all me a skeptic. Maybe it’s because
I’ve investigated a couple of thousand fraud
cases over a career now entering its fourth
decade. Perhaps it’s because questioning is
one of a CPA’s most valuable talents. While
I believe that as a profession we’re moving
in the right direction, I’m convinced we
still have miles to go. The auditing
profession’s current approach to fraud
detection—as well-intended as it
is—won’t have the impact the public
expects until auditors and their firms are
willing to invest in improved fraud deterrence
and detection skills and resources.In my view, even with
SAS no. 99, Consideration of Fraud in a
Financial Statement Audit, we’re still
doing much of what we’ve always done. This
article should provoke thought and debate among
CPAs on how we might consider different
approaches in the way audits are conducted in
order to give the public what it really wants:
business enterprises with integrity.
DEPROGRAMMING
OURSELVES
In considering new solutions, it becomes
necessary for us to critically examine
our current thinking. Over the years, I
personally have trained thousands of CPAs
in antifraud matters. One question that I
frequently ask is, “How do we
prevent fraud?” The answer:
“Internal control.” |
“If we
always do what we’ve always
done,
we’ll always get what
we’ve always gotten.”
—Anonymous
|
|
Oh, really? Under that
theory, organizations with adequate controls
won’t experience fraud. But they
do—time and time again. Part of the reason
is that no controls exist that provide absolute
assurance against fraud. Those who are
sufficiently motivated to override or circumvent
them usually can find a way. Don’t get me
wrong: Controls are a vital part of fraud
deterrence. However, they need to be considered
in a larger context.
| Fraud is
not an accounting problem; it is a social
phenomenon. If you strip economic crime
of its multitudinous variations, there
are but three ways a victim can be
unlawfully separated from money: by
force, stealth or trickery. While the
first two are on the wane, the third is
not (see exhibits 1, 2 and 3). And the reasons have little
to do with accounting controls. Robbery, theft and other street
crimes are the bailiwick of the young and
undereducated. According to the FBI,
these kinds of offenses are at a 30-year
low. Why? First, our society—because
of baby boomers—is aging: There are
fewer young people in our population, the
net result of which is that there are
fewer potential offenders. Second,
because of mass media, that smaller pool
of young people has learned a very
valuable lesson: The best way to rob a
bank is to own one.
|
|
| Exhibit
1 |
Source:
“Key Crime & Justice
Facts at a Glance,” U.S.
Department of Justice, Office of
Justice Programs, Bureau of
Justice Statistics.
|
|
To understand the
risk/reward equation, consider just one
anecdote from the go-go ’90s:
Junk-bond king Michael Milkin’s
earnings, largely illegal, amounted to
about $1.2 billion. The government fined
him $600 million and he spent 20 months
in a federal prison. A thug with a gun
holding up a financial institution
usually will net less than $5,000 and
typically will serve at least five years
behind bars. Anyone can perform the
simple arithmetic involved in that crime
formula.
THE CONFUSING ISSUE OF
CRIMINAL JUSTICE
But before you
jump to the conclusion that increasing penalties
for crime is the answer, consider another
counterintuitive fact: The United States has some
of the harshest criminal penalties in the modern
world—coupled with the highest crime rates.
Criminologists almost universally understand why:
Punishment-based deterrence simply doesn’t
work very well. Nearly 75% of incarcerated
inmates are rearrested within three years of
their being released, usually for more serious
offenses (see exhibit 4).
| If you are thoroughly confused,
you should be. That’s because
classic criminological theory says there
are three related factors involved in
deterrence: the certainty, swiftness and
severity of punishment. Of those factors,
the first is by far the most
important—if punishment is certain
and swift, it doesn’t need to be
severe. As a matter of fact, the longer
the prison sentence, the more likely it
is the miscreant will offend again. Regrettably, under our system of
justice, there is nothing certain about
being punished. Exacerbating the problem,
I believe, is the “get tough”
mentality that politicians must use to
get elected to office. It is one thing to
pass a law but quite another to
appropriate the funds to enforce it.
Under Sarbanes-Oxley, the criminal
penalties for mail fraud were quadrupled,
from five to twenty years per offense.
|
|
| Exhibit
2 |
Source:
“Key Crime & Justice
Facts at a Glance,” U.S.
Department of Justice, Office of
Justice Programs, Bureau of
Justice Statistics.
|
|
But there has been no
corresponding quadrupling of funds for
prosecutors, investigators and prisons. If the
penalties go up and the money devoted to
enforcement stays the same, then the certainty of
punishment actually goes down. Our prisons are
bursting at the seams, so prosecutors and judges
are forced to make very unattractive choices of
who is prosecuted and who isn’t. When it
comes to making those decisions, they almost
invariably choose to jail those who commit
violent crimes—not the people who rip us
off.
