visible
in the organization and are designed to ascertain and mitigate the forces that can enable fraud.
Detective controls generally operate in the background and focus on the timely identification of fraud that has occurred.
Examples of detective controls include:
³ Process controls such as reconciliations and physical count
³ Technology tools to identify anomalies in accounting entries or activity
³ Regular management or internal audit reviews of areas of activity (such as accounting estimates) susceptible to manipulation
Some controls, such as a whistleblower program, both deter fraud by their presence and help detect incidents of fraud.

#(.,0#1-@5"-5."'-5"#!"&#!".5."5.#)(-5-)'5)'? ³5 "#,>5 -.,)(!5 )''/(#.#)(5 (5 .#05 )&&),.#)(5
*(#-5&,35,5.%#(!5.)5,--5."5,#-%5) 5V((#&5,? ')(!5 &&5 %35 *,.##*(.-5 ,5 --(.#&5 .)5 5 ."),)/!"5
*),.#(!5 ,/5(5-.#'/&.5."#(%#(!5)/.5).",5*).(.#&5 /(,-.(#(!5 ) 5 ."5 ,#-%-5 ) 5 V((#&5 ,*),.#(!5 ,/5
**,)"-5.".5'35)/(.,5)(5),5'),5) 5."5').#0.),-5 (5.)5(5[.#05(.#? ,/5*,)!,'5
#(5."5 ,/5.,#(!&@5"-5-'5."'-5,5&-)5,W.5#(5
(50&)*#(!5-*#V5(2.5-.*-5.)50(5[),.-5.)5.,5
,(.5,-,"5)(5."5.,,(5(5..#)(5) 5V((#&5
(5..5V((#&5,*),.#(!5 ,/>5#.5#-5#(-.,/.#05.)5 )?
,*),.#(!5 ,/@5
/-5)(5")15"5) 5."5%35!,)/*-5#(5."5V((#&5,*),.?
³5 #,-.>5."5.)(5.5."5.)*>5-5#.5#-5,W.5.",)/!")/.55 #(!5-/**&35"#(5(5',5."-5."'-5#(5),,5.)5"&*5
)'*(39-5 /&./,>5 #-5 ."5 *,#',35 &#(5 ) 5 (-5 (5 '#.#!.5."5,#-%5) 5V((#&5,*),.#(!5 ,/@5"5 )&&)1#(!5
)(5) 5."5')-.5[.#051*)(-5.)5.,5 ,/5 "*.,-5 #-/--5 "5 ) 5 ."5 ."'-5 (5 ."5 ,&.5 ,?
-*)(-##&#.#-5 ) 5 "5 -.%")&,5 !,)/*Z'(!'(.>5
³5 )(>5-%*.##-'>5),55+/-.#)(#(!5'#(-.5)(5."5*,.5
),-5(5/#.5)''#..->5#(.,(&5/#.),->5(52.,?
) 5&&5%35*,.##*(.-5#(5."5V((#&5,*),.#(!5*,)-->5
(&5/#.),-@5
#-5 5 0#.&5 .))&5 #(5 0&/.#(!5 ,/5 ,#-%5 (5 #(5 .,,#(!5
(5..#(!5*).(.#&5V((#&5,*),.#(!5 ,/

2 CHAPTER
Tone at the Top

The Power of Corporate Culture
(5)."5."59-5,)/(.&5#-/--#)(-5(5#(?*."5#(?
.,0#1->5 *,.##*(.-5 1,5 /((#')/-5 .".5 (5 ),!(#4? Tone at the Top Does Matter
.#)(9-5."#&5/&./,5#-55#-#05 .),5#(5'#.#!.#(!5."5,#-%5 The Integrity Survey 2008–2009, conducted by KPMG LLP,
) 5 ,//&(.5V((#&5,*),.#(!>5(5.".5."5),*),.5/&? found that among companies with a comprehensive ethics
./,5(5#.",5.,5V((#&5,*),.#(!5 ,/5),5#'*&##.&35 and compliance program, 90 percent of the respondents
)()(5#.@5#'#&,&3>5."5,#1.,")/-))*,-2992,'8 described the environment as one where people feel mo-
tivated and empowered to do the right thing. In compa-
'#$%+2 +&2 +2 <::C2 #&#2 &%&$ 2 ) $2 ,)-02 )/(5
nies without a comprehensive ethics and compliance pro-
.".5 ID5 *,(.5 ) 5 ."5 ,-*)(#(!5 2/.#0-5 #(.#V5 #-?
gram, only 43 percent gave that response.
-/-5 ,&.#(!5 .)5 ),*),.5 /&./,5 -5 ."5 ,)).5 /-5 ) 5 #(?
,-5)()'#5,#'@5
5 -.,)(!5 ."#&5 /&./,5 -.,.-5 1#."5 (5 ),!(#4.#)(9-5
')-.5-(#),5&,-5:."/-5."5*",-5U.)(5.5."5.)*Y;5(5 ,//&(.5.#)(-@5)10,>5# 5(5'*&)35#-5').#0.535
--5)1(5.",)/!"5."5(.#,5),!(#4.#)(5.)5,.Z *,-)(&5,-)(-5-/"5-5!,5),5V((#&5(>5"5),5-"5
#(5."51),-5) 5-0,&5*,.##*(.-5#(5."55,)/(.&-5 '355#'*,0#)/-5.)5."5#(W/(5) 5),*),.5/&./,@
(5#(.,0#1-Z5U'))5#(5."5'#&Y5(55U/445.5."5
)..)'Y5.".5,W.-5(5,#( ),-5."5)'*(39-5)*,.?
Culture and Management
#(!50&/-@5),-5(5/#.5)''#..->5&)(!51#."5#(.,?
(&5/#.),->5*&350#.&5,)&-5#(5/#&#(!5(5-/-.#(#(!5."5 5&&5."5!,)/*-51#."55,)&5#(5."5V((#&5,*),.#(!5-/**&35
),!(#4.#)(9-5."#&5/&./,@ "#(>5'(!'(.5"-5."5')-.5,#.?
),*),.5 /&./,5 #(W/(-5 &&5 #&5,)&>5/-5#.5#-5,-*)(-#&5 ),5
Tone at the top is a level of
.",5 -#-5 ) 5 ."5 ,/5 .,#(!&@5 5 -..#(!5."5.)(5.5."5.)*5(5-.?
commitment to integrity, to doing
-.,)(!5."#&5/&./,5,.-5(52? &#-"#(!5."5/&./,5(5-#!(#(!5."5
the right thing at all costs despite the
*..#)(5 ) 5 )#(!5 ."5 ,#!".5 ."#(!5 -3-.'-5 .".5 ,#05 ."5 ),!(#4.#)(@5
consequences such action may have on
(5 )/(.,.-5 *,--/,-5 .)5 */-"5 (5."5)*#(#)(5) 55#-/--#)(5*,?
financial performance. Actions speak
."5 (0&)*5 .)5 '.5 -"),.?.,'5 .##*(.->5 )'*(#-5 -/-- /&5 #(5
louder than words. Observing how
!)&-@5 #%1#->5 (5 ."#&5 /&./,5 /#&#(!5(5."#&5/&./,5.".5.,-5
leaders make decisions and act on a
.3*#&&35 -/**),.-5 1&&?-#!(5 ,/5)5-)5.",)/!"55/&5**,)"@5
day-to-day basis is the most convincing
(5[.#05)(.,)&-5.".5#'#(#-"5 #,-.>5 ."35 &,&35 -..5 ."#,5 ."#&5
evidence about the cultural
)**),./(#.#-5 ),5 ,/5(5#(,-5 -.(,->5 (5 -)(>5 -(#),5 '(?
reality at a company.
."5&#%&#"))5.".5 ,/51#&&55? !'(.5 0#-#&35 &#0-5 35 .")-5 -.(?
Mark S. Beasley, Ph.D.,
..5 +/#%&3@5 5 /&./,5 ) 5 ")(-.35 ,-50,3535(5,#( ),-5."'5
Deloitte Professor of Enterprise Risk
(5 #(.!,#.35 (5 -0,&35 &#'#.5 (5 Management and ERM Initiative Director, .",)/!"5."5(.#,5),!(#4.#)(51#."5
#(#0#/&9-5 #&#.35 .)5 ,.#)(&#45 North Carolina State University **,)*,#.5 -3-.'-5 (5 *,)---@5
"5 *,)---5 (5 ,#.,#5 35 1"#"5
'(!'(.5 '%-5 #-#)(-5 ,5 ,/#&5 -5 ."35 -#!(&5 .)5 ³^5,#)#5 ."#-5 .,#(#(!5 ),5 '*&)3->5 .#&),5 .)5 ."5
."5),!(#4.#)(51".5#-5.,/&350&/@ &0&5(5(-5) 5#[,(.5'*&)35!,)/*-
5 #-/--#)(5 *,.##*(.-5 -.,--5 .".5 (5 ),!(#4? ³^5,/5 1,(--5 .,#(#(!5 .".5 /.-5 '*&)3-5 )(5
.#)(9-5 .)(5 .5 ."5 .)*5 ,W.-5 #.-5 )''#.'(.5 .)5 .,,#(!5 ."5",.,#-.#-5) 5 ,/5(5."5"0#),-5(5).",5
(5..#(!5 ,/@5 5'*&)3-5/(,-.(5."5),!(#4? ,5W!-5.".5'35-/!!-.5 ,//&(.5)(/.
.#)(9-5."#&52*..#)(->5&#05.".5'#-)(/.51#&&5().5
³5 !/&,5 ,0#1-5 ) 5 ."#-5 *)&##-5 .)5 #(.# 35 !*-5 (5
5.)&,.>5(5-5."#,5-(#),5&,-5",#(!5-.,#.&35.)5
."5)5) 5)(/.>5."35,5&--5&#%&35.)5-//'5.)5.'*? #(),*),.5-.5*,.#-
..#)(-5.)5)''#.5 ,/5(5,5'),5&#%&35.)5,*),.5 ,/5# 5 (5#.#)(>5'(!'(.5:*,.#/&,&35-(#),5'(!?
."35-5#.@5 .9-5&&5)/.5."52'*&5-.535&,-"#*>5.5&&5 '(.;5-")/&55-(-#.#05.)5."5*,--/,-5*&5)(5'?
&0&-@5 (5).",51),->5."5%35#-5.)51&%5."5.&%@ *&)3-@5),52'*&>5'(!'(.5(-5.)5)(-#,5."5
#'*.5) 5)'*(-.#)(5*&(-5(5*, ),'(52*.?
& )& & & (& ),#(!5 .)5 .#)(-5 ),5 '*&)3->5 *,.#/&,&35 #(5 "#!"?*,--/,5 -#./?
5 #-/--#)(5 *,.##*(.->5 .)5 5 [.#0>5 5 )'*(39-5 .#)(-@5)50)#5,.#(!5/(#(.(5*,--/,5.)5 &-# 35,?
."#&5 *)&##-5 (5 -.(,-5 -")/&5 -/&.->5 '(!,-5 -")/&5 5 '#( /&5 ) 5
5/('#!/)/-&35&,5.",)/!")/.5&&5 The choices the top makes ."5-.,---5.".5."#,5'*&)3-5'35
&0&-5 ) 5 ."5 ),!(#4.#)(5 (5 #(5 &&5 are going to define what’s &5 #(5 .,3#(!5 .)5 U'%5 ."5 (/',->Y5
!)!,*"#5&).#)(-@5 .5#-5-(#),5&? acceptable ethically. (5.,35.)5-#!(5!)&-5.".5,5,&#-?
,-"#*9-5,-*)(-##&#.35.)5)''/(#.5 .#5(5"#0&@5 5."5)()'#5(?
David Larcker, Ph.D., James Irvin Miller
."-5 '--!-5 (5 )(.#(/&&35 ,#(? Professor of Accounting, Stanford 0#,)('(.5 ),5 ).",5 --/'*.#)(-5 ),5
),5 ."'5 #(5 5 135 .".5 *,'.-5 University Graduate School of Business ),#!#(&5 !)&-5 "(!>5 '(!,-5
.",)/!"5 ."5 (.#,5 ),!(#4.#)(@5 '? -")/&5)(-#,5')# 3#(!5-/"5!)&-5
*&)3-5 (5 .)5 ",5 ."5 -'5 '-? If we tell people we expect you ),#(!&3@
-!-5 ().5 )(&35 ,)'5 .)*5 &,-5 /.5 to hit this number next quarter,
&-)5 ,)'5 ."#,5 #,.5 -/*,0#-),-@5 -5 and your bonus depends on it, & )& & &
-0,&5*,.##*(.-5#(5."55,)/(? that provides an incentive to meet & @5"5U.&%Y5)/.5."#&5
.&-5 (5 #(.,0#1-5 *)#(.5 )/.>5 it or to lie about meeting it. "0#),5#-5#'*),.(.>5/.51".5,&&35
V,-.?&#(5 -/*,0#-),-5 "05 ."5 ')-.5 '..,->5 ),#(!5 .)5 5 #-/--#)(5
Nell Minow, Editor and Co-Founder,
*)1, /&5 (5 #,.5 #(W/(5 )(5 ."5 The Corporate Library *,.##*(.->5#-5."52'*&5-.535-?
."#&5 $/!'(.-5 ) 5 '*&)3-@5 .5 #-5 (#),5 '(!,-5 #(5 ."#,5 /-#(--5 (5
0#.&5.".5."5'))5#(5."5'#&5')(!5."-5-/*,0#-),-5 *,-)(&5 &#0-@5 5 &--#5 2'*&5 #-5 (,)(>5 1"#"5 .5 )(5
")5."5)'*(39-5.&%5)(5."#&50&/->5-)5.".5."50&? .#'51-5&/5 ),5#.-5)5) 5)(/.5(5),*),.5!)0?
/-5)'5*,.5) 5."5#&35)(0,-.#)(5(5."5/445.5 ,((5 *,)!,'->5 /.5 1"#"5 &%5 &,-"#*5 )''#.?
."5 )..)'@5 --!-5 -")/&5 '*"-#45 "5 '*&)39-5 '(.5 .)5 #.-5 *,#(#*&-@5 ),)0,>5 ."5 -'5 -.(,-5 ) 5
/.35 .)5 ,*),.5 +/-.#)(&5 "0#),>5 (5 *, ),'(5
!)&-5(5)'*(-.#)(5*&(-5-")/&5,#( ),5."5*,#'?
35) 5."#&5)(/.@ Effective Codes of Conduct Are Based on
"5 )&&)1#(!5-.*-5(5-.,(!."(5(5),!(#4.#)(9-5'-? Principles
-!#(!5,&.5.)5."#-5(5 ,/5.,,(L5
“Exhaustively detailed codes of conduct encourage acqui-
³5 (!)#(!>5)(-#-.(.&35,(5),*),.5)''/(#.#)(-5 escence and bureaucracy but fail to inspire employees
.".5,5,)&&5)/.5,)--5'/&.#*&5 ),'-5) 5'#5(L with the spirit of ethical behavior. The most effective
X5 )''/(#.5&,5'--!-5)/.5-*#V5)$.#0- codes of conduct function not as rulebooks but as consti-
tutions that detail the fundamental principles, values, and
X5 %5(5').#)(&5**&
framework for action within an organization.”
X5 ,5/-.)'#45.)5#[,(.5'*&)35!,)/*->5
—LRN, Ethics and Compliance Risk Management, 2007
!)!,*"#->5(5/&./,-
X5 ,5,!/&,&35----5(5/*.

"0#),5 -")/&5 5 **&#5 .)5 &&5 Number one is talk the talk and .#0#.#-5&-)5(5.)5#(&/55)'?
&0&-5 ) 5 '(!'(.>5 ,)'5 V,-.? number two is walk the talk *,"(-#05 ,/5 ,#-%5 '(!'(.5
&0&5 -/*,0#-),-5 .",)/!"5 ."5 ')-.5 by continuing to reinforce values in *,)!,'@5 #(5 ."5 )/(.#)(5 ),5
-(#),5,(%-@5 the discussions with the company -/"55*,)!,'5#-5-.,)(!5,#-%5!)0,?
)5 #(.!,.5 ."#&5 "0#),5 personnel. Whether it’s letters to the ((>5 '(35 *,.##*(.-5 -/!!-.5
#(.)5."5 ,#5) 5."5)'*(39-5/&? employees, letters to management, .".5 (5 **,)*,#.5 '',5 ) 5 -?
./,>5 -(#),5 '(!'(.9-5 )*,.? it’s an ongoing process, not something (#),5 '(!'(.5 -/"5 -5 ."5 "# 5
#(!5 *)&##-5 (5 #-#)(-5 -")/&5 where you paste something on the ,#-%5 )\,>5 ."5 ."#-5 (5 )'*&#?
,W.5(5/(10,#(!5)''#.'(.5 wall and walk away from it. (5 )\,>5 ),5 ."5 !(,&5 )/(-&5
.)5."5)'*(39-5."#&50&/-@5? -")/&5 "05 2*&##.5 ,-*)(-##&#.35
John Trakselis, CPA, Past President,
(#),5'(!'(.5-")/&5")&5#.-& 5 Financial Executives ),5."5*,)!,'>51#."5/#.5)''#.?
(5 &&5 )'*(35 *,-)((&5 -.,#.&35 International—Chicago Chapter .5 )0,-#!".5 (5 )(!)#(!5 ')(#.),?
)/(.&5 ),5 )'*&#(5 1#."5 #(!5) 5&&5) 5#.-5-*.-@5
."#&5-.(,->5(5)(-+/(-5 ),50#)&.#)(-5(5.)5 (5[.#0&35-#!(5 ,/5,#-%5'(!'(.5*,)!,'5
5)(-#-.(.&35**&#5(5&,&35)''/(#.@5 -.,.-5 1#."5 5 ),'&5 ----'(.5 ) 5 ,/5 ,#-%>5 1"#"5 #-5 .#?
((/&5 '*&)35 -/,03-5 ,5 2&&(.5 .))&-5 .)5 ).#(5 &),5.)5."5)'*(3>5#-5/*.5((/&&3>5(50&/.-5#(?
%5 )(5 '*&)3-95 /(,-.(#(!5 (5 *,-*.#05 )(5 (.#0-5(5)**),./(#.#-5.)5)''#.5 ,/@5 .5&-)5#(&/-5
."#-5 (5 )'*&#(5 *,)!,'-@5 -5 -/!!-.5 35 ."5 )(? #(.,(&5)(.,)&-5-*#V&&35-#!(5.)5.,5(5..5V?
-/&.#(!5 ),!(#4.#)(5 >5 (5 [.#05 '*&)35 -/,035 ((#&5,*),.#(!5 ,/@5
-")/&5#(&/5+/-.#)(-5.".5!)53)(5#,.5."#&5#--/-5 "5 1"#-.&&)1,5 *,)!,'5 #-5 )(5 -/"5 )(.,)&@5 .",-5
(5&-)5-%5)/.51),%#(!5)(#.#)(-5(5)0,&&5$)5-.#-? #(&/5 ,/51,(--5.,#(#(!5 ),5'*&)3-5(5,)/-.5
.#)(>5 1"#"5 ) .(5 "05 -#!(#V(.5 ."#&5 #'*&#.#)(-@5 )(.,)&-5 )0,5 ."5 V((#&5 ,*),.#(!5 *,)--@5 "5 *,)!,'5
"5%35#-5.)5, .5+/-.#)(-5.".5&5'*&)3-5.)5)''(.5 -")/&5&-)5#(&/55&,5*,)--5 ),5*,)'*.5#(0-.#!.#)(5
)(5."5),!(#4.#)(9-5."#&5/&./,@5),52'*&>55+/-.#)(5 ) 5&&!.#)(-5) 5 ,/>5&)(!51#."5-1# .5),,.#05.#)(5# 5
'#!".5-%>5)5'(!'(.5(5-/*,0#-),-5*,)0#5#( ),'? ,/5 #-5 #(.#V@5 "5 ),!(#4.#)(9-5 ,-*)(-5 .)5 ,/5
.#)(5(5%*5)''#.'(.-Q5-*)(--5'35#(#.51"."? -")/&5-(55&,5-#!(&5.".5 ,/51#&&5().55.)&,.>5.5
,5'(!'(.5-.,#.&35#-535."5,/&-5),5.(-5.)5*/-"5 (35.#'>5#(5(35*&>5),535(35&0&5) 5'*&)3@CG
."5&#'#.-5) 5*.&5"0#),@CF "5 DBCB5 2 '&)+2 +&2 +2 + &%*2 &%2 ,'+ &%#2
),2 %2 ,*5 )/(5 .".>5 )(5 0,!>5 ."5 ,/-5 #(5 ."5
&
&& (5 (5),,5.)5[.#0&35 -./35)(.#(/5 ),5.1)53,-5 ,)'5."5*)#(.5."35!(5.)5
.,5 (5 ..5 V((#&5 ,*),.#(!5 ,/>5 '(!'(.9-5 ."5*)#(.5."351,5..>51#."5-)'5,/((#(!5)(-#,?
Elements of Effective Fraud Risk Management
³ A
formal fraud risk management program that includes a code of ethics supported by the tone at the top; clear roles and
responsibilities for the board, the audit committee, management, and internal audit; and fraud awareness and reporting train-
ing for all employees
³ A
comprehensive fraud risk assessment that addresses incentives and opportunities to commit fraud and the likelihood and
significance of each potential fraud risk, including the risk of management override of controls
³ A
ctivities and controls to deter and detect fraud, including the consideration of fraud risk in the development of the annual in-
ternal audit plan and in the execution of internal audit engagements
³ Processes for the investigation of potential frauds and for corrective action when necessary
Summarized from Managing the Business Risk of Fraud: A Practical Guide, by American Institute of Certified Public Accountants,
Association of Certified Fraud Examiners, and and The Institute of Internal Auditors, 2008.

&35&)(!,@5)'*(#-5(5.)5'%5)(.#(/)/-5#'*,)0? .#)(-5#(0)&0#(!5-(#),5'(!'(.5(A),5V((#&5#,,!/?
'(.-5#(5),,5.)5#(,-5."5&#%&#"))5.".5 ,/5#-5..? &,#.#-5 -")/&5 5 -&.5 .)5 ."5 /#.5 )''#..5
5)(55.#'&35-#-@5"5),2 *"2"# *+2*/&#-"5#(5 #''#.&3@5 (5#.#)(>5 ),5."51"#-.&&)1,5*,)!,'5.)5
DBBJ535."5#((#&52/.#0-5-,"5)/(.#)(5*,)? "05 ,##&#.3>5 ,*),.5 '..,-5 -")/&5 5 #(0-.#!.5
0#-5(52'*&5) 55-.,/./,5**,)"5 ),5'(!'(.5 *,)'*.&3>5 (5 '(#(! /&5 *(&.#-5 -")/&5 5 #'*)-5
.)5#(.# 35(5'#.#!.5*).(.#&5,#-%5 .),-5 ),5 ,//&(.5 1"(5 0#)&.#)(-5 ,5 )(V,'@5 /',)/-5 -/,03-5 ,0&5
V((#&5,*),.#(!@CH55 .".5'(35'*&)3-5-.#&&5 #&5.)5,*),.5 ,/5),5).",5'#-?
)(/.5 /-5 ."35 #.",5 ,5 ,.&#.#)(5 ),5 )5 ().5 ?
"& (& (35 5 #-/--#)(5 *,.##? &#05.".5'(!'(.51#&&5)5(3."#(!5.)5-.)*5."5/(."#?
*(.-5 /(,-),5 ."5 #'*),.(5 ) 5 5 ,#&35 --#&5 &5 "0#),@CI5 ),5 .".5 ,-)(>5 -)'5 5 #-/--#)(5
1"#-.&&)1,5,*),.#(!5'"(#-'>5-/"5-55").&#(>5.)5,? *,.##*(.-5 -/!!-.5 .".5 )'*(#-5 )(-#,5 -",#(!5 5
#05,*),.-5) 5)(,(-5)/.5."#-50#)&.#)(-5),5*).(.#&5 -/'',35 ) 5 #( ),'.#)(5 )/.5 ").&#(5 ,*),.-5 (5 ."#,5
,/@5 "5 DBCB5 (-.#./.5 ) 5 (.,(&5 /#.),-5 ()1&!5 #-*)-#.#)(51#."#(5."5),!(#4.#)(@
&,.5)(5$) %2)%*2 %2),2 *"*2#(.#V55.))&5 ),5 "#&5 ."5 *,.##*(.-5 #(5 ."5 ,)/(.&5 #-/--#)(-5
)(V(.#&5 ,*),.#(!5 -5 )(5 ) 5 ."5 %35 )'*)((.-5 ) 5 5 ().5.".55&,!5'$),#.35) 5&&-5.)5").&#(-5,&.5.)5,&?
,/5'(!'(.5*,)!,'@5 .#0&35 '#(),5 "/'(5 ,-)/,-5 '.?
"5 ,(-?2&35 .5 '%-5 Boards and audit committees should .,->5 5 '(#(! /&5 *,(.!5 ) 5 ,?
."5/#.5)''#..5-*#V&&35,? set a culture in the organization *),.-5#(.# 35-,#)/-5'#-)(/.5),5
-*)(-#&5 ),5-.&#-"#(!5(5)0,? of highly ethical behavior and ,/@5 ),#(!5 .)5 )."5 ."5 DBCB5
-#(!5 5 )(V(.#&5 ,*),.#(!5 communicate to those within the 5'&)+2+&2+2+ &%*2&%2,8
'"(#-'@5)5*,)').5#.-5/->5."5 organization that if there is a problem, '+ &%#2 ),2 %2 ,*5 (5 ."5
.5,+/#,-5.".5."5*,)/,-5&? a vehicle exists for those inside the DBBK5 ,#1.,")/-))*,-5 -/,?
&)15 ),5,*),.-5.)55-/'#..5)(? organization to report it in an 03>5&%&$ 2) $2 %22&.%+,)%72
V(.#&&35(5()(3')/-&3@5 (5),? anonymous way so that they ,/51-5'/"5'),5&#%&35.)55?
,5 ),5."5*,)!,'5.)55[.#0>5 don’t feel jeopardized. ..5 35 .#*-5 ."(5 35 (35 ).",5
#.5 #-5 &-)5 #'*),.(.5 .".5 .",5 5 5 '.")@5 "5 5 -./35 ,*),.5
Michael A. Moran, Vice President,
&,5,),5) 5()(?,.&#.#)(@5,? Global Markets Institute, .".5U**,)2#'.&35"& 5) 5 ,/5.#*-5
.##*(.-5 '*"-#45 .".5 &&!? The Goldman Sachs Group, Inc. '5 .",)/!"5 5 ").&#(5 1"(5 .".5
Features of a Well-Designed Whistleblower Program
³ Option for anonymity
³ Organization-wide (global) and available 24/7, ideally by telephone, with professionally-trained interviewers in all local languages
³ Single hotline for all ethics-related issues
³ Dual dissemination of the information received so that no single person controls the information, with criteria for immediate escala-
tion where warranted, and for notification of the audit committee when financial irregularities or senior management are involved
³ Case management protocols, including processes for the timely investigation of hotline reports and documentation of the results
³ Management analysis of trends and comparison to norms
³ Data security and retention policies and procedures
³ Customization to comply with the laws of foreign jurisdictions and to address cultural differences
³ Ongoing messaging to motivate everyone in the organization, as well as vendors, to use the hotline
Summarized from Best Practices in Ethics Hotlines, T. Malone and R. Childs, The Network, 2009
'"(#-'51-50#&&>5(5@5@5@5HE5*,(.5) 5."5").&#(5 Culture and Boards and Audit Committees

,*),.-5 #(0)&05 ,/5 35 5 '(!,5 ),5 2/.#0@Y5 "5
(,5 ."5 ,(-?2&35 .>5 /#.5 )''#..5 '',-5
,#1.,")/-))*,-5 ,*),.5 )/(5 .".5 FJ5 *,(.5 ) 5
'/-.55#(*((.5) 5'(!'(.5(5'/-.5"055-#!?
,/-51,5#-)0,5-55,-/&.5) 5.#*-5),5").&#(5,*),.-5
(.5V((#&52*,.5),52*&#(51"35."35)5().@5 (5#?
(5)(&/L5U"#-.&5&)1#(!5#-55.(!#&52'*&5) 55
.#)(>5."5/#.5)''#..5#-5,-*)(-#&5 ),5)0,-#!".5) 5."5
(V.5.".5)'*(#-5(5,&#45 ,)'5/#&#(!55/&./,5
)(V(.#&5 1"#-.&&)1,5 *,)!,'5 (5 ),5 (!!#(!5 (5
1",5 ,/5#-5().5.)&,.5(5.")-5.".5,*),.5#.5"05
)0,-#(!5 ."5 2.,(&5 /#.),-@5 "-5 ,-*)(-##&#.#->5
()5 ,5) 5,.&#.#)(@Y5
&)(!5 1#."5 ."5 ,)&5 ) 5 ."5 ),5 (5 /#.5 )''#..5 #(5
)0,-#(!5,#-%5'(!'(.>5!#05),-5(5/#.5)''#.?
POINT TO PONDER
.-55(.,&5,)&5#(5(5),!(#4.#)(9-5[),.-5.)5#-)/,!5
2&8)%"2+2&2<:;:2 )+*2+22+&2).)2. *8
(5/()0,5 ,/@
+##&.)*92,*2+ '*2)2%2M+ -2$%*2&)2 %+ 0 %2
')(!5).",5."#(!->5),-5(5/#.5)''#..-5*&355
$ *&%,+72 *&,#2 &$'% *2 &%* )2 2 ).)2 *0*+$2 &)2
%35 ,)&5 #(5 ,#( ),#(!5 (5 **,)*,#.5 .)(5 .5 ."5 .)*5 ),5
+ '*2# %2+&2 *&-)02&2),F
)."5 ),*),.5 )(/.5 (5 ,#-%5 '(!'(.5 35 '%#(!5
."#&5)(/.5(5)0,,##(!5*,#),#.3>5#(&/#(!5-.&#-"?
& & ' & *(& /&#5 )'*? #(!55)5) 5."#-5-*#V&&35 ),5."5),5.".5#-5)(-#-?
(#-5,5#(,-#(!&35!&)&5#(5-)*>5(5'/&.#(.#)(&5),? .(.5 1#."5 ."5 ),*),.5 )@5 5 #-/--#)(5 *,.##*(.-5
*),.#)(-5 5 -*#&5 "&&(!-5 #(5 .,3#(!5 .)5 )-.,5 5 '*"-#45 .".5 ."5 ),5 (5 /#.5 )''#..5 -")/&5
)(-#-.(.5&0&5) 5."#-5,)--5#[,(.5)/(.,#-5(5/&? '%5."'-&0-50#-#&5#(5."5),!(#4.#)(5-5*,)*)((.-5
./,-@5 (-.#&&#(!55)(-#-.(.5-.(,5) 5."#&5"0#),5#-5 ) 5"#!"5."#&5-.(,-@5 )-.5#'*),.(.&3>5."5),5(5
'/"5'),5)'*&25."(5$/-.5.,(-&.#(!5(5."#-5)5),5 ."5/#.5)''#..5-/**),.5."5.)(5.5."5.)*535*/..#(!5
,/5.,,(5*,)!,'5#(.)5#[,(.5&)&5&(!/!-@5 .5 ."5,#!".5-(#),5'(!'(.5.'5#(5*&5-5."#,5,*,?
,+/#,-5*./,#(!5."5(/(-5) 5'(#(!5#(5."5&)&5&(? -(..#0-5.)5."5),!(#4.#)(@5
!/!5(5.#&),#(!5*)&##-5.)5&)&5/-.)'->5-51&&5-5? ),-5(5/#.5)''#..-5"05."5,-*)(-##&#.35.)5-?
.,'#(#(!5 .".5 )(.,)&-5 ,5 #'*&'(.5 (5 )'*&#(5 ---5."5#(.!,#.35) 5-(#),5'(!'(.5)(5(5)(!)#(!5-#-@5
)(-#-.(.&35')(#.),5-*#.5!)!,*"#5#-.(@5,.? (5*,.#/&,>5/#.5)''#..-5-")/&551,5) 5(5')(#?
#(!55/(# ),'5."#&5/&./,5&-)5'(-50&/.#(!5/&./,&5 .),5."5,#-%5) 5'(!'(.5)0,,#5) 5#(.,(&5)(.,)&-5-55
#[,(-5.".5'35,.5*,--/,->5)**),./(#.#->5),5,? *,.5) 5."#,5)0,-#!".5) 5."5V((#&5,*),.#(!5*,)--@5/?
.#)(&#4.#)(-5 ),5 ,/5.".5,5#[,(.5 ,)'5.")-5.3*#&5 #.5 )''#..-5 -")/&5 *35 -*#V5 ..(.#)(5 .)5 &0,!#(!5
#(5."5(#.5..-@5 ."5 #(.,(&5 /#.5 /(.#)(@5 ),#(!5 .)5 FG5 *,(.5 ) 5 ."5
),5 2'*&>5 #.5 '35 5 (--,35 .)5 2*&#(5 ")15 ."5 ,-*)((.-5.)5."2<::C2#&#2 %+) +02,)-0535&$'# 8
),!(#4.#)(9-5*)&##-5,5'),5,-.,#.#05."(5."5&15),5 %2 "2 (5 (.!,#.35 (.,.#05 ),*),.#)(>5 #(.,(&5
)'')(5*,.#5#(55*,.#/&,5)/(.,3@5,.#(52*.? /#.5*&3-5(5--(.#&5,)&5#(5!/!#(!5."5)0,&&5&0&5) 5#(?
.#)(-5 ),5 "0#),>5 -/"5 -5 5 *,)"##.#)(5 )(5 U #&#..#)(5 .!,#.35(5."#-51#."#(55)'*(3@5().",5EE5*,(.5#(#?
*3'(.->Y5'355'),5,-.,#.#05 .5 .".5 #(.,(&5 /#.5 )(.,#/.-5
#(5 ."5 (#.5 ..-5 ."(5 1".5 #-5 The audit committee needs to set the .)5."#-5[),.@
(),'&&35 *.&5 #(5 ().",5 $/? tone at the top. It should make it clear
,#-#.#)(@5 -5 )(5 5 #-/--#)(5 to management and the auditors that # !& (& ),-5
*,.##*(.5 *)#(.5 )/.>5 U,)--5 there is only one standard for how :.",)/!"5 ."#,5 )'*(-.#)(5 (5
,#!-5 /&./,-@5 "%-5 (5 &? we do things, and that is the /#.5 )''#..-;5 -")/&5 0&/.5
(->5 .,(-*,(3>5 (5 *,)--5 right way—and that doesn’t mean 1".",5 #((.#05 )'*(-.#)(5
1#&&5 5 '),5 -/-- /&5 ."(5 (35 the right way only if it’s material.” *&(-Z-*#&&35 .")-5 ),5 -(#),5
-*"5)(5."#-@Y J. Michael Cook, Audit Committee
'(!'(.Z,5 &#!(5 1#."5 ."5
Chair, Comcast Corporation )'*(39-5 ."#&5 0&/-5 (5 &)(!?

