Chapter 2: The Risk of Fraud and Mechanisms to Address Fraud
● Management compensation schemes
Fraud - is an intentional act involving the use of deception that results in a
material misstatement of the financial statements.
- there is intent to deceive
Types of Misstatements
1. Misstatements Arising From Misappropriation of Assets
Asset misappropriation - perpetrator steals or misuses an organization’s assets.
- are dominant in small businesses
- includes embezzling cash receipts, stealing assets, or causing the company to pay
for goods or services that were not received. Asset misappropriation
- commonly occurs when employees:
 Gain access to cash and manipulate accounts to cover up cash thefts
 Manipulate cash disbursements through fake companies
 Steal inventory or other assets and manipulate the financial records to cover
up the fraud
2. Misstatements Arising from Fraudulent Financial Reporting
Fraudulent Financial Reporting - intentional manipulation of reported financial
results to misstate the economic condition of the organization.
- seeks gain through the rise in stock price and the commensurate increase in
personal wealth.
- Three common ways in which fraudulent financial reporting take place:
a) Manipulation, falsification, or alteration of accounting records or supporting
documents
b) Misrepresentation or omission of events, transactions, or other significant
information
c) Intentional misapplication of accounting principles
The Fraud Triangle
- introduced by career criminologist Don Cressey more than 30 years ago.
- by identifying patterns in fraud cases, and he identified three factors:
1) Incentive to commit fraud
2) Opportunity to commit and conceal the fraud
3) Rationalization - the mindset to justify committing the fraud
Fraud Risk Factors/ Red Flags - factors associated with these elements.
Incentives or Pressures to Commit Fraud
Incentives for fraudulent financial reporting:
● Other financial pressures for either improved earnings or an improved balance
sheet
● Debt covenants
● Pending retirement or stock option expirations
● Personal wealth tied to either financial results or survival of the company
● Greed—for example, the backdating of stock options was performed by
individuals who already had millions of dollars of wealth through stock
Incentives relating to asset misappropriation:
● Personal factors, such as severe financial considerations
● Pressure from family, friends, or the culture to live a more lavish lifestyle than
one’s personal earnings allow for
● Addictions to gambling or drugs
Opportunities to Commit Fraud
- most fundamental and consistent findings in fraud research
- means not only that an opportunity exists, but either there is a lack of controls or
the complexities associated with a transaction are such that the perpetrator
assesses the risk of being caught as low.
- include the following:
● Significant related-party transactions
● A company’s industry position, such as the ability to dictate terms or conditions
to suppliers or customers that might allow individuals to structure fraudulent
transactions
● Management’s inconsistency involving subjective judgments regarding assets or
accounting estimates
● Simple transactions that are made complex through an unusual recording process
● Complex or difficult to understand transactions, such as financial derivatives or
special-purpose entities
● Ineffective monitoring of management by the board, either because the board of
directors is not independent or effective, or there is a domineering manager
● Complex or unstable organizational structure
● Weak or nonexistent internal controls
Rationalizing the Fraud
- crucial component in most frauds.
- involves a person reconciling unlawful or unethical behavior with the commonly
accepted notions of decency and trust.
For fraudulent financial reporting, it can range from “saving the company” to
personal greed, which includes:
● This is a one-time thing to get us through the current crisis and survive until
things get better.
● Everybody cheats on the financial statements a little; we are just playing the
same game.
● We will be in violation of all of our debt covenants unless we find a way to get
this debt off the financial statements.
● We need a higher stock price to acquire company XYZ, or to keep our employees
through stock options, and so forth.
For asset misappropriation, it revolves around mistreatment by the company or a
sense of entitlement. It includes:
● Fraud is justified to save a family member or loved one from financial crisis.
● We will lose everything (family, home, car, and so on) if we don’t take the
money.
● No help is available from outside.
● This is “borrowing,” and we intend to pay the stolen money back at some point.
● Something is owed by the company because others are treated better.
● We simply do not care about the consequences of our actions or of accepted
notions of decency and trust; we are out for ourselves.
Recent History of Fraudulent Financial Reporting
- The patterns evident across the frauds presented in Exhibit 2.3 imply the following
regarding the conduct of the audit:
● The auditor should be aware of the pressure that analyst following and earnings
expectations create for top management.
● If there are potential problems with revenue, the audit cannot be completed
until there is sufficient time to examine major year-end transactions.
● The auditor must understand complex transactions to determine their economic
substance and the parties that have economic obligations.
● The auditor must clearly understand and analyze weaknesses in an organization’s
internal controls in order to determine where and how a fraud may take place.
● Audit procedures must be developed to address specific opportunities for
fraud to take place.
- It illustrates that auditors must exercise professional skepticism in analyzing the
possibility of fraud and must be especially alert to trends in performance, or
results that are not consistent with other companies, in determining whether
extended audit procedures should be performed.
Auditing Procedures - cannot simply be an expansion of normal procedures.
- Must be targeted at discovering potential fraud when there are red flags
suggesting a heightened risk of fraud.
Professional skepticism