So when a potential fraud
offender thinks he or she can commit a crime and
get away with it, that assessment usually is
correct. What is society to do, then, about the
current wave of fraud that seems to have engulfed
us?
| First, we need to understand
that our problems cannot be solved by
government intervention. Prosecution of
offenders, although necessary in a
civilized society is akin—as we
might say here in Texas—to closing
the barn door after the horses are gone.
Second, we must acknowledge the private
sector has a responsibility to cure its
own ills. Third, we must commit the
resources necessary to find solutions
that work. UNDERSTANDING
FRAUD PREVENTION
If you
accept the postulate that fraud
prevention and internal control are not
exactly the same—and they
aren’t—then the accounting
profession needs to learn more about
preventing fraud. Unfortunately, no one
has studied this issue in any great
detail, especially when it comes to
occupational fraud. We know some of the
answers, but not nearly enough. For
example, when presented with seemingly
identical opportunities and motives, why
does one person or organization turn to
fraud and another does not? No one really
knows. Besides internal control, what
factors go into preventing fraud? Again,
we’re short on answers.
|
|
| Exhibit
3 |
Association
of Certified Fraud Examiners.
|
|
But there is hope. This
year, the AICPA and the Association of Certified
Fraud Examiners established and funded the
Institute for Fraud Studies (IFS). Other
interested organizations and government agencies
are being invited to participate, too. The IFS
will operate under the auspices of the University
of Texas at Austin, where I teach on fraud
subjects in the graduate school of business.
Factors
Affecting Occupational Fraud: A Partial
List
 Financial condition of the
organization.
Pressure to show profits in
the marketplace.
Internal accounting controls.
The state of the economy.
Integrity level of corporate
leaders and employees.
Commitment to the
organization’s value system.
Personal traits and
characteristics of executives and
employees.
Reward systems for ethical
behavior.
Organizational culture and
dynamics.
Peer pressure.
The perception of detection.
The swiftness, certainty and
severity of punishment. |
The purpose of the
institute is simple: to conduct multidisciplined
research into the causes of and cures for fraud.
It will reach out to academics and researchers in
a variety of fields such as behavioral sciences,
the law, accounting and criminal justice. And
although the IFS has a simple mission, achieving
its goals will not be easy. One of the first
projects will be to help entities find workable
solutions to the fraudulent financial reporting
dilemma.
A
DIFFERENT TACTIC
One of the
most difficult issues facing the
profession is that there are no auditing
procedures that can provide absolute
assurance in detecting all fraudulent
financial reporting. As a result auditors
have historically attempted to avoid,
albeit unsuccessfully, the responsibility
for fraud detection. In the current
environment, the public holds
expectations of auditors with respect to
fraud that simply cannot be fulfilled.
The auditing profession could be better
served by adopting a more holistic
approach to the deterrence of fraud. This
concept, called the Model Organizational
Fraud Deterrence Program (the model),
employs a “best practices”
approach to fraud prevention. Using this
model, researchers would identify the
factors present in
organizations—both accounting and
otherwise—that affect occupational
fraud (see “Factors
Affecting Occupational Fraud: A Partial
List,”
above). They then would develop a model
deterrence program based on those
factors. Thereafter, instead of opining
that the entity is essentially free of
material fraud, the auditor would
disclose the client’s degree of
compliance to the model. .
|
| Exhibit
4 |
Source:
“Reentry Trends in
the United States,”
U.S. Department of
Justice, Office of
Justice Programs, Bureau
of Justice Statistics.
|
|
|
Although this is a shift in the
way audits are conducted, it has three
distinct advantages. First, it would move
the emphasis away from an unwinnable strategy of
detecting fraud to an achievable onepreventing it. Second, it
would encourage entities to adopt prevention strategies. Third,
it could solve the liability dilemma that plagues the auditing
profession
But we don’t have to
wait until we have all the answers in order to do
something different. Two ideas are worth debating
now: the use of antifraud specialists on public
audits, and financial transparency for
executives.
ANTIFRAUD
SPECIALISTS ON PUBLIC AUDITS
Accepting that
fraud deterrence and accounting are related but
distinctly different disciplines, the auditing
profession could utilize the unique skills of
antifraud specialists on public audits. Virtually
all of the major accounting firms currently
employ such specialists. However, they are now
being used reactively instead of proactively.
Rather than using their talents
exclusively to investigate allegations of fraud
once they have been reported, antifraud
specialists also should be involved during the
audit itself to help identify key risk areas,
which then can be furnished to the auditors for
further consideration. Moreover, the mere
presence of antifraud specialists during audits
could have a significant impact on increasing the
perception that illegal activity will be
detected. This is similar to the strategy of
reducing crime by putting more cops on the beat.
Although punishment after the fact doesn’t
work very well, criminologists have thoroughly
documented that more vigilance to stop crime
before it happens is the most effective
deterrent.
