46,99 €
46,99 €
-100%
Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Fachliteratur
- Sprache: Englisch
- How to measure your organization's fraud risks - Detecting fraud before it's too late - Little-known frauds that cause major losses - Simple but powerful anti-fraud controls Proven guidance for fraud detection and prevention in a practical workbook format An excellent primer for developing and implementing an anti-fraud program, Anti-Fraud Risk and Control Workbook engages readers in an absorbing self- paced learning experience to develop familiarity with the practical aspects of fraud detection and prevention. Whether you are an internal or external auditor, accountant, senior financial executive, accounts payable professional, credit manager, or financial services manager, this invaluable resource provides you with timely discussion on: * Why no organization is immune to fraud * The human element of fraud * Internal fraud at employee and management levels * Conducting a successful fraud risk assessment * Basic fraud detection tools and techniques * Advanced fraud detection tools and techniques Written by a recognized expert in the field of fraud detection and prevention, this effective workbook is filled with interactive exercises, case studies, and chapter quizzes and shares industry-tested methods for detecting, preventing, and reporting fraud. Discover how to become more effective in protecting your organization against financial fraud with the essential techniques and tools in Anti-Fraud Risk and Control Workbook.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 304
Veröffentlichungsjahr: 2009
0,0
Bewertungen werden von Nutzern von Legimi sowie anderen Partner-Webseiten vergeben.
Legimi prüft nicht, ob Rezensionen von Nutzern stammen, die den betreffenden Titel tatsächlich gekauft oder gelesen/gehört haben. Wir entfernen aber gefälschte Rezensionen.
Ähnliche
Table of Contents
Title Page
Copyright Page
Preface
A Short History of Fraud
About This Book
About White-Collar Crime 101 LLC
Acknowledgements
CHAPTER ONE - Why No Organization Is Immune to Fraud
What Is Fraud?
Myths and Realities about Fraud
The Urgency of Detecting and Preventing Fraud
Tone at the Top
Review Points
Chapter Quiz
CHAPTER TWO - The Human Element of Fraud
Who Commits Internal Fraud?
Why People Steal
People: The Key to Detection and Prevention
Review Points
Chapter Quiz
CHAPTER THREE - Internal Fraud: Employee Level
How Big a Problem Is Internal Fraud?
Overview of Employee-Level Fraud
Red Flags of Employee-Level Fraud
Preventing Employee-Level Fraud
Review Points
Chapter Quiz
CHAPER FOUR - Internal Fraud: Management Level
T&E Fraud and Abuse
Bribery
Conflicts of Interest
Misuse of Organization-Owned Assets
Fraudulent Financial Reporting
Red Flags of Management-Level Fraud
Preventing Management-Level Fraud
Review Points
Chapter Quiz
CHAPTER FIVE - External Fraud: Protecting Against Dishonest Outsiders
Types of External Fraud
The “SCAM” Model
Red Flags of External Fraud
Preventing External Fraud
Review Points
Chapter Quiz
CHAPTER SIX - Conducting a Successful Fraud Risk Assessment
Procedures for Conducting a Fraud Risk Assessment
The Roles of the Board and Management in Fraud Risk Assessments
Review Points
Chapter Quiz
CHAPTER SEVEN - Basic Fraud Detection Tools and Techniques
Basic Fraud Detection
Review Points
Chapter Quiz
CHAPTER EIGHT - Advanced Fraud Detection Tools and Techniques
Internal Audit and the Audit Plan
Essentials of Fraud Auditing
Essentials of Automated Auditing
Review Points
Chapter Quiz
APPENDIX A - Answers to Chapter Quizzes
APPENDIX B - Answer Key for Case Studies
APPENDIX C - An Introduction to Cyber Fraud
Resources
Notes
Glossary
About the Author
Index
Copyright © 2009 by Peter Goldmann. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. For more information about Wiley products, visit our web site at www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Goldmann, Peter, 1953-
Anti-fraud audit and control workbook / Peter Goldmann.
p. cm.
