10 Kasım 2012 Cumartesi

Auditing Fraud in Banking Sector and Other Sectors (A Cue to Make Audit)

The auditor company must plan the audit to avoid or minimize misstatements in the financial statements resulting from errors, fraud and illegal acts. The Auditor is responsible if there are illegal factors in the company but his report is not reflected those items. The Auditor would be liable, for not having used reasonable care and skill during the audit. They will need to test the detailed transactions in the accounting records for their completeness, accuracy and validity.

In many countries the responsibility and accountability of the external auditors have been increased due to several fraud cases that have happened all over the world. Just to give an indication and a good example, we can show Australian case. The Australian Auditing Standard AUS 210 “The Auditor’s Responsibility to Consider Fraud and Error in an Audit of a Financial Report” has been amended a number of times in recent years to increase the external auditor’s responsibility in this area. It defines fraud as “…an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.”[1] This definition shows that other than management or employees the third parties may also be involved in fraud cases and the external auditor is one of the third parties.

According to the past experiences, there are three kinds of Fraud scenario which will be explained in the following:[2]
·         1st scenario: Fraud that has been or is being prosecuted,
·         2nd scenario: Fraud that has been detected but which has not been prosecuted and
·         3rd scenario: Fraud which has not been detected.

Since the second and third scenario cannot be examined the first scenario is the best situation. Victims never release the details of second scenario fraud situations. This is also the same in the third scenario which can never be examined for obvious reasons.[3]

When we come to the individuals who are known as the fraud perpetrurators, we can state that these people are:[4]
·         Less likely to be caught or turned in to law enforcement.
·         Less likely to serve long sentences.
·         Fraud perpetrators are older than normal prison population.
·         Better educated.
·         More like college students than property crimes offenders.

Nevertheless, we shouldn’t restrict the characteristics of the fraud perpetrators with the above explanations. This result has been revealed after examining different fraud cases and we will see that the above profile is somehow true for the cases that will be explained in the fourth section.

The perpetrators may have some personal or psychological problems where they are under the effect of three factors (also called as fraud triangle) that are stated below:[5]
·         Pressure: The pressure may be real or imaginary, but if we only concentrate on the compulsive behaviors (gambling, alcohol, illegal drug use), financial debts (credit cards, health care), family problems (divorce, extramarital affairs, problems with children), etc.
·         Rationalization: Employees, vendor, others justify fraud by using several defensive statements such as telling lies (“They owe me” or “I earned it”), or rationalizations (“I need it more than they do”, “It’s only fair”). In these cases the person is not accepting reality.
·         Opportunity: Opportunity is the perception by someone believing they can commit a fraud without getting caught.

Under the above mentality the perpetrators commit frauds.

If we refer back to the first chapter we can remember that we have classified frauds in two main types as occupational and non-occupational. However we will concentrate on occupational fraud cases so there are three main fraud types:
·       Fraudulent Statements
·       Asset Misappropriation and
·       Bribery and Corruption

Nevertheless, in some sources the fraudulent statements and asset misappropriation are shown as main fraud types. Therefore we will be focusing on these main fraud types.[6]

The fraudulent statements are the intentional misstatement or omission of amounts or disclosure in financial statements to deceive users. The purpose of the misstatement is to help management achieve earnings targets (e.g. to obtain higher bonuses). Other than this; revenues and expenses are usually shifted across accounting periods to reduce fluctuations in earnings.[7]

Misappropriation of assets fraud is the second type of fraud that involves theft of an entity’s assets. These are usually perpetrated at lower levels of the organization’s hierarchy, i.e. by non-management employees.[8]

After defining the fraud types and the character of the suspicious individuals we must generate a road map for the auditor through which she or he can make the audit. The following table[9] will help the auditors the way they audit the firm.