.,'5 /-#(--5 !)&-@5 )10,>5 ."5 Compensation goals are good when 4.#)(>5 #(&/#(!5 .-.#(!5 )'*&#(5
<::C2 #&#2 %+) +02 ,)-02 ().5 they balance short-term and long-term 1#."5 (.#? ,/5 *,)!,'-5 (5 ).",5
.".5 U"& 5 ) 5 ."5 ,-*)((.-5 -#5 goals and objectives, and they look at )(.,)&-@5 (.,(&5/#.),-5(552?
."35)(9.5.#5#(.!,#.35.)52/.#05 the behavior that someone who is .,'&35 0&/&5 -5 U3-5 (5 ,-Y5
)'*(-.#)(@Y5 /-5 #((.#05 striving to achieve that goal is going to ),5 '(!'(.5 -5 1&&5 -5 ),5 ."5
-.,/./,-5 (5 #(W/(5 ."5 ."#&5 exhibit. Overemphasis on short-term ),5 (5 /#.5 )''#..@5 "5
(0#,)('(.5 1#."#(5 ),!(#4.#)(->5 goals can create incentives that do not '),5-/-.(.#05(50#-#&5."#,5?
-0,&5 ) 5 ."5 5 #-/--#)(5 *,? foster ethical behavior. .#0#.#-5 .)5 -/**),.5 ."#&5 -.(,-5
.##*(.-5 -..5 .".5 &#(%-5 .1(5 (5----5."5,#-%5) 5 ,/>5."5!,.?
Kathy Swain, Vice President, Internal Audit,
)'*(-.#)(5(5/#.5)''#..-5 The Allstate Corporation ,5."#,5#'*.51#&&5@
-")/&55-.,(!."(@5#.#)(&? ),#(!5 .)5 "5 >5 5 -.5
&3>5."5/#.5)''#..5'35)(-#,50&/.#(!5."5*, ),? *,.#5 ),5#(.,(&5/#.5*,.'(.-5#-5.)5"055#,.5
'(5 (5 )'*(-.#)(5 ) 5 ."5 "# 5 /#.5 2/.#05 -5 &#(5 ) 5 ,*),.#(!5 .)5 ."5 /#.5 )''#..@5 &)(!5 .")-5
1&&5-5'*&)3'(.5),5.,'#(.#)(5#-#)(-5 ),5)."5."5 &#(->5#.5#-5()/,!#(!5.".5JF5*,(.5) 5,-*)((.-5.)55
"# 5V((#&5)\,5(5"# 5/#.52/.#0@ DBBK5 -/,035 35 ."5 !&)&5 #(.,(&5 /#.),5 )''/(#.35
/#..5#(#.5.".5."5"# 5/#.52/.#05"5/(?
POINT TO PONDER ,-.,#.5#,.5--5.)5."5/#.5)''#..@CJ
&.2%2+2&)2%2, +2&$$ ++2 %+ 02.%22')8 )55[.#0>5."5#(.,(&5/#.5-.[5-")/&55%()1&?
- &,*#02*+)&%2+&%2+2+2+&'2*+)+*2+&2* +2%2$&)'2 %+&2 !&5(52*,#(>51#."5."5(--,352*,.#-5(5
*&$+ %2 $&)2 )'+ -2 +&2 %'')&') +2 ) *"8+" %2 &)22 .))&->5#(&/#(!5 ,/5..#)(5.,#(#(!5(5 ,/5-*#&#-.-5
- &)F2 )(5-.[>51",5*)--#&@5 ),)0,>5."5#&#.35) 5#(.,(&5/?
#.5 .)5 -/**),.5 ."5 .,,(5 (5 ..#)(5 ) 5 V((#&5 ,?
*),.#(!5 ,/5*(-5)(5."5),5(5-(#),5'(!'(.5
Culture and Internal Audit
-(#(!55&,5'--!5)(5."5#'*),.(5) 5#(.,(&5/#.5
"5#(.,(&5/#.5 /(.#)(5"-55%35,)&5#(5)''/(#.#(!>5 .#0#.#-5: ),5#(-.(>535,+/#,#(!5&&5&0&-5) 5'(!'(.5
,#( ),#(!>5(50&/.#(!5."5."#&5/&./,5) 5(5),!(#? .)5,-*)(5.)5#(.,(&5/#.5#(+/#,#-5(5V(#(!-;@
Ten Principles for Effective Board Oversight of Risk
The 2009 report of the NACD Blue Ribbon Commission on Risk Governance identifies the following ten principles for effective
board oversight of a company’s risk management system. These principles are intended to serve as a foundation for a compre-
hensive risk management system tailored to the specific characteristics and needs of each individual company:
1. Understand the company’s key drivers of success.
2. Assess the risk in the company’s strategy.
3. Define the role of the full board and its standing committees with regard to risk oversight.
4. Consider whether the company’s risk management system is appropriate and has sufficient resources.
5. Work with management to understand and agree on the types of risk information the board requires.
6. Encourage a dynamic and constructive risk dialogue between management and the board, including a willingness
to challenge assumptions.
7. Closely monitor the potential risks in the company’s culture and its incentive structure.
8. Monitor critical alignments of strategy, risks, controls, compliance, incentives, and people.
9. Consider emerging and interrelated risks to help prepare for what’s around the corner.
10. Periodically assess the board’s risk oversight processes.

(5) 5#(.,(&5/#.9-5,)&-5#-5.)5"&&(!5."5-#!(5) 5 Culture and External Audit
5 )'*(39-5 #(.,(&5 )(.,)&-5 (5 .)5 ')(#.),5 ."#,5 [?
,) --#)(&5-.(,-5,+/#,5."52.,(&5/#.),5.)5).#(5
.#0(-->5*,.#/&,&35#(5'$),5,#-%5,-@5 (5-)'5),!(#4?
(5/(,-.(#(!5) 5."5)'*(39-5-3-.'5) 5#(.,(&5)(?
.#)(->5 #(.,(&5 /#.5 #-5 .-%5 1#."5 '(!#(!5 ."5 )'*&#?
.,)&5-5*,.5) 5."5/#.5*&((#(!5*,)--@5)5."#-5(>5(5/?
(5(5."#-5*,)!,'@5".",5),5().5."35'(!5."5
#.),5 )(-#,-5 -0,&5 .),-5 -/"5 -5 '(!'(.9-5
*,)!,'5 #,.&3>5 #(.,(&5 /#.5 -")/&5 )(-#,5 #--/-5
*"#&)-)*"35(5)*,.#(!5-.3&5:#(&/#(!5."5#(.!,#.35(5
,#-5.",)/!"5."5*,)!,'5#(5."5)(.2.5) 5."#,5,)&5,?
."#&5 0&/-5 *,.#5 35 '(!'(.;>5 ."5 )'*(39-5
&.5.)5V((#&5,*),.#(!5 ,/@5)'')(&3>5#(.,(&5/?
)''#.'(.5.)5)'*.(>5."5[.#0(--5) 5."5),5
#.5 #-5 ",!5 1#."5 1),%#(!5 1#."5 ."5 /#.5 )''#..5 #(5
(5/#.5)''#..9-5)0,-#!".>5(5."5)'*(39-5"/'(5
'#(#-.,#(!5 ."5 *,)!,'5 (5 .,'#(#(!5 .".5 (35 ,?
,-)/,5*)&##-5(5*,.#-5:#(&/#(!5)'*(-.#)(5,?
-*)(-5#-5,*#5(5**,)*,#.@5
,(!'(.-;@5"-5 .),-5()'*--5."5/#.),9-50&/?
3)(5."-5-*#V5,-*)(-##&#.#->5"5 9-5-,"5
.#)(5) 5(5),!(#4.#)(9-5.)(5.5."5.)*5(5)0,&&5),*),.5
)/(.#)(>5#(55,(.5))%535
'-5).">5*+2)+ *D2
/&./,>5#(&/#(!5#((.#0-5),5*,--/,-5.".5'352#-.5 ),5
-#,+ %2+2&)'&)+2,#+,)72"-5-/!!-.5.".5."5!,.?
'(!'(.5 .)5 (!!5 #(5 ,//&(.5 V((#&5 ,*),.#(!@5
-.50&/5.".5#(.,(&5/#.5(5*,)0#5#-5#(5."50&/.#)(5) 5
"#-5 0&/.#)(5 #-5 (5 #'*),.(.5 )(-#,.#)(5 #(5 ."5 /#?
U-) .5)(.,)&->Y51"#"5,5U."5#( ),'&>5#(.(!#&5&0,-5) 5
.),9-5 )0,&&5 -#!(5 ) 5 ."5 /#.5 (5 ."5 ----'(.5 ) 5 ."5
)(.,)&5-/"5-5.)(5.5."5.)*>5."5),!(#4.#)(9-5."#&5&#?
,#-%-5 ) 5 '.,#&5 '#--..'(.5 ) 5 ."5 V((#&5 -..'(.-5
'.>5 (5 '(!'(.9-5 *"#&)-)*"35 (5 )*,.#(!5 -.3&Y5
/5.)5,,),5),5 ,/@5
.".>5 .%(5 .)!.",>5 )(-.#./.5 ."5 ),*),.5 /&./,@5 "5
/-5 2.,(&5 /#.),-5 1),%5 1#."5 5 1#5 0,#.35 ) 5
*,.#/&,5 )/-5 -")/&5 5 )(5 #(.# 3#(!5 (35 !*-5 .1(5
*)*&5,)--5'(35*,.-5) 55)'*(39-5)*,.#)(->5."35) ?
."5)'*(39-5-..5."#&5(5/&./,&50&/-5(5."5135
.(5 "05 ."5 )**),./(#.35 .)5 !#(5 #(-#!".-5 .5 0,#)/-5 &0&-5
."5 )'*(35 ./&&35 )*,.-@5 )."5 *,-(.-5 0,#)/-5 -5
)/.5."5)'*(39-5/&./,>5-51&&5-5)(5."5[.#0(--5) 5
-./#-5.)5-/**),.5"#-5)(&/-#)(5.".5,)).5/-5(&3-#-5) 5
#(.,(&5)(.,)&-@55#-/--#)(5*,.##*(.-5-/!!-.5.".5
'$),5 ,/-5(5/-#(--5 #&/,-5U&-5#(0#.&35.)5."5/&?
2.,(&5/#.),-5(5&0,!5."#,52*,#(5 ,)'51),%?
./,5) 5."5),!(#4.#)(>Y5(5.".5-,#)/-51%(---5#(5 ),?
#(!51#."5'/&.#*&5&#(.-Z----#(!55,)5,(!5) 5)(.,)&5
'&5),5U",Y5)(.,)&-5/-/&&35"055-) .5)(.,)&51%(--5-5
-3-.'->5*,.#->5(5),!(#4.#)(&5-.,/./,-Z.)5#(.# 35
."5 /(,&3#(!5 ,)).5 /-@5 "5 0&/.#)(5 ) 5 -) .5 )(.,)&-5
*)--#&51,(#(!5-#!(-5(5)(,(-5.".5-")/&55#-/--5
"#(!-5 )(5 !.",#(!5 '*&)35 *,*.#)(-5 (5 )(V,'#(!5
1#."5."5)'*(39-5),5(5/#.5)''#..@535(&34#(!5
1".",5."35,5/,.@
*-.5 ,/-5(5/(,-.(#(!5."5)(#.#)(-5#(51"#"5."35
'5 )/.>5 /#.),-5 -,05 -5 5 /- /&5 ,-)/,5 ),5 ),->5
POINT TO PONDER
/#.5 )''#..->5 (5 '',-5 ) 5 '(!'(.5 1")5 '35
2 %+)%#2, +2 *2/'+2+&2****2%2##%2+2+&%2+2
().5"055-#'#&,5,."5) 52*,#(5),5.,#(#(!@5
+2 +&'2 &2 2 &$'%072 *2 +2 ,%+ &%2 *+),+,)2 ')&')#02 +&2
$ %+ %2 +*2 &!+ - +0F2 &)2 /$'#72 2 +2 ))2 '+2 &2
POINT TO PONDER
$&*+2 %+)%#2, +2*+M25 %#, %2 %2*&$2**2+2 2,8
*2')+2&2+ )2),#)2&$$,% + &%*2. +2, +2&$$ +8
+2/,+ -62 *2+&2)&++2"2 %+&2+2$ %*+)$2&)% 18
+*72*&,#2/+)%#2, +&)*2 *,**2+2&*)-+ &%*2)#+2
+ &%72 *2+)22&%I +2&2 %+)*+2++2'&+%+ ##02&$')&$ **2
+&22&$'%04*2+&%2+2+2+&'2%2 +*2,#+,)25 %#, %2$%8
&!+ - +0F
$%+2 %+) +062&+ %2*2')+2&2+2%%,#2, +2%2
(,)+)#02)- .*F

SUMMARY OF CONSIDERATIONS RELATED TO TONE AT THE TOP
For Management
C@5 &,&35,.#/&.5."5),!(#4.#)(9-5."#&5-.(,-5#(5 D@5 )*.5 5 -.,)(!5 .)(5 ) 5 )'*&#(>5 )''/(#.5 #.5 .)5
5 -.5 ) 5 ),5 0&/-5 (5 5 ),'&5 )5 ) 5 )(/.>5 (5 ."5(.#,5),!(#4.#)(>5(5")&5'(!'(.5)/(.?
")&5 &&5 *,-)((&5 -.,#.&35 )/(.&5 ),5 )'*&#(5 &@5%5#-#05.#)(5!#(-.5(35'',5) 5-(#),5
1#."5."5)@5( ),5#-#*&#(5 ),50#)&.#)(-5)(-#-? '(!'(.51")5)-5().5",5.)5."5)'*(39-5."?
.(.&35,)--5&&5&0&-5) 5."5),!(#4.#)(@ #&5-.(,-5(5)5) 5)(/.@
D@5 .5."5,#!".5.)(5.5."5.)*@5'5."5)5) 5)(/.5 E@5 !/&,&35,0#15%35-.,.!#-5(5/-#(--5*&(-5(5

#(.)5."5 ,#5) 5."5)'*(39-5/&./,535U1&%#(!5."5 ----5 ."5 "#0#&#.35 ) 5 !)&-5 #(5 &#!".5 ) 5 /,,(.5 #,?
.&%>Y5&0,!#(!5)''/(#.#)(-5(5.,#(#(!>5(5,#(? /'-.(-@5)&-5-")/&55-.,/./,5.)50)#55,#!#5
),#(!5."5-.(,-5.5&&5&0&-5) 5."5)'*(35.",)/!"5 -"),.?.,'5 )/-5 .".5 '#!".5 */-"5 '(!'(.5 ),5 '?
**,)*,#.5'(!'(.5-3-.'-5(5*,)---@ *&)3-5.)5)''#.5 ,/@
E@5 /#&55'))5#(5."5'#&5.".5'#,,),-5."5.)(5.5."5 F@5 -.&#-"55,!/&,5*,)--5 ),5----#(!5'(!'(.5#(?

.)*@5'*"-#45."5,#.#&5,)&5) 5-/*,0#-),-5#(5-..#(!5 .!,#.3>5(5)5().5&.5."#-5.#0#.35)'5*, /(.),3@5
."5.)(5 ),5."#,5#,.5,*),.-5(5."#,5.'-535)."5
G@5 **,)05."5#(.,(&5/#.5",.,5(5."5((/&51),%5
1),5(5@5
*&(5.)5-,.#(5.".5#.5#-5&#!(51#."5(5,---5."5
F@5 -.&#-"55)'*,"(-#05 ,/5,#-%5'(!'(.5*,)? /#.5)''#..9-5(-5(5#.-52*..#)(-5 ),5#(.,?
!,'>5 #(&/#(!5 5 1"#-.&&)1,5 *,)!,'5 (5 ,/5 (&5/#.@5
1,(--5.,#(#(!5 ),5&&5'*&)3-@5)(-#,5/&./,&5
H@5 0#15(5/(,-.(5."5,-/&.-5) 5,*),.-5.)5."51"#-?
#[,(-5#(5).",5$/,#-#.#)(-@5--#!(5,-*)(-##&#.35
.&&)1,5 *,)!,'>5 )/-#(!5 )(5 )'*&#(.-5 .".5 #(0)&05
),5."5 ,/5,#-%5'(!'(.5*,)!,'5.)5(5**,)*,#?
-(#),5'(!'(.5),5,W.5)(5."5."#&5/&./,5) 5."5
.5'',5) 5-(#),5'(!'(.>5(5----5."5[?
)'*(3@50,!5."5#(.,(&5/#.5 /(.#)(@
.#0(--5) 5."5*,)!,'5.5&-.5((/&&3@5
I@5 0&/.513-5.)5-.,(!."(5,&.#)(-"#*-5.1(5."5
G@5 (.,(&&35)''/(#.5."5.#)(-5.%(5,&.5.)5.#*-5
/#.5)''#..5(5."5)'*(-.#)(5)''#..Z#?
,#05 ,)'5."551"#-.&&)1,5*,)!,'@5
.",5 .",)/!"5 )0,&**#(!5 '',-"#*>5 $)#(.5 '.#(!->5
H@5 -#!(5 #((.#05 )'*(-.#)(5 *,)!,'-5 -)5 .".5 ."#,5 ),5 /#.5 )''#..5 "#,5 ..((5 .5 ,&0(.5 '.?
-.,/./,5 )-5 ().5 /(#(.(.#)(&&35 *,)0#5 5 *).(.#&5 #(!-5) 5."5)'*(-.#)(5)''#..Z1#."5."5)$.#05
#((.#05 ),5'#-)(/.5),5 ,/@ ) 5-#!(#(!5)'*(-.#)(5*%!-5.".5*,)').5."#?
&5"0#),>5-51&&5-5*,)0##(!5#((.#0-5.)5'.5V?
I@5 .5(5( ),5"#!"5-.(,-5 ),5)'*&#(51#."5#(?
((#&5!)&-5(5/#&5&)(!?.,'5-",")&,50&/@
.,(&5 )(.,)&-5 )0,5 V((#&5 ,*),.#(!>5 #(&/#(!5 #&#?
!(.5')(#.),#(!5(5."5*,)0#-#)(5) 5+/.5,-)/,? J@5 )(-#,5."5,)&5) 5."5/#.5)''#..5#(50&/.#(!5
-5.)5)'*&351#."5-.&#-"5*,)/,-@ ."5 *, ),'(5 (5 )'*(-.#)(5 ) 5 ."5 "# 5 /#.5
2/.#0>5 -5 1&&5 -5 ."5 (V.-5 ) 5 )*.#(!5 5 *)&#35
For Boards and Audit Committees .".5."5/#.5)''#..5)(/,-5#(5'*&)3'(.5),5.,?
C@5 ,-)(&&35U1&%5."5.&%Y5) 5."5)'*(39-5),50&/-5 '#(.#)(5 #-#)(-5 ),5 )."5 ."5 "# 5 V((#&5 )\,5
(5)5) 5)(/.@550#-#&5)/.-#5."5),,))'>5 (5."5"# 5/#.52/.#0@5
(5#(.,.5*,-)(&&351#."5'*&)3-5.50,#)/-5&0&-5
.)5).#(5."#,5*,*.#)(-5) 5."5),*),.5/&./,5(5 For Internal Audit
,#( ),5"#!"5."#&5-.(,-@ C@5 ),%5*,).#0&351#."5."5/#.5)''#..5.)50&)*55
&,>5-",50#-#)(5) 5."5#(.,(&5/#.5 /(.#)(5#(5),?
,5 .)5 ,#( ),5 ."5 #(.!,#.35 (5 #'*),.(5 ) 5 ."5
/(.#)(5.",)/!")/.5."5)'*(3@

D@5 +/#,5 -#5 ,/5 ..#)(5 .,#(#(!>5 #(&/#(!5 ."5 For External Auditors
..#)(5 ) 5 V((#&5 ,*),.#(!5 ,/>5 ),5 &&5 #(.,(&5 C@5 (+/#,5 ) 5 '(!'(.5 (5 ."5 /#.5 )''#..5 ")15
/#.),-@ ."35*/-"5."5.)(5.5."5.)*5)1(5.",)/!"5."5(.#,5
E@5 51,,(.>5)(-#,5&&).#(!5)(5#(.,(&5/#.5*)? ),!(#4.#)(5(5#(.!,.5#.5#(.)5."5/&./,5.5&&5&0?
-#.#)(5 ),55 ,/5-*#&#-.>5#&&35-)')(51#."5**,)? &-@5)/-5."5#-/--#)(5)(5."5.#&-5) 5."5)'*(39-5
*,#.52*,#(5(5,.#V.#)(-@ )''/(#.#)(-5 (5 .,#(#(!5 *,)!,'->5 #(&/#(!5 ."5
.))&-5.".5"&*5"5&0&5) 5'(!'(.5,#( ),5."5
F@5 %5(5.#05(50#-#&5,)&5#(5-/**),.#(!5."5."#&5 -#,5'--!-51#."5#.-5#,.5,*),.-@
/&./,>5#(&/#(!50&/.#(!5").&#(5,-/&.->5)(/.#(!5
."#-5-/,03-5) 5'*&)3->5(5)&&),.#(!51#."5)."? D@5 #-/--51#."5'(!'(.5(5."5/#.5)''#..5")15
,5*,.'(.-5.)5,--5,-/&.-5(5,'#.5**&#? ."35 ')(#.),5 ."5 )'*(39-5 /&./,5 .)5 )(V,'5 .".5 #.5
&5 V(#(!-@5 (&345 3,?)0,?3,5 "(!-5 #(5 %35 )-5 #(5 .5 ,W.5 ."5 .)(5 .5 ."5 .)*@5 -%5 1".5 .))&-5
'.,#-@5 (5'."))&)!#-5,5/->5-/"5-5'*&)35-/,03-5
(5 ,*),.-5 -/'',#4#(!5 ").&#(5 ,-/&.->5 (5 1".5 #-5
G@5 0&/.5-) .5)(.,)&-5(5."5),*),.5/&./,>5#(&/? )(51#."5."5,-/&.-@
#(!5----'(.5) 5."5)'*(39-5 ,/5,#-%5'(!'(.5
*,)!,'>5 (5 #(0)&05 **,)*,#.5 *,.'(.-5 #(5 ? E@5 ,).#0&35 (!!5 ."5 /#.5 )''#..5 #(5 #-/--#(!5
,--#(!5."5,-/&.-@ )-,0.#)(-5 ,&.5 .)5 ."5 .)(5 .5 ."5 .)*5 ).#(5 -5
*,.5) 5."5/#.>5-51&&5-5#(-#!".-5#(.)513-5.)5#(.# 35
H@5 -.&#-"5),5).",1#-5(-/,5.",5#-55 ),'&5*,)--5.)5 *)--#&5,5W!-5(51,(#(!5-#!(-@
/.5."5),5(5/#.5)''#..5)(5."5,#-%-5(5
,5W!-5) 5V((#&5,*),.#(!5 ,/>51#."55*,.#/&,5 )? F@5 ,)0#5'(!'(.>5."5),>5(5."5/#.5)''#.?
/-5)(5."5,#-%-5) 5'(!'(.5)0,,#5) 5)(.,)&-@ .51#."52'*&-5) 5&#(!5*,.#-5,&.5.)5."#-5
)''/(#.#)(->5").&#(->5(5*,)!,'-5.)5'#.#!.5."5
,#-%5) 5V((#&5,*),.#(!5 ,/@
CHAPTER
3
Skepticism
An Enemy of Fraud
%*.##-'Z5 +/-.#)(#(!5 '#(-.5 (5 (5 ..#./5 .".5 2.,(&5/#.5(51),%5.)5)/(.,.5."5.",5 ),-5) 5."5
1#."")&-5 $/!'(.5 /(.#&5 0#(5 #-5 +/.Z*,)').-5 ,/5 .,#(!&5 (5 '#.#!.5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5
,#-%51,(--5(5#-5#(",(.&35(5('35) 5 ,/@5,.##? ,/@5 -5 )(5 ) 5 ."5 5 #-/--#)(5 *,.##*(.-5 -..>5
*(.-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35 "#(5 (./,&&35 ? U".5#-5)(5) 5."5#!!-.5.,,(.-5.)5 ,/Z%()1#(!5.".5
&#05.".5."5),!(#4.#)(-51#."51"#"5."35,5--)#.5 *)*&5,5#(.,-.>5,5&#-.(#(!>5(51#&&5,.@Y5
"05 #(.!,#.3>5 (5 ,5 .", ),5 *,#-*)-5 .)5 .,/-.5 "5
).",@5/.5."#-5#-5.)5.,/-.5(5&-)5#("##.5,#-#(!5+/-.#)(->5
Skepticism and Management
(5#.5#-5&&5."5'),5,-)(51"35-.%")&,-5-")/&5)(?
-#)/-&35)*.5(5..#./5) 5-%*.##-'@5 5#-/--#)(5*,.##*(.-5!,5.".5[.#05'(!,-5
%*.##-'5#(0)&0-5."50&#.#)(5) 5#( ),'.#)(5.",)/!"5 ,&35)(5."5/-5) 5-%*.##-'5#(50#,./&&35&&5.#0#.#-@5"."?
*,)#(!5+/-.#)(->5,#.#&5----'(.5) 50#(>5(5..(? ,5 #(5 -#!(#(!5 -.,.!3>5 ----#(!5 ,#-%->5 -..#(!5 !)&->5 ,?
.#)(5.)5,5W!-5),5#()(-#-.(#-@5%*.##-'5)-5().5'(5 0#1#(!5 *,)!,-->5 ),5 0&/.#(!5 ,-/&.->5 '(!,-5 (5 5
5&%5) 5.,/-.@5.",>5#.5'(->5U 5.,/-.53)/>5/.5'35,-*)(-#? +/-.#)(#(!5..#./@5
#&#.#-5,+/#,5'5.)5)(V,'51".53)/5(5).",-5.&&5'@Y5 ),5 #(-.(>5 '(!'(.9-5 ----'(.>5 -#!(>5 (5
)'5, ,5.)5."#-5-5."5U.,/-.5/.50,# 3Y5**,)"@5 #'*&'(..#)(5) 5#(.,(&5)(.,)&-5)0,5V((#&5,*),.?
"5-.,.#(!5*)#(.5 ),5[.#05-%*.##-'5#-5."5,)!(#? #(!5-")/&5%()1&!5.".5."5),!(#4.#)(5(55-/-?
.#)(5.".50(5."5-.5-3-.'5) 5#(.,(&5)(.,)&5"-51%? *.#&5.)5 ,/>5-*#.5*-.52*,#(-5),5&# -5)/.5
(--->5 (5 ,/5 (5 )/,@5 [.#05 -%*.##-'5 #(0)&0-5 '*&)35 #(.!,#.3@5 -5 5 ,-/&.>5 (5 **,)*,#.5 -3-.'5 ) 5
%()1&!5) 5."5)'*(39-5/-#(-->5#(&/#(!5."5,#-%-5-? #(.,(&5 )(.,)&-5 -")/&5 ,.5 "%-5 (5 &(-5 (5
-)#.5 1#."5 ."5 #(/-.,35 (5 )'*(3>5 ."5 '((,5 #(5 -")/&5 #(&/5 *,)---5 .)5 )(.#(/&&35 ')(#.),5 (5 ,?
1"#"5."5)'*(35'(!-5.")-5,#-%->5(5."5)'*(39-5 0&/.5."5[.#0(--5) 5)(.,)&-@5
)0,&&5#(.,(&5)(.,)&5-.,/./,@5 (5,0#1#(!5)*,.#(!5(5V((#&5,*),.->5#-/--#)(5
"#&5-%*.##-'5#-55)(*.5.".5#-5*,#',#&35/-5#(5."5 *,.##*(.-5-/!!-.5.".5'(!'(.5 )&&)15/*51"(5,?
)(.2.5) 5."5*,) --#)(&5-%*.##-'5) 5(52.,(&5/#.),>5 -/&.-5-'5#()(-#-.(.51#."52*..#)(-5),51#."5)()'#5
5#-/--#)(5*,.##*(.-5-.,--5.".5."5#&#.35.)5+/-? .,(-5#(5."5)'*(39-5#(/-.,35-.),@5 (5[.>5-%*.##-'5
.#)(5 (5 ,#.#&&35 ----5 #( ),'.#)(5 #-5 5 -%#&&5 .".5 &-)5 #-55 #(0)&0-5 '(!'(.5 -.,--?.-.#(!5 #.-5 )1(5 #-#)(-5 (5
--(.#&5 ),5),->5/#.5)''#..->5'(!'(.>5(5#(? --/'*.#)(-5 )/.5 V((#&5 ,*),.#(!5 *,)---5 (5 )(?
.,(&5/#.),-5#(5."5)(/.5) 5."#,5,-*)(-##&#.#-@5? .,)&->5-51&&5-5."5#-#)(-5(51),%5) 5-/),#(.->5.)5
'#5 ,-,"5 "-5 )(V,'5 5 *)-#.#05 ,&.#)(-"#*5 ? !#(5 )(V(5 .".5 ()."#(!5 -#!(#V(.5 "-5 (5 '#--5
.1(5-%*.##-'5",.,#-.#-5(5 ,/5..#)(5-%#&&-@CK (5.".5."#(!-5,51".5."35-'@5",)/!"5."#-5*,)-->5
352,#-#(!5-%*.##-'5(5*,)').#(!5."5/&./,&52? '(!'(.5(5)[-.5'(35 ,/5,#-%5 .),-@5%*.##-'5
*..#)(5.".5+/-.#)(-5,5"&."35(5**,)*,#.>5'(? &-)5 .(-5 .)5 #'#(#-"5 ."5 *,*.#)(5 ) 5 )**),./(#.35 ),5
!'(.>5."5),>5."5/#.5)''#..>5#(.,(&5/#.>5(5 ,/5(5."5#&#.35.)5,.#)(&#45 ,//&(.5"0#),@

Skepticism and Boards and Audit Committees +/-.#)(-5,5--(.#&5)."5.)5.-.5."5#(.!,#.35) 5'(!?
'(.5 (5 .)5 )''/(#.5 5 &,5 2*..#)(5 ) 5 ."#&5
5#-/--#)(5*,.##*(.-5-/!!-.5.".5."5/#.5)'? "0#),@5 .5 .#'->5 .".5 **,)"5 '35 5 /()' ),.&@5
'#..5(-5.)55%(&351,5.".5/-#(--5*,--/,-5(5 )10,>5-5)(55#-/--#)(5*,.##*(.5-..>5U)'?
V(5."#,5135.)5*,-)((&5 ,)'5'(35#[,(.5#,.#)(-@5 ),.5#-5().55,+/#-#.5 ),5#,.),-@5@5@5@5 5)(9.5(5.)55
(5 ."-5 *,--/,-5 (5 #(W/(-5 )'5 #(.)5 *&3>5 '(? )' ),.&@5 5 $/-.5 (5 .)5 5 &5 .)5 -%5 ."5 ",5 +/-?
!'(.5 (5 &)-5 )$.#0#.35 (5 -.,.5 )1(5 ."5 ,)5 ) 5 .#)(-@Y5-%#(!5."5-'5+/-.#)(-5) 50,#)/-5*)*&5#-5(?
,*),.#(!5#'*,)*,5,-/&.-@50,5.#'>5."5)/(.#(!5.,? ).",5.))&5.".5/#.5)''#..-5(5'*&)35.)5----5."5
'#(.#)(-5(5)'50(5'),5!? )(-#-.(35 ) 5 (-1,-5 (5 ).#(5
!,--#05 (5 /&.#'.&35 (5 &5 .)5 Board members should be a little '/&.#*&5*,-*.#0-@5
&,!?-&5V((#&5 ,/@5 more skeptical and less trusting. )52,#-5-%*.##-'5[.#0&3>5
-5 5 #-/--#)(5 *,.##*(.-5 Not that they don’t trust the -5 5 #-/--#)(5 *,.##*(.-5 /(?
)(.#(/&&35 '*"-#4>5 ."5 )/(? company’s management. But they ,-),>5'',-5) 5."5),5(5
.#)(5 ),5[.#05!)0,((5(5 should do their own due diligence and ."5 /#.5 )''#..5 (5 .)5 "05 5
)0,-#!".535."5),5(5#.-5)'? recognize they have to keep their eye ."),)/!"5 %()1&!5 ) 5 ."5 )'*?
'#..-5#-5-%*.##-'>5#(5."5 ),'5) 5 on these things by spending more (39-5 /-#(-->5 #(&/#(!5 #.-5 #(/-.,3>5
0#!),)/-5 (5 *,)#(!5 +/-.#)(-5 ) 5 time making judgments, connecting #.-5)'*.#.#05(0#,)('(.>5(5."5
'(!'(.>5 ."5 #(.,(&5 /#.),->5 the dots and following through by %35 ,#-%-5 .".5 '35 [.5 '(!?
(5 ."5 2.,(&5 /#.),-5 .)5 V(5 asking more questions. '(.9-5 #&#.35 .)5 )'*&#-"5 )$?
-)/,-5 ) 5 #-@5 )5 )5 -)>5 ."5 /#.5 .#0-@5"5),5(5/#.5)''#..5
Peggy Foran, Vice President,
)''#..5 V,-.5 (-5 .)5 %()1&? Chief Governance Officer, and (5 (V.5 ,)'5 )/-5 )(0,-?
!5 ."5 *)--##&#.35 .".5 #-5 '35 Corporate Secretary, Prudential .#)(-5 1#."5 '(!'(.5 (5 ."5 #(?
2#-.5 (5 .".5 -)'."#(!5 '35 !)5 .,(&5 (5 2.,(&5 /#.),-5 )(5 ."5
1,3>5*).(.#&&35,-/&.#(!5#(5 ,/@5))5),5(5/#.5 ,#-%-5 ) 5 V((#&5 ,*),.#(!5 ,/@5 (5 *,.#/&,>5 ),-5 (5
)''#..5'',-5%()151".5."(#+/-5.)5/-5.)50&? /#.5)''#..5'',-5(5.)5/(,-.(5")15."#,5),?
/.5'(!'(.>5")15.)5-%5."5,#!".5+/-.#)(->51"(5.)5 !(#4.#)(5'%-5')(3@5/-5,0(/5'(#*/&.#)(5(5
,#&&5 )1(5 1#."5 )&&)1?/*5 +/-.#)(->5 (5 ")15 .)5 #(.# 35 ."5&,.#)(5) 5 /./,5,-/&.-5#(.)5."5/,,(.5*,#)5,5
(5 ----5 *)--#&5 U/()' ),.&Y5 "0#),@5 ,)#(!5 ."5')-.5)'')(5 ),'-5) 5V((#&5,*),.#(!5 ,/>5/(,?
Six Characteristics of Skepticism
³5 Questioning Mind—A disposition to inquiry, with some sense of doubt
³5 Suspension of Judgment—Withholding judgment until appropriate evidence is obtained
³5 Search for Knowledge—A desire to investigate beyond the obvious, with a desire to corroborate
³5 Interpersonal Understanding—Recognition that people’s motivations and perceptions can lead them to provide biased or mis-
leading information
³5 Autonomy—The self-direction, moral independence and conviction to decide for oneself, rather than accepting the claims of
others
³5 Self-Esteem—The self confidence to resist persuasion and to challenge assumptions or conclusions
Summarized from R. Kathy Hurtt, “Development of a Scale to Measure Professional Skepticism,” Auditing: A Journal of Practice and
Theory, May 2010.

