New Approaches to Fraud Deterrence

It’s time to take a new look at the auditing process.

all me a skeptic. Maybe it’s because I’ve investigated a couple of thousand fraud cases over a career now entering its fourth decade. Perhaps it’s because questioning is one of a CPA’s most valuable talents. While I believe that as a profession we’re moving in the right direction, I’m convinced we still have miles to go. The auditing profession’s current approach to fraud detection—as well-intended as it is—won’t have the impact the public expects until auditors and their firms are willing to invest in improved fraud deterrence and detection skills and resources.

In my view, even with SAS no. 99, Consideration of Fraud in a Financial Statement Audit, we’re still doing much of what we’ve always done. This article should provoke thought and debate among CPAs on how we might consider different approaches in the way audits are conducted in order to give the public what it really wants: business enterprises with integrity.

In considering new solutions, it becomes necessary for us to critically examine our current thinking. Over the years, I personally have trained thousands of CPAs in antifraud matters. One question that I frequently ask is, “How do we prevent fraud?” The answer: “Internal control.”

“If we always do what we’ve always done,
we’ll always get what we’ve always gotten.”


Oh, really? Under that theory, organizations with adequate controls won’t experience fraud. But they do—time and time again. Part of the reason is that no controls exist that provide absolute assurance against fraud. Those who are sufficiently motivated to override or circumvent them usually can find a way. Don’t get me wrong: Controls are a vital part of fraud deterrence. However, they need to be considered in a larger context.

Fraud is not an accounting problem; it is a social phenomenon. If you strip economic crime of its multitudinous variations, there are but three ways a victim can be unlawfully separated from money: by force, stealth or trickery. While the first two are on the wane, the third is not (see exhibits 1 , 2 and 3 ). And the reasons have little to do with accounting controls.

Robbery, theft and other street crimes are the bailiwick of the young and undereducated. According to the FBI, these kinds of offenses are at a 30-year low. Why? First, our society—because of baby boomers—is aging: There are fewer young people in our population, the net result of which is that there are fewer potential offenders. Second, because of mass media, that smaller pool of young people has learned a very valuable lesson: The best way to rob a bank is to own one.

Exhibit 1

Source: “Key Crime & Justice Facts at a Glance,” U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics.

To understand the risk/reward equation, consider just one anecdote from the go-go ’90s: Junk-bond king Michael Milkin’s earnings, largely illegal, amounted to about $1.2 billion. The government fined him $600 million and he spent 20 months in a federal prison. A thug with a gun holding up a financial institution usually will net less than $5,000 and typically will serve at least five years behind bars. Anyone can perform the simple arithmetic involved in that crime formula.

But before you jump to the conclusion that increasing penalties for crime is the answer, consider another counterintuitive fact: The United States has some of the harshest criminal penalties in the modern world—coupled with the highest crime rates. Criminologists almost universally understand why: Punishment-based deterrence simply doesn’t work very well. Nearly 75% of incarcerated inmates are rearrested within three years of their being released, usually for more serious offenses (see exhibit 4 ).

If you are thoroughly confused, you should be. That’s because classic criminological theory says there are three related factors involved in deterrence: the certainty, swiftness and severity of punishment. Of those factors, the first is by far the most important—if punishment is certain and swift, it doesn’t need to be severe. As a matter of fact, the longer the prison sentence, the more likely it is the miscreant will offend again.

Regrettably, under our system of justice, there is nothing certain about being punished. Exacerbating the problem, I believe, is the “get tough” mentality that politicians must use to get elected to office. It is one thing to pass a law but quite another to appropriate the funds to enforce it. Under Sarbanes-Oxley, the criminal penalties for mail fraud were quadrupled, from five to twenty years per offense.

Exhibit 2

Source: “Key Crime & Justice Facts at a Glance,” U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics.

But there has been no corresponding quadrupling of funds for prosecutors, investigators and prisons. If the penalties go up and the money devoted to enforcement stays the same, then the certainty of punishment actually goes down. Our prisons are bursting at the seams, so prosecutors and judges are forced to make very unattractive choices of who is prosecuted and who isn’t. When it comes to making those decisions, they almost invariably choose to jail those who commit violent crimes—not the people who rip us off.

So when a potential fraud offender thinks he or she can commit a crime and get away with it, that assessment usually is correct. What is society to do, then, about the current wave of fraud that seems to have engulfed us?