Includes bibliographical references and index.
eISBN : 978-0-470-52494-7
1. Fraud—United States—Case studies. 2. Fraud—United States—Prevention. 3. Auditing. 4. Forensic accounting. I. Title.
HV6695.G585 2009
658.4’73—dc22
2009015536
Preface
“Few people begin their careers with the goal of becoming liars, cheats, and thieves. Yet that turns out to be the destiny of all too many.”
—Joseph T. Wells, Founder and Chairman, Association of Certified Fraud Examiners
This quote says it all when we refer to the perpetrators of fraud. The world’s great anti-fraud guru, Joe Wells, teaches us the critical reality that most people are either honest or want to be. They don’t, as Wells points out, set out to be career fraudsters.
The problem is that life’s inevitable curveballs sometimes are all it takes to push a fundamentally moral, honest individual to cross the line from integrity to crime. The Anti-Fraud Risk and Control Workbook is designed to give internal auditors, accountants, and other financial professionals in all organizations a foundation of practical knowledge about the fraud that can impact their organizations.
This book appears at a time when the need for awareness about the mechanics of major types of internal and external fraud and the red flags that raise suspicion is more acute than in recent memory. For years, the incidence of fraud has been steadily increasing and along with it, the number of dollars lost to these crimes. And while this is clear evidence that fraud flourishes during periods of economic growth and prosperity, it virtually explodes when the economy turns south.
Naturally, we all hope that the recession that commenced in 2007—or any future recession for that matter—won’t motivate too many fundamentally honest people to add further credence to Joe Wells’s apt observation. However, regardless of the economy’s vicissitudes in coming months and years, history proves that the “fraud problem” will undoubtedly worsen. The key for management is to acknowledge this, raise the task of fraud risk mitigation much higher on the organization’s priority list, and allocate the human and financial resources necessary to at least eliminate as many of the identifiable fraud risks threatening it now and in the future.
The following pages are the product of several years of research and writing about ways to battle the seemingly relentless assault on institutions of all kinds by fraudsters of all kinds. It is hoped that some of the many fraud-fighting tools from the contents of this book will assist dedicated managers in safeguarding their organizations’ reputations and assets.
—Peter Goldmann, June 2009
A Short History of Fraud
Fraud against organizations of all kinds has been around forever. However, with the rapid growth of Western capitalism in the 19th and 20th centuries, the temptations for employees and outsiders to steal from the increasingly numerous institutions spawned by the explosive success of free market commerce began to spread.
Even seemingly honest employees and outsiders, such as vendors or customers, found themselves increasingly tempted to exploit opportunities in the financial and operational functions of corporations, banks, government agencies, and non-profit organizations to enrich themselves illegally.
By the early 1920s, Western financial markets had become relatively modern. They had fueled the capitalization and rapid growth of major industries such as automobiles, broadcasting, construction and oil, transportation and chemicals.
However, along with the industrial race to technological modernization and the huge fortunes amassed by investment banks, their corporate clients, and the wealthy individuals who traded stocks and bonds, came rampant greed on the part of the “haves,” while America’s “have-nots,” whose ranks swelled through the devastation of the Great Depression, became increasingly motivated to defraud “the system.”
The boom ended with a disastrous bust starting on October 29, 1929 when Wall Street experienced its first bona fide crisis. Not long after that—1933 to be exact—the world’s first major anti-fraud legislation was passed. The genesis of the Securities Act of 1933 was nicely summarized by Deepa Sarkar while a student at the Securities Law Clinic at Cornell University Law School:
In the period leading up to the stock market crash, companies issued stock and enthusiastically promoted the value of their company to induce investors to purchase those securities. Brokers in turn sold this stock to investors based on promises of large profits but with little disclosure of other relevant information about the company. In many cases, the promises made by companies and brokers had little or no substantive basis, or were wholly fraudulent. With thousands of investors buying up stock in hopes of huge profits, the market was in a state of speculative frenzy that only ended . . . when the market crashed as panicky investors sold off their investments en masse.