What to do?
What not to do?
To be responsive to employee concerns.
·   The auditor must acknowledge the concern.
·   They should encourage employees to voice any reasonably held suspicion as part of developing an effective anti-fraud culture.
·   All complaints must be investigated.
To note details.
·   They should note all relevant dates.
·   They should get as much information as possible from the reporting employee, preferably in writing.
·   A statement might be required as part of the evidence, but this will be dealt with during the course of the investigation by Internal Audit.
·   If the employee has made any notes, the auditor must obtain these also. In addition, they must note any documentary evidence which may exist to support the allegations made, but do not interfere with this evidence in any way.
To evaluate the allegation objectively
·   Before the auditor takes the matter further, they need to determine whether any suspicions appear to be justified. They need to be objective when evaluating the issue.
·   They should consider the facts as they appear, based on the information they have to hand and any further information sought from the reporting employee. If in doubt they should raise their suspicions anyway.
To advise the appropriate person.
·   If they feel that a suspicion is justified, they should advise the Council’s Audit & IT Manager. They should also let Internal Audit have the reporting employee’s name in order that he/she might be kept informed of the progress of the investigation and its outcome.
To deal with the matter promptly if they feel the concerns are warranted.
·   Any delay may cause the Council to suffer further financial loss. Depending upon the findings of the internal investigation, the matter could be referred to the district auditor or the police for attention.
To ridicule suspicions raised by the employees.
·   The Council cannot operate an effective anti-fraud policy if employees are reluctant to pass on their concerns to management.
·   Employees may be reluctant to raise concerns for fear of ridicule or recrimination.
·   The auditor needs to ensure that all employee concerns are given a fair hearing. The auditor should reassure employees that they will not suffer recrimination as a result of raising any reasonably held suspicion. In particular, the auditor should note that employees are protected from dismissal and selection for redundancy.
To disclose to any person being investigated the source of the
·   The auditor should not give information about the employee to the employer in order to protect him or her against dismissal or redundancy.
To approach or accuse any individuals directly.
·   The auditor should note each information in order to prove the fraud. Before proving the fraud, they should not blame anyone.
To convey their suspicions to anyone other than those with proper
·   The auditor should disclose information to the responsible people who will help in revealing the fraud case.
To try to investigate the matter himself / herself
·   The auditor must remember that poorly managed investigations by employees who are unfamiliar with evidential requirements are highly likely to jeopardise a successful criminal  prosecution.

With the above table they must be very careful in detecting the fraud that has happened in the company. The following happenings may give cues to the auditors about the fraudulent transactions:[10]
·         Missing Documents,
·         “Stale Items” on Bank Reconciliation,
·         Excessive Voids or Credits,
·         Payee Names & Addresses = Customer Names & Addresses,
·         Photocopied Documents,
·         Payee Names & Addresses = Employee Names & Addresses,
·         Past Due A/R increasing,
·         Reconciling Items increasing,
·         Altered Documents,
·         Duplicate Payments,
·         Second Endorsements on Checks,

In order to give a true example from an auditing company we can use the following statement of Deloitte and Touche. They are stating the procedure like in the following sequence:[11]
·         “We make inquiries of management to obtain their understanding regarding the risk of fraud within their entity and to determine whether they have knowledge of fraud that has been perpetrated on or within the entity.  Some of our clients may not actively or systematically consider the risk of fraud within their entity.  Accordingly, this Checklist has been designed to assist our clients in performing an assessment of the risk of fraud within their entity by providing them with a list of fraud risk factors to consider.
·         The Fraud Risk Assessment Checklist is intended to be used to stimulate a meaningful discussion with client management regarding the risk of fraud within their organization.  Prior to our discussion, management may wish to complete this Checklist in order to discuss the factors that may be present within their entity, as well as how they might be addressing the risks associated with each factor.
·         We should consider whether the information obtained indicates that one or more fraud risk factors are present when obtaining our understanding of the entity and its environment, including its internal control, and during the course of our other preliminary planning activities.  If we identify fraud risk factors, we should consider whether these fraud risk factors result in a risk of material misstatement due to fraud.
·         Although the risk factors cover a broad range of situations, they are only examples and, accordingly, the engagement team may wish to consider additional or different risk factors. Not all of these examples are relevant in all circumstances, and some may be of greater or lesser significance in entities of different size or with different ownership characteristics or circumstances. Also, the order of the examples of risk factors provided is not intended to reflect their relative importance or frequency of occurrence.
·         We are required for the purpose of our audit to specifically assess the risk of material misstatement of the financial statements due to fraud. The following document sets forth a listing of fraud risk factors to assist us in making that assessment.  These fraud risk factors represent factors that have been present in actual fraud cases.
·         We are also required to make specific inquiries of you to obtain your understanding regarding the risk of fraud within your entity and to determine whether you have knowledge of fraud that has been perpetrated on or within your entity.
·         Although the fraud risk factors have been written from the perspective of an auditor, an understanding of such risk factors may be of use to you in considering the risk of fraud within your entity.  These risk factors have been divided into two groups: 
·         Risk factors related to misstatements arising from fraudulent financial reporting and
·         Risk factors related to misstatements arising from misappropriation of assets.
·         Misstatements arising from fraudulent financial reporting are intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users.  Misstatements arising from misappropriation of assets involve the theft of an entity’s assets where the effect of the theft causes the financial statements not to be presented in accordance with generally accepted accounting principles.
·         For each of these types of fraud, the risk factors are further classified based on three conditions generally present when material misstatements due to fraud occur:
·         Incentives/pressures,
·         Opportunities, and
·         Attitudes/rationalizations.
·         In anticipation of our discussions with you regarding fraud, you may wish to complete the Checklist by identifying those fraud risk factors that are present within your entity.  Place an X next to each statement that is true or applicable to the entity, without giving any consideration to significance or mitigating control considerations.  To the extent risk factors are present, we will discuss how these factors may specifically increase the risk of fraud within your entity and, if applicable, and how you are addressing such risks.
·         Some of the examples are relevant and some may not be relevant. Although the risk factors cover a broad range of situations, they are only examples and you may find that there are additional or different risk factors. If additional items representing risk factors are identified, please describe such items at the end of each section.
·         To get a broader perspective of fraud risk within your entity, you may consider distributing this checklist to other members of management to complete. This table helps us to identify the risk factors that are present within your entity and how they are addressed.”

