![Fraud Auditing [PDF]](https://pdfs.asia/img/200x200/fraud-auditing-p64ef294a8c40a.jpg)
16 0 665 KB
Managerial Auditing Journal Fraud auditing Rocco R. Vanasco
Article information: To cite this document: Rocco R. Vanasco, (1998),"Fraud auditing", Managerial Auditing Journal, Vol. 13 Iss 1 pp. 4 - 71 Permanent link to this document: http://dx.doi.org/10.1108/02686909810198724 Downloaded on: 03 March 2015, At: 06:10 (PT) References: this document contains references to 405 other documents. To copy this document: [email protected] The fulltext of this document has been downloaded 11193 times since 2006*
Users who downloaded this article also downloaded:
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
William Hillison, Carl Pacini, David Sinason, (1999),"The internal auditor as fraud-buster", Managerial Auditing Journal, Vol. 14 Iss 7 pp. 351-363 http://dx.doi.org/10.1108/02686909910289849 Harold Hassink, Roger Meuwissen, Laury Bollen, (2010),"Fraud detection, redress and reporting by auditors", Managerial Auditing Journal, Vol. 25 Iss 9 pp. 861-881 http://dx.doi.org/10.1108/02686901011080044 Rani Hoitash, Ariel Markelevich, Charles A. Barragato, (2007),"Auditor fees and audit quality", Managerial Auditing Journal, Vol. 22 Iss 8 pp. 761-786 http://dx.doi.org/10.1108/02686900710819634
Access to this document was granted through an Emerald subscription provided by 294800 []
For Authors If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services. Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. *Related content and download information correct at time of download.
Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Rocco R. Vanasco Director, Center for Internal Auditing Studies, National-Louis University, Chicago, Illinois, USA This paper examines the role of professional associations, governmental agencies, and international accounting and auditing bodies in promulgating standards to deter and detect fraud, domestically and abroad. Specifically, it focuses on the role played by the US Securities and Exchange Commission (SEC), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the Institute of Management Accountants (IMA), the Association of Certified Fraud Examiners (ACFE), the US Government Accounting Office (GAO), and other national and foreign professional associations, in promulgating auditing standards and procedures to prevent fraud in financial statements and other white-collar crimes. It also examines several fraud cases and the impact of management and employee fraud on the various business sectors such as insurance, banking, health care, and manufacturing, as well as the role of management, the boards of directors, the audit committees, auditors, and fraud examiners and their liability in the fraud prevention and investigation.
Managerial Auditing Journal 13/1 [1998] 4–71 © MCB University Press [ISSN 0268-6902]
[4]
Introduction Fraud is an ever-present threat to the effective utilization of resources and hence will always be an important concern of management (Brink and Witt, 1982).
Chandler et al. (1995), in their article titled “Changing perceptions of the role of the company auditor, 1880-1940” believe that the problems facing the auditing profession today may stem from the ostensible obsession with fraud detection shown by some Victorian era practitioners. This obsession created an expectation gap among the public. Emphasizing fraud detection as the primary audit objective lasted until the 1930s, when the principal audit objective became the verification of the accounts. According to the 1921 edition of Spicer and Pegler’s Practical Auditing, the principal reason for instituting an audit are to detect fraud and errors. Walker (1993) observed that auditors have become less interested in detecting fraud. There is evidence that auditors do not regard the reporting of significant audit observations to stakeholders as an integral part of the audit and accept no responsibility for the audited financial statements. In general they are not overly concerned with detecting fraud and errors. In the late 1940s, the external auditors did not assume a direct responsibility for fraud because of their inability to detect fraud involving unrecorded transactions, theft, and other irregularities. This was done to shield accounting firms from lawsuits holding them responsible from frauds (Brink and Witt, 1982). Fraud has attracted the attention for scholars, investigators, auditing and accounting associations, and government agencies, nationally and internationally. Fraud’s many definitions include those given below. Prosser (1971) describes the elements of fraud as follows: • false representation of a material fact; • representation made with knowledge of its falsity; • a person acts in the representation; and • the person acting is damaged by his/her reliance.
For Elliot and Willingham (1980), financial fraud is the “deliberate fraud committed by management that injures investors and creditors through materially misleading financial statements.” The Institute of Internal Auditors (1985), in its SIAS No. 3, Deterrence, Detection, Investigation, and Reporting of Fraud, has referred to fraud as encompassing “an array of irregularities and illegal acts characterized by intentional deceptions. It can be perpetrated for the benefit or the detriment of the organization.” The National Commission on Fraudulent Financial Reporting (1987) defines fraudulent financial reporting as an “intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.” The American Institute of Certified Public Accountants (1988), in its SAS No. 53, The Auditor’s Responsibility to Detect and Report Errors and Irregularities, introduced the term irregularities to describe intentional misstatement of financial statements (management fraud) and theft of assets (employee fraud). Sawyer (1988) views fraud as a false representation or concealment of material fact to induce someone to part with something of value. For Arens and Loebbecke (1994), fraud occurs when “a misstatement is made and there is both the knowledge of its falsity and the intent to deceive.” For Wallace (1995), fraud is “a scheme designed to deceive; it can be accomplished with fictitious documents and representations that support fraudulent financial statements.” For Flesher (1996), fraud means “dishonesty in the form of intentional deceptions or a willful misrepresentation of fact.” For Albrecht (1996a), every fraud consists of three elements: 1 theft act which involves taking cash, inventory, information, or other assets manually, by computer, or by telephone; 2 concealment which involves the steps taken by the perpetrators to hide the fraud from others; and 3 conversion which involves selling or converting stolen assets into cash and then spending the cash.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Fraud rulings on management’s and auditors’ liability are of great concern to boards of directors, audit committees, management, independent auditors, internal auditors, fraud examiners, and regulatory agencies. The American Association of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the Association of Certified Fraud Examiners (ACFE), and other regulatory agencies have taken bold steps in condemning fraudulent and unlawful acts in their regulations, codes of conduct, and auditing standards. Several frauds reported in the last few decades have led the government and the auditing profession to rethink and re-engineer their audit tools and procedures to safeguard corporate assets better. Furthermore, the cost of litigation of fraud cases has created a new wave of scandals and the auditors’ liability has skyrocketed in billions of dollars as attested from the following events: • An editorial in Fortune (1978) reported that increased time pressure has led independent auditors to do a sloppy job in their audits. Out of 1,100 practitioners, 58 percent had indicated that they had signed off on a required audit step without completing the work or noting the omission. • Thornhill (1985) observed that the US military is defrauded by US$500 million to US$1 billion a year by unscrupulous contractors. • The Institute of Financial Crime Prevention (1986) reported that situation pressures, opportunities to commit fraud, and personal integrity are the three variables influencing the likelihood of fraud. Of all internal thefts 80 percent are committed by one employee acting alone. • Thomas (1990a) reported that fraud has caused billion dollar losses to financial institutions and greatly increased the number of lawsuits. The Lincoln Savings and Loan Association and the so-called “Keating five” lost US$2.3 billion in 1990s second quarter. The 2,500 S&Ls posted US$271 million in losses in the first quarter of 1990. Rankin (1990) also reported that two of the Big Six firms face over US$13 billion in damages from related lawsuits. • Schmedel and Berton (1992) reported a tax scandal in the Wall Street Journal concerning the Resolution Trust Corporation, a federal thrift cleanup agency, which filed a US$400 million civil suit against Arthur Andersen & Co. claiming that the accounting firm was negligent in auditing the collapsed Benjamin Franklin Savings Association. Andersen Consulting had failed to withhold Colorado’s income tax from the pay of 35 nonresident employees. As part of the civil settlement, Andersen paid
•
•
•
•
•
Colorado nearly US$1 million in taxes, penalties, and investigation costs. Based on information from the US Chamber of Commerce, Davia et al. (1992) estimated that the cost of fraud in the USA exceeds US$100 billion dollars annually. They wonder whether or not anyone is “watching the store.” KPMG Peat Marwick surveyed the 2,000 largest companies in the USA to assess the extent of fraud in US corporations (1993). These include manufacturers, insurance companies, health care organizations, utilities, and consumer products companies. Of the 330 responding companies, 26 percent acknowledged that they had experienced fraud during the previous 12-month period. The average cost to the company was US$200,000 per incident. The Wall Street Journal (1994a) reported that Montedison, the Italian food and chemical group, filed a suit against its former auditor Price Waterhouse, Italy, seeking damages of more than one trillion lire (US$610 million). The suit seeks to recoup losses stemming from alleged “serious negligence” in Price Waterhouse’s accounting from 1983-1992. Schmitt and Berton (1994) reported in The Wall Street Journal that Deloitte agreed to pay US$312 million to settle US claims related to S&L failure. The 18 pending lawsuits were seeking over US$14 billion for theft-related work in the 1980s. The accounting firm also agreed to provide training and supervision for partners auditing financial statements. Gardner (1996) reported in The White Paper that GAO has estimated that total year loss to Medicare because of fraud and abuse is approximately US$47 billion, or 10 percent of total Medicare spending.
In 1988, Berton reported in The Wall Street Journal that the malpractice claims against the accountants totaled US$1 billion; by including the charges brought under RICO cases, it would add up to US$4 billion in claims. In 1992, it was estimated that there were about US$30 billion in damage claims facing the profession as a whole. On 6 August 1992, the Big Six firms, overwhelmed by the cost of litigation of cases claiming auditors’ malpractice, issued a Statement of Position entitled The Liability Crisis in the United States: Impact on the Accounting Profession. The statement requests a substantive reform of both federal and state liability laws, specifically the replacement of joint and several liability with a proportionate liability. It states: While other serious problems must also be addressed, the principal cause of
[5]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
unwarranted litigation against the profession is joint and several liability, which governs the vast majority of actions brought against accountants at the federal and state levels. The profession is merely asking for fairness – the replacement of joint and several liability with a proportionate liability standard that assesses damages against each defendant based on that defendant’s degree of fault. Proportionate liability will help restore balance and equity to the liability system by discouraging suits and giving blameless defendants the incentive to prove their cases in court rather than settle.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The chairman and senior partner at Price Waterhouse warned that runaway litigation seriously undermines the ability of the financial reporting system to provide information that supports competitive decision making by US companies. Unrealistic expectations and the risk-shifting liability system have combined to create a situation in which auditors are viewed as absolute guarantors against fraud, failure, and financial ruin. Unwarranted litigation and forced settlements account for the vast majority of claims against auditors pose a grave threat to the health of many businesses and professions (O’Malley, 1993a). Berton (1992a), in his editorial entitled “Holding accountants accountable,” discourages the notion of “safe harbor” for accountants since it might be an open door for their negligence. Such safe harbor may hurt their reputation by conveying to the public that they want audit fees without the commensurate responsibilities. Lee (1992), in his editorial entitled “The audit liability crisis: they protest too much,” believes that the contention of the Big Six US audit firms on curving unwarranted litigation is plain: They are being extorted by an unfair legal system, and if the public expects their continued services, the system must be changed so as not to interfere with the maximization of their profits. The statement ignores a very real audit crisis, involving enormous corporate failures and frauds, especially in banking and insurance. Auditors have been found “guilty in court, have been censored by regulators, and have had their licenses suspended in some states, yet the Big Six appear obsessed with their economic entitlement as a virtual monopoly and clueless as to their need to raise their professional standards.
Barron et al. (1977) conducted a nationwide survey to elicit views within the financial community on two major issues: 1 the auditor’s responsibility for detecting corporate irregularities and illegal acts; and 2 the auditor’s responsibility for disclosing irregularities and illegal acts.
[6]
The survey demonstrates an “expectation gap” between auditors and other segments of the financial community about the duty to discover deliberate material defalcations of the financial statements. It also shows an “expectation gap” between auditors and bankers and financial analysts with respect to a number of possible auditor disclosures. Lowe and Pany (1993) surveyed 141 members of a municipal court jurors pool and 78 auditors from a large international accounting firm to assess their attitude toward the auditing profession. The result of the study reveals an “expectation gap.” The jurors view the auditor’s role as that of a public watchdog or guardian to the extent of expecting the auditor to actively search out the smallest fraud. Auditors disagree with this characterization of their task. Epstein and Geiger (1994) conducted a nationwide survey of stock investors which revealed a startling evidence of the “expectation gap” between the assurances auditors provided on financial statements compiled by management and the expectation of investors and other users of financial statements. Over 70 percent of the 246 investors surveyed believe that auditors should be held responsible for detecting material misstatements due to fraud, and some 47 percent expect auditors to provide absolute assurance that financial statements contain no material misstatement due to errors.
Part I: Fraud and the law In the last few decades, a plethora of fraud suits have been filed under the Securities Acts, the Racketeer Influence and Corrupt Organizations Act (RICO), and Common Law, some of which will be examined below.
The role of the securities and exchange commission Auditors must recognize their responsibility to the public investors by including management activities in their review (SEC, 1940).
To protect users of financial statements, many of whom suffered great losses in the 1929 stock market crash, the Securities and Exchange Commission (SEC) adopted the 1932 New York Stock Exchange rule requiring all companies, whose stock was listed by the Exchange, to furnish their shareholders audited financial statements at least annually. The SEC has been very active in protecting the public interest since its inception and has questioned the role of the auditing and accounting profession when faced with materially misstated financial statements in
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
violation of the securities laws. The SEC has not hesitated to prosecute corporations and auditors in several cases of fraudulent financial statements. The SEC’s proceedings are based on the following 1933 and 1934 securities laws. Section 11(a) of the Securities Act of 1933 states that both the company filing the registration and its auditors may be held liable to the initial purchasers of the securities in the event that the registration statement is found to contain material misstatements or omission. The Securities Exchange Act of 1934 expands coverage to subsequent purchasers and sellers of stock. For many years, the accountants’ liability for issuing unqualified opinions on misstated financial statements seems to be under Section 18 of the 1934 Act which states: Any person who shall make or cause to be made any statement in any application, report, or document filed pursuant to this title … which statement was at the time and in the light of the circumstances under which it was made false or misleading with respect to any material fact, shall be liable to any person (not knowing that such statement was false or misleading) who, in reliance upon such statement, shall have purchased or sold a security at a price which was affected by such statement, for damages caused by such reliance, unless the person sued shall prove that he acted in good faith and had no knowledge that such statement was false or misleading (11 USC 78, 1970).
For the SEC, financial statements are materially misstated if: a substantial likelihood exists that a reasonable shareholder would consider it important in making an investment decision or it would have significantly altered the total information mix available.
The following cases illustrate the SEC’s determination to curb fraudulent acts that injure the public interest. In 1939, the SEC conducted hearings which disclosed that the audited financial statements of McKesson & Robbins, Inc., a drug company listed in the New York Stock Exchange, contained US$19 million of fictitious assets, about one-fourth of the total assets shown in the balance sheet. The fictitious assets included US$10 million of nonexistent inventory. At that time, the standards did not require any observation of inventories. In 1940, the SEC issued Accounting Series Release (ASR) No. 19, In the Matter of McKesson & Robbins. In its release, the SEC suggested that auditors investigate the management of new clients and noted: • Numerous auditing procedures require strengthening inventory procedures.
• Auditors should be responsible for detecting gross misstatements whether resulting from collusion or otherwise. • Auditors must recognize their responsibility to the public investors by including management activities in their review. In the 1941 fraud case of United States v. White, the auditor was convicted of criminal fraud under Section 17 of the Securities Act of 1933 for his failure to disclose several instances of questionable accounting practices in connection with the registration statement (Boyton and Kell, 1996). In 1942, the SEC promulgated Rule 10b-5 which states: It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce or mail, or of any national securities exchange: • to employ any device, scheme, or artifice to defraud; • to make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statement not misleading; or • to engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person in connection with the purchase or sale of any security (17 CFR 240.10b5).
Under clauses (a) and (c) of Rule 10b-5, the courts may impose liability on directors, officers, and professional advisers for fraudulent acts that intentionally deceive a corporation’s existing and potential stockholders and creditors. Clause (b) does not specifically state that the untrue statement or omission of fact had to be made with the intention to defraud. No express statute of limitations applies to Rule 10b-5. Court cases in 1967 made it clear that privity was not required in 10b-5 cases (Wallace, 1995). In the fraud case of United States v. Benjamin, 328 F. 2d 824,863 (2d Cir. 1964), the auditor was convicted in a criminal action under Section 24 of the 1933 Securities Act for his failure to exercise due diligence that would have revealed misrepresentations in proforma financial statements used in conjunction with the sale of unregistered securities. On this matter, the court’s opinion states: In our complex society, the accountant’s certificate and the lawyer’s opinion can be instruments for inflicting pecuniary loss more potent than the chisel or the crowbar. Of course, Congress did not mean that any mistake of law or misstatement of fact should subject an attorney or an accountant to criminal liability simply because more skilled practioners would not have made them. But Congress equally could not have intended that men holding themselves out
[7]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
as members of these ancient professions should be able to escape criminal liability on a plea of ignorance when they have shut their eyes to what was plainly to be seen or have knowledge they did not possess.
In the fraud case of Fischer v. Kletz (known as Yale Express), 266 F. Supp. 180 (SDNY, 1967), the company issued financial statements which were materially misstated. They reported a net income of US$1,400,000 instead of a loss of US$1,254,000 and charged to retained earnings an additional US$629,000. The suit was filed under Section 182 of the 1934 Securities Act and Rule 10b-5. The court noted:
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The auditor has a duty to anyone still relying on his report to disclose subsequently discovered errors in the report. This duty exists regardless of the auditor’s lack of financial interest in any transactions to which the information relates. The obligation arises because of the auditor’s special relationship that provides access to the information.
The landmark fraud case Escott v. BarChris Construction Corporation (283 F. Suppl 643, 1968) represents a violation of Section 11 of the 1933 Securities Act. The plaintiffs claimed that the registration statement for debentures contained materially false statements and material omissions. The court’s opinion noted that: • the registration statement (Form S-1) was false and misleading; and • the CPA firm failed to comply with generally-accepted auditing standards (GAAS). The judge reprimanded the auditor for not exercising a skeptical attitude and stated that the auditor “was too easily satisfied with glib answers to his inquiries. But there were enough danger signals in the materials which he did examine to require some further investigation on his part.” The fraud case United States v. Simon, (425 F. 2d 796, 1969), known as the Continental Vending case, involved both criminal and civil proceedings against three CPAs. The US government’s case of fraud against the CPAs was initiated on the ground that the Continental’s audited financial statements were misleading. The finding by the jury that the balance sheet did not present fairly Continental’s financial position led to the conviction of the three CPAs. The auditors were found guilty, were fined US$17,000, and their licenses to practice as CPAs were revoked. The Equity Funding fraud caused a scandal in the business community. The Wall Street Journal (1974) reported that a financial vicepresident testified that he was ordered by the firm’s chairman to inflate the profits falsely. Robert Loeffler, the court appointed trustee of
[8]
Equity Funding, grouped the fraudulent activities into three categories: 1 the creation and inflation of assets in the balance sheet; 2 the borrowing of cash without recording the corresponding liability; and 3 the creation of phony insurance which was sold to other insurance companies. The fraud case of Hochfelder v. Ernst & Ernst, 503 F. 2d 1110 (1974), represents a violation of the Rule 10(b)-5 under the Securities Exchange Act of 1934. The suit was brought by a group of investors against the CPA firm that audited the First Securities Company of Chicago, a small brokerage firm. The president had persuaded the investors to mail him their personal checks for a fund from which he was to invest in escrow accounts yielding high returns to the investors. It was discovered later that no such escrow accounts with accounting records of the First Securities Company existed. The president had diverted the investors’ checks for his own use. In the United States v. Natelli, 527 F. ed 311 (1975), known as the National Student Marketing Corporation case, two auditors were convicted of criminal liability for failing to properly disclose the write-off of uncollectible accounts. The accompanying footnote failed to indicate that regular sales for 1968 were overstated 20 percent and actual net earnings were only 46 per cent of the reported earnings. The Court concluded that: • The treatment of the retroactive adjustment was done intentionally to conceal errors in the 1968 statements. • A professional cannot escape criminal liability on a plea of ignorance when they have shut their eyes to what was plainly to be seen. A 1976 decision by the US Supreme Court in Ernst & Ernst v. Hochfelder, 425 US 185, 96s ct 1375, 47 L Ed 2d 668 (1976), marked the end of the accountant’s liability for ordinary negligence under Section 10 of the 1934 Act. The Court stated: When a statute speaks so specifically in terms of manipulation and deception, and of implementing devices and contrivances – the commonly understood terminology of intentional wrongdoing – and when its history reflects no more expansive intent, we are quite unwilling to extend the scope of the statute to negligent conduct.
Based on the above court ruling, an auditor is no longer liable to third parties under Section 10(b) and Rule 10b-5 of the 1934 Act for ordinary negligence. The auditor has no liability in the absence of any intent to deceive or defraud.
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
In 1976, the SEC issued Accounting Series Release (ASR) No. 165. Whenever an audit change occurs, clients must report it in Form 8-K within the prior two years:
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
there were any disagreements with the former accountant on any matter of accounting principles or practices, financial statement disclosure or auditing scope or practice, which disagreement if not resolved to the satisfaction of the former accountant would have caused him to make reference in connection with his report on the subject matter of the disagreement.
In cases of management fraud, the auditor should resign from the audit engagement. In United States v. Weiner, 578 F. 2d 757 (9th Cir. 1978), three auditors of Equity Corporation of America were convicted after a jury trial of multiple counts of securities fraud and filing false statements with the SEC. The case involved the auditors’ failure to detect that US$2 billion of the company’s US$3.5 billion of assets were fraudulently obtained through computer-produced, bogus insurance policies. In addition to criminal convictions against the three auditors, five accounting firms paid US$44 million in damages. At Equity Funding, many employees knew about the fraudulent activities and even participated in the fraud (Boynton and Kell, 1996). In Cenco Inc. v. Seidman & Seidman, 686 F. 2d 449 (7th Cir. 1982), the defendants were charged with violating SEC Rule 10b-5 and several federal securities laws. The case dealt with the auditors’ failure to detect US$25 million inventory fraud perpetrated by top management. In this particular case, the judge made a distinction between management fraud and employee fraud: • Auditors are not detectives hired to ferret out fraud. • Auditors must investigate if they suspect fraud; but in this case, the former management made fraud difficult to detect because two executives turned the company “into an engine of theft against outsiders.” In 1984, the Wall Street Journal reported that the SEC challenged InterFirst’s claim of US$54 million in tax benefits from a net operating loss carry-forward. The SEC questioned the claim, which was supported by the InterFirst’s outside auditor, Arthur Andersen. Wallace (1995) observed that this is indicative of the close, advocate-type relationship depicted by the media between auditors and their clients, which emphasizes disagreements with regulators and government agencies. In 1990, Accounting Today reported that in an administrative proceeding, the SEC barred a big six public accounting firm from accepting any new SEC engagement in the
New York area for a 45-day period. The action was triggered by the finding of a SEC law judge that the firm engaged in “unethical and improper professional conduct” in two audits of US Surgical Corp, because it failed to: • exercise due care; • maintain the proper level of professional skepticism; and • resolve the serious question of client integrity before certifying the financial statements. The alleged misconduct resulted in the issuance of unqualified audit reports on statements that were incorrect for significantly overstating income. To deter auditors’ involvement in fraudulent financial statements, the SEC can initiate administrative proceedings against auditors under Administrative Rule 2(a) which states: The Commission may disqualify and deny, temporarily or permanently, the privilege of appearing or practicing before it to any accountant who: • does not possess the requisite qualifications to represent others; • is lacking in character or integrity; and • is engaged in unethical or improper professional conduct, willfully aiding and abetting the violation of any provision of the federal securities laws.
Sommer (1975) refers to a SEC chairman’s reasoning behind the issuance of injunctive proceedings against public accountants: Put very simply, when the Commission discerns that the auditor has not been alert to his duty, that he has gone through an exercise by rote, or that has not been true to the duty of fair presentation, then in my estimation, the Commission should properly authorize an action to enjoin the accountant from a repetition of those faults.
In 1991, the SEC investigated Guarantee Security Life Insurance Co., the brokerage firm of Merrill Lynch, and the auditors of Coopers & Lybrand regarding a malpractice of relatedparty transactions. In 1993, Price Waterhouse (PW) successfully fought off allegations of audit fraud brought by the SEC in a Southern District of New York bench trial. The SEC had alleged that PW violated and aided in the violation of antifraud provisions of the Securities Act of 1933 and the Securities Act of 1934 in auditing AM International for the fiscal year ending July 31, 1980. The court rejected the “SEC’s expertise on practically all contested accounting or auditing issues” and adopted a liability rule in an SEC injunction action most favorable to the accounting profession (Seamons, 1993). The most troublesome aspect of the auditing profession is that some companies can get away if they set their minds in perpetrating
[9]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
[ 10 ]
fraud even if a major accounting firm is monitoring the company’s books and annual reports. The SEC reported that in 1991 and 1992, four top executives at the former Jamaica Water Power of Purchase, New York, invented fake assets and overstated the value of others in order to sell stock and collected bonuses based on grossly overstated profits. The profits were reported in financial statements audited by the accounting firm of Ernst & Young. Even after the company’s president had brought in another accounting firm, Deloitte & Touche, to investigate the suspicious figures, nothing much was done (Norris, 1995). In 1994, the SEC filed a complaint against former Comptronix chairman William Hebding, former president Allen Shifflett, and former controller J. Paul Medlin, accusing them of overstating Comptronix profits and then trying to hide the fraud from the company’s independent auditors and board. The former company officials have agreed to repay investors about US$1.1 million in order to settle fraud and insider trading charges (New York Times, 1994a). In 1994, the SEC filed a civil fraud against Marvin G. Basson, a certified public accountant, who allegedly conspired to commit securities fraud by certifying financial statements that: “fraudulently overstated Towers’ assets, revenue, and income.” In April 1994, Towers and its founder, Steven Hoffenberg, were indicted on criminal fraud charges. The former vice-president, Charles Chugerman, pleaded guilty to criminal fraud charges for doctoring computer runs and otherwise falsifying Towers books to mislead investors and ratings services about Towers’ financial health (New York Times, 1994a; Wall Street Journal, 1994b). In 1995, the SEC filed a complaint in Federal District Court in Manhattan against Softpoint, a Nevada company. The SEC alleged that Softpoint’s officers had engaged in an international complex fraud. Softpoint, which develops and sells a computer-driven cash register, issued 420,000 shares to a group of “fictitious” foreign companies. Most of those shares, which the foreign firms bought at a discount, were then resold to US investors, raising US$1.72 million, most of which went back to Softpoint (Eichenwald, 1995). The same year, the SEC filed charges against Bankers Alliance Corporation, Carpe Diem International, Lee Financial, and related companies in an operation that SEC termed a Ponzi scheme. (The Ponzi scheme, named after Charles Ponzi, the organizer of such scheme in the USA in 1919-20, is a swindle in which a quick return on an initial
investment is paid out of funds from new investors in order to lure the victim into bigger risks.) The SEC alleged that the defendants made misleading claims in newspaper ads, promising investors unrealistic high rates of return in questionable investments. A judge in the Federal District Court in Washington issued a restraining order against the named companies (Antilla, 1995). To prevent securities fraud, the SEC issued new disclosure rules in 1996. These rules aim at eliminating the watering down of stock through false issuing to lure investors. This practice started in the nineteenth century, when Daniel Drew did this with the Erie Railroad stocks (Donlan, 1996). On October 14, 1996, Barron’s reported that both the SEC and NASDAQ investigated Novatek International. It is believed that the medical-products marketing concern was largely a stock rig perpetrated by its controlling shareholder, ex-convict William Trainor. The company has filed for Chapter 11 bankruptcy protection (Laing, 1996). In November 1996, the SEC filed the first suit to halt securities manipulation over the Internet. At the agency’s request, a federal judge in Washington froze the assets of Charles O. Huttoe, the chairman of Systems of Excellence, and the assets of Theodore R. Melcher Jr and Shannon B. Terry, operators of an electronic newsletter, SGA Goldstar. The SEC complained that the newsletter writers, in cahoots with Huttoe, touted the company over the Internet. When the stock price took off, investigators say, the writers and Huttoe dumped the shares. Kenneth Lench, the SEC branch chief of the investigation warned that “investors should be wary of biases of people who recommend securities, particularly when they are anonymous” (Hannon, 1996). The SEC’s Regulation S prohibits the sale of Reg S stock by US corporations to foreigners. In 1996, a federal jury found Arthur Feher Jr guilty of criminal fraud for issuing new Reg S shares to a Canadian (Palmer, 1996).
The racketeer influenced and corrupt organizations act RICO claims against accountants were unheard of, but presently fifty such cases involving claims against large and local CPA firms are filed (Wallace, 1995).
In 1970, the US Congress enacted the Racketeer Influenced and Corrupt Organizations Act (RICO) as a weapon against mobsters and racketeers who were influencing legitimate business. The act defines the term “racketeering activities” to include crimes such as mail fraud and fraud of the sale of securities. The RICO Act provides treble damages in civil
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
cases brought under the Act. For civil cases, the standard of proof requires a “preponderance of evidence.” The plaintiff must prove that the defendant: • employed any device to defraud; • made untrue statement of material fact or omitted material fact; • engaged in act, practice, or course of business to commit fraud or deceit in connection with purchase or sale of securities. Plaintiff must also prove: damages sustained; material misstatement or omission; reliance; and scienter. For criminal cases, the standard of proof is “beyond a reasonable doubt.” Section 32(a) establishes criminal liability for “willfully” and “knowingly” making false or misleading statements in reports under the 1934 Act. This section also provides for criminal penalties for violating the antifraud provisions of Section 10(b) consisting of fines of not more than US$100,000 or imprisonment of not more than five years or both. The Schacht v. Brown fraud case (1983) was the first audit failure case brought under RICO. Three separate auditing firms were found liable for alleged damages of US$100 million for “fraudulent prolongation of the corporation’s life beyond solvency.” Plaintiff claimed that each CPA firm knew of the subsidiary company’s insolvency. Each auditing firm issued nonetheless unqualified financial statements from 1974 through 1977 (Boynton and Kell, 1996). In 1985, the US Supreme Court heard the case of Sedima v. Imrex and approved the expansive scope to which RICO was being applied to cover cases involving legitimate business enterprises and individuals affiliated with those enterprises. The Court conceded that RICO may have evolved into something quite different from the original conceptions of its enactors, but concluded that “this defect – if defect it is – is inherent in the statute as written and its correction lies with Congress.” Back in 1986, Martha Brannigan and Richard Koening reported in The Wall Street Journal that nine were indicted in the fraud case of ESM Government Securities Litigation v. Alexander Grant & Co. under the RICO jurisdiction. This case involved Jose L. Gomez, a former manager/partner of Alexander Grant & Co., who pleaded guilty to knowingly approving ESMs false financial statements from 1978 through 1984, thus allowing a fraud that reached US$320 million in losses to investors. In 1987, Brannigan also reported that Gomez continued to participate in the fraud because of his inability to face up to having made a mistake. Berton (1986) reported in The Wall Street Journal that Alexander Grant & Co. faced claims of US$300
million in actual damages and as much as US$1 million in punitive damages, or five times the firm’s malpractice insurance coverage. The defendant is reported to have reached out-of-court settlements approaching US$50 million. Welton (1988) compared both Federal and State RICO statutes as they affect accountants. He concluded that the cumulative effect of litigation under federal and one or more state RICO statutes could lead to catastrophic liability of up to 39 times the actual damages. In 1990, Laventhol & Horvath was the first big accounting firm to be found guilty of a RICO charge in a case involving the audit of a federal tax-shelter program. The accounting firm collapsed and its former partners agreed to pay US$48 million to avoid personal bankruptcy. In 1991, Berton and Truell reported in the Wall Street Journal that a class action lawsuit was filed against Price Waterhouse in federal court in Los Angeles on behalf of BCCI’s 1.2 million depositors seeking multibillion dollar treble damages under the RICO Act. Price Waterhouse was paid at least US$4 million for work performed for BCCI in the USA. In 1992, investors’ rights to sue a company’s auditors for alleged securities fraud and violations under the RICO Act has been upheld by the US District Court for the Southern District of Florida. In Sahlen & Associates, Inc., investors in Sahlen & Associates brought suit against defendants that includes auditor KPMG Peat Marwick after Sahlen declared bankruptcy and its stock became worthless. The court ruled the allegations that generally accepted auditing standards had been violated, along with allegations that KPMG knew of or recklessly ignored other irregularities, were sufficient to sustain a Rule 10b-5 claim under the Securities Exchange Act of 1934. The court also ruled that investors could bring a RICO action against KPMG, as RICO requirements were satisfied by allegations that multiple misstatements to investors were made to further a scheme to defraud (Balinga, 1992). In 1993, the US Supreme Court heard the case of Reves v. Ernst & Young, which involved investors’ losses related to a farmers’ co-operative that went bankrupt, and ruled that RICO “requires some participation in the operation or management of the enterprise itself ” (Bergstrom and Morrison, 1993). In 1994, the Teamsters Union filed a US$22 million lawsuit in the US District Court in Minneapolis against Midwest Motor Express, accusing the Bismarck, ND, trucking company of fraud under the Racketeer Influenced and Corrupt Act (RICO). The Teamsters alleged that Midwest embezzled millions of
[ 11 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
dollars from its employees and that the company defrauded workers of wages and benefits under the guise of saving the company (Schulz, 1994). In 1995, Midwest Motor Express won the case against the Teamsters Union. Judge Patrick Conmy of US District Court of North Dakota, Southwestern Division, said there is no factual basis to support the Teamsters’ contention that Midwest used mail services with the intent to defraud employees (Schulz, 1995). In 1996, the Wall Street Journal reported that Federal Judge Michael B. Mukasey of the US District Court for the Southern District of New York dismissed all racketeering charges against Arthur Andersen & Co. in lawsuits involving the DeLorean Motor Co. Mukasey retained portion of the suits alleging negligence and fraud by the accounting firm as DeLorean’s auditor (Berton, 1996).