In reaction to this calamity, and at President Franklin Roosevelt’s instigation, Congress set out to enact laws that would prevent speculative frenzies. After a series of hearings that brought to light the severity of the abuses leading to the crash, Congress enacted the Securities Act of 1933.1
Unfortunately, while the “’33 Act,” as it was often called, did significantly reduce insider trading, phony securities schemes, and other investment scams, it failed to address the problem of corporate financial fraud involving “cooking the books” by manipulating sales, earnings, and other financial results, and perpetrating other schemes that either misled the investing public or illegally enriched the top executives who ran these companies—or both.
In 1985, in response to widespread U.S. campaign finance fraud and overseas bribery, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission was formed. Its mandate: To develop accounting rules and procedures to prevent the increasingly widespread practice of illegal financial reporting. COSO was initially sponsored by five major U.S. financial organizations:
• American Institute of Certified Public Accountants (AICPA)
• American Accounting Association (AAA)
• Financial Executives Institute (FEI)
• Institute of Internal Auditors (IIA)
• Institute of Management Accountants (IMA)
COSO came up with the original concept of “Internal Controls” with regard to corporate financial reporting. It published a set of guidelines to assist accountants and auditors to ensure that their organizations did not fall victim to the illegal ways of dishonest financial executives, top managers, and accountants.
Despite its noble intentions, the so-called COSO Framework did not stop large U.S. corporations from abusing the trust of their boards and shareholders, not to mention the loopholes in accounting laws and rules.
The result. Enron, Tyco, Worldcom, Adelphia, and a now well-known string of other massive corporate financial scandals of the late 1990s and early 2000s. This prompted Congress to take another shot at devising legislation that would restore public confidence in the U.S. capital markets and erect substantive regulatory deterrents to future large-scale white-collar crimes. The result was the Sarbanes-Oxley Act of July 2, 2002. This Act—widely referred to as “SOX”—laid the groundwork for a world standard for the integrity of publicly reported financial information.
SOX contains stringent financial reporting rules and penalties for noncompliance for corporate boards, executives, directors, auditors, attorneys, and securities analysts. Advocates touted the new law as powerful action that would at long last protect the investing public. Skeptics, by contrast, argued from the beginning of the SOX debate that implementing such a law would not make the problem of fraudulent financial reporting go away.
Regrettably, the latter were right. While the United States has not sustained a fraud-fueled corporate implosion of Enron proportions since SOX came into effect in 2002, statistics show that institutional fraud has not been deterred. On the contrary, as you’ll see in the next section, fraud has actually skyrocketed in recent years.
The same applies internationally. Scandals at Germany’s Siemens AG, Italy’s Parmalat, South Korea’s Daewoo, numerous Russian financial institutions, and Chinese manufacturers prove that international regulations for financial management, auditing, and reporting are desperately needed.
A promising milestone was reached in 2002 when the U.S. accounting industry implemented Statement on Auditing Standards #99 (SAS 99) which placed unprecedented responsibility on auditors for detecting fraud in organizations’ financial records. Much of the rest of the world followed suit in 2003. And in 2004, the International Federation of Accountants (IFAC) completed work on International Standard on Auditing (ISA) #240, a virtual mirror-image of SAS 99.
The result. With IFAC’s 123 member countries now committed to audit standards specifically designed to screen for fraud, most of the world’s auditors now have clear guidelines for detecting fraudulent financial activity in their clients’ financial records.
Important. While SAS 99 and ISA 240 are directed principally at external auditors, the Institute of Internal Auditors (IIA) has strongly endorsed the fraud-auditing methods and procedures contained in these critical standards for all internal professionals in a position to detect fraud.
The question for investors, customers, vendors, and managers now is whether the global financial and economic meltdown of 2008-2009 will render the new laws, regulations, and audit guidelines impotent in the face of the inevitable increase in pressure to cook the books, embezzle funds, and commit a variety of other frauds that come along with all major economic downturns.