-.(#(!5 1".5 ,#0-5 ."5 )'*(39-5 Board members need to be trained to "5 ,)&5 ) 5 (5 /#.5 )''#..5
,0(/5 #-5 ,#.#&5 .)5 .,,#(!5 (5 ask the kinds of questions that are very '',5#-5.)5)0,-5."5V((#&5,?
..#(!5V((#&5,*),.#(!5 ,/@ probing without sending a signal that *),.#(!5.#0#.#-5) 5."5)'*(3>5().5
9-5 DBBIXDBBJ2 2 , +2 there is no trust in anything being done. .)5 #,.&35 '(!5 ."5 )'*(3@5 (5
&$$ ++2
&,)%05 -/,035 ) 5 */&#5 William J. White, former Chairman of the *,.#/&,>5/#.5)''#..5'',-5
)'*(35/#.5)''#..5'',-5 Board, Bell & Howell Company -")/&5 /(,-.(5 ."5 2*)-/,5 .)5
)/(5 .".5 )(&35 DJ5 *,(.5 1,5 '(!'(.5)0,,#5) 5)(.,)&-5(5
U0,35 -.#-VY5 .".5 ."35 /(,-.))5 '(!'(.9-5 *,)? .%5.#)(5.)5')(#.),5.")-5,#-%-5(5'#.#!.5."5*)--##&?
---5.)5#(.# 35(5----5-#!(#V(.5,#-%-5 #(!5."5)'? #.35 .".5 (5 )0,,#5 )/&5 )/,>5 ),>5 # 5 #.5 #5 )/,>5 .".5 #.5
*(3>5(5)(&35DC5*,(.51,5-.#-V51#."5."5#( ),'? )/&5!)5/(..@5%*.##-'5)*(&35#-*&3>5#(5)'#?
.#)(5 ."35 ,#05 )(5 ."5 ),!(#4.#)(9-5 ,#-%5 '(!'(.5 (.#)(51#."55-)&#5/(,-.(#(!5) 5."5/-#(--5(5/,?
[),.-@5/-5#.5#-5(--,35.)5/(,-.(5/-#(--5,#-%-5 ,(.5(0#,)('(.&5)**),./(#.#-5(5"&&(!->5 ),'-5."5
#(5),,5.)5'(!5."'>5."-5V(#(!-5,#-5)(,(-@ )/(.#)(5 ),5 [.#0&35 ')(#.),#(!5 ."5 ,#-%5 ) 5 '(!?
&.")/!"5."5)'*&2#.35) 5."5#( ),'.#)(5.".5),-5 '(.5)0,,#@DB5/#.5)''#..5'',-5-")/&55)'?
(5/#.5)''#..-5'/-.5-),5(55/(.#(!>5*,.#/? ),.&5#(5-%#(!5*,)#(!5+/-.#)(-5(5-")/&5/-5#(.,(&5
&,&35 !#0(5 ."5 ,&.#0&35 -"),.5 ')/(.5 ) 5 .#'5 0#&&>5 /#.),->5 2.,(&5 /#.),->5 ."#-5 (5 )'*&#(5 *,-)(?
.",5,5,-)/,-5(5.))&-5.".5(55) 5--#-.(@5),5 (&>5),5).",-5-5-)/,-5) 5#( ),'.#)(5.)5-/**&'(.51".5
#(-.(>5."5#(.,(&5/#.5 /(.#)(>5."52.,(&5/#.),->5 ."35&,(5#,.&3@5
."#-5(5)'*&#(5*,-)((&>5(5,*),.-5(5-..#-.#-5
,)'5 ."5 )'*(39-5 #(.,(&5 1"#-.&&)1,5 *,)!,'5 (5 POINT TO PONDER
*,)0#5#(?*."5#( ),'.#)(5.".5#-5)."5(/(5(5(? 2*"'+ *$2%22H%2*2G+),*+2,+2-) 07K2.&,#2, +2
#@5",5**,)*,#.>5),-5(5/#.5)''#..-5-")/&5 &$$ ++2 $$)*2 %H+2 )&$2 +) % %2 +&2 %%2 + )2
&-)5"05,35--5.)5)/.-#52*,.-5(5&!&5)/(-&@5 # +02 +&2 -#,+2 %&%8-)#2 ,*2 ,) %2 *,** &%*2 . +2
$%$%+F
Monitoring the Risk of Management Override — Key Steps for Boards and Audit Committees
³5 Understand the business and industry, including:

– Key drivers of revenue and earnings and related key performance indicators
– Factors that may threaten management’s ability to achieve its goals and strategies
– Pressures created by the company’s incentive compensation programs
³5 Brainstorm with management, external auditors, and counsel in an executive session to identify fraud risks
³5 Assess the tone at the top and the corporate culture through an evaluation of corporate communications on ethics and the re-
sults of employee surveys
³5 Establish an effective whistleblower hotline
³5 Develop a broad information network that extends beyond senior management to include internal auditors, external auditors,
the compensation committee, and key employees such as business unit leaders, marketing and sales personnel, and corporate
managers just below the senior management level. Interaction with key employees during company meetings or other functions
can provide the opportunity to build relationships and establish confidential dialogues.
Summarized from Management Override of Internal Controls: The Achilles’ Heel of Fraud Prevention, American Institute of Certified
Public Accountants, 2005.

Inquiring about Financial Reporting Fraud — A Guide for Audit Committees
The mere mention of the word fraud can be enough to stall a conversation or at best elicit a canned
response. Also, compliance-oriented questions do not tend to yield a productive discussion. Shifting
the focus away from compliance and toward the sources of influence on the financial reporting system
that can cause fraud has proven to be an effective method of starting a productive fraud discussion.
During a conversation between the audit committee and management, the internal auditors, or
the external auditors, the audit committee should be alert for indications of where follow-up is need-
ed to validate processes and controls that deter or detect fraud. The list of questions below is not
intended to be all-inclusive; rather, it represents sample inquiries designed to elicit information from
management or the auditors about fraud risks without asking about fraud directly.
These examples are not a checklist of questions to be posed word for word. Rather, they were de-
veloped by the Center for Audit Quality to advance the thinking of audit committees around the most
likely sources of weakness, with a particular eye for business pressures that may influence accounting
judgments or decisions. It is important that audit committees fine tune these questions to fit the orga-
nization and recognize that these suggestions are only the starting point for a conversation.
1. What are the potential sources of business influence on the accounting staff’s judgments or deter-
minations?
2. What pressures for performance may potentially affect financial reporting?
3. What about the way the company operates causes concern or stress?
4. What areas of the company’s accounting tend to take up the most time?
5. What kind of input into accounting determinations does non-financial management have?
6. What are the areas of accounting about which you are most worried?
7. What are the areas of recurring disagreement or problems?
8. How does the company use technology to search for an unnatural accounting activity?
9. If a Wall Street Journal article were to appear about the company’s accounting, what would it most
likely talk about?
10. If someone wanted to adjust the financial results at headquarters, how would they go about it and
would anything stop them?
These questions are intended to assist in obtaining a better understanding of the sources of influ-
ence on the financial reporting system that may affect the objectivity of accounting judgments or
determinations.
The reason for this focus is that fraudulent financial reporting rarely starts with dishonesty. Rather,
it typically starts with pressures for performance that influence accounting judgments and thereby
introduce bias into the system.
A key objective of the audit committee, therefore, is to uncover potential sources of bias or influ-
ence on accounting judgments.

Skepticism and Internal Audit -#./.5.)5#(.# 35,&35#(#.),-5) 5*).(.#&5 ,/>5#(&/?
#(!5#(#.),-5.".5."52.,(&5/#.),5(),'&&35'#!".5().5
(.,(&5 /#.),-5 (5 5 5 0&/&5 ,-)/,5 .)5 *,)0#5
5#(55*)-#.#)(5.)5#(.# 3@
),-5(5/#.5)''#..-51#."5#(-#!".5#(.)5."5)'*?
*#V5 .),-5.".5#(.,(&5/#.),-5-")/&5)(-#,5#(5
(39-5 ."#&5 /&./,>5 ."5 [.#0(--5 ) 5 #.-5 #(.,(&55
."5)(/.5) 5."#,51),%5#(&/L5
)(.,)&->5 (5 #.-5 2*)-/,5 .)5 '(!'(.5 )0,,#@5 5
-.(,-5&&5 ),5."5#(.,(&5/#.),5.)5"05(5#'*,.#&5 ³5 "5,#-%5.".5-(#),5'(!'(.5'35)0,,#5#(.,(&5
(5/(#-5..#./>5(5#(.,(&5/#.9-5*,) --#)(&5,? )(.,)&-
-*)(-##&#.#-5 #(&/5 0&/.#(!5 )."5 ."5 *).(.#&5 ),5 ³5 ()1(52.,(&5(5#(.,(&5'..,-5[.#(!5."5(.#?
,/5#(5(5),!(#4.#)(5(5")15."5),!(#4.#)(5'(!? .35.".5'35,.5#((.#0-5.)5)''#.5 ,/5),5(&5
-5."5,#-%5) 5 ,/@5 ,.#)(&#4.#)(-5 ),5)''#..#(!5 ,/
**,)*,#.5-%*.##-'5#-5,#.#&5.)5."#-5,)&Z#.5--#-.-5(5
³5 "5 (5 ),5 *,-/-#05 0#(5 .".5 ."),)/!"&35
#(.,(&5/#.),5#(5,0#1#(!5/#.50#(>50,# 3#(!5'(?
*,)-5#(.)5)'*&25#--/-
!'(.9-5 --,.#)(->5 ----#(!5 ."5 -/\#(35 ) 5 '(!?
'(.9-5 ,/5,#-%5----'(.>5(50&/.#(!5."5-#!(5(5 "5DBCB5 5-/,035)(5$) %2)%*2 %2),2 *"5
)*,.#(!5 [.#0(--5 ) 5 #(.,(&5 )(.,)&-5 #(.(5 .)5 ? )/(5.".5#(.,(&5/#.5*, ),'-550,#.35) 5)(-/&.#(!5
..5),5.,5 ,/@5#.#)(&&3>5-%*.##-'5,#( ),-5&,.? (5 --/,(5 .#0#.#-5 .".5 5 0&/5 .)5 ."5 ),!(#4?
(--5.)5#( ),'.#)(5),5)(#.#)(-5#(#.#(!5.".55'.,#&5 .#)(9-5 ,/5,#-%5'(!'(.5[),.->5#(&/#(!5."5 )&&)1?
V((#&5 '#--..'(.>5 #(.(.#)(&5 ),5 ).",1#->5 '35 "05 #(!5.)*5 )/,L5)(/.#(!5.-.-5.)5.,'#(5# 5 ,/5#-5*,-?
)/,,@5/-5) 5."#,5)(-.(.5*,-(5#(5."5)'*(35 (.5 #(5 ,-5 #(.#V5 1#."5 *).(.#&5 ,#-%5 :IE5 *,(.;M5
(5."#,5#(.#'.5%()1&!5) 5."5)'*(39-5/&./,>5*,? 0&/.#(!5."5-#!(5(5)*,.#)(5) 5#(.,(&5)(.,)&-5:IC5
-)((&>5(5)*,.#)(->5#(.,(&5/#.),-5,5*,.#/&,&351&&5 *,(.;M5.%#(!5(5.#05,)&5#(5-/**),.5) 5."5),!(#4?
Professional Responsibilities of Internal Auditors Related to Fraud
The International Professional Practices Framework (IPPF) of The IIA specifically requires that internal auditors address the risk of
fraud:
³5 “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.”
(IPPF 2120.A2)
³5 “The internal audit activity must evaluate the probability of significant errors, fraud, noncompliance, and other exposures when
developing the engagement objectives.” (IPPF 2210.A2)
In addition, The IIA recently issued a practice guide that identifies the following specific internal audit responsibilities related to
fraud:
³5 Consider fraud risks in assessing internal control design and determining audit steps to perform
³5 Have sufficient knowledge of fraud to identify red flags that fraud may have been committed
³5 Be alert for opportunities for fraud, such as control deficiencies
³5 Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management program
³5 Evaluate any indicators of fraud and recommend investigation when appropriate
³5 Communicate with the board regarding fraud risks and prevention and detection programs, as well as any incidents of actual fraud
Internal Audit and Fraud Practice Guide, The Institute of Internal Auditors, 2009
.#)(9-5."#&5/&./,5:HH5*,(.;M5(5*, ),'#(!5#.-5)1(5 ³5 )15--.-5) 5."5)'*(35)/&55'#-**,)*,#.

,/5,#-%5----'(.5:HC5*,(.;@5
³5 "5#'*),.(5) 5'#(.#(#(!5."5*,)*,5-..5) 5'#(5
(5#.#)(5.)52,#-#(!5-%*.##-'5#(5."5)(/.5) 5."#,5
.",)/!")/.5."5/#.5,!,#(!5."5*).(.#&5 ),5'.?
.#0#.#->5#(.,(&5/#.5-")/&55&,.5 ),5(35..'*.-5)(5
,#&5'#--..'(.5/5.)5 ,/
."5*,.5) 5'(!'(.5.)5&#'#.5),5#(W/(5."5-)*5),5(?
./,5) 5#.-5.#0#.#-@5),5#(-.(>5-5)(55#-/--#)(5*,? 5 )/,->5 ."5 #'*),.(5 ) 5 -%*.##-'5 )-5 ().5 -.)*5
.##*(.5 *)#(.5 )/.>5 ),&)'5 '(!'(.5 **,5 .)5 1#."5."5)'*&.#)(5) 5."5,#(-.),'#(!5---#)(@5.",>5#.5
*/,*)-&35#0,.5."#,5#(.,(&5/#.5 /(.#)(5135 ,)'5#.-5 #-5#(.!,&5.)5."50&)*'(.5) 5."5/#.5*&(@5),5#(-.(>5
/#.5 ,-*)(-##&#.#-5 (5 #(.)5 5 )-.?/..#(!5 *,)!,'>5 ."/-5 *,) --#)(&5-.(,-5,+/#,5/#.),-5.)5*, ),'5(&3.#&5
[.#0&35 &#'#(.#(!5 5 %35 #(.,(&5 )(.,)&5 )0,5 V((#&5 *,)/,-5)(55)'*(39-5V((#&5,-/&.-5.)5#(.# 35(35
,*),.#(!5 ,/@ /(/-/&5.,(-.#)(-5),5.,(-5.".5'35#(#.5'..,-5.".5
"05 V((#&5 -..'(.5 (5 /#.5 *&((#(!5 #'*&#.#)(-@DF5
"-5 *,)/,-5 ,+/#,5 ."5 /#.),5 .)5 "05 5 &0&5 ) 5
Skepticism and External Audit
%()1&!5)/.5."5)'*(35(5."5#(/-.,35-/\#(.5.)5
,) --#)(&5 /#.#(!5 -.(,-5 &&5 ),5 2.,(&5 /#.),-5 0&/.51".",5."5,-/&.-5-/!!-.5.".55 ,/5,#-%52#-.-@5
.)52,#-5*,) --#)(&5-%*.##-'>51"#"5#-5V(5-5U(5 %*.##-'5&-)5#-5#(.!,&5.)5."52/.#)(5) 5."5/#.5*&(>5
..#./5.".5#(&/-55+/-.#)(#(!5'#(5(55,#.#&5-? -5/#.),-5'/-.55&,.5.)5#(#.#)(-5) 5 ,/5,#-%-5-5/#.5
---'(.5) 5/#.50#(@YDC5),5(52.,(&5/#.),>5."5 0#(5#-50&/.5(5')# 35."5/#.5*&(5),#(!&3@5
2,#-5 ) 5 *,) --#)(&5 -%*.##-'5 '(-5 0&/.#(!5 (5 /-5*,) --#)(&5-%*.##-'5#-55,#.#&5-%#&&5 ),52.,?
"&&(!#(!5 /#.5 0#(5 (5 ,'#(#(!5 &,.5 ),5 #( ),? (&5 /#.),->5 '#5 *,*,.#)(5 (5 )(.#(/#(!5 *,) -?
'.#)(5 .".5 -/!!-.-5 .".5 5 '.,#&5 '#--..'(.5 ) 5 ."5 -#)(&5.,#(#(!5*,)!,'-5,5#'*),.(.5.))&-5 ),5#(-.#&&#(!5(5
V((#&5 -..'(.-5 '35 "05 )/,,@5 #.#)(&&3>5 2? ,#( ),#(!5."52,#-5) 5-%*.##-'>5*,.#/&,&35#(5."5-?
.,(&5/#.),-5-")/&5**&35*,) --#)(&5-%*.##-'51"(5 ---'(.5 ) 5 ,/5 ,#-%>5 #(&/#(!5 ."5 ,#-%5 ) 5 '(!'(.5
."35)(-#,5."5,#-%5.".5'(!'(.5'35)0,,#5#(? )0,,#5) 5)(.,)&->5(5#(5."5-#!(5) 5/#.5.-.#(!5.)5,?
.,(&5)(.,)&->DD5(5.%5.".5,#-%5#(.)5)/(.51"(5 ),? -*)(5.)5#(.#V5,#-%-@5?.)? 5'.#(!-5.)5).#(5#(?
'/&.#(!5 $/!'(.-5 )/.5 ."5 (./,5 (5 2.(.5 ) 5 /#.5 ),'.#)(5,5) .(5"&* /&Z#(5*,.5/-5."35*,)0#5(5
.-.#(!@5 ",)/!"5 ."#-5 &0&5 ) 5 -,/.#(3>5 /#.),-5 #(,-5 )**),./(#.35 .)5 ----5 )35 &(!/!5 (5 ).",5 ()(?0,&5
().5)(&35."5# "# &&5.".5 ,/51#&&55..5/.5&-)5 )''/(#.#)(-@55
."5')'+ &%5.".5 ,/51#&&55..>51"#"5.)!.",5 (5#.#)(5.)5."5,)&5) 5-%*.##-'5#(5."5)(/.5) 5."5
,/5."5,#-%5) 5 ,/@ 2.,(&5/#.>5#-/--#)(5*,.##*(.-5-/!!-.5.".52.,?
(5),,5.)5'*"-#45."5#'*),.(5) 5-%*.##-'5#(5 (&5/#.),-5(5550&/&5,-)/,5 ),5),-5(5/#.5
."5 )(/.5 ) 5 (5 /#.>5 *,) --#)(&5 -.(,-5 ,+/#,5 )''#..-535*,)0##(!5#(-#!".-5)(5."5)'*(39-5."#&5
'',-5) 5."5/#.5(!!'(.5.'5.)5#-/--5."5*)? /&./,>5."5[.#0(--5) 5#.-5#(.,(&5)(.,)&->5(5#.-52*)?
.(.#&5 ),5'.,#&5'#--..'(.5/5.)5 ,/@DE5.55'#(#? -/,5.)5'(!'(.5)0,,#>5#(&/#(!5#( ),'.#)(5)(5&?
'/'>5."-5#-/--#)(-5-")/&5#(0)&05."5%35'',-5) 5 #(!5*,.#-5#(5-#'#&,5)'*(#-@5"52.,(&5/#.),-5(5
."5(!!'(.5.'5:#(&/#(!5."5/#.),51#."5V(&5,? &-)5 0#-5 ."5 ),5 (5 /#.5 )''#..5 )(5 +/-.#)(-5 .)5
-*)(-##&#.35 ),5."5/#.>5#@@>5."5&5(!!'(.5*,.(,;5 -%5'(!'(.@5
(5-")/&5!(,.5(52"(!5) 5#->5),5U,#(-.),'?
#(!>Y5)/.5."5 )&&)1#(!L POINT TO PONDER
*+##&.)2+ '*2%2*)-2*2%2 $'&)+%+2*&,)2&2 %&)8
³5 )15(51",5."5(!!'(.5.'5&#0-55)'?
$+ &%2&,+2),2%2&+)2$ *&%,+92&.2%2/+)%#2
*(39-5V((#&5-..'(.-5)/&55-/-*.#&5.)5'?
, +&)*2#-)2+2)) %2+2%+,)2%2)(,%02&2
.,#&5'#--..'(.5/5.)5 ,/
. *+##&.)2+ '*2+&2%%2+ )2),2) *"2****$%+F
³5 )15'(!'(.5)/&5*,*.,.5(5)(&5 ,//?
&(.5V((#&5,*),.#(!

SUMMARY OF CONSIDERATIONS RELATED TO SKEPTICISM
For Management H@5 0,!5 ."5 #(.,(&5 (5 2.,(&5 /#.),-5 -5 %35 ,?
C@5 %()1&!5 .".5 ,/5 (5 )/,5 (5 )(-#,5 -/"5 -)/,-@5 05 ,!/&,>5 )(V(.#&5 '.#(!-5 .1(5
,#-%-5-5*,.5) 5."5)'*(39-5,#-%5----'(.5*,)--@5 ."5/#.5)''#..5(5."5"# 5/#.52/.#0>5(5
*,"*-5-*,.&351#."5).",5-(#),5'',-5) 5."5#(?
D@5 /#&5-%*.##-'5#(.)5."5/&./,@5-.&#-"55&,52*?
.,(&5 /#.5 *,.'(.>5 -5 1&&5 -5 2/.#05 ---#)(-5
..#)(5 .".5 &&5 &0&-5 ) 5 '(!'(.5 1#&&5 +/-.#)(5 (5
1#."5."52.,(&5/#.),@
"&&(!5&&5,-/&.-5 ),51"#"5."35,5,-*)(-#&>51#."5
."5-*#V5#(.(.5) 5)(V,'#(!5.".5),*),.5-.(,-5
For Internal Auditors
) 5/,3>52&&(>5(5."#-51,5'.@
C@5 /!!-.5.)5."5),5(5/#.5)''#..5-*#V513-5#(5
E@5 !!,--#0&35*/,-/5."5,)).5/-5) 5(35V#(#-5#(5 1"#"5#(.,(&5/#.5(5*,)0#5-/**),.>51#."55*,.#/?
)(.,)&->5(5.%5,'#&5-.*-5*,)'*.&3@ &,5 )/-5)(5."5,#-%5) 5V((#&5,*),.#(!5 ,/@
F@5 )(#.),53)/,5)'*(35(5("',%5#.51#."5).",-5#(5 D@5 %5."5&5,)&5#(5----#(!5."5)'*(39-5*,)!,'5.)5

."5#(/-.,35 ),5."5*/,*)-5) 5#(.# 3#(!5#(#.),-5) 5 '#.#!.5."5,#-%5) 5V((#&5,*),.#(!5 ,/>5(5,*),.5
,/@5 ((/&&35.)5."5/#.5)''#..5)(5.".5----'(.@
For Boards and Audit Committees For External Auditors

C@5 )(V,'5 .".5 &&5 ),5 (5 /#.5 )''#..5 '',-5 C@5 -5)(5."5 ,/5,#-%5----'(.50&)*5#(5*&((#(!5
"055-.,)(!5/(,-.(#(!5) 5."5)'*(39-5/-#(--5 ."5 /#.>5 *,).#0&35 -/!!-.5 +/-.#)(-5 .".5 ."5 ),5
(5#.-5#(/-.,3@50,!5)/.-#5.,#(#(!5(5)(-/&? (5/#.5)''#..5'351(.5.)5-%5'(!'(.@
.(.-5 -5 (--,3>5 1#."5 ."5 )$.#05 ) 5 (&#(!5 &&5
D@5 !/&,&350&/.5."5/#.5V,'9-5#(.,(&5)''/(#?
'',-5) 5."5),5(5/#.5)''#..5.)5-%5*,)?
.#)(-5 (5 .,#(#(!5 *,)!,'-5 .)5 )(V,'5 .".5 ."35 ?
#(!5+/-.#)(-5)/.5-.,.!35(5)*,.#)(-@5/#.5)'?
+/.&35,--5."52,#-5) 5*,) --#)(&5-%*.##-'5
'#..5 '',-5 -")/&5 &-)5 "05 5 1),%#(!5 /(,?
(5."5----'(.5) 5 ,/5,#-%@
-.(#(!5 ) 5 V((#&5 ,*),.#(!>5 0(5 # 5 ."35 ,5 ().5
V((#&52*,.-@5 E@5 #( ),5 ."5 #'*),.(5 ) 5 #(.,0#1#(!5 (5 #(+/#,35
-%#&&-5#(5."5/#.5*,)-->5#(&/#(!5)(-#,.#)(5) 5()(?
D@5 -%5+/-.#)(-5) 5'(!'(.>5#(.,(&5/#.),->5(52?
0,&5)''/(#.#)(-@5
.,(&5/#.),-5.)5&##.5*).(.#&5)(,(-5,&.5.)5)*?
*),./(#.#-5),5#((.#0-5 ),5V((#&5,*),.#(!5 ,/@ F@5 '*"-#45."50&/5) 5),,)),.#)(5-55'(-5) 5)?
.#(#(!5 -/\#(.5 /#.5 0#(>5 (5 *,)0#5 !/#(5
E@5 -5 ?.)? 5 '.#(!-5 1"(0,5 *)--#&5 .)5 ).#(5
)(5 '"(#-'-5 (5 '."))&)!#-5 -/"5 -5 )'*(35
#( ),'.#)(>5()/,!5)*(5#-/--#)(>5(5----5()(?
)''/(#.#)(-5 ),5 ).#(#(!5 ),,)),.#05 #( ),'?
0,&5)''/(#.#)(-5-/"5-5)35&(!/!@
.#)(@5
F@5 .#0&35)0,-5.")-5-*.-5) 5."5)'*(39-5-.,.!35
G@5 )(-#,5 #(&/#(!5 #(5 ."5 ,#(-.),'#(!5 ---#)(-5 #(#?
(5 ,#-%5 '(!'(.5 *,)!,'5 .".5 [.5 V((#&5 ,?
0#/&-5)/.-#5) 5."5(!!'(.5.'51#."5#(/-.,352?
*),.#(!>51#."55-*#V5 )/-5)(5,#-%-5.".5)/&5*).(?
*,.#-5 (5 .")-5 1")5 "05 2*,#(5 1#."5 -#./.#)(-5
.#&&35,.5#((.#0-5 ),5V((#&5,*),.#(!5 ,/@
#(0)&0#(!5V((#&5,*),.#(!5 ,/@5
G@5 /-.#)(5 '(!'(.5 #(5 *."5 )/.5 #.-5 *,)!,'5 ),5
H@5 )(-#,5 ?.)? 5 '.#(!-5 .)5 ).#(5 #( ),'.#)(>55
'(!#(!5 ,/5 ,#-%>5 )/-#(!5 )(5 ,-5 1",5 '(!?
#(5 ),,5 .)5 ()/,!5 )*(5 #-/--#)(5 (5 ----5 ()(?
'(.5"-5#(.#V5."5!,.-.50/&(,#&#.#->5#(&/#(!5
0,&5)''/(#.#)(-@
."5 ,#-%5 ) 5 '(!'(.5 )0,,#5 ) 5 )(.,)&-@5 -%5 '(?
!'(.5 .)5 2*&#(5 ")15 .")-5 0/&(,#&#.#-5 ,5 #(!5 I@5 ()/,!5 ."5 '#5 )''/(#.35 .)5 -.,(!."(5 ."5
,--5(5)(-#,5/.#&#4#(!5#(.,(&5/#.5.)50&/? /#.#(!5 /,,#/&/'9-5 )/-5 )(5 *,) --#)(&5 -%*.##-'5
.5."5[.#0(--5) 5'(!'(.9-5.#0#.#-@ (5."(#+/-5 ),5 ,/5..#)(@5
5
5
4 CHAPTER
Communications
Knowledge Sharing to Deter and Detect Fraud
"5 ) 5 ."5 *,.##*(.-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35 -%#(!5+/-.#)(-5),5"&&(!#(!5'(!'(.5),5).",5),5

"#(5"-55-*,.5/.5#(.,)((.5,)&5#(5."5-",5 ),5)''#..5'',-@5 (5*,.#/&,>52/.#05---#)(-5) 5
,-*)(-##&#.35 .)5 .,5 (5 ..5 ,/@5 /&V&&#(!5 ."#-5 ,? ."5),5(5/#.5)''#..51#."5."5"# 5V((#&5)\?
-*)(-##&#.35 -/-- /&&35 ,+/#,-5 &0,!#(!5 "5 *,.39-5 ,5(5%35'*&)3->5."5#(.,(&5/#.),->5(5."52.,?
)'*&'(.,35 .#0#.#-5 35 -",#(!5 #( ),'.#)(5 (5 )(? (&5 /#.),-5 ,5 #(0&/&5 #(5 *,)0##(!5 &&5 *,.#-5 1#."5 5
,(-5 (5 #(.# 3#(!5 (35 !*-5 #(5 ."5 )&&.#05 [),.-5 .)5 ,)5*,-*.#05)(5."5)'*(39-5V((#&5,*),.#(!5(0#?
'#.#!.5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5 ,/@5 )5 ."#-5 (>5 ,)('(.5(5."5,*),.#(!5/&./,>5#(&/#(!51".",5)(?
5#-/--#)(5*,.##*(.-5'*"-#45."5#'*),.(5) 5 .,)&-5,5,-*.5(5)'*&#51#."5 #." /&&3@5
,!/&,>5)*(>5(5,)/-.5)''/(#.#)(-5,)--5."5V((? "5 5/#.5)''#..5 (-.#./.9-52, +2&$$ +8
#&5,*),.#(!5-/**&35"#(@5"35&-)5()/,!5)&&),? +2
&,)%05,*),.-5.".5U."5/#.5)''#..9-52/.#05--?
.#)(5.)5-.#'/&.5)(.#(/)/-5#'*,)0'(.5#(5[),.-5.)5.,5 -#)(-51#."5."52.,(&5/#.5*,.(,5,50#15R35IG5*,(.5
(5..5V((#&5,*),.#(!5 ,/@5[.#05)''/(#? ) 5,-*)((.-S5-5')-.5*,)/.#0>5 )&&)15&)-&3535#(.,(&5
.#)(-5 ,5 5 -& ?,#( ),#(!5 3&@5 ,+/(.>5 "#!"5 +/&#.35 /#.5(5."5@Y5"5,*),.5!)-5)(5.)5-..5U"52.,(&5
)''/(#.#)(-5 ("(5 ."5 %()1&!5 (5 /(,-.(? /#.),5)(.#(/-5.)55."5-.5-)/,5) 5-/!!-.#)(-5 ),5#'?
#(!5 ) 5 &&5 *,.#->5 ,-/&.#(!5 #(5 ..,5 +/-.#)(-5 (5 5 )(? *,)0#(!5."5/#.5)''#..9-5),!(#4.#)(5(5.#0#.#-@Y
-.(.&35#'*,)0#(!5)''/(#.#)(-5*,)--@ 2/.#05 ---#)(-5 *,)0#5 ."5 )**),./(#.35 ),5 ."5 /#.5
"5/#.5)''#..5#-55"/5 ),5)),#(.#(!5'(35V? )''#..5.)5!)53)(5."5,0#15) 5V((#&5,*),.-5(5
((#&5,*),.#(!5)''/(#.#)(-5/-5#.5"-5*,#',35 "05 ,(%5#&)!/5)(5U-) .Y5.)*#-5-/"5-5),*),.50&/->5
,*),.#(!5&#(-5 ,)'5'(!'(.>5."5#(.,(&5/#.),>5(5 '(!'(.5 -.3&>5 (5 ."5 *).(.#&5 ),5 V((#&5 ,*),.#(!5
."5 2.,(&5 /#.),@5 .5 #-5 ."5 ,-*)(-##&#.35 ) 5 ."5 /#.5 ,/@5),52'*&>51"(5."5/#.5)''#..5#-5#-/--#(!5
)''#..5.)5-5.".5."-5)''/(#.#)(-51),%51&&@5 ."5V((#&5-..'(.-51#."5'(!'(.>5),5."5,-/&.-5) 5
[.#05)''/(#.#)(-5,+/#,5)."5.#'5(5)''#.? #(.,(&5 /#.5 (!!'(.-5 1#."5 ."5 "# 5 /#.5 2/.#0>5
'(.@5 +/.5 .#'5 )(5 ."5 ),5 )''#..5'',-5'351(.5.)5)(?
(5 /#.5 )''#..5 !(-5 ),5 &&5 It’s a risky business when you -#,5 -*#V&&35 -%#(!5 )/.5 (5
*,#),#.35'..,-5*,)').-5)*(>5.1)? don’t have all these parties that *,)#(!5."5)(.,)&-5)0,5V((#&5,?
135#-/--#)(5(5,#.#&5"&&(!5 are committed to and responsible *),.#(!>5 #(&/#(!5 )(.,)&-5 )0,5 '(?
,.",5."(55-/*,V#&5),5'#(#'&? for the audit working in tandem !'(.5)0,,#@
#-.5**,)"@55#-/--#)(5*,.##? and securing results that are greater /#.5 )''#..-5 -")/&5 &-)5 )(?
*(.-5().5.".5#.5#-5#'*),.(.5.)5 )-? than the sum of the parts. -#,52*(#(!5."#,5)''/(#.#)(-5
.,55/&./,5) 5#(+/#,35-)5.".5),5 3)(5-(#),5'(!'(.@5)(0,-?
Richard Thornburgh, Former
(5 /#.5 )''#..5 '',-5 ,5 U.S. Attorney General, currently .#)(-5 1#."5 )*,.#(!5 *,-)((&5 (5
().5#(.#'#.5),5#-)/,!5 ,)'5 Of Counsel, K&L Gates, LLP 1#."5V((#&5'(!'(.5&)15."5

