Detecting and Auditing for Fraud in Financial Statements Using Data Analysis

Detecting and Auditing for
Fraud in Financial
Statements Using Data
Analysis
January 30, 2013
Special Guest Presenter:
Richard Cascarino,

Copyright © 2013 FraudResourceNet™ LLC

About Peter Goldmann, MSc., CFE



President and Founder of White Collar Crime 101

Publisher of White-Collar Crime Fighter
Developer of FraudAware® Anti-Fraud Training
Monthly Columnist, The Fraud Examiner,
ACFE Newsletter

 Member of Editorial Advisory Board, ACFE
 Author of “Fraud in the Markets”
Explains how fraud fueled the financial crisis.


About Jim Kaplan, MSc, CIA, CFE
 President and Founder of
AuditNet®, the global resource
for auditors
 Auditor, Web Site Guru,
Internet for Auditors Pioneer
Recipient of the IIA’s 2007
Bradford Cadmus Memorial
Award.
 Author of “The Auditor’s
Guide to Internet Resources”
2nd Edition

About Richard Cascarino, MBA, CIA,
CISM, CFE
 Principal of Richard Cascarino &
Associates based in Colorado USA
 Over 28 years experience in IT
audit training and consultancy
 Past President of the Institute of
Internal Auditors in South Africa
 Member of ISACA
 Member of Association of Certified
Fraud Examiners
 Author of Auditor's Guide to
Information Systems Auditing

Webinar Housekeeping
This webinar and its material are the property of AuditNet® and FraudAware®.
Unauthorized usage or recording of this webinar or any of its material is strictly
forbidden. We will be recording the webinar and if you paid the registration fee
you will be provided access to that recording within two business days after the
webinar. Downloading or otherwise duplicating the webinar recording is
expressly prohibited.
Webinar will be recorded and will be made available within 48 hours.
Please complete the evaluation to help us continuously improve our Webinars.
You must answer the polling questions to qualify for CPE per NASBA.
Submit questions via the chat box on your screen and we will answer them
either during or at the conclusion.
If GTW stops working you may need to close and restart. You can always dial
in and listen and follow along with the handout.

Today’s Agenda
 Introduction: Fraud Statistics: The Growing Fraud
Threat
 Auditing for Fraud: Standards & Essentials
 Where & How Financial Statement Fraud Occurs
 Detection/Auditing/Investigative Techniques –
Including Automation
 Entity-Level Red Flags of Fraud
 Prevention and Deterrence
 Your Questions
 Conclusion


Fraud: The Big Picture
According to major accounting firms, professional fraud
examiners and law enforcement:

 Fraud jumps significantly during tough economic times
 Business losses due to fraud increased 20% in last 12
months, from $1.4 million to $1.7 million per billion dollars of
sales. (Kroll 2010/2011 Global Fraud Report)
 Average cost to for each incident of fraud is $160,000
(ACFE) Of Financial Statement fraud: $2 million
 Approx. 60% of corporate fraud committed by insiders (PwC)
 Approx. 50% of employees who commit fraud have been
with their employers for over 5 years (ACFE)

Financial Statement Fraud: The
Big Picture
 Victims of financial fraud are stakeholders with claims against the
entity: shareholders, lenders, regulators.
 Financial fraud occurs less frequently than asset misappropriation
but the losses are substantially higher.


Source: ACFE 2008 Report to the Nation


The Auditor’s Role

 IPPF Standard 1210.A3
 Internal auditors must have
sufficient knowledge of…available
technology based audit techniques
to perform their assigned work


IIA Guidance – GTAG 13
Internal auditors require appropriate
skills and should use available
technological tools to help them
maintain a successful fraud
management program that covers
prevention, detection, and
investigation. As such, all audit
professionals — not just IT audit
specialists — are expected to be
increasingly proficient in areas such as
data analysis and the use of
technology to help them meet the
demands of the job.