Common law liability Fraud stories seem almost like soap operas. The faces and sets change, and plots can take on surprising twists; but in both cases corruption and ruination unfortunately seem omnipresent (Graham, 1996).
Auditors are accountable not only under the 1933 Act and RICO statute, but also under common law for materially misstated financial statements. Common law is based on judicial precedents rather than legislative enactment. The judge has the legislative flexibility to consider social, economic, and political issues as well as prior case law. In fraud cases, auditors are accountable for breach of contract. Under the Tort Law, auditors are also accountable for ordinary negligence, gross negligence, and fraud.
Breach of contract Auditors’ liability in fraud cases arises from breach of contract when they: issue standard reports which do not comply with GAAP; do not deliver the audit report by the agreedupon date; or violate the clients confidentiality relationship. In the 1971 fraud case of Tenants’ Corporation v. Max Rothenberg, the co-operative sued the auditors for alleged failure to detect defalcation under two alternatives: 1 breach of contract to perform an audit; and 2 negligence in failing to exercise due care in performing the audit and in complying with GAAS. The trial court in New York found the auditors were engaged to perform an audit and were negligent in not doing so. The court noted: Regardless of whether the auditors received the invoices for purposes of audit or otherwise, they had a duty to detect defalcations
[ 12 ]
and on the basis of the evidence gathered could have and should have noted these defalcations.
The message of this fraud case is simple; although the contract does not call for an audit examination or detection of fraud, auditors should be responsible for disclosing circumstances causing them to believe fraud exists. In the 1982 fraud case of Fund of Funds, Ltd v. Arthur Anderson & Co., the plaintiff sued the auditors for breach of contract because the auditors failed to disclose irregularities totaling US$120 million to the client when the auditors’ engagement letter contained a specific representation that any irregularities would be revealed. Anderson admitted discovery of the violation of the contract in auditing King Resources Corporation, but declined to disclose the irregularities to Fund of Funds because of the AICPA’s Ethics Rule 301 that prohibits disclosure of confidential information (Boynton and Kell, 1996). The jury found Arthur Anderson liable for aiding and abetting violations of securities laws (Rule 10b-5) and common law fraud because of their failure to disclose their knowledge of King Resources’s wrongdoing to Fund of Funds Limited. In addition, the jury found the accounting firm guilty of breach of contract because they did not comply with the specific representation in their engagement letter. The plaintiff was awarded damages of US$81 million.
Ordinary negligence Ordinary negligence is the failure to exercise the due care that a reasonable, prudent person would exercise in the same circumstances. In 1939, in the Matter of Interstate Hosiery Mills Inc. (4 SEC 706, at 713), the court felt that the auditor was negligent in carrying out his duty. A prudent practitioner must recognize unfamiliar situations and take such precautionary measures as warranted by the circumstances. In such instances, the auditor should adopt extra precautions and a skeptical attitude: On the other hand, he did not attempt to translate the pounds and bale figures in their confirmations into dollars for comparison with the inventory recapitulations, which was among the working papers. Indeed, he was not familiar with the market price of silk and never inquired concerning it, accepting Marien’s pricing without question and relying entirely upon Marien’s representation that the total inventory figure agreed with the corporation’s own records.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
In the Amoco Chemical Corp. v. Hill, Del Super (318 A. 2d 617), the court defined negligence as: the failure to employ such care as a reasonably prudent and careful person would use in similar circumstances; it is the doing of an act that a person of ordinary prudence would have done under similar circumstances.
The court rulings on fraud cases seem to indicate that auditors have potential liability for ordinary negligence to primary beneficiaries for whose benefit they intend to provide the information, and foreseen beneficiaries for whom they know the client will provide information. This also reflects the view of the American Law Institute, in its Restatement of Torts (1977, No. 552). Court rulings on auditors’ responsibility and liability on fraud cases is not consistently applied. They may be dependent on the judge’s interpretation and other circumstances as is evidenced in the following fraud cases. In 1968, the court ruled in the Rhode Island fraud case of Rusch Factors v. Touche holding auditors responsible for “careless financial misrepresentations relied upon by actually foreseen and limited classes of persons” when ordinary negligence is proven. The court noted: Why should an innocent reliant party be forced to carry the weight and burden of an accountant’s professional misconduct? Isn’t the risk of loss more easily distributed and spread by imposing it on the accounting profession, which can pass the cost of insuring against the risk on its customers, who can in turn pass the cost onto the entire consumer ublic?
In 1969, the Iowa Supreme Court held in Ryan v. Kanne that third parties could recover from auditors for ordinary negligence when the audit was known to benefit identified parties before the auditor’s report was issued. In 1972, in the case of Rhode Island Hospital Trust National Bank v. Swartz, the court held auditors liable for ordinary negligence to third parties even if they expressed a disclaimer on the related financial statements. The negligence arises for failing to explain fully the reasons for the disclaimer of opinion and the effect this information would have in the financial statements. In the 1983 fraud case of Citizens State Bank v. Timm, Schmidt & Co., the court held the tortfeasor liable for foreseeable consequences: A tortfeasor is fully liable for all foreseeable consequences of his act except as these consequences are limited by policy factors.
In the 1983 New Jersey fraud case of H. Rosenblum, Inc. v. Adler, the court held
that auditors have a responsibility not only to their clients but also to investors and others relying on audited financial statements. In 1985, the New York Court of Appeals rejected the foreseeable standard in Credit Alliance Corporation v. Arthur Andersen & Co. The court established three criteria for determining whether a plaintiff can bring a claim against auditors for ordinary negligence: 1 the plaintiff did in fact rely on the auditors’ report; 2 the auditors knew that the plaintiff intended to rely on their report; and 3 the auditors, through some action on their part, evidenced understanding of the plaintiff ’s intended reliance. In the 1986 fraud case of International Mortgage Co. v. John P. Butler Accountancy Corp., the California Appeals Court favored the third party. Auditors issuing an unqualified opinion on misstated financial statements can be sued by third parties. In 1992, the US District Court for the Northern District of California, in the case of Software Toolworks, Inc. Securities Litigation, granted a summary judgment to Deloitte & Touche in connection with a public stock offering by Software Toolworks. Deloitte had audited financial statements that were incorporated in Toolworks’ prospectus for the offering, and investors alleged that those statements had made improper inclusions in a revenue category. In granting summary judgment, the court pointed out that Deloitte had performed extensive testing of Toolworks’ revenue recognition procedures (Software Toolworks, 1992).
Gross negligence Gross negligence is the failure to use even slight care in the circumstances. Auditors acted carelessly and recklessly in conducting the audit. In the 1938 fraud case of State Street Trust Co. v. Ernst & Ernst, the auditors failed to assess the collectibility of the accounts receivable. The court recognized the liability to third parties due to the auditors’ gross negligence and reckless misstatements which constituted gross negligence. Later, the Third Circuit Court in McLean v. Alexander (599 F 2d 1190 -3d Cir. 1979) defined recklessness as: Highly unreasonable conduct involving not merely simple, or even inexcusable negligence, but an extreme departure from the standards of ordinary care, and which presents a danger of misleading buyers or sellers that is either known to the defendant or is so obvious that the actor must have been aware of it.
[ 13 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
In one of the first fraud cases of Ultramares Corp v. Touche (255 NY 170, 1931), the auditors failed to discover fictitious accounts receivable. The auditors’ negligence was deemed so gross that it constituted fraud. Judge Cardozo stated on this matter: If liability for negligence exists, a thoughtless slip or forgery beneath the cover of deceptive entries may expose accountants to a liability in an indeterminate amount for an indeterminate time to an indeterminate class.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The court believed that gross negligence existed in this case because “in certifying to the correspondence between balance sheet and accounts the defendants made a statement as true to their own knowledge, when they had … no knowledge in the subject.”
US Federal sentencing guidelines The guidelines are a reaction to a natural frustration with the criminal justice system. There was a feeling that federal judges were not giving long enough sentences to whitecollar criminals and were not imposing large enough fines (US District Judge Marvin Aspen, 1991).
The corporate sentencing guidelines were mandated by Congress in the Comprehensive Crime Act of 1984. The Act established the USA Sentencing Commission (USSC) which issued the Sentencing Guidelines for Individuals in 1987. On May 1, 1991, the USSC submitted to Congress its Proposed Guidelines for Sentencing Corporations which became law on November 1, 1991. The Sentencing Commission added an eighth chapter “Sentencing of organizations” to the seven earlier chapters of the Federal Sentencing Guidelines. According to the Sentencing Commission, the eighth chapter was “designed so that the sanctions imposed upon organizations and their agents, taken together, will provide just punishment, adequate deterrence, and incentives for organizations to maintain internal mechanisms for preventing, detecting and reporting criminal conduct” (Sittenfeld, 1996). Under the new federal sentencing guidelines, fines for a felony or a certain type of misdemeanor can range from US$5,000 to US$72,500,000. Upper-level management can minimize an organization’s exposure to awards of this magnitude by requiring an internal control structure commensurate with those guidelines (Fargason, 1992). Organizations were charged to respond to Congress’ reactions to the recent fraud scandals regarding the Savings-and-Loan (S&L) crisis of the 1980s, BCCI, and the securities industry which were dealt too easily by the court system (Alpert, 1992). The new guidelines deal with white-collar crimes, antitrust
[ 14 ]
violations, bid rigging, securities violations, price fixing, bribery, environmental violations, embezzlement, mail fraud, and others. The Federal Sentencing Guidelines reaffirm the old legal doctrine of respondeat superior. The organization is responsible for the wrongful action of its employees while acting in their official capacity. Organizations may minimize exposure to illegal acts by communicating to all employees and agents unethical behavior through training programs, establishing proactive antifraud programs, enhancing fraud awareness, and initiating fraud compliance audits. The Sentencing Guidelines creates an extraordinary risk for corporations. Corporations will be held criminally responsible even if those in management had no knowledge of participation in the criminal events. In the matter of US v. Bank of New England, WA, 921F. 2d 844, 856 (1st Cir.), cert. denied, 484 US 943 (1987), a corporation can be criminally responsible for the collective knowledge of several of its employees even if no single employee intended to commit crime. In the matter of New York Central and Hudson River Railroad v. United States 212 US 481 (1909); Standard Oil Co. of Texas v. United States 307 F. 2d 120 (5th Cir. 1962), corporations can be held criminally responsible for criminal acts of its employees, “if those acts are done in the course and scope of their employment and for the ostensible purpose of benefiting the corporation.” The Guidelines assign point values to guilty organizations based on mitigating and aggravating circumstances. The fine goes up if, among other things: • the organization engaged in similar misconduct in the past; • the crime violates an existing judicial order or injunction; and • the organization employs a high-level person who has a prior criminal record. The fine goes down if the organization has an effective program to prevent or detect violations of law. Organizations may help the judge reduce the culpability score if they can demonstrate that such activities are selfreporting to authorities, co-operating with authorities, accepting responsibilities, and maintaining an effective compliance program. Mitigating factors allow for probation for organizations which have established an effective anti-fraud control program that “was reasonably designed, implemented, and enforced so generally it will be effective in preventing and detecting criminal conduct (Alpert, 1992). An effective program includes the following criteria:
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
• establishing a compliance program which can reasonably be expected to reduce the prospect of criminal activity; • assigning responsibility to specific highlevel individuals for overseeing compliance with standards and procedures; • not allowing discretionary authority to individuals who in the organization know or should have known would have a propensity to engage in illegal activities; • installing monitoring and auditing systems designed to detect criminal conduct; • communicating standards and procedures to all employees and agents through training programs and printed materials; • reinforcing standards consistently through appropriate disciplinary mechanisms; and • responding to reported offenses with actions taken to prevent recurrences (Flesher, 1996). Sittenfeld (1996) offers tips to organizations to comply with The Federal Sentencing Guidelines for Organizations. Internal auditors can support management anti-fraud efforts in the following areas by: • making certain that preventive, detective, and reporting controls are in place to satisfy the mandate of the Sentencing Commission; • knowing that punishments are prescribed in the Guidelines and what organizations can do to deflect them; • developing a clear understanding of the deterrent provisions of the Guidelines, how they can affect the organization’s daily operations, and which set of internal control will satisfy the Guidelines and protect the organization; and • advising management with regard to how the organization can derive the greatest benefit from incentives offered by the Guidelines. Jennings (1997) believes that the internal auditor’s role is to make sure that the organization’s program has monitoring and auditing systems that provide a check on financial and accounting controls. The auditor should detect the types of crimes and regulatory violations to which the company is vulnerable, and monitor how effectively the compliance program itself is operating. The internal auditor should also research ways to take advantage of mitigating factors under the Guidelines, as well as strategies for dealing with employee reporting and for designating the most appropriate person for compliance responsibility. An effective compliance program with the Sentencing Guidelines must demonstrate commitment, oversight, responsibility, staffing, and due diligence. The Due
Diligence Program of The Federal Sentencing Guidelines requires that: • standards and procedures to reduce criminal conduct within the organization must be in place; • high level personnel must be in charge of the program; • due care must be exercised in terms of delegating authority; • effective communication and training regarding standards and procedures must be established; • mechanisms for monitoring, auditing, and reporting criminal misconduct must exist; • consistent enforcement of standards, including investigation and discipline, must be assured; and • procedures for feedback and correction should criminal incidents be uncovered must be established (Federal Sentencing, 1991). The US Sentencing Guidelines provide for incremental lower fines when an organization reports an offense to the authorities, cooperates in the investigation, identifies and disciplines the wrongdoers, and takes vigorous steps to reduce the likelihood for an offense to be committed. Fiorelli and Rooney (1997) find that the Internal Control – Integrated Framework (1992) of the Committee of Sponsoring Organizations (COSO) and the Sentencing Guidelines are related since both focus in developing a strong system of internal control. All the Sentencing Guidelines’ requirements “can be explained within the context of COSO.”
The foreign corrupt practices act In the long run, an international agreement is needed to curb the use of bribes by transnational corporations (Clinard, 1990).
The USA’s revulsion to bribery was evidenced during the 1970s when well-known US companies such as Lockheed, Northrop, and Gulf Oil were making headlines almost daily because they paid large sums of money to high foreign officials in order to close important deals (Evans et al., 1994). The Internal Revenue Service (1976) found that bribes abroad may have led to tax fraud in accounting. A SEC-sponsored voluntary compliance program (1976) disclosed that over 250 US corporations had made questionable or illegal payments in the USA and abroad. Many of the illegal payments were made through off-the-books “slush funds” or improper invoicing practices. To deter corrupt practices, the US Congress enacted the Foreign Corrupt Practices Act (FCPA) on December 19, 1977. The Act
[ 15 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
amends Section 13(b) of the Securities Exchange Act of 1934. Its accounting requirements apply to all companies that are registered under Section 12 of the 1934 Securities Act or that are required to file report under Section D of the Act. The accounting provision of the Act is administered and enforced by the SEC. The FCPA requires SEC-registrant companies to implement an internal control structure sufficient to provide reasonable assurance that: • transactions are executed in accordance with management’s general and specific authorization; • transactions are recorded as necessary: to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements and to maintain accountability for assets; • access to assets is permitted only in accordance with management’s general or specific authorization; and • the recorded accountability for assets is compared with existing assets at reasonable intervals and appropriate action is taken with respect to any differences. The FCPA’s provision to devise and establish an internal control system tends to deter fraudulent reporting. The SEC has not prescribed any detailed procedure or technique to ensure compliance with the FCPA but has held that management has such responsibility. The SEC has, however, identified the following concepts in evaluating an internal control structure: • appraisal of the overall control environment; • translation of broad objectives into specific objectives; • consideration of detailed procedures and techniques to achieve specific objectives; • monitoring control procedures to determine if they are functioning as intended; and • evaluation of the system for reasonable assurance by considering the benefits and/or alternative controls. The bribery of foreign officials in order to obtain, retain, or direct business to any person is considered an illegal act. Under the FCPA, fines of up to US$1 million on companies and up to US$10,000 for each individual and imprisonment for up to five years were recommended. Insurance companies do not cover the FCPA provisions. Companies are not allowed to pay for individual fines. In the 1988 Omnibus Trade and Competitiveness Act, Congress direct the President to seek an agreement with the member
[ 16 ]
governments of the Organization for Economic Cooperation and Development (OECD) to ban the use of bribery by transnational corporations. The Act signed by President Reagan amended the FCPA in order to address its perceived deficiencies. The amendments affect: the accounting provisions; the criminalization of foreign bribery; and he enforcement of the act. The term “reasonable detail” as used in the record keeping requirement and the “reasonable assurance” as used in the internal control system must meet the “prudent man” test. Criminal liability is applied for firms and individuals who make payments to third parties while knowing that the payment would be used by the third party for purposes barred by the FCPA. Criminal penalties have been increased from US$1 million to US$2 million for companies, and from US$10,000 to US$100,000 for individuals. Enforcement of the antibribery provisions for all jurisdictions has been consolidated within the Justice Department whereas the SEC retains the responsibility to enforce the provision relating to the company’s books and records and internal controls. From 1980 to 1994 several corporations have been indicted for bribery under the FCPA. Harris and Ricks (1994) reported in The Wall Street Journal that Lockheed Corporation and two of its executives had been indicted on charges of making illegal foreign payments in violation of the FCPA. Lockheed made illegal payment to Leila Takla, a member of the Egyptian Parliament. On January 27, 1995, Lockheed pleaded guilty for conspiring to violate US antibribery laws and was fined US$24.8 million. It admitted to falsifying records and lying to the Pentagon in selling three C-130 cargo planes for US$79 million to Egypt (Pasztor, 1995). In Canada, state law bans bribery of federal and provincial government officials but does not address such payment to foreign government employees. The US Foreign Corrupt Practices Act and the UN Draft International Agreement on Illicit Payments could provide Canada with a framework for drafting laws prohibiting bribes of foreign officials (Klotz, 1994). In May 1994, the OECD, whose membership consists of 26 industrialized countries, issued a statement recommending that its members act to “combat the bribery of foreign public officials in connection with international business transactions” (Kimelman, 1994). In 1996, the US SEC accused Montedison of Italy of hiding millions of dollars in bribes and for submitting fraudulent financial reports (Taylor, 1996).
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
In 1996, an Argentine federal judge initiated a formal investigation into a US$249 million contract between the local IBM and Banco de la Nacion Argentine. At issue is whether IBM paid probes to obtain the contract. The US Justice Department and the SEC are looking into whether IBM violated the FCPA provisions (Friedland, 1996). The same year, international organizations such as the World Bank and the Organization of American States (OAS) came out against corruption in cross-border business transactions. The United Nations’ General Assembly has even asked member states to make bribery in international business a crime and to remove rules allowing corporations to classify bribes as deductions (Lavelle, 1997). In Russia, the privatization of business has led to increased opportunities for public officials to engage in bribery. Determining liability under the FCPA is fraught with legal ambiguities in a country undergoing major legal and economic changes. Most Department of Justice enforcement actions so far have focused on bribery involving high government officials (Dugan and Lechtman, 1996). Thueson (1997) reported that kickbacks and bribes – though technically illegal in Russia, are normal business practices. Lack of internal controls and documentation, and “ethical lapses” seem to be the major hurdles for Western companies doing business in Russia. It is possible for a Russian company to hire a government agency official as a consultant on a business matter even though the agency official is reviewing the business matter under consideration.
Part II: Fraud and the professional standards The role of the AICPA Independent auditors should accept the responsibility for the discovery and disclosure of those irregularities which the exercise of due audit care by a prudent practitioner would normally uncover (Mautz and Sharaf, 1961).
More than once the American Institute of Certified Public Accountants (AICPA) has come to the rescue of the accounting and auditing profession in fraud cases by rectifying the situation and issuing auditing standards and procedures. These fraud cases, which have been widely publicized, have had a profound effect on the profession as the independent auditor’s responsibility has changed drastically over the years. In the early 1900s, the external auditors’ primary responsibility was the detection of fraud because audits were primarily involved with cash transactions.
In 1936, the American Institute of Accountants (AIA) issued a pronouncement titled “Examination of financial statements by independent public accountants.” It did not require confirmation of receivables in the case of companies having an adequate system of internal control. In the case of inventories, the external auditor relied principally for information on the responsible officers and employees of the company. The 1939 spectacular fraudulent case of McKesson & Robbins, Inc. changed all that. It brought to the public attention that independent auditors had issued an unqualified opinion on financial statements without observing the physical inventory on hand nor confirming accounts receivable balances with debtors. The SEC had recommended the strengthening of auditing procedures about inventory reporting. This led the AICPA to appoint the Committee on Auditing Procedures (CAP) to examine audit procedures and other “public discussions” related to McKesson & Robbins regarding a US$19 million overstatement of inventory and accounts receivable. The same year, the CAP issued the Statements on Auditing Procedures (SAP) No. 1, Extension of Auditing Procedures, which recommended: the observation of physical inventory; the direct confirmation from the debtor which should be regarded as a normal audit procedure in all cases where receivables constituted a significant proportion of total assets; the appointment of independent certified public accountants; and a report from the independent certified public accountant. SAP No. 1 also authorized the substitution of other procedures under certain circumstances. In 1951, the CAP felt that an examination of financial statements did not warrant the discovery of irregularities and adopted the following position on fraud: The ordinary examination incident to the issuance of an opinion respecting statements is not designed and cannot be relied upon to disclose defalcations and other similar irregularities, although their discovery frequently results.
The AICPA contends that a detailed examination of financial statements is not called for by the cost/benefit relationship: If an auditor were to attempt to discover defalcations and similar irregularities, he would have to extend his work to a point where its costs would be prohibitive … It is generally recognized that good internal control and surety bonds provide protection much more cheaply.
In 1960, the AICPA issued SAP No. 30, which was later incorporated in the Statement of Auditing Standard (SAS) No. 1, Codification of Auditing Standards and Procedures in 1972.
[ 17 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
The auditor acknowledged responsibility for detecting fraud that would normally be uncovered by an examination performed in accordance with GAAS: The responsibility of the independent auditor to detect fraud (which responsibility differs as to clients and others) arises only when such failures clearly result from noncompliance with generally accepted auditing standards.
It was felt that the cost of the discovery of fraud would be prohibitive:
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
If an objective of an independent auditor’s examination were the discovery of all fraud, he would have to extend his work to a point where its cost would be prohibitive. Even then he could not give assurance that all types of fraud had been detected or that none had existed because of items such as unrecorded transactions, forgeries, and collusive fraud would not necessarily be uncovered. It is generally recognized that good internal control and fidelity bonds provide protection more economically and effectively.
Mautz and Sharaf (1961) question the AICPA’s position to eliminate or minimize the responsibility to uncover fraud through audit-client agreements, letters, and statements in the professional literature. They list three motives for the refusal to uncover fraud: 1 the auditor appears to be renouncing his/her right to an area in which he/she has competence and in which he/she can be of service; 2 as a professional group auditors are in effect refusing to provide an effective service to the business community; and 3 auditors are emphasizing to clients and the world at large their unwillingness to accept responsibility, to provide a difficult but useful service. They argue that there is a considerable difference between a reasonable search for major irregularities and the complete search for possible errors. There are indeed a considerable number of irregularities which even an elaborate search might not detect; there are also a considerable number of errors which a reasonable investigation might not disclose. They also feel that such position cannot but “lessen the prestige of the profession, particularly in view of the fact that the service and the responsibility we now deny, at one time, was claimed rather forcefully.” After the Equity Funding scandal, the SEC summoned the public accounting profession and demanded to know what they planned to prevent the recurrence of similar catastrophes. The AICPA responded by issuing SAS No. 16, The Independent Auditor’s Responsibility for the Detection of Errors or Irregularities
[ 18 ]
in 1967 which was superseded by SAS No. 1. It dealt with the auditors’ responsibility for detecting fraud. The auditor is required to look specifically for irregularities which may have a material effect on the financial statements. It states: Under generally accepted auditing standards, the independent auditor has the responsibility, with inherent limitations of the auditing process, to plan his examination to search for errors or irregularities that would have a material effect on the financial statements, and to exercise due skill and care in the conduct of that examination.
The possibility of material errors or irregularities should influence the independent auditor to adopt a skeptical attitude in the examination of the financial statements. SAS No. 16 (Section 316) states: The auditor should plan and perform his examination with an attitude of professional skepticism, recognizing that the application of his auditing procedures may produce evidential matter indicating the possibility of errors and irregularities.
Later the AICPA issued SAS No. 17 (Section 316), which even more explicitly requires design of the audit to provide reasonable assurance of detecting material errors and irregularities. Both SASs 16 and 17 have been credited to the SEC chief accountant’s persuasive ability (Sack, 1987). The 1967 fraud case of Fischer v. Kletz led the AICPA to issue in October 1969 the Statement of Auditing Procedures (SAP) No. 21 which provides that errors discovered after the completion of an audit are not to be concealed by the auditors’ silence. In May 1973, the AICPA appointed a special committee to “study whether the auditing standards which are currently considered appropriate and sufficient in the examination of financial statements should be changed in the light of the Equity Funding fraud.” In February 1975, the special committee issued its report and concluded that “Customary audit procedures properly applied would have provided a reasonable degree of insurance that the existence of fraud at Equity Funding would be detected.” The special committee felt that the audit procedures were adequate and recommended a restatement of those sections of SAS No. 1: It seems clear that the auditor has an obligation to discover material frauds that are discoverable through the application of customary auditing procedures applied in accordance with generally accepted auditing standards. The auditing profession should, on an ongoing basis, continue to improve the efficiency of customary audit procedures to the end that probability of
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
discovery of material frauds continues to increase within the limits of practicality (Cooper and Flory, 1976).
In March 1975, the Financial Accounting Standards Board (FASB) released a discussion memorandum entitled Analysis of Issues Related to Criteria for Determining Materiality which lists the following factors that are weighted by auditors in materiality judgments and by investors and creditors in making investing and lending decisions: • environmental factors; • enterprise related factors; • accounting practices; and • uncertainty. It seems that the auditor’s responsibility to detect management fraud depends on the manner in which it was perpetrated, its pervasiveness, and the likelihood of its discovery through competent application of auditing procedures. However, if management fraud is discovered, the adequacy of disclosure depends on the anticipated impact such information will have on users of financial reports (Thomas, 1979). In 1978, the AICPA’s Independent Commission on Auditors’ Responsibilities (the “Cohen Commission” named after the chairperson, Manuel Cohen, a former SEC Commissioner) issued a 195-page report on the appropriate responsibilities of independent auditors. The Cohen Commission defined fraud as follows: Viewed broadly, any intentional act designed to deceive or mislead others is fraud. Fraud in the business environment with which the auditor is concerned has a more specialized meaning. Fraud may occur at the employee or management level. Fraud by nonmanagement employees are generally designed to convert cash or other assets to an employee’s own benefit … Fraud at the management level includes intentional misrepresentations that may lead to improper selection of accounting principles or inclusion of false amounts, or the omission of amounts from financial statements. It is usually accompanied by acts of concealment, such as omission of entries, manipulation of documents (including forgery), or collusion among individuals inside or outside the company.
Since 1985, the AICPA has been promoting the legislation which transpired in the fraud case Credit Alliance Corporation v. Arthur Andersen which rejected the “foreseeability standard” and held auditors liable for ordinary negligence only to those people whom they acknowledged in writing were known to be relying on their reports. In 1987, the well-publicized case of E.S.M. Government Securities fraud case represented a real threat to the entire accounting
profession’s reputation. This led the AICPA to establish the following auditing standards and procedures. In April 1988, the AICPA issued SAS No. 53 (AU 316), The Auditor’s Responsibility to Detect and Report Errors and Irregularities, which distinguishes between errors and irregularities: The term errors refers to unintentional mistakes in financial statements and includes mathematical or clerical mistakes in the underlying records and accounting data from which the financial statements were prepared, mistakes in the application of accounting principles, and oversight or misinterpretation of facts. The term irregularities refers to intentional distortions of financial statements, such as deliberate misrepresentations by management, sometimes referred to as management fraud, or misappropriation of assets, sometimes referred to as defalcations.
SAS No. 53 requires external auditors to: • understand the characteristic causes and signs of errors and irregularities; • assess the risk that errors or irregularities may cause a company’s financial statements to contain a material misstatement. Higher-than-normal risk of irregularities exist when working capital is inadequate or the client’s industry experiences several business failures; • design the audit to provide reasonable assurance of detecting errors and irregularities that are material to the financial statements; and • disclose irregularities to outside agencies. SAS No. 53 also requires auditors to maintain an attitude of professional skepticism when planning and performing an audit: The auditor neither assumes that management is dishonest nor assumes unquestionable honesty. Rather, the auditor recognizes that conditions observed and evidential matter obtained, including information from prior audits, need to be objectively evaluated.
Albrecht (1996b), in “The expectation gap,” argues that the only way SAS 53 could narrow the expectation gap between users and independent auditor expectations would be if: SAS No. 53 changed the way auditors conducted audits so that they actually detected more frauds; or changed user expectations about what auditors are supposed to do. He believes that SAS 53 “hadn’t changed the way auditors conducted financial statement audit nor had it changed user expectation.” In 1988, the Auditing Standard Board issued SAS No. 54 (Section 317), Illegal Acts by Clients, which superseded SAS No. 17. The statement defines illegal acts as violation of
[ 19 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
laws or governmental regulations and provides guidance in three general areas: 1 an auditor’s responsibility for detecting and disclosing illegal acts; 2 the audit procedures an auditor should consider both in the apparent absence of illegal acts and when illegalities are possible; and 3 how an auditor should respond to detected illegal acts (Ricchiute, 1996).
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
When auditors become aware of possible illegal acts, they should obtain an understanding of the circumstances of the act and gather sufficient evidence to judge the effect of the illegal act on the financial statement. When illegal acts may have occurred, Arens and Loebbecke (1994) suggest the following steps: 1 the auditor should inquire of management at a level above those likely to be involved in the potential illegal act; 2 the auditor should consult with the client’s legal counsel or another specialist who is knowledgeable about the potential illegal act; and 3 the auditor should consider accumulating additional evidence to determine if there actually is an illegal act. Guy and Mancino (1992) suggest the following additional steps: • report the fraud or illegal acts to the audit committee; • consider the implication of fraud or illegal act for other aspects of the audit; • insist the financial statements be revised; • withdraw from the engagement and communicate in writing the reasons for the withdrawal; and • prepare a letter stating the agreement or disagreement with the company’s statements. In 1995, the US Congress passed the securities law titled The Private Securities Litigation Reform Act which demands that auditors first hunt for illegal acts. Previously, auditors were required to look for illegal acts only if their suspicions were aroused. The new law says an auditor must first hunt for illegal activities, then check for misleading numbers or omissions in a company’s financial statements (MacDonald, 1996). The act imposes, for the first time, a duty on an independent auditor of a public company to report fraud or illegal activity to the SEC. Under the act, an auditor’s responsibility covers any activity in violation of law, such as EPA, FOA, and EEOC violations (Rossow, 1996). Under SAS No. 54, an auditor’s responsibility to detect and report misstatements resulting from illegal acts on financial statement amounts that have a direct material impact on financial statements is identical to SAS
[ 20 ]
No. 53 which requires external auditors to report errors and irregularities. Examples of illegal acts having a direct material effect include violations of tax laws or of government grant contracts. Examples of illegal acts having a material but indirect effect on financial statements include violations of equal employment and antitrust laws (Ricchiute, 1996). The AICPA has recognized the establishment of an adequate internal control structure as a preventive measure of potential irregularities. In April 1988, the AICPA issued SAS 60, The Communication of Control – Structure Related Matters Noted in an Audit which defines a reportable condition as a “significant deficiency in the design or operation of the internal control structure which could adversely affect the organization’s ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements.” In 1991, Congressmen Ron Wyden, Edward J. Markey, and John D. Dingell felt that fraud detection should be one of the primary goals of any audit of financial statements. They introduced HR 4313, “Financial Fraud Detection and Disclosure Act,” which represents an attempt to put more pressure on independent auditors to detect fraud. In March 1993, the AICPA announced its endorsement of HR 574, the Financial Fraud Detection and Disclosure Act (the Wyden Act), on the basis that it should bolster public confidence in the US financial reporting system by requiring auditors to provide earlier public notification of possible misconduct (Barlas, 1993). The same year, Congressman Henry Gonzalez introduced the HR 6, the Deposit Insurance Reform Bill. The bill would require external auditors who suspect wrongdoing to report the findings to management, which is then responsible for informing the SEC within one day. If the organization does not inform the SEC on time, the auditor must resign and send a copy of the findings to the agency (International Auditor, 1991a). In 1993, the AICPA made a proposal that would mandate the SEC to establish a reporting system that would require public companies to state whether their internal controls over financial reporting were effective and to have their statements publicly corroborated by an independent auditor. John B. Sullivan, chairman of the AICPA’s Accounting Standards Board, maintains that such a system would serve as a weapon against financial fraud. Walter P. Schuetze, former SEC chief accountant, maintains that such a system would not prevent dishonest companies from “cooking the books” and could thus provide a
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
false sense of security (Journal of Accountancy, 1993). In August 1993, the AICPA’s Board of Directors issued a statement entitled Meeting the Financial Reporting Needs of the Future: A Commitment from the Public Accounting Profession (AICPA, 1993a). The AICPA endorsed the recommendation of the Public Oversight Board and proposed several accounting reforms in order to improve fraud detection, strengthen auditor independence, and other related auditing issues. This was done in response to some prominent business failures that had eroded public confidence. The AICPA unveiled a historic initiative to increase public confidence in financial reporting and to improve the climate for tort reform by expanding auditors’ effort to: • improve the prevention and detection of fraud; • enhance the utility of financial reporting to those who rely on it; • assure the independence and objectivity of the independent auditor; • discourage unwarranted litigation that impedes innovation and undermines the profession’s ability to meet evolving financial reporting needs; and • strengthen the accounting profession’s disciplinary system. The reform calls for a systematic review of alleged accounting failures (Miller, 1993). The board of directors also endorsed the proposed federal “Financial Fraud Detection and Disclosure Act” and stressed that auditors should receive a stronger support from management to allow them to prevent and detect fraud: Every participant in the financial reporting process has a stake in preventing wrongdoing and all should be expected to share the responsibility. Management, for example, should renew its emphasis on ethical values throughout the organization. It is also critical that an open line of communication with the independent auditor be maintained. Therefore, advisors, such as attorneys, should be called upon to bring to the independent auditor’s attention instances of suspected fraud so that the auditor can, to the extent possible, confirm or dispel those suspicions. Regulators who possess such knowledge should also be required to make that information known to the auditors.
