|EXECUTIVE SUMMARY |
- CPAs ARE UNDER ATTACK for not doing enough in the war against fraud, and they are, at the same time, being asked to play an increasingly important role in the detection of fraud. Because CPAs are becoming more educated about the subject, success stories about their helping clients ferret out fraud are becoming more common.
- FRAUD AND WHITE-COLLAR CRIMES are typically committed by older, better-educated offenders. Estimates of the total cost of occupational fraud to the economy are that it equals 6% of the U.S. gross domestic product—over $400 billion. Small businesses experience fraud losses at a rate almost 100 times that of the largest ones.
- THE FIRST “CPAs” WERE SCRIBES in the pharaohs’ courts who were charged with fraud prevention and detection. Their role stayed much the same until the turn of the 20th century. Accrual basis accounting became more common and reporting issues became a top priority for the profession. Fraud detection was no longer the primary focus.
- IN THE 1980s THE ACCOUNTING PROFESSION began investing considerable resources in responding to the fraud problem. The National Commission on Fraudulent Financial Reporting (the Treadway commission) was formed and identified the “expectation gap.” The Committee of Sponsoring Organizations (COSO) issued a report calling for better internal control systems.
- THE PUBLIC OVERSIGHT BOARD in a special report, In the Public Interest, concluded that “the public looks to the independent auditor to detect fraud, and it is the auditor’s responsibility to do so.” These activities culminated in the AICPA’s adopting Statement on Auditing Standards (SAS) no. 82, Consideration of Fraud in a Financial Statement Audit, which confirmed the profession’s commitment to detecting fraud.
|JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners, Austin, Texas. His e-mail address is: firstname.lastname@example.org . |
oday CPAs are under attack for not doing enough in the war against fraud. For confirmation, look at these news stories: “Last year, a Big Five accounting firm agreed to pay $335 million for failing to detect a half-billion-dollar revenue overstatement during an audit” and “A Denver lending company recently sued its auditors for allegedly failing to detect a $9 million embezzlement committed by the lender’s own president and chief executive officer.”
|IN THE BEGINNING
It’s said that accountants’ predecessors were the scribes of ancient Egypt, who kept the pharaohs’ books. They inventoried grain, gold and other assets. Unfortunately, some fell victim to temptation and stole from their leader, as did other employees of the king. The solution was to have two scribes independently record each transaction (the first internal control). As long as the scribes’ totals agreed exactly, there was no problem. But if the totals were materially different, both scribes would be put to death. That proved to be a great incentive for them to carefully check all the numbers and make sure the help wasn’t stealing. In fact, fraud prevention and detection became the royal accountants’ main duty.
But these don’t tell the whole story. CPAs detected countless financial statement frauds, embezzlements and tax offenses before they became serious problems. Take these examples: In one instance a New Jersey CPA helped his client avoid a loss of $2.4 million (and a probable criminal indictment) by advising him not to invest in an illegal tax shelter and, in another, during a review and compilation engagement for a small client, a Nebraska CPA discovered the bookkeeper had embezzled $420,000.
Because CPAs are becoming more educated about the subject of fraud, success stories such as the above are growing more common. It’s a good thing, too, because some experts say changing demographics have led to more white-collar crime. Criminologist Gil Geis, a former member of the President’s Crime Council, says there’s a correlation between crime and age: “Younger people—especially males—are likely to commit more traditional crimes such as robbery, larceny and assault. Conversely, fraud and white-collar crimes are typically committed by older, better-educated offenders.” Our society as a whole is getting older, and young and old alike are getting more sophisticated. On top of that, the use of computers and technology to aid in the commission of crimes has become widespread.
Most CPAs have had little or no antifraud training, so educating them has become critical. This article, the first of a new series on fraud detection, is meant to be a part of that effort. In future issues, we will look at different aspects of fraud methodically—what it is, who commits it, how they do it and how CPAs can respond.
|Figures and Facts About |
- Small businesses experience fraud losses at a rate of nearly 100 times that of the largest ones.
- Occupational frauds fall into three categories: asset misappropriation, corruption and fraudulent financial statements.
- Asset misappropriations account for more than 80% of cases, but they are the least expensive of the three fraud categories.
- Fraudulent financial statements, which account for less than 4% of fraud litigation, are the most costly occupational frauds.