Financial Reporting — Lines of Communication
Frequent Co
mmu
nica
tio
ns
Board of Directors
Audit
Compensation Committee Other
Committee Communications hub— Committees
Financial reporting
External Internal
Audit Audit
ions
uest
Management
Q
Communications hub—
r
tte
Operations
Be
De
ep
erU
nd
e
rs
Operating Organization ta
nd
ing
Key
Primary communications/reporting hub
Primary line of communication
Additional line of communication
.)*5 &0&5 (5 *,)0#5 0&/&5 #(-#!".-5 #(.)5 ."5 )'*(39-5 )-.5*,.##*(.-5#(5."55#-/--#)(-5(5#(.,0#1-5
/&./,5 (5 ."5 ,#-%-5 #.5 #-5 #(!@5 /#.5 )''#..-5 -")/&5 !,5.".5."5,(-?2&35.5,+/#,'(.5.".5."5/?
)(-#,5-%#(!5+/-.#)(-5-/"5-5U,53)/5*,--/,5.)5)5 #.5)''#..5(!!5."52.,(&5/#.),5"-5 #&#..5."5
(3."#(!QY5(5U".5,53)/5/()' ),.&51#."QY5 5."5 #-/--#)(5) 5#\/&.5#--/-5(5&&)15 ),5'),5[.#05
*,-)(5%()1-5.".5"#-5),5",5,-*)(-51#&&55"&5#(5)(V? )0,-#!".5) 5."5V((#&5,*),.#(!5*,)--@52.,(&5/#?
(>5."351#&&55'),5#(&#(5.)5-",5)(,(-@ .),-5,5,+/#,5.)5,*),.5((/&&35.)5."5/#.5)''#..5
)(550,#.35) 5'..,->5(5/#.5)''#..-5,5)(5-)/,5
POINT TO PONDER ) 5#(*/.5#(.)5(5/#.),9-5----'(.5) 5."5,#-%5) 5'.,#&5
)2 *2#$&*+2%-)2%&,2+ $2&%2&)2%2, +2&$8 '#--..'(.5 #(5 5 )'*(39-5 V((#&5 -..'(.-5 (5 ."5
$ ++2 %*72 %2 0+2 + $2 &%*+) %+*2 *&,#2 %&+2 ,)+ #2 ,&.5/#.5,-*)(-@5#-/--#)(5*,.##*(.-5'*"-#45
) + #2 *,** &%*92 +2 )2 +2 *+2 +% (,*2 +&2 %*,)2 .".5."-5)''/(#.#)(-5-")/&5().550#15-55,)/?
++2##2 **,*2&2&%)%2+&2+2&)2%2, +2&$$ ++2)2 .#(5)'*&#(52,#->5/.5,.",5-5."5-.,.#(!5*)#(.5 ),5
(,+#02 *,**F2 %2 '')&2 *2 +&2 $ % $ 12 &'% %2 (5 #(?*."5 #-/--#)(5 ) 5 (35 '..,-5 .".5 )(,(5 #.",5
)$)"*2%2&)$#2')*%++ &%*92+2#*2.&)"*2.##F2 ."5/#.5)''#..5),5."52.,(&5/#.),-@5

5)/,->5().5&&5)''/(#.#)(-5,/(5.",)/!"5."5/#.5 '(!'(.9-5 ,/5,#-%5----'(.>5-51&&5-5."5,-/&.-5
)''#..M5 )''/(#.#)(-5 &-)5 ,!/&,&35 )/,5 .1(5 ) 5 #(.,(&5 /#.9-5 .-.#(!5 ) 5 #(.,(&5 )(.,)&->5 ,5 #'*),?
'(!'(.5(5."5#(.,(&5/#.),>5'(!'(.5(5."5 .(.5.)5."52.,(&5/#.),9-5----'(.5) 5 ,/5,#-%5(5
2.,(&5/#.),>5(5."5#(.,(&5/#.),5(5."52.,(&5 #.-5*&((#(!5) 5."52.,(&5/#.@5#'#&,&3>5."5,-/&.-5) 5
/#.),@5 (5')-.5),!(#4.#)(->5."5#(.,(&5/#.5 /(.#)(5 ."52.,(&5/#.5'35&-)5#( ),'5."5)(!)#(!5#(.,(&5/?
,*),.-5 '#(#-.,.#0&35 .)5 5 '',5 ) 5 -(#),5 '(!? #.5 *&(@5 )(.#(/)/-5 )''/(#.#)(5 )/.5 ."-5 '..,-5
'(.>5(5#(.,(&5/#.9-5.#0#.#-5-,055%35,)&5#(5"&*? #-5 '/./&&35 (V#&5 .)5 )."5 *,.#-5 (5 #-5 --(.#&5 .)5
#(!5'(!'(.5----5."5[.#0(--5) 5."5)(.,)&5(? 0)##(!5!*-5#(5."5[),.5.)5'#.#!.5."5,#-%-5) 5V((#&5
0#,)('(.5(5."5,#-%5) 5V((#&5,*),.#(!5 ,/@5 (.,(&5 ,*),.#(!5 ,/@5
/#.5 -")/&5 )(-#,5 '(!'(.9-5 ,#-%5 ----'(.5 (5 ,.##*(.-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35 "#(5
).",5#(*/.5#(50&)*#(!5#.-5/#.5*&(>5&.")/!"5'(!? -")/&51),%5#&#!(.&35.)5-.&#-"5(5'#(.#(5(5(0#,)(?
'(.5 -")/&5 ().5 &#'#.5 ."5 -)*5 ) 5 #(.,(&5 /#.9-5 1),%@5 '(.5 ) 5 )*(5 (5 )(!)#(!5 )''/(#.#)(@5 -5 ."5 #-/-?
(.,(&5 /#.9-5 V(#(!-5 (5 ,)''(.#)(-5 (5 *,)? -#)(5 *,.##*(.-5 /(,-),>5 ."5 !)&5 #-5 .)5 -",5 %()1&?
0#5 '(!'(.5 1#."5 #'*),.(.5 #(-#!".-5 #(5 ----#(!5 !>5#(-#!".->5(5)(,(-5.)5("(5."5)&&.#05[),.-5
1".",5."5#(.(5.)(5.5."5.)*5(5."#&5'--!-5 ) 5&&5-/**&35"#(5*,.##*(.-5(5'%5."51")&5!,.,5
"05*,'.5.",)/!")/.5."5),!(#4.#)(9-5/&./,@5 ."(5."5-/'5) 5#.-5*,.-@5)''/(#.#)(-5&-)5 )-.,5)&?
5 #-/--#)(5 *,.##*(.-5 ().5 .".5 ."5 )$.#0-5 &),.#)(5')(!5&&5-.%")&,-5(5-.#'/&.5)(.#(/)/-5
(5 *,) --#)(&5 -.(,-5 ) 5 #(.,(&5 (5 2.,(&5 /#? #'*,)0'(.5#(5[),.-5.)5.,5(5..5V((#&5,*),.?
.),-51#."5,-*.5.)5."5,#-%5) 5V((#&5,*),.#(!5 ,/5,5 #(!5 ,/@
-#'#&,5(5)'*&'(.,3@5 (.,(&5/#.9-50&/.#)(5) 5
Required External Auditor Communications to Audit Committees
PCAOB auditing standards require the external auditor to communicate various matters to the audit committee, including, but
not limited to, the following:25
³5 Significant accounting policies, management judgments, and accounting estimates
³5 The auditor’s judgments about the quality, not just the acceptability, of the company’s accounting principles
³5 Significant difficulties, if any, encountered during the audit
³5 Uncorrected misstatements that were determined by management to be immaterial, individually and in the aggregate
³5 Audit adjustments arising from the audit, either individually or in the aggregate, that in the auditor’s judgment could have a
significant effect on the entity’s financial reporting process
³5 Significant internal control deficiencies or material weaknesses and disagreements with management

SUMMARY OF CONSIDERATIONS RELATED TO COMMUNICATIONS
For Management For Internal Auditors

C@5 ()/,!5.1)?135)''/(#.#)(5.1(5'(!,-5 C@5 -.&#-"5 5 ,!/&,5 -"/&5 ) 5 ?.)? 5 '.#(!-5
(5'*&)3-5.5&&5&0&-5#(5."5),!(#4.#)(@5 1#."5-(#),5'(!'(.>5."5/#.5)''#..>5(5."5
2.,(&5/#.),5.)52"(!5#(-#!".-5(5*,-*.#0-@5
D@5 ),%5*,).#0&35.)5'%5-/,5.".5),->5/#.5)''#.?
2*&),5)**),./(#.#-5 ),5."52.,(&5/#.),5.)5&0,?
.->5#(.,(&5/#.),->5(52.,(&5/#.),-5,51&&5#(?
!5."51),%5) 5#(.,(&5/#.@
),'5)(55.#'&35-#-5)/.5."5)'*(39-5)*,.#)(->5
-.,.!#->5(5,#-%->5#(&/#(!5."5&.-.50&)*'(.-@
For External Auditors
C@5 ,).#0&35*,)').5)**),./(#.#-5 ),5,)/-.5)(0,-?
For Boards and Audit Committees
.#)(-5.1(5."52.,(&5/#.),-5(5."5/#.5)'?
C@5 )/.#(&35-%5+/-.#)(-5) 5'(!'(.>5#(.,(&5/#?
'#..5)(5,&0(.5'..,->5#(&/#(!5."5 .),-5)(-#?
.),->5(52.,(&5/#.),-5.)5&##.5#(#.#)(-5) 5*).(?
,5 #(5 ."5 /#.),9-5 ----'(.5 ) 5 ,/5 ,#-%5 (5 ."5
.#&5)(,(-5,&.5.)5#((.#0-5),5)**),./(#.#-5 ),5
)'*(39-5**,)"5.)50&)*#(!5-#!(#V(.5)/(.?
V((#&5,*),.#(!5 ,/@5
#(!5-.#'.-@5%5(52/.#05---#)(51#."5."5/#.5
D@5 ),%5 .)5 )((.5 1#."5 ."5 ),!(#4.#)(5 )/.-#5 ."5 )''#..5.5&&5'.#(!-5.)5()/,!5(#5)(0,?
),,))'@5%5)**),./(#.#-5.)5#(.,.51#."5'(!? -.#)(>50(51"(5.",5,5()5-*#&5)(,(-5),5-#!?
,->5 '*&)3->5 0(),-5 (5 /-.)',-5 .)5 ("(5 (#V(.5#--/-5.)5#-/--@5
%()1&!5) 5."5)'*(35(5*)--#&5,#-%-5) 5V((?
D@5 ),%51#."5),-5(5/#.5)''#..-5.)50,35."5(?
#&5,*),.#(!5 ,/@
./,5(5 )/-5) 5."#,5+/-.#)(-5.)5'(!'(.>5#(.,?
(&5/#.),->5(5).",-5-/"5-5%35'*&)3-5#(5),,5
.)52.(5."5,."5(5*."5) 5."5#-/--#)(5(5
).#(5(5("(5/(,-.(#(!5) 5."5/-#(--5(5
."5*).(.#&5,#-%-5) 5V((#&5,*),.#(!5 ,/@

5 CHAPTER
The Case for Collaboration

Increasing Effectiveness Across the Financial Reporting
Supply Chain
[.#05)''/(#.#)(5')(!5."5%35-.%")&,-5#(5."5 1",5 /,.",5 )/-5 (5 -./35 ,5 1,,(.@5 "5 )0,&&5
V((#&5,*),.#(!5-/**&35"#(5#-5,#.#&5.)5-/-- /&&35? )$.#05#-5.)50(5."5#&#.#-5) 5&&5-.%")&,-5.)5?
.,,#(!5(5..#(!5 ,//&(.5V((#&5,*),.#(!@5"#&5 .,5(5..5V((#&5,*),.#(!5 ,/5.",)/!"55-*.,/'5
-/**&35"#(5*,.##*(.-5#(5#(#0#/&5),!(#4.#)(-51),%5 ) 5-*#V5.#0#.#->5-/"5-5.")-5-,#5&)1>5.)5-",5
.)5.,5(5..5V((#&5,*),.#(!5 ,/5)(5)'*(35.5 #->5-*)(-),5,-,">5(5*,"*-50&)*5(15.))&-5(5
5 .#'>5 ."5 *,) --#)(&5 ),!(#4.#)(-5 .".5 ,*,-(.5 "5 '."))&)!#-@
'$),5 -.%")&,5 !,)/*>5 #(&/#(!5 5 ),5 '(!'(.>5
5 ),5),-5(5/#.5)''#..->5"5 5 ),5#(.,(&5
Joint Commitment to Collaborate in
/#.),->5(5."55 ),5*/&#5)'*(35/#.),->5,5?
Anti-fraud Efforts
.#0&35(!!5#(5."5[),.5.)5'#.#!.5."5,#-%5) 5V((#&5
,*),.#(!5 ,/5 ,)&35 ),5 &&5 )'*(#-@5 "5 ) 5 ."-5 "59-5[),.-5.)5)(0(5,*,-(..#0-5) 5-.%")&?
!,)/*-5 "#-.),#&&35 "-5 0&)*5 '.")->5 *,.#-5 (5 ,-5)(5."5#--/5) 5 ,/5.,,(5(5..#)(5&5.)5."5
.))&-5 .)5 --#-.5 #(5 '#.#!.#(!5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5 0&)*'(.5) 5."#-5,*),.5(5*,)0#55'"(#-'5 ),5)(?
,/>5 (5 ."35 ,5 )(.#(/&&35 0&)*#(!5 (15 #-5 ),5 !)#(!5 )''/(#.#)(>5 )),#(.#)(>5 (5 )&&),.#)(5
-./35(5)(/.#(!5,-,"5.)5 /,.",50(5."5-%#&&-5 ')(!5 &&5 *,.##*(.-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35
) 5."#,5)(-.#./(.-@5 "#(@5"5)(.#(/.#)(5) 5."#-5#(.,.#)(5-")/&5 #&#..5
-5#&&/-.,.5.",)/!")/.5."#-5,*),.>5().5/(&#%5."5''? ."5 2"(!5 ) 5 2*,#(-5 (5 *,-*.#0->5 (5 )/&5
,-5) 55-*),.-5.'>5"5) 5."5*&3,-5#(5."5V((#&5,? &-)5!)5 /,.",5.)5"&*5#(.# 3513-5.)5&0,!52#-.#(!5,?
*),.#(!5-/**&35"#(5"-55#-.#(.5,)&5#(5."5.,,(5(5 -)/,-5(50&)*5(5*,#),#.#45 /./,5$)#(.5.#0#.#-5.)5
..#)(5) 5V((#&5,*),.#(!5 ,/@5/.5#.5#-5().5()/!"5 0(5."5.,,(5(5..#)(5) 5V((#&5,*),.#(!5
),5"5!,)/*5.)52&5)(5#.-5)1(@5 (5),,5.)5)'551#(? ,/@5"5!)&5) 5-/"5[),.-51)/&55.)5("(5."#(%#(!5
(#(!5.'>5"5*&3,5'/-.5-",5"#-5),5",5%()1&!5) 5 ,)/(5 ,-5 ,#.#&5 .)5 ,/5 .,,(5 (5 ..#)(>5 -5
."5)**)((.5(51),%5.)!.",@5 1&&5-5*).(.#&5.))&-5.,!.5.)5."5,)&-5(5,-*)(-##&#?
-5*,.5) 5#.-50#-#)(5.)5("(5#(0-.),5)(V(5#(5."5 .#-5) 5"5-.%")&,5!,)/*@5
*#.&5',%.->5."55.-5.)5)(0(5(5 )-.,5)&&)? >5>5(5"5 >5),!(#4.#)(-5.".5&,35,5
,.#)(51#."5).",5-.%")&,-5.)50(5."5#-/--#)(5) 5 .#0&35(!!5#(5[),.-5.)5'#.#!.5."5,#-%5) 5V((#&5,?
,#.#&5#--/-@5 (5.".5*#.3>5."55"-5#(.#V5,-5 *),.#(!5 ,/>5*&(5.)5)&&),.51#."5."5@5/,5[),.-5
) 5 )/-5 ),5 /./,5)&&),.#)(5')(!5*,.##*(.-5#(5."5 &-)51#&&5*,)0#5."5)**),./(#.35 ),5)&&),.#)(51#."5?
V((#&5 ,*),.#(!5 -/**&35 "#(@5 "5 !)&5 #-5 .)5 -.&#-"5 #.#)(&5 ),!(#4.#)(-5 1")-5 )(-.#./(.-5 "05 -*#&#45
)(-(-/-5)(51".5(-5.)55)(5(5.)50&)*5,-)/,? %()1&!5 #(5 *,.#/&,5 ,->5 1"#"5 -")/&5 )(.,#/.5 .)5
-5 .)5 --#-.5 -.%")&,5 [),.->5 -5 1&&5 -5 .)5 #(.# 35 ,-5 ,/5 .,,(5 (5 ..#)(@5 5 (.##*.5 .".5 ."5 ,?

-/&.-5) 5."-5[),.-51#&&55.,(-*,(.5(5#(&/-#0>5(5 2. Promote Additional Efforts to Increase
1#&&5 5 )''/(#.5 ,)&35 .)5 %35 -.%")&,5 !,)/*-@5 Skepticism
/"5)''/(#.#)(5)/&55.",)/!"51"#.5**,-5),5)."?
-5#-/--5'),5 /&&35#(5"*.,5E>5."5#&#.35.)5,#.#&&35
,51,#..(5'.,#&->5-51&&5-5."5&#0,35) 51-.-5(5
---->5+/-.#)(>5(5),,)),.5#( ),'.#)(5#-5(5--(.#&5
)( ,(-@5 (5#.#)(>515#(.(5."-5[),.-5.)5)'*&?
-%#&&5 ),5'(!'(.>5),->5(5/#.5)''#..->5(5#-5
'(.5 ."5 .#0#.#-5 ) 5 ."5 9-5 #((#&5 *),.#(!5
2*.5) 5#(.,(&5/#.5(5."52.,(&5/#.),@5&&5-.%?
,/5-)/,5(.,5(5&))%5 ),1,5.)5)**),./(#.#-5 ),5
")&,-5)/&5(V.5 ,)'5[),.-5.)5("(5."5#&#.35.)5
)&&),.#)(51#."5."5(15(.,@5
."#(%5 ,#.#&&35 (5 -%*.#&&35 )/.5 ."5 #( ),'.#)(5 *,?
-5)(5."5)-,0.#)(-5"#!"&#!".5.",)/!")/.5."5,?
-(.5.)5."'@5.%")&,5)&&),.#)(5#(5."#-5,51)/&5
*),.>5)/,5#(#.#&5)&&),.#05[),.-51#&&5 )/-5)(5 )/,5,)5
#&#..5 #'*,)0'(.-5 #(5 ."5 .,,(5 (5 ..#)(5 ) 5
,-@5
,/@5
),52'*&>55%35'.")5/-535-.%")&,-5.)5#(?
1. Advance the Understanding of Conditions .# 35*).(.#&5#(#.),-5) 5)(,(5#-5."5,0#15(5(&3?
That Contribute to Fraud -#-5 ) 5 5 )'*(39-5 V((#&5 ,-/&.-5 (5 ,&.5 )'*&25
#( ),'.#)(@5 0&)*#(!5 .))&-5 ),5 ."(#+/-5 .)5 ("(5
51&."5) 5,-,"5"-5(5)(/.5)(5."5').#0.#)(-5
."5#&#.35) 5'(!'(.>5#(.,(&5/#.),->52.,(&5/#?
),5 ,//&(.5"0#),5(5."5,&.5,.#)(&#4.#)(5*,)?
.),-5(5/#.5)''#..5'',-5.)50&/.55)'*(39-5
--@5-5.#&5'),5 /&&35#(5"*.,5C>5."5 ,/5.,#(!&5
V((#&5 ,-/&.-5 :35 )'*,#-)(>5 ),5 #(-.(>5 1#."5 '(?
*,)0#-55-#'*&5')&5) 5.",5 .),-5.".5)(.,#/.5.)5
!'(.5 /!.->5 (&3-.5 2*..#)(->5 (5 ."5 ,-/&.-5 ) 5
,/L5*,--/,>5)**),./(#.3>5(5,.#)(&#4.#)(@5)10,>5
#(/-.,35 *,-;5 )/&5 #&#..5 '),5 ,)/-.5 #-/--#)(-5
."5 ,/5.,#(!&5)-5().52*&#(5)(5,#.#&5*"()'()(L5
(5 "&*5 #(.# 35 *).(.#&5 #(#.),-5 ) 5 )(,(@5 ,'?
1"35 )(5 *,-)(5 .%-5 .#)(-5 .)5 #-.),.5 V((#&5 ,-/&.->5
1),%-5.)5--#-.5#(5----#(!5).",5*).(.#&5 ,/5,#-%5 ?
1"#&5().",5#(55-#'#&,5-#./.#)(5)-5().@5
.),->5 -/"5 -5 )'*(-.#)(5 ,,(!'(.->5 )/&5 /,.",5
(!'(.>5),-5(5/#.5)''#..->5(5#(.,(&5
#'*,)05."5,0#15*,)--@5
(52.,(&5/#.),-5)/&5(V.5 ,)'5.))&-5(5,-)/,-5
(5 #.#)(>5 ("(#(!5 -.%")&,-95 )''/(#.#)(5
.".5 "&*5 )*,.#)(&#45 ."5 0-.5 ')/(.5 ) 5 "0#),&5 ,?
#&#.#->5#(&/#(!5."#,5#(.,0#15(5#(+/#,35-%#&&->51)/&5
-,"5)(5."5 .),-5.".5')05(5#(#0#/&5*-.5."5.'*?
)'*&'(.5."5).",5[),.-5-,#5)0@5/"5[),.-5
..#)(5 ),5 )**),./(#.35 .)5 )''#.5 ,/@5 ),%#(!5 .)!.",>5
.)5-.,(!."(5-%*.##-'5)/&5&-)5#(&/52'#(#(!5?
."5 '$),5 -.%")&,5 !,)/*-5 (5 &0,!5 ."#,5 /,,(.5
"0#),&5.,#.-5),5).",5(0#,)('(.&5 .),-5.".5'35#'?
!/#(>5 (&345 *-.5 ,/->5 */,-/5 /,.",5 ,-5 ) 5 ,?
*5."5**&#.#)(5) 5[.#05-%*.##-'@5
-,">5(50&)*5(15'.,#&-5.)5("(5/(,-.(?
#(!5)/.5."5*,?)(#.#)(-5(5#(#.),-5) 5V((#&5,?
*),.#(!5 ,/@5/#&#(!51,(--5#(5."-5,-5)/&5--#-.5 3. Moderate the Risks of Focusing Only on
&&5."5V((#&5,*),.#(!5-/**&35"#(5*,.##*(.-5#(5#(? Short-Term Results
.# 3#(!5 ,/5,#-%-5(5*).(.#&5,5W!->51"#&5.5."5-'5
)(!?.,'50&/5,.#)(5 ),5#(0-.),-5#-5."5,-*)(-##&#.35
.#'5 /,.",5-.,(!."(#(!5#(.,(&5)(.,)&5-3-.'-@5
) 5 '(!'(.>5 ),->5 (5 /#.5 )''#..-@5 )10,>5
(5#'*),.(.5(5,&.5,5 ),5)(-#,.#)(5#-5."55
."#-5!)&5'35)(W#.51#."5."5#((.#0-5.".5,5#(.,)/5
"/'(5)(#.#)(#(!5.".5(5*,0(.5*)*&5 ,)'5V(#(!55
35 -"),.?.,'5 *,--/,->5 -/"5 -5 #(.,(&5 *,)V.5 .,!.->5
,/5 0(5 1"(5 ."35 -(-5 .".5 -)'."#(!5 '35 ().5 5
-"),.?.,'5 *, ),'(5 !)&-5 #(5 )'*(-.#)(5 *&(->5 ),5
,#!".@5 .51#&&55#'*),.(.5.)5#-/--5(5/(,-.(51".5
(&3-.-952*..#)(-5(5."5'(-5) 5-.)%5.,,-5(5
(0#,)('(.&5 (5 "0#),&5 .),-5 '35 #-)/,!5 (5
#(.,'#,#-51")5 )/-5)(5-"),.?.,'5-.)%5*,#5*, ),?
#(#0#/&5 ,)'5-%#(!5."5(2.5+/-.#)(5.".5'#!".5/(0#&5
'(@5(5'*"-#-5)(5-"),.?.,'5,-/&.-5(5,.5*,-?
."5 ,/@
-/,-5 )(5 '/&.#*&5 &0&-5 ) 5 (5 ),!(#4.#)(>5 1"#"5 (5
#(,-5."5,#-%5) 5V((#&5,*),.#(!5 ,/@5 .5#-5#'*),.(.5
.".5'(!'(.>5),-5(5/#.5)''#..->5(5#(.,?
(&5(52.,(&5/#.),-5,'#(5-(-#.#05.)5."5*,-(5) 5

(5*).(.#&5,#-%-5--)#.51#."5-"),.?.,'5!)&-5(5.%5 '.#)(5 )/.5 ."5 [.#0(--5 ) 5 )(.,)&->5 &&5 ) 5 1"#"5
-.*-5.)5'#.#!.5-/"5,#-%-@5 1)/&5 --#-.5 -.%")&,-5 #(5 ."5 [.#05 )(/.5 ) 5 ."#,5
",)/!"5)&&),.#05.#0#.#->5-.%")&,-5(5-",5 )0,-#!".5,-*)(-##&#.#-@5
*,-*.#0-5)(5-"),.?.,'#-'>5#.-5,)&5#(5."5)'*&#-"? ')(!5."5,-51",5-.%")&,-5)/&5-",5#( ),?
'(.5) 5(5),!(#4.#)(9-5)$.#0-5:#(&/#(!5.")-5) 5#(? '.#)(5(5)(-#,5 /./,5.#)(5,5."5'(!'(.5(5
0-.),-;>5(5#.-5#'*.5)(55)'*(39-5)*,.#(!5(0#,)(? /#.#(!5"&&(!-5,.535&.,)(#5/-#(--5)''/?
'(.5(5-3-.'5) 5#(.,(&5)(.,)&-@5"#-51,(--5(5 (#.#)(-5 (5 ,),%*#(!>5 1",5 ."5 '$),#.35 ) 5 #( ),?
-",#(!5) 52*,#(-5)/&5&&)15&&5-.%")&,-5.)5.? '.#)(5/-5 ),5/-#(--5#-#)(-5#-5-.),5&.,)(#&&35
.,5/(,-.(5(50&/.5*).(.#&5,#-%-5(5'#.#!.#(!5 :@!@>50#5?'#&5),5&.,)(#5)/'(.-5-.),5(.,&&35),5
.),-@5 )(5#(#0#/&5",5,#0-;@52*&),#(!513-5.)5.*5#(.)5(5
&0,!5&.,)(#5#( ),'.#)(5.)5#(.# 35*)--#&5#(#?
.),-5) 5 ,/5)/&5("(5."5#&#.35.)5..5 ,//&(.5
4. Explore the Role of Information Technology
"0#),@5 )/-5 )&&),.#)(5 )/&5 *,)/5 (15 #-5
in Facilitating the Deterrence and Detection
(5.))&->5-/"5-5.5+/,#-5(5(&3--5.".5)/&55
of Fraudulent Financial Reporting
**&#5 .)5 !(,&5 &!,->5 -/?&!,->5 ?'#&->5 0(),5
#0(5#.-5(.,&5,)&5#(5-3-.'-5) 5#(.,(&5)(.,)&>5#( ),'? '-.,5 V&->5 (5 ).",5 &.,)(#5 ,*)-#.),#-5 .)5 --#-.5 #(5
.#)(5."()&)!35#-5().",5,51",5&&5*,.##*(.-5#(5."5 #(.# 3#(!5*).(.#&5 ,/@5
V((#&5,*),.#(!5-/**&35"#(5'355&5.)5(V.5 ,)'5 55*).(.#&5,,#,5.)5,&#4.#)(5) 5."5 /&&5(V.-5) 5
-",#(!52*,#(-5(5#-@5 ( ),'.#)(5."()&)!35(5 ."5/-5) 5."()&)!35.)5("(55)'*(39-5#&#.35.)5&?
5 #(-.,/'(.&5 #(5 .,,#(!5 (5 ..#(!5 ,/@5 (5 ."5 0,!5&.,)(#5#( ),'.#)(5#-5."5#-*,.5(./,5) 5."5
).",5 "(>5 ."()&)!35 (5 &-)5 5 2*&)#.5 .)5 #&#..5 #( ),'.#)(5 -3-.'-5 )'*(#-5 /-5 .)5 '#(.#(5 ."#,5
,/5# 5().5+/.&35)(.,)&&@5 ))%-5(5,),-@5)5-.(,5 ),'.52#-.-5 ),5'#(.#(?
(!)#(!5#-/--#)(5) 5."5(V.-5(5"&&(!-5,&.5 #(!5!(,&5&!,5#( ),'.#)(>5(5.".5&%5) 5-.(,?
.)5#( ),'.#)(5."()&)!35(5#.-5#'*.5)(5.,,#(!5(5 #4.#)(5'35#("##.5."50&)*'(.5) 5)'')(5.))&-5.".5
..#(!5V((#&5,*),.#(!5 ,/5)/&5"&*5&&5-.%")&? )/&55/-5,)--5*&. ),'-5.)5-->5')(#.),>5(5(?
,5!,)/*-5#(.# 35(5,--5."()&)!3?,&.5,#-%-5 ),5 &345&!,5.5 ),50,#)/-5..,#/.-5.".5)/&5)(.,#/.5
,/@5 (5#.#)(>5#.51)/&55(V#&5.)5)(-#,51"."? .)5 ,/5..#)(@5.%")&,-5#(5."5V((#&5,*),.#(!5
,5#.#)(&5),5#'*,)05/-5) 5."()&)!351)/&5("(5 -/**&35 "#(5 '35 1(.5 .)5 )(-#,5 2*&),#(!5 1".",5 5
#(.,(&5)(.,)&5-.,/./,-5(5--#-.5#(5#(.# 3#(!5*).(.#&5 -.(,#45.5 ),'.5 ),5%35&'(.-5) 55)'*(39-5
,//&(.5.#0#.3@5),52'*&>5#(,-5/-5) 5."()&)? !(,&5 &!,5 1)/&5 -#!(#V(.&35 #&#..5 ."5 0&)*?
!35)/&5 #&#..5."5)*,.#)(5(5')(#.),#(!5) 5)(.,)&->5 '(.5) 5.))&-5.)5--#-.5#(5')(#.),#(!>5(&34#(!>5(50&/?
'#.#!.5."5,#-%5) 5"/'(5#(.,0(.#)(>5(5*,)0#5#( ),? .#(!5V((#&5#( ),'.#)(@5
CONCLUSION
"5 9-5 ,)/(.&5 #-/--#)(-5 (5 #(.,0#1-5 /(,? "5)-,0.#)(-5#(5."#-5,*),.5,*,-(.5."5!#((#(!5
-),5.".5.",5#-5()5-#&0,5/&&.5-)&/.#)(5.)5.,,#(!5(5 ) 55 )/-5(5)),#(.5&)(!?.,'5[),.5.)50(5."5
..#(!5 ,/@50,35!,)/*5#(5."5V((#&5,*),.#(!5-/*? .,,(5(5..#)(5) 5V((#&5,*),.#(!5 ,/>51#."5
*&35 "#(5 *&3-5 5 %35 ,)&Z ,)'5 -(#),5 '(!'(.5 .)5 ."5 /&.#'.5 !)&5 ) 5 (V.#(!5 #(0-.),->5 ).",5 /-,-5 ) 5 V?
),->5/#.5)''#..->5#(.,(&5/#.),->5(52.,(&5/? ((#&5,*),.->5(5*,.##*(.-5#(5."5*#.&5',%.-@5"5
#.),-@5"#&5."5,(-?2&35.5"-5&5.)5-#!(#V(.5 5#-5-*#&&35*&-5.".5 >5>5(5"5 5"05
#'*,)0'(.-5#(5V((#&5,*),.#(!5*,)--->5)(.,)&-5(5 !,5.)5$)#(51#."5/-5.)5)&&),.5(50(5."#-5)'?
)0,&&5),*),.5!)0,((>5&&5-/**&35"#(5*,.##*(.-5 *&25(50#.&5#--/@5"55&))%-5 ),1,5.)51),%#(!51#."5
'/-.5'#(.#(550#!#&(.51."5 ),5."5*,-(5) 5."5&? &&5-.%")&,-5#(5."-5(0),-@5
'(.-5) 5."5 ,/5.,#(!&@

Endnotes
5 C@5 @2),2,)-05<::C@5DBBK@5N"..*LAA111@%*'!#( )@)'AA&#**#(!))%ADCBBC(--T

,/T-/,03TW#*A#(2@".'&P555
5 D@5 #-.,..>5/,(@5U&)#..5)&&L5 $),#.352*.5 ),5#((#&5..'(.5,/5()0,5#(5
DBCB>5DBCC5)'*,5.)5."5-.5",5,-@Y5&)#..5#((#&50#-),35,0#-5@5*,#&5DJ>5
DBCB@5N"..*LAA111@&)#..@)'A0#1A(TA/-A,0#-A#((#&?0#-),3?,0#-AIBJGD
FEJDCB!( DBBBBBFD BB@".'P
5 E@5 ,--3>5)(&@5+)2&'#*42 &%0D22+,02 %2+2& #2*0&#&02&2$11#$%+95&()>5
>5,5,--@5CKGE@
5 F@5 )1(-.#(>5),!5(5)..5#%@50')$&+ -+ &%92
)/,(&5) 5 ,%.#(!5-,">5
',#(5 ,%.#(!5--)#.#)(@5DBBJ@55N"..*LAA+)2@1",.)(@/*((@/A)/'(.-A)*#'A
,-,"A3*,').#0.#)(@* P
5 G@5
)"(-)(>5"(>5,&353(>5(5#-)(!5#(@5 %) #2 %%+ -*2%2&)'&)+2),D2
2&,)*2&2 %%+ -*2 ++)925#!-.Z)&/'5EK>5)@5E@55 (-.#./.@5DBBK@5
N"..*LAA111@."+@),!A*/&#.#)(-A /&#.#)(A)&.(#@* P
5 H@5 )&.(#>5",'@52#&*)2&&"2+2 %% #2'&)+ %D2%)*+% %2+2),2 *"*2**& +2
. +2&)'&)+2'&)+ %2 *2 +#2+&2 %+ % %2)% 1+ &%#2##8 %95 (.,(&5/#.),@5
.),5C>5DBBK@5N"..*LAA111@." ,&#,,3@)'A
=&)-,=&))%=.=V((#&=,*),.#(!7E=/(,-.(#(!=."= ,/=,#-%-=@@@?BDCBHBIEFDP
5 I@5 ',#(5 (-.#./.5) 5,.#V5/&#5)/(.(.-@5 %$%+2-)) 2&2&%+)&#*D22
##*2#2&2),2)-%+ &%95DBBG@5N"..*LAA111@#*@),!A),"/&#A
/#.)''#..[.#0(--A/#.)''#..,# A)1(&)&)/'(.-A
'(!'(.7DB)0,,#7DB"#&&-T"&@* P
55 J@5 )''#..5) 5*)(-),#(!5,!(#4.#)(-5) 5."5,135)''#--#)(@5 %+)%#2&%+)&#L
%+)+2)$.&)"92CKKD@
5 K@5 .#)(&5--)#.#)(5) 5),*),.5#,.),-5(5 .-5&&#(5,.(,-@5, %2&)2&-)%%2
##%*L<:;:2%20&%92DBCB@
5CB@5 "5 (-.#./.5) 5 (.,(&5/#.),-@5 %+)%+ &%#2)&** &%#2)+ *2)$.&)"2)+ 2, 72
H% + &%2&2 %+)%#2, + %92<:;:95N"..*LAA111@."##@),!A!/#(A-.(,-?(?!/#(A
#** AV(#.#)(?) ?#(.,(&?/#.#(!AP
5 CC@5 #@5.#)(-5DCDB>5U#-%5 (!'(.Y5(5DCEB>5U)(.,)&@Y
5CD@5 /&#5)'*(35)/(.#(!50,-#!".5),@55.#)(5ECH>5&%* )+ &%2&2),2 %22
%% #2++$%+2, +922 %+) $2, + %2+%)95N"..*LAA*)/-@),!A.(,-A
/#.#(!A!-AECH@-*2P
5CE@5 /&#5)'*(35)/(.#(!50,-#!".5),@55.#)(5EJB>5&$$,% + &%2. +2, +2
&$$ ++*922 %+) $2, + %2+%)92E"..*LAA*)/-@),!A.(,-A/#.#(!A!-A
EJB@-*2PM5/&#5)'*(35)/(.#(!50,-#!".5),@5/#.#(!5.(,5)@5G>5%2, +2&2
%+)%#2&%+)&#2-)2 %% #2'&)+ %2+2 *2 %+)+2. +2%2, +2&2 %% #2++$%+*92
2, + %2+%)92E"..*LAA*)/-@),!A.(,-A/#.#(!A!-A/#.#(!T.(,TG@
-*2P
5CF@5 @52 $'+2&2&*2&2&%,+2&%2&)'&)+2,#+,)D2 *,) %2+2 $$*,)#92DBBH@5

