Fraud 101
Financial Fraud
MGT 506-1
Course Overview
2
Fraud Quiz
How many public companies over the last five years had to
restate their financial statements due to material accounting
irregularities?
1,000
Historically, what percentage of CFOs report that the CEO has
pressured them to misrepresent accounting?
56%
A business school study showed what percentage of CEO
participation in SEC enforcement actions involving fraud?
70%
What percentage of SEC enforcement actions involving fraud
were perpetrated by senior management?
90%
3
Fraud Quiz (2)
According to government and private studies, how much
does the average company lose – in terms of
percentage of revenue – to fraud and abuse?
Illustration: Manufacturing Company A has $100 million
revenues earns $30 million per year. Comparable
companies sell at 4x EBITDA
1. What is 6% of Company A’s revenues?
2. What is the potential uplift if all fraud could be
eliminated?
3. What is the potential percentage increase in earnings?
4. What is the potential uplift in enterprise value?
4
So, What Is Fraud?
 Black’s Law Dictionary
 Intentional perversion of truth
• False representation of a matter of fact
• Whether by words or conduct
• False, misleading, concealment of that which should have
been disclosed
 For the purpose of inducing another
 In reliance upon perversion of truth
 To part with some valuable thing belonging to him or to surrender
a legal right
5
So, What Is Fraud?
Black’s Law Dictionary:
“An intentional perversion of truth for the purpose of
inducing another in reliance upon it to part with some
valuable thing belonging to him or to surrender a legal
right; a false representation of a matter of fact, whether
by words or by conduct, by false or misleading
allegations, or by concealment of that which should have
been disclosed, which deceives and is intended to
deceive another so that he shall act upon it to his legal
injury.”
6
Perspectives On Fraud:
Prosecutors, Regulators & Lawyers
By the Corporation
Against the Corporation
 Corporation as “victimizer”
 Corporation as victim
 Corporation benefits:
 Corporate risks:
• Financially
• Financial
• Other
• Legal, and
• Reputation
 Corporation subject to
potential civil and/or
criminal liability
 Potential civil recovery by
Corporation
7
Perspectives On Fraud:
Bad Fraud & Good Fraud
“Bad” Fraud
“Good” Fraud
 Acquirer Overpays
 Acquirer Underpays
 Earnings management
 Misconduct that if
discovered, reduces costs
and increases earnings
• False revenue
recognition schemes
• Costs and expenses
schemes
• Understatement of
liabilities
 Illegal conduct
• Liability for past conduct
• Impact upon future
earnings
8
Perspective On Fraud:
Post-Sarbanes
9
Perspective On Fraud:
Post-Sarbanes
Legal & Regulatory Risk:
• U.S., state and foreign law
• Sarbanes-Oxley
• Final SEC Rules
• FCPA et. al.
• SAS 99
Financial Risk:
• U.S. Dept of Commerce/ACFE: Average U.S. company
loses equivalent of 6% of revenues to fraud
• 6% of Revenue = ?
• Cost savings opportunities and potential – despite
statistical exaggeration
Reputation Risk:
• Management
• Audit Committee
•
10
Audit
• Internal Audit
• External Audit
Roles, Responsibilities, Stakeholders
Management
• C-Suite
• Business Leaders
• General Counsel, Ethics & Compliance
The Board/Audit Committee
• Oversight of prevention/mitigation
• Supervision of special investigations
Auditors
• External Auditor – “Integrated Audit”
• Internal Audit
• External Audit
Government
• Congress
• SEC
• PCAOB
• Other Regulators
• Federal and State Prosecutors
11
Fraudulent Financial Reporting a/k/a
“Earnings Management”, a/k/a “Cooking
The Books”
 Improper Revenue Recognition
 Overstatement of Assets
 Understatement of Liabilities
 Management Disclosure & Analysis Fraud
12
Common Revenue Recognition Schemes
 Premature Revenue Recognition
• Side agreements
• Liberal return of product
• Channel Stuffing
 Fictitious Revenue Recognition
• Fictitious sales
• Round tripping
 Construction Related Schemes
 Sham related party transactions
13
Common Overstatement Asset Schemes
 Cash Balance Schemes
 Inventory Schemes
• Inflating quantity
• Inflating value
 Accounts Receivable Schemes
• Creating fictitious receivables
• Artificially inflating value of receivables
 Investment Schemes
• Fictitious investments
• Overstating value of investments
14
Common Understatement of Liability
Schemes
 Improper Capitalization of Expenses
• Software development
• Research and development
• Start Up Costs
 Improper Expensing of Capitalized Costs
 Off Balance Sheet Entity Schemes
 Overstatement of Liability Reserves (“Cookie Jar”
Reserves)
15
Common Misappropriation of Assets
Schemes
 Cash
• Theft of cash receipts
• Unrecorded/understated sales or receivables
• Lapping
 Fraudulent Disbursements
 Payroll
 Inventory
 Fixed Assets
16
Expenditures For An Improper Purpose
 Payments to Government Officials
• Domestic payments
• Political Campaign Violations
• FCPA bribery payments
• FCPA “books and records” violations
 Commercial Bribery
17
Assets/Revenue Obtained By Fraud
Fraud Against Employees/Joint Venture Partners
 Fraud Against Suppliers
 Fraud Against Customers
• Government
• Commercial parties
• Consumers
 Sample Schemes
• Antitrust
• Defective pricing
• Shipment of damaged goods
18
Expenses Avoided By Fraud
 Tax Crimes
• Failure to Pay
• False Statements
• Evasion
 Fraud Against Suppliers & Customers
 Improper Labor Practices
 Environmental, Health & Safety Violations
 Money Laundering
19
Senior Management Fraud
 Use of Corporate Assets to Commit Illegal Conduct
 Insider Trading
 Unauthorized Compensation
 Failure to Pay Taxes
 Travel Expense Fraud or Abuse
 Receipt of Free or Below Market Goods and Services
From Vendors, Suppliers, Etc.