Professional Guidance


Accounting Fraud
 Selling More (Overstating revenue)
 Costing Less (Understating/not reporting
expenses)
 Owing More (Overstating debt to reduce taxes)
 Owing Less (Understating debt to boost share
price)
 Inappropriate Disclosure (Depreciation/asset
value, etc)
 Other Miscellaneous Techniques (Concealment)

Financial Statement Fraud Schemes
 Falsification, alteration, manipulation of material financial
records, supporting documents or business transactions
 Material intentional omissions or misrepresentations of
events, transactions, accounts or other significant
information from which financial statements are prepared
 Deliberate misapplication of accounting principles, policies
and procedures used to measure, recognize, report and
disclose economic events and business transactions
 Intentional omission of disclosures or presentation of
inadequate disclosures regarding accounting principles and
policies and related financial amounts
Jim Gravitt and Jennifer Johnson, “Recognizing Financial Statement Fraud”

Accounting Fraud: Red Flags

 Missing documents






Excessive voids or credits
Increased reconciliation items
Alterations on documents
Duplicate payments
Common names or addresses of payees or
customers
 Increased past due accounts
 Unusual spikes in payables or receivables
 Odd patterns in key ratios

The Power of Automation
Example: Interactive Data Extraction and Analysis
 21 years young
 Database limitations:
 2.1 billion records (100,000 records for IDEA
Express) depending on the operating system
 1.8 Exabytes file size (Tera, Peta, Exa)
(Quintillion)
 Some facilities not available in IDEA (Server)


Example: Orders Over Credit Limit


Common Types of Financial
Statement Fraud

1) Revenue Recognition


Revenue Recognition
Backdating agreements






Stock options and other time-sensitive
valuation issues that may result in
fraudulently high revenue or low cost basis
Need for controls in recording
contracts/sales, including independent
verification of the terms of the agreement
and contemporaneous recording of
transactions when they are approved
Need for in-house legal, corporate board
approval


Revenue Recognition
Sham Sales
 Falsify inventory records,
shipping records, and
invoices and record the
fictitious transactions as
sales
 Company may pretend to
ship the inventory and
hide it from company
auditors

Sales to Fictitious Customers


Revenue Recognition
Channel Stuffing
 Shipping excess merchandise to
distributors
 Right of return exists/ Side
agreements
 Need to examine conditions of sale,
analyze sales returns during cutoff
period/after year-end, review of sales
and contract files to determine if side
agreements exist


Revenue Recognition
Bill and Hold Schemes
 Recording fictitious sales and
shipping goods to third-party
warehouse
 Need to examine shipping
documents and analyze real
estate rental costs
 Look for evidence of side
agreements
 Review inventory changes


Revenue Recognition
Holding Books Open






Failure to match revenues with
related expenses in the period
in which they were incurred
(CA’s “35-day month)
Examine cut-off procedures
for month, quarter and yearend
Need for oversight and
approval controls in recording
contracts/sales

Revenue Recognition
Not Recording Detailed
Transactions on Sub-ledger





Overstating Sales and A/R
Where sub-ledger does not
reconcile to General Ledger
control account
Examine reconciliation and
top-side journal entries


Polling Question 1

A side agreement would NOT be a typical
part of which of the following:
Channel Stuffing
B. Holding the Books Open
C. Bill and Hold Schemes
A.


Statement Fraud

2. Management Estimates


Management Estimates
Allowance for Bad Debts





Altering underlying A/R aging to manipulate
computation
Refreshing of receivables by writing off aged A/R and
booking new, fictitious sales
Use of credit memos
Analyze Bad Debt expense and Sales accounts, looking
for similar levels of transaction activity for the same
customers


A/R Enquiries


Overstatement of assets by:
 Understating allowances
for receivables
 Overstating the value of
inventory, property, plant,
equipment, and other
tangible assets,
 Recording assets that did
not exist


Fraudulent Input from Sales or
Credit Department on Credit Quality




Lack of independent review of customer’s
creditworthiness
Inadequate documentation in credit file
Credit analyses should be performed by
individuals who are independent of the
sales process, periodic review of credit
files


