Chapter 18: Fraud Audit ACCT620 Internal Auditing Otto Chang Professor of Accounting

Objective of Fraud Audit Uncovering the presence, scope, and means of intentional misstatement of records and/or misappropriation of assets Fraud is an unusual occurrence. Alertness and professional skepticism are two of the most important skills. Often, the impetus for a fraud audit is some telltale sign of unusual transaction or a missing record.

Why Internal Auditors? Internal auditors issue no explicit disclaimer Internal audits are of sufficient scope and depth to detect irregularities Internal auditors are more familiar with operations and controls than external auditors Internal auditor’s primary focus is on controls expected to detect fraud

Loss from Fraud by Industry: 1996 CFE study Real Estate and Finance $475,000 Manufacturing 274,000 Banking 200,000 Oil and Gas 173,000 Construction 142,000 Health Care 105,000 Retail 100,000 Service 95,000 Insurance 72,000 Government 50,000 Utility 50,000 Education 32,000

Discovery of Computer Frauds By computer security officers 8.0% By auditors 4.5% By accident 32.0% By normal controls 45.0% By other methods 10.5%

Reporting Frauds Professional Standards Bulletin states that when that internal auditors suspect wrongdoing, they “should determine the possible effects…, discuss the matter with the appropriate level of management who should investigate or otherwise follow up the suspicion.”

Fraud Audit Approach Threat analysis: what assets are held? How could they be taken? Fraud assessment criteria: opportunity, motivation, and attitudes or ethical values Fraud scale theory: a 50% likelihood of fraud exists in the presence of low integrity, very moderate level of situational pressure, and opportunity to commit fraud.

Fraudulent Financial Reporting: Risk Assessment Management’s predisposition to distort F/S: excessive emphasis on meeting target Failure to establish policies and procedures Lack of control over operations Lack of control over computer processes Inadequate communication of policies and procedures for security of data or assets

Red Flag Indicators Personal situations creating undue pressure: –Indebtedness –Serious illness –Gambling problems –Alcohol problems –Resentment and frustration –Lack of personal ethics

Red Flag Indicators Company setting creating undue pressure: –Economic hardship –Dependency on limited number of products –Excessive leverage –Rapid growth –Tight credit –Increased competition –Restrictive loan provisions

Example of Red Flags Specific control risks: –One person handles all portions of an important transaction –Poor supervision –No clear assignment of responsibility and accountability –No required vacation –No rotation of workers

Common Methods of Embezzlement Removing small amounts from cash on hand Failing to record sales and pocketing the cash Overloading expense accounts to personal use Lapping collections on customer’s accounts Collecting an account and writing it off Recording unauthorized cash discount or sales return Carrying fictitious extra help on payrolls, increasing pay rates Paying false invoices Increasing the supplier’s invoice through collusion

Common Embezzlement Selling waste and scrap and pocketing the proceeds Falsifying bill of lading and splitting the cash with carrier Obtaining unprotected blank checks and forging signature Permitting special prices to customers or granting business to favored suppliers for kickbacks Outright staling of inventory, equipment, or other assets Using personal expenditure receipts to support false paid- out items Charging personal purchases to the company through the misuse of purchase order

Computer frauds Hacking:the use of talents to circumvent a computer’s security system Phreaking: penetrating corporate telecommunication systems and stealing telephone service Software piracy: illegal copy of software Viruses: the use of a program that modifies other programs

The Audit Process Selection of a team: use seasoned auditors Preliminary survey: looking for red flags Working paper documentation: use special care. Control access and retention of work paper because of legal issues Audit report: restricted to persons need to know Follow up: conducted by managers at least one level above the auditee

Legal Ramifications of Fraud Audits Slander and Libel: oral or written defamation False imprisonment: confinement of a person within boundaries Compounding a felony: agreeing for a consideration not to prosecute a criminal Confessions: are rarely sufficient basis for supporting accusation

Relative Performance of Audit Procedures Audit Procedures Errors Expectation from experience in prior years 287 Inquiry with client’s employees 504 Test of controls 7 Analytical procedures 293 Analysis of accounts and inspection of details 767 Evaluation of accounting estimates 202 Re-computations 162 Cutoff tests 155 Observation and other tests 205 2,582