N"..*LAA111@&,(@)'A)-A&,(T)T) T)(/.T1"#.**,@* P
5CG@5 ',#(5 (-.#./.5) 5,.#V5/&#5)/(.(.->5--)#.#)(5) 5,.#V5,/52'#(,->5
(5"5 (-.#./.5) 5 (.,(&5/#.),-@5 % %2+2,* %**2 *"2&2),D22)+ #2, 95
DBBJ@5N"..*LAA111@#*@),!A (.,-.,-A),(-#(&/.#)(A-)/,-A
,/,0(.#)(..#)(-*)(-A)1(&)&)/'(.-A'(!#(!T/-#(--T,#-%T ,/@
* P
5CH@5 #((#&52/.#0-5-,"5)/(.#)(5(5,35/#(@5),2 *"2"# *+D22, 2
&)2**** %2+2 *"2&2 %+)%#2),92DBBI@5N"..*LAA111@V((#&2/.#0-@),!A1A
3('#!@-*2Q-#.OT #81)O , T*/T.#&8*,T%3OHFBIJG?BKGG?FCC?JCB ?
FGECHGFHP
5 CI@5 ),#(!5.)5."5DBBJXDBBK5 2 %+) +02,)-075)(&35GE5*,(.5) 5,-*)((.-5&#05
."351)/&55*,)..5 ,)'5,.&#.#)(>5(5)(&35EK5*,(.5&#05."351)/&55-.#-V5
1#."5."5)/.)'5# 5."35,*),.5'#-)(/.5.)5'(!'(.@
5CJ@5 /#..@5 %+)%#2, + %2%2),D22, +&)4*2&#92DBBK@5N"..*LAA111@/#.(.@),!A
,.#&-A,//,03DBCB@".'P
5CK@5 /,.-"#>5#(35(5)-',35/&&,.)(@52M+2&2)&** &%#2"'+ *$2&%2+2),2
++ &%2" ##*2&2 %+)%#2, +&)*92DBBF@5N"..*LAA**,-@--,(@)'A-)&EA&#0,3@ 'AT
HCIBHDT)EDKKCC@* Q-.,.#OHCIBHD8'#,#OCP
5DB@5 /&#50,-#!".5),@52%#2&%2, +2M+ -%**2'&)+2%2&$$%+ &%*92DBBB@55555555555555555
N"..*LAA111@*)/#.*(&@),!A)1(&)@".'&P
5DC@5 /&#5)'*(35)/(.#(!50,-#!".5),@55.#)(5DEB@BI>5,2)&** &%#2)2 %2+2
)&)$%2&2&)"922 %+) $2, + %2+%)92E"..*LAA*)/-@),!A.(,-A
/#.#(!A!-ADEB@-*2P
5DD@5 5().5CD5)0@
5DE@5 5().5CD5)0@
5DF@5 5().5CD5)0@
5DG@5 5().5CE5)0@

Appendix 1
Participants in CAQ Discussions and In-Depth Interviews
!(5-.,#-%5:<;5#(#.-5#-/--#)(5*,.##*(.-51")5&-)5*,)0#5#(?*."5#(.,0#1-@55
SAN FRANCISCO
#-/--#)(5 ),.),L5,(5'#."
#'5,()&>5"# 5/#.),>5#->5 (@5
0#5,(-.#(>5),',5"# 5)/(.#(!5\,>55 (.,.#05
)"(5@5)"(>5)''#--#)(,>5&# ),(#5/&#5.#&#.#-5)''#--#)(5
0#5@5)(>5(#),5#5,-#(.>5#((5(5)(.,)&>5 135 (@5
,!),35/,%>5"#,>5&# ),(#5)#.35) 5,.#V5)/(.(.-5
)"(5#4>5#.),#&5!5#.),>5(5,(#-)5",)(#&5
)"(5)3&>5#,.),>5),5) 5#,.),->5#&#(2>5 (@5

)!,5@5/(,>5"#,5) 5."5/#.5(5#-%5 (!'(.5)''#..>5(5"#,5) 5."5#((5
)''#..>5#&#)(5&&35(%M5&)&5#5"#,?.#,>5,(-.585)/(!5&)&
,5
@5!&>5(5,(#-)5!#)(&5#,.),>5/,#.#-5(52"(!5)''#--#)(5
#(35),(&&#>52/.#05#,.),>5(.,5 ),5/#.5/&#.35
)..5,)-- &>5"# 52/.#05\,>5--)#.#)(5) 5,.#V5,/52'#(,-5<
#"&5))*,>5)?#5"#,>5)0,(#(!5),>5(.,5 ),5/#.5/&#.3M5,-#(.585"# 5
2/.#05\,>5"5#,.),-95)/(#&55
",&-5@5),(!,(>5"@@>5'/(5@5#..&V&5,) --),5) 5)/(.#(!>5',#./->5.( ),5
(#0,-#.35,/.5"))&5) 5/-#(--5
0#5@5,%,>5"@@>5
'-5 ,0#(5 #&&,5,) --),5) 5)/(.#(!>5.( ),5(#0,-#.35,/.5
"))&5) 5/-#(--<
),'(5 ,%->5#5,-#(.>5)0,((>5#-%5(5)'*&#(>55/-#(--$.-5<
35 .."1->5#5"#,>5#V5),."1-.5 (!#(!5,.(,>5,(-.585)/(!5
,35,.'(5 ),,#->5 (0-.'(.5\,>5),*),.5)0,((Z&)&5+/#.#->5&# ),(#5/&#5
'*&)3-95.#,'(.53-.'5
,%5#-1)(!,>5,.(,>5 55
((."5@5)..>5&*"5 @5,-)(-5,) --),5) 515(5/-#(-->5',#./->5.( ),515"))&5
3(."#5@5)&&#(!,>5,-#(.5(5"# 52/.#05\,>5),(,-.)(5-,">5 (@

NEW YORK
#-/--#)(5 ),.),L,(5'#."
#%5(.&>5"@@>5#&&#'5@5#(%5,) --),5) 5)/(.#(!>5&5"))&5) 5 (!'(.5
(5&&>5"@@>5"# 52/.#05\,>5 (.,(.#)(&5,.#)(5) 5)/(.(.-5<
")'-5@5)(!#),()>5#5,-#(.5(5),*),.5)(.,)&&,>5/-.5#!()-.#-5 (),*),.5
,#5/%-*(>52/.#05 (!#(!5#,.),5(5"# 5/&#.35\,>5.(,585)),9-
)/!&-5@5,'#"&>5"@@>5&#,5(5&#5 -)(5,) --),5) 5)/(.(3>5,/"5)&&!
")'-5
@5)&&#!(>5),',5#,.),5(5"#,5) 5."5/#.5)''#..>5",#(!?&)/!"55
),*),.#)(M5/,,(.&35 ',5) 5."5/#.5)''#..>5\5*).5(5,!/-5

@5 #"&5))%>5"#,5) 5."5/#.5)''#..>5)'-.5),*),.#)(5<5
3(."#5))*,>5"# 52/.#05\,>5))*,,)/*5
#(35),(&&#>52/.#05#,.),>5(.,5 ),5/#.5/&#.35

35)&,!>5#5,-#(.>5 (.,(&5/#.>5%51)5 (.,.#05) .1,>5 (@5
,0),5@5,,#->5"@@>5"5,."/,5
@5',!5,) --),5) 5,) --#)(&5,.#5(5
)?#,.),>5(.,5) 52&&(5#(5)/(.#(!5(5/,#.35(&3-#->5)&/'#5/-#(--5"))&5
#"&5))*,>5)?#5"#,>5)0,(#(!5),>5(.,5 ),5/#.5/&#.3M5,-#(.585"# 5
2/.#05\,>5"5#,.),-95)/(#&55
/-(5#-.,>5,.(,>5.#)(&5#,.),5) 5/#.#(!>55>55<
,35)/#-5 &&#%>5#,-.5*/.35)'*.,)&&,>5..5) 515),%5
#"&5@5 ),(>5#5,-#(.>5&)&5 ,%.-5 (-.#./.>5"5)&'(5"-5,)/*>5 (@5<
),.5@5 ),#.4>5"#,'(5(5(#),5,.(,>5,#1.,")/-))*,-55
)1,5
@5 )-",>5(#),5#5,-#(.>5(,&5/#.),5(5"# 5 ( ),'.#)(5/,#.35\,>5
"5,. ),5#((#&5,0#-5,)/*>5 (@5
&)35),,#->5"# 5#((#&5),,-*)((.>5"515),%5#'-5
&.50&)>5,-#(.>5.#%>55

(.5!!>5(#),5)/(.#(!5(&3-.>5(#'5&)&55
#",5"),(/,!">5 5)/(-&>585.->55<
)'5,!>5),."5',#(5#,.),>5),5) 5#,.),->5"5 (-.#./.5) 5 (.,(&5/#.),-5
0#5@53-"(,>52/.#05#5,-#(.5(5"# 5#((#&5\,>50#-5/!.5,)/*>5 (@5<
CHICAGO
#-/--#)(5 ),.),L,(5'#."
!!35),(>5),',52/.#05#5,-#(.>5(,&5)/(-&5(5,.,3>5,55),*),.#)(M5
/,,(.&35#5,-#(.>5"# 5)0,((5\,5(5),*),.5,.,3>5,/(.#&5<
#(35),(&&#>52/.#05#,.),>5(.,5 ),5/#.5/&#.35
,(5#(->5"#,5) 5."5/#.5)''#..>5\5*).5
,5)&'(>5),*),.5#5,-#(.5(5(,&5)/(-&>5>5 (@5
#"&5))*,>5)?#5"#,>5)0,(#(!5),>5(.,5 ),5/#.5/&#.3M5,-#(.585"# 5
2/.#05\,>5"5#,.),-95)/(#&5
)5/**,->5*/.35"# 52/.#05\,>5&)#..55<
#"&50>5--)#.5 (!#(!5#.),5 ),5/-#(-->5"#!)5,#/(5

)"(5 ,%->5"@@>5,-#(.5(5"# 52/.#05\,>5',#(5--)#.#)(5) 5 (#0#/&5
(0-.),-5
.05,#-.5>5,-#(.>5."#&5,-"#*5,)/*5

,%5/&&#0(>5),',5 (!#(!5#,.),5(55) 5)--5,0(.#)(>5,)&&M5/,,(.&35,#(#*&>555
),(-#5)/(.#(!585 (0-.#!.#05,0#->5,(.5"),(.)(55
."351#(>5#5,-#(.>5 (.,(&5/#.>5"5&&-..5),*),.#)(5<
)..5/>5 (!#(!5#,.),>5#((#&5*),.#(!50#-),->55<5
)"(5,%-&#->5-.5,-#(.>5#((#&52/.#0-5 (.,(.#)(&5Z5"#!)5"*.,M5"#,>5#-.!5
(.,(.#)(&5 (@5<
/,.#-5,-")),>5',#./-5-,"5,) --),>5"))&5) 5)/(.(35(5 >5/&5(#0,-#.3
#(5#((.>5"@@>5--)#.5,) --),5#(5)/(.#(!5 ( ),'.#)(5(5 (!'(.>5&&)!!5
"))&5) 5 (!'(.>5),."1-.,(5(#0,-#.35
)5,>5),',&35"# 5) 5),,-*)((.->5"#!)5/,/>5/-#(--%M5/,,(.&35--)#.5
,) --),>5)&&!5) 5
)/,(&#-'5(5 --5)''/(#.#)(->5(#0,-#.35) 5,-%?#()&(
#&&#'5
@5"#.>5),',5"#,'(5) 5."5),>5&&585)1&&5)'*(3M5/,,(.&35,) --),>5
),.5@5 ),'#%5"))&5) 5(!#(,#(!5(5**&#5#(>5),."1-.,(5(#0,-#.35<
/--5#'(>5),',&35.#)(&5 (!#(!5,.(,5) 5/#.5(50#-),35,0#->5,(.5"),(.)(5
M5/,,(.&35"# 5#((#&5\,>5,(.5"),(.)(552
WASHINGTON DC
#-/--#)(5 ),.),L,(5'#."
.,5,(->5(#),5-"#(!.)(5),,-*)((.>5)25/-#(--51-
,%5@5-&3>5"@@>5&)#..5,) --),5) 5(.,*,#-5#-%5 (!'(.5(5 5 (#.#.#05
#,.),>5),."5,)&#(5..5(#0,-#.35<
(35/%,5)-1&&>5,-#(.5(5"# 52/.#05\,>5,(-*,(35 (.,(.#)(&55
#."5@5,3>52/.#05#,.),>5."#-5(5)'*&#(5\,5--)#.#)(5
)-*"5@5)3&>5 ',5) 5."5/#.5)''#..>5>5 (@5

",&-5 @5&-)(>5!,5@5))&,>5
,@5"#,5#(5),*),.5)0,((>5(5#,.),5) 55
."5
)"(5@5#(,!5(.,5 ),5),*),.5)0,((>5(#0,-#.35) 5&1,5<
#(35),(&&#>52/.#05#,.),>5(.,5 ),5/#.5/&#.35
,#!5,(>5,.(,>5 )0,(585,(>55
.*"(5@5,&(>5"#,5) 5."5/#.5)''#..>5/(,#-5(#),5#0#(!>5 (@M5 5#,.5(%M55
(5 .,5&."5 (@5
),#%5 @5#&&->5"#,'(>5,)!,'5)(5)0,((>5(.,5 ),5.,.!#5(5 (.,(.#)(&5./#-M5
,.(,>5#&&-5.,(585 ),&355
#"&5))*,>5)?#5"#,>5)0,(#(!5),>5(.,5 ),5/#.5/&#.3M5,-#(.585"# 5
2/.#05\,>5"5#,.),-95)/(#&5
/4((5 @5)*!))>5"#,5) 5)'#(.#(!A)0,((5)''#..>5#5&.35,/-.5
0#5 @5
)"(-)(>52/.#05#5,-#(.5(5"# 5#((#&5\,>5((#5 5
(,35#4,>5*/.35"#,'(5(5"# 5*,.#(!5\,>5 55
(5-#%>5)-*#.&#.35 (/-.,35,.(,>5,(-.585)/(!55
&&5 #()1>5#.),5(5)?)/(,>5"5),*),.5#,,35<
)"(5@5&-)(>5,.(,>5#-)(>5/((585,/.",55
#"&5@52&3>5 5)/(-&>5%,585)-..&,55<
)?)((5&',)->5"@@>5,#1.,")/-))*,-5/#.#(!5,) --),>5(#0,-#.35) 5)/.",(5
&# ),(#5 ,-"&&5"))&5) 5/-#(--5
),.5 @5,)&>5,-#(.>5#!".50#-),35M5 ),',&35"# 5#((#&5\,>5@@5,585)@5
&((5@53,(-%#>5(#),5#5,-#(.>5#((#&5)'*&#(>55/,)(2.5
((5,!,>52/.#05#,.),>5)/(#&5) 5 (-.#./.#)(&5 (0-.),-5

LONDON
#-/--#)(5 ),.),L&#05,))%5
0#5&2(,>5#,.),5) 5),(-#5,0#->5'#."5(5#&&#'-)(5<
&##.35(%->55) 5/-#(--51>5 5
/."5(,>5"@@>5,5#(5),*),.5#((#&5.,.!3>5,(V&5(#0,-#.35"))&5) 55
(!'(.5
/&5)3&>5),',5"# 52/.#0>5#((#&5*),.#(!5)/(#&5
.,5/.&,>5)/(,>5,.(,585"# 52/.#05\,>5)0,((5 ),51(,-55
0#5&,%>5..#05/*,#(.((.>55) 5.#)(&5,/5 (.&&#!(5/,/>5#.35) 5)()(5
)&#5
&,#5#->52/.#05#5,-#(.585"# 5#-%5(5)'*&#(5\,>5#-5/,)*5
&((5))3>5),',&35,/5#-%5 (!'(.5*#&#-.>5",.,5 (-.#./.5) 5 (!'(.5
)/(.(.-M5/,,(.&35(#),5 (!,5Z5/-#(--5(%#(!5,/>5,&3-5

)(."(5#-",5>5,,#-.,>5DE5--25.,.5"',-5(5,/50#-),35(&5<
#",5&%>5>5"#,'(>5/#.#(!5,.#-5),>5#((#&5*),.#(!5)/(#&5
#(35),(&&#>52/.#05#,.),>5(.,5 ),5/#.5/&#.35
),.5)!%#(-)(>52/.#05#,.),>5"(#&>5 5
#"&5))*,>5)?#5"#,>5)0,(#(!5),>5(.,5 ),5/#.5/&#.3M5,-#(.585"# 5
2/.#05\,>5"5#,.),-95)/(#&5

((# ,5/!"->5(#),5 ,%.-5),,-*)((.>5#((#&5#'-5
",#-.)*",5/'*",3>5,) --),5) 5)/(.#(!>5 ("-.,5/-#(--5"))&5
,.3(5
)(->5.#)(&5/#.5"(#&5,.(,>5&)#..55
,#!5
)-*"-)(>5!#)(&5(.#? )(35/(,#(!5\,>5 5),.",(5,/-.5
)(&5(.>52/.#05#5,-#(.>55/,)(2.5
.05 -&#(>55) 52.,(&5,) --#)(&5[#,->5,(.5"),(.)(555
&&(5 )(!">5#,.),>5##-5/,)*5#'#.5
#45 /,,&&>5#,.),>5),*),.5)0,((>5 (0-.'(.5 (!'(.5--)@5
#"&59#!!#(->5"#,'(>5/#.5)''#--#)(5

[5)..>5(,&5)/(-&>5-.,(5
.,5'#.">5"#,'(5) 5."5/#.5)''#..>5--)#.5,#.#-"5))-5
3&-5")'*-)(>5"(#&5/#.5,.(,>5 5>5
#)&-5,)(>5-,"5&&)1>5,/!&

Appendix 2
Bibliography
-%&-)(>5(>5 >5>5 >5.5&@5#&#2%&#&02, +2, 2;=D2),2)-%+ &%2%2++ &%2

%2%2,+&$+2&)#92"5 (-.#./.5) 5 (.,(&5/#.),-5-,"5)/(.#)(>5DBBK@
--)#.#)(5) 5,.#V5,/52'#(,-@5<:;:2'&)+2+&2+2+ &%*2&%2,'+ &%#2),2%2,*92
DBCB@5N"..*LAA/.-.@ @)'A,..(A,..(?DBCB@* P
--)#.#)(5) 5,.#V5,/52'#(,-@5<::B2'&)+2+&2+2+ &%2&%2,'+ &%#2),2%2,*92
DBBJ@5N"..*LAA111@ @)'A)/'(.-ADBBJ?,..(@* P
--)#.#)(5) 5,.#V5,/52'#(,-@5,'+ &%#2),D22+,02&2+2 $'+2&2%2&%&$ 2
** &%92DBBK@5N"..*LAA111@ @)'A)/'(.-A)/*.#)(&? ,/@* P
--)#.#)(5) 5,.#V5,/52'#(,-@5&%2+2+2&'D2&.2 %$%+2%2)-%+2),2 %2+2
&)"'#92DBBH@5N"..*LAA111@ @)'A)/'(.-A.)(?.?."?.)*?,-,"@* P
',#(5 (-.#./.5) 5,.#V5/&#5)/(.(.-5/#.5)''#..5[.#0(--5(.,@52, +2
&$$ ++2&&#" +D2,# 2&$'% *75D(5#.#)(@5DBBJ@
',#(5 (-.#./.5) 5,.#V5/&#5)/(.(.-92 %$%+2-)) 2&2&%+)&#*D2
2 ##*2#2&2),2)-%+ &%92DBBG@5N"..*LAA111@#*@),!A),"/&#A
/#.)''#..[.#0(--A/#.)''#..,# A)1(&)&)/'(.-A'(!'(.7DB
)0,,#7DB"#&&-T"&@* P
',#(5 (-.#./.5) 5,.#V5/&#5)/(.(.->5--)#.#)(5) 5,.#V5,/52'#(,->5(5"5
(-.#./.5) 5 (.,(&5/#.),-@5 % %2+2,* %**2 *"2&2),D22)+ #2, 92DBBJ@5N"..*LAA
111@#*@),!A (.,-.,-A),(-#(&/.#)(A-)/,-A
,/,0(.#)(..#)(-*)(-A)1(&)&)/'(.-A'(!#(!T/-#(--T,#-%T ,/@* P
/#..@5 %+)%#2, + %2%2),D22, +&)4*2&#92DBBK@55N"..*LAA111@/#.(.@),!A,.#&-A
,//,03DBCB@".'P
5)(-/&.#(!@52#,2%2M+ -%**2&2&)'&)+2%+ 8),2)&)$*D22&$')%* -2+,02
&2&' *+ +2 %-*+&)*92DBBK@5N"..*LAA111@))(-/&.#(!@)'A,-)/,-A.")/!".?&,-A
[.#0?-/&.-#(&@* P
5)(-/&.#(!5(5#((#&52/.#0-5-,"5)/(.#)(@5)+ &%2&2,+ *2"# *+95DBBK@5
N"..*LAA111@)@)'A,-)/,-A.")/!".?&,-A!/.#-"%&#-.?CK@* P
"#&->5&*"5(5)(35 &)(@5*+2)+ *2 %2+ *2&+# %*D22)$.&)"2&)2)+ %2%2
M+ -2%&%0$&,*2'&)+ %2)&)$92"5.1),%@5DBBK@5N"..*LAA-.!#(!@.(1#(@)'A#,,#-A
"#.T*,-A-.T,.#-T#(T."#-T).&#(-@-W@-"2P
)''#..5) 5*)(-),#(!5,!(#4.#)(-5) 5."5,135)''#--#)(@5),,#%+2 %% #2
'&)+ %D2;CCBJ<::AD2%2%#0* *2&2992,# 2&$'% *92DBCB@5N"..*LAA111@)-)@),!A)/'(.-A
DBCB@* P
)''#..5) 5*)(-),#(!5,!(#4.#)(-5) 5."5,135)''#--#)(@5),,#%+2 %% #2
*),.#(!L5CKJIXCKKIL5(5(&3-#-5) 5@@5/&#5)'*(#-@5CKKK@
)''#..5) 5*)(-),#(!5,!(#4.#)(-5) 5."5,135)''#--#)(@5 %+)%#2&%+)&#L
%+)+2)$.&)"92CKKD@

)'*&#(5%5(5 (.!,#.35 (.,.#05),*),.#)(@5<::C2#&#2 %+) +02,)-092DBBK@5N"..*LAA
111@)'*&#(1%@)'A-ADBBK&)& (.!,#.3/,03@* 5P
,--3>5)(&@5+)2&'#*42 &%0D22+,02 %2+2& #2*0&#&02&2$11#$%+92&()>5 >5
,5,--@5CKGE@
&)#..@5%2 %*2&,+2 %% #2++$%+2),L )2 + &%D22- .2&22%&)$%+2
#**72<:::J<::B92DBBJ@5N"..*LAA111@&)#..@)'A--.-A)'?(#...-A)&7DB
--.-A)/'(.-AT),(-#(.,T/-T -?/-T A/-T T.(T."#(!-T)/.TV((#&T
-..'(.T ,/TDFCCBK@* P
/,.-"#>5#(35(5)-',35/&&,.)(@52M+2&2)&** &%#2"'+ *$2&%2+2),2
++ &%2" ##*2&2 %+)%#2, +&)*92DBBF@5N"..*LAA**,-@--,(@)'A-)&EA&#0,3@ 'AT
HCIBHDT)EDKKCC@* Q-.,.#OHCIBHD8'#,#OCP
,#%-)(>5 ,&>5 #"&&5(&)(>5(51,5 31@2 *2)22 %"2+.%2/,+ -2
&$'%*+ &%2%2&,%+ %2),F2(#0,-#.35) 5"#!)>5DBBF@
,(-.585)/(!@5) - %2+ #2)&.+L.2 )"+*72.2##%*D2;;+2#&#2),2
,)-092DBCB@5N"..*LAA111@3@)'A/&#.#)(A01--.-ATCC."TTT
/,03A6 ATCC."TTT/,03@* P
,(-.585)/(!@5,)&'%2),2,)-02<::CD2 *2 %+) +022*,#+02&2+2&.%+,)%F5DBBK@5N"..*LAA
111@3@)'A/&#.#)(A01--.-A/,)*(T ,/T-/,03TDBBKT?T -T#(.!,#.3TT-/&.3T
) T."T)1(./,(A6 A,(-.7DB87DB)/(!7DB/,)*(7DB ,/7DB-/,037DBDBBK@* P
."#-5-)/,5(.,@5<::C2+ &%#2,* %**2+ *2,)-092DBBK@5N"..*LAA111@."#-@),!A(-A
V&-A(-?V(&@* P
."#-5-)/,5(.,>5.5&@5 %2&)'&)+2 %+) +0D2H% %2+2&#2&2+2 2+ *232
&$'# %2N)92DBBI@5N"..*LAA111@),*),.)'*&#(@),!A)(.(.A0#!.#)( (/A
-)/,-A/,03-ATV(#.#)(TJ?CE?BID@* P
."#-5-)/,5(.,5(5),%#(!5&/-@5) + #2#$%+*2&2%2)% 1+ &%#2+ #2,#+,)92
DBBH@5N"..*LAA111@1),%#(!0&/-@)'ABH),%#(!&/-".*,@* P
#((#&52/.#0-5 (.,(.#)(&@5<::A2,)-02&%2)%*8/#02>:>2 $'#$%++ &%92DBBJ@5
N"..*LAA111@V((#&2/.#0-@),!A1A3('#!@-*2Q-#.OT #81)O , T*/T
.#&8*,T%3OGFBJ?B?FKGG? J?IKFDHJBBP5
#((#&52/.#0-5-,"5)/(.#)(5(5,35/#(@5),2 *"2"# *+D22, 2&)2
**** %2+2 *"2&2 %+)%#2),92DBBI@5N"..*LAA111@V((#&2/.#0-@),!A1A
3('#!@-*2Q-#.OT #81)O , T*/T.#&8*,T%3OHFBIJG?BKGG?FCC?JCB ?
FGECHGFHP
#((#&52/.#0-5-,"5)/(.#)(@5)% %*2, %D22,))%+2++2&2#092),.5
/**,->5#)&5( ),>5(5")'-5")'*-)(>5
,@5DBBK@5N"..*LAA111@V((#&2/.#0-@
),!A1A3('#!@-*2Q-#.OT #81)O , T*/T.#&8*,T%3OGHDDDGG?DB_?FBK?
KD?HKHDDBKFP5
/,..>5."3@5-#&'$%+2&22#2+&2 *,)2)&** &%#2"'+ *$92/#.#(!L55
)/,(&5) 5
,.#5(5"),3Z)&/'5DK>5)@5C@5',#(5)/(.#(!5--)#.#)(@5 35DBCB@

)"(-)(>5"(>5,&353(>5(5#-)(!5#(@5 %) #2 %%+ -*2%2&)'&)+2),D2
2&,)*2&2 %%+ -*2 ++)925#!-.Z)&/'5EK>5)@5E@55 (-.#./.>5DBBK@5N"..*-LAA
111@ #(-.#./.@),!A&,(#(!A*,)/.-A*/&#.#)(-A#!A!-A#!@0EK@(E@EK@-*2Q O)*#T
#-.T8!'O&&P
@5),2,)-02<::C92DBBK@5N111@%*'!#( )@)'AA&#**#(!))%ADCBBC(--T ,/T
-/,03TW#*A#(2@".'&P55
@5),2 *"2 %$%+L-#&' %22+)+02&)2)-%+ &%72++ &%72%2*'&%*92DBBH@5
N"..*LAA111@%*'!@)'AA(A --/-( (-#!".-A,.#&-/&#.#)(-A)/'(.-A @* P
@5 %+) +02,)-02<::BJ<::C92DBBK@5N"..*LAA111@%*'!@)'AA(A --/-( (-#!".-A
,.#&-/&#.#)(-A/,03-A!-A (.!,#.3?/,03?DBBJ@-*2P

5/#.5)''#..5 (-.#./.>5.5&@5 # +*2)&$2+2@+2%%,#2, +2&$$ ++2
**,*2&%)%D2++ %2+2<:;:2%95DBBK@5N"..*LAA111@%*'!#(-.#./.-@)'A#A
#(-#!".-ADBCBA* ADBCB?/#.?)''#..?#--/-?)( ,(?"#!"&#!".-@* P
5/#.5)''#..5 (-.#./.5(5.#)(&5--)#.#)(5) 5),*),.5#,.),-@52, +2
&$$ ++2
&,)%0D2# )+ %2&)2+2G.2&)$#KL<::C2,# 2&$'%02, +2&$$ ++2
$)2,)-095DBBK@5N"..*LAA111@%*'!@)'A&)&A(A --/-( (-#!".-A
,.#&-/&#.#)(-A)/'(.-A/#.?)''#..?$)/,(3?DBBK?'',?-/,03@* P
5/#.5)''#..5 (-.#./.@52, +2&$$ ++2
&,)%0D2)+ %2 %*72'*2%2
-)* +2) &) + *L<::AJ<::B2,# 2&$'%02, +2&$$ ++2 $)2,)-092<::B95
N"..*LAA111@-/,03-@%*'!@)'A#A)-A-/,03-A TT
)/,(3BITBJT @* P5
)1(-.#(>5),!5(5)..5#%@50')$&+ -+ &%92
)/,(&5) 5 ,%.#(!5-,">5
',#(5 ,%.#(!5--)#.#)(@5DBBJ@5N"..*LAA+)2@1",.)(@/*((@/A)/'(.-A)*#'A
,-,"A3*,').#0.#)(@* P
@2+ *2%2&$'# %2 *"2 %$%+D2 $')&- %2,* %**2)&)$%2%2&*+) %22
+)&%2+ #2,#+,)2+)&,22,*+ %#2)&**95DBBI@5N"..*LAA111@&,(@)'A)-A&,(T,#-%T
'(!'(.@* P
@22 $'+2&2&*2&2&%,+2&%2&)'&)+2,#+,)D2 *,) %2+2 $$*,)#92DBBH@5
N"..*LAA111@&,(@)'A)-A&,(T)T) T)(/.T1"#.**,@* P
#-.,..>5/,(@5U&)#..5)&&L5 $),#.352*.5 ),5#((#&5..'(.5,/5()0,5#(5
DBCB>5DBCC5)'*,5.)5."5-.5",5,-@Y5&)#..5#((#&50#-),35,0#-5@5*,#&5DJ>5
DBCB@5N"..*LAA111@&)#..@)'A0#1A(TA/-A,0#-A#((#&?0#-),3?,0#-AIBJGD
FEJDCB!( DBBBBBFD BB@".'P
.#)(&5--)#.#)(5) 5),*),.5#,.),-5(5 .-5&&#(5,.(,-@5, %2&)2&-)%%2
##%*L<:;:2%20&%92DBCB@
.#)(&5--)#.#)(5) 5),*),.5#,.),-5(5."5(.,5 ),5),5,-"#*5(5 .-5&&#(5
,.(,-92'&)+2&2+22#,2 &%2&$$ ** &%L, +2&$$ ++*D22)+ #2, 92DBBF@
.#)(&5--)#.#)(5) 5),*),.5#,.),-5(5."5(.,5 ),5),5,-"#*5(5 .-5&&#(5
,.(,-@5'&)+2&2+22#,2 &%2&$$ ** &%2&%2, +2&$$ ++*92DBCB@5
.#)(&5--)#.#)(5) 5),*),.5#,.),-5(5."5(.,5 ),5),5,-"#*5(5 .-5&&#(5
,.(,-@5'&)+2&2+22#,2 &%2&$$ ** &%2&%2 *"2&-)%%D2#% %2 *"2%2
.)92DBBK@5
.#)(&5--)#.#)(5) 5),*),.5#,.),-5(5."5(.,5 ),5),5,-"#*@5'&)+2&2+2
2#,2 &%2&$$ ** &%2&%2&)2-#,+ &%D2 $')&- %2 )+&)2M+ -%**L<::?2
+ &%92DBBG@5
&-)(>5 ,%@52 &#2%2 +)+,)2- .2&2)&** &%#2"'+ *$2 %2, + %92/#.#(!L5
5
)/,(&5) 5,.#5(5"),3Z)&/'5DJ>5)@5D@5',#(5)/(.#(!5--)#.#)(@55
)0',5DBBK@
0,-#!".53-.'-5 (@5<::?2-)* +20*+$*2'&)+2&%2&)'&)+2),95DBBG@5N"..*LAA111@
)0,-#!".-3-.'-@)'A1"#.**,-A0,-#!".T3-.'-T/,03T)(T,/@* P
/&#5)'*(35)/(.#(!50,-#!".5),@55.#)(5DEB@BI>5,2)&** &%#2)2 %2+2
)&)$%2&2&)"922 %+) $2, + %2+%)95N"..*LAA*)/-@),!A.(,-A/#.#(!A
!-ADEB@-*2P
/&#5)'*(35)/(.#(!50,-#!".5),@55.#)(5ECH@BC>5&%* )+ &%2&2),2 %22
%% #2++$%+2, +922 %+) $2, + %2+%)95N"..*LAA*)/-@),!A.(,-A
/#.#(!A!-AECH@-*2P
/&#5)'*(35)/(.#(!50,-#!".5),@55.#)(5EJB>5&$$,% + &%2. +2, +2
&$$ ++*922 %+) $2, + %2+%)95N"..*LAA*)/-@),!A.(,-A/#.#(!A!-A
EJB@-*2P
/&#5)'*(35)/(.#(!50,-#!".5),@5/#.#(!5.(,5)@5G>5%2, +2&2 %+)%#2&%+)&#2
-)2 %% #2'&)+ %2+2 *2 %+)+2. +2%2, +2&2 %% #2++$%+*922, + %2
+%)95N"..*LAA*)/-@),!A.(,-A/#.#(!A!-A/#.#(!T.(,TG@-*2P