Most anti-fraud experts concur that no matter how well-written the rules may be, institutional fraud will always spike upward when economic and financial markets are slumping. It can only be hoped that history will show the Great Global Meltdown of 2008-2009 to have passed without the heavy fraud-generated corporate casualties that many doomsayers had predicted leading up to the crisis.
About This Book
The Anti-Fraud Risk and Control Workbook is not industry-specific, and therefore of value to professionals in all corporate, not-for-profit, and government entities. Other workbooks in this series address specific industries such as financial services, healthcare, and not-for-profit.
Chapter 1 gives you a sense of just how extensive and costly the current fraud “problem” is with an array of key statistics. Chapters 2-5 delve into the two main types of fraud—internal and external—including the important differences between frauds committed by employees and those committed by their superiors in senior and executive management positions. The remaining chapters (6-8) provide detailed advice on how to detect and prevent fraud in your organization.
All of the workbooks in this series aim to engage readers in an easy-to-follow combination of instructional text and interactive exercises. The Anti-Fraud Risk and Control Workbook includes:
• Sixteen case studies of actual frauds, included to help illustrate key points in the chapter. Each case study includes an overview of how it happened, a recap of the key points, and the question “How Could This Have Been Prevented?” List as many preventive measures as you can, and then check your answers against the ones found in Appendix B. As you progress through the Workbook, your list of measures will grow as you become more knowledgeable about the dynamics of how fraud is committed, detected, and prevented.
• End-of-chapter quizzes to help you test your newfound knowledge. Answer as many questions as you can and then check them against the answer key found in Appendix A. These quizzes contain no trick questions; they are standard-format questions to help you complete the Workbook, earn your CPE credits, and—most importantly—help you fight fraud and corruption at your organization.
Remember
Throughout this Workbook, you will see boxes titled “Remember.” These are flags for key facts, concepts or topics to pay particular attention to as you build your knowledge about fraud.
About White-Collar Crime 101 LLC
White-Collar Crime 101 LLC (WCC 101) was founded in 1998 in Connecticut by Peter Goldmann, a graduate of the London School of Economics, and an established business journalist who had reported and edited many domestic and international business publications.
The company came into being as the result of Mr. Goldmann’s acquisition of a monthly newsletter called White-Collar Crime Fighter directed primarily at law enforcement personnel.
After acquiring the publication, Mr. Goldmann redesigned it and reformulated its purpose and content, thus establishing it as the only monthly subscription-based publication designed to provide useful, actionable, anti-fraud advice and insight to the private sector.
Over the following years, White-Collar Crime Fighter published articles based on interviews and contributions from hundreds of top U.S. and overseas antifraud experts from the fields of auditing, accounting, law, investigation, forensics, finance, compliance, and regulation.
Today, the publication enjoys a reputation as a leading source of reliable “how-to” information on detecting, preventing, investigating, and prosecuting fraud.
Thanks to White-Collar Crime Fighter’s success, several subscribers approached WCC 101 asking if the company provided employee fraud awareness training. At the time, around 2001, the answer was no. However, Mr. Goldmann wondered why large corporations were coming to his publication for training. It must have meant, he reasoned, that no one else was offering such training, which to him seemed like a basic anti-fraud imperative for any organization, given the already serious and continuously growing threat of fraud.
After some digging, the WCC 101 team determined that indeed, there was no such “employee-friendly” anti-fraud training on the market. There was plenty of training for “the profession”—for fraud examiners, accountants, auditors, and law enforcement investigators; but nothing that taught employees how to recognize the red flags of fraudulent conduct in their organizations or how to report such incidents if they were detected.
Long story short, Mr. Goldmann resolved to fill this gap in the market for antifraud tools. He conceived and developed FraudAware, a customizable Web-based (“E-Learning”) fraud awareness course designed for large companies. The basic, “generic” FraudAware program was completed in mid-2002—just around the time when Congress was dotting the “i’s” and crossing the “t’s” of the Sarbanes Oxley Act.
