n a perfect world, the numbers in financial statements would tell CPAs everything they need to know about a business. Numbers are precise, definable and measurable. But in reality CPAs need words, too, to tell them the whole story of an enterprise. That’s the sole purpose of the footnotes to financial statements. Since fraudulent disclosures fall into a number of recognizable patterns, knowing how these schemes work can greatly help the financial statement auditor detect them.
Generally accepted accounting principles concerning disclosures require that financial statements (1) include all relevant and material information in the financials or footnotes and (2) not be misleading. These requirements present special challenges to the auditor, beginning with the most obvious: How can you be assured management has told you everything you need to know?
Most fraudulent disclosures involve purposeful omissions, which normally fall into one of five categories: liabilities, significant events, management fraud, accounting changes and related party transactions.
Liability omissions usually involve management’s intentional failure to disclose loan covenants or contingent liabilities. Auditors can uncover loan covenants by carefully reviewing financial institution documentation, and, by examining sales contracts, warranties, and other legal documents, they can find contingent liabilities. Although upper management may never tell you that they are involved in a potentially damaging lawsuit, corporate counsel will. Ask them. You also can independently check public records at the federal or state level. If a lawsuit has been filed, you can find it.
Significant events might include the onset of product or manufacturing obsolescence, the appearance of new competitive products or technology, possible lawsuits that could materially affect the company’s bottom line or major anticipated purchases or borrowings—anything, in short, that could affect future financial statements. Since an auditor runs the risk that senior management will not disclose these matters voluntarily, you should interview those company employees who would know: engineers, key sales staff, warehouse personnel and the finance department. Document your interviews in the workpapers.
Management fraud, even if it involves immaterial amounts, is always significant. Such fraud is usually detected through tips and complaints. The auditor should consider interviewing senior support staff and recently departed employees, asking in a nonaccusatory tone the question: “Do you suspect anyone in management who might be secretly stealing from the company?” Document the names and responses of the people you talk to.
Accounting changes must be disclosed if they have a material impact on the financial statements. Luckily, these changes should be easy to spot. Look at the previous financials and check to ensure the company still uses the same depreciation method, revenue recognition criteria, and accrual calculations.
Related party transactions typically involve an executive who holds an undisclosed financial interest in another entity. For example, in one instance, the chairman of a state retirement system saw to it that $65 million in pension funds was invested in a savings and loan company he partially owned. Shortly thereafter, regulators seized the S&L—and the investment was lost. The pension fund auditors had no knowledge of the connection—related party transactions often elude easy detection. In some instances, however, you can cross-reference the client’s key personnel to corporate records maintained by the state in which the company was formed. If a client’s officers also are listed as officers of another corporation, check further; you may have uncovered a related party transaction.
UNCOVERING DISCLOSURE FRAUD
The auditor also can consider other approaches. First, using the search capabilities of the Internet, turn up everything you can on the company and its key officers. Review newspaper articles, press releases, biographical sketches, commercial credit reports and other appropriate documentation. Look for clues to possible conflicts or controversy.
There’s a second approach auditors rarely employ, but it’s perfectly reasonable. During an audit, you have the legal right to ask for unrestricted access to the company’s filing cabinets. The client, of course, has the legal right to decline. As a practical matter, the auditor rarely asks for such access, instead relying on the client to furnish requested documents. The downside of the auditor’s requesting documents is obvious: The client has time to omit (and even alter) important accounting evidence. Asking for unrestricted access to files, on the other hand, has many advantages. One is that the auditor can look for things that are not in the books and records: for example, memos, business plans, competitive and market information and much more. Another is that having file access reduces the chances a dishonest client would have time to manufacture evidence. But perhaps the biggest advantage in asking is the opportunity for the auditor to assess how the client reacts. If the company puts up strong resistance to such access, perhaps there is a reason why.
If you don’t know exactly how to phrase a request for unrestricted file access, consider the following approach during the initial meeting with the client: “Mr. Client, as you well know, audits are a great inconvenience to you and your staff; we are often required to ask for documentation concerning a wide variety of transactions. One way you can save time and expense is to have an employee show us where and how your files are kept. That way, we can pull what we need without bothering your staff. Also, it sometimes helps us find items that get lost in the shuffle. So if you’ll show us where to look, we can just do it ourselves.”
Even an honest client may not be too thrilled with the idea of auditors rummaging through the files and may rebuff such a request. But, on the other hand, is he or she trying to hide something? By attempting to answer this question, the auditor can more readily detect and help deter fraudulent disclosures.