In its 1993 annual report, the Public Oversight Board (POB) of the American Institute of CPAs focused on the accounting profession’s response to the growing liability crisis. According to POB chairman A.A. Sommer Jr, the board will support efforts to pass legislation that restores the balance between accountability and liability. Sommer believes that auditors should be accountable for
damages caused when they fail to meet their responsibilities, but not for the frauds and shortcomings of others or for the failures of government policies (Sommer, 1993). In March 1993, the AICPA POB published a report, In the Public Interest: Issues Confronting the Accounting Profession (AICPA, 1993b) and stated that an independent auditor cannot be expected to detect certain forms of management fraud. Such statement may not be in consonance with some people who believe that uncovering management fraud should be an auditor’s main priority (Knutson, 1994). The POB however recommended increased efforts by CPA firms to assure the implementation of SAS No. 53. Soon thereafter the AICPA issued a response to the POB recommendation in the form of a White Paper that restated the auditor’s responsibility to detect material misstatement, including management fraud (Carmichael and Craig, 1996). In May 1996, the Auditing Standards Board (ASB) issued a proposed SAS, Consideration of Fraud in a Financial Statement Audit. This will replace SAS No. 53, The Auditor’s Responsibility to Detect and Report Errors and Irregularities. The proposed statement: • describes fraud and its characteristics; • requires the independent auditor to assess the risk of material misstatement due to fraud and provides categories of fraud risk factors that should be considered; • provides guidance on how the auditor should respond to the results of the assessment; • provides guidance regarding the auditor’s communication about fraud to management, audit committees, and others. The risks of fraudulent financial reporting are broken down into three categories: 1 management characteristics; 2 industry characteristics; and 3 operating characteristics and financial stability. The standard reaffirms the independent auditor’s present responsibility to plan and perform the audit in order to obtain reasonable assurance about whether the statements are free from material misstatements, and whether such misstatement is caused by error or fraud (Hrisak, 1996). The independent auditor is required to consider both the fraudulent financial reporting (management fraud) and the misappropriation of assets (employee fraud). External auditors must therefore take proactive steps to ascertain the existence of fraud, such as verifying more receivables, confirming sales and shipments, and conducting site inspections of client facilities. Along with the auditor’s increased
[ 21 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
responsibility will be guidelines regarding the involvement of the board of directors and the weak systems of internal control (Demery, 1996). The proposed standard, for the first time, uses the word “fraud” instead of “irregularity.” Under the proposed revision, AU 110 would read as follows: The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.
The standard will force independent auditors to document in their working papers that they have considered the risk of fraud in their audits: Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In planning the audit, the auditor should document in the working papers evidence of the performance of the assessment of the risk of material misstatement due to fraud, including any fraud risk factors that the auditor believes, individually or in combination, significantly impact the risk of material misstatement together with the auditor’s response to those risk factors. In addition, if during the performance of the audit, fraud risk factors and other conditions are identified that cause the auditor to believe that the risk of material misstatement due to fraud has increased, the changed assessment, and any further response that the auditor concluded was appropriate also should be documented.
Albrecht (1996b) believes that the required documentation “will narrow the expectation gap because they will force auditors to consider fraud explicitly in every financial statement audit.” The standard also requires the independent auditor to discuss with management the possibility of fraud: The auditor also should inquire of management to obtain the client’s view regarding the risk of material misstatement due to fraud. Information from that inquiry could identify fraud risk factors that may affect the auditor’s assessment and related response. Some examples of matters that might be discussed as part of the inquiry are: whether there are particular subsidiary locations, business segments, types of transactions, account balances, or financial statement categories where fraud risk factors exist or may be more likely to exist; and how management may be addressing such risks.
The standard raised the following concerns: the increased cost of performing the financial audits; the increased exposure of auditors to litigations; and the flaws related to the fraud risks factors (Albrecht, 1996b). David Landsittel, chairman of the ASB’s Fraud Task Force, commented on the new SAS No. 82, Consideration of Fraud in a
[ 22 ]
Financial Statement Audit (1996). It provides a “benchmark for what auditors need to do to fulfill their responsibilities related to consideration of fraud in an audit.” The better our profession can become in detecting fraud, the better we will serve the public interest and increase the value of our services (Hrisak, 1996). Michael H. Sutton, SEC chief accountant, lauded the new AICPA Statement as the most recent effort by the profession to help gain public confidence. He also praised SAS No. 82 for referring to fraud by name, for the first time, instead of by its euphemistic term “irregularities” and for describing over 40 fraud risk factors that auditors must consider in planning and performing the audit (Sutton, 1997a). Fraud and bankruptcy often are found in lawsuits against auditors. The auditor’s detection and disclosure responsibilities in these areas are a focus of the Private Securities Litigation Reform of 1995. The Act reaffirms the auditor’s responsibilities regarding SAS No. 53, The Auditor’s Responsibility to Detect and Report Errors and Irregularities. SAS No. 54, Illegal Acts by Clients, and SAS No. 82, Consideration of Fraud in a Financial Audit (Palmrose, 1997).
The role of the institute of internal auditors The internal auditor is vitally concerned with all manners of waste and fraud, whatever the source and however small the size. This is rooted in the understanding that a tiny cloud can mushroom in to a tempest that may rock the pillars of the enterprise (Sawyer, 1988).
The IIA emphasis on fraud is reflected in the Standards of Professional Practice for Internal Auditors (SPPIA). Section 280 states: In exercising due professional care, internal auditors should be alert to the possibility of intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflict of interest. They should also be alert to those conditions and activities where irregularities are most likely to occur.
The standards do not, however, specify that internal auditors are responsible for the detection of fraud. Internal auditors must be alert and consider the possibility of fraud when carrying out an audit. Internal auditors cannot give absolute assurance that fraud does not exist: Internal auditors cannot give absolute assurance that noncompliance and irregularities do not exist. Nevertheless, the possibility of material irregularities of noncompliance should be considered whenever the internal auditor undertakes an internal audit assignment.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
In 1985, The Institute of Internal Auditors deemed fraud so important to issue SIAS No. 3, “Deterrence, detection, investigation, and reporting of fraud” to codify the internal auditor’s responsibility for fraud. The SIAS added several subsections to Standard 280 to address the issue of fraud detection. In 1986, The Institute of Internal Auditors took a stand on internal audit involvement in the prevention of fraudulent activity – particularly, fraudulent financial reporting, and issued a paper entitled The Role of Internal Auditors in the Deterrence, Detection, and Reporting of Fraudulent Financial Reporting (Institute of Internal Auditors, 1986). The paper was prepared for the National Commission of Fraudulent Financial Reporting. The pervasive influence by the Institute of Internal Auditors to deter, detect, and report fraud will be discussed in the following sections.
The role of the association of certified fraud examiners Most of the internal frauds investigated by Certified Fraud Examiners (CFEs) such as embezzlement, kickbacks, and false invoicing, even if they involve big dollars, aren’t material to the financial statements of the corporation and don’t have to be disclosed. But leave that fraud untended and the situation might change (Kramer, 1996).
The Association of Certified Fraud Examiners (ACFE) was founded in 1988 for the purpose of reducing incidents of white-collar fraud. The ACFE runs a program to accredit as Certified Fraud Examiners (CFEs) people with skills necessary to detect, investigate, and deter fraud. CFEs often have accounting or auditing backgrounds and work in such fields as forensic accounting, fraud auditing and investigations, loss prevention, law enforcement, research and academics, and public accounting. CFEs can cash in on white collar crime by offering expert assistance to attorneys and litigators (Cohenson and Dispasquale, 1993). According to Wells (1997), the CFE would have knowledge in four specific areas: 1 the investigation of fraud; 2 the legal principles involving the proof of fraud; 3 the schemes involved in fraudulent financial transactions; and 4 an understanding of criminal behavior concerning fraudulent conduct. CFEs often work as forensic accountants. Bologna et al. (1993) define forensic accounting as follows: Forensic and investigation accounting is the application of financial skills and an investigative mentality to unresolved issues,
conducted within the context of rules of evidence. As a discipline, it encompasses financial expertise, fraud knowledge, and a strong knowledge and understanding of business reality and the working of the legal system. Its development has been primarily achieved through on-the-job training, as well as experience with investigating officers and legal counsel.
Forensic accounting, which implies any court-related work done by an accountant, can provide fraud review teams for the members of the legal profession. In criminal or legal cases, forensic accountants can work for the prosecution, defense, and even the court (Thornhill, 1995). Wells (1995) believes that forensic accounting has reached its limits and will not continue to grow whereas fraud examination has been described as the growth field for the twenty-first century. Most industrial companies are subject to three layers of financial review – internal auditors, auditors employed by lending institutions, and independent public auditors. If any one of these financial reviews uncovers suspicious activity, they may decide to call on a fraud auditor, sometimes referred as a forensic accountant. The inquiry of the forensic accountant will differ from that of the previously described audits in that the forensic accountant will be specifically looking for fraud. According to Luizzo and Van Nostrand (1994), the fraud auditor typically builds a case by carefully examining records. When something out of the ordinary is noted, the fraud auditor delves deeper to find out why it occurred. CFEs are engaged by a company as consultants after an auditor has noted some irregularity, specifically fraudulent activities. While financial auditors focus on the financial transactions themselves and rely extensively on the internal controls in determining the nature, timing, and extent of the audit process, fraud auditors instead go deeper to the behavior that underlies each transaction and look at how the central systems can be circumvented (Bologna and Lindquist, 1995). Robertson (1996) observed that fraud examiners have little in the way of standard programs or materiality guidelines to limit their attention to fraud possibilities: “They float on a sea of observations, of exceptions and oddities that may be the tip of a fraud iceberg.” De Groot (1997) observed that fraud examination and forensic accounting in The Netherlands became “more prevalent in 1992 when KPMG announced that it was setting up a forensic accounting department.” He gives four reasons for the sustained growth of fraud examination and forensic accounting:
[ 23 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
1 the rising company fraud and the waning interest of the police and courts in such cases; 2 the conduct of criminal audits to keep criminal influence at bay; 3 the preparing and refuting claims becoming a bread-and-butter activity for forensic accountants; and 4 the defendants’ legal counsels increasingly disputing the findings of accountants and fraud examiners.
The role of the institute of management accountants
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The heat is on auditors these days. Businesses are going belly up at record rates. And frequently the employees and the stockholders of these fragile firms are the last to know (Frank, 1982).
The Institute of Management Accountants’ (IMA) research report The Role of Analytical Procedures in Detecting Management Fraud addresses the need to improve the auditor’s ability to detect management fraud with a better knowledge of analytical procedures (Freedman, 1993). The IMA believes that management and the board of directors should establish an internal control structure to prevent or detect fraud. Part of that structure is the control environment. Factors in that environment are: • management philosophy; • operating style which sets the tone for company activities; • a strong commitment by management to ethical conduct reflected in its written policies and personnel practices, and • interest in effective control which fosters the creation of the appropriate environment.
The role of the Treadway Commission The Treadway Commission urged all participants in the financial reporting process – to consider several specific risk factors when planning or reviewing proposed audit activities (Jeffords et al., 1992).
In 1987, the Commission on Fraudulent Financial Reporting (Treadway Commission) issued 49 recommendations to reduce the incidence of fraudulent financial reporting. The Commission concluded that the primary responsibility for fraudulent reporting rests with the management and the board of directors of the company that issue the report. The Commission reported: • all public companies should maintain internal controls that will provide reasonable assurance that fraudulent financial reporting will be prevented or subject to early detection; and
[ 24 ]
• that the “tone set by top management” is of overriding importance. The Commission further stressed that users of audited financial statements should expect auditors to: • perform the audit with technical competence, integrity, independence, and objectivity; • search for and detect material misstatements, whether intentional or unintentional; • prevent the issuance of misleading financial statements. The Commission, therefore, recommended to independent public accountants that: • auditing standards be changed to recognize the auditor’s responsibility for detecting fraudulent financial reporting better; and • the auditor’s standard report be improved to better communicate the work done by the auditor. The Commission identified the following risks: • Internal environmental risk which consists of conditions, circumstances, and influences on a company that are subject to management control; and • External environmental risk which includes industry conditions, regulatory and legal considerations, and the business environment. The Treadway Report found that frauds were often initiated during good times, as growth got out of hand and pressures for adequate working capital created incentives to distort records (Wallace, 1995). Jeffords et al. (1992) examined 910 cases submitted to the Internal Auditor during the nine-year period from 1981-1989 to assess the specific risk factors cited in the Treadway Commission Report. Approximately 63 percent of the 910 cases are classified under the internal control risk which include: • lack of regular, independent checks in performance; • inadequate organizational control methods; • inadequate methods of communicating or enforcing the assignment of authority and responsibility; and • unauthorized access and physical control of assets, records, computer programs, or data. Almost two-thirds of the 910 cases can be classified according to the risk factors identified by the Treadway Commission. In 1992, the Commission of Sponsoring Organizations (COSO) of the National Commission on Fraudulent Financial Reporting published its report, Internal Control – Integrated Framework. COSO urges
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
corporations to report on their internal control, advice that has been strongly criticized by some people who may believe that honesty can be legislated. However, several cases show that top company executives have been accused of committing fraudulent financial reporting (Roy, 1993).
Fraud and the professional code of conduct
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In order to reduce the risk of fraud, organizations must develop a climate that reinforces ethical behavior (Tate, 1996).
Rule 102 of the AICPA Code of Professional Conduct states that “the members shall maintain objectivity and integrity, shall be free of interest, and shall not knowingly misrepresent facts or subordinate his/her judgment to others.” The concepts of objectivity and integrity are the cornerstone of most professional associations, but some professionals do not adhere to them in practice. In a recent National Business Ethics Survey conducted by the Ethics Resource Center, nearly one-third of employees sometimes felt pressures to engage in misconduct to achieve business objectives. One-fourth of the respondents believe that their companies ignore unethical conduct to meet business objectives and nearly one employee in six said their company overtly encourages misconduct to meet business objectives. The Ethics Resource Center also reported that one-third of the employees surveyed witnessed misconduct at work, but less than half reported it to their employers. The majority of those who did report misconduct were not satisfied with their company’s response. The likelihood that employees report the misconduct they observed increased significantly in companies with comprehensive ethical programs, and they were much more likely to be satisfied with the outcome of their report than those without ethics programs (Internal Auditor, 1995a). Brief et al. (1997) examined one of the most common types of fraud investigated by the SEC -the failure to report write-offs of overstated assets. The study found, based on responses by more than 400 people, that 47 percent of the top executives, 41 percent of the controllers, and 76 percent of the graduatelevel business students included in the study were willing to commit fraud by understating write-offs that cut into their companies profits. Such findings are indicative of the current state of ethics in financial reporting. They provide but one reason why Congress, the SEC and the investing public all attach such high value to the independent attest role of the auditing profession (Sutton, 1997b).
Part III: The role of management, audit committee and auditors The role of management Due to criticisms of the profession resulting from auditors’ nondiscovery of several large management frauds, auditors now have greater responsibility for discovering management fraud than previously (Arens and Loebbecke, 1994).
According to Kapnick (1980), management fraud stems from “improper actions of management, normally accompanied by false documentation of transactions or withholding of relevant information, resulting in a material impact on the financial statements and in financial detriment to shareholders or creditors.” He lists the following examples of management fraud and their underlying reasons: • misappropriation of assets; • reporting inflated asset values on operating results so that those perpetrating the fraud can retain their positions; • increasing their remuneration; • enhancing the holdings of company stock; • improper use of assets to the benefit of management; • overstatement of assets or understatement of liabilities to present a favorable financial position or results of operations; • the siphoning off of assets through transactions with affiliated entities; • kickbacks and other irregular transactions between officers and outside parties; and • lack of disclosure of significant information. Management may make use of: false accounting entries; misleading information; forged documents; unrecorded liabilities; or recorded transactions with undisclosed elements. If evidence of top management fraud is disclosed, the board of directors or the audit committee should be alerted, and possibly the regulatory agency. The collapse of the Lincoln Savings and Loan Association is an example of management fraud. Sawyer (1988) believes that the three conditions under which fraud exists are attributed to the environment or climate set by senior management and the board: 1 situational pressures experienced by employees of enterprises; 2 uncontrolled access to assets, coupled with management’s indifference; and 3 personal trait undermining personal integrity. He lists eight reasons behind management fraud: 1 Executives sometimes take rash steps from which they cannot retreat.
[ 25 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
2 Profit centers may distort facts to hold off divestment. 3 Incompetent managers may deceive in order to survive. 4 Performance may be distorted to warrant large bonuses. 5 The need to succeed can turn managers to deception. 6 Unscrupulous managers serve interests which conflict. 7 Profits may be inflated to obtain advantages in the marketplace. 8 The one who controls both the assets and their records is in a perfect position to falsify the records.
for 60 percent of the cases. Moreover, the study found that professional and managerial employees were involved in 45 percent of the cases. Based on the findings, they recommended the following: • To deter fraud, internal auditors should ensure that strong prevention systems based on the fundamental principles of good internal control be established and used. • To detect and investigate fraud, organizations must ensure the existence of strong internal audit departments with sufficient resources to pursue the increased responsibilities faced by internal auditors.
Experience has shown that certain conditions in an organization constitute symptoms of possible management fraud. The standards require internal auditors to have knowledge about factors (red flags) that have proven to be associates with management fraud. The following conditions are considered indicators of possible management fraud: • managers repeatedly assuming subordinates’ duties; • managers dealing in matters outside their profit center’s scope; • managers not complying with corporate directives and procedures; • generous performance-based reward systems; • a domineering management; • a management preoccupation with increased financial performance; • complex sales transactions and transfers of funds between affiliated companies; • a manager continually handling the most pressing issues of a company creating an opportunity to commit fraud; • suspension of normal and appropriate procedures; and • unreasonable sales and production goals.
A study was conducted to use a generalized quantitative-response model, EGB2, to model and forecast management fraud. EGB2 averaged 89.3 percent predictive capability for both symmetric and asymmetric cost assumptions of Type I and Type II errors. The predictive features of EGB2 are important to independent auditors since type II error can be very costly to the firm in terms of litigation (Hansen et al., 1996).
Loebbecke et al. (1989) surveyed 121 audit partners in the Big Six accounting firms. They reported having found 354 irregularities. Fifty-five percent involved management fraud perpetrated by 384 individuals, and 45 percent involved defalcations perpetrated by 178 individuals. Marsh et al. (1994) reported that fraud cases involving top management has become common in continental Europe, especially in Germany. This has been attributed to the recession which has made some fraudulent acts difficult to hide. Calderon and Green (1994) made an analysis of 114 actual cases of corporate fraud published in the Internal Auditor between 1986 and November 1990. They found limited separation of duties, false documentation, and inadequate or nonexistent control account
[ 26 ]
The role of the audit committee In many cases, top management apparently did not believe that fraud could take place in their organization. The assumption was that people were honest, and internal control prevented fraud, waste, and abuse (Alpert, 1992).
The AICPA’s SAS 61 (AU 380), “Communication with the audit committee” (1988) requires external auditors to make oral or written communication to the audit committee on material misstatements in the financial statements. The auditors should inform the audit committee of the board of directors of all irregularities. The IIA’s SIAS No. 3, Deterrence, Detection, Investigation and Reporting of Fraud also requires internal auditors to inform management, the board of directors, or the audit committee of suspected wrongdoing: When the incidence of significant fraud has been established to a reasonable certainty, management or the board should be notified immediately.
The Treadway Commission’s investigations indicated that audit committees could serve very effectively to reduce the incidence of fraud. Marsh and Powel (1989) recommend an audit committee charter for fraud prevention. The charter should include responsibilities dealing with: • financial reporting; • corporate governance; and • internal control.
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
The role of internal auditors It is a challenge to the internal auditor to give fraud the balanced attention it deserves, while achieving the total range of internal auditing services (Brink and Witt, 1982).
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The SPPIA stresses that the role of internal auditors in fraud auditing is to be alert to: • the possibility of fraud; and • conditions and activities when irregularities are most likely to occur. Brink and Witt (1982) suggest the following internal auditors’ responsibilities in the area of fraud control: • Assist and cooperate with organizational and other personnel that have been assigned responsibilities in connection with the instigation of actual or suspected fraud. • Be alert to the possibilities of fraud in the review of operating activities carried out by organizational personnel. • Carry out such special assignments relating to fraud as may be required by responsible members of the organization. • Help evaluate the extent to which fraud prevention and detection are given fair consideration along with other operational activities. • Seek directly or indirectly to achieve the balanced fraud oriented efforts that will assure maximum achievement of all other types of needed organizational services. In 1988, IIA chairman of the board Bill Duane, in his article, “Building together the future,” summarized succinctly the role of the modern internal auditor: “We are the control experts, the control consultants, the can-do, value-added members of the management team. We know better than anyone else how to combat fraud, error, and waste.” There seems to be a consensus that auditors need to sharpen their skills in identifying red flags in detecting fraud. Thompson (1991) views the internal auditor role with regard to fraud as identifiers, investigators, resident experts, and educators. Albrecht et al. (1993) believe that traditional skills required in the field of auditing are not adequate to identify fraud. Modern auditors must possess: • effective communication; • reasoning; and • problem-solving skills. Internal auditors must also be familiar with a variety of auditing skills which are still essential to: • analyze internal control; • collect, evaluate, and summarize data; and • identify fraud.
Planning and management skills become increasingly important as the auditor advances in the organization. According to a study sponsored by The Institute of Internal Auditors, internal auditors need skills that go far beyond the traditional requirements of the field. A wide variety of auditing skills are still essential to analyze internal controls: collect, evaluate, and summarize data; and identify fraud (Albrecht et al., 1993). Thompson (1995) provides important lessons for the internal auditing profession. The first lesson that internal auditors should keep in mind is that business changes should be carefully scrutinized. It is their job to caution management about fraud implications of new products, investments, deals, partnerships or programs. The second lesson is that marketing and sales fraud should be carefully handled. Internal auditors can help in this area by advising management on the company’s exposures associated with deceptive sales practices. The third lesson is that executive directors’ stewardship is being closely scrutinized. Internal auditors should therefore educate corporate officers about the importance of executive example. To Bologna and Lindquist (1995), auditors have to enhance their knowledge of the characteristics and attributes of fraud because 90 percent of fraud cases are discovered only by accident.
Part IV: Fraud in government and nonprofit entities The role of the US general accounting office Fraud is a significant problem for governments today and one that can be reasonably expected to grow (Ziegenfuss, 1996).
When performing audit work under the US General Accounting Office (GAO) standards, the auditor is required to report irregularities and illegal acts to the client agency under audit contract. Aspects of responsibility under the Generally Accepted Government Auditing Standards (GAGAS) for detecting and reporting errors, irregularities, and illegal acts include the following: • Being aware of characteristics and types of potential material irregularities. • Exercising due care in pursuing indications of irregularities and illegal acts. • Under required circumstances, reporting indications of irregularities to law enforcement or regulatory agencies. The GAO Field Work for Financial Audits require government auditors to:
[ 27 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
• Provide reasonable assurance of detecting irregularities material to the financial statements. • Provide reasonable assurance of detecting material misstatements resulting from direct-effect illegal acts.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Friedman (1995) reported that the firm of Long & Edmunds relies heavily on the state of the client’s internal controls to assess the potential for fraud. In auditing government entities and nonprofit organizations, Long & Edmunds consider several things during an audit that might warn of fraud or misstatements, including: • the way the client’s financial staff responds to questions; • improper segregation of duties; • poor recordkeeping; • a lot of cash activity; and • the lack of a bidding process for the purchase of goods and services. Ziegenfuss (1996) performed a study to determine the amount and type of fraud occurring in state and local government. The study revealed that the most frequently occurring types of fraud are: • misappropriation of assets; • theft; • false representation; and • false invoices. The reasons for the increased fraud in state and local governments are: • poor management practice; • economic pressure; • weakened society values; • people being not held responsible for their actions; and • inadequate training for those responsible for fraud prevention/detection. The most often reported “red flags” are: • weaknesses in internal control; • ignoring audit reports; • inventory losses; • nonreliance on internal/external audit reports; • not paying attention to employee comments; and • actual expenses exceed those budgeted.
The nonprofit organization sector The nonprofit community during the past ten years has had to repeatedly defend its credibility as a result of well-publicized scandals (Reis, 1996).
Recent events have shown that fraudulent financial statements and embezzlement can occur even among charitable organizations and large companies like Leslie Fay, Phar Mor and Miniscribe. It has been estimated that 60 percent of people are only as honest as
[ 28 ]
a particular situation warrants them to be. They will be dishonest if that seems more beneficial (Johnston, 1995). Revelations about fiscal misconduct in nonprofit organizations have drawn attention to the role of the auditor in the detection of fraud. Nonprofit organizations must gain a better understanding of what an audit is designed to achieve (Tate, 1996). According to Reis, the debacles at Covenant House, United Way of America and the Foundation for New Era Philanthropy are examples of how the nonprofit community is forced to take two steps back for every bold step forward. To prevent fraud in nonprofit organizations, he suggests, among other things, that an audit of a nonprofit organization’s financial statements be comprehensive. Management and the board of trustees should ask auditors for a management letter on the sufficiency of internal accounting and financial controls.
Part V: The industry sector The bank sector The directors of commercial banks often are held accountable for subordinate fraud, even when they have no suspicion of the existence of fraudulent activity (Schadewitz and Blevins, 1996).
In the last few decades, several hundred banking fraud cases have been reported by the press worldwide, some of which were really spectacular for their sophisticated schemes. Some of them are discussed below. The role of bank directors, security personnel, audits, and examiners of financial institutions is the deterrence and detection of fraud. Gup (1994) observed that banks have learned the hard way how to protect themselves against scams that defraud financial institutions of billions of dollars. Statistics indicate that small banks are at most risk of being defrauded. The five most common schemes that result in major frauds that contribute to failures of financial institutions are: 1 nominee loans; 2 double pledging of collateral; 3 reciprocal loan arrangements; 4 land flips; and 5 linked financing. In 1978, a survey of EDP-related fraud was conducted in the banking and insurance industries in cooperation with the Bank Administration Institute, the American Insurance Association, the American Council of Life Insurance, and the Life Office Management Association. Of the 5,127 banks surveyed, 105 reported they had experienced at
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
least one case of what was believed to be EDPrelated fraud. The survey indicated that the banking schemes most frequent used were misposting or misdirecting deposits. Other most frequently used scheme included crediting loans to borrowers who never received the funds, or who, in fact may have never existed. In some other cases, perpetrators made unauthorized extensions of credit limits and loan due dates. The perpetrators of fraud in the bank industry were, in order of frequency, clerks, loan officers, data processors, tellers, and item processors. The method of detection identified in the event or factors that triggered the detection of fraud were: • internal controls; • routine audits; • customer complaint/inquiry; • accident, tip-off, unusual activity of perpetrators; • change in operations, EDP, or financial statements (AICPA, 1984). Colvin et al. (1983) reported in Fortune that the United American Bank of Knoxville used other banks, all controlled by the same family, as a means of transferring problem loans thus keeping them from being detected by the auditors. The Federal Deposit Insurance Corporation Improvement Act (FDICIA) examiners found that the “bank had about US$377 million, or nearly half its total assets, in loans the FDIC classified as partly or totally uncollectible.” Nearly half of the problem loans were made to United American’s former chairman Jake F. Butcher, his family associates and their interests. In 1986, Keoning reported in the Wall Street Journal that Home Savings Bank was suing its former auditor Arthur Andersen & Co. and was seeking at least US$275 million in compensatory damages. The Home Savings Bank alleged that the auditors did not discover the fraudulent use of the securities that the bank used as collateral for loans to ESM Government Securities. In 1991, with bank failures at an all-time high, Congress passed legislation requiring internal control reports by insured depository institutions. The FDICIA requires a statement of management’s responsibility of the institution’s annual report for: • establishing and maintaining adequate internal controls over financial statement reporting and for complying with applicable laws and regulations; and • management’s assessment of the effectiveness of the internal control and the compliance with designated laws and regulations (FDICIA, 1991). According to FDIC chairman L. William Seidman, who testified before a House Energy
and Commerce subcommittee, banks’ independent auditors should share with regulators their suspicion of bank fraud. He added that “banks’ independent auditors should report to the bank when they detect fraud. If they resign from the account, they should report the reasons to regulators” (FDIC, 1986). In 1992, the Federal Deposit Insurance Corporation negotiated a US$400 million settlement with Ernst & Young. This settlement covered all cases brought against the accounting firm by federal regulators (Berton, 1992). Price Waterhouse, also in 1992, faced a US$338 million jury verdict. The 11-month trial involved a bank audit that was conducted by an inexperienced auditor who did not discover bad loans and failed to identify reckless loan approval procedures (Berton and Adler, 1992). The same year, an US$8 billion negligence suit was brought against two of the world’s largest accounting firms, Price Waterhouse and Ernst & Whinney (now part of Ernst & Young) in connection with their audits of the scandal-riddled Bank of Credit and Commerce International (BCCI). Touche Ross, the liquidator of BCCI, charged the firms with negligence in their 1985 and 1986 audits of the bank, which collapsed in 1991 amid what is considered to be the largest fraud in banking history. Touche Ross claims that the massive fraud should have been noticed years before it finally came to light in 1991 (Souter, 1992). The report on the BCCI prepared by Senator John Kerry’s subcommittee claims that the Bank of England was wholly deficient in its supervision of BCCI and conspired with BCCI auditor Price Waterhouse and BCCIs main shareholder to keep the bank going after seeing clear evidence of fraud. The Bank of England and Price Waterhouse flatly denied these allegations claiming that they did not give evidence directly to the subcommittee (The Economist, 1992). On October 22, 1992, the UK government released the result of an inquiry by a senior judge into the handling of the fraud-ridden Bank of Credit and Commerce International, taking to task BCCI auditor Price Waterhouse, BCCI major shareholder Abu Dhabi, and the bank’s main supervisor, the Bank of England. Lord Justice Bingham stated in his report that the Bank of England should have been more alert to early indication of possible fraud (The Economist, 1992b). Fialka (1993) reported in the Wall Street Journal that former BNL-Atlanta manager Christopher Drogoul claimed that the external auditors failed to uncover US$5 billion of allegedly fraudulent loans to Iraq in the late 1980s. Drogoul, in a testimony before the
[ 29 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
[ 30 ]
House Banking Committee, stated that the officials of the Banca Nazionale del Lavoro in Rome encouraged him to make and conceal the large loans to Iraq while other bank branches were forbidden to make similar loans. According to the Commercial Crime Bureau, a division of the International Chamber of Commerce, there has been a significant increase in reports of investment schemes involving the buying and selling of the socalled prime bank instruments. Areas of high risk for banks are procurement fraud, fraudulent transfers, and transaction fraud (Warner, 1994). The Justice Department reported that convictions for bank fraud in 1994 dropped 17.3 percent to 626 while fraud convictions at S&Ls plunged 37 percent to 192. From 19841994, 70 percent of the financial crimes were committed by outsiders. Directors and officers made up 22 percent of the remaining criminals, while chief executive officers, chairmen of boards and presidents accounted for 8 percent (Shannon, 1995). Champlain (1995) observed that a financial institution could be instantly brought to its knees by just one fraudulent wire transfer. Wire transfers pose the single greatest risk of loss to a financial institution because of the speed with which losses can occur. As a preventive measure, he recommends proper separation of duties to ensure that no single individual has the ability to initiate, verify, and transmit outgoing wire, or redirect incoming wires to accounts other than those specified in the original instructions. The IIA Fort Worth Chapter (1996) reported that the review of a customer’s request to refinance his loan revealed that a loan officer was granting advances on customers’ line of credit that were in excess of the customers’ authorized limit. There were also some questions about the loans the officer made and his personal relocation expenses when he joined the company. A system was developed to detect line of credit advances that exceeded the authorized limit. Check fraud is the No. 1 bank crime. Some 90 percent of bank crimes involve checking accounts. Criminals pass some 2,000 bad checks a day in the USA, costing businesses US$10 billion a year. Banks alone lose US$625 million a year from check fraud. To safeguard against bad checks, both the East and West Coast Banks and Credit Union require that noncustomers leave their fingerprint near the signature when cashing a check. The simple system involves rubbing a finger on a small blotter and pressing it on the check (Knight and Ridder, 1997).
In 1997, a former Chemical Banking Corporation trader, Victor Gomez, was sentenced to three years prison for concealing a US$66 million trading loss amassed through failed bets on Mexican pesos. Mr Gomez pleaded guilty for conspiracy and making false entries in bank records. He doctored trading records to conceal the trades from the New York-based bank (Simon, 1997). Germany’s commercial banks have been hit by three large financial fraud scandals involving metal and engineering giant Metallgesellschaft, real estate development concern Dr Jungen Schneider, and international sports flooring company Balsam. Balsam’s four-man management board was arrested on suspicion of committing fraud, evading taxes, and falsifying data to obtain loans. Balsam owed 50 German and foreign banks roughly US$900 million. German banks defend their credit policies by saying that corporate financing is a risky business and that there is no foolproof method for preventing fraud and abuse (Protzman, 1994a). In Hungary and the rest of Eastern Europe, there is a continuous battle between the internal auditors, who are responsible for reporting suspected fraud to the police and the bank treasurers, liquidity managers, and other financial directors who want the big stable clients. Those clients are often involved in illegal activities. In this difficult environment, internal auditors are attempting to educate managers in the ways of capitalism (Kovacs, 1996).
The health care sector Over the past five years, estimated losses from health care fraud totaled about US$418 billion – or as much as four times the cost of the entire savings and loan crisis (Cohen, 1995).