As executives of public companies (FraudAware’s initial targeted market) quickly learned that SOX compliance was going to cost them multiple millions of dollars and countless hours from the schedules of their internal auditors, accountants, senior financial executives, and attorneys, employee fraud awareness training was a decidedly low priority.
By 2005, as the financial and human resources burdens of SOX compliance had begun to decline, management at many organizations began to realize that despite its massive investments in SOX compliance, the problem was not getting better, in fact it was getting worse.
The result. A growing number of organizations began to realize that they had to mobilize their greatest asset—their employees—to actively assist in the fight against fraud.
FraudAware training became a logical tool for accomplishing this, and indeed in recent years, the team of FraudAware subject matter experts, instructional designers, and E-Learning “techies” has been extremely busy, implementing customized training courses at organizations in all major industries in the United States and overseas.
Today, WCC 101 is the premier provider of published anti-fraud information and maintains the largest searchable Web-based archive of practical actionable fraud prevention information. It also has a reputation of being the only provider of customized anti-fraud training designed, developed, and implemented by a team of top SME’s and instructional professionals.
With the publication of The Anti-Fraud Risk and Control Workbook, WCC 101 adds another valuable source of practical anti-fraud training and guidance.
Acknowledgments
This workbook would not have been possible without the generous support and assistance of the following thought leaders in fraud prevention, detection, and investigation:
• Stephen Pedneault, CPA, CFE, Forensic Accounting Services, LLC
• Jeffrey Rossi, CPA, CFE, J.H. Cohn, LLP
• Christine Doxey, CAPP, CCS, Vice President of Business Development, Business Strategy Inc.
Thanks also to the many anti-fraud experts who generously shared their time to be interviewed for articles published in White-Collar Crime Fighter thereby enabling me to acquire valuable new knowledge for this project.
Appreciation also goes to John Wiley & Sons for choosing to add this new workbook format to its impressive array of anti-fraud titles.
CHAPTER ONE
Why No Organization Is Immune to Fraud
Did you know that:
• Organizations lose an average of 7 percent of gross revenue to fraud every year? In 2008 that represented approximately $994 billion.1
• The most common method by which fraud is detected is tips? Over 46 percent of cases that are detected are reported via a tip from an employee, vendor, or other whistle-blower.2
• Fraudulent financial reporting—the main form of management fraud, is twice as common in organizations as billing schemes—the most common form of employee-level fraud?3
• Organizations that implement entity-wide fraud awareness training cut fraud losses by 52 percent?4
• Seventy-four percent of employees report that they have observed or have firsthand knowledge of wrongdoing in their organization in the past 12 months?5
• The average fraudulent financial reporting fraud costs the victim organization $2 million, while the average loss per incident of billing fraud is only $100,000?6
• The majority of public companies investigated by the Securities and Exchange Commission (SEC) for fraud subsequently suffer a substantial decline in stock price (50 percent or more)?7
• It takes an average of 24 months for a fraud to be detected?8
• One-third of large-organization executives say they have no documented investigative policies or procedures for fraud, and one-half have no incident response plan?9
• One-quarter of companies consider themselves highly vulnerable to information theft, and 29 percent have experienced information theft, loss, or attack in the past three years?10
• The most common type of fraud affecting institutions, by far, is theft of assets—which can include money, services, or physical assets?11
Chapter 1 introduces the critical notion that you as a financial professional have considerable power to prevent, detect, and report fraud. The chapter also covers the following topics:
• The multiple definitions of fraud that make it critical to clarify the real meaning of the term in your mind
• A number of widespread myths about fraud and the realities that they misinterpret
• Management’s role as the standard setter for an ethical and law-abiding institutional culture
It is not possible to compile a workbook on fraud fighting without relying to a considerable degree on the prodigious and wide-ranging research conducted by the Association of Certified Fraud Examiners (ACFE). However, in addition to this authoritative body, founded in 1988 in Austin, Texas, by Joseph T. Wells, the Big Daddy of the anti-fraud profession, there are other respected institutions whose research provides additional useful material for the study of institutional fraud.