Statement Fraud

3. Expense Manipulation


Expense Manipulation
Under-Accruing Expenses
 Lack of monthly or quarterly reconciliation of
accruals to actual amounts
 Charging accrual “true-ups” to other, infrequentlyused accounts
 Compare monthly accruals to actual expenses and
cash disbursements, noting variations in the
adequacy of accruals

 Capitalizing expenses


Expense Examination


Polling Question 2
Overstating assets can be achieved by
(Choose all that apply):
A. Understating allowances for receivables
B. Overstating the value of inventory, property, plant,
equipment, and other tangible assets
C. Recording assets that do not exist
D. All of the above


Not Recording Expenses
 Paying unrecorded expenses
must be offset by not paying other
expenses
 Need to ensure adequate
segregation of duties in the
receipt of invoices and the
recording of expenses, review
invoice file for past due invoices
and collection notices


Not Recording Detailed
Transactions on Sub-ledger
 Understating Expenses and A/P
 Where sub-ledger does not
reconcile to General Ledger
control account
 Examine reconciliation and search
for unrecorded expenses


Capitalizing Expenses
 Moving expenses from the P&L to the Balance
Sheet and amortizing them over an extended
period
 WorldCom – telecom line charges
 Examine capitalized asset accounts for year-onyear changes


Changing Inventory
Valuation Methods
 May result in lower
COGS and higher sales
margins
 Review calculation of
inventory valuation and
related disclosures


Manipulating Non-Cash
Expenses
 Changing depreciation
and amortization methods
 Review calculation of
depreciation and related
disclosures


Detection and Investigation
Techniques

4. Detection and Investigative
Techniques For Auditors, Fraud
Investigators, Legal Staff, HR and
Senior Management


Detection and Investigation
Techniques

 What are you looking for? (Avoid
spinning your wheels).
 Where are you going to find it?
 Choose the best technique (interviewing,
audit, CAAT’s)
 Select the tool


ASK THESE QUESTIONS…
 Where are the weakest links in the system’s
controls?
 What deviations from conventional good
accounting practices are possible?
 How are off-line transactions handled and
who has the ability to authorize these
transactions?
 What would be the simplest way to
compromise the system?
 What control features in the system can be
bypassed by higher authorities?
 What is the nature of the work environment?

Tools and Techniques

 Be Skeptical!!!!
 Analytical Procedures
 Other Investigative Techniques
 CAATs

BE SKEPTICAL!!!!!













Always request originals.
Ask yourself whether transactions make sense.
Have documents been altered?
Look to see where the documents are maintained.
Do employees have close personal relationships with
vendors?
Is there a lack of supporting documentation?
Do background checks identify related parties and DBAs?
Does an answer not make sense?
Are you avoided more than usual?
When asking a relatively simple question, are you
unexpectedly referred to someone high up in the
organization?
Go with your gut!

Analytical Red Flags

 Increased scrap.
 Excessive purchases.
 Unexplained inventory shortages or
adjustments.
 Significant increase or decrease in account
balances.
 Cash shortages or overages.
 Deviations from specifications.

Polling Question 3

WorldCom’s massive accounting fraud
was characterized PRIMARILY by:
Not recording detailed transactions on subledger
B. Not recording expenses
C. Capitalizing expenses
D. None of the above
A.


Analytical Procedures
Range from simple to complex
Identify trends or anomalies
Four Key Steps:
1. Develop an expectation
2. Determine the acceptable deviation from the expected
value
3. Compare the result of the analytical procedure to the
expected value
4. Investigate and evaluate any significant differences


Analytical Anomalies
Strange Financial statement relationships
such as:
Increased revenues with
 decreased inventory.
 Increased revenues with
 decreased receivables.
 Increased inventory with
 decreased payables.
 Increased volume with
 increased cost per unit.

Data Analysis: Testing for Red
Flags

Financial Statement Analysis
 Vertical – a/k/a “common-sized statements”
 Analyzes each line as a % of its relevant total
 Income items as a % of total revenue
 Expenses as a % of total expense

 Identifies disproportionate items
 Identifies fluctuations between periods

 Horizontal – a/k/a “time-series analysis”
 Measures $ and % changes from period to period
 Identifies fluctuations and seasonality

Knowledge Discovery










Data Selection.
Data Cleaning.
Data Enrichment.
Data Coding/Reduction.
Data Mining.
Interpretation/Reporting.
Action.
Measurement and Evaluation.