- Real estate financing has the highest fraud losses; education, the lowest.
- A direct link exists between the age, sex, education and position of the perpetrator and the amount lost. The highest median losses occur with older male executives who are senior officials of their organizations. The smallest losses are with high-school graduates who have been with a company for less than a year.
Source: The Association of Certified Fraud Examiners, Report to the Nation on Occupational Fraud and Abuse, a 1996 survey of 1,523 cases of fraud ranging from $22 to $1.5 billion.
From the time of the ancient pharaohs until the turn of the 20th century, auditors were responsible for fraud prevention and detection. In the original edition of Robert H. Montgomery’s classic textbook, Auditing Theory and Practice (1912), the author stated that in “what might be called the formative days of auditing,” students were taught that the primary purposes of an audit were “the detection or prevention of fraud” and “the detection or prevention of errors.” However, later textbooks and accounting theory took a different tack, largely out of necessity. Huge conglomerates had formed and financial transactions became so numerous they could not all be examined. Accrual basis accounting became common and, as a result, reporting issues became a top priority for the profession. Vouching each transaction from “cradle to grave”—which catches and prevents many frauds—was discontinued. Fraud detection or prevention was relegated to a secondary role.
It didn’t take crooks long to take advantage of this new environment; the 20th century has been littered with spectacular financial frauds and embezzlements. Some became famous—the McKesson & Robbins scandal, the Salad Oil swindle, the Equity Funding scam, the Savings and Loan frauds. And one question became a refrain: “Where were the auditors?”
In the 1980s the accounting profession began investing considerable resources in responding to the fraud problem. In 1987 the National Commission on Fraudulent Financial Reporting (the Treadway commission) was formed to study the issues. In 1992, the Committee of Sponsoring Organizations (COSO) issued a report calling for better internal control systems to help management meet its goals. The Public Oversight Board in a special report, In the Public Interest, concluded that “the public looks to the independent auditor to detect fraud, and it is the auditor’s responsibility to do so.” The profession engaged in several other initiatives that, in 1997, led the AICPA to issue Statement on Auditing Standards (SAS) no. 82, Consideration of Fraud in a Financial Statement Audi t.” This SAS confirmed the profession’s commitment to detecting fraud.
Fraud is trickery that falls into two basic categories. Internal fraud is committed by employees and officers of organizations. External fraud is committed by organizations against individuals, by individuals against organizations, by organizations against organizations and by individuals against individuals. For example, an insurance company executive filing a false report with a regulatory authority is committing internal fraud. But a customer of the same insurance company filing a phony accident claim is involved in external fraud. An elderly person who falls victim to a telemarketing scam is caught in an external fraud.
Although both types of fraud are of concern, the CPA normally will find internal fraud more common. Another term to describe it is occupational fraud and abuse. Because the scope is so broad, occupational fraud includes such common violations as asset misappropriations, corruption, fraudulent financial statements, pilferage and petty theft, false overtime, using company property for personal benefit and payroll and sick-time abuses. The term also covers all employees—from the boardroom to the mailroom.
Determining the actual cost of occupational fraud and abuse may be difficult, if not impossible. That’s because many frauds remain undiscovered and unreported. That should come as no surprise: Most companies, given an alternative, will quietly discharge offenders without reporting the offense to the authorities. Estimates of the total cost of all forms of occupational fraud to the economy are equal to about 6% of the U.S. gross domestic product—more than $400 billion. There are no federal, state or local government figures published on the cost of these crimes.
What is the significance of these numbers to a CPA? It depends on the kind of practice you have. If you primarily serve small businesses, your clients statistically are most likely to be damaged by asset misappropriation. If your clients are large, the greatest risk is fraudulent financial statements. And both large and small businesses run the risk of corruption in which an employee conspires with an outsider to defraud the company. With the knowledge that certain types of fraud prevail in companies of particular size, the CPA is better equipped to look for and find it.
In the following months—in actual case studies—we will examine in detail the three most common methods by which employees commit occupational frauds. And also try to answer the thorny question, Why do “ordinary” people commit occupational fraud?
Crazy Eddie and the $120 Million Ripoff
|“I’m Crazy Eddie!” a goggle-eyed man screamed from the television set. “My prices are I-N-S-A-N-E!”