/&#50,-#!".5),@52%#2&%2, +2M+ -%**2'&)+2%2&$$%+ &%*95DBBB@5555555555
N"..*LAA111@*)/#.*(&@),!A)1(&)@".'&P
,#1.,")/-))*,-@5<::C2#&#2&%&$ 2) $2,)-092DBBK@5N"..*LAA111@*1@)'A/-A(A
),(-#?-,0#-A*/&#.#)(-ADBBK?!&)&?)()'#?,#'?-/,03@$".'&P5
,#1.,")/-))*,-@5&%&$ 2) $2 %22&.%+,)%D22?+2#&#2&%&$ 2) $2,)-0L
% +2++*2,''#$%+92DBBK@5N"..*LAA111@*1@)'A/-A(A ),(-#?-,0#-A*/&#.#)(-A
--.-ADBBK?!&)&?)()'#?-/,03?/-?-/**&'(.@* P
).">5
'->5">5 >5@5*+2)+ *D2-#,+ %2+2&)'&)+2,#+,)92"5 (-.#./.5) 5
(.,(&5/#.),->5DBCB@
)&.(#>5",'@52#&*)2&&"2+2 %% #2'&)+ %D2%)*+% %2+2),2 *"*2**& +2
. +2&)'&)+2'&)+ %2 *2 +#2+&2 %+ % %2)% 1+ &%#2##8 %92DBBK@5
N"..*LAA111@."+@),!A*/&#.#)(-A /&#.#)(A)&.(#@* P5
"5-*(5 (-.#./.@5-)&$ %2&)+8)$ *$D22##2&)22 &)2*'&%* #2'')&2+&2
%-*+$%+2%2,* %**2 %$%+92DBBK@5N"..*LAA111@-*(#(-.#./.@),!A-#.-A /&.AV&-A
)(.(.A#'!-A0,)'#(!7DB"),.?.,'#-'7DB-*(7DBCGBK@* P
"5 (-.#./.5) 5 (.,(&5/#.),-5(5/#.52/.#05(.,@5%&.#2#)+D2$) %2)%*2 %2
),2 *"*95DBCB@5N111@."##@),!A)1(&)@ 'QV&OEGKFEP
"5 (-.#./.5) 5 (.,(&5/#.),-@5 %+)%+ &%#2)&** &%#2)+ *2)$.&)"2)+ 2, D2
H% + &%2&2 %+)%#2, + %92DBCB@5N"..*LAA111@."##@),!A!/#(A-.(,-?(?!/#(A
#** AV(#.#)(?) ?#(.,(&?/#.#(!AP
"5 (-.#./.5) 5 (.,(&5/#.),-@5 %+)%+ &%#2)&** &%#2)+ *2)$.&)"2)+ 2, D2
%+)%#2, + %2%2),92DBBK@5
)(&&)>5 ..)5(5"5)( ,(5),>5 (@5- * + %2+&"2 )"+2&)+8)$ *$95DBBH@5
N"..*LAA--,(@)'A-.,.OKEJFHHP
)/(!>5 #"&5@5&,%+ %2 )),#) + *2%2 %% #2),D22&)'&)+2&-)%%2, 92
@5DBBH@

Appendix 3
Methodological Statement
"#-5,*),.51-5,.5/-#(!55)'#(.#)(5) 5*,#',35,-,"5."(#+/-5(5-)(,35-./#-5
)(550,#.35) 5.)*#-5.#(!5%5**,)2#'.&35CB53,-@
"5*,#',35,-,"5."(#+/-5'*&)35 ),5."#-5-./351,5-5 )&&)1-L
³5 "5(.,5 ),5/#.5/&#.35)(0(5'),.5,)/(.&5#-/--#)(-5#(5 )/,5@@5#.#-5(5

)()(51#."5'),5."(5CBB5#(0#.5,*,-(..#0-5) 5%35-.%")&,->5#(&/#(!5),*),.5
2/.#0->5'',-5) 5),-5(5/#.5)''#..->5#(.,(&5/#.),->52.,(&5/#.),->5 ,/5
-*#&#-.->5#(0-.),->5,!/&.),->5(5'#-@55
³5 (?*."5#(.,0#1-51#."55-/-.5) 5,*,-(..#0-5 ,)'5."5-.%")&,-51")5*,.##*.5#(5."5
'),.5#-/--#)(-51,5)(/.535(5)/.-#5#(*((.5,-,"5V,'@5
"5#( ),'.#)(5!&(5 ,)'5."5'),.5,)/(.&5#-/--#)(-5(5#(.,0#1-5"-5(5

-/**&'(.535-)(,35,-,"5)(/.5355(/',5) 5),!(#4.#)(-5:-5#&#)!,*"3;@55
601 13th Street, NW

Suite 800N
Washington, D.C. 20005
202.609.8120
www.TheCAQ.org
Section 3
5 C’s of Fraud
November 10, 2010

THE 5 C’s OF FRAUD
To detect fraud, it is important to understand the steps people go through to perpetrate fraud in
each fraud scheme:
1. Commit the fraud (how they misappropriate assets or misstate financial statements)
2. Conceal the fraud
3. Convert their fraudulent actions to personal gain
At each step:
• Perpetrators can be detected because the action results in one or more red flags (risk
factors). For example, overstating inventory distorts inventory ratios
• Companies can implement controls to prevent fraud
The last 2 C’s are how the manager/auditor can:

4. Catch (detect) each fraud scheme
5. Control (prevent) the fraud
We look at the first three C’s to be able to perform the last 2 C’s, which are the two most
important. It is hard to detect/prevent something you do not understand.
Focusing on a particular company’s pressures, opportunities, and rationalizations helps

determine what fraud schemes are most likely.
Knowing what fraud schemes are most likely makes it easier to focus on the 5 C’s. This can:
• Keep audit brainstorming sessions from being mundane, repetitive or cookie-cutter from
one client to another
• Help those in industry/government to do the same for a similar review
This approach can be used to examine schemes used to perpetrate misappropriation of assets (the
most frequent type of fraud) as well as fraudulent financial statements (which happen less
frequently, but are much larger and much more publicized).
As we examine fraud schemes, we can use the following format to understand:
• Define: The nature of the fraud scheme

• Commit: How the fraud is committed
• Conceal: How the fraud is concealed
• Convert: How the perpetrator converts their fraudulent actions to personal gain
• Catch: Conditions (red flags) indicating this type of fraud may have occurred.
These red flags are used to detect the fraud scheme
• Control: How to prevent, or control, a particular type of fraud
Five C’s of Fraud Schemes

1
Sec. 3
EMPLOYEE FRAUD
For our purposes, misappropriations of assets can be divided into two categories:
1. Theft of cash or cash equivalents
2. Theft of assets other than cash (inventory, tools, fixed assets)
Cash schemes can be divided into three categories:

1. Cash receipts before cash is recorded on company books
o ACFE: 32% of cash frauds; average loss =$70,000
2. Theft of cash after recorded on company books
o ACFE: 9% of cash frauds; average loss = $25,000
3. Cash disbursements. Perpetrator tricks company into fund disbursements
o ACFE: 71% of frauds; average loss = $100,000
Here some examples of these three types of theft of cash frauds
Cash Inflows Asset Theft Cash Outflows

Steal cash at point-of-sale Cash False cash register disbursement
Steal cash received in mail Interest Skimming Payroll frauds
Understate sales Inventory Reimbursement/refund frauds
Understate receivables Supplies, equipment Fictitious vendors/invoices
Unauthorized use of assets Pay personal expenses with company funds
Fixed assets Check tampering
Information Credit card fraud
Procurement fraud / kickbacks
Check Kiting
Loan frauds (fictitious borrowers, inflated
amounts)
CASH RECEIPTS FRAUD

Cash receipts fraud is stealing cash anywhere funds enter company. It is also known as
skimming.
A cash receipts fraud is particularly hard to detect if it is “off-the-books” because:

• There is no record of the sale
• There are no entries in the accounting records
• There is no audit trail
The risk of cash receipt fraud is highest at the point of sale, when cash is received from a
customer.
STEALING CASH at the POINT-OF-SALE

2
Sec. 3
POINT-OF-SALE THEFT
Cash register employees often steal cash receipts. They sell goods or service, pocket the
payment, and don’t enter payment in the register or enter the payment in accounting records.
POINT-OF-SALE THEFT CONVERSION
When cash is stolen, no conversion is necessary. Very large amounts may have to be laundered.
POINT-OF-SALE THEFT CONCEALMENT
There is no need to conceal theft of an unrecorded sale, as it is “off-book.” However, the

perpetrator must conceal the cash until it is removed from company premises.
To conceal the fact that a sale took place the perpetrator may:
• Not ring up the sale
• Ring it up as a no-sale
• Not create a sales document or receipt
• Destroy or alter the sales record or cash register tape
• Rig the register to not record sales on tapes
• Make sale off-site or outside of normal business hours and not record or report sale
• Lap sales receipts (steal Monday receipts, turn in Tuesday receipts)
CATCH POINT-OF-SALE THEFT
When cash is stolen at the point of sale, one of more of these red flags is often noticeable:
• Inventory is lower than the records show
• Gaps appear in pre-numbered transactions
• Tampering is physically evident with receipts, tapes, or cash registers
• Register tapes or other records are missing
• Differences between customer & company records exist
• Lower than expected revenues occur with a specific person or location involved
• Poor record keeping or collection procedures occur
CONTROL POINT-OF-SALE THEFT
Organizations can put the following controls into place to control cash receipt fraud:
• Use cash registers with internal tapes that the employee cannot manipulate. At the end of
each point-of-sale employee’s shift, compare the sales per the cash register tapes to the
actual cash in the till. At the end of their shifts, employees can usually ensure that the
amount of cash in the till is the same as the amount of sales recorded in the register. So, it
is important to periodically conduct surprise cash counts during an employee’s shift.
• Have separate individuals perform the following cash handling duties: cash receipts, cash
counts, bank deposits, deposit receipt reconciliation, posting of deposits, and cash

3
Sec. 3
disbursements.
• Cluster cash registers to enhance the visibility of transactions and use an elevated
supervisor station and video surveillance. This makes surveillance of cash receipts clerks
easier and less obvious.
• Teach supervisory personnel to spot the markers that employees use to keep track of the
amount of money that they have stolen. Oftentimes employees will put money in the
register even though they do not ring up the sale so that customers do not get suspicious.
When they do that, they need to keep track of how much money they have not rung up.
To do so, they will often place a marker (such as a penny for $1, a nickel for $5, etc.)
somewhere near the register so they know how much money to remove from the register
when they are not observed.
• Make hiding the theft of cash difficult by using techniques such as close supervision,
cash registers and clerks, video surveillance of employee lounges or rooms where they
store personal belongings during work hours, and not having pockets in employee
uniforms.
• Motivate customers to ask for a receipt. For example, some ice cream stores prominently
display signs that state that if your receipt has a star on it, you qualify for a free ice cream
cone. As a result, customers are more inclined to insist on a receipt, making it difficult
for the clerk to pocket the money without placing it in the register.
• Reconcile inventory often to spot high shrinkage (the amount per the books should agree
to the amount in stock). High shrinkage is often a sign of unrecorded sales cash receipts
theft.
• Monitor each register and cash receipts clerks for the number and amount of “No Sale”
transactions taking place. One good way to skim cash is to ring up a sale as a “No Sale”
rather than a sale, place the cash in the register, and then later remove the cash when
there is little risk of being observed.
• On a daily basis, account for all sequentially numbered receipts so that an employee
cannot give out a receipt to a customer and then destroy the company’s copy to hide the
theft. Likewise account for the numerical sequence of cash receipt transactions.
• Account for the numerical sequence of all cash register transactions. One enterprising
manager opened a store two hours early and pocketed all the sales during those hours.
This fraud could have been detected if someone other than the manager had, on a daily
basis, compared the prior day’s cash register transaction ending number with the next
day’s beginning cash register transaction number.
• Do not allow any unauthorized cash registers and account for all store registers on a
periodic basis. Another manager installed an extra cash register in a store and stole all
the cash receipts rung up on that register. Since the store owners did not know about the
extra register, the manager never had to report those sales. He simply destroyed the cash
register tapes for that machine and pocketed the cash.
• Test for unusual relationships. When a fraud is perpetrated, especially if the amount is
large, something is often out of balance. For example, if there were a large quantity of
unrecorded sales there would probably be a drop in gross profit margin. Auditors try and
uncover these anomalies (“this figure or relationship doesn’t make sense”) using
analytical procedures, ratios, vertical and horizontal analyses of sales accounts, and other
types of relationship tests. For control purposes, the tests that are most likely to detect a
given fraud scheme (if I skimmed cash receipts, what would most likely be out of kilter

4
Sec. 3
and how can I test for that relationship) should be identified and the tests performed
periodically. For example, cash receipt clerks can be compared to other clerks working at
the same time to test if any of them consistently have lower revenues than the others. You
can also analyze trends such as sales to inventory, cost of goods sold per employee,
average unit sales price, and the number of discounts, coupons, and over rings per
employee or workstation.
• Periodically inspect register tapes, cash registers, and a sampling of receipts (such as
when customers are leaving the store) for physical evidence of tampering. Scrutinize all
handwritten receipts.
• Find appropriate uses of electronic surveillance devices, such as video cameras.
• Employ secret shoppers to observe clerks and to determine if control procedures are
followed.
• Take out bond insurance on all employees handling cash receipts.
• Deposit all cash receipts daily.
• Monitor the lifestyle changes of all cash receipts clerks.
• Spot-check the authenticity of customer discounts.
• Set up a customer hot line so any unethical conduct can be reported.
• Conduct customer satisfaction surveys that also verify the price that was paid, the mode
of payment, etc.
MAIL RECEIPTS THEFT
COMMIT
• Stealing cash or checks before entering into accounting system

• The most likely target: payments not missed, such as late fees
CONCEAL
Cash receipt fraud is the most difficult to conceal because:

• Customer payments (A/R) are expected by company
• If there is no payment, a past due notice is sent to customer who complain
• There is evidence to prove it: a canceled check
• A stolen check is cashed or deposited in a bank account
• The endorsement or bank stamp can trail back to the perpetrator
Concealment methods
• Most popular: lapping accounts receivable
• Destroy or alter transaction records
• Issue fake discount or credit memo to write off A/R
• Intercept or alter customer statements or late notices
• Journal entry write-off: contra revenue, bad debts, other A/R
• If a prepayment for goods: steal inventory, send it to customer
CONVERT

5
Sec. 3
Stolen checks can be converted to personal use by:
• Forging an endorsement or using a dual endorsement
• Setting up a false account (Smit Foods instead of Smith Foods) and depositing checks to
that account
• Altering the check payee to the employee or a controlled company
• Substituting a check for cash somewhere in the company
• Colluding with a bank employee to cash a check
CATCH MAIL RECEIPTS THEFT
• Different customer and company payment amounts and balances owed

• Differences between CR journal, deposit slips, and A/R journal
• Cash amount or number of checks not the same as that shown in the CR journal
• Unauthorized or unexplained discounts, write-offs, or write-downs of customer accounts
• Illogical debits used to balance A/R
• Employee who opens, processes CR refuses to allow anyone to perform her duties
• Only one unsupervised person opens the mail
• Lapping schemes often require second set of books
• Inadequate separation of duties
For example:
o Employee who posts payments also posts or adjusts A/R
o Employee who receives payments posts them
CONTROL MAIL RECEIPTS THEFT
To control the theft of cash and checks received in the mail:

• Properly segregate accounting duties so that it is difficult for a person to both commit and
conceal a fraud. Implement and enforce separation of duties:
o Separate the custody of cash (cash receipts function) and the recording the A/R
payment.
o Separate the receivables recording function from the sales recording function.
o Restrict access to journals and ledgers to authorized personnel. For example, the A/R
bookkeeper should not handle sales transactions, handle cash receipts, prepare the
bank deposit, or maintain the cash receipts journal.
o Have a person independent of the cashier or the A/R function handle customer
complaints.
o Have someone independent of the A/R clerk send out monthly statements.
o Separate recording deposits and preparing statements.
• Make the theft of cash and checks received in the mail and the concealment of the fraud
more difficult by using some combination of the following:
o Close supervision.
o Require two people to open the mail in a clearly visible area.
o Rotate mail-opening duties; look for revenue variances based upon who opens the
mail.

6
Sec. 3
o Log in all cash receipts as each envelope is opened.
o Stamp "for deposit only" on all incoming checks.
o Require management to be present when the mail is opened.
o Use video surveillance of the mail room and rooms where employees store their
personal belongings during work hours.
o Forward all stamped checks to a separate person responsible for preparing the deposit
slip.
o Send a copy of the deposit slip and a list of the cash receipts and their total to a third
person, who agrees the list to the deposit slip and the amounts entered into the cash
receipts journal and the A/R ledger.
o Log all mail receipts and compare the receipts to deposit slips and other books of
record (Cash Receipts journal, A/R ledgers, etc.).
o Reconcile the number of envelopes received to the number of checks received.
Maintain control of all envelopes and monitor the trash for discarded envelopes.
• Maintain the following controls with respect to company/customer interaction:
o Mail monthly statements and request that any differences be reported to the company
o Control statements so they cannot be stolen or altered by employees.
o To prevent an employee from changing a customer’s address so that it can be sent to
him, put proper computer controls over data files and programs in place.
o Send late notices to all customers that are overdue on their payments.
o If cost effective, send an acknowledgment of all cash receipts.
• With respect to banks:
o Instruct the bank to only deposit (never cash) checks made out to the company and to
never cash a check made out to the company if it has a dual endorsement.
o Use a bank lock box, where the bank performs all mail receipt functions such as
opening the mail and depositing the checks.
o Periodically survey local banks to find account names similar to that of your
organization.
o Close all unused accounts. One fraud was perpetrated by an employee depositing
checks into a forgotten account that the perpetrator had managed to get signatory
control over.
• With respect to employees:
o Monitor employee activities, as employees who lap often have excessive weekend
work or work after business hours to keep a second, unauthorized set of books. This
set of books can often be found by searching a suspected perpetrators work area.
o Enforce mandatory vacations and job rotations. Lapping schemes are very difficult to
conceal if the perpetrator is required to take a two week vacation each year.
o Take out bond insurance on all employees handling cash receipts.
o Monitor the lifestyle changes of employees with access to cash.
o Do not deliver unopened business mail to personnel with access to accounting
records.
• With respect to A/R adjustments:
o Require supervisory approval on all write-offs.
o Conduct surprise cash counts and audits and publicize that they will occur randomly.
o Periodically scan customer accounts looking for either an unusually high number or
any unexplained: discounts, write-offs, write-downs, or other unusual debits to A/R.

7
Sec. 3
o Review write-offs, looking for patterns with respect to amounts, employees and cus-
tomers.
o Spot check documentation for A/R adjustments to determine if:
There is a delay between payment and posting dates
Payments match open invoice amount(s)
The name on the deposit is the name in the A/R ledger
Daily deposits match A/R postings
o Create an exception report for alterations to A/R.
o Periodically scan journal entries for illogical debits used to balance A/R or adjust
cash or inventory balances.
o Audit debits to dormant accounts. For example, a perpetrator stole a $1000 payment
from Jones, Inc. To hide the theft, she credits Jones’ A/R and debits an expense, such
as miscellaneous expenses, or another A/R that will soon be written off as
uncollectible. This no logical reason for this type of entry to be made and it should be
thoroughly investigated.
o Test for inventory shrinkage using analytical procedures, ratios, and other relationship
tests.
o Send confirmation statements to vendors. Monitor and follow up on customer com-
plaints.
o Verify aging reports for accounts that have little or no payment activity.
UNDERSTATE SALES AND RECEIVABLES
Understating sales and receivables is a variation of point of sale and mail receipt theft. The
difference is that in the other two methods all the money from a transaction is stolen. Here, a
portion of sales or A/R payments are reported and the rest are skimmed.
COMMIT
• Under ring a sale, steal the difference at the point of sale

• Correct sales price, but smaller quantity
• Correct quantity, but lower sales price
• Fake discount or altered sales document
• Mail receipts: Under record the payment, skim the rest
CONCEAL
• Issue fake discount or credit memo

• Lapping
• Destroy transaction records
• Send statement showing stolen payment applied to customer account
• Can alter customer statement or create false one
• Intercept customer statement to prevent it being sent
• Pad inventory to conceal shrinkage
• Post payment to affected account, debit another A/R

8
Sec. 3
• Write off to contra revenue or bad debts
• Collude with an outside party. For example, a cashier colluded with a famous football
player at a Florida University. The player obtained hundreds of dollars’ worth of clothes
for a very small payment
• Provide customer with a full price receipt, while providing a different (usually altered)
receipt for bookkeeping purposes
CONVERT
• Dual or forged endorsements

• Deposit to a bank account with a very similar name
• Altered payee designation
• Substitute check for cash
• Collude with bank employee to cash check
CATCH UNDERSTATED SALES AND ACCOUNTS RECEIVABLE
• Inventory is lower than the records show

• There is physical evidence of tampering with receipts or register tapes
• Register tapes or other records are missing
• Difference between customer and company records
• Unauthorized or unexplained discounts are given
• No separation of A/R duties
• Employee posts payments and enters or adjusts A/R items
• Employee receives and posts payments
CONTROL UNDERSTATED SALES AND RECEIVABLES
• Segregate duties, proper personnel policies (mandatory vacations, rotate duties), and
examine write-offs as previously discussed
• Spot-check:
o Credit sales were posted to A/R accounts
o Customer discounts are authentic
o Goods shipped records agree to payment received records
o Compare customer's copy of receipt to store's copy
• Check receipts/invoices for alterations and scrutinize handwritten receipts
• Perform regular and surprise audits and frequent, unannounced cash and inventory counts
• Send account balance letters and customer satisfaction surveys to verify price paid, mode
of payment, etc.
• Monitor and follow up on all customer complaints
• Analyze trends such as
o Sales to inventory
o Gross profit margins
o Cost of goods sold per employee
o Average unit sales price

9
Sec. 3
o Salesperson's profit margins
o Number of discounts, coupons, and over rings per employee or workstation
• Reconcile accounts with bank records
• Have a hot line to report unethical conduct
THEFT OF CASH
Theft of cash fraud is stealing cash or cash equivalents that have already been entered into the
system. All companies are vulnerable, especially where there is a high volume of activity or a
high volume of transactions.
Because there has been an entry in company books:

• Theft is more easily noted than with CR fraud
• It is more difficult to conceal; it is “on-the-books”
Theft of cash is the least frequent and least successful cash fraud. It also results in the smallest
company losses.
There are two types of cash theft to discuss:

1. Cash register or cash drawer theft
2. Deposit theft
CASH REGISTER THEFT
Most cash is stolen from a cash register, drawer, or box.

• Stored cash is accessible to many employees
• High activity and/or multiple transactions serve as a cover for removing cash and
concealing the theft
COMMIT
• Remove cash as part of a sale

• Ring up a No Sale when no one is looking
• Relatively easy to commit, much harder to conceal theft
CONCEAL
• Steal cash from another register or cash drawer, placing suspicion on another employee
• Steal small amounts, saying imbalance is an error
• Cover with personal check; ensure it is not cashed
• Cover with an unused, fictitious transfer ticket
• Process false voids or refunds to reduce the amount of cash reflected on the register tape
• Use balancing entries: a write-off to contra revenue, a bad debt, or to another A/R
account
• Falsify the cash count so it includes the amount of stolen funds

10
Sec. 3
• Alter or destroy register tapes
CONVERT
• If cash is stolen, no conversion is required

• Cash equivalents are converted as previously discussed
CATCH CASH REGISTER THEFT
• Cash counts and register records don’t reconcile

• Personal checks in an employee’s cash drawer
• Refunds or voids without supporting documentation or authorization
• Inventory lower than it should be
• A register tape that has been altered or is missing
• Incorrect cash counts
• Inadequate separation of duties (custody of, authorizing, and recording cash)
CONTROL CASH REGISTER THEFT
To control cash register theft, put into place the following controls:
• Use registers with internal tapes that employees cannot manipulate. At the end of each
employee shift, reconcile the cash in the register with sales figures, returns, and other
transactions on the tapes. Make sure the cash in the register does not include personal
checks from employees. Since employees can usually ensure that cash in the till is the
same as the register sales at the end of their shifts, periodically conduct surprise cash
counts during employee shifts.
• Have separate individuals perform the following cash handling duties: cash receipts, cash
counts, bank deposits, deposit receipt reconciliation, posting of deposits, and cash
disbursements.
• Account for the numerical sequence of all cash register transactions as employees may
remove transactions from tapes to hide their theft.
• Cluster cash registers to enhance the visibility of transactions. Use elevated supervisor
stations and video camera to make surveillance of cash registers easier and less obvious.
amount of money that they have stolen.
• Make hiding the theft of cash difficult with: close supervision, cash registers and clerks,
video surveillance of employee lounges or locker rooms, and no pockets in employee
uniforms.
• Track overages/shortages by employee to help prevent the theft of small amounts of
money over long periods of time.
• Monitor each cash register and cash receipts clerk for the number and amount of “No
Sale” transactions.
• Periodically remove excess cash from the cash register to minimize the amount of cash
kept in each register.
• Review and analyze all journal entries to cash. Employees who can’t conceal fraud by

11
Sec. 3
altering source documents may conceal it by making journal entries to cash.
• Regularly examine reversing transactions, such as voids or refunds, which can be used to
reduce the amount of cash shown on the register tape to the amount of cash on hand after
a theft.
• Periodically inspect register tapes and cash registers for physical evidence of tampering.
• Spot check all cash counts. Sometimes employees remove cash from a cash count
envelope and alter the cash receipts tapes after the cash has been counted. This is
controlled by listing all original cash counts and comparing that count to test counts of
the cash envelopes as they are prepared for bank deposit.
• Deposit all cash on a daily basis. Do not leave cash in cash drawers or cash registers
overnight. Make sure that all cash, register tapes, and other documentation are delivered
to the appropriate personnel in a timely manner.
• Restrict access to cash registers to authorized personnel and maintain confidentiality of
register access codes.
• Take out bond insurance on all employees handling cash receipts.
• Monitor the lifestyle changes of all employees with access to cash.
• Set up a hot line so customers and employees can report any unethical conduct they
observe.
• Test for unusual relationships that indicate cash register theft.
BANK DEPOSIT THEFT
Most organizations gather cash receipts, prepare a bank deposit, and take the deposit to the bank.
Without proper controls, cash is vulnerable to being stolen before it is deposited in the bank.
COMMIT
• Take cash from a bank deposit
CONCEAL
• Prepare false deposit slips and falsifying entries in the books of record
• Show stolen funds as a deposit in transit
• Alter the receipt from the bank to show an inflated deposit
• Lap deposits; steal part of one day’s deposit, use some of next day’s deposit to cover it
CONVERT
• If cash is stolen, no conversion is required

• Checks are converted as previously discussed
CATCH BANK DEPOSIT THEFT
• The same person prepares bank deposit, takes it to the bank, reconciles bank statements,
enters deposit slip data into company records

12
Sec. 3
• Bank deposit receipts that do not match the cash receipts journal or the deposit slips
• Deposit slips that do not match the cash receipts journal
• Bank statements and company records that do not reconcile
• Deposits that are not made in a timely manner
• Cash on hand or in bank that is lower than the records show
• Bank receipts, deposit slips, or bank statements that show evidence of alteration
CONTROL BANK DEPOSIT THEFT
To control theft from bank deposits, put into place the following controls:
• Deposit all cash receipts daily
• Reconcile daily deposit slips and entries to the cash receipts journal and A/R ledger.
Match the amounts entered and the composition of the payments (number of checks and
the amount of cash) to prevent a perpetrator from substituting a stolen check for cash.
• Make sure that two people are involved in preparing, posting, and delivering the bank
deposit.
• Have different people prepare the deposit, make the deposit, enter deposit information
into the appropriate journals and ledgers, and reconcile the bank statement and company
accounts.
• Rotate the duty of making the deposit.
• Do not leave a bank deposit unattended after it is prepared. Lock it in a company safe
until it is time to take it to the bank. Do not leave cash and deposits on company premises
overnight.
• Have an armored car service pick up bank deposits so that money can note be stolen from
the deposit on its way to the bank.
• Periodically inspect deposit slips, cash listings, and receipts looking for physical
alterations.
• Use video surveillance of the person making the deposit and the place where is it
prepared.
• Institute and enforce procedures to ensure that deposits for outside locations are received
on a timely basis by the central office.
• Take out bond insurance on all employees handling bank deposits.
• Conduct surprise cash counts and audits; publicize that they will occur randomly
• Reconcile cash as it flows through the organization. Compare all original cash listings
(cash register counts, cash and checks received in the mail, etc.) to cash entered on the
deposit slip. Compare cash actually deposited (deposit slips returned by the bank) to a
company copy of the deposit slip and the original cash listings. Ensure the amounts
entered, as well as payment composition (number of checks and cash amount) match to
prevent substituting a stolen check for cash. All documents should be compared to the
books of original entry (cash receipts journal, sales journal). Do this on a daily basis, if
possible. When bank statements are received, compare them to the above mentioned
company records.
• Audit any exceptions to a two-day clear.
• Monitor lifestyle changes of employees who prepare, post, and deliver deposits.

13
Sec. 3
CASH DISBURSEMENT FRAUD
1. Fraudulent billing (A/P) disbursements

2. Fraudulent expense reimbursements

3. Fraudulent payroll disbursements

4. Fraudulent cash register disbursements

5. Check tampering (disbursement checks)

FALSE BILLING FRAUD
Two basic types of false billing fraud:

1. Perpetrator creates a false voucher or submits false invoices to the company. Based on
the false documents, a payment is issued for the fictitious or overpriced goods or services.
The perpetrator collects the fraudulent checks and cashes (converts) them.
2. Buy personal goods or services with company money.
Most false billing frauds involve a service. It is easier to conceal a never performed service than
goods never received.
False billing fraud is one of most common forms of asset theft because:
• The perpetrator does not have to take the risk of removing assets from the company
premise. Instead they submit a false claim against the company and the company
willingly mails them a check.
• There is lots of money to be had. The loss per incident is the highest among asset
misappropriation schemes.
• A lot of money is legitimately spent in organizations, which sometimes makes billing
fraud easier to conceal.
The most common billing schemes involve setting up one or more fake vendors.
COMMIT
There are five different ways to commit false billing fraud:
1. Fictitious Vendor

14
Sec. 3
• Create a fictitious vendor
• Open a bank account under the fictitious name
• Bill the company
• Invoices can be professionally produced, prepared using a computer and desktop
publishing software, typewritten, or even prepared manually
• Often the most difficult aspect of a fraudulent billing scheme is getting the fake invoice
approved and paid. To do so the perpetrator can
• Approve the bill himself
• Sneak the bill past an inattentive, trusting, or “rubber stamp” manager
• Create false supporting documents such as voucher packages
• Check for fraudulent goods or services received and deposited in the fictitious company’s
checking account
2. Pass-through Billing Scheme
• Perpetrator orders goods from a company she controls

• Her company orders goods from a legitimate supplier at market prices
• She sells these goods to her employer at inflated prices
The fraud occurs when the victimized company is buying the goods it needs from an
unauthorized vendor at inflated prices.
The perpetrator’s gain comes from profit from the inflated prices that are instituted while acting
as an unauthorized middle man in a necessary company transaction.
3. Pay and Return Scheme
In this scheme the perpetrator intentionally makes an error in vendor payment:

• Over pay or make double payments, request a check from the vendor for the excess, and
steal the check when it comes in.
• Pay the wrong vendor by putting vendor checks in the wrong envelopes, call them to
explain the mistake, ask them to return the checks, steal the check when it is returned.
Support documents are run through the A/P system a second time; new checks are sent to the
correct vendors.
4. Have Company Pay for Personal Purchases
• Run the unauthorized invoice for a personal purchase through the A/P system. If the
perpetrator cannot approve the purchase, create a false purchase requisition or purchase
order to make the purchase appear legitimate, or alter existing purchase order and have
accomplice in receiving remove the excess merchandise.
• Have company order personal items or merchandise. Intercept the goods when they are
delivered, or deliver to home address or some other address, such as a spouse’s business.

