Assessing the Risks of Accounting Fraud

Assessing the Risks of Accounting Fraud

Robert Sidorsky. Commercial Lending Review. Riverwoods: Nov/Dec 2006. pg. 9, 8 pgs

Abstract (Summary)
Lenders must regularly confront the risk of fraudulent financial reporting in their credit decisions and loan management. A basic precautionary measure is to understand the common patterns and telltale signs of accounting fraud. This article provides an overview of: 1. the conditions conducive to accounting fraud or what are commonly called "red flags", 2. how accounting fraud is committed based on actual case histories, and 3. measures that can be taken to prevent and uncover theft of assets and fraudulent financial reporting. When the conditions conducive to fraud are understood, it is possible to institute a control environment and put in place specific controls designed to prevent and discover management theft. Lenders can significantly enhance their ability to evaluate financial statements and financial information in order to assess the risks and likelihood of fraud. It is important to understand how the control environment as well as specific controls and audit procedures are designed to prevent and uncover fraud.

Lenders must regularly confront the risk of fraudulent financial reporting in their credit decisions and loan management. Given that accounting fraud by definition involves chicanery, and in some instances elaborate cover-up of the borrower's true financial condition, what can be done to address and mitigate the risk of accounting fraud? A basic precautionary measure is to understand the common patterns and telltale signs of accounting fraud. By understanding how accounting fraud is perpetrated and, in particular, the patterns of fraudulent financial reporting that tend to be associated with particular industries, lenders and credit managers will be in a much better position to obtain and assess relevant financial information from the borrower and to address the risks with the borrower's financial officers and in-house and outside auditors.

This article provides an overview of (1) the conditions conducive to accounting fraud or what are commonly called "red flags"; (2) how accounting fraud is committed based on actual case histories; and (3) measures that can be taken to prevent and uncover theft of assets and fraudulent financial reporting. By gaining an understanding of these three interrelated subjects, lenders will significantly enhance their ability to assess and control credit risks.

The risks associated with accounting fraud are generally grouped within two broad categories. One is theft or looting of corporate assets by management insiders, and the other is fraudulent financial reporting.

Misappropriation of Assets

In cases of management theft, there are certain indicia of fraud or red flags that are typically present. These factors can generally be categorized as follows:

* Management style/dominant CEO/ability to override controls

* Weak internal controls/lack of segregation of duties

* Numerous manual journal entries

* Transactions that lack apparent business purpose/ unsupported transactions on the general ledger

Misappropriation or looting of corporate assets by insiders frequently takes place in a corporate environment in which the management style is characterized by a dominant chief executive officer who has the ability to override controls. It is very typical in these situations to have a control environment where there is a lack of adequate segregation of duties. In these circumstances, the dominant executive has the ability to commit fraud and often equates his or her own persona with that of the company failing to draw the line between corporate assets and self-dealing.

To commit fraud, the perpetrator of the theft will typically engage in a transaction or series of transactions that lack an apparent business purpose or are unsupported in the company's accounting records. Furthermore, to obtain receipt of the diverted assets or funds, the transaction typically must flow through entities or counterparties that are related parties subject to the control of the perpetrator, which may be disclosed or undisclosed related parties. Finally, these transactions may be reflected in numerous manual journal entries.

Some Case Examples

Some historical as well as more recent cases illustrate this recurring pattern in cases of fraudulent misappropriation. For example, in the DeLorean case,1 John Z. DeLorean, who had been a senior executive at General Motors, founded an eponymous automobile company, DeLorean Motor Company (DMC), in the late 1970s. DeLorean was able to obtain financing from a department of the British government in Northern Ireland to build a stainless steel, gull-wing sports car in a plant outside Belfast. At the very outset of the project, DeLorean announced to the board of directors that he had negotiated a contract to have the development and engineering of the car performed by Lotus Cars Limited in England but that Colin Chapman, who was the then head of Lotus, insisted that all of the money for the development work, approximately $18 million, be paid up front to a company in Geneva called GPD Services Inc. The $18 million was paid into the Swiss bank account of GPD, which was incorporated in Panama, pursuant to a contract entered into between the DeLorean companies and GPD. After the Northern Ireland subsidiary went into receivership and bankruptcy proceedings were commenced in the United States, DeLorean and Chapman were alleged to have misappropriated the money paid to GPD, splitting the funds between them. Lotus was paid approximately $22 million for its design and engineering work through supplemental or additional payments made under the contract with GPD.