Fraud in the health care industry has been rampant worldwide in the last three decades as shown from the following cases of health care abuses. In the USA, health care fraud is of such magnitude that it has attracted the attention of the US Congress and local governments. Laws have been enacted to curve health care fraud. Some fraudulent health care cases are discussed below. Blue Cross and Blue Shield of Missouri (1992) had developed a program aimed at reducing health care fraud, billing errors, and waste. The Audit and Quality Management Program saved the insurer members US$3.5 million during the first six months of 1992 (National Underwriter, 1992). The IIA Baltimore Chapter (1992) reported a case in which the manager had confessed to writing checks payable to fictitious health care providers and depositing the checks into
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
a personal bank account. The manager, a trusted employee, confessed to stealing US$4 million over a two-year period and losing most of it at casinos in Atlantic City and Las Vegas. The Risk and Insurance Management Society’s Report noted that many managed care techniques designed to curb employee health benefit costs can also be used to reduce workers’ compensation costs. Companies can use “medical bill audits” to root out fraud, overcharges, and duplication that can inflate employers’ tabs for occupational illness and injury (Wojcik, 1993). The National Association of Attorneys General’s Health Care Task Force estimated that fraud accounted for over US$80 billion of the US$817 billion spent in health care in 1992. Employers need to be aware of the signs of employee fraud, which is a growing problem in the health care industry. Cottrell and Albrecht (1994) observed that managers, auditors, and employees should be aware of the symptoms that suggest internal fraud. They should also know that these symptoms are neither productive nor absolute and that a full investigation of all symptoms is necessary. According to the results of a survey conducted by the Health Insurance Association of America, fraud by physicians, hospital labs, and equipment providers nearly quadrupled from 1990 through 1992. As fraud abuse levels rise, insurers are calling for software to detect billing aberrations, fraud, and abuse in health care claims (Friedman, 1994). The 1994 Department of Health and Human Service Office of the Inspector General (OIG) investigation discovered that billing discrepancies varied. The OIG believes that hospitals intentionally defrauded the Medicare program. Medicare also caught hospitals wrongfully submitting billings for experiential automatic implantable cardiac defibrillators (Gardner, 1996). In 1994, Cigna HealthCare has joined with IBM to develop and implement a technological tool that analyzes providers’ behavior patterns to identify potential abusers of health care. The fraud and abuse management system uses claim data to examine the billing and medical activities of health care providers to help determine the most likely abusers (“Cigna-Healthcare,” 1994). Gardner (1995) reports that the Department of Justice and other federal entities estimate that as much as 10 percent of our national health care bill is lost to fraud and abuse. This means that as much US$100 billion may be lost this year due to health care fraud. This has led US Senator William S. Cohen (RMaine) to introduce a bill titled “Health Care
Fraud Prevention of 1995” in order to combat fraud and abuse in the health care system. The Caremark International Inc. in 1995 pleaded guilty and paid US$159 million in civil and criminal damages. The homehealth-care company was charged with paying kickbacks to physicians in return for referrals within its home-infusion, oncology, hemophilia, and human-growth-hormone business (Stodghill, 1995). Stohl (1996) offers three fraud cases related to the health care industry: 1 Case A. An audit investigation revealed that customers were never credited for refunds and that Quality Insurance Company kept over US$10 million belonging to customers, including US$2.1 million due Stone Building Corporation. Quality never attempted to refund the money improperly withheld from other customers. 2 Case B. An audit of a credit balance review of County General Hospital for the state’s Medicaid program revealed that the finance director admitted issuing fictitious refund checks, never intended for the payees to receive them. The Medicaid program was refunded the full amount and the falsification was treated as a routine exception rather than fraud. 3 Case C. An audit of the country’s health benefits program revealed that a consultant acknowledged receiving commission from the winning HMO and denied any wrongdoing. The benefit committee disagreed with the consultant and replaced him. From the lessons learned from the above cases, Stohl drew the following conclusions: • Fraud detection lies in the detail. • Follow-up is critical. • Suspected wrongdoing should be fully investigated to determine criminal intent. • Fraud can be anywhere. • Perpetrators often believe they are justified in the action taken. Stohl advises that auditors must be alert for industry practices that may actually be dishonest. Last year’s accepted practice may be tomorrow’s fraud. The San Diego Union-Tribune (1996) reported that a federal court fined Laboratory Corporation of America US$187 million for fraudulent billings to state and federal government insurers. This scam is know as “addon billing.” The lab encouraged doctors to test patients by offering them a discounted price on a battery of tests, some of which were not necessary to the patient’s treatment. The lab billed the doctors for the lower rate while charging the government insurer the full amount.
[ 31 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
On August 21,1996, President Clinton signed into law the Health Assurance Portability and Accountability Act, common known as the Kassenbaum-Kennedy Bill. The Bill grants government investigators plus Medicare and Medicaid groups more funding and more power to pursue fraud and abuse cases. It also creates new incentives to launch investigations, makes changes in the punishment of health care providers that engage in misconduct. Crane and Slavitt (1997) observed:
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Congress used a two-barreled shotgun approach in funding to combat fraud and abuse. First, the appropriation levels made the act remove any doubt that Congress is finally getting serious about fraud and abuse. Second, Congress created a self-perpetuating fund that will assure that fraud and abuse is a never-ending problem.
A survey conducted for the American Association of Retired Persons (AARP) by International Communications Research Group, which last December interviewed 2,000 adults nationwide, found that 93 percent of Americans think health-care fraud is widespread – and that “there is more of it in Medicare and Medicaid than in any other kind of health care.” June Gibbs Brown, Inspector General of the Department of Health and Human Services (HHS), stated that the federal government is fighting Medicare fraud since the new computer system is able to analyze data, look for trends, and look for problem at areas that emerge. The pilot program called Operation Restore Trust has already recovered US$139.3 million in fraud from both Medicare and Medicaid providers (McLeod, 1997). The General Accounting Office (GAO) estimates that fraud accounts for ten percent of the US$700 billion spent on health care in the USA annually. This includes improper Medicare, Medicaid, and CHAMPUS billing practices by doctors and hospitals companies, such as charging for tests, services or products not provided (Iraola and Klubes, 1997). In Italy, massive corruption was revealed in the pricing and registration of drugs. Consequently, the Italian pharmaceutical industry is on the brink of collapse. The network of fraud and corruption encompasses every stage between the manufacture and marketing of drugs (Abbott, 1993). Even the former Italian health minister, Francesco DeLorenzo, had apparently been colluding with drug companies to fix drug prices and to guarantee payoffs to pharmaceuticals. Several Italian universities have been accused of accepting bribes to give the right “advice” (Nature, 1993). In Germany, officials of the Allgemeine Ortskrankenasse health insurance network,
[ 32 ]
accused German artificial heart valve suppliers of bribing surgeons and administrators at almost all western German public hospitals specializing in heart surgery. The bribes resulted in millions of dollars of annual overcharges to the German national health care system (Protzman, 1994). In the UK, pharmacists collude with physicians to defraud the National Health Service (NHS). This may occur after a relationship has developed and the physician seeks to pay for purchases through prescriptions of expensive drugs which do not go to patients (Duggan, 1995).
The insurance sector An accountant is not a guarantor of the reports he prepares and is only duty bound to act honestly in good faith and with reasonable care in the discharge of his professional obligations (SEC v. National Life Insurance Co., 1974.)
Borda (1987) reported that the casualty insurance frauds cost the public US$15 billion each year and may add to as much as 25 percent to policy premiums. Every insurance policy bought by the public comes with a rate that includes enough to cover legitimate claims, fraud, and profit for the company. Tucker (1988) reviewed the early contributions of Kenneth W. Stringer to the Audit Risk Model for insurance companies providing fidelity bonds. The studies show that 10 percent of the claims submitted had been the results of collusion, forgery, and other irregularities. The studies warn that total reliance on internal control to deter fraud is insufficient. Briloff (1991) reported in the Wall Street Journal, that Guarantee Security Life Insurance Co., a Florida company, was able to complete related-party transactions with its principal securities broker Merrill Lynch & Co. from 1984 through 1988. In August 1991 Guarantee became insolvent and its 57,000 policyholders were temporarily prevented from collecting their annuities. The suit filed by the Florida Insurance Commission accused Merrill Lynch of fraud and also accused Coopers & Lybrand, Guarantee’s auditors, of malpractice and breach of fiduciary duties. Omaha Indemnity Company is still recovering from US$500 million in reinsurance fraud losses inflicted by two of its managing general agents (MGAs) in a period of only a few years. After reconstructing confusing masses of poorly kept records, Omaha Indemnity found that Royal American Managers (RAM) Inc. had processed US$196.3 million in premiums but reported only US$61 million to Omaha Indemnity. RAM had pocketed US$34.6 million of the money, and much of the
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
remainder had been absorbed in transactions among a network of companies, several of which were controlled by RAM principals James Wining and Willie Schonacher Jr (McLeod, 1993). The IIA Dallas Chapter (1993) reported that the audit of the National Flood Insurance Program determined that a claim agent, who processed flood insurance claims, fabricated claims, arranged for the claims manager to issue the checks, and then recalled the checks. The checks were passed to outside accomplices who cashed them and split the money with the claim agent. Federal agents were notified and the claims agent was arrested. The auditor recommended halting the practice of allowing checks to be returned to the original requestors. The IIA Houston Chapter (1993) reported that an internal audit determined that an officer of an insurance company was withdrawing funds from dormant accounts containing unclaimed monies and buying cashier’s checks. The cashier’s checks were made payable to various bill collectors, car dealers, and relatives. The officer had stolen US$60,000 and was convicted of fraud. The auditors recommended strengthening the internal control on dormant accounts. At the Farmer Insurance Group of Companies, management realized that to curb fraud it was necessary to have a precise and meaningful vision statement. As the Home Office analyzed how best to handle such detailed matters as handling fraud situations, it realized that developing an overall vision of the audit would help keep the department focused on its goals (Jacka, 1995). Fraud in the insurance sector is so pervasive forcing Jim Brown to combat it with great fervor. As Louisiana Insurance Commissioner, he increased manpower and budget for fraud detection and financial auditing in 1992. He improved his department’s link with federal investigators and encouraged state legislators to pass laws making it easier to detect and prosecute insider fraud. The results are impressive: 32 insurance executives in Louisiana were convicted of various white-collar crimes; two former state insurance commissioners and a former deputy commissioner pleaded guilty of fraud, and 36 out of 100 licensed insurers were closed for being near insolvency (Covaleski, 1994). On October 14, 1994, the Wall Street Journal (1994c) reported that the SEC lodged charges against the former controller of Guarantee Security Life Insurance for taking part in fraudulent record-keeping and reporting to hide the insurance’s financial condition. The
SEC alleged that the former controller prepared financial statements for Guarantee Security that masked the fact that bond trades between the insurance company and Merrill Lynch during the 1980s were sham transactions designed to mislead regulators and investors about the financial condition of Guarantee and its parent, Transmark USA. In 1995, Montana Goverment Mark Racicot signed into law State Bill 253, the Insurance Fraud Protection Act. The law makes insurance fraud a felony. Companies accepting premiums without providing coverage and consumers supplying false oral or written information could be charged with fraud. The bill will help to reduce the estimated US$85 million of fraudulent insurance in the state (Cox, 1995). On April 2, 1996, the Miami Daily Business Review reported that the New York Life Insurance Co. was ready to settle a federal fraud suit for US$187 million. The investors claimed New York Life Insurance, through an aggressive marketing program, made materially false statements and hid relevant information about the partnership’s prospects and risks. The 1996 survey by the Insurance Research Council (IRC) found stronger support for actions of insurance companies and law enforcement to vigorously investigate and punish insurance criminals, particularly corrupt professionals, including doctors and lawyers involved in fraud rings. In 1995, between US$5.2 billion and US$6.3 billion was added to the insurance bills of personal car insurance policyholders because of outright fraud or claim padding, according to an IRC estimate (IRC, 1997). Prudential Insurance, New York Life, Metropolitan Life, and other insurance companies have faced insurance commissioner investigators, class action lawsuits and thousands of complaints by policyholders about misrepresentations known as “churning.” Policyholders were promised that thy would never again have to make life insurance payments when, in fact, they were being charged a fixed amount per year (PR Newswire, 1997). On January 13, 1997, the US District Court in Los Angeles approved the settlement of two class actions against Connecticut General Life Insurance Company (“CGLIC”). The class actions alleged that CGLIC committed fraud and misrepresentation in the sale of life insurance policies by, among other things, falsely representing the number of payments that would be required for the life insurance policies sold to the Class. The benefits provided to the Class under this settlement also include US$35 million in future adjustments CGLIC will make to a group of policies which were impacted by adjustments the company
[ 33 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
made to recover the cost of the DAC Tax and the provisions of the Omnibus Budget Reconciliation Act of 1990 (Life Insurance Industry, 1997). Insurance fraud is also increasing in the international area as well due to better communications and transportation capabilities that allow perpetrators to move into and around the global arena.
The retail industry sector Dishonest employees are by far one of the leading causes of lost dollars to any company. These employees will not only steal from you, but they will take precautions to avoid detection (Dabney, 1997). Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The University of Florida’s 1996 National Retail Security Survey on retail loss prevention reported that retail security executives continue to believe that employee theft is their firms’ most significant source of financial loss. Responses indicate that a 38.4 percent of shrinkage losses is attributed to employee theft, 35.8 percent to shoplifting, 19.4 percent to administrative errors, and 6.4 percent to vendor fraud. On average, 31.1 employee theft apprehensions were reported for every US$100 million in sales (Dabney, 1997). To prevent employee fraud, retail industries perform background checks, criminal checks, and drug testing.
Part VI: The international arena Most fraudsters have moved in from offering penny stocks. They are now likely to peddle derivatives such as currency or bond futures (Mulder, 1995).
Most countries do not have a governmental body like the US Securities and Exchange Commission to check on potential securities fraud, nor have a professional association of the sophistication of the AICPA that has greatly enhanced the prestige of the auditing profession. The Institute of Internal Auditors, the only international auditing association, has struggled to harmonize the internal auditing profession worldwide despite the wide cultural, economic, and political differences among countries. In an age of communication, the national boundaries have been shattered and the auditing profession must operate within the global village despite its constraints.
The European Union perspective Globalization spurs complex market and political environments, and language and currency complications. In this dynamic milieu, there is plenty of opportunity for things to go wrong (Thompson, 1995).
[ 34 ]
Member States of the European Union (EU) require different actions from auditors in cases of fraud. Auditors in France may be required to report irregularities to authorities while auditors in The Netherlands may be required to withdraw from the engagement and report irregularities to a special government agency. In the UK, auditors may report to the authorities when the circumstances warrant (Schilder, 1996). Fraud has become of great concern in the European Union. The EUs common agricultural policy (CAP) is prone to fraud. For more than a decade the European Court of Auditors has been making an annual report on fraud. Myriad frauds have been uncovered, ranging from theft of food aid to fraudulent claims and awards from structural funds. According to MEP John Tomlinson, the CAP is the greatest incentive to crime in Europe (Meall, 1995). The annual report of the European Union’s Court of Auditors revealed that fraud, corruption, and mismanagement are ubiquitous in the EU. In 1993 alone, one-tenth of the EU’s total went astray through fraud or mismanagement in the common agricultural policy and the regional aid funds (The Economist, 1994). Of the US$93.6 billion doled out by the EU in 1994 to its 15 member nations, everything, from agricultural subsidies to highways in needy regions, the EU’s own auditors estimate that an outstanding US$10 billion was wasted through mismanagement and fraud (Pope, 1995). The European Commission proposed that all member states treat fraud against the EU budget as a criminal offense. In 1996, Ernst & Young International Fraud Network surveyed the finance directors of more than 800 companies from 11 countries – including The Netherlands and the UK – operating internationally. The result of the survey shows: • Almost 60 percent of the finance directors acknowledged that internal controls were not keeping pace with the growth of their companies. • More than half of the companies had no written fraud policy. • Over three-fourths of those surveyed believed that the fraud they detected could have been avoided. • Over three-fourths of fraud detected was committed by the companies’ own staff. • More than a quarter of the companies suffered losses in excess of US$1 million as a result of fraud during the past five years (De Groot, 1997). The European (1996) reported that the European Commission revealed 4,750 instances of fraud perpetrated against the EU’s 1995 budget which amounted to ECU 1.15 billion.
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
Klaus Hansch, President of the European Parliament, stressed that the success in countering fraud could be achieved if national authorities lived up to their Maastricht Treaty responsibility to treat fraud against the EU budget on a par with cheating the national coffers. Most fraud relates to the EUs agricultural budget and many cases deal with export subsidies.
The African countries The Nigerian perspective
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
It appears that a glitch in diverting the fax can result in it being sent to the wrong receiver. This represents the best opportunity for the Nigerian Security Service to track down the criminals (Nnanna, 1995).
In many African countries, the audit budget is always below the adequacy for any effective audit planning. Under these circumstances, fraud detection may be the last priority. Nnanna (1995) reported that fax fraud in Nigeria is rampant and is costing companies several million dollars. Because a fax is transmitted over a telephone line, it is possible to intercept the information. The process is similar to tapping into a phone call. Hackers divert faxes to other local fax receivers where the fax’s information is used to deceive, defraud, or blackmail the sender or receiver. Some organizations concerned with security are arming themselves with fax encryption device. The new device locks between a fax machine and the phone jack, and scrambles the signal as it is transmitted. The signal can only be decoded by a matching device in the receiving end. TRW Electronic Products Inc. has sold several thousand of the TRW Fax Encryptors (Internal Auditor, 1991b). Ekong (1995) observed that in Nigeria, management, directors, and foreign shareholders of the African Development Bank are able to create a self-engineered mess. The shareholders were unable to elect a new president of the bank and expressed serious concern over nearly US$1 million spent on equipment which is not working, over US$750,000 spent on unauthorized and abandoned projects, and fraud totaling over US$270,000 resulting from spurious claims for educational allowances by staff. According to the Corruption Perception Index prepared by Transparency International, based in Berlin, Nigeria tops the list as the most commercially corrupt country in the world. Pakistan, Kenya, Bangladesh, and China round out the top five (Internal Auditor, 1997). Stenger (1997), of the US Secret Service’s financial crimes division, stated that “Since 1990, Nigerian advance fee fraud, known as 41-9 after a section of the Nigerian criminal
code, has emerged as one of the most lucrative fraudulent activities perpetrated by organized criminal elements within the Nigerian community.” The “419” scams invite foreign companies to participate in a multi-milliondollar swindle against the Nigerian Central Bank and a national Oil company.
Asian countries The Chinese perspective After one of the most serious swindles ever attempted against a Chinese bank, two Chinese-Americans were sent to prison. The sentences were among the heaviest handed down against US citizens (The White Paper, 1994a).
The White Paper (1994a) reported that the Chinese government charged that Francisco Huang Moy and Raymond C. Lee had persuaded a small-town branch of the Agriculture Bank of China to issue the 200 standby letters of credit totaling US$10 billion by using as a collateral a phony US$10 billion letter of credit from a nonexistent bank.
The Indian perspective Fraud in the workplace is one of internal auditing’s grimmest nightmares, and it is often one of the most public (Cisz, 1997).
Dalal (1994) reported that members of India’s Parliament were accusing top government ministers of playing an integral role in a 1992 securities fraud scandal. A government report acknowledges the fraud violations but attributes them to the previous government. Opposition members of parliament did not seem pleased with the government denials of wrongdoing and by the small fines against the banks implicated in the scandal. McDonald (1995) reported a securities fraud. Pawan Sachdeva, a new Delhi shoe maker, drew attention when it came up US$4.3 million short in a complicated doubleissue scheme which is unfortunately common in India. Authorities charged the officials of the two Securities and Exchange Board of India with collusion. Both had granted the permission of 60-day period between the two issues when the limit was 30 days. Pawan Sachdeva was arrested on charges of falsely overstating the number of the shares of his company.
The Indonesian perspective The fraud scandal reported sparked a public outcry against collusion between bank officials’ politically backed borrowers (The White Paper, October 1994).
The White Paper (1994) reported that businessman Eddy Tansil was found guilty of causing a US$449 million loss to the Indonesian government. Tansil allegedly obtained the loans from petrochemical projects that
[ 35 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
were never built. The businessman altered and misused credits managed by the stateowned P.T. Bank Pembangunan. The Indonesian government fined him US$231 million for the losses.
The Japanese perspective Daiwa Bank Ltd of Japan pleaded guilty to conspiring to conceal US$1.1 billion in trading losses from US regulators and agreed to pay a US$340 million fine, one of the largest ever imposed by the USA (Wall Street Journal, 1996a).
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Smith (1995) reported that the Federal Reserve had kicked the Daiwa Bank out of the US When the trader Toshihide Iguchi incurred a US$1.1 billion in trading losses, top management at the Daiwa Bank allegedly told Iguchi to carry on with his theft and forgery while they looked into ways to conceal the losses. The bank postponed an investigation by claiming Iguchi was on vacation. The Fed’s banishment of Daiwa forced Japan’s Ministry of Finance to arrange the consolidation of Daiwa and Sumitomo Bank.
The Malaysian perspective Respected employees who steal net more each year than all the nation’s professional criminals (Porter, 1971).
Jayasankaran (1995) reported a security fraud perpetrated by the Malaysian rubber company’s Ayer Molek which spawned a series of events that threatened to destroy a major financial institution, generated lawsuits and police investigations, called into question Malaysia’s justice system, and embarrassed the central bank.
The Singaporian perspective Crime and fraud have surpassed terrorism as the major threats to multinational corporations (Shapiro, 1994).
On March 4, 1995, The Economist reported the securities fraud in the Singapore’s stock exchange. The Singapore International Monetary Exchange (SIMEX) regulations have been seriously tightened in the wake of the Singapore-staged collapse of Barings. The Finance Minister Richard Hu recommended greater separation of trading and settlement accounts and activities, and of company and client investing.
The Taiwanese perspective Taiwan’s stock exchange index has fallen by a third since the beginning of 1995. Investors are worried about a number of financial scandals that have emerged recently (The Economist, 1995a).
Baum (1994) reported that the Taiwanese government is suffering a political scandal linked to securities fraud. Legislator Oung
[ 36 ]
Da-ming is suspected of illegal trading practices and unsettled payments worth US$128 million. Oung invested funds for legislators who hoped to raise revenue for their political party. His illicit connections with other members of parliament has caused a scandal that has affected both the ruling Kuomintang party and the Democratic Progressive Party. The Economist (1995a) reported alleged frauds that emerged in August 1995 in relation to Chanhus City Fourth Credit Cooperative, a credit union; International Bills Finance Corporation, a large underwriter of commercial papers; and Fengyuan Credit Union. The fraud had shown glaring gaps in financial supervision and stock manipulation.
The Anglo-Saxon countries The Australian perspective All public held companies should adopt and implement a code of ethics. The code should be supported in the highest levels in the organization (Sawyer, 1988).
Part of a special report on ethics on internal auditing, a probe by the Independent Commission Against Corruption in New South Wales, Australia, into the issuance of drivers’ licenses by the Roads and Traffic Authority (RTA) determined that a number of motor vehicle registries had been engaging in various corrupt practices for several years. In response, the RTAs Internal Audit Branch launched a concerted effort to develop new anti-fraud and anti-corruption strategies that go well beyond the investigation’s findings (Williams, 1993).
The Canadian perspective Fraud schemes often are global crimes, skipping over national borders and involving people from many countries (The White Paper, 1997).
As it moves into the twenty-first century, Canada’s accounting profession is working constantly to improve the services it provides. In their standard-setting efforts, accounting professionals are dealing with new kinds of information such as fraud, performance reporting, sound business practices, and internal control (Dalglish, 1994). An expectation gap exists in Canada. Users of financial statements believe that auditors can detect all misstatements with the same level of assurance, whereas most auditors would agree that they cannot possibly detect misstatements arising from fraud or illegal acts with the same level of assurance that they can detect misstatements arising from error. The cause of this expectation gap can be traced in part to the auditing sections of the CICA Handbook which state that auditors
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
seek “reasonable assurance whether the financial statements are free of material statements but fail to define the term “reasonable assurance” (Cockburn, 1993). In the Canadian case of International Laboratories Ltd v. Dewer (Manitoba), 54 ALR 2d, published in the American Law Report, the court found the auditors negligent for failing to exercise his intuitive feelings and professional skepticism: In holding the defendants liable for their negligence in not discovering the defalcations, the court placed emphasis upon the fact that the defendant auditors had at one point suggested to another manager the position of power held by the latter, and the opportunity afforded him for any possible fraud, but had failed to communicate to their employers, the shareholders, the danger which existed, and had not taken any steps to discover whether or not he was in fact taking advantage of his position.
The UK perspective When confronted with the necessity for a decision on a difficult question of policy with respect to financial statements, the accountant should search his conscience rather than the statutes (Andersen, 1963).
In the UK, auditors have been reluctant to reveal fraud for fear of reprisals. Experience indicates that accountants who defend their professional ethics and refuse to condone or participate in illegal behavior will lose their jobs (Lovell, 1993). In 1992, the Institute of Chartered Accountants in England and Wales published a report written by three academics titled “Expectation gap can be bridged.” The report asserts that the profession needs to embrace the role of detecting fraud, widen its responsibility beyond the shareholders as a group, and spin off its audit regulatory role to an independent agency. In January 1995, Britain’s Auditing Practice Board (APB) issued two statements of auditing standards – SAS 110 and SAS 120 dealing with the assessment of fraud risk. SAS 110 “Fraud and error” addresses the questions of how much responsibility auditors and management must take when it comes to detecting and reporting fraud and illegal acts. The exposure draft would require auditors to assess the risk that fraud or error may cause the financial statements to contain material misstatements (Crane, 1993). The Statement supplies guidance on the auditors’ responsibility to consider fraud and error in an audit of financial statements. It notes that auditors should plan and perform their audit procedures, and evaluate and report on the results thereof, recognizing that fraud or error may materially affect the financial statements (SAS 110, 1995). The second statement, SAS
120, “Consideration of law and regulations” establishes standards and provides guidance in the auditors’ responsibility to consider law and regulations in an audit of financial statements. Both statements require auditors to design audit procedures so as to have a reasonable expectation of detecting misstatements arising from fraud or error that are material to the financial statements. Some believe that the cost of checking representations and genuineness of documents in order to ferret out fraud would probably double the cost of audits. It is therefore desirable that the Auditing Practices Board (APB) define the concepts of “reasonable expectations” and “arising from fraud or error” (Singleton, 1994). Fraud cases. Frauds are easier to hide when profits are good (McCoy, 1987).
In 1987, Leeds Estate Building and Investment Co. v. Shepherd was the first case involving an auditor. The court’s opinion noted that auditors are responsible for checking the substance of transaction, not merely their mathematical accuracy. UKs Department of Trade and Industry investigated James Ferguson Holdings and Barlow Clowes Gilt Managers Limited and concluded that the affairs of both companies were conducted in a comprehensively dishonest manner over a period of years to 1988. The investigators attempted to discover why no one was aware of what was going on at the companies until their collapse. The inspectors acknowledged that Barlow Clowes skillfully concealed the facts from its auditors over a considerable period of time. Even so, the inspectors concluded that the auditing firm of Spicer and Pegler and Touche Ross should have been more alert to the possibility of fraud (Singleton Green, 1995). In July 1991, the UK Bank of Credit & Commerce International (BCCI) collapsed in a multibillion dollar fraud. Collusion at the highest level of management and with third parties may have contributed to BCCI’s demise. Major customers and prominent individuals were involved in the scheme of fictitious loans and nonrecourse loans confirmations. Wellsj (1992) reported in the Wall Street Journal that BCCI was charged with falsifying book entries and paying substantial amounts to silence its would-be whistleblowers. The UK Audit Commission for Local Authorities in England and Wales recorded 54,000 cases of fraud in 1993-1994 alone resulting in losses of up to £25 millon sterling. The Commission, therefore, urged councils to strictly observe financial control standards (Wild, 1994).
[ 37 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
In 1996, a major railway ticket fraud was uncovered during an internal audit carried out by British Rail for the Association of Train Operating Companies. The fraud centered on transporting tickets from one station to another, which meant that London, Tilbury and Southwest (LTS) rail would have netted US$1 million more that it was entitled to under its ticketing agreement. The fraud started when LTS management was awarded the train franchise in December 1995 (Internal Auditor, 1996a).
The French perspective
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
A wave of allegations of fraud has struck the French business world, hurting the stock prices of companies accused of scandal (Echikson, 1994).
In 1994, the stocks of the French companies – Lyonnaise des Eaux and Cie Generale des Eaux – fell more than 10 percent the day after a prosecutor said that the water utilities were responsible for 80 percent of all of the country’s political corruption (Echikson, 1994).
The German perspective Fraud is flourishing throughout Europe. Many practioners are operating from rented offices in German cities such as Cologne, Dasseldorf, and Frankfurt (Gartland, 1995).
A flood of financial fraud scandals has hit Germany from Metallgesellschaft’s losses on trading in oil-based derivatives to the demise of the Juergen Schneider real estate group which has cost Deutsche Bank not only prestige but has also pushed down its share price by more than 10 percent (Bray, 1994). According to the German federal criminal bureau, the Bundeskriminalamt, some 40 billion deutschmarks a year are lost by German citizens to fraud or poor investment advice (Middlemann and Munchau, 1995). In 1995, the disclosure of an alleged kickback scandal at auto maker Adam Opel, the German unit of General Motors, is just one indication that fraud is rapidly growing in Germany. This is causing some concern among government and industry leaders. As Germans become far more aware of bribery, fraud, and other economic crimes, government officials are moving to create new legislation (Gumbel, 1995). The New York Times (1996) reported the case involving charges of fraud at Steel and Construction Company Thyssen AD. Some German analysts see a new vigor by German prosecutors willing to break the country’s taboos by investigating allegation of corporate fraud.
The Italian perspective In Italy, cheating the Government is such an old and popular sport that stories about
[ 38 ]
fraud, graft, and abuse of public office are commonplace (Bohlen, 1995).
In recent years, Italy has had its shares of financial scandals that shocked the nation. Bribery of government officials, counterfeiting public debt, tax evasions, planned losses, writedown of the nominal value of shares, bribes-for-contracts, conflict-of-interest and others have been reported by the Italian press almost daily. Bribes-for-contract scandals have shaken Italy since March 1992. In 1993, the executives of Fiat, the largest Italian car manufacturer, admitted that Fiat had to pay kickbacks to government officials in order to obtain public contracts (Ciferri, 1993). The Economist (1993) reported that the shareholders of Montedison agreed to file a suit against Ferruzzi Finanziaria (FerFin) for alleged fraud involving over 560 billion lire (US$350 million) since the shareholders of FerFin had approved a radical writedown of the nominal value of its shares. In 1994, Salvatore Sciascia, tax director of the Fininvest, a company owned by the Italian prime minister Silvio Berlusconi, turned himself in to investigators and admitted to have authorized bribes to government tax authorities. Sciascia’s confession unleashed new conflict-of-interest charges against the prime minister (Bannon, 1994). In 1995, prosecutors charged Cesare Romiti, an executive of the Fiat group in connection with accusation that the company maintained slash funds from which it made illegal payments to politicians in exchange for public contracts. Fiat is Italy’s largest company with almost 250,000 employees (Tagliabue, 1995). The Economist (1995b; 1995c) reported that the treasury minister discovered 3,364 fraudulent government securities with a total face value of nearly 36 billion lire. This was the result of counterfeiting bond certificates. To prevent similar forgeries, Italy’s central bank has resorted to the “dematerialization” or paperless trading, which involves replacing physical certificates with computerized record of ownership of the bonds. The same year, Gemina SpA, one of Italy’s most powerful industrial holding companies, incurred an unexpected US$172 million loss. The Italian financial investigators raided Gemina to investigate the possibility of fraudulent financial statements. It is believed that the huge loss had been planned as a preparation for the merger of some Fiat units with the Ferruzzi Finanziaria, a holding company, and create a US$23 billion-per-year conglomerate around the Montedison chemical group which is controlled by Ferruzzi (Tagliabue, 1995).
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
The Economist (1996a) reported that Italy’s system of SIMs (Societa di Intermediazione Mobiliare), instituted in 1991 to bring accountability to the securities industry, has created its own set of problems. State regulator Consob has suspended 45 SIMs and has charged two Italian subsidiaries of international banks with many securities fraud violations. The Economist (1996b) reported that Lorenzo Necci, the head of Italy’s railways, had created a scandal named “tangentopoli” (kickbacks). Necci, who is in jail, has been accused of fraud, embezzlement, and criminal association. The Wall Street Journal (1996b) reported that the Italian stock market Consob is investigating the computer and telecommunications giant Olivetti, SpA, to determine how the corporation incurred a huge pretax loss of US$289.3 billion and a net debt of US$824.4 million. Management fraud may have occurred since the executives may have acted on an inside information to cash in their Olivetti stock. The Consob is recommending a revision of the current securities laws to prevent a similar scandal.
The Swiss perspective In the competitive global business environment, executives and auditors do not have the luxury of identifying fraud exposure by waiting to see what actual losses develop (Thompson, 1995).
In the 1980s, financier Werner Rey built up a huge international conglomerate which collapsed in 1991 in Switzerland’s largest corporate failure. Switzerland authorities charged Rey with making false statements, falsification of documents, and fraud (ACFE, 1996). Zelenko and Urban (1994) reported that authorities in Switzerland and Germany were trying to unravel a massive pyramid fraud in which thousands of small investors have seen their savings vanish amid “unfulfilled promises of massive financial gain.” Damara Bertges and her husband Harald, the founders of the European Kings Club, have been arrested. An investigating magistrate in the Swiss canton of Uri, found that as much as US$113 million may have been laundered through an interlocking web of 60 companies into bank accounts elsewhere.
The Eastern European countries The Czech perspective The Czech Republic has been the victim of a number of fraud scandals since the overthrow of communism in 1989 (Blum, 1994).
In the last few years, the Czech Republic has been victim of fraud and economic crime
which are the most rapidly growing threats to the economy. This is mostly due to the lack of domestic controls and inexperience on international capital markets (Blum, 1994).
