Fraud Checks Raise Audit Costs
Thanks to the federal Sarbanes-Oxley Act of 2002 and new financial accounting standards from the American Institute of Certified Public Accountants that mandate deep fraud checks, public accountants and auditors are digging into a side of business that isn’t funny — fraud.r
“It definitely puts us in the role of a cop,” said Hal White, a managing partner of Jones & Co. Ltd. of Jonesboro. “We’ve always had that role to some degree, but it’s never been this onerous.”r
Arkansas accounting firms, like their counterparts across the country, are looking into the nooks and crannies of public and private companies’ books as never before. Audits are longer; require more work, training and technology; and are forcing double-digit increases in the fees charged for the extra work, training and technology associated with their new burdens. Smaller accounting firms could feel the pinch.r
It’s all designed to throw a tourniquet on the type of bloody corporate scandals that toppled Enron, WorldCom and the Arthur Andersen accounting firm. It’s also designed to stem what accountants call “misappropriation of assets,” which is believed to make up more than 85 percent of fraud.r
In its 2002 Report to the Nation on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners estimated 6 percent of business revenue nationwide would be lost due to fraud and abuse — some $600 billion, or $4,500 per American worker. The report was based on a survey of 663 workplace fraud cases.r
Although fraudulent statements make up just 5.1 percent of fraud cases, according to the ACFE report, the median associated loss is greater than other fraud incidents at about $4.25 million.r
Asset misappropriation, estimated to be 85.7 percent of fraud cases, has a median associated loss of just $80,000. Corruption — using influence in a business transaction for personal benefit — represents 12.8 percent of cases and has an associated loss of $530,000.r
“Auditors in the past have shied away from fraud detection,” White said. “There has always been a resistance from CPAs to raise the bar on finding fraud.”r
r
New Standardsr
Auditors received their new marching orders from Sarbanes-Oxley, which mostly affects auditors of public companies, and the nearly deputizing aspects of AICPA’s Statement of Accounting Standards-99.r
“There is a more direct requirement for fraud accounting (with SAS-99),” said Steven Warren, managing partner of BKD LLP’s Little Rock office. “It lays out fairly extensive procedures we have to adopt.”r
SAS-99 requires an aggressive pursuit of potential avenues of fraud and even tries to make auditors think like the perpetrators.r
“(SAS-99) requires brainstorming sessions for auditing firms prior to an audit,” White said. “One of the questions we have to ask ourselves is, ‘If we wanted to steal money from this company, how would we do it?’ Everyone sits around and asks where the weaknesses are, what are the weak spots. Are there fake vendors or fake employees?”r
Auditors now must assess whether the company is legitimately claiming revenue and scrutinize the company’s internal financial controls.r
“We have to discuss fraud potential, risks and subjective items, and where risk is greatest,” said Mike Haigh, manager of Deloitte & Touche’s Little Rock office.r
Tacticsr
Although not an axiom, fraud checks typically begin with risky employees. Do they have debt, gambling problems or other problems that could cause them to defraud the company?r
Compensation that’s based on performance incentives can also be a good place to start, Haigh said, because such packages can tempt executives to overstate revenue or earnings for their own gain.r
“It doesn’t mean there is fraud, it’s just someone who might have an incentive,” he said.r
Executives, who tend to be well-educated white men, make up 47 percent of fraud cases, according to the ACFE report. The median associated fraud loss jumps from $18,000 for those age 26 and younger, to $150,000 for those 41-50, to $500,000 for those 60 or older, according to the ACFE’s report.r
Haigh said auditors now also examine the culture of company, internal controls and, of course, financial statements.r
“Large journal entries made toward the end of the year can raise signals. We have to ask, ‘Does it look funny?'” Haigh said. “What we look for is whether they are not systematically entered or are they large, out-of-the-ordinary entries. But large entries are not necessarily unusual, as companies tidy up at the end of the year.”r
White said auditors can use data extraction software to download directly from client files as well as fraud detection software programs. For instance, they could compare a vendor list to an employee address list to see where payments are going, check inventory for deleted items or look for large, anomalous group data transactions.r
“(Clients) will be surprised by the process we’ll use and the things we’ll find,” White said. “Most don’t believe fraud can occur in their organizations. And when it’s discovered, they’re flabbergasted. It can be shattering.”r
About 61 percent of companies involved in ACFE’s study had fraud insurance.r
Background checks, anonymous tip reporting mechanisms, and internal and independent audits are the best tactics for hemming in fraud, according to the ACFE report. Familiarity with a business sector helps auditors also.r
“In our business, if you have lots of clients in the same industry you learn about the businesses, their standard performance ratios and you learn to look for what’s out of the ordinary,” BKD’s Warren said.r
r
What Is Revenue?r
Tracking revenue, which may seem to be a business basic, can actually be complicated and tricky, according to Warren.r
“So is it revenue when a deal is struck or upon receipt of payment? If a company gets a construction contract for millions of dollars, when should it put the revenue in the books? Reporting too soon can lead to over-reporting revenue,” he said.r
A company trying to make budget might “make up sales at the end of the year” to make the bottom line look better and justify it with the belief “it’s going to be better next year” and revenue will catch up to the overstated amount, Warren said.r
Other items that frequently are incorrectly marked down as revenue include “stock placements” or “equity infusions” — a common maneuver of struggling dot-coms from a few years ago. It also includes business-to-business trades in which no cash changes hands.r
Companies looking to mislead potential investors have been known to record high revenue figures that make the company look healthier while the bottom line is still sickly from offsetting expense items.r
And if the auditors find fraud? For a public company, auditors notify the U.S. Securities and Exchange Commission — and potentially other regulatory agencies — and a company’s audit committee, board of directors or high-level executives. Auditors have no reporting obligations for private companies, unless the company is part of a regulated industry, such as banking.r
Prior to the toughening of standards, the most common method for detecting fraud was through tips from employees, customers, vendors or anonymously, at 46.2 percent of the time, and by accident, at 18.8 percent of the time, according to the ACFE report. Internal auditing made the bust 18.6 percent of the time, and internal controls caught 15.4 percent of cases.r
rCHARTr
r2002 Fraud Losses by Organization Typer
rCategory———% of Total Cases——Median Loss
rPrivate—————31.9%——————$127,000
rPublic—————30.0%——————$150,000
rGovernment Agency—24.7%————$48,000
rNonprofit—————13.4%————$40,000r
rSource: Association of Certified Fraud Examiners