all me a skeptic. Maybe it’s because
I’ve investigated a couple of thousand fraud cases
over a career now entering its fourth decade.
Perhaps it’s because questioning is one of a CPA’s
most valuable talents. While I believe that as a
profession we’re moving in the right direction, I’m
convinced we still have miles to go. The auditing
profession’s current approach to fraud detection—as
well-intended as it is—won’t have the impact the
public expects until auditors and their firms are
willing to invest in improved fraud deterrence and
detection skills and resources. In my view, even
with SAS no. 99, Consideration of Fraud in a
Financial Statement Audit, we’re still
doing much of what we’ve always done. This article
should provoke thought and debate among CPAs on
how we might consider different approaches in the
way audits are conducted in order to give the
public what it really wants: business enterprises
with integrity.
DEPROGRAMMING OURSELVES
In considering new solutions, it
becomes necessary for us to critically
examine our current thinking. Over the
years, I personally have trained thousands
of CPAs in antifraud matters. One question
that I frequently ask is, “How do we
prevent fraud?” The answer: “Internal
control.” |
“If we always do what
we’ve always done,
we’ll always get what
we’ve always gotten.”
—Anonymous
| |
Oh, really? Under that theory, organizations
with adequate controls won’t experience fraud. But
they do—time and time again. Part of the reason is
that no controls exist that provide absolute
assurance against fraud. Those who are
sufficiently motivated to override or circumvent
them usually can find a way. Don’t get me wrong:
Controls are a vital part of fraud deterrence.
However, they need to be considered in a larger
context.
Fraud is not an accounting problem;
it is a social phenomenon. If you strip
economic crime of its multitudinous
variations, there are but three ways a
victim can be unlawfully separated from
money: by force, stealth or trickery.
While the first two are on the wane, the
third is not (see exhibits 1 ,
2 and 3 ). And the reasons
have little to do with accounting
controls. Robbery, theft and other
street crimes are the bailiwick of the
young and undereducated. According to
the FBI, these kinds of offenses are at
a 30-year low. Why? First, our
society—because of baby boomers—is
aging: There are fewer young people in
our population, the net result of which
is that there are fewer potential
offenders. Second, because of mass
media, that smaller pool of young people
has learned a very valuable lesson: The
best way to rob a bank is to own one.
| |
Exhibit 1
|
Source:
“Key Crime & Justice Facts
at a Glance,” U.S. Department
of Justice, Office of Justice
Programs, Bureau of Justice
Statistics.
| |
To understand the risk/reward equation,
consider just one anecdote from the go-go ’90s:
Junk-bond king Michael Milkin’s earnings, largely
illegal, amounted to about $1.2 billion. The
government fined him $600 million and he spent 20
months in a federal prison. A thug with a gun
holding up a financial institution usually will
net less than $5,000 and typically will serve at
least five years behind bars. Anyone can perform
the simple arithmetic involved in that crime
formula.
THE CONFUSING ISSUE OF CRIMINAL JUSTICE
But before you jump to the
conclusion that increasing penalties for crime is
the answer, consider another counterintuitive
fact: The United States has some of the harshest
criminal penalties in the modern world—coupled
with the highest crime rates. Criminologists
almost universally understand why:
Punishment-based deterrence simply doesn’t work
very well. Nearly 75% of incarcerated inmates are
rearrested within three years of their being
released, usually for more serious offenses (see
exhibit 4 ). If you are
thoroughly confused, you should be. That’s
because classic criminological theory says
there are three related factors involved
in deterrence: the certainty, swiftness
and severity of punishment. Of those
factors, the first is by far the most
important—if punishment is certain and
swift, it doesn’t need to be severe. As a
matter of fact, the longer the prison
sentence, the more likely it is the
miscreant will offend again.
Regrettably, under our system of
justice, there is nothing certain about
being punished. Exacerbating the
problem, I believe, is the “get tough”
mentality that politicians must use to
get elected to office. It is one thing
to pass a law but quite another to
appropriate the funds to enforce it.
Under Sarbanes-Oxley, the criminal
penalties for mail fraud were
quadrupled, from five to twenty years
per offense. | |
Exhibit 2
|
Source:
“Key Crime & Justice Facts
at a Glance,” U.S. Department
of Justice, Office of Justice
Programs, Bureau of Justice
Statistics.
| |
But there has been no corresponding quadrupling
of funds for prosecutors, investigators and
prisons. If the penalties go up and the money
devoted to enforcement stays the same, then the
certainty of punishment actually goes down. Our
prisons are bursting at the seams, so prosecutors
and judges are forced to make very unattractive
choices of who is prosecuted and who isn’t. When
it comes to making those decisions, they almost
invariably choose to jail those who commit violent
crimes—not the people who rip us off. So
when a potential fraud offender thinks he or she
can commit a crime and get away with it, that
assessment usually is correct. What is society to
do, then, about the current wave of fraud that
seems to have engulfed us? First, we need to
understand that our problems cannot be
solved by government intervention.