As with the list of statistics that open the chapter, the following pages draw on key findings of numerous prominent consulting, research, and academic institutions that are active in supporting the fight against fraud in organizations of all kinds—corporations, both public and private, not-for-profit organizations, and governmental agencies. These carefully selected statistics provide a framework defining the vast scope of the fraud problem. With the perspective provided by these data, you will be equipped with a solid understanding of the magnitude of the fraud problem, along with key trends and patterns in major categories of fraud.
What Is Fraud?
Most people involved in the fraud-fighting business have their own concept of what fraud is—and what it isn’t. As a result we have a grab bag of definitions to choose from in guiding our day-to-day work. Some are legal definitions. Others are academic, while still others are based on personal experience. Out of the lot, the most useful definitions boil down to two.
According to the ACFE, fraud is:
Any illegal acts characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by individuals and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.12
According to the American Institute of Certified Public Accountants (AICPA), fraud is:
A broad legal concept that is distinguished from error depending on whether the action is intentional or unintentional.13
Exhibit 1.1 White-Collar Crime 101 Definition
The bottom line. Regardless of whose definition of fraud you accept, you will find that nearly all incidents of fraudulent activity—also called white-collar crime—fall into one or both of two categories: Theft and Deception. Exhibit 1.1 is a graphic illustration of this dual-category definition of fraud, as formulated by White-Collar Crime 101.
Myths and Realities about Fraud
One of the key reasons for the astounding breadth and depth of the fraud problem is that management often operates under the false impression that its organization is immune to fraud.
More precisely, top executives like to think that because they have complied with rules and laws requiring them to put internal controls in place, they are adequately protected against attacks by white-collar criminals. In reality, no organization—no matter how well-designed its internal controls against fraud are—can ever be fully protected against determined fraudsters. The bad guys always find loopholes or weaknesses in your operations that they can exploit to steal cash, forge checks, collude with vendors, falsify financial reports, steal confidential data, or commit any of a million other crimes that cause either financial or reputational damage—or both.
In addition to this false sense of self-protection, other common yet potentially costly misconceptions that senior managers often have about fraud are illustrated in the following myths.
• Myth #1: Ethics and Compliance Training “Has Us Covered”
This myth assumes that such training addresses key issues about fraud and instructs employees how to detect the red flags of fraud and how to report it. See Exhibit 1.2.
In fact, compliance and ethics typically have little to do with fraud. Nearly all organizations have a code of ethics on which this training is based. However the vast majority of such codes don’t even contain the word “fraud.”
In most organizations, such a code informs employees about issues like sexual harassment, antitrust issues, accepting gifts from vendors, and other ethical matters that are important—but are not related to fraud.
The important thing to remember is that while all fraud is unethical, not all unethical conduct is fraudulent. For example, accepting a generous gift from a vendor—such as a free vacation, tickets to professional sporting events, or other such items—is unethical and most likely in direct violation of your organization’s ethics policy. However, such gifts are not necessarily illegal, and hence they often do not represent fraud.
Exhibit 1.2 Fraud Training versus Ethics Training
• Myth #2: Our Finance Staff Are Qualified to Protect Us Against Fraud
This notion is equally misconceived. Internal auditors, financial managers, accountants, treasurers, and other professionals in most organizations are usually untrained in fraud detection and prevention, and they most certainly are not trained—let alone expected—to be fraud investigators. However, in many organizations, there is growing pressure for internal auditors and other financial managers to focus more on fraud detection—which may be one reason you are reading this book!
• Myth #3: We Have Very Little Fraud Here
The problem arises when this assumption is made without firm quantitative proof. In too many organizations, senior management believes there is little fraud because management wants to believe that. In the meantime, employees, vendors, or customers could be stealing huge amounts of money.