The Hungarian perspective Internal auditors in Hungary and the rest of Eastern Europe are confronted by some unique challenges due to the region’s political history (Kovacs, 1996b).
In Hungary, there is a continuous battle between the internal auditors, who, according to the Hungarian Banking Law, are responsible to report suspected fraud to the police, and the financial managers who want to keep those stable clients, who are often engaged in illegal activities (Kovacs, 1996).
The Russian perspective Freedom in Russia means to many people only the license to cut corners, to cheat, to participate in new kinds of illegal deals that the authorities are too lethargic and too backward to cope with (Geis, 1994).
Geis (1994) reported that fraud is pervasive in Russian and Eastern European countries. The fraud and corruption that permeate life in Russia is the result of “unbridled greed.” No one can accomplish anything legitimately – for a certain amount of bribe money, relevant authorities do the impossible. This pervasive fraud, comments Geis, “eats at the guts of the nation, challenges its integrity, and demoralizes its citizens.” Abelson (1994) reported a Russian stock swindle. Wealthy Russian Sergei Mavrodi’s MMM bilked 5 million Russians with enticing TV ads. The Moscow investment company shares started at US$1, rocketed to US$55 in July, and dropped to US$.45 in August. Thueson (1997) observed that business opportunities in Russia are virtually unlimited but the opportunities for fraud also abound. He warns that Russia’s natural wealth can entice the unwary into the fraud snare.
The Slovakian perspective Tenders aren’t going to foreign investors, or even to domestic investors, because these exclusive deals are made (Huebner, 1996).
Leiding (1996) reported that the European Bank for Reconstruction and Development (EBRD)is no longer seen as the reconstruction and development institution after discovering it was a victim of a state-sponsored fraudulent scheme. This follows the revelation that the London-based EBRD paid six times more for privatization shares than a group of local buyers.
[ 39 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
South American countries The Brazilian perspective Nacional, which is Brazil’s seventh-largest private financial institution, cost taxpayers some US$5 million (Wall Street Journal, 1996c).
The Wall Street Journal (1996c) reported that an elaborate accounting claim by the officers of the Banco Nacional SA had concealed the insolvency of the bank for more than a decade. Nacional had submitted false financial statements to Central Bank administrators from 1986 until its collapse in 1995. The government discovered Nacional’s fraud only after agreeing to assume the bank’s US$5 billion in bad debts. Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The Venezuelan perspective Venezuela’s government is keen to punish the former top officials of Banco Latino who have managed to slip away to southern Florida (The Economist, 1995b).
The Economist (1995b) reported that the government of Venezuela charged 83 former executives of the Banco Latino for fraud and laundering monetary instruments in the amount of US$2 billion. The Banco Latino and its Miami-affiliate Banco Latino International have filed a criminal suit in Miami, Florida, against its former bank president, Gustavo Gomez Lopez.
Part VII: The investigative and reporting process Fraud indicators While professional internal auditors may not be insurers against fraud, their responsibility for due professional care will require an increasingly high level of alertness to the indicators of fraud (Sawyer, 1988).
The SEC, in ARS No. 174, has urged auditors to be on the alert for signs that indicate management might be seeking to conceal a deterioration in the financial position of the company. Such red flags include: • the recognition of income from transactions which do not reflect actual economic changes; • unwarranted attempts to defer expense recognition; • avoiding recognition of losses; and • timing of major transactions so as to achieve apparent improvements in the financial statements (Cooper and Flory, 1976.) In April 1988, the AICPA issued SAS No. 55, “Consideration of the Internal Control Structure in Financial Statements” which states that the effectiveness of internal controls
[ 40 ]
depends largely on management’s integrity. Indicators of misstatements in financial statements or management fraud include: • management’s failure to correct material weaknesses in internal control that are practical to correct; • a high turnover rate in top financial positions; and • understaffing of accounting and financial functions. The value of internal control is apparent in both preventing and detecting fraud. In a recent survey conducted by Welch et al. (1996) shows that the majority of the members of the Association of Certified Fraud Examiners agree on the following findings: • weak internal controls had created opportunities for fraud in more than 80 percent of the cases; and • about half of all frauds occurred in the financial area. Albrecht et al. (1994) believe that organizations should adopt a proactive approach to reducing costs associated with fraud. A good program should emphasize fraud prevention and not reaction to already committed fraud. The steps involved in such a model include implementation of prevention and awareness programs, incidence of fraud, incident reporting, investigation, action, resolution, analysis, publication, implementation of controls, examination of compliance and training, and proactive fraud auditing. According to Robert E. Fleming, director of auditing and accounting at Urbach Kahn & Werlin in Albany, New York, there are many clues that should warn CPAs about the possibility of financial misstatement or fraud. These include: • an overly complex organizational structure with many subsidiaries; • unusual structured partnerships; and • numerous joint ventures (Friedman, 1995). Albrecht (1996) groups the indicators of employee fraud in six categories: 1 Accounting anomalies which include embezzlement, overstatement of expenses, fictitious journal entries, missing documents, alterations on documents, excessive voids or credits, increased past due accounts, duplicate payments, entries made at or near the end of accounting periods and others. 2 Internal control symptoms which include a poor control environment, lack of segregation of duties, lack of physical safeguards, lack of independent checks, lack of proper authorizations, lack of proper documents and records, the overriding of existing controls, and an inadequate accounting system.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
3 Analytical symptoms which include transactions and amounts that are too large or too small; transactions or events that occur at odd times and places. 4 Lifestyle symptoms which include employee’s greed, financial needs, or pressures. Employees are living lifestyles far beyond what they can reasonably afford. 5 Behavioral symptoms which include employees’ unusual and recognizable behavior patterns; unusual irritability and suspiciousness; unsolicited confessions; and others. 6 Tips and complaints which include tips from employees that something is wrong. For Albrecht, only the symptoms of fraud, the red flags or indicators exist to alert management of wrongdoing.
Fraud detection In planning tests for a fraud audit, the goal is often to test an unrepresentative set of items, focusing on exceptions to standard procedures (Armstrong, 1988).
The US Institute of Accountants’ SAP No. 1, Extension of Auditing Procedures (1939) stressed that the external auditor is not responsible for detecting fraud in the ordinary examination of the financial statements: In making the ordinary examination, the independent auditor is aware of the possibility that fraud may exist. Financial statements may be overstated as the result of defalcation and similar irregularities, or deliberate misrepresentation by management, or both… However, the ordinary examination directed to the expression of an opinion in financial statements is not primarily or specifically designed and cannot be relied upon to disclose defalcation and other similar irregularities, although their discovery may result. Similarly, though the discovery of deliberate misrepresentation by management is usually more closely associated with the objective of the ordinary examination, such examination cannot be relied upon to assure its discovery.
For Thompson (1993c), the symptoms of fraud are often obvious to anyone who cares to look. These indicators may arise as a result of control established by management, tests conducted by auditors and other sources both within and outside the organization. Detection of fraud consists of identifying the indicators of fraud sufficient to warrant recommending an investigation. The internal auditing department’s responsibilities for detecting fraud when conducting audit assignments are to: • Have sufficient knowledge of the indicators of fraud. • Be alert to opportunities such as control weaknesses that could allow fraud.
• Conduct additional tests directed toward detection of fraud if significant weaknesses are found. • Evaluate the indicators and decide whether further action is necessary or an investigation should be recommended. • Determine whether the organizational environment fosters control consciousness. • Determine whether realistic organizational goals and objectives are set. • Determine whether written corporate policies exist that describe prohibited activities. • Assess whether action is taken when violations are discovered. • Verify whether appropriate authorization policies for transactions are established and maintained. • Determine whether policies, practices, procedures, reports, and mechanisms are developed to monitor activities and safeguard assets. • Assess whether recommendations need to be made for the establishment or enhancement of cost-effective control to help deter fraud. • Recommend the establishment of a strong, written statement of management’s commitment to corporate ethics. Internal auditors would be more likely to detect fraud if they develop their ability to recognize and question changes that occur in organizations. Examples of audit tests to detect fraud are: • To detect the alteration of the beginning balance in the monthly checking account reconciliation, the auditor should compare monthly balances and use change and trend analysis. Applying analytical procedures is a good way to detect the diversion of funds. • The means of detecting kickbacks paid to a new buyer is the use of change analysis and trend analysis of buyer or vendor activity. • The possibility of detection (or deterrence) of a fraud involving bogus placement agencies is to verify new vendor firms listed in a professional association catalog and/or verify the vendor name and address through the telephone book. • The means of detecting alteration of receipts for employee expenses is done by comparing the copy of a document that has not been within the control of the employee. This approach should only be used in unusual fraud situations. Loebbecke (1987) suggests assessing the risk of irregularities and considering the presence or absence of three key criteria:
[ 41 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
1 The degree to which conditions are such that a material irregularity could be committed. 2 The degree to which the person or persons in position of authority and responsibility in the entity have a reason or motivation to commit an irregularity. 3 The degree to which the person or persons in positions of authority or responsibility in the entity have an attitude or set of ethical values that they would allow themselves to commit an irregularity.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Thompson (1991) offers some good reasons why auditors do not detect fraud. The assumption is that they: • do not believe that detection is their job, • are too trusting of those they audit, • believe the bosses already know and condone the illegal activity, • do not know exposures in specific terms, • do not know symptoms of fraud occurrence, • fail to follow through on symptoms of fraud, • are concerned about career implications of fraud detection. Matsumura and Tucker (1992) conducted a study of the interaction between a manager and an auditor which resulted in an increase in fraud detection. In the game, the manager chose a probability of committing fraud whereas the auditor decided to perform tests of transactions and detailed tests of balances. Four independent variables – the auditor’s penalty, auditing standards requirements, the quality of the internal control structure, and the audit fees – were examined to assess their effects on tests of transactions and detailed tests of balances, fraud detection, and incidence of fraud. Increasingly the auditor’s penalty was found to decrease fraud and increase fraud detection. Thompson (1992) suggests a five-step approach for fraud detection: 1 Know fraud exposure in specific terms. 2 Know exposure specific symptoms of fraud. 3 Be alert for fraud symptoms. 4 Incorporate into routine audit program steps that are likely to reveal fraud symptoms. 5 Follow through on all observed symptoms. Ziegenfuss’ survey (1996) of municipal and local governments shows that the most effective tools for fraud detection are: • internal audit review; • specific investigation by management; • employee notification; and • accidental discovery. According to the deputy director of UKs Serious Fraud Office, the reasons why auditors fail to detect fraud are:
[ 42 ]
• inadequate scope of auditing testing and inquiries; • restrictions of auditors’ work by management; • auditors’ failure to understand the business of the company being audited; • failure to identify related party transactions; • reliance on uncorroborated representations from management; and • deceptions practiced on auditors. It is entirely possible that an auditor could perform an audit in an entirely reasonable way and in full accordance with auditing standards and still not detect deliberate material misstatement. UKs Companies Act of 1985 foresaw that possibility making auditor deception a criminal offense (Knox, 1994).
Fraud investigation Successful investigators and auditors follow up on curious occurrences based upon experience, judgment, and intuition (Palmer, 1993).
According to the IIA Standards (SIAS No. 3), the role of internal auditing in the investigation of fraud includes: • Assessing the probable level and extent of the complicity in the fraud within the organization. • Assessing the qualifications and the skills of the internal auditors and the specialists available to participate in the investigation to ensure that it is conducted by individuals having the appropriate type and level of technical expertise. • Being cognizant of the rights of alleged perpetrators and personnel within the scope of the investigation and the reputation of the organization itself. • Designing procedures to follow in attempting to identify the perpetrators, extent of fraud, techniques used, and cause of fraud. • Determining the knowledge, skills, and disciplines needed to effectively carry out the investigation. • Coordinating activities with management personnel, legal counsel, and other specialists as appropriate throughout the course of the investigation. When a fraud investigation reveals irregularities which may have an adverse impact on the financial position and results of operations, the director of internal auditing should inform the appropriate management and the audit committee. When auditors suspect wrongdoing, a separate audit report may be required because the information may not be appropriate for disclosure to all report recipients. SIAS No. 2 suggests that the proper authorities within
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
the organization should be informed. When senior management is involved, the audit committee or similar high-level entity should be notified. Review of the draft of a proposed report on a fraud investigation by the legal counsel reduces the possibility of inclusion (and dissemination) of a statement for which the accused employee could sue the organization. If internal auditing wants to invoke client privilege, consideration should be given to addressing the report to legal counsel. For Thompson (1991), a thorough fraud investigation should answer the following questions: • Was it fraud or error? • Who did it? • What was the extent of the loss? • How was it done? For Thompson (1993d), the responsibility for investigating suspected wrongdoing should be clearly defined and communicated to everyone within the organization. Investigation consists of performing extended procedures necessary to determine whether fraud, as suggested by the indicators, has occurred. It includes gathering sufficient evidential matter about the specific details of a discovered fraud. All fraud investigations need to start with a plan for gathering and handling the evidence (Ehlers, 1996). When conducting fraud investigations, internal auditors should assess the probable level and the extent of complicity in the fraud within the organization. Internal auditors, lawyers, investigators, security personnel, and other specialists from inside or outside the organization are the parties that usually conduct or participate in fraud investigations. Albrecht et al. (1994) suggest that formal procedures be established in the investigation process: • to assess the scope of the investigation; • to determine the investigation methods; • to follow up on tips of suspected fraud; • to conduct interviews; • to review documentation; and • to report the findings.
Fraud reporting Many internal auditors felt that finding fraud was career limiting and possibly career-ending, especially if the fraud discovered was perpetrated by a senior member of management (Alpert, 1992).
According to the Standards for the Professional Practice of Internal Auditing (SPPIA), a fraud report is required at the conclusion of the investigation. In performing an audit, internal auditors are lacking due professional care when they suspect employees for
misappropriating assets and confront them with their suspicions. A suspect should not be confronted until supporting evidence has been gathered. Confrontation should be done by persons who specialize in investigating criminal activity, not by internal auditors. The SPPIA require that when an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions and suspects that fraud has taken place, the auditor should notify the appropriate authorities within the company and recommend an investigation. The report should include the auditor’s conclusion as to whether sufficient information exists to conduct an investigation and summarize the findings that serve as the basis for such decision. Reporting consists of various oral or written interim or final communication to management. When an internal auditor’s procedures lend to suspicion of some kind of wrongdoing, the auditor should: • determine the possible effects of the wrongdoing; • discuss the matter with the appropriate level of management; and • decide with management who should investigate or otherwise follow up the suspicion (SIAS 3). When wrongdoing is suspected, the auditor’s responsibility extends to the appropriate level of management within the organization (PSB 85-5). A written report is required at the conclusion of the investigation phase. It should include all findings, conclusions, recommendations, and corrective action taken. Internal auditing is responsible for reporting fraud to senior management or the board when the incidence of fraud of a material amount has been established to a reasonable certainty.
Fraud deterrence Management can reduce fraud-handling difficulties by establishing the policy and related approaches to handling fraud before the fact, not after (Thompson, 1991).
Stewart (1959), in his “Nature and prevention of fraud,” makes a good point in stressing that defalcations and irregularities could be reduced with a reasonable increase in auditing work: In our world of war, confusion, evil, and suffering, the accounting profession is very much aware of the fact that defalcations and other irregularities have grown considerably in number and amount in recent years. American business losses from these frauds have been estimated to range from one to three billion dollars annually. Contrast this with the U.S. police reports to the FBI that
[ 43 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
total value of property stolen in 1957 by robbery, burglary, larceny, and auto theft was US$272 million. Consider also that the usual embezzlement amounts range from a few to many thousands of dollars and in some instances to millions while the average loss from robbery and burglary in 1957 was only about US$200.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Considering the large amount of defalcations and irregularities, one may wonder whether an increase of audit work would have the effect of reducing losses of this kind in an amount equal to the cost of increasing auditing (Mautz and Sharaf, 1961). The AICPA, in its SAS No. 30, believes that the fidelity bonds “provide more protection economically and efficiently” than the expenses for additional auditing work. The Surety Association of America remarked instead that in many cases, reliance on bonding has proved unsatisfactory because losses far exceeded expectations (Surety Association of America, 1954). Preventing fraud consists of those actions taken to discourage the perpetration of fraud and limit the exposure if fraud does occur. Internal auditing is responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of controls, commensurate with the extent of the potential exposure/risk in the various segments of the entity’s operations. In 1985, The Institute of Internal Auditors issued SIAS 3, “Deterrence, detection, investigation, and reporting of fraud,” and recommended that the internal auditing profession should: • Determine whether the organizational environment fosters control consciousness. • Set realistic organizational goals and objectives. • Determine whether written corporate policies exist that describe prohibited activities and the action required whenever violations are discovered. • Assess whether appropriate authorization policies for transactions are established and maintained. • Determine whether policies, practices, procedures, reports, and other mechanisms are developed to monitor activities and safeguard assets. • Assess whether communication channels provide management with adequate and realistic information. • Determine whether recommendations need to be made for the establishment or enhancement of cost-effective control to help deter fraud. Internal auditors cannot guarantee that fraud will not occur. Given its inherent limitations, even an effective internal control
[ 44 ]
structure cannot provide more than reasonable assurance that fraud will be prevented. SIAS No. 3 emphasizes that the principal mechanism for preventing fraud is control and the primary responsibility for establishing and maintaining control rests with management. It recommends a strong written statement of management’s commitment to corporate ethics. It lists the following as examples of preventive control: • Competitive bidding serves as a control over fraud by restricting the ability of a purchasing agent to reward a favored vendor. • Subjecting credit card charges to the same expense controls as those used on regular company expense forms. Davia et al. (1992) suggest that top management should play a proactive role in fraud prevention by providing training in: • disclosure of fraud; • investigative techniques; • the nature of evidence required to conclude the presence of fraud; and • the internal controls necessary to deter the occurrence of fraud. Wells (1993) believes that the most effective deterrent of fraud is the specter of detection, which can be bolstered by a stronger audit presence. He feels that the following lessons can be learned from those who commit financial fraud: • the risk of fraud exists in all financial activities and with all people; • those who commit fraud share personality traits, mainly narcissism; • defrauders tend to spend their money ostentatiously to impress those around them; • a great deal of fraud could be prevented or detected if auditors were more skeptical; and • controls are of limited value in deterring fraud. In 1994, Wells proposed a “Model fraud prevention program” which seems to be a significant departure from current auditing practices. The main points of this theory are based on the following assumptions: • the independent auditor is currently facing unprecedented liability for failing to detect material frauds; • the detection of these frauds by independent auditors is difficult at best, even with adequate training, and • the auditor’s primary concern should be prevention, not detection. The fraud prevention program should have three realistic and measurable goals: 1 reduce losses resulting from fraud; 2 deter fraud through proactive policies; and
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Rocco R. Vanasco Fraud auditing
3 increase the likelihood of early fraud detection.
Managerial Auditing Journal 13/1 [1998] 4–71
Albrecht (1996a) agrees with chairman Wells that “fraud prevention is far more cost-effective than fraud detection” but for the external auditors “activities such as client acceptance and fraud prevention aren’t covered by ASB standards.” Fraud prevention in most financial institutions is a top priority. Begg (1994) reported that check fraud alone costs the banking industry more than US$1 billion annually, with losses per transaction averaging between US$10,000 and US$20,000. To deter such a fraud, First, Chicago adopted a strategy, termed “shared liability” which helps the bank and its customers jointly identify approaches to fraud prevention and implement measures to reduce their exposure to loss sharply. Procedure and technical measures to combat check fraud that can be implemented in conjunction with a program of shared liability include: • screening of new account applicants; • data sharing with banking peers; • built-in security measures such as hologram shipping on official bank or corporate checks; and • cash management services. Management may not support fraud prevention for three reasons: 1 Management’s concerns often are elsewhere than audit or fraud. 2 Managers are reluctant to believe the existence of fraud. 3 Management may unreasonably feel that bringing up the presence of fraud may alienate the work force (ACFE, 1995). The American Society for Industrial Security (ASIS), an international non-profit association of precessional security, publishes a newsletter on fraud prevention and security related matters in the World Wide Web (Horsburgh, 1995). The homepage hosts is University of Stellenbosch. According to Bliss and Aoki (1997), the perception of detection, not internal controls per se, is the strongest deterrent of fraud. Once the opportunity for embezzlement and pilfering is removed most people will follow their conscience.
Part VIII: Techniques in the investigative and reporting process Analytical auditing procedures Analytical fraud symptoms are procedures or relationships that are too unusual or too unrealistic to be believable (Albrecht, 1996a).
Analytical auditing procedures, including horizontal and trend analysis, are important and effective fraud detection techniques. By analyzing sales in the last three or five years, auditors can detect unexpected sales trend. Special software allow the analysis of sales by customer, salespersons, month, and activity. The AICPA SAS No. 8 (1992) describes analytical procedures as “evaluations of financial information made by a study of relationships among both financial and non-financial data.” They involve comparisons of recorded amounts, or ratios developed from recorded amounts to expectations developed by an auditor. SAS No. 8 also states that a basic premise underlying the application of analytical procedures is that relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary. Variability in these relationships can be explained by, for example, unusual events or transactions, business or accounting changes, misstatements or random fluctuation. Thus, the possibility of misstatements arising from fraud or errors should be considered when unexpected differences between recorded amounts and those determined by analytical procedures are identified. Gauntt and Glezen (1997) find analytical auditing procedures a powerful tool in identifying areas where the risk of errors and fraud are high. The results of analytical auditing procedures may be useful to auditors in the effort to provide management with early warnings of financial and operating problems. The emphasis on analytical audit procedures increases when the auditor either suspects fraud or believes that the risk of errors and irregularities is high. According to the National Commission on Fraudulent Financial Reporting, the potential for detecting fraudulent financial reporting through analytical auditing procedures has not been fully realized. The Report points out that unusual transactions, deliberate manipulation of estimates or reserves, and misstatements of revenues and assets often introduce aberrations in otherwise predictable amounts, ratios, or trends. The Report suggests that in a number of cases reviewed by the Commission, analytical procedures might have increased the likelihood of detecting fraudulent financial reporting (PSB 89-2). Albrecht (1996a) noted that analytical fraud symptoms include transactions or events that happen at odd times or places; that are performed by or involve people who would not normally participate; or that include odd procedures, policies, or practices.
[ 45 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
Trend analysis If auditors were responsible for the discovery of all employee fraud, auditing tests would have to be greatly expanded (Arens and Loebbecke, 1994.)
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Trend analysis, which considers statistical data over a period of years as a basis for forecasts, is a useful tool for detecting anomalies. For instance, an auditor who performs analytical procedures on financial statements would expect the percentage change in cost of sales to vary little from the change in sale. A sharp increase in production and sales that results in greatly increased productivity or the marketing of a new product with a high price and a low cost may explain that the entity’s sales people are conspiring with another company’s purchasing agent to inflate sales. Trend and ratio analysis may detect potential fraud such as: • An unexplained increase in the default rate caused by bogus loans. • An extraordinary increase in accounting balances. • Sudden and unjustified increase in the cost of the service. • Comparing the beginning balance one month to the ending balance of the prior month.
internal auditor noticed that one of the insurance company’s independent agents did not keep the agency’s bank reconciliation current. After reviewing the evidence associated with the agency’s bank account, the auditor found that one of the agents, no longer with the agency, had taken advantage of the delayed reconciliations and purloined the missing funds. The auditor recommended that bank reconciliations be kept current. The IIA Dallas Chapter (1993) reported that an internal audit found that the branch’s reconciliations were three months behind, and those completed were poorly executed. The supervisor in charge of the bank reconciliations could issue, sign, and mail manual checks to satisfy a customer’s emergency request. After the supervisor completed the reconciliations, the auditor reviewed them and discovered that US$130,000 was missing. Further investigation determined that the supervisor had misappropriated the missing funds. The auditor recommended segregation of the manual checks issuance duties, enhanced procedures for documenting customers’ emergency requests for funds, and tighter controls over storing and accounting for check stock.
Inquiry Discovery sampling The only alternative to discovery sampling is the examination of each item until an example has been found or the entire population has been examined (Sawyer, 1988).
Discovery sampling is used when the auditor is examining populations where the existence of fraud or gross error is suspected. Such populations might include: • fictitious employees on the payroll; • duplicate payments; • unauthorized shipments of goods; and • a nonexistent collateral for loan (Sawyer, 1988). Discovery sampling is used primarily for search of critical deviations such as evidence of fraud. If such deviation exists, the auditors may abandon their sampling procedures and undertake a thorough examination of the population. Discovery sampling assumes that auditors have a reason to believe that someone has been preparing fraudulent records.
Bank reconciliations The promptness with which reconciliations are prepared by an independent party will determine how effective they are as a control (Wallace, 1995).
Bank reconciliations play a powerful role in detecting potential fraud by employees. The IIA Houston Chapter (1993) reported that an
[ 46 ]
It helps to know that fraud is likely. But some symptoms demand follow-up (Morley, 1994).
An audit technique that can help find the people involved in the fraud is inquiry. By asking questions whose answers the auditor already knows, the auditor can ascertain the interviewee’s truthfulness and desire to cooperate (Wallace, 1995). To elicit information about fraud matters, Wells (1992) suggests a “Fraud assessment questioning” (FAQ), a non-accusatory, structured interview method. Used properly, FAQ can provide auditors and fraud examiners the clue of possible suspects. Inquiry can, at times, be the best tool to assess possible violations of company’s policies or verify allegations of fraud. The IIA Fraud Round Table of the Internal Auditor reported a unique case of conflict of interest which was confirmed by inquiry: A written complaint was received by the senior manager and the internal auditor stating that field supervisors were favoring relatives with service business in violation of the company’s code of business conduct. The auditor decided that the direct interrogation of the supervisor was the best course of action. When asked if the people who were providing services for the project were relatives, the supervisor answered: “They are not relatives, they are in-laws.” The
Rocco R. Vanasco Fraud auditing
supervisor was replaced and the boss was reprimanded.
Managerial Auditing Journal 13/1 [1998] 4–71
Part IX: The white-collar crime White-collar crime
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
All types of frauds are characterized by certain contributing factors related to the values and motivations of the fraud perpetrators and the management of the defrauded organization (Menkus, 1990).
In 1939, Edwin H. Sutherland, in his presentation at the American Sociological Society Symposium, coined the term “white- collar criminality” to indicate administrative wrongdoing. Quinney (1964) gave the following reason for the lack of interest in the white-collar and corporate crime in the 1960s: Although there has been considerable interest and activity in the study of white-collar crime, the development of the area has been hampered by a number of problems that have not been made explicit. The concept has remained unclear because criminologists have subsumed different behavior under the term. In addition, writers have varied on the amount of emphasis given to the social status of the offender, have employed different meanings of occupational activity, and have lacked consistency in designating the illegal nature of the offense.
The Federal Bureau of Investigation (FBI) defines white-collar crime as: Those acts characterized by deceit, concealment, violation of trust, and not dependent upon the application of threat of physical force or violence. Such crimes are committed to obtain money, property, or services; or to secure personal or business advantage (Kelley, 1976).
A similar definition is given by the US Department of Justice (1977): • Intent to commit a wrongful act or to achieve a purpose inconsistent with law or public policy. • Disguise of purpose through falsities and misrepresentations employed to accomplish the scheme. • Reliance by the offender on the ignorance or carelessness of the victim. • Voluntary action by the victim to assist the offender as a result of the deceit practiced. • Concealment of the crime. The Fraud Examiners Manual (1997) lists the following actions constituting fraud: • any dishonest or fraudulent act; • forgery or alteration of documents; • misapplication of funds or assets; • impropriety with respect to reporting financial transactions;
• • • •
profiting on insider knowledge; disclosing securities transactions to others; accepting gifts from vendors; destruction or disappearance of records or assets; or • any similar or related irregularity. The Futurist, the journal of the World Future Society, predicted that white-collar crime will spiral upward in the knowledge-based economy. High-tech securities have independent economies based on creating, collecting, and distributing data. Thieves thus have new tools for committing their crimes (Internal Auditor, 1995b). Nichols (1996) surveyed the following sources of information on white-collar crime in the Internet: • The World Wide Web Sources provides research, new articles, product and services, and agencies related to white-collar crime. • The KPMG Investigation and Security Page contains various fraud surveys. • The White Collar Crime Loss Prevention through Internal Control which is a study conducted by Ernst & Young for Chubbs Insurance Company. It provides guidance on assessing exposure to fraud losses, reviewing internal control procedures, and specifying control objectives. • The Statistical Sidebar provides statistics on white collar crime criminals and their patterns. It also provides the sources where statistics were obtained. • The Investigative Database, Boston, MA, contains a 20-year investigation experience by an investigator. • The Statement to the Senate Appropriations Committee issued by the Director of the Federal Bureau of Investigation (FBI) in March 1996, focuses on the FBI’s initiative in conjunction with the international community to combat white-collar crime (Nichols, 1996). • The Business Report – “Corporate crime – big and small” broadcast by the Australian Broadcasting Corporation focuses on the level of illegal corporate activity in Australia. • The White Collar and Corporate Crime Overlooked posts a brief synopsis of research on how the media overlooks white-collar crimes. • Crimes in St Louis provides white-collar crime information on embezzlement and environmental crimes committed in the city. • Fraud Detection Kit offers instructional materials to help businessmen detect and deduce occurrences of fraud within their organizations.
[ 47 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
• White Collar Crime discusses the seriousness of white-collar crimes and how the law and judges impact the defense strategies for the companies. • IRS Investigator’s Handbook describes how IRS investigators trace financial transactions as they relate to white-collar crime. • The National White Collar Crime Center provides investigative report services to assist in the fight against economic crimes. • The National Center for Justice provides links to other agencies and other areas within the domain of criminology. • The National Fraud Information Center is a coalition among the National Association of Attorney Generals, the Federal Trade Commission, the National Consumers League, and MasterCard. It provides links for contacting the coalition to report an incident or to obtain information on previous reported activities. • The Transparency International provides useful information to anyone interested in researching the international corporate offenders. • The Anthem Corporation distributes the Financial Crime Investigator which allows the user to write queries in the database management or mainframe computer system. Fraud indicators are matched with profiles of specific fraud schemes. Gulf Investigation, Inc.’s Report on white collar (1997) is alarming: White-collar crime is a rampant vicious plague which is crippling the American economy. Credit card fraud may exceed 1.5 billion in 1994. Bank and insurance fraud has already exceeded even the most outrageous estimates of the 80’s. There are no real accurate numbers for the amount of dollars lost in check fraud, just educated estimates. It is estimated that 90% of the daily business transactions in the U.S. involve checks. In 1993, about 100 billion checks (not dollars) were processed with an average return (bounce) rate of about 2 percent. Collectability studies in the mid-1980s reflected a 50% recovery rate. This figure is unrealistic in the economic climate of the 1990s. Major retailers reported in 1992 that the amount of uncollectible checks presented to them increased by over 35% from 1991. The Federal Bureau of Investigation estimated in 1992 that 15 fraudulent checks were passed each second, that equates to 54,000 checks an hour.
In Guam, the Twenty-third Legislature introduced Bill No. 116 which added a new No. 30116 to Title 5, Guam Code Annotated, relative to establishing a White Collar Crimes Unit within the Prosecution Division of the Department of Law. The Attorney General may utilize the services of specified personnel
[ 48 ]
in any Executive Branch department or agency for White Collar Crime prosecution purposes (Charfauros, 1995). Freeman and Forcese (1994) argue that the war on crime in Canada largely ignores not only such white-collar employee crime, bus also violations committed by corporations. These include tax evasion, bribery, fraudulent advertising, illegal mergers, and monopoly pricing. Canadians pay increased taxes and prices for consumer goods amounting to as much as US$20 billion a year as a result of white-collar crime. US statistics show that white-collar and corporate crime accounts for US$10 for every one dollar lost to robbery, burglary, larceny and auto theft combined. If this 10 to 1 ratio applies to Canada, Freeman and Forcese estimate that corporate crime costs Canadians about US$30 billion a year.
Employee fraud One of the most effective ways of deterring dishonest conduct is by not hiring dishonest employees (Sawyer, 1988).
Kroll Associates Inc. (1993), a business fraud detective agency based in New York City, offers the following list of behavior and events as early signs that may point to trouble: • Significant changes in behavior, including unexplained mood swings. • Reluctance to take vacations or be away from the office. • Suggestions of heavy personal debts. • Extravagant purchases or lifestyle. • Unusually close ties to vendors or a sudden switch in long-term vendors. • Tendency to manage by crisis: a disregard for structure, controls, or procedures. • A desire to control operations and safeguard assets: a disregard for segregation of duties. • Continued adversarial relationships with groups within and outside the organization – particularly auditors. • Chronic job frustration: a known malcontent. According to Bliss et al. (1997), nearly 75 percent of employees steal at least once, and half of those are repeat offenders. As a result, almost one in three small business failures can be attributed to internal theft. They claim that employee fraud is far more costly and devastating than all crimes committed by shoplifters, vandals, and armed robbers. The most common rationalizations for stealing are: • I’m only borrowing the funds until I get a raise. • No one will get hurt, the company has budgeted for this. • Everybody does it.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
The IIA Florida West Coast Chapter (1990) reported that a bank teller frequently went on shopping trips to New York City and Mexico, owned an expensive condominium, and bought expensive lunches for friends. Most bank tellers cannot afford that lifestyle. The auditor’s review of the branch’s record disclosed that almost half million dollars was missing. The teller processed entries, performed reconciliations, and handled disbursements. There was no separation of duties, and the teller was trusted by the branch manager. The Institute of Internal Auditors’ Professional Standards Bulletin (PBS 84-3) warn that audit tests are not designed to make detailed examinations and verifications of all transactions to detect employee fraud and other irregularities. However, internal auditors have the basic responsibility to use due professional care in the application of audit skills, tests, and conclusions based on the appropriate complexities of the audit being performed. Internal auditors cannot give absolute assurance that irregularities do not exist. The possibility of material irregularities should be considered by internal auditors when undertaking audit responsibilities (PSB 84-3).
Embezzlement Embezzlement, like all crime, is a product of motive and opportunity (Bologna, 1994).