Prosecution of offenders, although
necessary in a civilized society is
akin—as we might say here in Texas—to
closing the barn door after the horses are
gone. Second, we must acknowledge the
private sector has a responsibility to
cure its own ills. Third, we must commit
the resources necessary to find solutions
that work.
UNDERSTANDING FRAUD PREVENTION
If you accept the
postulate that fraud prevention and
internal control are not exactly the
same—and they aren’t—then the accounting
profession needs to learn more about
preventing fraud. Unfortunately, no one
has studied this issue in any great
detail, especially when it comes to
occupational fraud. We know some of the
answers, but not nearly enough. For
example, when presented with seemingly
identical opportunities and motives, why
does one person or organization turn to
fraud and another does not? No one
really knows. Besides internal control,
what factors go into preventing fraud?
Again, we’re short on answers. |
|
Exhibit 3
|
Association of Certified
Fraud Examiners.
| |
But there is hope. This year, the AICPA and the
Association of Certified Fraud Examiners
established and funded the Institute for Fraud
Studies (IFS). Other interested organizations and
government agencies are being invited to
participate, too. The IFS will operate under the
auspices of the University of Texas at Austin,
where I teach on fraud subjects in the graduate
school of business.
Factors
Affecting
Occupational Fraud: A Partial List
Financial condition of the
organization.
Pressure to show profits in
the marketplace.
Internal accounting controls.
The state of the economy.
Integrity level of corporate
leaders and employees.
Commitment to the
organization’s value system.
Personal traits and
characteristics of executives and
employees.
Reward systems for ethical
behavior.
Organizational culture and
dynamics.
Peer pressure.
The perception of detection.
The swiftness, certainty and
severity of punishment.
| The purpose of
the institute is simple: to conduct
multidisciplined research into the causes of and
cures for fraud. It will reach out to academics
and researchers in a variety of fields such as
behavioral sciences, the law, accounting and
criminal justice. And although the IFS has a
simple mission, achieving its goals will not be
easy. One of the first projects will be to help
entities find workable solutions to the fraudulent
financial reporting dilemma. A
DIFFERENT TACTIC One of
the most difficult issues facing the
profession is that there are no auditing
procedures that can provide absolute
assurance in detecting all fraudulent
financial reporting. As a result auditors
have historically attempted to avoid,
albeit unsuccessfully, the responsibility
for fraud detection. In the current
environment, the public holds expectations
of auditors with respect to fraud that
simply cannot be fulfilled. The auditing
profession could be better served by
adopting a more holistic approach to the
deterrence of fraud. This concept, called
the Model Organizational Fraud Deterrence
Program (the model), employs a “best
practices” approach to fraud prevention.
Using this model, researchers would
identify the factors present in
organizations—both accounting and
otherwise—that affect occupational fraud
(see “ Factors
Affecting Occupational Fraud: A Partial
List ,” above). They then would
develop a model deterrence program based
on those factors. Thereafter, instead of
opining that the entity is essentially
free of material fraud, the auditor would
disclose the client’s degree of compliance
to the model. . |
Exhibit
4
|
Source: “Reentry
Trends in the United
States,” U.S.
Department of
Justice, Office of
Justice Programs,
Bureau of Justice
Statistics.
| | |
Although this is a shift in the way audits are
conducted, it has three distinct advantages.
First, it would move the emphasis away from an
unwinnable strategy of detecting fraud to an
achievable onepreventing it. Second, it would
encourage entities to adopt prevention strategies.
Third, it could solve the liability dilemma that
plagues the auditing profession But we
don’t have to wait until we have all the answers
in order to do something different. Two ideas are
worth debating now: the use of antifraud
specialists on public audits, and financial
transparency for executives.
ANTIFRAUD SPECIALISTS ON PUBLIC AUDITS
Accepting that fraud deterrence
and accounting are related but distinctly
different disciplines, the auditing profession
could utilize the unique skills of antifraud
specialists on public audits. Virtually all of the
major accounting firms currently employ such
specialists. However, they are now being used
reactively instead of proactively. Rather
than using their talents exclusively to
investigate allegations of fraud once they have
been reported, antifraud specialists also should
be involved during the audit itself to help
identify key risk areas, which then can be
furnished to the auditors for further
consideration. Moreover, the mere presence of
antifraud specialists during audits could have a
significant impact on increasing the perception
that illegal activity will be detected. This is
similar to the strategy of reducing crime by
putting more cops on the beat. Although punishment
after the fact doesn’t work very well,
criminologists have thoroughly documented that
more vigilance to stop crime before it happens is
the most effective deterrent. Considering
my background, it might be expected that I would
advocate the use of antifraud experts on audits.