This case involved many of the red flags discussed above. DeLorean, as the well-known founder of the start-up company, dominated the corporation and was able to override basic accounting controls-and such controls were lacking. The contract for performance of the development and engineering work with GPD was extremely vague and lacked accounting controls or performance benchmarks. Moreover, there was no mechanism for verifying if Lotus, the company actually performing the engineering work, was receiving the funds paid up front or how completion of the different phases of the work was to be determined.

Furthermore, the transaction at issue lacked an apparent business rationale. Since Lotus was to perform the engineering work in England, this called into question why payment was going to a mysterious, offshore company incorporated in Panama. Similarly, since the purported business justification for the contract with GPD was that it owned certain rights or patents involved in the engineering process, this raised the issue of whether there was any documentation or independent evidence to support GPD's ownership of such processes or patents. Finally, because GPD was a shell Panamanian corporation with a Swiss bank account, DeLorean and Chapman were able to control the flow of funds out of GPD's bank account. Thus, this case highlights many of the conditions conducive to misappropriation of assets outlined above.

Another example of alleged management theft involves an insolvent health maintenance organization (HMO) in New Jersey, which has resulted in ongoing litigation by the New Jersey Commissioner of Insurance against the officers and directors of the HMO, as well as its outside auditors and actuaries. In this case, the HMO was a start-up insurance company whose sole shareholder was a doctor who also owned and operated a network of related companies. Accordingly, there is the familiar pattern of the dominant owner or CEO and weak control environment. In this specific example, the owner arranged for contracts between the HMO, which received funds under Medicaid, with the various related-party entities controlled by him. These arrangements included a contract with a related-party company that ostensibly provided ambulance or transportation services for patients and a contract with another related-party company that purported to provide marketing services to the HMO. In practice, large sums were paid pursuant to these contracts to the related-party entities, which provided little or no services to the HMO. Thus, the alleged perpetrator of the fraud was able to siphon off millions of dollars from the regulated HMO to other unregulated businesses under his control.

The theft of corporate assets may also occur in situations where insiders conspire or collude with customers or outside vendors to misappropriate corporate assets. As noted above, in the DeLorean case, DeLorean was alleged to have colluded with Chapman, who was the chief executive of a vendor of DMC, to misappropriate corporate funds. In a typical case, a customer may bribe a corporate insider to allow the customer to engage in defalcation. For example, in a case involving a commodities trading firm in New York, a customer bribed the firm's credit manager so that he could take delivery of gold and silver on credit. As a result, the customer owed the firm in excess of $20 million, which was the largest account receivable balance on the company's books. To create the false appearance that the account receivable balance was fully secured, the customer provided collateral in the form of what were purported to be rare and extremely valuable coins. The credit manager, in return for bribes received from the customer, accepted the collateral knowing that it was counterfeit or of little value and placed values on the coins in the company's books that were far in excess of their true worth. The company's outside auditors observed and counted the coins each year as part of their annual examination of inventory but did not seek an independent verification of the authenticity or true value of the numismatic collateral.

Here again, the main feature of the fraud is the lack of an apparent business purpose for the transaction and its unusual nature. The red flags or indicia of fraud regarding this transaction included the following:

* The customer's account receivable balance was the largest on the company's books.

* There was no apparent business purpose for allowing the customer to carry such a large balance.

* Accepting coins as collateral was against company policy.

* The company was in the business of arbitrage trading of gold and silver and had no expertise in valuing coins.

* The customer traded through corporate entities incorporated in Uruguay and Panama while living in New York.

* The customer himself went by different names or aliases.

How to Prevent and Detect Theft

When the conditions conducive to fraud are understood, it is possible to institute a control environment and put in place specific controls designed to prevent and discover management theft. The control environment and specific controls that should be implemented to prevent and detect fraud include those listed in Exhibit 1.

Furthermore, audit procedures should also be designed and implemented to prevent and discover theft by management. These procedures should include the following:

* Question and document business purpose of significant transactions.

* Obtain specific third-party confirmations.

* Identify and document support for related-party transactions.

* Obtain independent valuations and appraisals of cassets.

* Investigate cash transfers, especially dealing with related parties.

In assessing credit risks, lenders in turn should take appropriate steps to satisfy themselves that the proper control environment and specific controls are in place.

Fraudulent Financial Reporting

Fraudulent financial reporting can and does take myriad forms. Nevertheless, there are also recurring or basic patterns of fraudulent financial reporting that are associated with particular industries. Accordingly, it is important for a lender to understand the type of fraudulent financial reporting associated with a particular industry, so as to be in a position to evaluate the specific nature of the risks. The industries used for illustration purposes below are construction, retail, technology and Internet and financial services.