 Related Party Transactions
 Conflicts of Interest
 CV and Academic Deception
20
The Legal Landscape: Reactive to
Proactive
 1970’s & Before: Standard Reactive Approach
• Federal: Mail & Wire Fraud, SEC Fraud
• State: General Business Fraud Statutes
• Inchoate Crimes: Conspiracy/Aiding & Abetting
• Corporate Criminal Liability
• Beginning of Corporation As Cop: CTRs
 1980’s – 1990s: Shift Toward Proactive
• Organized Crime Techniques Applied to Economic Crime
• More Specialized Criminal Legislation
– RICO
– Money Laundering Statute
• Corporate As Cop Continues: SARs
21
The 21st Century Landscape
 Civil and Criminal Legislation
• FCPA
• Patriot Act
• Sarbanes-Oxley Act of 2002
 Rules & Regulations
• SEC Final Rules for Implementation of Sarbanes-Oxley
• SEC Audit Committee Rules
• U.S. Sentencing Guidelines
• SEC Accounting Bulleting (SAB) 99
 Professional Standards
• COSO I
• Statement of Auditing Standards (SAS) 99
• Public Company Accounting Oversight Board Standards For
Integrated Audit
• Institute for Internal Auditors (IIA) Standards
• ABA Rules for Professional Responsibility
22
2004 Hot Topic: Prevention and Timely
Detection
What Are The Elements of An Effective
Antifraud Program?
23
2004 Hot Topic: Prevention and Timely
Detection
 Final SEC Rules Require “Antifraud Programs & Controls”
 Independent Auditor Evaluates and Tests on Annual Basis
 Also Relevant to Private Company, Particularly If
Organization
• Aspires to Best Practices
• Anticipates Public Debt Offering, IPO or Sale to Public
Company
24
Snapshot of New Rules & Standards
 Migration From Federal Sentencing Guidelines to COSO
• FSG: Define 7 Criteria of Effective “Compliance” Program
• COSO: Define Effective “Controls”
 Final SEC Rules
• Management’s Assessment of Internal Controls Must Consider
Fraud Prevention and Detection Controls
 SAS 99
• Requires Fraud Auditing If Antifraud Controls Do Not
Adequately Mitigate Fraud Risk
 Proposed PCAOB Standard
• Evaluation/ Testing of Design and Operating Effectiveness of
Antifraud Programs and Controls (¶24)
• Mandatory Significant Deficiency If Internal Audit or Risk
Assessment Is Inadequate, of If Senior Management Engages
in Fraud of “Any Magnitude” (¶126)
25
Applying The COSO Framework
 Control Activities
• Linking controls to
identified fraud risks
 Information/Communication
 Control Environment
• Code of conduct/ethics
• Ethics hotline
• Hiring and promotion
• Information systems &
technology
• Knowledge management
• Training
 Monitoring
• Audit committee
oversight
• Investigative process
• Remediation
 Fraud Risk Assessment
• Systematic process
• Level within organization
• Likelihood and
significance
26
• Ongoing monitoring by
management
• Separate “after the fact”
evaluations by internal
audit
Special Emphasis Is Placed
On The Control Environment
 Codes of Conduct / Ethics
• Must Meet Requirements
of Final SEC Rules
• Should Apply to All
Accounting and Financial
Oversight Personnel
• Must Be Communicated
Effectively
 Whistleblower Hotlines
• Must Meet Requirements
of Final SEC Rules
• Audit Committee
Oversight and
Independent of
Management
 Hiring and Promotion
Procedures
• Background
Investigations for Persons
of Trust
• Also Consider Process for
Agents, Vendors, Etc.