If you were anywhere near the East Coast in the 1980s, you undoubtedly saw those TV commercials. The raucous ads saturated the airwaves in the tri-state area and helped Crazy Eddie’s quickly become the dominant consumer electronics retailer in New York, New Jersey and Connecticut.
As it turned out, “Crazy” Eddie Antar, who was behind one of the twentieth century’s most infamous financial statement frauds, wasn’t crazy at all—just crooked. Indeed, the face on the tube wasn’t even his (it belonged to an actor). The real Eddie Antar didn’t have time for acting. He and members of his family were too busy engineering a $120 million rip-off. Much of the ill-gotten loot was placed in secret overseas bank accounts. Once discovered, Antar spent several years on the lam and another several behind bars. According to a senior SEC official, “This may not be the biggest [financial statement] fraud of all time, but for outrageousness, it is going to be very hard to beat.” Even though the fraud is more than a decade old, it provides vivid examples of how these crimes can be pulled off and how auditors can be deceived.
There are numerous ways to classify financial statement frauds. Our research divided them into five principal, but related, types. One of the most outrageous aspects of the Crazy Eddie’s fraud is that he used all five methods. This is how he did it.
Fictitious revenues. The most common way companies create fictitious revenues is to dummy up sales that did not occur. The accounting transaction created is a credit to sales with an offsetting debit to accounts receivable, which boosts both assets and income. In the Crazy Eddie’s case, the audit trail was easy to fake. Antar’s underlings prepared phony invoices showing merchandise sales. Three major suppliers, beholden to Crazy Eddie’s for large volumes of business, cooperated. When auditors attempted to confirm some of these receivables, the vendors would—at Antar’s behest—lie. Obviously, with such a conspiracy, it would have been difficult—if not impossible—for the auditors to easily uncover such a scheme.
Fraudulent asset valuations. Although any asset can be fraudulently valued, the most frequent manipulations occur in inventory. In the Crazy Eddie’s fraud, Antar overvalued inventory by $80 million, and employed some pretty outrageous tricks to get there. He and his conspirators “borrowed” merchandise from suppliers to boost the ending inventory count. These were the same suppliers who confirmed Crazy Eddie’s phony receivables. Eddie convinced the suppliers to simply ship merchandise to the Crazy Eddie’s stores, and hold the billing until after the end of the accounting period. They also shipped stock from one store to another so it could be double-counted. And, most outrageous of all, they got into the auditors’ desk and altered inventory count sheets in the workpapers to increase the numbers.
Timing differences. Another way companies overstate assets and income is by taking advantage of the accounting cutoff period to either boost sales and/or reduce liabilities and expenses. Antar routinely told his stores to hold the books open past the end of an accounting period to falsely inflate sales revenues. Conversely, as detailed below, the liabilities for any given period were normally not recorded until the next period.
Concealed liabilities and expenses. Unfortunately for the CPA, it is all too easy for a client to conceal liabilities. After all, it is easier to audit something that is there rather than something that isn’t. In the Crazy Eddie’s case, Sam E. Antar, the CFO (and Eddie’s nephew), regularly stashed unpaid bills in his desk. The liabilities would be either entered after the yearend or held for long periods without being recorded. As a result, Crazy Eddie’s never did know what it really owed, and neither did the auditors.
Improper disclosures. Generally accepted accounting principles (GAAP) require adequate disclosure in the financial statements. Any material fact not covered in the financials should be disclosed in accompanying footnotes. Sam Antar—a former CPA and auditor—managed to change accounting methods simply by altering two words. In one year, the footnotes stated that certain income was recognized when received (cash basis). The following year, Sam removed “received” and substituted earned (accrual basis). The deception went unnoticed by the auditors, and it had the intended effect of boosting income. A careful review of the footnotes from year to year would normally detect such a simple—but in this case, effective—scheme.
Fortunately for those of us in the accounting profession, the Crazy Eddie’s case is an aberration. But it does serve to illustrate nearly every trick in the book. It also is a cautionary tale. Auditors did not detect the fraud. The scheme was uncovered when one of Eddie’s disgruntled relatives informed the SEC. Recognizing that hindsight is 20/20, there are some fundamental lessons to be learned.