But, alas, I can’t claim credit for the idea. A
number of years ago, I videotaped an interview
with legendary fraudster Barry Minkow while he was
serving an eight-year sentence in a federal prison
in Colorado. (Minkow, a high school dropout with
no accounting skills, fooled his independent
auditors in a $100 million financial statement
fraud scheme.) When I asked him how auditors could
cope with his ilk, Minkow said: “I’ll tell you
what I would do: I’d send in trained fraud
examiners before the auditors arrive. And I’d tell
the client, ‘You know, I really want your
business, but I want to make sure you’re not
committing fraud, too. So I’m sending the
examiners in first. They’re going to be looking at
everything and asking the tough questions.’ Would
that stop a lot of fraud, or what? It certainly
would have stopped me.” FINANCIAL
TRANSPARENCY WHERE IT COUNTS
From the study of a long
list of financial statement frauds,
beginning with the classic Equity Funding
fraud in the 1970s and continuing through
today’s multibillion dollar accounting
scandals, a distinct pattern has emerged:
Corporate managements—executives, insiders
and board members—have lined their pockets
at the expense of the shareholders. Their
methods vary and are often cloaked behind
complex transactions not readily apparent
to the entity’s auditors. But the
profits from these illegal schemes
nearly always find their way into the
personal finances and spending habits of
those involved (see “ The Excesses of
Executives , at right). In some
situations the same firm that conducted
the audit, albeit by different
personnel, prepared the individual tax
returns of insiders. That was the case
in the $300 million ESM Government
Securities fraud of the 1980s. Although
the financial fraud was concealed on the
company’s books, the insiders had
declared huge illegal profits on their
own personal tax returns. Had the
auditors examined the tax returns of the
principals (which they did not) the
scheme would have been obvious.
|
The
Excesses
of Executives
Prosecutors
accused Dennis Kozlowski and
Mark Swartz of Tyco of
stealing another $140 million
from the company. Their
salaries, respectively, were
$106 million and $54 million.
Andrew Fastow,
former CFO of Enron, funneled
$30 million to himself from
off-balance-sheet partnerships
that he created. Another $17
million was paid to his wife,
Lea.
Federal
prosecutors say that Adelphia
founder John J. Rigas and two
of his sons used the company
as their “personal piggy bank,
purportedly looting over $300
million, which included more
than $50 million in cash
advances, money for luxury
apartments and a $13 million
golf course.”
A jury determined
that Mickey Monus, responsible
for the $500 million Phar-Mor
fraud, embezzled at least $10
million to fund the
now-defunct World Basketball
League.
| |
This illustrates a fundamental tenet of fraud
examination: Follow the money. There are but two
ways that this can be accomplished. Illicit
transactions can be traced from an insider to the
organization or vice versa. The former approach is
invariably easier than finding funds from the
company to the insider, which often are disguised
in a variety of ways. Corporate insiders
have a fiduciary duty to act in the best interests
of the shareholders. A part of this duty should
include their financial transparency. Auditors
could be given access to any financial information
that bears on this issue. That would include, but
not be limited to, personal tax returns and
detailed banking records. By having such access,
two important objectives could be accomplished.
First, it would make it more difficult for
insiders to conceal ill-gotten gain. Second,
financial transparency could be a significant and
powerful deterrent. The ideas contained
here are not the complete solution. Even if all of
them would be adopted in some form, we still would
have to recognize that there is no mechanism that
could prevent all financial statement fraud.
Still, traditional accounting approaches have
failed so far to solve these difficult problems.
But if we do what we’ve always done, we’ll get
what we’ve always gotten.
| |
Resources
| Books
CPA’s Handbook of Fraud and Commercial
Crime Prevention (# 056504JA)
Financial Reporting Fraud: A
Practical Guide to Detection and
Internal Control (# 029879JA)
CPE
Introduction to Fraud Examination
and Criminal Behavior (# 730275JA)
Identifying Fraudulent Financial
Transactions (# 730244JA)
Finding the Truth: Effective
Techniques for Interview and
Communication (# 730164JA) To
order, go to
www.cpa2biz.com . |
AICPA’s Antifraud
Initiatives Antifraud and
Corporate Responsibility Resource Center,
http://antifraud.aicpa.org/
.
SAS no. 99 information.
Management Antifraud
Programs and Controls (SAS no. 99
exhibit).
Fraud Specialist Competency
Model.
Free corporate fraud
prevention training and CPE.
Academia outreach and
assistance.
Other antifraud activities.
| Joseph T.
Wells, CPA, CFE, is founder and chairman of the
Association of Certified Fraud Examiners and
professor of fraud examination at the University
of Texas at Austin. Mr. Wells won the Lawler Award
for the best JofA article in 2000 and
2002 and has been inducted into the Journal of
Accountancy Hall of Fame. His e-mail
address is
joe@cfenet.com . |