Fraud Risk Factors

1.      Risk Factors Relating to Misstatements Arising From Fraudulent Financial Reporting



·         Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or as indicated by) the following:


-     High degree of competition or market saturation, accompanied by declining margins.


-     High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates.


-     Significant declines in customer demand and increasing business failures in either the industry or overall economy.


-     Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent.


-     Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth.


-     Rapid growth or unusual profitability especially compared to that of other companies in the same industry.


-     New accounting, statutory, or regulatory requirements.


·         Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following:


-     Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages.


-     Need to obtain additional debt or equity financing to stay competitive, including financing of major research and development or capital expenditures.


-     Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements.


-     Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards.


·         Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance arising from the following:


-     Significant financial interests in the entity.


-     Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow.


-     Personal guarantees of debts of the entity.


·         There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals.


·         Management setting unduly aggressive financial targets and expectations for operating personnel.




·         The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting that can arise from the following:


-     Significant related-party transactions not in the ordinary course of business or with related entities not audited or audited by another firm.


-     A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm’s length transactions.


-     Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate.


-     Significant, unusual, or highly complex transactions, especially those close to period end that pose difficult “substance over form” questions.


-     Significant operations located or conducted across international borders in jurisdictions where differing business environments and cultures exist.


-     Use of business intermediaries for which there appears to be no clear business justification.


-     Significant bank accounts or subsidiary or branch operations in tax haven jurisdictions for which there appears to be no clear business justification


·         There is ineffective monitoring of management as a result of the following:


-     Domination of management by a single person or small group (in a non owner-managed business) without compensating controls.


-     Ineffective oversight by those charged with governance over the financial reporting process and internal control.


·         There is a complex or unstable organizational structure, as evidenced by the following:


-     Difficulty in determining the organization or individuals that have controlling interest in the entity.


-     Overly complex organizational structure involving unusual legal entities or managerial lines of authority.


-     High turnover of senior management, legal counsel, or those charged with governance.


·         Internal control components are deficient as a result of the following:


-     Inadequate monitoring of controls, including automated controls and controls over interim financial reporting (where external reporting is required).


-     High turnover rates or employment of ineffective accounting, internal audit, or information technology staff.


-     Ineffective accounting and information systems, including situations involving material weaknesses in internal control.




·      Ineffective communication, implementation, support, or enforcement of the entity’s values or ethical standards by management or the communication of inappropriate values or ethical standards.


·      Management displaying a significant disregard for regulatory authorities.


·      Nonfinancial management’s excessive participation in or preoccupation with the selection of accounting policies or the determination of significant estimates.


·      Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or those charged with governance alleging fraud or violations of laws and regulations.


·      Excessive interest by management in maintaining or increasing the entity’s stock price or earnings trend.


·      A practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts.


·      Management failing to correct known material weaknesses in internal control on a timely basis.


·      An interest by management in employing inappropriate means to minimize reported earnings for tax-motivated reasons.


·      Low morale among senior management.