The Center for Audit Quality (CAQ), 2010 report on fraud
- involves the validation of information through probing questions, the critical
assessment of evidence, and attention to inconsistencies.
- is not an end in itself and is not meant to encourage a hostile atmosphere
or micromanagement;
- it is an essential element of the professional objectivity required of all
participants in the financial reporting supply chain.
- increases not only the likelihood that fraud will be detected, but also the
perception that fraud will be detected, which reduces the risk that fraud will be
attempted.
International Auditing Standards
- is an attitude that includes a questioning mind and a critical
assessment of audit evidence.
- requires an ongoing questioning of whether the information and audit evidence
obtained suggests that a material misstatement due to fraud may exist.
(ISA 240, para. 23)
- The auditor’s previous experience with the entity contributes to an understanding
of the entity.
- is not satisfied with less than-persuasive audit evidence based on a belief that
management and those charged with governance are honest and have integrity.
- means that the auditor carefully considers the reasonableness of responses to
inquiries of those charged with governance, and other information obtained from
them, in light of all other evidence obtained during the audit.
Key elements to successfully exercising professional skepticism
1) Obtaining strong evidence and analyzing that evidence through critical
assessment,
2) attention to inconsistencies, and
3) asking probing (often open-ended) questions.
The essence of auditing is to bring professional skepticism to the audit and to be
alert to all of the possibilities that may cause the auditor to be misled.
The Third COSO Report
- COSO has conducted three major studies on fraudulent financial reporting.
- The most recent study in 2010, was of companies during 1998-2007 cited by SEC
for fraudulent financial reporting.
- identified the major characteristics of companies that had perpetrated fraud.
- focused on comparing fraud and nonfraud companies of similar sizes and in
similar industries to determine which factors were the best in discriminating.
MAJOR FINDINGS:
● The amount and incidence of fraud remains high. The total amount of fraud was
more than $120 billion spread across just 300 companies.
● The median size of company perpetrating the fraud rose tenfold to $100 million
during the 1998-2007 period (as compared to the previous ten years).
● There was heavy involvement in the fraud by the CEO and/or CFO, with at least
one of them named in 89% of the cases.
● The most common fraud involved revenue recognition—60% of the cases during
the latest period compared to 50% in previous periods.
● One-third of the companies changed auditors during the latter part of the fraud
(with the full knowledge of the audit committee) compared to less than half that
amount of auditor changes taking place with the nonfraud companies.
● Consistent with previous COSO studies, the majority of the frauds took place at
companies that were listed on the Over-The-Counter (OTC) market, rather than
those listed on the NYSE or NASDAQ.
MOTIVATIONS:
a) need to meet internal or external earnings expectations,
b) an attempt to conceal the company’s deteriorating financial condition,
c) need to increase the stock price,
d) need to bolster financial performance for pending equity or debt financing,
e) desire to increase management compensation based on financial results
Deterring and Detecting Financial Reporting Fraud - A Platform for Action
By Center for Audit Quality (CAQ) October 2010
- views fraud-related responsibilities as the key means to improve the external
auditor’s contribution to society and to gain respect for the auditing profession.
- recognizes that preventing and detecting fraud cannot be the job of the external
auditor alone; all the parties involved in preparing and opining on audited financial
statements need to play a role in preventing and detecting fraud.

Three ways in which individuals involved in the financial reporting process

(management, the audit committee, internal audit, external audit, and regulatory
authorities) can mitigate the risk of fraudulent financial reporting:
● These individuals need to acknowledge that there needs to exist a strong, highly
ethical tone at the top of an organization that permeates the corporate culture,
including an effective fraud risk management program.
● These individuals need to continually exercise professional skepticism, a
questioning mindset that strengthens professional objectivity, in evaluating and/or
preparing financial reports.
● These individuals need to remember that strong communication among those
involved in the financial reporting process is critical.