Know your client. Eddie Antar started young. By the time he was 21, Eddie had already developed a reputation in the retail industry for saying anything to make a sale; some considered him an early master of the “bait and switch” technique. Had the auditors invested the time and expense to investigate Eddie before accepting him as a client, they perhaps would have decided against conducting the Crazy Eddie’s audit. In short, they would have found that Eddie Antar was very, very risky.
Assign proper personnel. The field auditors for Crazy Eddie’s were, according to Sam Antar, young and inexperienced. This is the nature of the audit business—field work typically is assigned to less experienced personnel. Selecting the right auditors for the job, though, is critical in high-risk engagements. Less experienced personnel may be satisfactory in low-risk environments, but detecting the signs of fraud requires maturity and judgment. Therefore senior auditors, fraud examiners and/or antifraud specialists should be considered.
Be careful in inventory observations. In any merchandising concern, inventory is usually the largest single asset. And experience has shown it is the asset of choice in financial fraud cases. In the Crazy Eddie’s case, the auditors inadvertently may have contributed to the fraud by the way the inventory observations were conducted. Rather than climb over boxes in the warehouse, the auditors asked employees to assist them. Crooked employees volunteered. An employee would stand on top of a stack of television sets, for example, and call down the count to the auditors. If there were 10 sets, the worker would claim there were 25. Repeated many times, this clever trick helped to greatly increase the inventory count. The message here is obvious: If you’re supposed to verify the inventory count, then you must observe it.
Provide appropriate security to documents and computers. Crazy Eddie’s auditors were provided a company office during their examination. They had a key to lock the desk—which they kept in a box of paperclips on top of the desk in full view. After the auditors left for the day, Eddie’s cohorts would unlock the desk, increase the inventory counts on the workpapers and photocopy the altered records. Were the auditors stupid? No, just too trusting. After all, no one wants to think the client is a crook. But it happens all too often. That’s why the profession requires auditors to be skeptical.
Try to understand the relationship between the client and its principal suppliers. Crazy Eddie’s bought most of its electronics from one of three wholesalers. All three were in on the scheme to inflate Crazy Eddie’s assets. Did the suppliers know they were helping Eddie cook the books? They may have figured it out, but it’s doubtful they would have asked questions. The reason these suppliers cooperated is simple—Eddie engaged in economic extortion. If they didn’t help him with his schemes, Eddie would change suppliers. This provided them with a significant incentive to cooperate. Perhaps if the auditors had known the extent to which the suppliers were dependent on Eddie, they would have subjected those relationships to closer audit scrutiny. Admittedly, this may be difficult to do. But if the supplier ultimately is material to the financial statements, the auditor may even want to consider visiting the vendor’s operation to further assess risk. Auditors should document any such visits in the workpapers.
Consider extra risks associated with closely held businesses. Every major player in the Crazy Eddie’s case was related to Eddie Antar—and they made up the board of directors. This was a case of family conspiracy and an extreme example of the kind of damage that can be done to a closely held business when its board consists entirely of insiders who also are company officers. The familial relationship becomes important in assessing risk. There is certainly nothing wrong with family- owned and operated enterprises; they are a strong part of our economic base. But the auditor should recognize an obvious fact about human behavior in the risk equation: It is certainly easier to conspire with a family member than with someone unrelated.
Be wary of businesses that buck industry trends. While other electronic retailers were struggling to stay even, Crazy Eddie’s was enjoying double-digit growth. Eddie Antar had people believing those I-N-S-A-N-E commercials were responsible. But now we really know why Eddie was so successful—he was a fake. In other instances of financial statement chicanery, bucking industry trends has been a big red flag, too. The auditor should ask herself or himself, “In today’s competitive international business environment, why is this client doing so much better than everyone else?” If you can’t answer that question to your satisfaction, keep digging. There could be a problem.
The failure to detect Crazy Eddie’s large-scale fraud spawned seemingly endless lawsuits against those involved—some spanning a decade or more. The auditors were sued for malpractice; the principals were sued for fraud. Whatever money was made illegally is long gone—the bones of the company have been picked clean through litigation.
Antar and several of his family members ended up with criminal records. Only Eddie served time—eight years. Ironically, he now clerks in an electronics store. Other family members fared better. Relatives in on the conspiracy all received probated sentences. Both Eddie and his conspirators have millions of dollars in civil judgments against them. In sum: Other than the painful lessons learned, nothing positive for Antar and his cohorts came out of the Crazy Eddie’s case.