First, we need to understand that our problems cannot be solved by government intervention. Prosecution of offenders, although necessary in a civilized society is akin—as we might say here in Texas—to closing the barn door after the horses are gone. Second, we must acknowledge the private sector has a responsibility to cure its own ills. Third, we must commit the resources necessary to find solutions that work.

If you accept the postulate that fraud prevention and internal control are not exactly the same—and they aren’t—then the accounting profession needs to learn more about preventing fraud. Unfortunately, no one has studied this issue in any great detail, especially when it comes to occupational fraud. We know some of the answers, but not nearly enough. For example, when presented with seemingly identical opportunities and motives, why does one person or organization turn to fraud and another does not? No one really knows. Besides internal control, what factors go into preventing fraud? Again, we’re short on answers.

Exhibit 3

Association of Certified Fraud Examiners.

But there is hope. This year, the AICPA and the Association of Certified Fraud Examiners established and funded the Institute for Fraud Studies (IFS). Other interested organizations and government agencies are being invited to participate, too. The IFS will operate under the auspices of the University of Texas at Austin, where I teach on fraud subjects in the graduate school of business.

Factors Affecting Occupational Fraud: A Partial List
Financial condition of the organization.
Pressure to show profits in the marketplace.
Internal accounting controls.
The state of the economy.
Integrity level of corporate leaders and employees.
Commitment to the organization’s value system.
Personal traits and characteristics of executives and employees.
Reward systems for ethical behavior.
Organizational culture and dynamics.
Peer pressure.
The perception of detection.
The swiftness, certainty and severity of punishment.

The purpose of the institute is simple: to conduct multidisciplined research into the causes of and cures for fraud. It will reach out to academics and researchers in a variety of fields such as behavioral sciences, the law, accounting and criminal justice. And although the IFS has a simple mission, achieving its goals will not be easy. One of the first projects will be to help entities find workable solutions to the fraudulent financial reporting dilemma.

One of the most difficult issues facing the profession is that there are no auditing procedures that can provide absolute assurance in detecting all fraudulent financial reporting. As a result auditors have historically attempted to avoid, albeit unsuccessfully, the responsibility for fraud detection. In the current environment, the public holds expectations of auditors with respect to fraud that simply cannot be fulfilled. The auditing profession could be better served by adopting a more holistic approach to the deterrence of fraud. This concept, called the Model Organizational Fraud Deterrence Program (the model), employs a “best practices” approach to fraud prevention. Using this model, researchers would identify the factors present in organizations—both accounting and otherwise—that affect occupational fraud (see “ Factors Affecting Occupational Fraud: A Partial List ,” above). They then would develop a model deterrence program based on those factors. Thereafter, instead of opining that the entity is essentially free of material fraud, the auditor would disclose the client’s degree of compliance to the model. .
Exhibit 4

Source: “Reentry Trends in the United States,” U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics.

Although this is a shift in the way audits are conducted, it has three distinct advantages. First, it would move the emphasis away from an unwinnable strategy of detecting fraud to an achievable onepreventing it. Second, it would encourage entities to adopt prevention strategies. Third, it could solve the liability dilemma that plagues the auditing profession

But we don’t have to wait until we have all the answers in order to do something different. Two ideas are worth debating now: the use of antifraud specialists on public audits, and financial transparency for executives.

Accepting that fraud deterrence and accounting are related but distinctly different disciplines, the auditing profession could utilize the unique skills of antifraud specialists on public audits. Virtually all of the major accounting firms currently employ such specialists. However, they are now being used reactively instead of proactively.

Rather than using their talents exclusively to investigate allegations of fraud once they have been reported, antifraud specialists also should be involved during the audit itself to help identify key risk areas, which then can be furnished to the auditors for further consideration. Moreover, the mere presence of antifraud specialists during audits could have a significant impact on increasing the perception that illegal activity will be detected. This is similar to the strategy of reducing crime by putting more cops on the beat. Although punishment after the fact doesn’t work very well, criminologists have thoroughly documented that more vigilance to stop crime before it happens is the most effective deterrent.