Data Analysis - Testing for Red Flags

Data Mining/Analysis
 Using file interrogation software
to examine underlying data





General Ledgers
Vendor files
Payroll
A/P and A/R


Other Investigative Techniques

 Public Document
Reviews & Background
Investigations
 Interviews of
Knowledgeable Persons
 Confidential Sources


Entity-Level Red Flags
Internal control gaps,
deficiencies, weaknesses
Business results that continually
outperform expectations
Management override of
controls
Rapid or significant turnover of
resources, especially senior
management or employees in
key positions
Employee, customer or vendor
complaints
Inadequate segregation of
duties

 Unusual end-of-month or
end-of-quarter variations
 High-level of related-party
transactions
 Systems are manual and/or
decentralized
 Repeated changes of
independent public
accountants
 Continuous problems with
various regulatory agencies
 Disclosures of Investigations
 Suspicion of illegal activities


Prevention, Deterrence and
Detection
 Prevention

 Deterrence

 Detection

 Tone at the top
 Value system (“Code of
Ethics / Conduct”)
 Positive workplace
environment
 Hiring, promoting and
retaining appropriate
employees
 Training and awareness
programs
 Confirmation / affirmation
of Code of Conduct/Ethics
 Ombudsman programs
 Whistleblower programs
 Incident response / case
management processes
 Investigative procedures
 Discipline, prosecution and
recovery guidelines

 “Active” oversight by Board
and/or Audit Committee

 Identification and
measurement of fraud risk
(“fraud risk assessment”)
 Processes &procedures to
mitigate identified fraud risk
 Effective internal controls at
entity and process level
 On-going monitoring
activities
 Computer-assisted audit
techniques
 Investigation of:

– Fraud risk assessment and
related measures
– Code confirmation /
affirmation process
– Management’s involvement in
financial reporting process
and override of control
– Process to receive, retain and
treat complaints of fraud /
unethical conduct
– Internal and external audit
effectiveness

 Internal audit
– Evaluation of adequacy /
effectiveness of internal
controls

 Disciplinary examples


–
–
–

Internal control
weaknesses / breaches
Non-response to Code
confirmation / affirmation
Reported issues

CAATs IDEA


CAATs ACL


Common Analytical Mistakes
 Failure to maintain proper documentation
 Failure to notify decision makers
 Failure to control digital evidence
 Failure to report incident in a timely manner
 Underestimating the scope of the incident
 No incident response plan in place
 Technical mistakes:
 Altering date and time stamps on evidence
systems before recording them
 Killing rogue processes
 Patching the system back together before
investigation
 Not recording commands used
 Using untrusted commands and tools
 Overwriting evidence by installing tools


Questions?
 Any Questions?
Don’t be Shy!


Special Training Opportunities*
 Sign up for one or more of our monthly Webinars
with special individual pricing ($99 for one, $175
for two, $225 for three) or,
 Sign up all your staff and they all earn CPE (must
register and sign in with their work email
address). Special group corporate pricing $300
for one Webinar or $500 for both or $750 for all
three.


*Limited time offer and we reserve the right to restrict registrations based
on our attendee limit.


Thank You!
Website: http://www.fraudresourcenet.com
Jim Kaplan
FraudResourceNet™
800-385-1625
jkaplan@fraudresourcenet.com
Peter Goldmann
FraudResourceNet™
800-440-2261
pgoldmann@fraudresourcenet.com
Richard Cascarino
Cascarino & Associates
rcasc@rcascarino.com


Upcoming Events for 2013


Detecting and Auditing for Fraud in Financial Statements Using Data Analysis

More Related Content

What's hot (20)

Viewers also liked (12)

Similar to Detecting and Auditing for Fraud in Financial Statements Using Data Analysis (20)

More from FraudBusters (11)

Recently uploaded (20)

Detecting and Auditing for Fraud in Financial Statements Using Data Analysis