One of the most stunning examples of the “we-have-no-fraud-here” myth is the case of subprime mortgage fraud. Banks were lending money to unqualified mortgage borrowers by the billions in the 1990s and leading up to the housing crash that began in early 2007. Because housing prices were on a historic upward trend, top executives at large mortgage lenders were making money hand over fist as their sales people, underwriters, and independent mortgage brokers essentially threw every standard for loan qualification out the window, confident that if a borrower ultimately proved unable to make the monthly payments, the bank could foreclose and sell the property at a profit.
What the bankers failed to address was the question of how much fraud was being perpetrated by brokers, appraisers, attorneys, and even their own underwriters in order to meet increasingly challenging quotas for loan closings.
The truth was that throughout the country, lenders were approving more and more so-called liar’s loans, a colloquialism for “stated income” loans—which are approved by lenders without checking tax returns, employment history, credit history, or any other pertinent financial background on the applicant. Moreover, leading up to the subprime crisis, prospective borrowers were virtually encouraged by mortgage brokers to defraud lenders by filling out mortgage applications with completely fictitious income figures and making up numbers reflecting their assets and liabilities and so forth. But to shareholders, regulators, and the general public, bank executives claimed that their lending operations where completely professional and that no fraud was involved.
The truth only came out after the crash—when regulators, lenders’ attorneys, and politicians started digging into the matter and discovered that as much as 90 percent of stated income loans were made despite at least some fraudulent application or tax return information.14
This example is only one of many that you could find to debunk the “no fraud here” myth that many senior executives throughout the U.S. business community continue to embrace.
In reality, no organization is immune to fraud. Some organizations have less than others. But anyone in the anti-fraud profession will tell you that if a company, not-for-profit, or government agency says they have no fraud, they are either outright lying or hopelessly naïve.
• Myth #4: Fraud Is a Necessary Cost of Doing Business
Really? Can you imagine what the tens of thousands of former employees of Enron, WorldCom, Adelphia, Bear Stearns, and others would say to that?
You may say, “A large organization can afford a bit of fraud because they are financially sound, and it may cost more to catch the fraudsters than to write off the losses.”
The problem with this reasoning is that when the fraudsters know that you do not take action against “small frauds,” or educate their workforce about fraud, they are encouraged to attempt larger ones. If the organization has no firm policy for investigating and punishing known fraudsters, it is actually inviting dishonest people to steal. The eventual result will be that so-called small frauds eventually accumulate into major losses. And when that occurs and the news media find out about it, the reputational damage to the organization can be serious enough to drive away customers and incur scrutiny of government authorities that could seriously endanger the organization’s financial health.
• Myth #5: Implementing Controls and Training Is Costly
In reality, fraud losses are much costlier. If, as the ACFE has determined, your organization loses up to 7 percent of its revenue to fraud every year, you can do the math to calculate approximately how many actual dollars are lost to fraud each year. Even if the ACFE is off by, say, 25 percent for the sake of argument, your organization’s fraud losses probably still amount to a disturbingly high number.
And here is an additional perspective: The price of implementing the most effective anti-fraud controls—including financial controls, operational controls, physical security of inventory, employee training, hotlines, detailed fraud assessments, audits, and the like—would never amount to more than one-tenth the amount of money lost to fraud in a given year.
Remember
It is highly risky to assume that your organization is adequately protected against fraud. Even with the best controls in place, clever criminals will always find ways around them.
The Urgency of Detecting and Preventing Fraud
With your understanding about the enormity of the fraud threat, together with the above clarification of the definition of fraud, you now have a foundation for moving ahead into the nitty gritty of major types of fraud, as well as the motives of those who commit them and the proven techniques for detecting and reporting incidents of fraud.
As you can see from Exhibit 1.3, internal audits and controls play a key role in the detection of fraud. Unfortunately, because of their general lack of training in fraud detection, the role of internal auditors and other financial professionals in fraud detection is not as significant as it should be: detection by accident and by employee or outsider tip rank higher. That is one important reason why learning to detect and report fraud is among the overarching purposes of this workbook.
There is some good news. Many frauds can be prevented! There are many ways to detect and report fraud before it does serious damage to your organization’s reputation and financial health.