Embezzlement constitutes a fraud. It is the intentional appropriation of property entrusted to one’s care. Embezzlers convert property to their own use and conceal the theft. Bologna (1994) cites the following environmental factors that enhance the probability of embezzlement: • Inadequate rewards. • Inadequate internal controls. • No separation of duties or audit trails. • Ambiguity in job roles, duties, responsibilities, and areas of accountability. • Failure to counsel and take administrative action when performance levels or personal behavior fall below acceptable levels. • Inadequate operational review. • Lack of timely or periodic review, inspections, and follow-up to assure compliance with company goals, priorities, policies, procedures, and governmental regulations. • Failure to monitor and enforce policies on honesty and loyalty. Embezzlers are persons who hold fiduciary positions. Bologna cites the following schemes to embezzle cash: • Borrowing cash from funds to be deposited on the assumption that the embezzler will make it up on the next day (lapping).
• Borrowing petty cash and submitting fictitious or personal checks to keep the account balance in line. • Diverting petty cash for personal use by submitting phony invoices and expense bills. • Recording a deposit from an interbank transfer in the current period while failing to record the related disbursement until the next period kiting. Smith (1995) offers a typology of individuals who will embezzle: • The “Keeping up with the Joneses” type is the individual who wants to live a life of luxury. The only way to afford this lifestyle is to steal from the employer. • The “Opportunist” type is the person who quickly detects a lack of or a weakness in internal control and seizes the opportunity to use this deficiency to his benefit. • The “Crisis/in need” type is the individual who resorts to stealing to pay for large family medical bills, to support his/her abuse of an expensive substance such as cocaine, or to pay gambling debts. • The “Professional criminal” type is an individual who has made a career of stealing and has learned to cover his/her tracks. • The “Unsatisfied/disgruntled” type is the individual who thinks that he/she has been unfairly treated. He/she steals to get the “compensation he/she deserves” for his/her work or punish his/her employer. To deter embezzlement, Smith (1995) recommends the following measures: • institute strong internal control policies which reduce the opportunity for crime; • conduct an aggressive and thorough background check prior to employment; and • identify behavior patterns and intervene before they cause problems. Other measures management could also consider are: • Create a positive work environment. • Train all employees on drug awareness and encourage them to seek help. • Contract with a family crisis counseling service to provide assistance to employees. • Consider whether to establish a drug testing policy. • Adopt an open door policy. Encourage employees with work-related or personal problems to discuss them freely with management. • Provide a telephone hotline service so employees can anonymously report suspicious wrongdoing and other ethics violations.
[ 49 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
If an internal auditor suspects that an employee is embezzling funds, the auditor must: • exercise due professional care; and • inform the appropriate authorities in the company.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Due professional care dictates that a suspect should not be confronted until supporting evidence has been gathered. Bliss and Aoki (1997) claim that in nearly every case of embezzlement, a detailed analysis of the company records shows that the basic accounting system and the related accounting control structure are the key for evidence of past, present, and future internal fraud.
Kiting Internal theft schemes work on the basis of four principles: disguise, divergence, diversion, and conversion (Bologna, 1994).
Kiting is the recording of a deposit from an interbank transfer in the current period while failing to record the related disbursement until the next period. The auditor detects kiting by: • examining a schedule of bank transfers for a period covering a few days before and after the balance sheet date; and • comparing paid checks returned in the next day period, and dated prior to year-end, with checks listed as outstanding on the related bank reconciliation. Chambers (1985) reported in the New York Times a well-publicized kiting case involving the president and chief executive officers of Transit Mix Concrete Corporation and two large banks, Marine Midland and Citibank. The officers drew checks in the Transit Mix Concrete account at Citibank and deposited those checks in an account at Marine Midland for Water Tunnel Associates, a dummy company also operated by the officers of Transit Mix Concrete. The officers of Transit Mix Concrete Co. were charged with stealing US$23 million. Alexander (1985) reported another kiting case in Time. The use of float permitted the brokerage firm of E.F. Hutton fraudulently to obtain interest-free loans exceeding US$8 million from 400 banks between 1980 and 1982. Twenty or so executives participated in the kiting scheme. Although the fraud was insignificant to the bottom line, nonetheless the results were devastating to Hutton, which eventually sold out.
Larceny The forensic auditor knows about those “red flags” that make organizations their own worst enemy by routine control overrides,
[ 50 ]
poor financial planning, unusual complex procedures, and organizational indifference (Alpert, 1992).
Bologna distinguishes larceny from embezzlement. The difference lies in the issue of the legality of the article stolen. In larceny, the thief never had legal custody, whereas the embezzler was legally authorized by the owner to take or receive the article and to possess it for a time. The IIA Baltimore Chapter (1994) reported a case of larceny. A security group investigated and determined that a former employee had, through available technology, created copies of a blank check that had been reported missing before the employee had been terminated. The fraud totaled US$7,000. The former employee was charged with grand larceny. As a result, controls were put in place to determine whether or not checks are real.
Lapping The purpose of lapping is to keep all accounts current in order to avoid auditor suspicion and unusual customer exceptions to confirmation requests (Konrath, 1996).
Lapping is a type of embezzlement involving misappropriation of cash from a customer and covering the resulting shortage with subsequent cash collection from another customer. To conceal the shortage, the defrauder attempts to: • keep bank and book amounts in agreement so that a bank reconciliation will not detect the fraud; • correct the customer’s account within a few days. Any discrepancy in the customer’s account can be explained as a delay in receiving the cash or posting it. To detect lapping, auditors: • confirm accounts receivable; • make a surprise cash count; and • compare the details of Cash Receipts Journal entries with the details of the corresponding deposit slips. Lapping is an internal control weakness. It can be prevented by separating the cash collection from the recording function. Lapping often involves fraud of small amounts. It is detected when there is suspicion of fraud.
Pilferage Organizations should focus their efforts not on eliminating occasional pilferage but on keeping it from blossoming into chronic or professional abuses (Wells, 1994).
Webster’s Dictionary defines “pilfer” as “to steal in small quantities.” It is done over and over almost daily by employees at all levels of the organization. Wells (1994) reported that in
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
the USA alone, workers annually pilfer a billion dollars in paper clips, pencil, stationary, and postage. Nationwide, employees may pilfer as much as US$200 million a day – about US$4 per employee. Edgerton (1992) reported that the cost of more serious employee thefts has grown dramatically. The survey conducted by the London House and Food Marketing Institute of more than 1,000 supermarkets shows that the average amount of theft per employee rose from US$44.72 per employee in 1989 to 168.48 in 1992 – an increase of 379 percent. The IIA Houston Chapter (1991) reported a case of pilferage of narcotics: The internal auditor, while reviewing the narcotics inventory and activity reports, found that the beginning balances did not always agree with the previous day’s ending balance. When the balances disagreed, the beginning balance was less than the previous day’s ending balance. These differences always occurred when a particular nurse was on duty. Further study determined that the nurse had a personal substance abuse and was pilfering the narcotics.
The IIA Mount Diablo Chapter (1993) reported a case of deceitful pilfering. A review of refund receipts issued by the cashier during the previous months detected more cases of questionable refunds: • some handwritten; • different customers; and • no supervisor signatures. The cashier was interrogated and admitted to pilfering over US$25,000 via a refund scam. The auditor recommended strengthening internal control over refund procedures.
Part X: Accounts vulnerable to fraud Accounts receivable and sales All fraud is done by those we trust… Auditors and management should trust people, but we are inviting trouble if we allow blind trust to replace vigilance in auditing or management (Thompson, 1992).
The case of United States v. Natelli (1975) deals with the failure to disclose properly the writeoff of uncollectible accounts and the overstatement of sales thus making financial statements misleading. Financial statements may be materially misstated by inflated accounts receivable and sales at year end. The two most common schemes are: 1 fabricated invoices; and 2 increased sale prices substantially above the company’s list prices.
Auditors can detect such a fraud while performing sale cutoff tests and examining transactions a few days before and after year end. Sales and marketing fraud is one of the biggest exposure areas for companies. It may take the form of fraudulent actions designed to generate fictitious commissions, or sales representatives who defraud customers for the benefit of the company or themselves (Internal Auditor, 1995c). The Cohen Commission reviewed several fraud cases and found that direct confirmation of accounts receivable from outside parties did not provide the expected assurance because outsiders ignored incorrect information and actually cooperated with management in giving incorrect information (Wallace, 1995). To uncover vendor fraud, auditors look for red flags or weaknesses in the internal control system such as: • vendor not on the approved vendor list; • invoice without purchase order or receiving document; • payment without invoice; • vendor’s address, telephone number, and ZIP code matches employee’s address; • sequentially numbered invoices; • others (Kramer, 1996).
Cash receipts and disbursements Since auditors are now sued every time there is an undetected fraud, there should be fewer undetected frauds and, hence, fewer lawsuits (Albrecht, 1996b).
Commingling personal and company funds can lead to potential fraud. The IIA Northwest Metro Chicago Chapter (1993) reported a case in which during a controls review of a newly established distribution center, the internal auditor found that cash receipts, which averaged US$125,000 daily, were deposited in the personal account of the center’s accountant. The accountant remitted the cash receipts to the central accounting office by personal check. When the auditor brought to management’s attention the commingling of personal and company funds, the company established a centrally controlled bank account and night deposit procedures. Lack of separation of duties for cash receipts and cash application may cause fraudulent misappropriation of cash. The IIA North Jersey Chapter (1995) reported that the internal auditor’s review of the receipts’ log and comparison of the log to bank amounts revealed that US$39,000 had simply evaporated. Further review of the cash receipt functions performed by the same person who made the bank deposits disclosed another US$50,000 in revenue losses where profits
[ 51 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
should have been realized. Afterwards, internal controls were implemented to ensure separation of duties for cash receipts, cash application, and cash report functions to help prevent such losses in the future. The IIA Houston Chapter (1997) reported that a duplicate payment of US$75,300 was discovered by the internal auditor during a review of transactions. The invoice for the duplicate payment could not be located. The auditor reiterated the relevance of appropriately documenting payment and reviewing them for potential duplicate payments.
Petty cash Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In fraud, there is no issue of materiality (Morley, 1994).
Morley (1994) audited the petty cash fund of a large organization and learned that: • All fraud is committed by those we trust. • Early detection is sometimes the best prevention. • Auditors must be persistent in following up on explanations, particularly those that do not make sense. • Dumpster diving can sometimes prove to be a useful tool in detecting fraud. • When fraud is suspected, even the slightest variation from the norm is worth pursuing. • It helps to know that fraud is likely, but some symptoms demand follow-up. The IIA Wichita Chapter (1991) reported the following case of cash shortage: A special audit was conducted and employees were interviewed. A suspect was identified,but no sold evidence was found. The manager and auditor were advised by the legal counsel that actual theft must be observed; witnesses must actually see a smoking gun in the suspect’s hand, so to speak. After hours, hidden video cameras were installed and within 48 hours a visual record was made of the suspect taking the money. The employee was dismissed and additional controls were implemented.
Inventory When a fraud is expected, auditors perform threat analyses, which means they examine what assets are held and how those assets can be taken. Then, the auditors strive to outsmart the crooks (Wallace, 1995).
The media has reported several allegedly fraudulent financial statements attributed to significant inventory misstatements. A December 1992 Wall Street article, “Inventory chicanery tempts more firms, fools more auditors,” stated that the “recent rise in inventory fraud is one of the biggest single reasons for the proliferation of accounting scandals.”
[ 52 ]
Several fraud cases have shown that inventory is often misappropriated by both management and employees. In Cenco Inc. v. Seidman & Seidman, top management defrauded the company of US$25 million in inventory. If it appears that defalcation may exist as a result of inventory manipulation, Clyde Levington (1991) recommends the following procedures: • take a physical inventory and account for the purchases and cost of sales during the period following the end of the fiscal period; • determine the reasonableness of the gross value of inventories at year’s end; • verify the extensions and additions on the inventory used to record the value at the beginning and end of the fiscal year; and • review the policies and the application of the internal control procedures concerning the custodians involved in physically handling the inventory. The IIA Calgary Chapter (1991) reported that the internal auditor was observing a quarterly inventory and questioned the value of some damaged items. The damaged items were kept on hand until the suppliers could inspect them and issue replacements. The auditor found that the items were included twice, once as inventory on hand and again as receivables. The IIA Atlantic City Chapter (1991) reported the following case of inventory fraud: Inventory and requisitioning were controlled by means of an automated perpetual inventory system. The auditor noticed that the requisition form was blank and the bartender had to write in the alcoholic beverages that were delivered. The auditor determined that no one ever matched the quantities input to the inventory system – a control weakness that prevented detection of inventory shrinkage. The auditor matched the requisition forms with the quantities of alcoholic beverages delivered. Numerous deficiencies were detected. The auditor recommended that matching required quantities and ordered quantities become part of the normal process of alcoholic beverage control.
Wells (1997) reported an inventory fraud in an US Army Commissary. The Army Audit Agency uncovered the inventory skimming scheme perpetrated by the meat manager. The manager was able to defraud the Army Commissary by raising the price of the meat high enough to make up for the amount of government-purchased meat he diverted to outside restaurants. The total loss of the scheme was estimated at US$5 million or more.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Accounts payable/purchases When one person is given total control over the financial records, it is a license to steal (Bliss and Aoki, 1997).
A transfer of cost of sales to a prepaid asset account may cause fraudulent financial statements. Thompson (1993a) reported a case of a financial reporting fraud in which an unrecorded cost of sales for US$1.2 million took place. The audit manager had determined that cost of sales was 39 percent, well within the industry standard, but the accountant responsible for preparing the cost of sales analysis showed that cost of sales averaged 44 percent, not 39 percent. The difference was not caused by overpayment as alleged by the accountant but from an unsupported adjustment made by the financial controller to the general ledger from food inventory account to a prepaid asset account. Such a transfer overstated the preliminary net income to the parent company. The IIA San Francisco Chapter (1993) reported a case of nonexistent vendor fraud. An audit had shown significant control weaknesses in accounts payable. There was no verification of the existence of vendors, and checks were returned to the requesting salespeople for delivery to the vendors. The audit findings showed that the sales manager had stolen US$430,000 by means of checks written to nonexistent vendors and diverted to the manager’s bank accounts. The auditors recommended validating vendors and stopping the practice of hand delivery of checks.
Payroll fraud If your readers spot a man who cheats in little ways on their team, I suggest that they get rid of him fast. This kind of man won’t carry his load in little ways, so why should you expect him to be honest in the big things? (White, 1977).
Payroll fraud can be perpetrated by the most common schemes: • setting ghost employees; • failing to delete employees who have been terminated; and • submitting excessive overtime. To detect these kinds of fraud, auditors apply the following analytical tests: • duplicate and validity tests; • exception testing; and • recalculations (Crowder, 1997) Fraud may arise from a lack of implementation in the internal control system. The IIA Florida West Coast Chapter (1990) reported that a company payroll clerk, who manually prepared paychecks, figured nobody checked to see that the amount withheld for taxes was accurate to the penny. To make the payroll
worksheet balance, the clerk’s withholding was increased by the pennies. Nobody complained. The clerk’s good luck soured after the pennies became quarters and the IRS investigated the clerk’s filing for several thousand dollar federal tax refund for possible tax fraud. The IIA Calgary Chapter (1991) reported that an auditor performed a thorough compliance test of the payroll system and found little evidence of control in the update and check reconciliation and distribution process. With the help of the financial officer, the auditor was able to convince management to implement new controls and strengthen existing controls in the payroll systems. The IIA North Jersey Chapter (1995) reported that through a simple review of payroll records, an internal auditor was able to uncover several irregularities in the organization’s employee benefit plan such as: • former employees were still being carried on the employer-paid health insurance roster; • a 22-year-old, non-college student son of a personnel department employee was included in the insurance roster even though he was not considered an eligible dependent; and • retired employees were present on the active payroll and were receiving a full retiree pension at the same time.
Pensions plans and benefits Given current social trends, it no longer is expedient, and could be described as imprudent, to assume automatically that the client and its subordinates are trustworthy (De Groot, 1997).
The looting of pension funds of the Salvation Army Endowment, the Chicago Housing Authority and other organizations has been reported in the media. The following cases of pension fraud show that management abuse of pension funds is both a national and international concern. In 1993, Britain’s Serious Fraud Office indicted Kevin and Jan Maxwell charging them with defrauding pension participants of approximately US$375 million missing from the company pension funds (Schvimmer, 1993). British fraud investigators allege that shares belonging to Maxwell pension funds were illegally used to secure loans to prop up Robert Maxwell’s private ventures. In 1996, the Serious Fraud Office found the Maxwells not guilty of misusing L 122 million in shares belonging to Maxwell Company pension fund (Chernoff, 1996). The UK Goode Committee’s report on proposed pension law reforms would increase the accountant’s role, both as an auditor and adviser to pension plans. The
[ 53 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
report calls for auditors to be statutorily required to report serious or persistent irregularities to regulators and calls for stronger position for trustees to safeguard against fraud or irregularity (Cole, 1993). In 1994, the IIA Tucson Chapter reported that confirmation notices were mailed to all pensioners (about 1,000). The recalculation of the pension benefits for the sample of pensioners detected five pensions that were inaccurate. The inaccuracies appeared to have been caused by data input errors. Three of the pensioners were due a total of US$10,000 plus interest, and two pensioners had been overpaid a total of US$11,000. On April 11, 1996, President Clinton proposed a plan to reduce pension fraud by allowing audits of all retirement and pension funds and requiring auditors to report suspected bribery, theft, or kickbacks within five days (O’Connell and Schultz, 1996).
Related-party transactions In carrying out all phases of the audit, the auditor should be alert to any clues regarding the existence of related parties and for transactions involving them (Kapnick, 1980).
Related-party transactions played a large role in several well-publicized fraud cases such as Allied Crude Vegetable Oil, BarChris, Cenco, CIT Financial, Continental Vending, Equity Fund, Four Seasons, Home-Stake, Homex, McKesson & Robbins, Penn Central, Republic National Life Insurance, Sterling, Talley Industries, US Financial, Vesco, Westec, Westgate and many others. Related-party transactions are frequently used as conduits for transferring assets out as the Continental Vending Machine fraud case. To muddy the audit trail, loan proceeds are transferred back and forward between the companies. In July 1975, the AICPA issued SAS No. 6, Related Party Transactions and provided the following definition: Related parties exist when another entity has the ability to significantly influence the management or operating policies of the transacting parties or when another entity has an ownership interest in one of the transacting parties and the ability to significantly influence the other, to the extent that one or more of the transacting parties might be prevented from fully pursuing its own separate interests.
In 1982, the FASB issued Statement of Financial Accounting Standard No. 57, Related Party Disclosures which states: “Auditors’ failure of auditing related-party transactions has been the subject of several fraud scandals.” In August 1983, the AICPA issued SAS No. 45, Related-party Transactions, which
[ 54 ]
superseded SAS No. 6. It provides guidance for auditors in: • identifying related-party transactions, • determining the existence of related-party transactions, and • examining related party transactions and balances. Thomas (1989) reported in the Wall Street Journal that the auditors who audited the financial statements of Lincoln Savings and Loan Association did not devote adequate audit resources to examine the related-party transactions and were accused of actually approving the transactions. The Lincoln Savings and Loan Association reported losses exceeding US$2.5 billion! In 1991, the AICPA, in its Accounting Trends and Techniques, reported that of the 600 companies surveyed, 192 disclosed related-party transactions in 1990. In Autumn 1995, the British Accounting Standards Board (ASB) issued Financial Reporting Standard No. 8, Related Party Disclosures. The disclosure standard is helpful in reassuring readers that they have relevant information about matters that may well have affected a company’s reported performance, but many people will see the standard as a response to fraud that have or may have involved related parties (Archer, 1996).
Unrecorded liabilities Suspected wrongdoing must be fully investigated, no matter who the suspect might be (Thompson, 1993b).
The search for unrecorded liabilities includes procedures performed through the last day of field work, such as examining subsequent cash disbursements. These procedures are designed to detect liabilities that existed at year-end but were omitted from liabilities recorded in the client’s financial statements.
Computer fraud The computer has greatly enhanced the ability to conceal fraud (Levi, 1997).
In 1984, the EDP Fraud Review Task Force of the AICPA defined EDP-related fraud as “any intentional act, or series of acts, that is designed to deceive or mislead others and that has potential impact on an organization’s financial statements.” Collier et al. (1991) also defined computer fraud as “any fraudulent behavior connected with computerization by which someone intends to gain a dishonest advantage.” The first federal prosecution for computer fraud occurred in 1966 when a programmer in a Minneapolis bank successfully instructed the computer to ignore all overdrafts from his account. The discovery occurred when the
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
bank returned to manual processing after a computer failure (Alexander, 1974). Brandt (1977) provided an inventory of the biggest computer fraud perpetrated against US and foreign corporations. A lesson is to be learned from the following examples: • Ordinary managers and clerks have perpetrated more of the discovered computer fraud than computer experts. • Analysis of 150 cases indicated that 40 percent of corporate fraud involved fraudulent payments to creditors (disbursements), employees via payroll, other individuals (typically pension or insurance claims). • Manipulation of incoming funds is most often tied to some means of permanently eliminated receivables from accounts through unauthorized adjustment. • Manipulation of transactions that are most common include: adding unauthorized transactions (e.g. phony purchase orders); altering transactions (e.g. posting deposits to another accounting); and not processing transactions (e.g. interest income). • Industry groups, which are expected to have large inventory shrink, may indirectly encourage fraud in the inventory areas. • Means of detection of fraud are often suspicions by fellow employees or excessive greed that prompts an investigation. In 1978, a survey of EDP-related fraud was conducted in the banking and insurance industries in cooperation with the American Insurance Association, the American Council of Life Insurance, the Life Office Management, and the Bank Administration Institute (AICPA, 1984). Of the 854 insurance companies surveyed, the respondents identified 40 cases they believed to be EDP-related fraud. The most frequent scheme in the insurance industry was generating claim payments to the perpetrators or to accomplices. Another scheme was generating refunds reductions of policy premiums by authorizing refund checks after changing policyholder members and addresses, or by cancelling policies to generate refund checks automatically. The perpetrators of fraud in order of frequency were clerks, loan officers, data processors, supervisors, insurance agents, and systems programmers. In May 1983, the OECD defined computer crime as “any illegal, unethical, or unauthorized behavior involving data-processing, and/or transmission of data.” The findings of the EDP Fraud Review Task Force of the AICPA (1984) indicate that EDP fraud may be directly involved by improper manipulation of: • input or transaction data; • output or results;
• • • • •
application programs; data files; computer operations; communications; and computer hardware, systems or firmware.
Leinicke et al. (1990) suggest the implementation of a cost-effective fraud auditing program based on audit hooks or red flags to detect fraud. The hooks are embedded during the design phase of a data processing system. For an insurance company, the audit hooks are designed to detect unauthorized and potentially fraudulent charges to policyholders. Menkus (1990) observed that understanding how computer fraud can occur will not eliminate the menace; but internal auditors have no alternative but to ferret out weaknesses and develop counterstrategies. He listed eight distinctive factors that contribute to the persistence of the computer fraud: 1 Inadequate design of the information system. 2 Aggregation of the information system’s transaction processing steps so that a review of what is taking place becomes impossible. 3 Insufficient discrimination as to the legitimacy of the transaction processed by the information system. 4 Toleration by the information system of errors – either in data content or processing results. 5 Detachment of the information system’s ongoing operations from the physical or functional reality to what it is supposed to reflect. 6 Unrestrained, unmediated remote access to an information system that is subject to possible compromise or manipulation. 7 Restricted ability to collect sufficient knowledge about the fraud itself – especially, its scope and extent of the loss that has occurred. 8 Limits in the investigation tools for analyzing the knowledge that auditors may gain about fraud. Under the auspices of the IIA-UK and the Chartered Institute of Management Accountants, Collier et al. (1991) surveyed 300 members of both institutes of which 184 responded. The majority of the respondents indicated that the organizations placed specific responsibility on the internal audit department for prevention and detection of computer fraud. The study also indicated that 96 percent of internal auditors consider the possibility of fraud when examining new and existing computerized systems. About 86 percent considered the possibility of fraud when specific reviews were in progress. The
[ 55 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
greatest level of threat was the false computer input followed by unauthorized access. Thompson (1991) believes that the movement toward an increasingly computerized global economy likely will heighten exposure to fraud. Smith and Crumbley (1991), in Trap Doors and Trojan Horses, introduced new auditing techniques to prevent and detect fraud. The following surveys show that computer frauds are mostly attributed to the inadequacy or lack of implementation of security systems. The IIA Wichita Chapter (February 1991) reported that, during an audit of microcomputer security, the audit found that the company’s microcomputer policy manual was rarely followed and was generally looked upon with disdain. There were varying documentation standards, backup procedures, and security methods, ranging from very good to virtually nonexistent. The audit report resulted in corrective action to revise and expand the company’s microcomputer manual. Input tampering is considered to be the most prevalent computer fraud. Input scams can be prevented with an effective internal control system such as: • separation of duties; • control totals; • access controls; and • audit trails (Thornhill, 1996). Computer fraud, which is considered a criminal offense, has drawn the attention of federal and state legislators causing them to be more vigilant than ever. Thornhill lists the following statutes enacted: • Fraud in connection with Federal Interstate Computers (Title 18, USC Section 1030). • The Electronic Funds Transfer Act (Title 15, USC Section 1693n). • The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (Title 18, USC Section 1030). • Computer Fraud and Abuse Act of 1986 (Public Law 99-474). • Electronic Communications Privacy Act of 1986 (Public Law 99-508). • Small Business Computer Crime Prevention Act of 1984 (Public Law 98-362). • Computer Security Act (Public Law 100325). In 1996, the US-based Computer Security Institute (CSI) queried security practioners from a variety of US agencies, financial institutions, and universities. The CSI survey shows: • 41 percent of the respondents had experienced some form of intrusion or
[ 56 ]
• •
•
•
•
•
unauthorized use of computer systems within the last 12 months; more than 50 percent cited US corporate competitors as likely sources of attacks; more than 50 percent do not have a written policy on how to deal with network intrusions; more than 60 percent do not have a policy for preserving evidence from criminal or civil proceedings; more than 70 percent do not have a “warning” banner stating that computing activities may be monitored; less than 17 percent said that they would advise law enforcement if they thought they had been victimized; about 70 percent cited fear of negative publicity as the reason they would not report a suspected crime (Internal Auditor, 1996b).
According to a 1996 report from the US General Accounting Office, computer systems in the US Department of Defense may have experienced as many as 250,000 hacker attacks in 1995. Such attacks are often successful, granting unknown and unauthorized persons access to highly sensitive information, and they double in number each year due to easier and more widespread use of the Internet and to the increasing sophistication of computer hackers (Internal Auditor, 1996c). Rapalus (1996) feels that there has to be a greater commitment of resources to information systems security and increased cooperation between the private sector and law enforcement. The information age has already arrived, “but many organizations are woefully unprepared.” Credit card fraud in the US involving bank cards alone totaled US$680 million in 1995. The growth percentage of fraud is however decreasing as new technologies are becoming more widely used. In 1996, Mastercard and Visa International developed Secure Electronic Transactions (SET), a new standard for credit card payments in the Internet. The key to SET is that the merchant from whom the purchase is made never gets to see the buyer’s credit card number, instead the card number is encrypted and sent to the merchant’s bank (Arnold, 1996). In the UK, a recent KPMG survey of seniorlevel finance executives at 1,500 organizations shows that finance directors are basically uninformed about computer security issues. The survey revealed that: • Ninety-eight percent of the organizations have not implemented BS7799, the IT security standard developed in February by the UK government and industrialists. • Sixty-seven percent have no business continuity plan.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
• Only 45 percent have a written security policy. • Only one in five requires formal security compliance from business partners. • Back-ups and disaster plans are untested. • Compliance reviews are rare. • Only 36 percent regularly backup data held on PC’s (Internal Auditor, 1996b). In the US, the Federal Bureau of Investigation (FBI) has established International Computer Crime Squads throughout the country in response to the rapid escalation of computer crime. In 1995, the Futurist predicted that organized crime will take full advantage of the information superhighway. A prime target will be financial institutions. Computerliterate mob groups will reroute electroniccash flow and steal valuable information kept by banks (Internal Auditor, 1995b).
Whistleblowing Employees who report illegal and unethical practices in the workplace ought to be protected and cherished by their employers (Vinten, 1994).
For Vinten (1994), society owes a debt of gratitude to its whistleblowers. He remarked that in the real world, vigilance is needed to deal with illegal price-fixing, cheating on government defense contracts, abuse and incompetence in hospitals, disregard of health and safety standards. The IIA Code of Ethics proclaims that Certified Internal Auditors or members of The Institute of Internal Auditors “shall not knowingly be part of any illegal or improper activity” and mentions that auditors have an obligation to the general public. The IIA ethical posture on informing the “public” on irregularities seems to contradict its position taken in the SPPIA and PSB which limits such information internally. Ethics and loyalty may not follow the same line of reasoning. Professional Standards Bulletin 83-5 states: When an internal auditor’s procedures lead to suspicion of some kind of wrongdoing, the auditor should determine the possible effects of wrongdoing, discuss the matter with the appropriate level of management, and decide with management who should investigate or otherwise follow up the suspicion. When wrongdoing is suspected, the auditor’s responsibility extends to the appropriate level of management within the organization.
The Standards for Professional Practice of Internal Auditing (1988), Guideline 280.03 states: When an internal auditor suspects wrongdoing, the appropriate authorities within the
organization should be informed. The internal auditor may recommend whatever investigation is considered necessary in the circumstances. Thereafter, the auditor should follow up to see that the internal auditing department’s responsibilities have been met.
The second Guideline 440.01 states that follow up is necessary in the reporting process of improper activities: Internal Auditing should determine that corrective action was taken and is achieving the desired results, or that management or the board has assumed the risk of not taking corrective action on the reported findings.
The Institute of Internal Auditors, in its “IIA position paper on whistle-blowing” reconfirms that reporting to the board of directors satisfies the requirements of the professional standards, particularly when an audit committee is available to which internal audit is granted access (Institute of Internal Auditors, 1988). Mautz et al. (1984), in their survey on whistle-blowing, relate to the unpleasant experience of whistleblowers: Within internal auditing, loyalties are likely to vary with personal plans and opportunities of the auditors concerned. We found no strong understanding or teaching with regard to an overriding professional loyalty to an institution, position, or ideal. On a number of occasions when the subject of whistle-blowing slipped into the conversation, the attitude of those present was neither positive nor negative. Some of those who had an occasion in blowing the whistle were bitter about the results of having done so.
There seems to be a consensus that whistleblowers ought to be protected from any sort of retaliatory measures. Gill (1996) believes that employers are often unwilling to implement any negative employment decision against a wistleblower for fear that the employee will add a claim of retaliation to the suit. Albrecht (1996a) also agrees that employees must be given easy avenues for whistleblowing and be reassured that it is okay to come forward. Clinard (1990), in his survey, gave several reasons for nor reporting corporate violations to the government: • strong loyalty; • an employee might not have all the pertinent facts about the violation; • it would make one’s supervisors look bad; • an individual should quit instead of going to the government. Chazen et al. (1985) observed that external auditors are not legally obligated to blow the whistle on clients. However, circumstances may exist when auditors are legally justified
[ 57 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
in making disclosures to a regulatory agency or a third party. Such circumstances occur: • when a client has intentionally and without authorization associated or involved a CPA in its misleading conduct; • when a client distributed misleading draft of financial statements prepared by a CPA for internal use only; and • when a client prepares and distributes in an annual report or prospectus misleading information for which the CPA has not assumed responsibility.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
CPAs should not view Rule 301 on confidential information as an excuse for inaction where action may be appropriate to right the wrongful act committed by a client. The external auditor’s responsibilities to disclose illegal clients acts to outside parties is the same as for material irregularities. To reduce governmental fraud, Congress amended the False Claims Act of 1986 which encourages employees to sue employers who are defrauding the government. Title 31, Section 3729-3732, allows individuals to file what is called a “qui tam” lawsuit (Latin for “in the name of the King”). Under the law, a wistleblower can bring suit in the government’s name against a company perpetrating fraud against the government. The False Claims Act permits recovery of “three times” the amount of damages caused to the government by the false claims, plus a US$10,000 penalty per false claim. The wistleblower, identified as a “relator” is entitled to up to 30 percent of the amount recovered, including attorney’s fees. In addition, the Act makes it illegal for employers to retaliate in any way against wistleblowers for reporting fraud (Iraola and Klubes, 1997). Senators Charles Grassley and Howard Berman felt that this whistle-blowing provision was aimed at employees of private companies. In a February 2, 1992 letter to the Washington Post, they wrote that auditors “have a conflict of interest and an unacceptable incentive to self-deal if they are allowed to participate in substantial recoveries simply for doing their jobs” (Internal Auditor, 1992a). Barlas (1990) reported that the corporate whistle-blowers could be hurt by the Bush Administration proposal to tighten the Computer Fraud and Abuse Act of 1986. The amendments proposed by the Justice Department, would classify information in federal related computer files as “property.” If a defense contractor employee copied information in a Pentagon weapons systems test from a computer file and slipped that information to a federal prosecutor or a congressional committee chairman, that employee could be prosecuted under federal law.