15
Sec. 3
• Make personal purchases on company credit cards.
In all approaches the perpetrator either keeps the purchases for personal use or turns the purchase
into cash (or credit card refund) by returning the merchandise
CONVERT
Conversion is fairly simple in false billing frauds:

• Most common approach: Cash company check or deposit it in personal or shell company
checking account
• Use personal items, sell them to others, or return them for cash or credit card refunds
CONCEAL
Concealing billing fraud is easier because the perpetrator does not have to:
• Conceal removing cash or inventory from company premises
• Company mails him a check
Concealment is harder in that creating a vendor company requires the fraudster to:
• File or forge articles of incorporation
• Obtain name, mailing address, phone number
• Open bank account and deposit and withdraw $
• Create and send vendor invoices
These items leave a trail, making it easier to find the perpetrator when the fraud is detected and
the shell company is identified.
Depending on the scheme and the controls, the perpetrator may:

• Falsify or alter Purchase Requisition, Purchase Order, Receiving Report, or Vendor
Invoice
• Fool or force transaction authorizer or forge authorization
• Intercept returned check (in a pay & return fraud)
• Submit invoices for personal items
CATCH FALSE BILLING FRAUD
Red flags that are present when a false billing fraud occurs include:
• Unexplained rise in services performed (services paid for but never performed)
• Payments to unapproved vendors
• Invoices approved without supporting documents
• Falsified or altered voucher documents. For example, altering a purchase order after it is
approved
• Inflated prices on goods purchased or unnecessary goods or services are ordered
• Payments to an entity controlled by an employee
• Multiple payments for the same invoice or over payments on an invoice
• Invoices frequently overpaid
• Unnecessary goods or services are ordered

16
Sec. 3
• Purchase orders altered after approval
• Personal purchases with company credit cards or charge accounts
• Excessive goods returned to vendors; full payment not received for items returned
• Rise in cost of goods sold or a decrease in profit margins
• Vendor with a PO box address (many PO box addresses are legitimate, but a smart
fraudster will use a PO box or address of someone else rather than his home address)
• A delivery address other than a valid company address (Perpetrators may have the goods
they ordered delivered directly to their homes rather than to the company)
CATCH FICTITIOUS VENDORS
Vendor verification and complaints:

• Verify that all vendors are on approved vendor list
• Verify legitimacy of all new vendors added to list
• Verify no vendors have names similar to company name
• Determine who recommended vendor, authorized purchases
• Follow up on unexplained vendor changes, especially if they correlate to employee
changes or turnover
• Determine if vendor prices are higher than other vendors or the industry average
• Analyze vendor purchases for abnormal levels on a monthly and yearly basis. Scrutinize
purchases where price comparisons were not conducted
• Follow-up on all vendor complaints. Talk to vendors about any mistakes in payments and
find out who called them. Contact vendors to confirm purchases
To identify who set up the false company, search through the following:
• Bank records
• Public records: certificate of incorporation, business's tax identification number, etc.
• Commercial databases: names, addresses, phone numbers of person who owns vendor
• Employee data. Compare lists, and if there is no match, try spouses of employees (wife’s
maiden name often used) and relatives data
Test the vendor addresses and phone numbers:

• Are PO boxes, residential addresses valid vendor addresses?
• Is the delivery address a known vendor address?
• Is the invoice address the same as employee addresses?
• Do invoice phone and fax number match the vendor address?
• Trace phone #’s with a reverse phone book (look up number, find name that goes with it).
• Check with the post office to determine if the address is commercial or residential
Make use of bank information:

• Review canceled checks for bank account number and who endorsed the checks.
Subpoena bank records if necessary.
• Review bank surveillance films: see who deposits the checks.
• Instruct the company's bank not to cash checks payable to the company unless they are
deposited into the company’s account.
• Track excess payment checks using bank account information and the endorsement on

17
Sec. 3
the back of returned checks.
Other tactics to consider:

• Let a bill become past due; see who follows up
• Look for overpayment patterns and determine if one employee is consistently involved
• Review accounts payable records for duplicate payments and duplicate invoice numbers
CATCH FAKE INVOICES, SUPPORT DOCUMENTS
Carefully examine documents, looking for:

• Invoices not prepared/printed professionally
• Invoices that lack details (phone or fax number, invoice number, tax ID number)
• Invoices for items not normally purchased
• Invoices for items with atypical prices
• Invoices payable to individuals
• Unfolded invoices (did not come in the mail)
• Erasures or other tampering with purchase orders, requisitions, receiving reports
• Purchase orders, requisitions, or invoices with consecutive sequential numbers
• Purchase of non-required services, goods
Compare invoice data with other company data:

• Consecutive invoice numbers from same vendor
• Quantities inconsistent with company operations
• Compare invoice prices to purchase order prices
• Vendor not on approved vendor list
• Look for vendor-employee pattern in purchases
Contact vendors to confirm purchases.
Educate employees on detecting fraudulent documents.
CATCH PASS-THROUGH SCHEMES
• Review books, records for unknown, out-of-state companies

• Verify the legitimacy of all new vendors
• Cross-check addresses of vendors with employees
• Scrutinize purchases where price comparisons were not conducted
• Trace account information on the back of returned checks
• Follow-up on all vendor complaints
• Any unexplained vendor changes, especially if correlated to employee change/turnover
• Look for a rise in the cost of goods sold or decrease in profit margins
• Are prices from a vendor higher than for other vendors or than the industry average?
CATCH PAY-AND-RETURN SCHEMES

• Talk to vendors about any mistakes, find out who called the vendor
• Track excess payment checks using bank account info and endorsement on back of

18
Sec. 3
returned check
• Photocopy all incoming checks when the mail is opened
• Instruct the company's bank not to cash checks payable to the company (deposit only)
• Research any vendors with names similar to the company
• Compare invoices to A/P and confirm them with the vendor
• Look for overpayment patterns; is one employee consistently involved?
• Compare invoice prices to PO prices
• Look for duplicate payments
• Review A/P records for duplicate invoice numbers
CATCH FALSE CREDIT CARD PURCHASES

• Reviews all credit card statements; compare with employee expense vouchers for
duplications
• Limit spending amounts and the locations where credit cards can be used
• Obtain credit card receipts for signatures
• Correlate items purchased to business functions
• Look for unexplained rise in credit card purchases or rise in expenditures tied to certain
individual(s)
• Compare actual expenses to budgeted expenses
• Monitor changes in cardholder's lifestyle
• Have card users explain and support charges before credit card accounts are paid
• Separate reconciling statement from signature authority
CONTROL FALSE BILLING FRAUD
To control false billing fraud, implement the following controls:

• Segregate the duties of requesting a purchase, the actual purchasing, authorizing
purchases, receiving the goods or services, authorizing payments, and making vendor
payments
• Require appropriate documentation on all transactions.
o For example: Use pre-numbered, multi-copy purchase orders, receiving reports, etc.
• Makes sure all documents are properly filled out
• Periodically account for the numerical sequence of all documents
• Periodically review all documentation for completeness and accuracy
• Require appropriate supervisory approvals on all purchase orders, cash disbursements,
write-offs, credit memos, etc. If appropriate, require multiple-level approval
• Keep a list of approved vendors and only purchase goods from approved vendors
• Control the vendor approval process so that the person buying the goods or services (and
others in a position to commit fraud) cannot approve a vendor
• Immediately log in all receipts of goods and fill out the appropriate receiving reports to
avoid losing merchandise
• Match the data on purchase orders, receiving reports, and vendor invoices before making
payments to vendors. Investigate all unmatched documents for appropriateness
• Deface or mark paid the invoices and supporting documents used to make disbursements
so that they cannot be used again
• Match the record of goods returned to vendors to the appropriate vendor credit memo

19
Sec. 3
• Use a competitive bidding process to make sure that the vendors with the best
combination of quality and price are consistently selected
• Periodically review payment coding for abnormal descriptions
• To control company credit cards:
o Restrict access and usage of company credit cards to those with a specific need
o Limit spending amounts and the locations where credit cards can be used
o Have card users explain and support charges before credit card accounts are paid
o Examine all credit card statements and have all purchases reviewed for post-purchase
approval by someone other than the person making the purchases
o Separate reconciling credit card statements from signature authority over the card
• Teach employees how to detect fraudulent documents
EXPENSE REIMBURSEMENT FRAUDS
• Theft by falsifying expense reimbursements

• Often perpetrated by high level employees
• Losses are usually small, undiscovered long-term frauds can grow quite large
• Can be very difficult to detect
COMMIT
There are several ways to commit expense reimbursement fraud:
Submit a personal expense for reimbursement and claim it was a business expense:
• Largest type of reimbursement fraud and often perpetrated by high level employees,
owners, and officers
• Oftentimes perpetrator has authority over accounts from which expenses are reimbursed,
making the frauds particularly hard to detect
o Examples:
Claiming personal travel as a business trip
Listing dinner with friend as business development
Overstate the cost of actual business expenses:

• Doctoring receipts or supporting documentation
• Erasing a number and replace it with another
• Using white out
• Doctor receipt and photo copy it, as the alterations are less noticeable on the copy
• Over purchase and return excess for a refund
o Example: Buy expensive and inexpensive airline ticket, use inexpensive one, turn
in the expensive one for reimbursement, get refund on expensive ticket or use for
personal travel
• Submit expense item paid for by someone else
o Example: Client takes you to lunch, you turn in lunch receipt as if you had paid
for it
Inflate legitimate expenses of another employee and skim the excess or split it with the

20
Sec. 3
employee.
Make up or invent a completely fictitious business expense and submit it:

• Create bogus support documents, such as false receipts. Simple task in today’s world of
desktop publishing, similar computer tools
• Submit blank receipts from legitimate suppliers
• Some perpetrators steal stacks of blank receipts - many are caught because they turned in
consecutively numbered receipts
Submit an expense item multiple times:

• Often accomplished by submitting several types of support for same expense
• Submit actual receipt soon after the expense occurred, submit credit card statement or
receipts a month or so later OR submit a copy of the receipt and later submit the original
CONVERT
• Cash check for non-existent or inflated expenses

• Have reimbursement electronically deposited to bank account
• Receive credits on credit card that can be used for other expenditures
• Kickbacks from an employee, customer, or vendor
CONCEAL
To make a fraudulent or unauthorized expense look like a legitimate business expense so it isn’t
questioned and therefore reimbursed:
• Submit all the paper work for a personal item
• Alter documentation to overstate the amount due
• Over purchase and submit the full receipt
• Submit forged or stolen receipts
• Submit different forms of documentation for the same expense
• Make photocopies of receipts for multiple reimbursements
• Forge an authorization signature
• Write a check to pay for an expense, submit a photocopy as support, destroy the check
CATCH EXPENSE REIMBURSEMENT FRAUDS
• Detailed expense reports not required or not filled out

• Especially serious when reimbursement is for a high level employee, owner, or officer
• Original receipts or supporting documents are not required or not submitted
• Altered receipts (whiteout, mark over)
• Reimbursements for person who controls reimbursement funds is unusually large or not
in line with other employees
• Expenses exceed historical amounts or budgets
• Submitted expense reports not same as processed ones
• Many receipts from the same vendor
• Submitted receipts are consecutively numbered

21
Sec. 3
• Frequent use of photocopied receipts
• Travel not supervised and expenses for travel not reviewed
CATCH REIMBURSEMENT FRAUD
• Thoroughly review requests before payment (amounts reasonable, original receipts are
complete, compare to employees work schedule, etc.)
• Compare expense amounts to prior periods and budget
• Regularly review and reconcile expense accounts
• Compare with historical usage, budgeted amounts
• Compare the reimbursement request to the person’s work schedule to see if they were
working or not
• Compare reimbursement amounts to those of other employees (same trip, over time)
• Look for patterns (no cents, all amounts end in 0's or 5's, many just below review point )
CONTROL REIMBURSEMENT FRAUDS
Several control procedures can reduce the risk of expense reimbursement fraud.
• Require employees to fill out a detailed expense reimbursement form. Have the
employee explain the business purpose of the activity, expense, or purchase as well as its
location, date, and time. Require documentation for all expenses except for very small
amounts.
• Require that all expense reimbursements be carefully reviewed and approved by a
supervisor before they are reimbursed.
• Require original copies of receipts and other forms of documentation, since alterations to
receipts are much less noticeable on photo copies.
There are procedures that can be used to detect fraud if it occurs. Some of the more important
tests to control for expense reimbursement fraud are:
• Thoroughly review requests for reimbursement before payment (amounts are reasonable,
original receipts are included for all items, etc.)
• In cases of airfare and overnight travel, a personal expense can sometimes be detected by
comparing the dates of employee expenses to their work and vacation dates. Business
expenses during vacation days should be examined very carefully to ensure that they are,
in fact, legitimate expenses
• Look for unusual patterns in receipts, such as all amounts being rounded to even dollars,
all dollar amounts ending in a 0 or a 5, most reimbursements amounts just below the
review point, or reimbursement documentation that is consecutively numbered
• Compare expense amounts to prior periods, budgeted amounts, and historical usage
• Regularly review and reconcile expense accounts
• Compare reimbursement amounts to those of other employees who were on the same trip.
Over time, a pattern may emerge of consistently higher expense reimbursements
PAYROLL FRAUD
Payroll fraud is the theft of company funds using the payroll system. The perpetrator submits

22
Sec. 3
fake documents, time cards, sales orders, etc. Company pays out more in salary, commissions, or
governmental benefits than necessary.
COMMIT
Ghost employee: low frequency, dollar loss, highest loss/incident. Requires 5 steps:
1. Fabricate personnel and payroll records (name, address, SS#, pay rate) and get them
entered into the payroll system:
• Done by a department manager, payroll employee (with rubber stamp manager), or
unauthorized employee (poor employee database controls)
• Don’t take terminated employee off payroll
• Intercept or delay termination notices
• Change terminated person’s address, bank account
2. Submit falsified pay documentation

• Hourly employee submits falsified time records
• Fill out a blank timecard or
• Enter start, stop times into automated system
• Submit unauthorized pay raise for salaried person
3. Authorize false timekeeping information or pay raise

• Forge supervisor’s signature
• Sneak by a “rubber stamp” supervisor
• Get supervisor’s password, authorize electronically
4. Get paycheck issued and signed

• System usually automatically cuts the check
5. Intercept or gain access to the check

• Pick up the check
• Mail check to perpetrator, accomplice, or address controlled by perpetrator (a PO Box)
• Direct deposit check to perpetrator, accomplice, or account set up in ghost employee’s
name
False commissions: highest total dollar losses, average loss per incident is lower than ghost
employees. Two ways to commit commission-based payroll fraud:
1. Fraudulently increase sales amount by:

• Creating fictitious sales
• Altering sales prices or quantities on sales documents
• Claiming the sales of other employees
2. Increase commission rate

• Perpetrator or accomplice accesses payroll data base
• Increases pay rate or salary and gets system to accept it

23
Sec. 3
False hours, pay rate, or salary: most common payroll fraud, but has the lowest loss per
incident
Overstate the number of hours worked
Falsify hours worked on timecard, get it approved:

• Forge supervisor’s signature
• Sneak by a “rubber stamp” supervisor
• Get supervisor’s password, authorize electronically
• Collude with supervisor and split ill-gotten gains
• Particularly hard to detect, as the control (the supervisor) is in on the fraud
Falsify timecard after approved by the supervisor

• Possible if supervisor does not maintain adequate control over time cards after they are
approved
Someone else enters data in the timekeeping system

• Accomplice clocks in/out for absent employee or someone who arrives late or leaves
early
Access database, increase hours
Fraudulently increase pay rate or salary

1. Perpetrator or accomplice access payroll data base
2. Increase pay rate or salary, get system to accept it
3. Much harder than reporting more hours
o But only done once, not each pay period
Workman’s Comp: lowest losses, least common

• Employee fakes an injury
• Collects payments from victim’s insurance carrier, which is primary victim of the fraud
Unauthorized, unrecorded sick or vacation time
CONVERT
• Perpetrator or accomplice cashes ghost employee or inflated check, or it is deposited in
their account
• Collect undeserved workmen’s compensation
CONCEAL
• Fabricate the necessary ghost employee personnel and payroll records, including a false
name and address
• Set up a bank account or use your own
• Forge pay documentation and authorizations
• Steal manager password for computer authorization

24
Sec. 3
• Intercept paychecks
• Do not submit termination notices, or delay them
• Change address, bank account of terminated person
• Fake injury, collude with doctor
CATCH PAYROLL FRAUDS
• Test payroll records for duplicate social security numbers, employee addresses, and bank
account numbers. Also test for similar names
• Match the number of pay checks to the number of authorized workers
• Analyze employee deductions and withholdings (ghosts don’t need insurance, pay
minimal taxes)
• Trace the names on paychecks to personnel files
• Have internal audit or someone independent of payroll conduct a surprise payroll
distribution
• Match terminated employee list to payroll register
• Review time cards: hours, authorizations, overtime (only one person getting overtime)
• Require an ID to pick up paychecks
• Review payroll records for excessive overtime
• Test: Is there a linear relationship between commission expenses and sales
• Test: does % or amount of uncollectible accounts differ substantially between salespeople
• Compare documents used to record sales and calculate commissions
• Compare employee commissions, look for outliers
• Video surveillance of time clock
• Analytical review red flags
o Number of employees paid greater than number working
o Two employees with similar names
o Employee pay rate out of authorized range
o Discrepancies in quantities and sales prices between commission calculations and
sales records
o Pattern: payments not made on fictitious sales after they are booked and commissions
are paid
• Altered sales documents
• Complaints that sales commissions are incorrect
CONTROL PAYROLL FRAUD
The following control procedures can reduce the risk of payroll fraud:
• Require all time keeping information to be authorized before an employee is paid,
especially overtime hours. Do not accept any timekeeping information that does not pass
through the supervisor responsible for authorizing it and that is not immediately
forwarded to payroll.
• Separate the duties of hiring employees, entering timekeeping information, authorizing
timekeeping information, processing payroll, authorizing payroll, distributing payroll,
transferring funds to the payroll accounts, and reconciling the payroll bank account. The
data used to calculate sales commissions should be prepared by someone independent of

25
Sec. 3
the sales department.
• Where automated timekeeping systems are used, have a supervisor present at the
beginning and the end of shifts to ensure that an employee does not clock anyone else in
or out of the system.
• Stringent access controls (few people with closely guarded passwords allowed to make
changes, all changes reviewed and authorized, changes only made from specific terminals
during business hours, etc.) should be placed over the payroll data base so unauthorized
employees cannot add ghost employees or make changes to their hours, pay rates, salary,
or commissions.
• Install an automated time keeping system that requires an employee ID card or some
other physical form of identification. This makes it much more difficult to perpetrate
fraud since a false ID must be obtained and the perpetrator must be present to log the
ghost employee in and out of the system every day. It would also require employees to
give their ID to someone else in order for them to check them in or out of the
timekeeping system.
• Pay all employees out of a separate payroll account that uses pre-numbered checks in
sequence. Restrict access to unused checks and check signing machines.
The following procedures can be used to detect fraud if it occurs:

• Analyze employee deductions, withholdings (ghosts don’t need insurance and pay
minimal taxes).
• Compare the number of pay checks to the number of authorized workers.
• Trace the names on all paychecks to personnel files to make sure that those persons
receiving paychecks actually work for the company.
• Compare a list of terminated employees to the current payroll register.
• Have internal audit or someone independent of payroll conduct a surprise payroll
distribution.
• Require an ID to pick up paychecks.
• Analyze direct deposits. Determine if two or more paychecks are deposited in the same
bank account. Analyze addresses of mailed paychecks to see if two or more paychecks
are sent to the same address. Test payroll records for duplicate social security numbers
and similar names.
• Review time cards, examining the hours worked, management authorizations, and
overtime
• Review payroll records for excessive overtime, especially for one or a few people or
when only one person works overtime and others do not.
• Test to determine if there is a linear relationship between commission expenses and sales.
• Examine employee commissions, looking for inordinately high ones that could signal
fraud
• See if the percentage or the amount of uncollectible accounts differs substantially
between salespeople.
• Compare time cards and production reports to payroll distribution reports and
productions schedules looking for items that do not match.
• Compare the documents used to record sales and to calculate commissions to make sure
they are the same and not altered to increase commission amounts.
• Utilize video surveillance of all time clocks.

26
Sec. 3
REGISTER DISBURSEMENT FRAUDS
In register disbursement frauds, the perpetrator:

• Uses cash register to create a fake disbursement to conceal money removed from the
register
• Money removed is recorded on the cash register tape
This is the least common type of disbursement fraud.
Most register disbursement frauds:

• Are not large in amount, though they can be
• A $100,000 register fraud reported to ACFE
• Occur in the retail industry
Two main register disbursement frauds are:

• False refunds
• False voids
COMMIT: Fictitious Refunds and False Voids
There are two ways to perpetrate a fictitious refund:

1. Enter fictitious return and take the cash or issue credit to your own or accomplice’s credit
card
2. Overstate the amount of a legitimate refund and skim the excess money
To perpetrate a false void fraud, an employee:

• Withholds a customer’s receipt or
• Uses one that a customer does not want
• Rings up the void
• Takes the appropriate amount of money
• Attaches the void slip to the receipt
• Gets the void approved by:
• Forges manager’s initials or signature
• Waits until things are so busy the manager does not have time to pay attention to the void
• Waits until a manager is on duty that does not pay attention to what employee is doing
In both cases:
• Cash register tape and cash are in agreement
• Inventory is overstated, as no merchandise was returned to place back on the shelf
CONVERT
• Stolen cash: no conversion is needed
• Credit card: balance reduced, or money spent using card
CONCEAL

27
Sec. 3
There are three concealment problems:
First, getting the possession of cash without being seen:

• Remove cash from register when no one is looking and hide somewhere in clothing
• Process refund to own or accomplice credit card
• It is easier to steal money if you are not caught in the act or with the money on you
• There is still a trail that investigators can follow
Second, conceal the fact that no inventory was returned:

• No good or easy way to conceal overstatement
• Rely on store writing the loss off to shrinkage
• If perpetrator tries to conceal shortages, will use one of the methods discussed later
Third, the amount taken is so large that it is noticeable:

• Keep amount taken below an approval limit
• Collude with manager, split amount taken
• Destroy records, such as cash register tapes
CATCH REGISTER DISBURSEMENT

• Employee with unusual number or dollar value of voids or refunds
• If same manager always approves, might indicate collusion
• Unusual credit card returns
• Too many, same amount, or too many to one account
• Inadequate or no management approvals of voids or refunds
• Many refunds just under the review amount
• Inventory shrinkage larger than usual or rising
• Multiple cashiers and/or refund clerks operate from a single cash drawer without separate
access codes
• Register employees have authority to void their own transactions
• Cashiers have access to control keys used to authorize refunds or voids
• Missing or altered register tapes or documents
• Voids without customer receipts or documentation
The following procedures can be used to detect register disbursement fraud if it occurs:
• Analyze voids and refunds by employee, credit card number, and amount looking for
unusual numbers, amounts or patterns
• Review register refunds and voids and their supporting documentation
• Look for unusual items like many that are just below the review limit or that do not have
proper documentation or authorization
• Analyze the amount of shrinkage (overstated inventory) and shrinkage trends, especially
for products for which refunds were granted
• Examine the procedures for authorizing voids and returns
• Ensure that they can’t be processed without approval
• Call a sample of customers who return merchandise to test the legitimacy of the return or
the void
• Periodically inspect register tapes and cash registers for physical evidence of tampering

28
Sec. 3
Scrutinize all handwritten refunds and voids
amount of money that they have stolen
• Oftentimes employees will put money in the register even though they do not ring up the
sale so that customers do not get suspicious
• When they do, they need to keep track of how much money they have not rung up
• To do so, they often place a marker (such as a penny for $1, a nickel for $5, etc.)
somewhere near the register so they know how much money to remove from the register
when they are not observed
• Conduct periodic unannounced surprise cash counts
• Take frequent physical counts of inventory on hand and reconcile those counts with the
inventory records to spot high shrinkage
• Monitor the lifestyle changes of all employees handling refunds and voids
• Set up a customer hot line so unethical conduct can be reported
• Look for illogical entries used to balance the books or unexplained or unsupported (no
source documents) entries to perpetual records that might hide inventory theft
CONTROL REGISTER DISBURSEMENT FRAUDS
The following control procedures can reduce the risk of register disbursement frauds:
• Do not let refunds or voids be processed without proper and careful approval
• Separate the following duties:
o Processing refunds and voids and authorizing them
o Handling all cash receipts (someone other than cash register clerks)
• Separate the following cash handling duties: cash receipts, cash counts, bank deposits,
deposit receipt reconciliation, posting of deposits, and cash disbursements
• Do not let clerks have access to the control keys needed to authorize a refund or void
• Make the customer a part of the internal control system by posting signs in the register
area letting customers know that they should ask for and examine their receipts
• Use cash registers with internal tapes that the employee cannot manipulate and that
requires a manager to insert a key before a void or refund can be processed
• This gives the manager a chance to see the customer that is getting the refund or the void
• Do not allow multiple cashiers and refund clerks to operate from a single cash drawer
o If they do, require separate access codes for each of them
• On a daily basis, at the end of every employee’s shift, reconcile the returns shown on the
register tape with the actual merchandise returned
• If this “matching” took place, the employee would have to go into the store, get
inventory, and place it among the returned items for the two to match. This is likely to be
noticed
• Require customers to show their receipts at the door as they leave
• The person checking the receipt should verify that the receipts and goods agree
• Cluster cash registers (including those used for refunds) to enhance the visibility of
transactions
• Use an elevated supervisor station manned by a manager, and use video surveillance
• Make hiding the theft of cash difficult by using techniques such as:
• Close supervision

29
Sec. 3
• Video surveillance of rooms where employees store personal belongings
• Not having pockets in employee uniforms
• Monitor each register and employee for the number and amount of refund and void
transactions
• On a daily basis, account for all sequentially numbered refund and void forms
• Take out bond insurance on all employees handling refunds and voids
• Spot-check the authenticity of customer refunds and voids
THEFT AND MISUSE OF ASSETS

Two ways employees misappropriate company assets:
1. Stealing assets with no intention of ever returning it. Non-cash assets that are typically
stolen or misused:
o Supplies (most frequently stolen)
o Inventory (greatest losses, financial impact)
o Tools and equipment
o Raw materials
o Computers and other office equipment
o Telephone (long distance, etc.)
o Company cars
o Time
o Information
2. Borrow, use asset in a way that was not intended. Many inventory frauds start with
borrowing assets. When asset is not missed, employee realizes he will not get caught and
borrowing turns into theft. As a result, asset misuse is not a harmless crime
Common practice is using company computers, office supplies, etc. to run a personal business.
Employee, using employer’s computers and resources, often is a direct competitor to employer.
THEFT OF ASSETS OTHER THAN CASH
Most assets thefts committed are by people with access to the assets, such as warehouse,
inventory, shipping, receiving, and delivery personnel.
COMMIT
• Easiest way is to make no attempt to hide the theft, simply walk off with the asset
• Ship or receive short, set goods aside to steal later
• Discard the asset as scrap, then sell it
• Create a false asset movement document, steal asset while in transit
• Steal when it is transferred between buildings
• Fake a shipment
• Fake sale to accomplice, fake person or company
• Pick up asset without worrying about security, management, co-workers, or other
observers
• After-hours theft

30
Sec. 3
• Overstate work orders or requisitions (or create fictitious ones), steal excess
• Mark goods as defective and then steal them
• Collude with outsiders to fake a sale. For example, employee acts like they are ringing
up the goods, but they aren’t. Accomplice may later exchange the goods for cash
CONVERT
Stealing assets is one of the less convenient ways to perpetrate fraud. Stolen items usually have
to be converted to cash before the perpetrator can benefit from the crime.
Ways a perpetrators can convert a stolen asset:

• Sell to competitors or other companies
• Use it in a personal business
• Return the stolen goods for credit
• Use the asset personally
• Give the asset away as a gift
CONCEAL
• Perpetrators often make no attempt to conceal
• Fake journal entries to adjust inventory records
• Misstate inventory counts to cover the amount stolen
• Write assets off as obsolete
• Sell assets or inventory to accomplice as scrap
• Charge missing inventory off to a large or soon to be written off A/R
• Allow receivable for false sale to go unpaid until it is written off or removed from the
books
• Steal sales documents before customer is billed
• Pad inventory amounts to show more inventory on hand than there is
• Empty boxes scattered among full boxes
• Boxes partially filled
• Stacks of boxes with hollow middles
• Alter documents, such as sending inventory a false receiving report, A/P a correct one
• Create false documents (transfer, movement, PO, packing, shipping, receiving, sales, etc.)
• Intentionally overstating goods needed on work orders or requisitions
• Classify goods as defective and sell at a discount
• Use computer to disguise asset request origination so the request cannot be traced to them
CATCH NON-CASH ASSET THEFT

• Persistent inventory shortages
• Abnormal or unusual amounts of shrinkage
• Missing tools or other physical assets
• Poor physical access or movement controls
• Employees have the ability to remove assets from the premises without appropriate
documentation
• Excessive number of short shipments or receipts
• Goods unattended after shipment prepared or received

31
Sec. 3
• Scrap exceeds expected amounts, amount rising
• Fraudulent or altered documents (packing, shipping, receiving, moving, requisition, etc.)
• Shortages when goods are moved or transferred
• Unnecessary transfer requests are made
• Rising trend of customers who never pay for merchandise
• Employee who frequently visits company sites after business hours
• Material usage is higher than established standards, or than what is used by other workers
• Vendor invoices do not match receiving reports
• Documents do not agree (receiving reports in A/P & Receiving are different)
• Documents do not agree with journals or ledgers
• Unexplained entries in the perpetual inventory records
• Missing documents (no sales document that matches a shipping document, or vice versa)
• Fraudulent or altered documents (packing, shipping, receiving, moving, requisition, etc.)
CONTROL ASSET THEFT
To reduce the risk of inventory and other asset theft:

• The following physical access controls should be used:
o Restricting access to inventory
o Locking buildings and rooms
o Armed guards and security personnel
o Employee ID’s
o Monitoring who has keys or electronic access codes and when employees are allowed
access. Inventory theft is often perpetrated by authorized people (they have keys or
access codes to doors) at unauthorized times (at night or on holidays or weekends)
• Appropriate electronic surveillance devices, such as video cameras, should be used
• The following pre-numbered documents should be used to control inventory: purchase
requisitions, purchase orders, receiving reports, raw material requisitions, job cost sheets,
shipping documents, and sales invoices
• The following duties should be segregated, with different people performing the
functions: requisition of inventory, purchase of inventory, receipt of inventory,
disbursement of inventory, custody of inventory, physical counts of inventory,
conversion of inventory to scrap, and cash receipts when scrap is disposed of
• Fill out a receiving report for all goods received by the company. The quantity received
should be matched to the quantity ordered and to the vendor shipping documents so that
all goods shipped by the vendor are received. A copy of this receiving report should
accompany the goods to the inventory stores department, where the goods should be
recounted to make sure that no goods are lost between their receipt and their storage
• Both the receiving department and the inventory stores department should acknowledge
the transfer of goods from the receiving dock into inventory. Similarly, the release of
inventory into production should be acknowledged by both the inventory stores and the
production departments. This documentation provides the necessary information for
establishing responsibility for any shortages, thereby encouraging employees to take
special care to record all inventory movements accurately
• Inventory should be released to shipping employees based only on approved sales orders
or raw materials requisitions. In addition, both warehouse and shipping or production

32
Sec. 3
employees should sign the document accompanying the goods (or make the appropriate
acknowledgment of the transfer on-line) at the time the goods are transferred from
inventory to shipping or production. This procedure facilitates tracking the cause of any
inventory shortages. In addition, such accountability encourages employees to prepare
and maintain accurate records
• All inventory transfers within the company should be documented using standard, pre-
numbered forms. Goods that are awaiting transfer or shipment or that have just been
received should not be left unattended
• It is important to take frequent physical counts of inventory on hand and to reconcile
those counts with the inventory records. If all goods cannot be counted frequently, the
most critical items should be counted most frequently, and the least critical items counted
less often. All items should be double counted to prevent padding the inventory to hide a
theft. It is also important to carefully conduct the count to detect such tricks as empty or
partially filled boxes and hollow middles
• Employees responsible for the custody of inventory should be held accountable for any
shortages
• Analyze short shipments or receipts to determine if an employee is involved with an
inordinate number of them. For such employees, periodically observe and/or control the
handling of short receipts or shipments
• Look for illogical entries used to balance the books or unexplained or unsupported (no
source documents) entries to perpetual records that might hide inventory theft
• Examine all document copies for consistency; examine all companion documents
(purchase orders, receiving reports, vendor invoices) to make sure they match and are
consistent
• Periodically examine company documents and: look for ones that are fake or altered,
search for missing documents by accounting for their numerical sequence, and compare
the various copies of a document for consistency
• For each item produced, establish standard quantities for raw materials and supplies so
that an employee cannot order excess materials and walk off with them
• Establish clear criteria for scrapping raw materials, work in process, and finished goods
or for declaring them as defective. Require a person independent of the production or
selling function to authorize all scrap and to designate items as being defective
• Periodically compare customer and vendor addresses to those of employees to prevent
employees from shipping goods to themselves. Also scan the addresses for unusual ones,
such as a business address in a residential area
• Review log of afterhours visits by employees to the company looking people that visit too
frequently or have an unusual visiting pattern
• Set up a fraud hotline. In many asset thefts, someone in the organization knows about the
theft but is afraid to let anyone know about it. Their fear or reluctance might stem from:
the stigma attached to “squealers,” fear of losing their job, threats or other intimidation by
the thief, a sense of loyalty or duty to the co-worker, a management vs. labor mentality,
poor channels of communication, or any other number of reasons. Many of these things
can be overcome if the employee can make an anonymous phone call to report the theft
There are many different analytical procedures that can be used to control for fraud and detect it
if it occurs. Some of the more important tests to control for the theft of assets are:

33
Sec. 3
• Cost of goods sold as a percentage of sales is rising and there are no changes to purchase
prices, quantities purchased or quality of goods
• Abnormal/unusual relationships between Sales, Cost of sales, gross margin, inventory,
A/R
• Persistent or rising inventory shortages
• Scrap or shrinkage as a percentage of inventory is high or rising
• Defective goods produced as a percentage of inventory is high or rising
• Percentage or number of orders shipped or received short is high or rising
• Percentage or number of customer accounts written off is high or rising
• Percentage or number of sales returns and allowances is high or rising
• Employee materials usage higher than standard or high in relation to other employees
• Match vendor addresses to employee addresses

34
Sec. 3
FINANCIAL STATEMENT FRAUD SCHEMES
Fictitious revenue:
Recording unearned, fictitious or misclassified revenue
Timing differences:
Prematurely recognizing genuine transactions
Recognizing consigned goods as sales
Bill and Hold schemes:

Billing customers for items not yet shipped
Fraudulent asset valuation/Asset Theft:

Overstating inventory or some other asset
Related party sham transactions:

Dealing with companies you own or control, allowing you to be both buyer and seller
Concealed liabilities and losses:

Understated or unrecorded liabilities
Concealed or fabricated expenses:

Expenses are unrecorded or misclassified, improperly capitalized, depreciated, amortized,
deferred, or fabricated
Reserves and Restructuring charges:

Reserve excess one-time charges; later inflate profits by using up the excess reserves rather
than reporting certain expenses
Pension Funds Estimates
Disclosure Failures:
Failure to disclose material facts not covered in the financial statements
All of these methods can be employed independently or together, and can involve the use of an
undisclosed related party relationship and “less than arm’s length” transactions. The use of a
related party transaction aids in the concealment and commission of the fraud.
FICTITIOUS REVENUES
COSO study of Fraudulent Financial Statements found that 50% of FFS fraud is due to
overstating revenues.
The most frequent way to cook books is to inflate revenues. Increasing revenues, without a
corresponding increase in expenses, drops the full amount of the inflated revenues to the bottom

35
Sec. 3
line - net income.
The most common fictitious revenues come from book bogus sales (debit A/R, credit sales).
This overstates assets, revenue, and income.
Creating fictitious revenues is easy. It is much more difficult to cover them up.
Three common ways to create fictitious revenues:

1. Fictitious Journal Entries
2. Fictitious sales to existing customers
3. Fictitious sales to fake customers
1. FICTITIOUS JOURNAL ENTRIES.
COMMIT: Record JE: Debit: A/R

Credit: Sales
CONCEAL:
Sometimes perpetrators do not conceal fraud due to a lack of controls:

• Perpetrator controls all transaction aspects (custody, recording, authorization)
• General, subsidiary ledgers not reconciled
• Poor supervision of the perpetrator
CATCH: Use cover-up challenges to detect fraud:

• Fake A/R: not collected, on books until reversed.
o Entry, reversal may be obvious if books examined
o A/R ratios decline (turnover, days sales is A/R, etc.)
• Fake Sales: closed out at year end to Income Statement
o Sales related ratios often distorted
• No inventory adjustment: Dr: Cost of Goods Sold
Cr: Inventory
o C of GS, inventory ratios distorted
o No inventory shipments for bogus sales
• G/L, Sales J, A/R detail don’t agree
o Should be picked up when books examined
• May not be any supporting documentation (sales invoices, shipping documents, etc.)
o Missing, altered, forged documents are clues
2. FICTITIOUS SALES TO EXISTING CUSTOMERS
COMMIT: Create fake supporting documentation (sales invoices, shipping documents) for
bogus sale.