To make significant progress in fraud reduction, internal financial staff must play a decisive role in fraud detection. This workbook will provide solid guidance in how to use audit and other detection methods to discover fraudulent activity in your organization and when and how to report it so that senior management can determine whether to launch investigations of incidents of fraud or take other measures to rid the organization of fraud.
Exhibit 1.3 Initial Detection of Frauds by Owners/Executives
The sum of percentages exceeds 100 percent because in some cases respondents identified more than one detection method.
Source: ACFE 2008 Report to the Nation on Occupational Fraud and Abuse.
Remember
Employees play a crucial role in detecting incidents of misconduct. Experience shows that under the right circumstances, employees will report fraud before it gets out of hand. Equally important in reducing fraud risk are properly executed internal fraud audits and anti-fraud processes and procedures—all aimed at detecting fraud before it does significant financial or reputational damage.
Tone at the Top
You may have heard the term tone at the top in discussions about fraud or ethics. What does it mean, and why should you be concerned about it?
Tone at the top is best described as leading by good example. When top management of any organization lives by the standards of integrity and ethics that are set out in its Code of Conduct and, ideally an accompanying Anti-Fraud Policy, employees throughout the organization get the message that activities such as harassing co-workers, discriminating against minorities, engaging in conflicts of interest, and all types of fraud are strictly forbidden.
Another commonly used term for this is “Zero Tolerance” toward fraud. As long as management demonstrates its commitment to zero tolerance—without exception—there is a very good chance that employees throughout the ranks will conduct themselves in a similar way.
By contrast, consider the situation where the top bosses say they believe in ethics, but routinely award lucrative contracts to businesses in which they have a conflicting financial interest or falsify financial documents to persuade bankers to lend the organization money or accept kickbacks from vendors who are not well-equipped to deliver the goods or services needed by the organization.
Put another way, a company with good tone at the top is one whose top executive team and board of directors walk the talk with regard to integrity, honesty, and commitment to zero tolerance of unethical or criminal conduct. In this type of company, the doors of the management team are always open to employees at all levels to report or ask questions about fraud and ethical issues. In these companies, management’s commitment to employees is openly demonstrated by taking modest bonuses and rewarding excellence and creative thinking throughout the employee population. Management’s insistence on unconditional adherence to high standards of ethical conduct is exemplified by swift and decisive investigative and disciplinary action whenever instances of fraud do become known.
By contrast, Enron was an extreme example of an organization with negative tone at the top. There, executives set the example of abject disregard for responsible corporate leadership, greed, contempt for ethics, and habitual violation of major regulatory and legal standards. Unfortunately, similar behavior is still hitting the headlines almost every day.
Remember
Management and the board must walk the talk regarding the organization’s values and integrity. Lip service is deadly.
Review Points
• History of fraud. Fraud has been around from the beginning of time. But the world has gotten better at catching the bad guys over the centuries. Nonetheless, the problem persists, making it necessary for you to inform yourself about the current forms of fraud and how to prevent them.
• Definitions of fraud. There are several, but some are more accurate than others.
• Statistical picture of fraud. The numbers do not lie: Fraud is a huge worldwide problem—for all organizations.
• Myths about fraud. It is easy to become complacent about fraud, but this can be very costly.
• Main types of fraud. There are more ways than anyone could imagine by which fraudsters ply their trade.
• How fraud is detected. The main way is by tips from employees and outsiders. But internal auditors and financial managers can enhance their ability to detect fraud.
Chapter Quiz
True or False:
1. The average percentage of annual revenue lost to fraud for organizations is 7 percent.
2. The most common method by which fraud is detected is tips.
3. Financial managers in most organizations are well trained in fraud.
Circle the correct answer to the following questions:
4. The average amount of money lost to fraudulent financial reporting fraud is
a. $100,000
b. $1 million
c. $ 2 million
d. $ 5 million
5. The new U.S. law enacted to prevent financial statement fraud is the
a. Securities Act of 1933
b. COSO Act of 1985
c. Sarbanes Oxley Act of 2002