[ 58 ]
In 1991, a former Rockwell machinist David Vosoughka filed a suit under the Federal False Claims Act, which awards whistle blowers a portion – generally 15 percent on any money received by the government as a result of the legal action. The lawsuit alleges that Rockwell workers routinely charged their time to space shuttle accounts even when they were working on other projects. The Justice Department joined the whistle blower in the lawsuit and accused Rockwell International Corporation of overcharging NASA possibly by billions of dollars for contracts to build part of the space shuttle (Sims, 1991). In 1992, many members of the US Congress wanted to increase the protection to workers and executives who blow the whistle on their employers’ violations and strengthen Section 11(c) of the Occupational Safety and Health Act (OSHA) by: • extending from 30-180 days the time during which an employee can file a whistle-blower complaint; and • allow the Department of Labor to pursue retaliation allegation via a departmental hearing, instead of going to federal court as now is the case (Internal Auditor, 1992b). Others believe that auditors should be responsible for whistle-blowing to inform appropriate authorities when suspected fraud and other illegalities are discovered in the course of an audit. Many organizations have established hotlines as a way of meeting the requirements of the Federal Sentencing Guidelines of 1991. The auditing profession is, however, struggling with the dilemma of confidentiality and the pressures from Congress to whistle-blow. If confidentiality is not respected, the entire audit process may be imperiled (Wallace, 1995). In 1993, the US Congress proposed a bill “Financial Fraud Detection and Disclosure Act.” It aims to force auditors to report misleading corporate financial accounting to the SEC, seek to encourage such reporting by giving auditors a time limit to resolve reporting problems with management, and to confer virtual immunity from retribution if they do report irregularities. The bill has its critics. Although it recognizes investor’s need for better financial reporting, it is unlikely to catch auditors who are criminally conspiring with their clients as such auditors would not likely voluntarily report any wrongdoing. The bill would involve too much government intervention in business management (Donlan, 1993). US Corporations are pleading with the Supreme Court to strengthen their legal defenses against the False Claim Act. Since the Department of Justice values its
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
informants, the corporate plea may be futile (Yang, 1997). In the UK, a bill designed to protect individuals who disclose corporate wrongdoing, failed to get through the UK Parliament. The Public Interest Disclosure Bill would have allowed individuals acting in the public interest to obtain a court order protecting them from termination or discrimination due to their revelations (Chapman, 1996). In New Zealand, the Parliament is currently considering two pieces of legislation intended to protect whistleblowers: 1 the Wistleblowers Protection Bill, introduced by Phil Goff, a private member of Parliament, in June 1994; and 2 the Protection Disclosure Bill, a Government Bill, introduced in August 1996. Both bills enable whistleblowers to obtain immunity from civil and criminal proceedings. The Financial Transactions Reporting Act of 1996 contains a specific provision for auditors for reporting irregularities (Dalziel, 1996).
Hotlines In 1979, the General Accounting Office (GAO) established a whistle-blowing hotline as a mechanism for combating fraud, waste, and abuse in federal expenditures. The success of the GAO hotline has led other government agencies, including 26 statutory Inspectors General, state and local agencies, and private companies to implement similar programs. The primary findings resulting from tips received include private use of government property, work-hour abuse by federal employees, fraud by recipients of such benefits as welfare, social security, disability and housing, and general mismanagement by government employees. Comptroller General Bowsher was satisfied with the results of the GAO hotline and stated that “the existence of the hot line has been a deterrent factor” (Flesher and Buttross, 1992). In 1979, the Department of Defense (DOD) also established a fraud hotline. The DOD office of the Inspectors General estimated that “27 percent of the allegations reported to the hotline were substantiated with identified savings of US$5.3 million dollars in a two-year operation” (Flesher, 1996). Leinicke et al. (1994) reported on the hotlines established by five companies – Archer Daniels Midland (ADM), First Chicago, Georgia-Pacific, Keystone Insurance, and Southern California Edison Company. The results show the following advantages: • the fraud surfaced by hotline tips often results in strengthening internal controls; • the benefits of operating the hotlines greatly outweighed their costs;
• if handled properly, the hotlines can be good public relations tools; and • they deter fraud. In 1996, the UK’s Department of Social Security set up a hotline for exposing individuals suspected of making bogus claims. After receiving an average of 250 calls per hour, with one-third of them relating to employers – rather than individuals – who cheat the system, Social Security Secretary Peter Lilley called for the establishment of a separate dedicated line for reporting dishonest employees. An estimated £1 billion each year is wrongly paid to benefit claimants who cheat the system (Internal Auditor, 1996d). To preserve the anonymity of whistleblowers, Anthem Corporation developed the Financial Crime Investigator which helps auditors, investigators, security personnel, and prosecutors detect, investigate, and combat contract and procurement fraud. The program includes pulldown options that provide advice on how to proceed after an allegation is made or an anonymous tip is given, that list the principal indicators of contract or procurement fraud, and outline the essential legal proofs of such fraud (Lindquist, 1995).
Fraud and downsizing There is a clear social price being paid by downsizing workers, and at the same time there is a significant increase in fraud incidents among American business entities (Van Nostrand and Luizzo, 1996).
Van Nostrand and Luizzo (1996) find a correlation between downsized workers and fraud increase. The underlying reasons are: • loyal employees suddenly become embezzlers; • the cutback of personnel in sensitive areas such as security, payroll, management information systems makes the company more vulnerable to fraud; • the employees tend to retaliate and hurt the company by committing fraud against it; • cutbacks are made in those areas where more fraud protection is needed. Norman Inkster, president of KPMG Investigation and Security Inc. in Toronto, believes that many factors in the current business environment, such as downsizing, de-layering, and sophisticated technology, can actually generate more opportunity for fraud (Gauthier, 1995). Unfortunately, downsizing dampens employee loyalty, leads to increased employee fraud and opens the door for more management abuses.
[ 59 ]
Rocco R. Vanasco Fraud auditing Managerial Auditing Journal 13/1 [1998] 4–71
Conflic of interest fraud The primary detective control against selfdealing is to match the employee master file records against the vendor file records for identical information, such as taxpayer identification numbers, addresses, bank account numbers, and the like (McNamee, 1996).
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Employee fraud often arises when employees are both self-employed and work, at the same time, with organizations. They frequently tend to sell their personal products to the organizations they work with. McNamee (1996) wrote that often organizations do not like to do business with their employees so that the employees are not placed in a situation where a conflict of interest exists between the employees’ responsibilities to the employers and the employees’ self-interest. To prevent employee fraud, he suggests two preventive controls that should work in all organizations: 1 a clear communication policy addressing conflicts of interest and self-dealing; and 2 a screen in the accounts payable program that provides adequate location addresses and company ownership information so that major suppliers can be properly identified before being added to the vendor file. Conflicts of interests can lead to types of fraud that are difficult to detect. Financial interest in a customer or supplier is an example of nepotism. A purchasing agent who had a personal interest in a supplier could charge his employer inflated prices (Flesher, 1996). Fabrizius (1990) reported that an audit investigation conclusively determined that a supervisor had repeatedly violated the company’s conflict of interest policy. These violations included receiving gifts, kickbacks, excessive entertainment, and borrowing money from various vendors. Certain vendors admitted that they had provided to the supervisor, such expensive items as hunting rifles and trips to resort areas. To prevent a reoccurrence of this type of problem, a more effective vendor-selection process was established. To detect conflict of interest fraud, Kramer (1996) suggests several steps including the test for indicators: • improper sole source awards; • low-bid award; • multiple purchases under bid limit. Crowder (1997) also lists several procedures to detect potential fraud arising from employee conflict of interest. Auditors use CATTs which allow to compare: • vendor addresses to employee address; • vendor address to employees’ outside business addresses; and
[ 60 ]
• vendor telephone numbers to employees’ home telephone numbers or outside business numbers.
Conclusion The audit department that chooses to be part of the fraud solution can look forward to continuing professional challenge (Thompson, 1991).
Fraudulent financial statements are of great concern not only to the corporate world, but also to the accounting profession. Every year the public has witnessed spectacular business failures reported by the media in major national and international journals, newspapers, and magazines. These catastrophic events have shocked the public, undermined auditors’ credibility in their reporting function, and eroded public confidence in the accounting and auditing profession. Often government agencies have been accused of being naïve and indifferent when their figures have been grossly misrepresented. Rather than moving toward a philosophy of a comprehensive fraud prevention, the auditing profession worldwide seems to be in a constant motion to enact statutes and auditing standards after the fraud scandals have been reported widely in the press. Events such as unreported revenues, manipulation of losses, inflated sales, fraudulent write-offs of uncollectible accounts, unusual relatedparty transactions, misappropriation of assets and many other irregularities have spearheaded several court rulings and shaped the auditing standards. Leading writers list the detection of fraud as one of the most important purposes of auditing. They view auditing as an important social service to the economic community (Seidman, 1939). Mautz and Sharaf (1961) also believe in the profession as a social service to the community; they think that “auditors are truly professional men if they are not in business solely for their profit.” The public and the auditing profession worldwide seem to have divergent views of what is expected from auditors. The results of the surveys conducted by Barron et al. (1997); Epstein and Gieger (1994); Lowe and Pany (1993) show that an “expectation gap” exists in the USA. The Institute of Chartered Accountants in England and Wales (1992) issued a report titled “Expectation gap can be bridged” and urged the profession to embrace the role of detecting fraud. Also in Canada, an expectation gap exists since users of financial statements believe that auditors can detect all misstatements with the same level of assurance, whereas most auditors would agree that this is not the case (Cockburn, 1993). Bankers,
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
financial analysts, investors, and even jurors expect from auditors to search for fraud. Independent auditors, of course, disagree on this “perceived” characterization of their auditing tasks. The public expects auditors to provide an absolute guarantee against fraud, failure, and financial ruin. Shareholders and third parties feel fully justified in demanding that auditors compensate them for losses and unmet expectations (O’Malley, 1993b). The accounting profession needs to address the public’s unrealistic expectations regarding the independent auditor’s role in preventing business fraud. The AICPA has been agonizing from the attacks leveled against the auditing and accounting profession and appointed several task forces to deal with the thorny issue of fraud. Although the fraud issue is relevant for both the public and the auditing profession, the auditing profession must, however, consider the cost/benefit principle as the overriding factor in audit engagements. There are, of course, constraints as to how much evidence auditors can gather. Still sophisticated management frauds will go undetected. The historical perspective of the events presented shows the dilemma the AICPA is facing in meeting the public interest in preventing the issuance of fraudulent financial statements. The emphasis now is to re-focus the auditor’s attention to search for fraud when planning an audit. The 1929 Wall Street market crash is the classic example of fraud that shocked the nation. It led the US Congress to take extreme measures to protect creditors and investors from the proliferation of fraudulent financial statements and establish the SEC early in the 1930s. The SEC has pursued unrelentingly its task by investigating and prosecuting corporations which have violated the securities laws. The cases presented show that the SEC has been quite successful in curving down the issuance of fraudulent financial statements in the USA. The SEC has become a model governmental organization worldwide for preventing fraud and prosecuting companies for fraudulent acts. As a result, securities regulators and exchange officials in many countries are seeking help from their US counterparts. The International Organization of Securities Commissioners is working to adopt the US accounting standards and rules in disclosure and insider trading (Schroeder, 1993). The Institute of Internal Auditors (IIA) has put fraud deterrence as a top priority task from its inception. In 1985, it became clear for the IIA to make a leap forward on this delicate issue and release SIAS 3 – Deterrence, Detection, Investigation, and Reporting of Fraud to guide internal auditors in the deterrence, detection, investigation and reporting
of fraud. The IIA position is that fraud, no matter the amount, ought to be investigated since it may lead to discovery of larger management or employee misconduct. The same year, the IIA restated its position on fraud by releasing IIA Report on Fraud. The awareness of fraud and its devastating results are being communicated through seminars, conferences, articles and sponsored research. Its presence and influence are felt worldwide. Considering the alarming increase of fraud cases worldwide, the IIA, as an international association, needs a more comprehensive plan on how to assist internal auditors worldwide to protect multinational corporations from the ravages of fraud. The Foreign Corrupt Practices Acts of 1977 and the Federal Sentencing Guidelines of 1991 represent two milestones for the internal auditing profession. Corporations are required to establish an internal control system which need to be monitored by the internal auditing department. Heavy fines are imposed on management for circumventing the internal control system. The IIA, like all other auditing and accounting professions, has had its ups and downs. This led von Schweitzer (1990) to comment, in his “Professional myopia” that the internal auditing profession has moved from “the bright outlook of 1984” to the “uncertainties of the 1990s.” This may be partially true since several auditing departments have undergone downsizing due to the new wave of cost reduction and effectiveness. But most corporations are not really convinced that downsizing is the key to boost the company’s bottom line. Considering the new wave and sophistication of corporate fraud scandals, internal auditors will play a pivotal role in this area in the twenty-first century. The cases examined suggest important lessons to learn about fraud: new programs, products, investments, and allowances require particular scrutiny on the part of the auditors; failing to discover and prevent marketing and sales fraud on the part of its staff may be one of the most dangerous mistakes an organization can make; and executives will be under increased pressure to prove that they are preventing fraud through their stewardship of a company (Internal Auditor, 1995). Lacativo (1995) suggests a risk-based approach to auditing fraud to respond to the companies’ expectation that auditors help them meet the strict federal regulations against fraud. A review of the current literature also suggests that companies are relying heavily on auditors to minimize losses from fraud. Zeune (1994), in his article “How to fool auditors,” observed that accounting systems do not reflect recent changes in the business environment, the result being that it is easy
[ 61 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
The following individuals collaborated in the research project: Anthony C. Carrollo, US Environmental Protection Agency; Phillip Chomiak, National-Louis University; Donald J. Eberle, President of the IIA Illiana Chapter; Rhoda M. Espiritu, Coopers and Lybrand; Jim Feltes, Advocate Healthcare; Jolene Ferguson, NationalLouis University; Robert C. Flannery, US Department of Agriculture; L. Bruce Johnson, Bethlehem Steel Company; Susan Lione, The Institute of Internal Auditors; Daniel T. Poludniak, American Savings Bank; Brian Reynolds, NationalLouis University; Clifford R. Skousen, Utah State University; Loren W. Smith, AMOCO Corporation; Rudolph L. Tracy, USS-Gary Works; Rao Vallabhaneni, US Railroad Retirement Board; Robert J. Vanek, Centier Bank; Kenneth Webster, Bethlehem Steel Company
to perpetrate fraud without being detected by auditors. This is because traditional auditing is conducted in a vacuum, with no link between a business’s key success factors and the way in which those factors drive the financial statements. The international arena seems troublesome. The statistics shows that most foreign countries do not have governmental bodies like the US Securities Commission, cannot afford the establishment of a sophisticated profession like the American Institute of Certified Public Accountants (AICPA), and are not joining the Institute of Internal Auditors (IIA) in the same number as the AngloSaxon countries. The ravages of fraud in Africa, Europe, Asia, and Eastern European countries are devastating and getting worse. In a global economy and multinational trade, the trend of international fraud affects all countries. American investors and financial institutions have vested interest in many foreign corporations; international fraud puts all at risk. Health care fraud, insurance fraud, defense procurement fraud, and other types of fraud against the federal government are taking an enormous toll on the taxpayer’s money. To reduce fraud in the industry sector, the IIA could establish task forces to develop “industry guides” dealing with fraud prevention, detection, deterrence, and reporting. There seems to be a consensus that both internal auditors and external auditors need to sharpen their skills to meet the challenges of fraud detection and prevention. The cases examined show that cash, inventory, and related party transactions are prone to fraud. Auditors assign a high risk index to the potential misappropriation of inventory, cash defalcation, and conflict of interest. The advent of the computerized systems has increased the improper manipulation of input or transaction data, application programs, data files, and computer operations. Embedded fraud is often hard to detect. To survive in the twenty-first century, the modern auditor needs a very extensive knowledge and practice in EDP auditing. The IIA must launch a “global plan” to train and harness internal auditors with more sophisticated techniques in combatting fraud globally and restructure its auditing framework to meet the needs of all internal auditors worldwide.
References and further reading Abbott, A. (1993), “Italian health sector in disarray following more scandals”, Nature, No. 364, August 19, p. 663. Abelson, A. (1994), “Russian roulette”, Barron’s, Vol. 74, August 8, p. 5.
[ 62 ]
Accountancy (1995), “Statement of auditing standard 110, fraud and error”, Vol. 115, March, p. 125. Accountancy (1995), “Statement of auditing standard SAS 120, Consideration of Law and Regulation”, Vol. 115, March, p. 125. Accounting Today (1990), “Big Six firm barred”, July 23. ACFE (1995), Fraud Examiners Manual. ACFE (1996), “AICPA writes statement on fraud in financial audit”, The White Paper, May/June, p. 46. ACFE (1996), “Top fraud fugitive arrested in Bahamas”, The White Paper, May/June, p. 47. AICPA, SAS 1 (1972), Codification of Auditing Standards and Procedures, AICPA, New York, NY. AICPA, SAS 6 (1975), “Related party transactions”, July, AICPA, New York, NY. AICPA (1978), “Commission on auditors’ responsibilities”, Report, Conclusions, and Recommendations, AICPA, New York, NY, p. 32. AICPA, SAS 45 (1983), “Omnibus statement on auditing standards”, August, AICPA, New York, NY. AICPA (1984), Report on the Study of EDP-related Fraud in the Banking and Insurance Industries, EDP Fraud and Review Task Force, New York, NY. AICPA, SAS 53 (1988), The Auditor’s Responsibility to Detect and Report Errors and Irregularities, AICPA, New York, NY. AICPA, SAS 55 (1988), “Consideration of the internal control structure in financial statements”, April, AICPA, New York, NY. AICPA, SAS 60 (1988), The Communication of Control – Structure Related Matters Noted in an Audit, April, AICPA, New York, NY. AICPA, SAS 61 (1988), “Communication with audit committee”, April, AICPA, New York, NY. AICPA SAS 54 (1988), Illegal Acts by Clients, AICPA, New York, NY. AICPA (1991), Accounting Trends and Techniques, AICPA, New York, NY. AICPA (1993a), Meeting the Financial Reporting Needs of the Future: A Commitment from the Public Accounting Profession, AICPA, New York, NY. AICPA (1993b), In the Public Interest: Issues Confronting the Accounting Profession, AICPA, New York, NY. AICPA SAS 82 (1996), Consideration of Fraud in a Financial Statement Audit, AICPA, New York, NY. Albrecht, S.W., Howe, K.R. and Romney (1984), Deterring Fraud: The Internal Auditor’s Perspective, IIA Research Foundation, Altamonte Springs, FL. Albrecht, S.W., McDermott, E.A. and Williams, T.L. (1994), “Reducing the cost of fraud”, Internal Auditor, Vol. 51, February, p. 28.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Albrecht, S.W., Stice, J.D. and Stocks, K.D. (1993), “What do internal auditors need to know?”, Internal Auditor, Vol. 50, October, pp. 56-9. Albrecht, W.S. (1996a), “Employee fraud”, Internal Auditor, October, p. 26. Albrecht, W.S. (1996b), “The expectation gap”, The White Paper, Vol. 10, September/October, p. 19. Alexander, C.P. (1985), “Crime in the suites”, Time, June 10, p. 56. Alexander, T. (1974), “Waiting for the great computer rip-off ”, Fortune, July, p. 146. Allen, B. (1977), “The biggest computer frauds: lessons for the CPAs”, Journal of Accountancy, May, pp. 52-62. Alpert, B.S. (1992), “Federal sentencing guidelines”, Internal Auditor, October, p. 46. Andersen, A. (1963), The First 50 Years, Arthur Andersen, Chicago, IL. Antilla, S. (1995), “Invest $200,000, get 15 percent rate”, New York Times, March 3, p. D1. Apostolu, B. (1985), An Investigation of Internal Auditor Judgment of the Indicators of Potential Fraud: An Analytical Hierarchy Approach, Louisiana State University, Baton Rouge, LA. Archer, G. (1996), “Related parties: still hard to spot”, Accountancy, Vol. 117, January, p. 64. Arena, R.W. (1992), Auditing to Prevent Fraud and Abuse, IIA Research Foundation, Altamonte Springs, FL. Arens, A.A. and Loebbecke, J.K. (1994), Auditing – An Integrated Approach, Prentice-Hall, Englewood Cliffs, NJ. Armstrong, J.E. (1988), “Auditing to detect fraud”, The CPA Journal, September, pp. 78-82. Arnold, W. (1996), “Fraud, nosy web pages torment internet users”, Asian Wall Street Journal Weekly, Vol. 18, March 18, p. 19. Aspen, M. (1992), US district judge, quoted by Alpert, S.B., “Federal Sentencing Guidelines”, The Internal Auditor, October, p. 46. Balinga, W. (1992), “Right to bring securities fraud and RICO action against auditors upheld”, Journal of Accountancy, Vol. 173, June, p. 29. Bannon, L. (1994), “Official admits to tax bribery at Fininvest”, Wall Street Journal, July 26, p. D13. Barlas, S. (1990), “Justice department wants tightening of computer fraud law”, Internal Auditor, October, p. 11. Barlas, S. (1993) “AICPA supports revised fraud detection act”, Management Accounting, Vol. 74, May, p. 9. Barron, D.C., Johnson, D.A., Searfoss, D.G. and Smith, C.H. (1997), “Uncovering irregularities: are we closing the expectation gap?”, The Journal of Accountancy, October. Baum, J. (1994), “Fast friends: stock scandal tars all of Taiwan’s main parties”, Far Eastern Economic Review, Vol. 157, October 27, p. 30. Begg, T.E. Jr (1994), “Using shared liability to combat check fraud”, The Banker Magazine, Vol. 117, November/December, pp. 57-60.
Bergstrom, R.J. and Morrison, J.L. (1993), “RICO: has the ultimate weapon been crushed?”, Journal of Accountancy, June, p. 17. Berton, L. (1986), “Grant Thorton finds itself in turmoil”, Wall Street Journal, April 14, p. 6. Berton, L. (1988), “Accountants try to keep RICO at bay”, Wall Street Journal, April 29, p. 19. Berton, L. (1992), “Legal beat: Ernst accord may give FDIC leverage”, Wall Street Journal, December 3, p. B11. Berton, L. (1992a), “Holding accountants accountable”, Wall Street Journal, September 22, p. A18. Berton, L. (1996), “Judge dismisses racketeering charges against accountants in DeLorean case”, Wall Street Journal, April, p. B8. Berton, L. and Adler, S. (1992), “CPAs nightmare: how audit of bank cost Price Waterhouse $338 million judgment – firm, which plans to appeal, allegedly failed to spot a weak loan portfolio”, Wall Street Journal, August 14, p. A4. Berton, L. and Truell, P. (1991), “Price Waterhouse’s US unit received at least $4 million in fees from BCCI”, Wall Street Journal, November 11, p. A3. Bliss, E.C. and Aoki, I.S. (1997), Are Your Employees Stealing You Blind?, Pfeiffer and Company, San Diego, CA. Bloombecker, B. (1990), Spectacular Computer Crimes, Dow-Jones-Irwin, Homewood, IL. Blum, P. (1994), “Czechs fall prey to financial predators”, The Financial Times, April 26, p. 2. Bohlen, C. (1995), “Bribery as a way of life in italy”, New York Times, December 10, p. 21. Bologna, J.G. (1992), “Thinking like a thief ”, Internal Auditor, August 30. Bologna, J.G. (1994), “How to detect and prevent embezzlement”, The White Paper, August/ September, p. 4. Bologna, G.J. and Lindquist, R.J. (1995), Fraud Auditing and Forensic Accounting, John Wiley & Sons, New York, NY. Bologna, J.G., Lindquist, R.J. and Wells, J.T. (1993), The Accountant;s Handbook of Fraud and Commercial Crime, John Wiley & Sons, New York, NY, p. 232. Boockholdt, J.L., Chang, S.Y. and Finley, D.R., (1992), “Using duds to detect fraud”, Internal Auditor, August, pp. 59-68. Borda, R.L. (1987), “Insurance fraud costs billion”, Journal of Commerce, December 3, p. 1. Boynton, W. and Kell, W.G. (1996), Modern Auditing, John Wiley & Sons, New York, NY. Brannigan, M. (1987), “Auditor’s downfall shows a man caught in trap of his own making”, The Wall Street Journal, March 4, p. 31. Brannigan, M. and Keoning, R. (1986), “Nine are indicted in the collapse of ESM; US charges firm hid its huge losses”, The Wall Street Journal, April 14, p. 6. Bray, N. (1994), “Scandals knock Deutsche bank’s image”, Wall Street Journal, July 5.
[ 63 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
[ 64 ]
Brief, A.P., Duketich, J.M., Brown, P.R. and Brett, J.E. (1997), “What’s wrong with the treadway commission report?”, Journal of Business Ethics, February, Vol. 183, p. 198. Briloff, A.J. (1991), “Castles of sand”, Wall Street Journal, December 22. Brink, V.Z. and Witt, H. (1982), Modern Internal Auditing, John Wiley & Sons, New York, NY. Calderon, T. and Green, B.P. (1994),“Internal fraud leaves its mark: here’s how to spot, trace and prevent it”, National Public Accountant, Vol. 39, August, p. 17. Carmichael, D.R. and Craig, J.L. Jr (1996), “Proposal to say ‘F’ word in auditing standards”, The CPA Journal, Vol. 6, June, p. 22. Chambers, M. (1985), “Two face charges in bank theft of $323 million”, New York Times, June 28, p. B3. Champlain, J.J. (1995), “Is your wire transfer system secure?”, Internal Auditor, June, p. 56. Chandler, R., Edwards, R. and Anderson, M. (1995), “Changing perceptions of the role of the company auditor, 1980-1940”, Accountancy, Vol. 116, November, p. 138. Chapman, C. (1996), “UK/wistleblower bill fails”, Internal Auditor, October, p. 8. Charfauros, M.V. (1995), Twenty-third Guam Legislature 1995 (First) Regular Session, Bill No. 116, Section 1. Chazen, C., Miller, R.L. and Solomon, K.I. (1985),“When the rules say: ‘see your lawyer’, Journal of Accountancy. Chernoff, J. (1996), “Acquittal puts end to Maxwell pension saga”, Pension & Investment, Vol. 241, February 5, p. 3. Ciferri, L. (1993), “Fiat brass to face flak at shareholders meeting”, Automobile News, June 28, p. 14. Cigna-Healthcare (1994), “Cigna, IBM tech tool targets healthcare fraud”, National Underwriter, Vol. 98, October 3, p. 5. Cisz, M.M. (1997), “Are your employees stealing you blind?”, Book review, Internal Auditor, April, p. 22. Clinard, M.B. (1990), Corporate Corruption. The Abuse of Power, Praeger, New York, NY. Cockburn, D.J. (1993), “Closing the GAP”, CA Magazine, Vol. 126, November, pp. 3-32. Cohen, W.S., US Senator (1995), “The FBI is here”, in Gardner, J.R. (Ed.), The White Paper, August/September, p. 4. Cohenson, M.S. and Dispasquale, R. (1993), “Crime can pay for certified fraud examiners”, The Practical Accountant, Vol. 26, February, pp. 20-2. Cole, I. (1993), “Putting trustees at the head of the table”, Accountancy, Vol. 112, November, p. 77. Collier, P.A., Dixon, R. and Marston, C.L. (1991), “Computer fraud. Research findings from the UK”, Internal Auditor, August, pp. 49-52. Colvin, G. et al. (1983), “Jake Butcher’s fall”, Fortune, March 21, p. 7. Cooper, K. and Flory, S. (1976), “Lessons from McKesson and equity funding”, Readings and
Cases in Auditing, Dame Publications, Houston, TX. Cottrell, D.M. and Albrecht, W.S. (1994), “Recognizing the symptoms of employee fraud”, Healthcare Financial Management, Vol. 68, May 8, p. 22. Covaleski, J.M. (1994), “Stamping out insurer fraud”, Best’s Review, Vol. 95, October, pp. 36-64. Cox, B. (1995), “Montana governor signs tough insurance fraud act”, National Underwriter Property & Casualty-Risk & Benefits Management, Vol. 17, April 24, p. 49. Crane, M. (1993), “Auditors, their clients, fraud and error”, Accountancy, Vol. 112, December p. 95. Crane, T.S. and Slavitt, E. (1997), “Congress accelerates fraud and abuse juggernaut”, American Medical News, Vol. 40, January 13, p. 22. Crowder, N. (1997), “Fraud detection techniques”, Internal Auditor, April, p. 17. Dabney, D.A. (1997), quoted in “Survey shows disturbing retail fraud trend”, IIA Today, February, p. 8. Dalal, S. (1994), “We are not amused: Indian MPs fume over stock-scandal report”, Far Eastern Economic Review, Vol. 157, August 18, p. 54. Dalglish, K. (1994), “A strategy for the twenty-first century”, CA Magazine, Vol. 127, May, p. 3. Dalziel, A. (1996), “Whistleblowing”, Journal of Chartered Accountants of New Zealand, Vol. 75, November, p. 12. Davia, H.R., Coggins, P.C., Wideman, J.C. and Kastantin, J.T. (1992), Management Accountant’s Guide to Fraud Discovery and Control, John Wiley & Sons, New York, NY. De Groot, A. (1997), “The Netherlands fraud examiner”, The White Paper, Vol. 2, JanuaryFebruary, p. 23. Demery, P. (1996), “Increasing auditors’ responsibility in finding fraud”, The Practical Accountant, Vol. 29, March, p. 8. Donlan, T.G. (1993), “A bigger whistle: congress pushes accountants to be more accountable”, Barron’s, Vol. 73, July 5, p. 10. Donlan, T.G. (1996), “Watering stock”, Barron’s, Vol. 76, November 25, p. 66. Duane, W. (1988), “Building together the future”, Internal Auditor, August. Dugan, C.F. and Lechtman, V.L. (1996), “In Russia, bribery ban is causing difficulties”, The National Law Journal, Vol. 19, October, p. C1. Duggan, C. (1995), “Script fraud”, Chemist & Druggist, September 16, p. S1. Echikson, W. (1994), “Will Paris go the way of Rome”, Fortune, Vol. 130, August 8, p. 14. Economist (The) (1992), “Lord Justice Bingham’s report on BCCI affair”, Vol. 325, October 24, p. 88. Economist (The) (1992a), “BCCI: paper thriller. Report by Senator J. Kerry’s Subcommittee,” Vol. 325, October 11, p. 94.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Economist (The) (1993), “Ferruzzi: hotting up crisis prompts large stock issue”, Vol. 328, September 14, p. 75. Economist (The) (1994), “Big buckets always leak most” Vol. 333, November 19, p. 58. Economist (The) (1995),“Hu-bris: Singapore’s stock exchange”, Vol. 334, March 4, p. 72. Economist (The) (1995a), “Discredited”, Vol. 336, August 12, p. 62. Economist (The) (1995b),“Miami or bust”, Banco Latino, July 1. Economist (The) (1995c),“Another Italian debt problem”, July 1, p. 68. Economist (The) (1996a),“Simply rotten: Italian finance”, Vol. 338, January 27, p. 66. Economist (The) (1996b),“Same old story”, Vol. 340, September 28. Edgerton, J. (1992), “Employee theft on the rise”, Louisville Courier Journal, October 30. Ehlers, H. (1996), “Building a case”, Internal Auditor, October, p. 38. Eichenwald, K. (1995), “SEC sues Nevada company”, New York Times, April 28, p. D3. Ekong, E. (1995), “Bank on verge of a nervous breakdown”, African Business, July/August, p. 6. Elliot, R.K. and Willingham, J.J. (1980), Management Fraud: Detection and Deterrence, Petrocelli Books, New York, NY. Epstein, M.J. and Geiger, M.A. (1994), “Investor views of audit assurance: recent evidence of the expectation gap”, Journal of Accountancy, Vol. 177, January, pp. 60-2. Ernst & Young (1992), Fraud 1992, Ernst & Young, New York, NY. European (The) (1996), “New moves to tackle fraud”, May 30, p. S2. Evans, T.E., Taylor, M.E. and Holzmann, O. (1994), International Accounting & Reporting, SouthWestern Publishing, Cincinnati, OH. Fabrizius, M.P. (1990), “Fire in the field”, Internal Auditor, October, p. 77. Fargason, J.S. (1992), Legal Compliance Auditing and the Federal Sentencing Guidelines, The Institute of Internal Auditors, Altamonte Springs, FL. FASB (1975), Analysis of Issues Related to Criteria for Determining Materiality, FASB, Stamford, CT, March 21. FASB (1982), “Related party disclosures”, Statement of Financial Accounting Standards No. 57, FASB, Norwalk, CT. FDIC (1986), “Chairman sees expanded role for auditors in bank fraud”, Journal of Accountancy, Vol. 162, July, p. 48. FDICIA (1991), Supervisory Guidance on the Implementation Section 112 of the Federal Deposit Insurance Improvement Act, Pub. L. No. 102105 Stat. 2236, May 14. Federal Register (The) (1991), “Federal sentencing guidelines”, Vol. 56 No. 95, May 16, pp. 227-86. Fialka, J.J. (1993), “BNL-Atlanta chief says audits failed to uncover fraud”, Wall Street Journal, November 10, p. B14.
Fiorelli, P.E. and Rooney, C.J. (1997), “COSO and the federal sentencing guidelines”, Internal Auditor, April, p. 57. Fischer v. Kletz (1967) (known as Yale Express), 266 F. Supp. 180 (SDNY). Flesher, D.L. (1996), Internal Auditing – Standards and Practices, The Institute of Internal Auditors, Altamonte Springs, FL. Flesher, D.L. and Buttross, T.E. (1992), “Whistleblowing hotlines”, Internal Auditor, August, pp. 54-8. Fortune (1978), Editorial, July 17, p. 95. Frank, I. (1982), “Auditors: not detectives”, Dallas Times Herald, August 29, p. 1. Fraud Examiner Manual (1997), excerpts from “Preventing internal fraud”, The White Paper, Vol. 2, January/February, p. 31. Freedman, J.M. (1993), “IMA research on target”, Management Accounting, Vol. 74, May, p. 70. Freeman, A. and Forcese, C. (1994),“Get tough on corporate crime”, The Toronto Star, November 17. Friedland, J. (1996), “Argentine judge probes IBM contracts with tax agency”, Wall Street Journal, June 20, p. A12. Friedman, A.S. (1994), “Software helps expose claims fraud”, National Underwater, Vol. 98, February 21, p. 7. Friedman, S. (1995), “Strong internal controls are vital”, Journal of Accountancy, Vol. 180, October, p. 90. Friedman, S. (1995), “Pay attention to warning signals”, Journal of Accountancy, Vol. 180, October, p. 88. Gardner, J. (1995), “The FBI is here!” The White Paper, August/September, p. 4. Gardner, J. (1996), “The Valentine’s Day Massacre”, The White Paper, May/June, p. 49. Gartland, P. (1995), “Germany as haven for scam and vultures”, The European, Vol. 267, June 23, p. 4. Gauntt, J.E. and Glezen, G.W. (1997), “Analytical auditing procedures”, Internal Auditor, February, p. 56. Gauthier, T.J. (1991), “It’s elementary, my dear internal auditor”, Internal Auditor, February, pp. 60-3. Gauthier, Y. (1995), “Forever fraud: interview with N. Inkster”, Internal Auditor, Vol. 52, October, p. 26. Geis, G. (1994), “Fraud in the former Soviet Union”, The White Paper, October/November, p. 3. Gill, J.D. (1996), “Reporting fraud under wistleblower statutes”, The White Paper, May/June, p. 9. Gill, J.D. (1996), “The private securities litigation reform of 1995: securities fraud cases just got tougher”, The White Paper, March/April, p. 9. Goldstein, L.M. (1992), “Favorite frauds”, Internal Auditor, August, pp. 35-40. Graham, A. (1996), “Fraud and soap operas”, Internal Auditor, October, p. 5.