Considering my background, it might be expected that I would advocate the use of antifraud experts on audits. But, alas, I can’t claim credit for the idea. A number of years ago, I videotaped an interview with legendary fraudster Barry Minkow while he was serving an eight-year sentence in a federal prison in Colorado. (Minkow, a high school dropout with no accounting skills, fooled his independent auditors in a $100 million financial statement fraud scheme.) When I asked him how auditors could cope with his ilk, Minkow said: “I’ll tell you what I would do: I’d send in trained fraud examiners before the auditors arrive. And I’d tell the client, ‘You know, I really want your business, but I want to make sure you’re not committing fraud, too. So I’m sending the examiners in first. They’re going to be looking at everything and asking the tough questions.’ Would that stop a lot of fraud, or what? It certainly would have stopped me.”

From the study of a long list of financial statement frauds, beginning with the classic Equity Funding fraud in the 1970s and continuing through today’s multibillion dollar accounting scandals, a distinct pattern has emerged: Corporate managements—executives, insiders and board members—have lined their pockets at the expense of the shareholders. Their methods vary and are often cloaked behind complex transactions not readily apparent to the entity’s auditors.

But the profits from these illegal schemes nearly always find their way into the personal finances and spending habits of those involved (see “ The Excesses of Executives , at right). In some situations the same firm that conducted the audit, albeit by different personnel, prepared the individual tax returns of insiders. That was the case in the $300 million ESM Government Securities fraud of the 1980s. Although the financial fraud was concealed on the company’s books, the insiders had declared huge illegal profits on their own personal tax returns. Had the auditors examined the tax returns of the principals (which they did not) the scheme would have been obvious.

The Excesses of Executives

Prosecutors accused Dennis Kozlowski and Mark Swartz of Tyco of stealing another $140 million from the company. Their salaries, respectively, were $106 million and $54 million.

Andrew Fastow, former CFO of Enron, funneled $30 million to himself from off-balance-sheet partnerships that he created. Another $17 million was paid to his wife, Lea.

Federal prosecutors say that Adelphia founder John J. Rigas and two of his sons used the company as their “personal piggy bank, purportedly looting over $300 million, which included more than $50 million in cash advances, money for luxury apartments and a $13 million golf course.”

A jury determined that Mickey Monus, responsible for the $500 million Phar-Mor fraud, embezzled at least $10 million to fund the now-defunct World Basketball League.

This illustrates a fundamental tenet of fraud examination: Follow the money. There are but two ways that this can be accomplished. Illicit transactions can be traced from an insider to the organization or vice versa. The former approach is invariably easier than finding funds from the company to the insider, which often are disguised in a variety of ways.

Corporate insiders have a fiduciary duty to act in the best interests of the shareholders. A part of this duty should include their financial transparency. Auditors could be given access to any financial information that bears on this issue. That would include, but not be limited to, personal tax returns and detailed banking records. By having such access, two important objectives could be accomplished. First, it would make it more difficult for insiders to conceal ill-gotten gain. Second, financial transparency could be a significant and powerful deterrent.

The ideas contained here are not the complete solution. Even if all of them would be adopted in some form, we still would have to recognize that there is no mechanism that could prevent all financial statement fraud. Still, traditional accounting approaches have failed so far to solve these difficult problems. But if we do what we’ve always done, we’ll get what we’ve always gotten.


CPA’s Handbook of Fraud and Commercial Crime Prevention (# 056504JA)

Financial Reporting Fraud: A Practical Guide to Detection and Internal Control (# 029879JA)

Introduction to Fraud Examination and Criminal Behavior (# 730275JA)

Identifying Fraudulent Financial Transactions (# 730244JA)

Finding the Truth: Effective Techniques for Interview and Communication (# 730164JA)

To order, go to .

AICPA’s Antifraud Initiatives
Antifraud and Corporate Responsibility Resource Center, .

SAS no. 99 information.

Management Antifraud Programs and Controls (SAS no. 99 exhibit).

Fraud Specialist Competency Model.

Free corporate fraud prevention training and CPE.

Academia outreach and assistance.

Other antifraud activities.

Joseph T. Wells, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners and professor of fraud examination at the University of Texas at Austin. Mr. Wells won the Lawler Award for the best JofA article in 2000 and 2002 and has been inducted into the Journal of Accountancy Hall of Fame. His e-mail address is .


CPEOs provide peace of mind around payroll services

The creation of these new IRS-certified service providers for small businesses clarifies some issues around traditional professional employer organizations.


8 sentences to help you master subject-verb agreement

When professionals prepare written material for readers inside their organization or outside, they should make sure that no errors distract from the message they need to convey. Take this short quiz for practice in subject-verb agreement.