36
Sec. 3
Concealment Challenge: CONCEAL
Fictitious sales may be uncovered • Use difficult-to-confirm customers or contracts
during A/R confirmations or reviews • “Pay” major customer/contractor to provide false
of government contracts. confirmations
Over time, customer balances rise • Remove false sales with credit memos, write offs, etc.
because fictitious sales are never • Use other funds to pay off receivables (ZZZZ Best)
collected.
Customer notices false billings on Perpetrators alter or intercept monthly statements.
monthly statement
End-of-quarter sales often subject to Record false sales earlier in quarter
close scrutiny
Large or unusual transactions are • Avoid undue attention; make fictitious sales look like
subject to close scrutiny real sales
• Avoid anything too large, unusual
• Use more, smaller, less material transactions
3. FICTITIOUS SALES TO FAKE CUSTOMERS
COMMIT: Create fake customers and “sell” them goods. Phony supporting documents are
sometimes prepared
This type of fraud has all of the same risks of false sales to real customers.
The perpetrator uses the same cover-up techniques. In addition, they face the following:
Concealment Challenge: CONCEAL

Creating customer names not • Avoid unusual names no one has ever heard of
likely to be spotted as fakes • Use names that do not draw attention, sound like real
companies
Creating fake customer addresses • Post office box
• Employee home address
• Phony address
• Valid address from phone book
TIMING DIFFERENCES
GAAP: Companies should recognize revenue when the earnings process is complete and
ownership rights (unrestricted use, risk of loss, title, ownership, liabilities) pass from seller to
buyer.

37
Sec. 3
Companies report activities in fiscal years (4 quarters), match revenues and expenses, and report
in the same period. Companies can manage earnings with different tactics:
• Play with lines between quarters and years
• Report revenues, expenses in wrong period
• Recognize revenues before fully earned.
This method is called cut-off, or timing differences, fraud.

Types of cut-off, or timing difference, fraud:
1. Hold the books open
2. Close the books early
3. Stuff the channel
4. Record revenue when services are still due
5. Recognize revenue before the sale is final
6. Legally managing earnings
1. HOLD THE BOOKS OPEN
The most frequent cut-off fraud consists of recognizing future sales in current reporting period.
The company holds the books open long enough to meet sales or profitability goals.
Example: Company in Boca Raton, Florida stopped time clocks at 11:45 am on last day of
each quarter and time-stamped enough shipments to meet quarterly sales targets. Then the clock
was restarted. Auditors were fortunate the company did not try to cover up the fraud - with so
many shipments stamped with the same date and time, it was not too hard to uncover the scheme
2. CLOSE THE BOOKS EARLY
Closing the books early pushes current expenses to the next period. Companies hold unpaid bills
(and often hide unpaid invoices) and don’t record returns/allowances until later
The tactics to Hold Books Open and Close Books Early are often used together (hold the books
open for revenues and close them early for expenses).
3. STUFF THE CHANNEL
Stuff the channel is also called trade loading or borrowing from next quarter's sales.
Revenue recognition has always been a murky area of accounting. It is hard to define many
complex components of revenue or determine when to recognize revenue.
Example: Altera and Xilinx

• Chip maker Altera recognizes revenue when product is shipped. Competitor Xilinx does
not recognize revenues until distributors sell products
• Which revenue recognition method is correct depends on how you interpret accounting
rules

38
Sec. 3
o GAAP: recognize revenue when transaction risk is removed and returns can be
estimated “reasonably.”
Most conservative approach: wait until distributors sell their products.
Less conservative: when goods shipped to distributors because it is more
prone to manipulation, earnings management
Trade loading usually occurs at quarter’s end, when sales/revenue falls, in order to help earnings
look better than they really are. The company motivates or forces customers/distributors to
accept more product than they need or want. Customers/distributors lose nothing; the profit
occurs when a company is desperate to reach a sales goal so the company offers discounts,
guaranteed returns, rebates (if prices fall before the products are sold), and/or cash advances
against future sales.
Often the fact that stuffing the channel has occurred becomes unclear when using legitimate sales
incentives crosses the line; then it becomes fraud. It is easier to determine when it is not
accidental (when the company has fraud in mind):
• Illegal sales incentives used
• Ship unordered goods near period end
4. RECORD REVENUE WHEN SERVICES ARE STILL DUE
• GAAP: recognize revenue as services are rendered.

• Can recognize revenues prematurely:
o Include refundable deposits, services paid in advance as revenue
o Ignore or misapply percentage-of-completion methods of recognizing revenues.
Example: Some people criticize Verisign, which registers domain names, for prematurely
booking revenue.
• When Verisign sells a domain name they ask if you want to renew the name for another
year.
• Even when people say no, Verisign still books the next year's fee as deferred revenue for
half of those people, assuming they will come back.
5. RECOGNIZE REVENUE BEFORE SALE IS FINAL
Several different ways to recognize revenue before a sale is final:

1. Book sale while customer can still void, delay it
2. Include goods on consignment
3. Recognize revenue before sales contracts finalized
4. Ship goods to private warehouses, include in sales
Example: Miniscribe shipped bricks to a warehouse and recorded them as sales of hard drives.
Example: U.S. Surgical Corp overstated income of $2 million by including in sales the goods
that were on consignment to its dealers, salespeople, and certain foreign entities.

39
Sec. 3
6. “LEGALLY” MANAGING EARNINGS
A company can legally manage earnings by timing expenses:

• Defer scheduled and routine equipment maintenance to lower expenses and increase
current income. This is usually not in company’s best long-term interests
• GAAP: requires companies to write down the value of obsolete inventory. However, the
decision as to when to record obsolescence is somewhat subjective. Companies can defer
the loss recognition until the next reporting period to prop up current earnings
CATCHING FICTITIOUS REVENUES AND TIMING DIFFERENCES
Use this checklist to evaluate the risk that fictitious revenues and timing differences are being
used to overstate financial statements. More “yes” answers mean greater risk.
• Does the company have a history of using aggressive or shaky accounting practices?
• Are there any indications that management is overriding internal controls?
• Is management compensation substantially determined by company revenues or sales?
• Are duties inadequately segregated among order entry, shipping, billing, A/R detail, and
general ledger?
• Does one employee process the same transaction from beginning to end?
• Do cut-off tests or confirmations reveal invoices recorded in the wrong period or
unrecorded sales returns and allowances?
• Near the end of the reporting period were there any:
o Unusually large sales or other transactions affecting revenue?
o Sales with unusual or extremely favorable conditions?
o Material, unsupported revenue entries in the sales journal?
• Have there been substantial sales reversed at the beginning of a new reporting period?
• In comparison to previous periods
o Have sales increased materially?
o Have cost of sales decreased significantly?
o Is the ratio of credit sales to cash sales growing?
o Has cash decreased in comparison to sales and receivables?
o Are shipping costs higher?
o Does the allowance for doubtful accounts seem appropriate?
• Were there any abnormalities in sales and shipping such as:
o Sales or shipping invoices that are out of numerical sequence?
o Discrepancies between sales and shipping documents, such as quantities of goods
shipped but not reconciling to goods billed?
o Goods being billed before they are shipped?
o Shipping goods before a sale is consummated
• With respect to Accounts Receivable:
o Is the company negotiating financing based on receivables?
o Have receivables grown significantly?
o Have receivables increased faster than sales?
o Has accounts receivable turnover slowed?

40
Sec. 3
o Are there any large past due receivable balances or large receivables from related
parties or unfamiliar sources?
o Are there any circular transactions, where collect ability depends on funds from, or
continued activity with, the client?
• Does the company delay or deny access to original records?
BILL-AND-HOLD SCHEMES
GAAP: revenue must be realized or realizable and earned. It is usually recognized when goods
are sold and delivered.
In bill-and-hold sales, delivery does not coincide with the sale:

• Customer agrees to purchase goods; seller retains possession until customer requests
shipment
• Can conform to GAAP, but it is difficult to evaluate
Often used to perpetrate FS fraud.
SAS 99 fraud risk factor: unusual and highly complex transactions that pose difficult substance
over form questions. This is a good description of bill-and-hold sales.
Example: Sunbeam
• CEO Al Dunlop instituted aggressive sales tactics, including an end-of-the-year bill-and-
hold sales campaign to sell gas grills.
• Campaign began in the fall, many months before distributors would even think about
ordering grills.
• To motivate early sales, Sunbeam offered deep discounts, six months or more to pay, very
liberal return policies, and free storage until the distributors were ready for delivery.
• The offer was too good for most distributors to refuse and sales were brisk.
• Sunbeam recognized all sales as current revenue, a clear violation of GAAP. Sunbeam
was nowhere near completing its obligations to the distributors and had little idea as to
how many of the grills would be returned.
• SEC investigated and determined that at least one-third of Sunbeam’s 1997 earnings ($62
million of a reported $189 million) were fraudulent.
• Much of the fraud was a result of the bill-and-hold schemes
CATCHING BILL-AND-HOLD FRAUDS:

• Compare current-year monthly sales to those of preceding year. Significant fluctuations
or differences can indicate bill-and-hold transactions or that fraudulent transactions were
reversed.
• Compare the ratio of monthly (weekly) shipments to sales for this year with prior year’s
looking for significant sales without corresponding shipments. It is especially important
to do this for several weeks before and after period end.
• Examine sales and shipments for the last few weeks of the reporting period to make sure
sales at the end of the period are shipped and shipments at the beginning of the quarter
are not prior quarter sales

41
Sec. 3
• Inspect sales transaction documentation, including sales orders, shipping documents, sales
invoices, and customer payment information looking for anything that might indicate bill-
and-hold practices. For example:
o Bills of lading signed and dated by company employees when they should be signed
by a shipping company employee
o Shipments to warehouses rather than customer's regular address
o Invoices with no shipping information
o Notes or instructions on any of the documents that might indicate a bill-and-hold
transaction.
• Ask management and sales, shipping, and accounting employees if the company has any
bill-and-hold sale arrangements.
• During inventory observation, be on the alert for goods billed to customers that were not
shipped or physically segregated
• Ensure that all bill-and-hold sales follow SEC guidelines
FRAUDULENT ASSET VALUATIONS/THEFT
After the various forms of revenue recognition fraud, the next most frequent type of Financial
Statement fraud is asset fraud. A 1999 Treadway Commission study showed:
• Half of FS frauds were asset misstatements
• Asset most susceptible? Inventory (often overstated)
• Many famous cases: Salad Oil Swindle, McKesson and Robbins, Crazy Eddies, Leslie
Fay, and Phar-Mor
Inventory is fraud-prone because its valuation is complex. It is also subject to theft, breakage,
and obsolescence.
Two significant problems in valuing year-end inventory:

1. Must determine inventory quantity on hand. Problems:
o Inventory may contain large number of items
o Items purchased and sold many times, at different prices
o Raw materials, work in process, finished good
o Moved between warehouses, stores, other locations
2. Must allocate cost to inventory once it is counted
o Choose costing approach (FIFO, LIFO, average cost)
o Determine appropriate unit costs for items on hand
Why is inventory fraud possible? Audit profession critics cite the following:
• Many auditors observing inventory are recent college graduates with little audit or
industry experience and are not familiar with the company being audited.
• The auditors supervising the new college graduates only have a few more years of
experience than they do. They also often lack client and industry experience.
• Audit partners and managers rarely observe inventory counts and are often unavailable to
answer questions that those observing inventory might have.
• Inexperienced auditors often do not recognize unusual items that might indicate fraud.

42
Sec. 3
When they do they may not bring them to the partner/manager’s attention.
• Little continuity of assigned staff; so often none of the auditors knows the clients
business or industry practices.
• Auditors tell companies where they will make test counts, allowing them to overstate
inventory at untested locations
• Company officials can follow auditors around and take note of the items they test count.
This makes it easy to falsify the counts of the other inventory items.
• The number of items auditors test count is way too small, making fooling the auditor
easier.
• Auditors often do not test count high value items and fail to ensure a sufficient proportion
of inventory is counted
• Auditors do not carefully examine the inventory they count. This allows management to
do things like stack empty boxes in the warehouse, make stacks look larger than they are
by having hollow middles in stacks, etc.
• Auditors sometimes do not adequately control their work papers, allowing clients to alter
them after hours
• Auditors make companies adjust for errors they find, but never consider that some errors
may indicate intentional, material, and pervasive fraud.
There are several different types of inventory fraud schemes:

1. Place fictitious inventory on the books (overstate ending inventory)
2. Alter auditor’s inventory counting
3. Capitalize expenses
4. Do not record purchases
1. Place Fictitious Inventory on the Books
Perhaps the easiest inventory fraud scheme is to put fake inventory on the books by:
• Recording false journal entries
• Embellishing count sheets
• Creating fake purchase orders and receiving reports
EXAMPLE: Saxon Industries. The SEC cited three executives for creating $75 million of
fictitious inventories. They inflated inventory by:
• Adding inventory after the physical count was completed
• Programming company’s computers to automatically add inventory
• Transferring fake inventories between divisions
How does inventory overstatement affect financial statements? Let’s look at an example:
The correct value of ending inventory is $400,000.

In the fraudulent example it is overstated by $100,000
Correct Fraudulent
+ Sales 1,000,000 1,000,000

43
Sec. 3
Beginning Inventory + 300,000 300,000
Purchases + 600,000 600,000
Ending inventory - 400,000 500,000
- Cost of Goods Sold = 500,000 400,000
= Gross Margin 500,000 600,000
By overstating ending inventory by $100,000, Gross Margin increased by that same amount.
Net income before taxes went up by same amount.
2. Alter Auditor’s Inventory Counts
• Some companies have inflated inventory by altering the auditor’s inventory test counts
after they have left for the day.
EXAMPLE: MiniScribe Corp. Over 100 employees at MiniScribe Corp, a manufacturer of

computer hard disk drives, were involved in deceiving its auditors. They used a number of
different schemes to inflate the number of disk drives in inventory
• Perhaps the most unusual was shipping bricks and claiming they were inventory in transit
• Management also broke into the auditor’s locked trunks and changed the auditor’s test
counts recorded in their working papers
3. Capitalize Expenses
Capitalizing expenses and placing them in inventory or another asset account can increase
income. This also decreases expenses.
EXAMPLE: U.S. Surgical Corp. and Barden Co. The SEC sued U.S. Surgical, charging them
with an $18.4 million overstatement of pre-tax earnings. They employed several different fraud
schemes, including falsifying vendor purchase orders.
• Vendors submitted false invoices so Surgical could decrease parts costs and capitalize
over $4 million of its costs of materials.
• Improperly capitalized over $4 million of legal costs that were recurring operating
expenses
• SEC also charged Barden Co., a supplier of surgical equipment, with sending U.S.
Surgical false invoices. This allowed U.S. Surgical to capitalize costs that should have
been expensed.
• Barden returned confirmations to U.S. Surgical’s auditors stating the false invoices were
accurate
4. Not Recording Purchases
What happens when a company using the periodic inventory method does not record a purchase
and includes the inventory in the year-end count?
EXAMPLE: $50,000 purchase not recorded

44
Sec. 3
Correct Fraudulent
+ Sales 1,000,000 1,000,000
Beginning Inventory + 300,000 300,000

Purchases + 600,000 550,000
Ending inventory - 400,000 400,000
- Cost of Goods Sold = 500,000 450,000
= Gross Margin 500,000 550,000
By not recording a $50,000 purchase, Gross Margin increased by that same amount and net
income before taxes went up by $50,000.
So, if a company wants to overstate income, they can “forget” to record purchases near the end
of a reporting period.
CATCHING INVENTORY FRAUD:

• Carefully observe inventory counts. Inasmuch as possible, avoid all the inventory
criticisms mentioned above. If inventory is a significant balance sheet item, even more
care must be taken to ensure that inventory is correct. When observing the count:
o Focus on high value items so there is sufficient dollar coverage of the inventory
account
o Make sure that here is no discernable pattern to which locations are selected for
observation or the manner in which counts are made.
o Be skeptical of large or unusual test count differences.
o Be on the lockout for obsolete inventory (inventory that has not been used or moved
in some time, is stored in unusual locations or fashions).
o Eliminate, or at least minimize, inter-company and inter-plant inventory movement.
• There is always a reason why fraud takes place. Try to evaluate possible motives by
asking yourself questions such as:
o Is upper management under extreme pressure to meet financial projections?
o Is the company attempting to obtain financing secured by inventory?
o Is the company always out of cash and struggling to find funds for expansion?
• Interview key employees in a straightforward but nonaccusatory way. Ask questions such
as:
o Has anyone asked you to inflate inventory in any way?
o Was any inventory added to the count after it was completed?
o Has anyone asked you to alter the auditor’s inventory accounts?
o Has anyone asked you to not record purchases or to delay recording them?
o Has anyone asked you to capitalize items that should be expensed?
o Do you know of anyone in the company that is committing a fraud?

45
Sec. 3
• Perform detailed analytical procedures and then ask yourself the following questions:
o Has the percentage of inventory to total assets increased over time?
o Has the ratio of cost of sales to total sales decreased over time?
o Have shipping costs decreased as a percentage of inventory?
o Is inventory increasing faster than sales?
o Has inventory turnover slowed over time?
o Compared to previous periods, are cost of sales too low or inventory and profits too
high?
o Is the company’s gross profit percentage in line with expectations?
• Ask yourself the following questions about the accounting processes and records
o Have there been significant adjusting entries that have increased the inventory
balance?
o Were material reversing entries made to the inventory account after the reporting
period?
o Does the cost of goods sold on the books not agree with tax returns?
o Does the company have a complex system to determine the value of inventory?
o Are the company’s cutoff procedures unclear or ineffective?
o Are there cash disbursements related to the purchase of inventory subsequent to the
end of the period that were not recorded in the purchase journal?
o Is the company involved in a volatile or rapidly changing industry such as
technology?
o Does the summarized inventory contain an unusually large quantity of high-cost
items?
o If there have been product line or technology changes or rapid declines in sales or
markets, are there the expected write downs to market or provisions for obsolescence.
o Does the company use questionable procedures for determining or aggregating
inventory costs or are there any indications that erroneous or insupportable costs have
been applied?
RELATED PARTY SHAM TRANSACTIONS
Sham transactions have the appearance of genuine sales, but aren’t:

• Set up a company, sell goods at inflated prices
• Company becomes both the buyer and the seller
• One has big profits, other losses that can reduce taxes
• Buying company out of cash, seller loans them money
GAAP rules against this sort of behavior:

• FS should reflect arm's-length transactions between independent parties
• Revenue not recognized on related party transactions, even if relationship between the
two entities is disclosed
Related party sales arrangements associated with FS fraud:

• Sales with a guarantee that any unsold goods will be repurchased (thereby preventing

46
Sec. 3
revenue recognition)
• Sales with a guarantee from a seller-financed entity (such that the sales would be viewed
as an uncollectible receivable)
• Sales without substance (fund buyer to assure collection)
Vendor financing (lending customer money to buy products) can be valid business practices
• Lucent, Alcatel hurt after weak customers failed and defaulted on loans. Neither was
accused of fraud.
What is the line between valid business practices and fraud?

• Part is removing risk from transaction. (First two sales have a guarantee that the buyer
will not lose money.)
• Part is if sale has substance. (Third sale without substance.)
CATCHING RELATED-PARTY TRANSACTIONS
• Significant transactions with related-parties that:

o Are outside the ordinary course of business
o Are with unaudited entities
• Hard to determine who controls either entity in a transaction
• Revenues and earnings that always meet or exceed budgeted targets and analysts'
expectations
• Business practices with no apparent business purpose:
o Bank accounts, material operations in tax havens
o Highly complex organizational structure
Particular concerns for risk factors at the end of the reporting period:
• Highly complex or unusual transactions
• Material revenue transactions with significant variations from normal sales terms, such as
unusual payment terms
• Significant revenue recognized near period end
Identify related party relationships:

• Ask lawyers, predecessor auditors, others about parties on the other side of material
transactions
• Ask the company’s securities counsel about management relationships and review
registration statement disclosures
• Ask your tax and consulting people about involvement of management and others
involved in material transactions
• Review extent, nature of business transacted with borrowers and lenders as well as major
customers and suppliers
• Review management conflict-of-interest statements
• Examine records for material, unusual, non-recurring transactions and balances (especially
near end of reporting period)
• Examine payable and loan receivable confirmations for guarantees

47
Sec. 3
• Examine material cash advances, investments, and other disbursements, looking funds
dispensed to related parties
• Search for info about management, company. Use Internet search facilities and print
media (newspapers, phone books, and industry or trade publications).
CONCEALED LIABILITIES AND LOSSES
Companies can make financial statements look better by:

• Not reporting some of its liabilities or losses
• Moving some of them off of its books
Concealed liabilities and losses are hard for auditors to find:

• It is harder to audit something not on the books than to audit something on the books.
Example: Enron used several techniques to hide debt, book fake profits so FS looked
better than they really were
To move liabilities off the books, set up a special purpose entity, synthetic lease, securitization,
or an off-balance-sheet partnership.
Of key concern to investors, accountants, and others is:

• If partnerships material enough to report to shareholders
• Whether they should be shown on company Fin Statements
EXAMPLE: eBay and Novell use synthetic leases to finance buildings. A third party purchases
property and rents it to them. The building and lease obligation are not on the company’s BS
because the arrangement is treated as if it were a tenant in a traditional operating lease. This
improves key performance measures (debt-to-capital, return-on-assets ratios). Unlike a
traditional lease, synthetic leases have ownership benefits (interest, depreciation tax deductions).
The best of all worlds: no property or lease obligation, but interest and depreciation charges on
the IS.
RESERVES
Reserves should be set up that can be used for smooth financial returns:
• In good times, called cookie-jar accounting
• While restructuring, called the big bath
Financial statements are full of reserves and estimates:

• Losses on sales (Allowance for Doubtful Accounts)
• Loan and credit card losses
• Warranty costs
• Healthcare and insurance claims
• How long assets or natural resources will last
Since the future can’t be foreseen, estimates are just judgment calls.

48
Sec. 3
• Management does their best to estimate what will happen
Estimates are very susceptible to simple misestimation mistakes.
EXAMPLE: Sears. Between 1993 and 1996, the allowance for doubtful accounts dropped from
4.72% of A/R to 3.63%. Actual losses increased to 5.43% from 3.55%. Yet, Sears was
extending credit to more customers, many of whom were less credit worthy than other
customers. Sears had seven straight quarters of double-digit earnings growth during the decline
in the allowance rate. Rising delinquencies finally resulted in two quarters of negative earnings
growth in late 1997 and early 1998.
Estimates of future expenses and accompanying reserves can be used to smooth earnings and to
commit outright fraud.
• In profitable years, companies use very high assumptions to stash large amounts of
money in a reserve account.
• In lean years, boost earnings by harvesting the reserves.
o Lower assumptions and free up some or all of the money in the reserve to increase
profits.
EXAMPLES: Sunbeam, Cendant, Waste Management. As Sunbeam was collapsing in 1997, Al

Dunlap showed a huge earnings increase by reversing some reserves. Cendant and Waste
Management also hid significant financial problems by reversing reserves they had set up in
better times.
RESTRUCTURING CHARGES
Earnings can be smoothed by playing with write-offs and one-time restructuring charges.
Restructuring charges help companies to:

• Clean up their balance sheets
• Close plants
• Layoff people (severance packages, etc.)
• Reorganize its business
• Exit markets
• Change product mixes
When a company restructures its operations and takes a charge for doing so it:
• Estimates all related costs
• Reports all restructuring costs in the period when the changes are announced, even though
they may not be incurred until a later period.
Tremendous benefits to current period, one-time write-offs

• Wall Street usually ignores one-time losses
• Focuses on future earnings, which appear higher than they really are

49
Sec. 3
Company with a legitimate restructuring charge:
• Can throw all kinds of extra expenses into the charge
• Can reverse the charges later to increase income
If a company does not have a legitimate write-off or restructuring it can always come up with a
reason for one.
• Zacks Investment Research states that only 31 S&P 500 companies had a negative
nonrecurring item in 1992.
• Eight years later, in 2000, almost half (247 of the 500) reported negative nonrecurring
items!
• Furthermore, 28 of the largest 1,000 companies reported negative nonrecurring items for
eight quarters in a row.
If all of those charges are legitimate, they seem like a lot of bad decisions by some of the
brightest and highest paid executives in America.
An alternative explanation is that there are big bath charges that can be used in future periods to
manage earnings.
EXAMPLE: Former SEC chairman Arthur Levitt tells of a company that booked a large, one-
time loss to earnings to reimburse franchisees for equipment they had not yet purchased. At the
same time, the company announced future earnings would grow by 15% a year.
PENSION FUNDS ESTIMATES
Companies can play games with their pension funds to smooth out earnings. Companies who
offer employee pensions have a pension liability, which is an estimate of the future obligations to
their current and retired employees. Those liabilities are offset by a pension account that is
funded by the organization. The company invests the money in the pension fund and earns a
return on the fund. The higher the assumed rate of return on the fund, the smaller the payment
the company has to make in any given year to fund its pension obligations. If the fund and its
expected returns exceed the expected liability and the cost to operate the fund, the company can
take the excess as a pension credit, which increases earnings.
Historically the stock market returns about 10% a year, bonds return less, and more conservative
treasury bills and savings accounts return even less than 10%. Sound investment principles
would dictate that a company spread its money around among the investment options available to
it and that a fairly hefty amount of the fund should be in more conservative and lower return
investments. Based on that, what would you expect companies to earn on their pension funds?
AT&T, General Motors and IBM expect to earn 9.5%, 10% and 10%, respectively.
Why so high? The higher the forecasted rate, the less money the company needs to invest (and,
if high enough, the higher the pension credit). This causes more revenue to drop to the bottom
line, or the credits actually add to the bottom line.

50
Sec. 3
EXAMPLE: In 1982, IBM estimated that its pension fund would earn 5.5%. For almost 20
years the earnings rate has almost doubled to 10% (an increase of 4.5%). In 2000, IBM’s
pension assumptions showed that the fund would earn $896 million more than would be needed
to fund its pension fund. This allowed IBM to take that money and add it to its bottom line.
Unfortunately, if the assumption of 10% proves to be too low, sometime in the future IBM is
going to have to take a hefty charge to profits to boost the pension fund so it can meet its pension
obligations.
It is not hard to see how these pension assumptions can be used to manipulate income. By raising
the estimated return on pension funds, income increases, and by decreasing the estimate income
decreases. This method sounds like a great way to manage earnings—a fact that many
organizations have discovered and used.
DISCLOSURE FAILURES
Companies can perpetrate fraud by not reporting pertinent material in their financial statements.
The importance of adequate disclosure is illustrated by GAAP, which requires financial

statements to:
• Not be misleading
• Include all relevant and material information, either in the financial statements themselves
or in the footnotes
Understanding where fraudulent or inadequate disclosures are most likely to occur is important.
• A study of past disclosure frauds shows that there are five main areas where financial
statements are most susceptible to fraudulent disclosures.
• Understanding these four disclosure schemes will help auditors and others better prevent
and detect disclosure fraud.
1. Failure to disclose liabilities. To present the company financial statements in a

better light, management may choose to intentionally not disclose liabilities such as
loan covenants or contingent liabilities.
2. Failure to disclose significant events. Potentially, there are many events that could
affect the financial statements now or in the future. Among them are product or
manufacturing obsolescence, competitor products, new technology, and actual or
potential lawsuits.
3. Failure to disclose accounting changes. Companies occasionally change accounting

methods and practices, such as depreciation method, revenue recognition criteria, and
accrual calculations. If the changes have a material impact on the financial statements
they must be disclosed.
4. Failure to disclose related party transactions. Occasionally, a member of

management will have a financial interest in a customer, supplier, etc. These

51
Sec. 3
relationships must be disclosed.
EXAMPLE: In 1997 Tei Fu and Oi-Lin Chen were charged with tax evasion for under reporting
1987-90 income by $125 million. The Chens allegedly had foreign companies they owned that
overcharged Sunrider, their US company, for ingredients. The Chen’s prepared two separate
invoices for each foreign transaction. The one for Customs showed the correct prices. The one
for tax purposes showed the inflated prices (by 50% to 900%). The scheme dramatically
understated Sunrider’s profits and their US tax liability. They paid for the ingredients by wiring
millions of dollars to overseas accounts. To bring the money back into the US, they purchased
real estate and Chinese antiques. To save customs charges they grossly understated the value of
the antiques and other items that they brought into the U.S.
1. Failure to disclose management fraud. Any type of management fraud, regardless of

the amount, should be evaluated to see if it should be disclosed.
UNCOVERING UNDISCLOSED DISCLOSURES
Financial statements are the responsibility of management. Auditors are responsible for attesting
that the financials are presented fairly.
One of the difficulties that auditors have is making sure that all relevant disclosures are in the
financial statements. This difficulty arises from the fact that auditors may not know if
management has disclosed everything that is needed to ensure that the statement fairly presents
the condition of the company financially.
To maximize chances of uncovering items that are not disclosed by management, auditors
should:
1. Request a letter from all of the law firms that the company has used, asking them to let
you know of any potentially damaging lawsuits or other liabilities the company may
have.
2. Compare current and prior financial statements to determine whether the company has
changed accounting principles or methods.
3. Interview key company personnel, such as engineers, sales representatives, shipping and
receiving personnel, and accounting and finance employees. Ask these individuals about
possible significant events. Also, in a nonaccusatory tone, ask if they suspect anyone of
stealing from the company or misrepresenting the company’s financial statements.
4. Carefully review financial institution documentation, looking for undisclosed loan
covenants.
5. Examine legal documents (sales contracts, warranty agreements) to find contingent
liabilities.
6. Search public records (federal and state level) looking for any lawsuits that the company
is a party to. While searching state records, be on the lookout for company officers that
are owners or officers of another corporation.
7. Search the Internet for everything you can on the company and its key officers. Review
newspapers, press releases, biographical sketches, credit reports, etc. Look for clues to

52
Sec. 3
possible conflicts or controversy.
8. Ask for unrestricted access to company’s filing cabinets. This provides some advantages:
o It is an opportunity to assess how the client reacts. While the client can decline, if the
company puts up strong resistance, perhaps there is a reason why. While many honest
companies will not be too thrilled with the idea of auditors rummaging through their
files and may rebuff such a request, the key to pay attention to is the company’s
reaction to the request.
o When the auditor requests documents, the client has time to omit (or alter) important
accounting evidence. With unrestricted access, the auditor can look for items not in
the books and records such as memos, business plans, competitive and market
information, etc.
o A dishonest client does not have time to manufacture evidence.

53
Sec. 3

Wiley 2015 p2

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Wiley 2015 p2

Diunggah oleh

Hak Cipta:

Format Tersedia

ACPEN 2010

Business Fraud, Internal Controls,

November 10, 2010

Accounting Continuing Professional Education Network

Live Webcast Replays:

June 23, 2010 Not-For-Profit Accounting, Auditing & Tax Update

Live Webcast Replays:

July 21, 2010 Governmental Accounting & Auditing Update

Live Webcast Replays:

August 25, 2010 Compilation and Review Update

Live Webcast Replays:

September 22, 2010 Representing Clients in the Marriage Dissolution

Live Webcast Replays:

November 10, 2010 Business Fraud, Internal Controls, and Forensic

Live Webcast Replays:

December 8, 2010 Annual Tax Update

Live Webcast Replays:

May 18, 2011 Construction Industry Accounting & Tax Issues

Live Webcast Replays:

For additional information or questions contact

Want to Learn More About ACPEN?

For additional information about ACPEN products and services contact:

ACPEN broadcasts are designed to be interactive!

Its easy to ask questions during the broadcast:

The Learning Continues After the Broadcast!

ACPEN On-Site Group Study

Compilation & Review Clinic: Basic and Advanced Issues

An Accountant’s Guide to Handling Clients’ Investments---Accounting, Tax and Planning

2009 Accounting & Auditing Update

2009 Governmental Accounting & Auditing Update

2009 Not-For Profit Accounting, Auditing, and Tax Update

Understanding & Controlling Business Fraud: Accounting & Legal Issues

Detecting & Controlling Business Fraud

Estate & Financial Planning for the Small Business Owner

Tax Planning for Small Businesses

Partnership and LLCs Tax Update

Effective Handling of Tax Audits and Appeals

An Accountant’s Guide to Handling Clients’ Investments---Accounting, Tax and Planning

2009 Annual Tax Update

2009 Not-For Profit Accounting, Auditing, and Tax Update

Personal Development, Corporate & Industry Subjects

Detecting Fraud in Government & Non-Profit Organizations

2008 Accounting & Auditing Update

Controllership—Restoring Credibility in a Tarnished Profession

Effective Controllership Skills

The Controller as Value-added Contributor

Key Skills for the 21 st Century Industry Accountant

A CPA’s Guide to Buying & selling Businesses

2008 Governmental Accounting & Auditing Update

2008 Not-For Profit Accounting, Auditing, and Tax Update

Understanding & Controlling Business Fraud:

Detecting & Controlling Business Fraud

Business Fraud Challenges & Responses:

Tax Planning for Small Businesses

Personal Financial & Estate Planning in Cases of Marital Dissolution

An Accountant’s Guide to Handling Clients’ Investments---Accounting, Tax and Planning

College Financial Planning for CPAs

Representing the Elderly Client

Estate Planning Skills

Effective Estate Planning & Administration Techniques

Developing & Expanding Your Personal Financial Planning Practice

Business Client Services

Estate & Financial Planning for the Small Business Owner

Tax Planning for Small Businesses

City/State: ________________________________ Check if Webcast: _