Kenneth G. Dixon
School of Accounting
LEARNING FROM WORLDCOM:
IMPLICATIONS FOR FRAUD DETECTION
THROUGH CONTINUOUS ASSURANCE
J. Randel Kuhn, Jr.
University of Central Florida
Steve G. Sutton
University of Central Florida
University of Melbourne
Kenneth G. Dixon
School of Accounting
Purpose of the Study
• To examine the key methods of fraud utilized by the
management at WorldCom and to demonstrate how
the use of established principles of analytic
monitoring could be used to detect fraud executed
through normal operating transactions.
• To demonstrate integration procedures for the
prescribed monitoring in an SAP-based enterprise
systems environment similar to WorldCom’s.
• To highlight the intractable monitoring problem
presented by the myriad of loosely connected legacy
systems feeding into WorldCom’s consolidated SAP
system.
Kenneth G. Dixon
School of Accounting
Contribution to Continuous
Audit Research
• Provides detailed understanding of how
continuous assurance techniques explored in the
research literature can be applied to effectively
identify fraud in a known fraud situation.
• Moves the literature on continuous audit modules
forward by addressing the complexities of
implementation within a standardized enterprise
software environment.
• Addresses the realities and risks associated with
large numbers of disparate legacy systems.
Kenneth G. Dixon
School of Accounting
Fraud Strategies at WorldCom
• Categorize operating expenses as capital
expenditures.
• Reclassify acquired MCI assets as goodwill.
• Include future company expenses as write-downs
of acquired assets.
• Manipulate the bad debt reserve calculations.
Kenneth G. Dixon
School of Accounting
Continuous Assurance Framework
• Traditional attestation framework provides only a
snapshot of the financial reporting system, thus
inhibiting timely decision-making and limiting
audit scope.
• Continuous auditing addresses these faults by
immediately identifying irregularities, increasing
audit coverage, and functioning remotely.
Kenneth G. Dixon
School of Accounting
Continuous Assurance Framework
• Early work by Groomer and Murthy (1989) and
Vasarhelyi and Halper (1991) laid the foundation
for continuous auditing research.
• The three phases of continuous auditing are:
1. Measurement – key management reports (e.g. financials)
2. Monitoring – comparison to metrics and error notification
3. Analysis – auditor review of alarms and investigation
• Nature of auditing transforms from substantivebased test of details approach to auditing by
exception.
Kenneth G. Dixon
School of Accounting
Framework
Alarms
External Information
To Other Stakeholders
Monitoring
Analytics and
Exception Reporting
Audit Exceptions
Internal and External
Monitoring Metrics
To Operations
Corporate Strategic and
Tactical Metrics
Scorecard
Monitoring IT Structure
Corporate IT structure incorporating,
legacy, ERPs, middleware, and Web
Internal Information
Obtained from Vasarhelyi working paper, Rutgers University.
Kenneth G. Dixon
School of Accounting
System Architecture
• The integrated platforms and automated
business processes of ERP applications enable
effective use of continuous auditing procedures.
• WorldCom utilized an SAP R/3 enterprise system
to process business transactions and produce
consolidated financial statements.
Kenneth G. Dixon
School of Accounting
System Architecture
• Two continuous auditing system architecture
models exist in research literature:
1. Monitoring and Control Layer (MCL)
2. Embedded Audit Module (EAM)
• MCL uses an independent server controlled by
the auditor that receives scheduled data
interfaces from the client’s enterprise system (i.e.
near real-time) and is analyzed against a set of
rules.
Kenneth G. Dixon
School of Accounting
System Architecture
• EAM functionality/logic is embedded into the
client’s system and operates real-time.
• MCL represents the least intrusive, most efficient,
and more independent alternative; especially in a
resource-constrained SAP environment.
• Data extraction for MCL can occur via either
BAPI with RFC or direct extraction from table
data (e.g. GLPCT/GLPCA).
Kenneth G. Dixon
School of Accounting
Continuous Audit Data Flow (MCL)
SAP R/3
(GLPCA/GLPCT)
Continuous Extraction via RFC
Extractor
Relational
Database
Data Testing
Alerts
CA Analyzer
(with rule-set)
Exception
Report
Auditor
Kenneth G. Dixon
School of Accounting
CA Analyzer Rule-Set #1
Fraud:
Categorize operating expenses as capital expenditures.