Considering my background, it
might be expected that I would advocate the use
of antifraud experts on audits. But, alas, I
can’t claim credit for the idea. A number of
years ago, I videotaped an interview with
legendary fraudster Barry Minkow while he was
serving an eight-year sentence in a federal
prison in Colorado. (Minkow, a high school
dropout with no accounting skills, fooled his
independent auditors in a $100 million financial
statement fraud scheme.) When I asked him how
auditors could cope with his ilk, Minkow said:
“I’ll tell you what I would do:
I’d send in trained fraud examiners before
the auditors arrive. And I’d tell the
client, ‘You know, I really want your
business, but I want to make sure you’re not
committing fraud, too. So I’m sending the
examiners in first. They’re going to be
looking at everything and asking the tough
questions.’ Would that stop a lot of fraud,
or what? It certainly would have stopped
me.”
FINANCIAL
TRANSPARENCY WHERE IT COUNTS
From the
study of a long list of financial
statement frauds, beginning with the
classic Equity Funding fraud in the 1970s
and continuing through today’s
multibillion dollar accounting scandals,
a distinct pattern has emerged: Corporate
managements—executives, insiders and
board members—have lined their
pockets at the expense of the
shareholders. Their methods vary and are
often cloaked behind complex transactions
not readily apparent to the entity’s
auditors. But
the profits from these illegal schemes
nearly always find their way into the
personal finances and spending habits of
those involved (see “The
Excesses of Executives, at right). In some situations
the same firm that conducted the audit,
albeit by different personnel, prepared
the individual tax returns of insiders.
That was the case in the $300 million ESM
Government Securities fraud of the 1980s.
Although the financial fraud was
concealed on the company’s books,
the insiders had declared huge illegal
profits on their own personal tax
returns. Had the auditors examined the
tax returns of the principals (which they
did not) the scheme would have been
obvious.
|
The Excesses of
Executives
 Prosecutors
accused Dennis Kozlowski and Mark
Swartz of Tyco of stealing
another $140 million from the
company. Their salaries,
respectively, were $106 million
and $54 million.
Andrew
Fastow, former CFO of Enron,
funneled $30 million to himself
from off-balance-sheet
partnerships that he created.
Another $17 million was paid to
his wife, Lea.
Federal
prosecutors say that Adelphia
founder John J. Rigas and two of
his sons used the company as
their “personal piggy bank,
purportedly looting over $300
million, which included more than
$50 million in cash advances,
money for luxury apartments and a
$13 million golf course.”
A jury
determined that Mickey Monus,
responsible for the $500 million
Phar-Mor fraud, embezzled at
least $10 million to fund the
now-defunct World Basketball
League.
|
|
This illustrates a
fundamental tenet of fraud examination: Follow
the money. There are but two ways that this can
be accomplished. Illicit transactions can be
traced from an insider to the organization or
vice versa. The former approach is invariably
easier than finding funds from the company to the
insider, which often are disguised in a variety
of ways.
Corporate insiders have a
fiduciary duty to act in the best interests of
the shareholders. A part of this duty should
include their financial transparency. Auditors
could be given access to any financial
information that bears on this issue. That would
include, but not be limited to, personal tax
returns and detailed banking records. By having
such access, two important objectives could be
accomplished. First, it would make it more
difficult for insiders to conceal ill-gotten
gain. Second, financial transparency could be a
significant and powerful deterrent.
The ideas contained here are
not the complete solution. Even if all of them
would be adopted in some form, we still would
have to recognize that there is no mechanism that
could prevent all financial statement fraud.
Still, traditional accounting approaches have
failed so far to solve these difficult problems.
But if we do what we’ve always done,
we’ll get what we’ve always gotten.
| |
|
Resources |
Books
CPA’s Handbook
of Fraud and Commercial Crime Prevention (#
056504JA)Financial Reporting
Fraud: A Practical Guide to Detection and
Internal Control (# 029879JA)
CPE
Introduction to Fraud Examination and
Criminal Behavior (# 730275JA)
Identifying Fraudulent Financial
Transactions (# 730244JA)
Finding the Truth: Effective
Techniques for Interview and
Communication (# 730164JA)
To order, go to www.cpa2biz.com.
|
AICPA’s
Antifraud Initiatives
Antifraud and Corporate
Responsibility Resource Center,
http://antifraud.aicpa.org/.
SAS no. 99 information.
Management
Antifraud Programs and Controls (SAS no.
99 exhibit).
Fraud Specialist
Competency Model.
Free corporate
fraud prevention training and CPE.
Academia outreach
and assistance.
Other antifraud
activities.
|
Joseph T. Wells, CPA, CFE, is
founder and chairman of the Association of
Certified Fraud Examiners and professor of fraud
examination at the University of Texas at Austin.
Mr. Wells won the Lawler Award for the best JofA
article in 2000 and 2002 and has been inducted
into the Journal of Accountancy Hall of
Fame. His e-mail address is joe@cfenet.com.
|
| HOME | ARCHIVE | CONTACT | ADVERTISE | SUBSCRIBE | AICPA