·      The owner-manager makes no distinction between personal and business transactions.


·      Dispute between shareholders in a closely held entity.


·      Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality.


·      The relationship between management and the current or predecessor auditor is strained, as exhibited by the following


-     Frequent disputes with the current or predecessor auditor on accounting, auditing, or reporting matters.


-     Unreasonable demands on the auditor, such as unreasonable time constraints regarding the completion of the audit or the issuance of the auditor’s report.


-     Formal or informal restrictions on the auditor that inappropriately limit access to people or information or the ability to communicate effectively with those charged with governance.


-     Domineering management behavior in dealing with the auditor, especially involving attempts to influence the scope of the auditor’s work or the selection or continuance of personnel assigned to or consulted on the audit engagement.


2.      Risk Factors Relating to Misstatements Arising From Misappropriation of Assets



·         Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets.


·         Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets. For example, adverse relationships may be created by the following:


-     Known or anticipated future employee layoffs.


-     Recent or anticipated changes to employee compensation or benefit plans.


-     Promotions, compensation, or other rewards inconsistent with expectations.




·         Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation. For example, opportunities to misappropriate assets increase when there are the following:


-     Large amounts of cash on hand or processed.


-     Inventory items that are small in size, of high value, or in high demand.


-     Easily convertible assets, such as bearer bonds, diamonds, or computer chips.


-     Fixed assets which are small in size, marketable, or lacking observable identification of ownership.


·         Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, misappropriation of assets may occur because there is the following:


-     Inadequate segregation of duties or independent checks.


-     Inadequate oversight of senior management expenditures, such as travel and other re-imbursements.


-     Inadequate management oversight of employees responsible for assets, for example, inadequate supervision or monitoring of remote locations.


-     Inadequate job applicant screening of employees with access to assets.


-     Inadequate record keeping with respect to assets.


-     Inadequate system of authorization and approval of transactions (for example, in purchasing).


-     Inadequate physical safeguards over cash, investments, inventory, or fixed assets.


-     Lack of complete and timely reconciliations of assets.


-     Lack of timely and appropriate documentation of transactions, for example, credits for merchandise returns.


-     Lack of mandatory vacations for employees performing key control functions.


-     Inadequate management understanding of information technology, which enables information technology employees to perpetrate a misappropriation.


-     Inadequate access controls over automated records, including controls over and review of computer systems event logs.




-     Disregard for the need for monitoring or reducing risks related to misappropriations of assets.


-     Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal control deficiencies.


-     Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employee.


-     Changes in behavior or lifestyle that may indicate assets have been misappropriated.


-     Tolerance of petty theft.


[1] Paul Coram, Colin Ferguson, Robyn Moroney, “The Value of Internal Audit in Fraud Detection”, Research Project, The University of Melbourne, Australia, 2006, p.6.
[2] Howard R.Davia, “Fraud Specific Auditing”, Journal of Forensic Accounting, US, Vol: III, 2002, p.111.
[3] Davia, Ibid, p.111.
[4] Dan Dreibelbis, “Dynamics of Fraud”, http://www.nabca.org/media/115_dandreibelbisdynamicsoffraudnabca.ppt
[5] Dreibelbis, Ibid.
[6] Alvin A.Arens, Randal J.Elder, “Chapter 11: Fraud Auditing ”, Management Information Systems,  York University, 2007, p.3.
[7] Alvin A.Arens, Randal J.Elder, “Auditing”, Management Information Systems,  York University, 2007, p.2.
[8] Arens, Elder, Ibid, p.3
[9] Torridge District Council, “How Should You React to Suspected Fraud?”, http://www.torridge.gov.uk/intranet/media/adobe/b.pdf
[10] University of Illinois and Chicago, “Fraud Detection”, http://www.uic.edu/classes/actg/actg537/Lecture_Slides/FE7.Fraud.Detection(Ch.5&6).ppt
[11] Deloitte and Touche, “General Instructions to Auditor”.

Hiç yorum yok:

Yorum Gönder

Merhaba kıymetli okuyucularım,
Yorumları denetlemeden siteye koyamıyorum. Maalesef uygun olmayan içerikler paylaşan kullanıcılar oluyor ve bunun siteyi ziyaret eden insanları olumsuz etkilemesini istemiyorum. Vaktimin darlığından her zaman yorumlarınıza da yanıt veremiyorum. Anlayışınız için teşekkür ederim.