Audit Committee Oversight
• Passive Not Adequate
• Active Discussion of
Fraud
 Investigation / Remediation
• Standard Investigative
Process
• Adequate Remediation to
Prevent Recurrence
27
Companies Must Now Specifically
And Explicitly Assess Fraud Risk
 Systematic Rather Than Haphazard or Informal
 “Scheme and Scenario” Approach
 Address
• Financial reporting
• Misappropriation of assets
• Expenditures and liabilities for improper purposes
• Fraudulently obtained revenues and assets, and costs and
expenses avoided by fraud
• Fraud by senior management
 Extend to Business Unit and Significant Account Levels
 Likelihood: Identify Fraud Risks That Are “More Than Remote”
 Significance: Identify Fraud Risks That Are “More Than
Inconsequential in Amount”
 Consider Risks of Management Override
28
Linking Control Activities To
Fraud Risk Assessment
 Management Should Identify Processes, Controls, and
Other Procedures That Are Needed to Mitigate Identified
Risks
 Should Occur Throughout Organization, at All Levels and
in All Functions
 Very Broad, e.g., Approvals, Authorizations, Verifications,
Reconciliations, Segregation of Duties, Reviews of
Operating Performance, Background Investigations,
Physical Security
29
Sample Tools: Incentives Inventory
Incentives
Pressure
ENTITY LEVEL
Board
Audit committee
CEO
In-house
counsel
CFO
BUSINESS UNIT
A
President of BU
A
Controller of BU
A
BUSINESS
PROCESS REVENUE
VP of Sales
30
Attitudes/
Rationalizati
on
Opportunity
to Commit
Potential
Scheme
Sample Tools: Opportunities Inventory
Financial
Statement
Fraud
Misappropriation
of Assets
Board
Senior
management
Management Unit A
 Treasury cycle
 Revenue cycle
 Purchasing cycle
 Investments
cycle
 Inventory cycle
 Payroll cycle
Management Unit B
31
Expenditure &
Liabilities for
an Improper
purpose
Revenue and
Assets Obtained
By Fraud
Financial
Misconduct By
Senior Mgmt
Sample Tools: Fraud Risk Matrix
Description of
Fraud Risk
(from Incentives
and Opportunities
Inventories)
Likelihood
(Remote, More Than
Remote, Reasonably
Possible, Probable)
Significance
(Inconsequential,
More Than
Inconsequential,
Material)
32
Preventive Control
Activity
Detective Control
Activity
Information and Communication
 Information Systems & Technology Controls
• Technology enabled fraud , e.g., holding books open
• Prevention and detection of unauthorized access
• Inappropriate modification of computer programs
• System override
• Ability to investigate computer misuse
 Knowledge Management
• Identified fraud risks

• Strengths and weaknesses of antifraud control activities
• Suspicions and allegations about fraud; and
• Remediation efforts.
Training
• Frequency
• Scope and sufficiency
33
Fraud Monitoring and Auditing
 Management: On-going, Day to Day Monitoring
• Embedded into normal operating activities
• Includes regular management and supervisory activities
• Should leverage available information technology
 Internal Audit: Separate, After-the-Fact Evaluation
• Scope and frequency contingent upon risk and effectiveness of
ongoing monitoring
• Must address fraud risk in planning and executing internal
audit cycle
• IA must include knowledgeable and experienced fraud
professionals
• Fraud auditing is different than forensic investigation
34
Fraud Auditing Is Different From Fraud
Investigation
Determination by Area
Determination by Scheme
Determine area of
operations at risk
Determine schemes to
which you are most
vulnerable
Identify potential
fraud schemes
Identify units/processes
where schemes most
likely to occur
Identify red flags and indicators associated with schemes
Build audit steps to search for indicators: Analytics, External and Internal
Interviews, Tests of Details, Computer Assisted Auditing Techniques
Conduct further inquiry if red flag is detected or suspected
35
Next Week: Improper Revenue Recognition
Team Assignments:
 Team A– Xerox
 Team B– Lernout & Hauspie
 Team C– Dynergy
 Team D –Qwest Communications
 Team E – Royal Ahold
Components:
 Describe Fraud Scheme & Resolution With Illustration.
 How Was It Detected?
 What Went Wrong, e.g.No Controls / Circumvention / Override?
 How Can This Type of Scheme Be Prevented or Timely
Detected?
36