Detection Measure:
Compare ratios of Operating Expenses to Sales Revenue and
Capital Expenditures to Sales Revenue to industry averages.
Analytic Metric:
IF OpEx to Sales ratio is > 2% below .93 AND CapEx to Sales ratio
is > 5% above .15, THEN create alert.
Note: WorldCom’s 12/31/01 OpEx/Sales and CapEx/Sales ratios were .90 and .22
exceeding the threshold by $946m and $585m, respectively.
Kenneth G. Dixon
School of Accounting
CA Analyzer Rule-Set #2
Fraud:
Reclassify acquired MCI assets as goodwill.
Detection Measure:
Identify significant changes to asset and goodwill accounts.
Analytic Metric:
IF Property, Plant, and Equipment and Goodwill account balances
increase or decrease by > .01% from the last extraction, THEN
create alert.
Note: WorldCom Goodwill balance as of 12/31/01 was $50.5b. A .01% change would
have been $5.05m. Actual account balance change for the year was $3.9b.
Kenneth G. Dixon
School of Accounting
CA Analyzer Rule-Set #3
Fraud:
Include future company expenses as write-downs of acquired assets.
Detection Measure:
Compare operating profit (i.e. revenue – operating expenses) to
industry trend.
Analytic Metric:
Graph the monthly statistic of (revenue – operating expenses) for
the past 12 months. IF the slope of the trend (x=exp, y=rev) is positive,
THEN create alert.
Note: During the fraudulent years, the telecommunication industry experienced rising operating
costs in relation to revenue (i.e. consistent negative slope).
Kenneth G. Dixon
School of Accounting
CA Analyzer Rule-Set #4
Fraud:
Manipulate the bad debt reserve calculations.
Detection Measure:
Compare estimates of bad debt allowance to historical averages.
Analytic Metric:
IF the change in the ratio of Bad Debt Allowance to Accounts
Receivable is > 1% below last month’s figure, THEN create alert.
Note: A 1% decrease in estimate for WorldCom in 2001 would have resulted in a
revenue increase of $23m. WorldCom actually reduced the estimate by 1.4% from prior
year saving $87m in bad debt expense.
Kenneth G. Dixon
School of Accounting
Continuous Audit Data Flow (MCL)
SAP R/3
(GLPCA/GLPCT)
Continuous Extraction via RFC
Extractor
Relational
Database
Data Testing
Alerts
CA Analyzer
(with rule-set)
Exception
Report
Auditor
Kenneth G. Dixon
School of Accounting
Legacy System Complexities
• Disparate systems built on various technological
foundations complicate the design, use, and
maintenance of continuous auditing applications.
• Auditing the consolidated financial system
provides only limited assurance.
• The nature of the data collection for the billing
process at WorldCom illustrates the complexity.
Kenneth G. Dixon
School of Accounting
WorldCom Billing Process
Billing #1
Billing #2
SAP R/3
(Revenue & A/R)









Billing #30
Telephone Switches
Traffic Systems
Legacy
Billing Systems
Kenneth G. Dixon
School of Accounting
Importance of the Study
• Demonstrates how a reasonable and practical
implementation of continuous assurance would
have detected a major fraud.
• Emphasizes practicality of implementation in an
enterprise systems environment.
• Recognizes the inherent complexities of
continued use of legacy systems and the related
risk in any financial audit.
Kenneth G. Dixon
School of Accounting
Implications for Future Research
• Continuous audit is possible, but what are the
challenges facing a comprehensive
implementation?
 Cost?
 Consumption of system resources?
 Scalability?
 Maintainability of comparison data/trends?
Kenneth G. Dixon
School of Accounting
Implications for Future Research
• What are the organizational and human
issues involved?
 Perceptions of trust?
 Gaming behavior?
 Human interpretation and use of data?
 Information processing biases?
 Information overload?
Kenneth G. Dixon
School of Accounting
LEARNING FROM WORLDCOM:
IMPLICATIONS FOR FRAUD DETECTION
THROUGH CONTINUOUS ASSURANCE
J. Randel Kuhn, Jr.
University of Central Florida
Steve G. Sutton
University of Central Florida
University of Melbourne