[ 65 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
[ 66 ]
Gumbel, P. (1995), “Germany catches the European disease”, Wall Street Journal, July 13, p. A6. Gup, B.E. (1994), “Protecting financial institutions against fraud”, The Bankers Magazine, Vol. 177, May/June, p. 38042. Guy, D.M. and Mancino, J. (1992),“What an auditor does when finding fraud or illegal acts”, Journal of Accountancy, January, p. 103. Hannon, K. (1996), “Tip or tout? The perils of buying on the buzz”, US News & World Report, Vol. 121, December, p. 114. Hansen, J.V., McDonald, J.B. and Messier, W.F. (1996), “A generalized-response model and the analysis of management fraud”, Management Science, Vol. 42, July, p. 1022. Hrisak, D. (1996), “Auditors must sniff out fraud”, The Journal of Chartered Accountants of New Zealand, Vol. 75, July, p. 30. Harris, R.J. and Ricks, T.E. (1994), “Lockheed faces possible suspension on Air Force contracts after indictment”, Wall Street Journal, June 14, p. A12. Horsburgh, P. (1995), Info-sec Super Journal, World Wide Web. Huebner, J. (1996), quoted in Leidig, M. “Slovakia stings EBRD”, The European, November 14. IIA Atlantic City Chapter (1991), “Inventory discrepancies”, Internal Auditor, Vol. 48, December, p. 69. IIA Baltimore Chapter (1992), “$3,000,000 embezzlement”, Internal Auditor, June, p. 74. IIA Baltimore Chapter (1994), “Is it real”, Internal Auditor, June, p. 77. IIA Calgary Chapter (1991), “Just to make sure”, Internal Auditor, February, p. 70. IIA Calgary Chapter (1991), “Count and count again”, Internal Auditor, February, p. 64. IIA Dallas Chapter (1993), “Flood insurance claims all wet”, Internal Auditor, October, p. 74. IIA Dallas Chapter (1993), “$130,000 missing”, Internal Auditor, October, p. 74. IIA Florida West Coast Chapter (1990), “Red flags”, Internal Auditor, October, p. 79. IIA Florida West Coast Chapter (1990), “Pennies add up”, Internal Auditor, October, p. 79. IIA Forth Worth Chapter (1996), “Loan officer stretches limits”, The Internal Auditor, August, p. 67. IIA Houston Chapter (1991), “Drug pilferage”, Internal Auditor, Vol. 48, August, p. 71. IIA Houston Chapter (1993), “Control weaknesses = $60,000”, Internal Auditor, October, p. 74. IIA Houston Chapter (1993), “Recommendations are not suggestions”, Internal Auditor, October, p. 76. IIA Houston Chapter (1997), “Cash disbursement controls”, Internal Auditor, March, p. 80. IIA Mount Diablo Chapter (1993), “Deceitful refunds”, Internal Auditor, October, p. 73. IIA North Jersey Chapter (1995), “Evaporating cash”, Internal Auditor, February, p. 57.
IIA North Jersey Chapter (1995), “Good for their health”, Internal Auditor, June, p. 65. IIA Northwest Metro Chicago Chapter (1993), “Commingling of funds”, Internal Auditor, December, p. 75. IIA Round Table (1991), “It’s all relative”, Internal Auditor, Vol. 48, October, p. 73. IIA San Francisco Chapter (1993), “Good public relations”, Internal Auditor, October, p. 76. IIA Tucson Chapter (1994), “Uncertain pensions”, Internal Auditor, June, p. 76. IIA Wichita Chapter (1991), “Audit of microcomputers”, Internal Auditor, February, p. 70. IIA Wichita Chapter (1991), “Cash shortage experience”, Internal Auditor, Vol. 48, October, p. 73. Institute of Chartered Accountants in England and Wales (1992), “Expectation gap can be bridged”, Accountancy, Vol. 110, November, p. 11. Institute of Financial Crime Prevention (1986), Red Flags: What Every Manager Should Know about Internal Crime, Institute of Financial Crime Prevention, Austin, TX. Institute of Internal Auditors, SIAS 2 – Communicating Results. Institute of Internal Auditors (1985), SIAS 3 – Deterrence, Detection, Investigation, and Reporting of Fraud, The Institute of Internal Auditors, Altamonte Springs, FL, May. Institute of Internal Auditors (1985), IIA Report on Fraud, IIA Research Foundation, Altamonte Springs, FL. Institute of Internal Auditors (1986),The Role of Internal Auditors in the Deterrence, Detection and Reporting of Fraudulent Financial Reporting, The Institute of Internal Auditors, Altamonte Springs, FL. Institute of Internal Auditors (1988), “The IIA position on whistle-blowing”, Internal Auditor, October, p. 16. Institute of Internal Auditors (1988), Standards for the Professional Practice of Internal Auditing, 2nd ed., The Institute of Internal Auditors, Altamonte Spring, FL. Institute of Internal Auditors (1992), A New Look at Ethics and Fraud, The Institute of Internal Auditors, Altamonte Springs, FL. Institute of Internal Auditors (1992), “Professional standards bulletins (PSB)”, in Gleim, I., CIA Examination Review, Gleim Publications, Gainesville, FL. Institute of Internal Auditors (1992), SIAS 1 – Control: Concepts and Responsibilities, The Institute of Internal Auditors, Maitland, FL. Internal Auditor (1991a), “Audit legislation weaves its way through US Congress”, December, p. 10. Internal Auditor (1991b), “Fax security a grown concern”, Vol. 48, December, p. 9. Internal Auditor (1992a), “Debate over governmental whistle-blower payment”, April, p. 10.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Internal Auditor (1992b), “Strengthening whistleblower protection in the workplace”, June, p. 10. Internal Auditor (1993), “Fraud-prone personality type” August, p. 9. Internal Auditor (1995a), “Employees say it’s hard to be ethical in some organizations”, February, p. 9. Internal Auditor (1995b), “To know the future” June, p. 10. Internal Auditor (1995c), “Sales fraud”, Vol. 52, April, pp. 63-6. Internal Auditor (1995d), “What did we learn in 1994”, Vol. 52, February, pp. 53-4. Internal Auditor (1996a), “British Rail fraud inquiry launched” p. 10. Internal Auditor (1996b), “Businesses ignore computer security”, p. 11. Internal Auditor (1996c), “Hackers attack department of defense”, October, p. 10. Internal Auditor (1996d), “UK implements benefit fraud hotlines”, October, p. 11. Internal Auditor (1997), “Corrupt nations ranked”, April, p. 9. Iraola & Klubes (1997), Fraud on the Government: How Citizens Can Fight Health Care and Procurement Fraud Using the Qui Tam Statute, Iraola & Klubes, Washington, DC. IRC (1997), “Tougher stand on insurance fraud endorsed by more Americans, says insurance research council survey”, PR Newswire, January 15, p. 115. Jacobson, A. (1990), How to Detect Fraud through Auditing, IIA Research Foundation, Altamonte Springs, FL. Jacka, M.J. (1995), “Auditing’s vision”, Internal Auditor, Vol. 52, June, pp. 46-9. Jayasankaran, S. (1995), “Back to square one: the tangled tale of Malaysia’s Ayer Molek”, Far Economic Review, 158, September 21, p. 82. Jeffords, R. Jr, Marchant, M.L. and Bridendall, P.H. (1992), “How useful are the treadway risk factors?”, Internal Auditor, June, p. 60. Jennings, W.L. (1997), “Federal sentencing guidelines: what auditors need to know”, Transmission, Vol. XV, Winter, p. 1. Johnston, J.L. (1995), “Following the trail of financial statement fraud”, Business Credit, Vol. 97, October, pp. 47-8. Journal of Accountancy (1993), “Internal control audit proposal draws fire and praise” Vol. 176, October, p. 20. Kapnick, H. (1980), “Responsibility and detection in management fraud”, Readings and cases in Auditing, Dame Publications, Houston, TX. Kelley, C.M. (1976), “Accountants and auditors vs white collar crime”, The Internal Auditor, June, p. 35. Kimelman, J. (1994), “The lonely boy scout”, Financial World, Vol. 163, August 16, p. 50. Klotz, J.M. (1994), “Bribery of foreign officials – a call for change in the law of Canada”, Canadian Bar Review, Vol. 73, December, p. 467.
Knight and Ridder (1997), “Coastal Mississippi banks will use fingerprints to fight check fraud”, Tribune Business News, January 19. Knutson, P.H. (1994), “In the public interest – is it enough?”, The CPA Journal, Vol. 64, January, p. 32. Knox, J. (1994), “Why auditors don’t find fraud”, Accountancy, Vol. 113, February, p. 128. Koening, R. (1986), “Arthur Andersen is sued in audits of home state”, Wall Street Journal, January 13, p. 4. Konrath, L.F. (1996), Auditing Concepts and Applications, West Publishing, New York, NY. Kovacs, A. (1996), “Unstable markets”, Internal Auditor, Vol. 52, February, p. 30. KPMG Peat Marwick (1993), Fraud Survey Results 1993, KPMG Peat Marwick, New York, NY, p. 2. Kramer, W.M. (1996), “What’s tougher than catching the bad guys? Dealing with management”, The White Paper, May/June, p. 6. Kramer, W.M. (1996), “How to develop ‘proactive’ fraud detection computer programs”, The White Paper, September/October, p. 6. Lacativo, B.F. (1995), “A risk-based approach to auditing fraud”, Internal Auditing, Vol. 11, Summer, p. 41. Laing, J.R. (1996), “Novatek Redux: catastrophes thick and fast”, Barron’s, Vol. 26, November 4, p. 12. Lavelle, M. (1997), “Nations try to match US on Biz bribe law; but lawyers still argue over the meaning of the FCPA”, The National Law Journal, Vol. 19, January 20, p. B1. Lee, T. (1992), “The audit liability crisis: they protest too much”, Accountancy, Vol. 110, December, p. 102. Leiding, M. (1996), “Slovakia stings EBRD”, The European, Vol. 340, November 14, p. 21. Leinicke, L.M., Ostrowsky, J.A. and Rexroad, W.M. (1994), “Fraud hotlines”, Internal Auditor, February. Leinicke, L.M., Rexroad, W.M. and Ward, J.D. (1990), “Computer fraud: it works”, Internal Auditor, August, p. 26. Levi, P.C. (1997), “One step ahead of fraud: new software aids in data extraction”, The White Paper, Vol. 2, January/February, p. 6. Levington, C.A. (1991), “40 years of embezzlement tracking: internal auditor, April, p. 51. Life Insurance Industry (1997), “Plaintiff ’s law firm announces class action settlement with connecticut General Life Insurance Company”, PR Newswire, January 22, p. 122. Lindquist, R. (1995), “Financial crime investigator”, Management Accounting, Vol. 76, March, pp. 63-64. Loebbecke, J.K. (1987), “Assessing the risk of material irregularities”, Auditing: A Journal of Practice & Theory, Fall, pp. 1-28. Loebbecke, J.K., Eining, M. and Willingham, J.J. (1989), “Auditors’ experience with material irregularities: frequency, nature, and detectability”, Auditing: A Journal of Practice & Theory, Fall, p. 12.
[ 67 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
[ 68 ]
Lovell, A. (1993), “Corporate fraud and its challenge to the profession”, Accountancy, Vol. 112, September, pp. 72-3. Lowe, D.J. and Pany, K. (1993), “Expectations of the audit function”, CPA Journal, Vol. 63, August, p. 58. Luizzo, A.J. and Van Nostrand G. (1994), “Delving deeper to decipher fraud”, Security Management, Vol. 38, September, p. 113. MacDonald, E. (1996), “Auditors are ending up between a rock and a hard place over securities law”, Wall Street Journal, December 24. McCoy, C.F. (1987), “Financial fraud: theories behind nationwide surge in bank swindles”, Wall Street Journal, October 2, p. 15. McDonald, H. (1995), “Barefoot in Bombay”, Far Eastern Economic Review, Vol. 158, April 20, p. 85. McLeod, D. (1993), “Omaha Indemnity Co’s reinsurance fraud charges against Royal American Managers”, Business Insurance, Vol. 27, July 12, p. 16. McLeod, D. (1997), “New campaign against fraud”, AARP Bulletin, April, p. 1 McNamee, D. (1996), “Too good to be true”, Internal Auditor, August, pp. 62-3. Marsh, D. et al. (1994), “Something is rotten”, The Financial Times, July 9, p. 8. Marsh, H.L. and Powel, T. (1989), “The audit committee charter: Rx for fraud prevention”, Journal of Accountancy, Vol. 167, February, pp. 55-7. Matsumura, E.M. and Tucker, R.R. (1992), “Fraud detection: a theoretical foundation”, The Accounting Review, Vol. 67, October, pp. 753-82. Mautz, R.K. and Sharaf, H.A. (1961), The Philosophy of Auditing, American Accounting Association. Mautz, R.K., Tiessen, P. and Calson, R.H. (1984), Internal Auditing: Directions and Opportunities, The Institute of Internal Auditors, Altamonte Springs, FL, p. 89. Meall, L. (1995), “How high is the money mountain?”, Accountancy, Vol. 115, January, pp. 38-9. Menkus, B. (1990), “Eight factors contributing to computer fraud”, Internal Auditor, October, pp. 71-3. Miami Daily Business Review (1996), “New York Life Insurance Co. settling $187 million fraud suit but denies allegations”, April 2. Middlemann, C. and Munchau, W. (1995), “Powerhouse economy lacks sophisticated savers”, The Financial Times, September 8, p. 7. Miller, S.H. (1993), “AICPA announces major initiative to strengthen financial reporting and further tort reform prospects”, Journal of Accountancy, Vol. 176, August, pp. 15-16. Morley, R.A. (1994), “Fraud in the north woods”, Internal Auditor, June, p. 75. Mulder, P. (1995), cited in Peter Gartland, P., “Germany a haven from scam and vultures”, The European, Vol. 267, June 23, p. 21. National Underwriter (1992), “Mo. Blues’ programs battles fraud”, Vol. 96, November, p. 49.
Nature (1993), “Clean drugs for Italy?”, Vol. 3, August 19. New York Times (1994a), “SEC accord on comptronix”, March 30, p. D7. New York Times (1994b), “SEC suit on towers”, September 22, p. D3. New York Times (1996), “Prosecution at Thyssen Roils German executives”, August 16. Nichols, A. (1996), “Finding fraud in the Internet”, Internal Auditor, October, p. 24. Nnanna, O. (1995), “Nigeria: fraud on the line”, African Business, December, p. 31. Norris, F. (1995), “Fraud can occur at a company, even with auditors checking”, New York Times, September 12, p. D6. O’Connell, V. and Schultz, E.E. (1996), “Greater pension security in Clinton goal”, Wall Street Journal, April 12, p. C25. O’Malley, S.F. (1993a), “Legal liability is having a chilling effect on the auditor’s role”, Accounting Horizons, Vol. 7, June, pp. 82-87. O’Malley, S.F. (1993b), “Toward a better understanding of the expectation gap”, CPA Review, Vol. 63, February, pp. 6-7. Palmer, J. (1996), “First-time loser; executive convicted of fraud in Reg S Case”, Barron’s, May 13. Palmer, R.D. (1993), “You’re not old as you look”, Internal Auditor, August, p. 64. Palmrose, Z.-V. (1997), “Who got sued?”, Journal of Accountancy, March, p. 67. Pasztor, A. (1995), “Lockheed pleads guilty to conspiring to violate anti-bribery regulations”, Wall Street Journal, January 30, p. B5C. Pope, K. (1995), “European Union’s did to its poor nations is wasting billions”, Wall Street Journal, April 3, p. A1. Porter, D.I. (1971), “The insurance manager’s responsibility in preventing employee fraud”, The Weekly Underwriter, January 23, p. 23. PR Newswire (1997), “Weiss v. Metropolitan Life Insurance fraud case”, January 17, p. 117. Professional Standards Bulletins (PSB) 84-3 (1993), “Independence – responsibility for detecting all irregularities”, CIA Review by I. Gleim, University Station, Gainesville, FL. Professional Standards Bulletins (PSB) 85-5, “Professional proficiency – suspected wrongdoing”. Professional Standards Bulletins (PSB) 89-2, “Internal auditing procedures – analytical procedures”. Prosser, W.L. (1971), Handbook of the Law of Torts, West Publishing, St Paul, MN. Protzman, F. (1994), “German bankers defend lending practices”, New York Times, June 23, p. DL. Protzman, F. (1994), “Health-fraud accusations in Germany”, New York Times, May 31, p. 1. Quinney, R. (1964), “The study of white-collar crime. Toward a reorientation in theory and practice”, in Geir, G. and Meyer, R.F. (Eds), White-Collar Crime, Free Press, New York, NY.
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Rankin, K. (1990), “E&Y Deloitte face $13 billion in S&L damages”, Accounting Today, August 27, p. 1. Rapalus, P. (1996), “Businesses ignore computer security”, Internal Auditor, p. 11. Reis, R. (1996), “10 steps toward avoiding another era of scandals”, Fund Raising Management, Vol. 27, April, p. 46. Ricchiute, D.N. (1996), Auditing, South-Western Publishing, Cincinnati, OH. Robertson, J.C. (1996), Auditing, Irwin, Chicago, IL. Roy, N.P. (1993), “Can honesty be legislated?”, Financial Executive, Vol. 9, January-February, p. 1. Rossow, M.M. (1996), “When your auditor blows the whistle: how to deal with a IOA crisis”, Journal of Corporate Accounting & Finance, Vol. 7, Spring, p. 99. Sack, R.J. (1987), “The SEC and the profession: an exercise in balance”, Research in Accounting Regulation, Vol. 1, pp. 167-73. San Diego Union-Tribune (1996), “Lab fined $187 million for medical billing fraud” November 24. SEC (1940), in the Matter of McKesson & Robbins, Accounting Series Release No. 19. SEC (1976), 12(b) of Form 8-K, Accounting Series Release No. 165. Sawyer, L. (1988), Internal Auditing, The Institute of Internal Auditors, Altamonte Springs, FL. Schadewitz, H.J. and Blevins, D.R. (1996), “COSO and CFEs. How the treadway commission affects certified fraud examiners”, The White Paper, May/June, p. 35. Schilder, A. (1996), “Research opportunities in auditing in the European Union”, Accounting Horizons, Vol. 10, December, p. 88. Schmedel, S.R. and Berton, L. (1992), “Arthur Andersen copes with effects of tax scandal: tensions rise at accounting firms from actions by consulting unit”, Wall Street Journal, August 6. Schmitt, R.B. and Berton, L. (1994), “Deloitte to pay $312 million to settle US claims related to S&L failure”, Wall Street Journal, March 15, p. A6. Schroeder, M. (1993), “Babysitting the world’s emerging bourses”, Business Week, November 1, p. 112. Schulz, J.D. (1994), “Teamsters file racketeering lawsuit against midwest motor express”, Traffic World, Vol. 237, February 7. Schulz, J.D. (1995), “Midwest Motor Express wins in RICO case”, Traffic World, Vol. 243, July 31, p. 34. Schvimmer, A. (1993), “Maxwells charged with asset skimming”, Pension and Investments, Vol. 21, July 26, p. 4. Seamons, Q.F. (1993), “SEC loses in trial against auditor Price Waterhouse”, National Public Accountant, Vol. 38, March, pp. 16-17. Seidman, J.S. (1939), “A case study of employee frauds”, Proceedings of the Fifty-seventh
Annual Meeting of the American Institute of Accountants. Shannon, H. (1995), “Criminal statistics”, American Banker, Vol. 160, June 1, p. 8. Shapiro, S. (1994), “Crime and fraud in a new league”, Business Insurance, Vol. 28, December 26, p. 39. Simon, S. (1997), “Ex-chemical trader sentenced to 3 years”, American Banker, April 7, p. 3. Sims, C. (1991), “US joins whistle-blower suing Rockwell”, New York Times, April 29, p. 3. Singleton Green, B. (1994), “What are auditors meant to be doing?”, Accountancy, Vol. 113, February, p. 92. Singleton Green, B. (1995), “If it’s not plausible, don’t accept it”, Accountancy, Vol. 116, August, p. 24. Sittenfeld, I. (1996), “Federal sentencing guidelines”, Internal Auditor, April, pp. 56-62. Smith, E.R. (1995), “A positive approach to dealing with embezzlement”, The White Paper, August/September, pp. 17-18. Smith, G.N. (1995), “Spare the rod”, Financial World, Vol. 164, December 5, p. 10. Smith, M.L. and Crumbley, L. (1991), Trap Doors and Trojan Horses, Thomas Herdin & Daughter, Sun Lakes, AZ. Software Toolworks. (1992), “Auditors granted summary judgment in securities case”, Journal of Accountancy, Vol. 174, September, p. 21. Sommer, A.A. (1975), “Accountants: a flexible standard”, Litigation, Winter, pp. 35-9. Sommer, A.A. (1993), “POB annual report stresses liability crises”, Journal of Accountancy, Vol. 175, February, pp. 21-2. Souter, G. (1992), “BCCI to seek billions from auditors”, Business Insurance, Vol. 26, November 2, pp. 23-4. Stenger, M. (1997), quoted in Patrick Crow’s “Back to Nigeria”, The Oil and Gas Journal, June 1, p. 21. Stewart, C. (1959), “The nature and prevention of fraud”, The Journal of Accountancy, p. 41. Stodghill, R. (1995), “A mea culpa – and a comeback?”, Business Week, July 3, p. 3. Surety Association of America (1954), Safeguards Against Employee Dishonesty in Business, Surety Association of America, New York, NY. Sutherland, E.H. (1940), “White-collar Criminality”, American Sociological Review, Vol. 5, February, pp. 1-17. Sutton, M.H. (1997a), cited in “SEC leaders discuss the value of independence”, Journal of Accountancy, Vol. 183, February. Sutton, M.H. (1997b), “Auditor independence: the challenge of fact and appearance”, Accounting Horizons, Vol. 11, March, p. 86. Tagliabue, J. (1995), “Italian prosecutors seek fraud trial”, New York Times, December 8, p. D6. Tagliabue, J. (1995), “Gemina inquiry might hurt planned Fiat-Ferruzzi deal”, New York Times, October 9, p. D2.
[ 69 ]
Rocco R. Vanasco Fraud auditing
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
[ 70 ]
Tate, C.F. (1996), “The truth about audits”, Association Management, Vol. 48, September, p. 32. Taylor, J. (1996), “Montedison of Italy is accused by SEC of hiding millions of dollars in bribes”, The Wall Street Journal, November 22, p. A4. Thomas, P. (1989), “Auditors say Lincoln S&L sham deals were approved by Arthur Young & Co”, Wall Street Journal, November 15, p. A2. Thomas, P. (1990), “The US acts to learn of Keating millions for restitution months after S&L failed”, Wall Street Journal, August 10, p. A12. Thomas, P. (1990a), “RTC discloses insolvent savings and loans’ losses in period”, Wall Street Journal, August 10, p. A12. Thomas, W.C. (1979), “Materiality guidance”, The Journal of Accountancy, February. Thompson, C.M. (1991), “Fraud: the challenge facing internal auditors”, The Internal Auditor, June, p. 69. Thompson, C.M. (1992), “Fighting fraud”, Internal Auditor, August, pp. 18-23. Thompson, C.M. (1992), “Auditee interference and deception”, Internal Auditor, June, p. 73. Thompson, C.M. (1992), “Fraud”, Internal Auditor, August, p. 19. Thompson, C.M. (1993a), “Financial reporting fraud”, Internal Auditor, December, p. 66. Thompson, C.M. (1993b), “Fraud findings”, Internal Auditor, February, p. 61. Thompson, C.M. (1993c), “Fraud in the executive suite”, Internal Auditor, Vol. 50, October, p. 68. Thompson, C.M. (1993d), “Bad news bearers”, Internal Auditor, June, p. 64. Thompson, C.M. (1995), “What did we learn in 1994?”, Internal Auditor, February, p. 53. Thornhill, W.T. (1985), “A riskier tomorrow”, The Internal Auditor, April, pp. 28-31. Thornhill, W.T. (1995), Forensic Accounting. How to Investigate Financial Fraud, Irwin, Burr Ridge, IL, 1995. Thornhill, W.T. (1996), “Fraud: input tampering”, Internal Auditing, Vol. 12, Summer, p. 48. Thueson, B.C. (1997), “The land of opportunity”, The White Paper, Vol. 2, January-February, p. 35. Treadway Commission (1987), Report of the National Commission on Fraudulent Reporting. Tucker, J.J. (1988), An Early Contribution of Kenneth W. Stringer. Development and Dissemination of the Audit Risk Model, Rutgers University, New Brunswick, NJ; National Commission on Fraudulent Reporting, 1987, Washington, DC. US Department of Justice (1977), The Investigation of White Collar Crime, Government Printing Office, April, Washington, DC. Van Nostrand, G. and Luizzo, A.J. (1996), “The hidden cost of downsizing”, The White Paper, Vol. 10, September/October, p. 23. Vanasco, R.R. (1992), “FCPA: the American antibribery legislation”, Managerial Auditing Journal, Vol. 7, pp. 24-30.
Vinten, G. (1994), Whistleblowing – Subversion or Corporate Citizenship, Paul Chapman Publishing, London. von Schweitzer, H. (1990), “Professional myopia”, Internal Auditor, June, p. 42. Wall Street Journal (1974), “Equity funding chief ordered false figures, ex-officer testifies”, November, p. 4. Wall Street Journal (1976), “IRS finds bribes abroad may have led to tax fraud in accounting for funds” March 9, p. 3. Wall Street Journal (1984), “InterFirst’s chief resigns, profit fell in 4th period”, January 19, p. 4. Wall Street Journal (1992), “Inventory chicanery tempts more firms, fools more auditors”, December. Wall Street Journal (1994a), “Italy’s Montedison sues Price Waterhouse, seeking $610 million”, April 19. Wall Street Journal (1994b), “Former vice president at Towers Financial pleads guilty to fraud”, September 30, p. B4. Wall Street Journal (1994c), “SEC lodges charges against ex-official of a Florida insurer”, October 14, p. B4. Wall Street Journal (1996a), “Daiwa bank pleads guilty to concealing $1.1 billion in losses” February 19. Wall Street Journal (1996b), “Stock market surprises leads to new Italian market regulations”, October 29. Wall Street Journal (1996c), “Brazilian bank accounting fraud lasted 10 years”, Wall Street Journal, March 6. Wallace, W.A. (1995), Auditing, South-Western College Publishing, Cincinnati, OH. Walker, R. (1993), “In search of relevance”, CA Magazine, Vol. 126, February, p. 26. Warner, A. (1994), “Scam-busters”, The Banker, Vol. 144, May, pp. 68-70. Welch, S.T., Holmes, S.A. and Strawser, R. (1996), “The inhibiting effect of internal auditors in fraud”, Internal Auditing, Vol. 12, Fall, p. 23. Wells, J.T. (1992), “Fraud assessment questioning”, Internal Auditor, August, pp. 24-9. Wells, J.T. (1992), Fraud Examination: Investigative and Audit Procedures, Greenwood Publishing Group, Westport, CT. Wells, J.T. (1993), “Financial Frankensteins”, Internal Auditor, Vol. 50, April, pp. 52-7. Wells, J.T. (1994), “Message from the chairman”, The White Paper, October/November. Wells, J.T. (1994), “The billion dollar paper clip”, Internal Auditor, October, pp. 32-8. Wells, J.T. (1995), “It’s more than just accounting”, Internal Auditor, June, p. 13. Wells, J.T. (1997), “A medium rare scheme”, The White Paper, January/February, p. 19. Wells, J.T. (1997), “Message from the chairman”, The White Paper, January/February, p. 4. Wellsj, K. (1992), “Auditor in UK defends role in BCCI report”, The Wall Street Journal, August 14, p. A4.
Rocco R. Vanasco Fraud auditing
Wild, D. (1994), “Keep check on probity during reorganization”, Public Finance, December 9, p. 3. Williams, J. (1993), “Concealing out corruption”, Internal Auditor, Vol. 50, June, pp. 33-7. Wojcik, J. (1993), “Managed care techniques also work on company costs”, Business Insurance, Vol. 27, May 3, p. 3. Yang, C. (1997), “Whistle-blowers on trial”, Business Week, March 24, p. 172. Zelenko, L. and Urban, R. (1994), “Small investors face pyramid collapse”, The European, Vol. 241, December 22, p. 16. Zeune, G.D. (1994), “How to fool auditors”, Business Credit, Vol. 96, October, pp. 27-32. Ziegenfuss, D.E. (1996), “State and local government fraud survey for 1995”, Managerial Auditing Journal, Vol. 9, November, p. 49.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Managerial Auditing Journal 13/1 [1998] 4–71
Welton, R.E. (1988), “Pandora’s box: a comparison of Federal and State RICO statutes as they affect accountants”, in A Profession in Transition: The Ethical and Legal Responsibilities of Accountants, (DePaul University 1988-1989 Research Symposium), pp. 65-79. White, R.M. (1977), The Entrepreneur’s Manual. Business Start-ups, Spin-offs, and Innovation Management, Chilton Book Company, Radnor, PA. White Paper (The) (1994a), “Fraud update”, August/September. White Paper (The) (1994b), “Fraud update”, October/November, p. 17. White Paper (The) (1997), “European office opens”, Vol. 2, January/February, p. 27. Whittington, R.O. and Pany, K. (1995), Principles of Auditing, Irwin, Chicago, IL.
[ 71 ]
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
This article has been cited by: 1. Dessalegn Getie Mihret. 2014. National culture and fraud risk: exploratory evidence. Journal of Financial Reporting and Accounting 12:2, 161-176. [Abstract] [Full Text] [PDF] 2. Kamil Omoteso and, Musa ObalolaThe Role of Auditing in the Management of Corporate Fraud 129-151. [Abstract] [Full Text] [PDF] [PDF] 3. Joyce K. H. Nga, Evelyn W. S. Lum. 2013. An Investigation into Unethical Behavior Intentions Among Undergraduate Students: A Malaysian Study. Journal of Academic Ethics 11, 45-71. [CrossRef] 4. George Emmanuel Iatridis. 2011. Accounting disclosures, accounting quality and conditional and unconditional conservatism. International Review of Financial Analysis 20, 88-102. [CrossRef] 5. Katharina Chudzikowski, Gerhard Fink, Wolfgang Mayrhofer, Maaja Vadi, Krista Jaakson. 2011. The dual value of honesty among Russians in selected former Soviet countries. Cross Cultural Management: An International Journal 18:1, 55-70. [Abstract] [Full Text] [PDF] 6. Sunita Goel, Jagdish Gangolly, Sue R. Faerman, Ozlem Uzuner. 2010. Can Linguistic Predictors Detect Fraudulent Financial Filings?. Journal of Emerging Technologies in Accounting 7, 25-46. [CrossRef] 7. Grant Samkin, K.A. Van Peursem, A. Balme. 2010. Threats to the New Zealand Serious Fraud Office: an institutional perspective. Qualitative Research in Accounting & Management 7:3, 304-328. [Abstract] [Full Text] [PDF] 8. Grant Samkin, K.A. Van Peursem, A. Balme. 2010. Threats to the New Zealand Serious Fraud Office: an institutional perspective. Qualitative Research in Accounting & Management 7:3, 304-328. [Abstract] [Full Text] [PDF] 9. Philmore Alleyne, Nadini Persaud, Peter Alleyne, Dion Greenidge, Peter Sealy. 2010. Perceived effectiveness of fraud detection audit procedures in a stock and warehousing cycle. Managerial Auditing Journal 25:6, 553-568. [Abstract] [Full Text] [PDF] 10. Michael Doumpos, Chrysovalantis Gaganis, Fotios Pasiouras. 2005. Explaining qualifications in audit reports using a support vector machine methodology. Intelligent Systems in Accounting, Finance and Management 13:10.1002/isaf.v13:4, 197-215. [CrossRef] 11. Gerald Vinten, Philmore Alleyne, Michael Howard. 2005. An exploratory study of auditors’ responsibility for fraud detection in Barbados. Managerial Auditing Journal 20:3, 284-303. [Abstract] [Full Text] [PDF] 12. A. Seetharaman, M. Senthilvelmurugan, Rajan Periyanayagam. 2004. Anatomy of computer accounting frauds. Managerial Auditing Journal 19:8, 1055-1072. [Abstract] [Full Text] [PDF] 13. Ch. Spathis, M. Doumpos, C. Zopounidis. 2002. Detecting falsified financial statements: a comparative study using multicriteria analysis and multivariate statistical techniques. European Accounting Review 11, 509-535. [CrossRef] 14. Charalambos T. Spathis. 2002. Detecting false financial statements using published data: some evidence from Greece. Managerial Auditing Journal 17:4, 179-191. [Abstract] [Full Text] [PDF] 15. M.H Abdolmohammadi, V.D Owhoso. 2000. Auditors’ ethical sensitivity and the assessment of the likelihood of fraud. Managerial Finance 26:11, 21-32. [Abstract] [PDF] 16. Sunita GoelFraud Detection and Corporate Filings 315-332. [CrossRef]
