| he recent failure of
Enroneven though fraud charges have yet to be
provenhas renewed the hue and cry from Congress,
regulators and the investing public: Why cant
auditors catch these problems? |
The answers run
the gamut: Auditors lack independence from their
clients, the audit process is not designed
primarily to detect fraud, the number of audit
failures is minuscule compared with the number of
audits, it is not possiblebecause of collusionto
detect all material frauds.
explanations may be perfectly valid, the public
isnt buying them. In a 1998 study, Bonner,
Palmrose and Young determined that after a failed
audit plaintiffs were more likely to sue auditors
who didnt detect questionable transactions. And
McEnroe and Martens 2001 study found that only
41% of auditorsvs. 71% of investorssaid auditors
should serve as public watchdogs. The message
seems clear: The public wants independent auditors
to detect and deter fraud.
is no foolproof method for uncovering fraud.
Unlike visible crimessuch as robbery or
assaultfrauds hallmarks are deception and
stealth. The company insiders who might be tempted
to commit financial statement fraud constantly
attempt to cover their tracks. And many of them
are good at itso good, in fact, that
investigators will never catch them all.
Historically, CPAs have counted on internal
controls as the main defense against fraud.
Although there is no question that controls are a
vital part of any organizations risk management
program, their preventive effect on fraud is
questionable for two reasons. First, internal
controls provide only reasonable
assurance against fraud. Second, if upper
management is hell-bent on showing stronger
earnings, it can find ways to override controls.
Therefore, to catch offenders in the act, CPAs
must start thinking like them.
THE POWER OF FEAR
Jeremy Bentham originated classic criminological
theory in the 18th century. It holds that a
persons propensity to commit a crime is
determined by his or her perception of related
risks and rewardsthe greater the risk of
detection and apprehension, the less likely a
person is to violate the law.
potential fraudsters are concerned aboutfrom the
CEO to the average rank-and-file employee (see
Pams Parable , at the
end of this article)is getting caught; theyre
not thinking specifically about internal controls.
Following classic criminology, their willingness
to commit fraud is inversely proportional to their
perceived risk of being discovered. This
conceptthe perception of detection
can be summarized as follows: Those who
perceive they will be caught engaging in fraud
are less likely to commit it (see How
Fraudsters Think, below). This graphic
illustrates the potential fraudsters thought
process. First, some sort of pressure creates a
motive. For a CEO, it may be the need to create
the appearance of greater corporate earnings.
Next, the executive concocts a schemefor
instance, to add phony sales and receivables.
Since a CEO doesnt
have access to the companys books and records, he
or she then enlists the aid of someone in the
accounting departmentoften the CFO. Finally, the
fraudster weighs the risk of being caught. If he
or she anticipates little or no risk, the fraud
proceeds. But if the executive foresees the
possibility of detection, he or she either
develops another, less risky scenario or abandons
PREVENTION VS. DETERRENCE
Although many people use the
terms prevention and deterrence
interchangeably, they refer to different concepts.
Prevention implies removing the root cause of a
problemprincipally the financial pressures that
motivate a person to commit fraud. Deterrence, on
the other hand, is the modification of behavior
through the threat of sanctions. From the
perpetrators perspective, there is no sanction
more negative than being caught. But note
carefully that it is the perception
not necessarily the realitythat modifies the
example. When attempting to control street crime,
the authorities usually increase police visibility
in crime-prone neighborhoods. Officers mere
presencea proactive deterrentis the most
effective way to discourage offenders.
But punishing criminals once theyve acteda
necessity in a civilized societyis reactive
deterrence. While many organizations use this
tactic as their principle weapon against fraud,
experience shows it is the least effective method
of allfully three-quarters of incarcerated
criminals are subsequently arrested again, usually
for increasingly serious offenses. Criminologists
have found it difficult to determine whether the
threat of punishment deters other members of an
organization from committing crimes.
we accept, however, that increasing the perception
of detection is the best deterrent, the profession
has alternatives to consider including in its
antifraud efforts. We can start at the logical
place: the top of the organization, where most
financial statement fraud schemes begin.
UPPER MANAGEMENT AND
1999 Committee on Sponsoring Organizations of the
Treadway Commission (COSO) study found the CEO
and/or CFO directed the fraud in at least 82% of
the cases examined. Given that, CPAs must increase
managements perception that auditors will catch
on to their misdeeds. Consider three practical
ways to achieve this:
Closer examination of managements
studies by Jensen and Warner (1988), Jensen and
Murphy (1990) and Beasley (1994) showed a
connection between the finances of top executives
and their likelihood of committing financial
statement fraud. The researchers found the more
stock an executive owned, the less likely he or
she was to commit financial statement fraud. The
reason? Those who own stock want to see it grow
and increase in value.
other executiveswith little equity in their
company but receiving compensation through various
arrangements based on predetermined financial
goalshad little disincentive to commit fraud: The
results of their fraudulent acts would have hurt
investors, not themselves. Therefore, a detailed
examination of the finances of key insiders could
reveal conflicts of interest, related-party
transactions, sales and purchases of stock and
even evidence of high-stakes embezzlements.
Frequently auditors can uncover these schemes
by examining insiders personal financial
statements, tax returns and bank statements. If
executives were aware of the possibility that
auditors might scrutinize their finances, it
wouldas increasing police visibility on the
street doesproactively deter them from committing
inquiry. A good way of
increasing the perception of detection is for the
auditoras part of his or her routine dutiesto
diligently inquire about the existence of fraud
within the organization. (See Why Ask? You
Ask, JofA , Sep.01, page 88,
). Since, in financial statement fraud, the CEO
nearly always has one or more accomplices, there
is always the possibility that someone else
involved will reveal the truth.
nature being what it is, we look down on
squealers. Its one thing to expect someone to
voluntarily come forward and quite another to ask
a potential informer point-blank questions:
Are you aware of any fraud within this
organization? Has anyone asked you to do
something you thought was illegal or unethical?
Toward that end, the Auditing
Standards Board (ASB) in February issued an
exposure draft, Consideration of Fraud in a
Financial Statement Audit, which proposes
requiring auditors to gather from management and
others within the audited entity information
necessary to identify the risks of material
misstatement due to fraud.
Surprise audits. In
todays complex business environments, conducting
a complete audit by surprise would be a practical
impossibility. In CPAs natural zeal to serve
their clients and cause them minimal disruptions,
theyve gradually gotten away from unannounced
audit work. But historically, large financial
statement frauds usually showed up in one or more
of three accounts: inventory, sales and accounts
receivable. If auditors periodically examined
certain accounts without warning, it might help
deter upper management from attempting to
artificially inflate assets or revenue.
Perhaps the best proof of the value of surprise is
the disastrous result its complete absence can
produce. In one of the most striking examples,
auditors for the Phar-Mor drugstore chain advised
management months in advance which of their stores
would be selected for audit. Not surprisingly,
this gave management enough time to ensure that
auditors would find nothing wrong in those stores.
As a result, auditors failed to detect a financial
statement fraud of some half a billion dollars.
(See Ghost Goods: How to Spot Phantom Inventory,
JofA , June01, page 33,
In the wake of Enron and beyond,
members of the profession must effectively address
these difficult issues because every instance of
fraud hurts the victim, the perpetrator, the
auditor and the criminal justice system.
Fortunately, with the aid of the ASBs proposed
auditing guidance and by thinking like the thieves
theyre trying to catch, CPAs can start winning
the struggle against fraud.