Industry-Specific Patterns of Fraudulent Financial Reporting

The types of fraudulent financial reporting associated with these particular industries, the methods by which the fraudulent financial reporting is perpetrated and certain of the basic audit procedures designed to address the risk of fraud are set forth in Exhibit 2.

Construction

In the construction industry, fraudulent financial reporting typically involves misuse of the percentage-of-completion accounting method. The reason that percentage-of-completion accounting lends itself to manipulation, like many of the other areas discussed below, is because it requires estimation and judgment on the part of management rather than a fixed or readily quantifiable amount. Specifically, it requires management to make an accurate estimate of the projected costs to complete long-term construction projects and to determine the percentage of completion to date for purposes of recognizing revenue using the percentage-of-completion method. Thus, there is the opportunity for dishonest management that is under pressure to meet earning targets to knowingly underestimate the cost to complete and/or to exaggerate the percentage of completion on projects in order to inflate revenue recognition.

Some of the key factors in preventing and detecting manipulation or misuse of percentage-of-completion accounting are good controls over the estimation process, physical inspection of the project site to verify the percentage of completion, interviewing the project managers about the percentage of completion and the cost to complete and obtaining independent verification from outside experts.

Retail

In the retail industry, most accounting frauds involve some type of manipulation of inventory. The PharMor case2 is a leading example of a retail accounting fraud based on manipulation of inventory records. Before its bankruptcy, Phar-Mor was a drugstore chain that operated 300 stores and had reported sales of $3 billion in 1992. The massive $500 million accounting fraud orchestrated by Phar-Mor's CEO, Mickey Monus, which was the largest financial statement fraud ever disclosed in the United States at the time, consisted of recognizing revenues before they were earned, overstating accounts receivable, understating expenses, overstating fixed assets and overstating gross margins. All of these misstatements were concealed by the intentional overstatement of store inventory balances. Phar-Mor's CFO and accounting staff actively participated in the fraud by making hundreds of manual entries each quarter to the general ledger to reclassify what were basically expenses into the various store inventories. The false entries were therefore spread out through hundreds of items of inventory, such as bins of toothpaste, in hundreds of stores.

Certain of the basic types of audit procedures designed to prevent and detect this type of fraud include reviewing manual journal entries for unusual items and reconciling individual store balances with the general ledger.

Technology and Internet

In the technology and software industry, alleged fraudulent financial reporting invariably involves issues of revenue recognition on sales. There have been a series of class-action cases alleging securities fraud over the past few years, all of which have focused on the issue of recognizing revenue from sales before transactions are final or what the court in the MicroStrategy case colloquially referred to as: "Don't count your chickens before they hatch."3

In these cases, the fact pattern typically involves recognizing revenue on contracts that are not yet signed, where the goods are shipped on consignment and there is a right of return or services remained to be performed, such as customizing or upgrading the software product. In some cases, revenues are inflated by snipping goods to distributors, which were never ordered, or what is known as channelstuffing. In the particularly flagrant and well-known case of MiniScribe,4 revenues were created by shipping boxes of bricks instead of computer drives. Miniscribe bought a load of bricks, packed them into boxes, shipped the bricks to a phony customer's warehouse and reported the shipment as sales on its financial statements.

In these types of cases, some of the recurring signals or red flags of fraud are large transactions near year-end or quarter-end as well as inconsistent cash flow with the level of reported revenues. Some of the auditing procedures that are designed to identify this type of fraud are confirming the specific contract terms with the customer, confirming account receivable balances and observing the shipping cutoff.

Also in the dot.com world, fraudulent financial reporting is typically based on inflating revenues, since the key to raising funding and going public has been the ability to show revenue growth. In a series of cases, companies have tried to manufacture certain categories of revenue through barter transactions or three-party transactions known as "round-tripping. "

A good example of this kind of case is the homestore.com case.5 Homestore was an online real estate firm that would trade services with another company for advertising on Homestore's Web site at greatly inflated values. In economic terms, the transaction is effectively a wash, but Homestore would recognize the revenue and classify it as revenue from advertising. Homestore was also alleged to have entered into round-tripping transactions involving AOL and start-up companies looking to go public, in which Homestore would buy products or services from the start-up company that it did not need at inflated values in return for advertising on Homestore's Web site, for which AOL would be paid a sales commission. These cases, therefore, typically involve the misclassification or miscategorization of the source of revenues to provide the appearance on the company's financial statements that revenue is being generated in the desired category.