CASE STUDY: THE TALE OF FAST EDDIE
The federal bank regulators missed it three times during their annual reviews. The bank’s external auditors, a small CPA firm, missed it twice in a row. Neither of these groups of well-regarded professionals uncovered that the president of Midland State Bank (MSB) was stealing its shareholders blind. But MSB was forced to shut its doors less than three months after the bank’s financial watchdogs had given the institution a clean bill of health.
Eddie Thomas, the bank president, didn’t start out intending to embezzle money. Indeed, Thomas had worked his way up in the financial services industry. MSB, a small bank, was his first (and as fate would have it, his last) presidency. Looking back, he thinks the motivation for his greed came from the resentment he felt toward many of his borrowers. There he was, a college graduate, making less than a hundred thousand dollars a year while lending large sums of money to people he considered far less deserving.
One day a bar owner seeking to borrow money from the bank came in to see Thomas. The loan was too marginal, Thomas told him. Traditionally, bar and restaurant loans carried too much risk. But the customer said, “Thomas, if you were a partner in this business, you could see it was run right. And if you’ll approve this loan, I’ll give you a silent interest.”
The idea struck Thomas as a good one. He saw himself as financially savvy and thought the bar could use his help. And he was interested in the business from a different perspective: He liked to eat and drink—a lot. Thomas approved the loan, and he and his new partner shook hands warmly.
Word travels fast in a small place like Midland. Within two years, it was pretty well known around town that if you needed a loan, Thomas was the guy to see—provided you were willing to give him a piece of the action. Thomas never documented any of his silent partnerships. Later he said, “It was all done on handshakes. There was never any paper or anything like that.”
All those related party transactions would eventually come back to haunt Thomas. None of the businesses in which he held a hidden interest did well; he continually had to convert an old loan to a new one (a process called “flipping”) to keep the lending portfolio afloat. In retrospect, he did a credible job of covering his tracks through loan documentation.
Although the auditors and regulators didn’t know what was going on, the staff certainly did. They’d seen Thomas’s cohorts in the bank and how he himself acted and lived. Eventually the staff had had enough. So the bank’s executive vice-president, Roger Lawton, met privately with the outside directors. They could not believe their ears—Thomas had shown one year of profitability after another. But Lawton finally convinced the directors to hire a new audit firm to do a surprise examination of MSB.
The new auditors swooped down on the bank on Friday morning just as Thomas was arriving at work. He knew the jig was up. By the close of business that day—with the help of the bank’s staff (including Thomas)—the auditors had uncovered all the problem loans. None was ever collected and the bank was forced into liquidation. Thomas went to prison for three years. Although the shareholders received partial reimbursement from the original auditors for their loss, they still took a big financial hit. Several shareholders had to file for bankruptcy. So did the original CPA firm that missed the fraud during its audits of MSB.
THE LOAN RANGER
In defense of the auditors, it is very difficult to judge the quality of a company’s accounts receivable (in this case, loans) merely by looking at paper. If the documentation is complete and the CPA has no adverse information, he or she may have no compelling reason to look further. In many fraud cases, however, including this one, the paperwork was complete. And completely phony.
Moreover, the documents made available to the auditors did not reveal the fraud. Thomas concealed evidence of his secret kickbacks and self-dealing in his own personal accounts, not in those of the bank. Such transactions are known to fraud examiners as “off-book frauds.” As the term implies, auditing the client’s books and records usually does not uncover such schemes.
To detect fraudulent disclosures and other off-book frauds, the auditor must almost invariably rely on the cooperation of a company insider to provide tips. How that is done is remarkably simple. During a routine audit, you talk to the key insiders, one-on-one and privately. After you have finished the normal dialogue, say something like this: “Mr. Insider, as you know, we are responsible for an audit of the books. That means two things. First, we must assure ourselves that the information in the books is fairly presented. Second, we also must look for things that should be in the books but are not. Do you have any reason to believe that there are things going on outside the company’s books we should know about?” Document the answers in your workpapers.
If you doubt the effectiveness of asking such a straightforward question, consider what Roger Lawton said in an interview not long after Thomas went to prison.
Q: Tell us about Edward Thomas.
A: We (in the bank) called him “Fast Eddie” because of his lifestyle. He ate out four or five times a week, he drank and partied all the time, he had a new car, he had a Rolex, he even had a belt buckle made out of solid gold nuggets. And he sure wasn’t living like that on what the bank paid him.
Q: So did the employees in the bank suspect that Eddie was crooked?
A: Well, we didn’t exactly suspect he was a crook—we pretty much knew it for a fact.
Q: Why didn’t you tell the auditors or the regulators?
A: We were dying to tell them. They never asked.
JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners, Austin, Texas. His e-mail address is firstname.lastname@example.org .