The mission of the PCAOB is to restore the confidence of investors, and society
generally, in the independent auditors of companies. The detection of material
fraud is a reasonable expectation of users of audited financial statements. Society
needs and expects assurance that financial information has not been materially
misstated because of fraud. Unless an independent audit can provide this
assurance, it has little if any value to society.
The Post Sarbanes-Oxley World: A Time of Improved Corporate Governance

Corporate governance - is a process by which the owners (stockholders) and creditors of an

organization exert control and require accountability for the resources entrusted to the
organization.
- The owners elect a board of directors to provide oversight of the organization’s activities
and accountability to stakeholders.

Governance starts with the owners delegating responsibilities to management through an

elected board of directors- including a sub committee of the board that serves as an audit
committee.
- Oversee management, and, in that role, are expected to protect the stockholders’ rights
and ensure that controls exist to prevent and detect fraud.

Management is part of the governance framework

- can influence who sits on the board and the audit committee, as well as other governance
controls that might be put into place.

Stakeholders include anyone who is influenced, either directly or indirectly, by the actions
of a company society and to meet various requirements of creditors and employees and
other stakeholders.
New York Stock Exchange (NYSE) in 2010
Principles of Effective Corporate Governance
 The board’s fundamental objective should be to build long-term sustainable growth in
shareholder value for the corporation.
 Successful corporate governance depends upon successful management of the
company, as management has the primary responsibility for creating a culture of
performance with integrity and ethical behavior.
 Effective corporate governance should be integrated with the company’s business
strategy and not viewed as simply a compliance obligation.
 Transparency is a critical element of effective corporate governance, and companies
should make regular efforts to ensure that they have sound disclosure policies and
practices.
 Independence and objectivity are necessary attributes of board members; however,
companies must also strike the right balance in the appointment of independent and
nonindependent directors to ensure an appropriate range and mix of expertise,
diversity, and knowledge on the board.
Corporate Governance Guidelines
● Boards need to consist of a majority of independent directors.
● Boards need to hold regular executive sessions of independent directors without
management present.
● Boards must have a nominating/corporate governance committee composed entirely of
independent directors.
● The nominating/corporate governance committee must have a written charter that
addresses the committee’s purpose and responsibilities, and there must be an annual
performance evaluation of the committee.
● Boards must have a compensation committee composed entirely of independent
directors.
● The compensation committee must have a written charter that addresses the
committee’s purpose and responsibilities, which must include (at a minimum) the
responsibility to review and approve corporate goals relevant to CEO compensation, to
make recommendations to the Board about non-CEO compensation and incentive-based
compensation plans, and to produce a report on executive compensation; there must also
be an annual performance evaluation of the committee.
● Boards must have an audit committee with a minimum of three independent members.
● The audit committee must have a written charter that addresses the committee’s purpose
and responsibilities, and the committee must produce an audit committee report; there
must also be an annual performance evaluation of the committee.
● Companies must adopt and disclose corporate governance guidelines addressing director
qualification standards, director responsibilities, director access to management and
independent advisers, director compensation, director continuing education, management
succession, and an annual performance evaluation of the Board.
● Companies must adopt and disclose a code of business conduct and ethics for directors,
officers, and employees.
● Foreign companies must disclose how their corporate governance practices differ from
those followed by domestic companies.
● CEOs must provide an annual certification of compliance with corporate governance
standards.
● Companies must have an internal audit function, whether housed internally or
outsourced.
Section 301 of the Sarbanes-Oxley Act
 Directly responsible for the appointment, compensation, and oversight of the work of
registered accounting firms;
 They must be independent;
 They must establish whistleblowing mechanisms within the company;
 They must have the authority to engage their own independent counsel;
 Companies must provide adequate funding for audit committees.

Responsibilities of Audit Committees

● Obtaining each year a report by the external auditor that addresses the company’s
internal control procedures, any quality control or regulatory problems, and any
relationships that might threaten the independence of the external auditor
● Discussing the company’s financial statements with management and the external auditor
● Discussing in its meetings the company’s earnings press releases, as well as financial
information and earnings guidance provided to analysts
● Discussing in its meetings policies with respect to risk assessment and risk management
● Meeting separately with management, internal auditors, and the external auditor on a
periodic basis
● Reviewing with the external auditor any audit problems or difficulties that they have had
with management
● Setting clear hiring policies for employees or former employees of the external auditors
● Reporting regularly to the board of directors

Other Responsibilities
- also has the authority to hire and fire the head of the internal audit function,
- set the budget for the internal audit activity,
- review the internal audit plan,
- discuss all significant internal audit results.
- performing or supervising special investigations,
- reviewing policies on sensitive payments,
- coordinating periodic reviews of compliance with company policies such as corporate
governance policies.