Financial Services

In the financial markets, fraudulent financial reporting typically involves so-called rogue traders who fail to close trades to avoid booking losses; losses continue to mount or the traders exceed their trading limits. Certain of the audit procedures designed to address those risks include searching for unmatched trades or unsettled trades, testing controls for enforcement of trading limits and extending confirmation procedures with trading counterparties.

The potential for fraudulent financial reporting also exists in all circumstances that involve the exercise of management judgment in valuing key assets on the balance sheet, whether it be the value of a residual interest in a portfolio of securitized mortgage loans or the value of an intangible asset, such as a film library, or the value of intellectual property, such as patents.

For example, within the banking industry, there were a series of lawsuits during the late 1990s alleging fraudulent financial reporting in connection with the bankruptcies of issuers of mortgagebacked or asset-backed securities. These bankrupt companies were typically engaged in the business of purchasing bundles of mortgage loans and then securitizing the loan portfolios and selling the securities to investors. The main asset on the issuer's balance sheet was the residual value of the securitized loan portfolio. To determine that valuation, management had to make a number of critical assumptions, in particular the discount rate that should be used, the rate of default and the rate of prepayment on the underlying basket of loans. Thus, the potential for fraudulent financial reporting exists because management is required to make estimates and judgments of projected default and prepayment rates for purposes of determining the residual value of the loan portfolio on the balance sheet.

The most notorious case of accounting fraud in this area is the First National Bank of Keystone case.6 Keystone was a small community bank located in an economically depressed coal mining region of West Virginia that was engaged on a very large scale in the sophisticated financial practice of securitizing subprime mortgages. Keystone was closed in 1999 by the office of the Comptroller of the Currency after regulators were unable to account for some $515 million of the $1.1 billion in assets recorded on Keystone's books. To thwart the investigation, the vice president of the bank buried several dump truck loads of documents and microfilm in her backyard with the dump truck openly moving through the town. The examiners discovered through direct verification with Keystone's loan servicers that $515 million in loans carried on the bank's books were not owned by the bank. The chairman of Keystone and senior executives involved in the fraud were convicted or pled guilty to counts of fraud and conspiracy and were sentenced to prison terms of up to 16 years.

Accordingly, the risk of fraud can only be evaluated in the context of understanding the risks and patterns of fraudulent financial reporting associated with a particular industry. Lenders should identify the areas that provide opportunity for management to engage in accounting fraud by exercising judgments.

Signals or Red Flags of Fraudulent Financial Reporting

In addition to understanding how fraud occurs within an industry, lenders should be alert to the symptoms or indicia of fraudulent financial reporting. Here again, certain signals of accounting fraud tend to recur in cases across the board and include the following:

* Persistent cash shortage and failure to pay bills when due

* Diminishing income or sales

* Growing inventories, accounts receivable and accounts payable, each of which is inconsistent with the business's revenue size and direction

* Creation and classification of suspense items in the accounting records

* Extensive "cleaning up" of account balances by journal entries at fiscal year-end

* Late or incomplete monthly financial reporting

* Recurring recommendations by auditors or consultants for improvement in systems, personnel, policies and procedures

* Increased aging or write-offs of accounts receivable

* Holding vendor checks for mailing outside the established system for paying bills

* The inability to contrast and match up reported financial information with known physical characteristics of the business because of business size, the form of presentation of the financial information or the physical movement of business assets at a faster pace than the reporting systems can gather and report

By understanding how accounting fraud is committed, the signals or red flags indicative of fraudulent financial reporting and the basic audit procedures designed to prevent and discover certain types of fraud, lenders can develop and apply more effective measures for assessing credit risk. In general, these measures for assessing credit risk should include the following:

* Require new and established customers to provide useful financial information.

* Look for trends, unusual fluctuations in numbers, management style, signs of cash problems, financing troubles, etc.

* If possible, use the customer's accounting department to assist in analysis.

* Use any leverage with the customer to get information.

* Communicate with sales and accounting.

* Aim to rate the customer's control environment and integrity.

* Use these ratings to negotiate terms of loan.

Conclusion

Lenders can significantly enhance their ability to evaluate financial statements and financial information in order to assess the risks and likelihood of fraud. It is important to understand how the control environment as well as specific controls and audit procedures are designed to prevent and uncover fraud. Loan officers can then seek and obtain information that addresses whether or not the overall control environment and specific controls and audit procedures are in place to provide adequate safeguards against accounting fraud.