The Risk of Fraud and

Mechanisms to Address
Fraud: Regulation,
Corporate Governance
and Audit Quality
FRAUD – intentional act involving
the use of deception that results
in a material misstatement of
financial statements.
Types of Fraud:
1) Misappropriation of assets
2) Fraudulent financial reporting
ASSET MISAPPROPRIATION – Theft or
misuse of an organization’s assets.

Commonly perpetrated against small

businesses and perpetrators are
usually EMPLOYEES.
This occurs when employees:
1) Gain access to cash and manipulate
accounts to cover up cash thefts.
2) Manipulate cash disbursements
through fake companies.
3) Steal inventory or other assets and
manipulate financial records to cover up
the fraud.
Fraudulent Financial Reporting
- intentional manipulation of
reported financial result to misstate
the economic condition of the
organization.

- also known as MANAGEMENT

FRAUD.
Either the perpetrator seeks:

1) Direct personal gain – rise in stock

price to increase personal wealth

2) Indirect Gain – to “save” the

company from misfortune
Accomplish through:

1)Manipulation, falsification, or
alteration of records or documents.

2) Misrepresentation or intentional
omission of events and other info.

3) Intentional misapplication of
accounting policies.
FRAUD TRIANGLE – introduced by
career criminologist Don Cressey
more than 30 years ago.

It is used in assessing the likelihood of

the occurrence of fraud by carefully
analyzing its 3 elements.
3 Elements of Fraud Triangle:
1) Incentive OR motivation
2) Opportunity to commit and conceal
fraud
3) Rationalization

RED FLAGS – factors associated with

these elements
For Fraudulent Reporting:
1) Management compensation schemes
2) Financial pressures, either improved
earnings or an improved balance sheet
3) Debt covenants
4) Personal wealth tied to either
financial results or survival of the
company
5) Greed
Incentives relating to asset
misappropriation include:

1) Personal factors such as severe

financial considerations
2) Pressure to live a more lavish
lifestyle
3) Addiction to gambling or drugs
These are junctures of circumstances
that permit the occurrence of fraud.

Fraud opportunities generally come

from:
1) Lack of controls
2) Nature of the transaction
Opportunities to commit fraud that
the auditor must consider:

1) Significant related-party
transactions
2) Company's industry position
3) Management's inconsistency on
assets and accounting estimates
4) Complicating simple transactions
through unusual recording processes
5) Complex or difficult to understand
transactions
6) Ineffective monitoring of
management by the board
7) Complex or unstable
organizational structure
8) Weak or nonexistent internal
controls
Involves reconciling an unethical act
with the common notions of decency
and trust

How the perpetrator justifies himself

of his fraudulent act.
Rationalizing fraudulent financial
reporting includes:
1) This is a one-time thing to get us
through the current crisis and survive
until things get better.
2) Everybody cheats on the financial
statement a little, we are just playing
the same game.
3) We will be in violation of all our debt
covenants unless we find a way to get
this debt off the financial statements.
4) We need a higher stock price to
acquire company XYZ, or to keep our
employees through stock options,
and so forth.

For Asset misappropriation:

1) Fraud is justified to save a family

member or loved one from financial
crisis.
2) We will lose everything if we don’t
take the money.
3) No help is available from outside.
4) This is “borrowing” and we intend to
pay the stolen money back at some
point.
5) Something is owed by the company
because others are treated better.
6) We simply do not care about the
consequences of our actions or of
accepted notions of decency and trust,
we are out for ourselves.
Enron (2001)
a) Shifting debt to off-balance sheet
special entities
b) Recognizing revenue on impaired
assets by selling them to special-
purpose entities that they controlled
c) Engaging in round-tripping trades
d) Numerous other related-party
transactions
WorldCom (2002)
a) Recorded bartered transactions as
sales
b) Used restructuring reserves
established through acquisitions to
decrease expenses
c) Capitalized line costs rather than
expensing them as would have been
appropriate
Parmalat (2003)
a) Overstated cash and included the
false recording of cash ostensibly
held at major banks
b) Understated debt by entering into
complex transactions with off-shore
subsidiaries tax-haven places such
as countries in Caribbean
HealthSouth (2003)
a) Billing group psychiatric sessions
as individual sessions
b) Using adjusted journal entries to
both reduce expenses and enhance
revenues
Dell (2005)
a) Misleading investors by
miscategorizing large payments from
Intel, which essentially bribes to ensure
that Dell would not use CPUs
manufactured by Intel’s main rival
b) Misrepresenting the Intel payments
as involving operations, enabling the
company to meet its earning targets
c) Failing to disclose the true reason for
the company’s profitability declines
that occurred after Intel refused to
continue making payments
Koss Corp. (2009)
a) Intimidation of lower-level
employees
b)Sole approval for large
expenditures made through
American Express and other
corporate credit cards
c) Lack of supervisory review and
approval by CEO
d) Lack of audit committee oversight
e) Lack of an effective internal audit
function
Olympus (2011)
a) Concealed large losses related to
securities investment for over 2
decades
b) Switched audit firms during the
period because company management
clashed with their external auditor over
accounting issues
c) Committed fraud which was
eventually revealed when the
company’s president was fired after
discovering and objecting to
accounting issues
Longtop Financial Technologies (2011)
a) Exaggerated profit margins by
shifting staffing expenses to another
entity
b) Recorded fake cash to cover up
fake revenue that had been
previously recognized
c) Threatened the audit firm
personnel and tried to physically
retain the audit firm’s workpapers
when the auditors uncovered the
fraud.
PROFESSIONAL SKEPTICISM
-an attitude that includes a
questioning mind and critical
assessment of audit evidence.
-requires an ongoing questioning of
whether the information and audit
evidence obtained suggests that a
material misstatement due to fraud
may exist
The 3rd COSO Report
-most recent study, published in
2010, companies that were cited by
SEC during 1998-2007 for fraudulent
financial reporting
-the analysis identified major
characteristics of companies that had
perpetrated fraud
The 3rd COSO Report
-also focused on comparing fraud
and nonfraud companies of similar
sizes and in similar industries to
determine which factors were the
best discriminating between the
fraud and the nonfraud companies
Major Findings:
a) The amount and incidence of fraud
remains high. Total amount of fraud
was more than $120 billion spread
across 300 companies.
b) The media size of company
perpetrating the fraud rose tenfold to
$100 million during 1998-2007.
c) Heavy involvement of fraud by the
CEO and/or CFO at least one of them
named in 89% of the cases.
d) The most common fraud involved
revenue recognition-60% of the
cases during 1998-2007 compared
to 50% in previous periods.
e) 1/3 of the companies changed
auditors during the latter part of the
fraud(with full knowledge of audit
committee) compared to less than
half that amount of auditor changes
taking place with the nonfraud
companies.
 f) Consistent with previous COSO
studies, majority of frauds took place
at companies that were listed on the
Over-The-Counter (OTC) market
rather than those listed in NYSE or
NASDAQ.

Overall, the 3rd COSO report shows

that fraudulent financial reporting
remains a very significant problem.
Auditor's Responsibility is present in
all audit phases:
1.) Planning Phase
2.) Testing Phase
3.) Completion Phase
PLANNING PHASE
Auditor should make inquiries of
management about:
1.) Management's assessment of risk due to
fraud
2.) Controls established to address such
risks and the adequacy of such controls
3.) Any material error or fraud that has
affected the entity or suspected fraud
that is under investigation
4.) Integrity of management
PLANNING PHASE
In adition to inquiries of management,
PSA 240 provides additional requirements for
auditors to:
1.) Assess the risk of material
misstatements due to fraud
2.) Consider those assessments in
designing audit procedures to be
performed
TESTING PHASE
1.) The auditor should perform
procedures (under each
doubtful circumstance) he may deem
necessary to determine
whether misstatements exist

2.) The auditor should classify whether

the misstatement is a result of an
error or a fraud
TESTING PHASE
If the misstatement is a result of fraud but
NOT material, the auditor should:
1.) Refer the matter to the appropriate
level of management atleast ONE LEVEL
ABOVE THOSE INVOLVED
2.) Be satisfied that the fraud has no
other implications or those implications have
been adequately considered
TESTING PHASE

