So what do I suggest if I think the triad of fraud “guidance” is a crock? Good question. In an accounting/auditing engagement, what would I recommend as guidance in considering the risk of fraud?
First, I would create at least 2 major and wholly independent categories of fraud.
- Material, willful, financial statement fraud
- Isolated personal fraud
The first category is the most serious. Think Enron, WorldCom, blah blah blah. It seems that current guidance and procedures should be EXPECTED to identify this category of fraud. If not, then the independent CPA and his or her audit opinion is virtually worthless. The fact that CPA firms continue to miss this means the status quo is not good enough. The AICPA needs a major initiative to revise, refine and redo the formal audit procedures for detecting this category of fraud. There are a lot of recent graphic examples on which to draw. Random testing is not good enough. Audit procedures should be directed at specifically and actively searching for fraud based on a risk analysis. Are inventories a big number? Search for inventory fraud ala Phar-Mor and other similar known audit failures. Capitalization of fixed assets a big number? WorldCom. Etc. These all included a large cast of co-conspirators and as such, should have been caught by the auditors. We need specific procedures designed to address this.
I think the large national and international companies need to be brought to heel. They run roughshod over their auditors, over the regulators, over the tax authorities, over their shareholders, over everyone. Enough is enough.
Now, for smaller companies, the issue of isolated personal fraud looms as perhaps a larger threat than full-blown financial statement fraud. The fact that these are isolated and personal does not mean that they do not present a financial statement risk. Dennis Koslowski at Tyco did tremendous damage to the stockholders’ value by his personal greed and fraud. We need to take this risk more seriously. As far as specific audit procedures, I offer these as a start:
Identify any and all key executive staff who have positions of power and influence sufficient to bypass or corrupt standard internal controls. By default, this list must include the President, COO, CEO, Chief Financial Officer, any Executive Vice Presidents, Division or group presidents, and board chair.
Complete a detailed internal control review over the span of influence and control exercised by these individuals. The control review needs to specifically target potential fraud vulnerabilities such as lack of segregation of duties, lack of effective review and approval, etc. Require that significant control weaknesses be remediated and re-examined for verification. The auditor should be in complete control over this. There should be zero tolerance for delay, denial, equivocation and whining from the audit client.
Obtain independently the personal credit reports for these individuals and examine them for unusual entries. Complete a 100% detailed review of all compensation paid to these individuals. Inspect and audit 100% of all travel and entertainment reimbursement, stock option grants, asset transfers, etc. A sample is not good enough. This requires a complete census of transactions. Present the detailed results of this examination to the full board for review and approval.
There is an awful lot more that can and should be added. This is just the beginnings of my own personal rant and is horribly incomplete and inadequate. But even given that, it’s a start in the right direction. And there is nothing to prevent a CPA firm from implementing these procedures unilaterally and immediately. At least, that’s what I think. I could be wrong, but I don’t think so.
accounting, bank auditing, CPA, embezzlement, Employee Theft, fraud, fraud theft embezzlement internal controls small buisiness, Internal Audit, internal controls, purchasing fraud, retail theft, segregation of duties, tax fraud, Vendor fraud, Vendor Theft, write off