If the misstatement is a result of fraud that

is MATERIAL, the auditor should:
1.) Evaluate the reliability of
managements representations
2.) Discuss the matter and approach for
further investigation with an appropriate level
of ONE LEVEL ABOVE those involved
3.) Attempt to obtain factual evidence
4.) Suggest the client consult legal
counsel about questions of law
COMPLETION PHASE
The auditor should:
1.) Obtain a written representation from
the client's management that:
a. It acknowledges its responsibility for
the implementation of accounting and internal
control systems that are designed to prevent fraud
and error
b. It believes the effects of the FS
misstatements are immaterial
c. It has disclosed to the auditor all
significant facts relating to fraud or suspected fraud
CONSIDER THE EFFECT ON THE
AUDITOR'S REPORT
If the auditor believes that material error
of fraud exists, he should:
1.) Request the management to revise
the financial statements, otherwise, the
auditor will express a qualified opinion
If the auditor is unable to evaluate the
effect of the fraud on the FS due to his
limitation of scope, he shall qualify or
disclaim his opinion on the FS
CAQ identifies 3 ways in which
individuals involved in the financial
reporting process can mitigate the
risk of fraudulent financial reporting:

1) Need to acknowledge that there

needs to exist a strong highly ethical
tone at the top of an organization
that permeates the corporate culture
2) Need to continually exercise
professional skepticism.

3) Need to remember that strong

communication among those
involved in the financial reporting
process is critical.
It is clear that the general public
expects that auditors have a
responsibility to detect and report on
material frauds.

CAQ states that the responsibility of

detecting error and fraud is not the
responsibility of the auditor alone,
but the all individuals involved in the
financial reporting process
 Objective: To combat corporate fraud
and protect shareholders' interests
 Action Taken: Provided new rules for;
1.) Publicly traded companies
2.) Audit firms
3.) Created the Public Company
Oversight Board (PCAOB)
Rules for companies:

 CEO and CFO must certify the

truthfulness and accuracy of the FS
- They are criminally liable in case of
FS misstatements due to fraud
 Company must assess the
effectiveness of it's internal controls
Rules for audit firms:

 Implement quality control if the client is a

public company
 A second audit partner, review and approve
audit reports
 Lead partner and reviewing partner must
rotate out for every 5 years
 Must assess the effectiveness of the client's
internal controls (Sec. 404)
 Prohibition of providing non-audit services
to audit clients (e.g. consulting and audit
for the same client at the same time
Creation of the Public Company
Oversight Board (PCAOB)

 Regulated the auditing industry

 Eliminated the self-regulating power of
audit firms
 Responsibilities:
Registration
Monitoring
Standard-setting
Enforcement
CORPORATE GOVERNANCE
OWNERS

Governance

Stakeholders
Management and the board have
responsibilities to act within the laws
of society and to meet various
requirements of creditors and
employees and other stakeholders.
 Principles of Effective Corporate
Governance

The Principles Related to Boards and

Management include:
1) The board’s fundamental objective
2) Successful corporate governance
3) Effective corporate governance
4) Transparency
5) Independence and objectivity
NYSE Mandated certain corporate
governance guidelines that
registrants must follow:

1) Boards need to consist of a

majority of independent directors.
2) Boards need to hold regular
executive sessions of independent
directors without management
present.
3) Boards must have a
nominating/corporate governance
committee composed entirely of
independent directors.
4) The nominating/corporate
governance committee must have a
written charter that addresses the
committee’s purpose and
responsibilities and there must be an
annual performance evaluation of the
committee.
5) Boards must have a compensation
committee composed entirely of
independent directors.
6) The compensation committee must
have a written charter that addresses
the committee’s purpose and
responsibilities, which must include
the responsibility to review and
approve corporate goals relevant to
CEO compensation, to make
recommendations to the Board about
nonCEO compensation and incentive
based compensation plans,
And to produce a report on executive
compensation; there must also be an
annual performance evaluation of the
committee.

7) Boards must have an audit

committee with a minimum of three
independent members.
8) The audit committee must have a
written charter that addresses the
committee’s purpose and
responsibilities, and the committee
must produce an audit committee
report; there must also be an annual
performance evaluation of the
committee.
9) Companies must adopt and
disclose corporate governance
guidelines addressing director
qualifications standards, director
responsibilities, director access to
management and independent
advisors, director compensation,
director continuing education,
management succession, and an
annual performance evaluation of the
Board.
10) Companies must adopt and
disclose a code of business conduct
and ethics for directors, officers, and
employees.

11) Foreign companies must disclose

how their corporate governance
practices differ from those followed
by domestic companies.
12) CEOs must provide an annual
certification of compliance with
corporate governance standards.

13) Companies must have internal

audit function, whether housed
internally or outsourced.
Effective governance is important
to the conduct of an audit.