Modern awareness of occupational fraud has its inception with the formation of the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) in 1985. Occupational fraud can be defined as the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organizations resources or assets. This definition includes asset misappropriation schemes, corruption, and financial statement frauds. In response to a spate of high-profile financial statement frauds including Enron, WorldCom, and Tyco, the Sarbanes-Oxley Act of 2002 (“SOX”), alternatively known as the Public Company Accounting Reform and Investor Protection Act, was signed into law. Although not in response to these frauds, the Auditing Standards Board issued Statement on Auditing Standards No. 99 (“SAS 99”), Consideration of Fraud in a Financial Statement Audit, in 2002. While one would like to believe that the heightened awareness of occupational fraud, the enactment of SOX, and the implementation of SAS 99 would deter financial statement frauds, the evidence indicates that it just is not so.
In 1992, COSO released its initial report, Internal Control –An Integrated Framework. This project assimilated various concepts regarding internal control into one document. It remains a starting point for designing and assessing effective systems of internal control. SOX and SAS 99 build on the concepts contained in the COSO report to focus attention on the prevention and detection of fraud. SOX puts the burden of accountability for financial statement fraud on the boards of directors and management of publicly-traded companies. SAS 99 expanded the scope of procedures and emphasized the assessment of fraud risk as part of a financial statement audit. Specifically, SAS 99 highlighted the risk of management overriding internal controls while perpetrating frauds.
Several studies have been performed over the last fifteen years relating to occupational fraud in general and financial statement fraud in specific. These studies shed light on whether progress is being made to curtail financial statement fraud. COSO issued two studies, Fraudulent Financial Reporting 1987-1997 and Fraudulent Financial Reporting 1998-2007. These studies examine publicly-held companies. Since 1996, The Association of Certified Fraud Examiners (“ACFE”) has presented a biennial Report to the Nations on Occupational Fraud and Abuse. These reports include frauds at publicly-held companies, privately-held companies, non-profit organizations, and governmental entities. Finally, COSO issued two reports in 2010 on enterprise risk management (“ERM”), Board Risk Oversight – A Progress Report and COSO’s 2010 Report on ERM. ERM includes all business risks, not just occupational fraud. These ERM studies include publicly-held companies
Salient observations from COSO’s Fraudulent Financial Reporting 1998-2007, include the following:
· There were 347 alleged cases of fraudulent financial reporting, versus 294 from COSO’s previous study.
· The median loss increased from $4.1 million in the first study to $12.1 million more recently.
· The Securities Exchange Commission named the chief executive officer and/or the chief financial officer for involvement in 89% of the frauds (as compared to 83% in the earlier study).
· There was little difference in the composition and character of the boards of directors for victim companies versus non-victim companies.
· Companies with fraudulent financial statements were twice as likely as companies with reliable financial statements to change external auditors before or during the fraud.
Significant findings on financial statement fraud from ACFE’s 2010 Report to the Nations are as follows:
· Median loss for companies in the United States is $1.7 million.
· The median duration for the frauds is 27 months.
According to the 2010 Report to the Nations, fewer than 5% of all frauds are initially detected by external audit. Furthermore, survey respondents estimated that the typical business enterprise loses 5% of its annual revenue to fraud. Applied to Gross World Product, fraud potentially causes losses in excess of $2.9 trillion.
Key findings from COSO’s Board Risk Oversight – A Progress Report are as follow:
· 47% of the directors noted that improvement is necessary in their ERM.
· 87% of the directors believe that improvement is necessary specifically in the monitoring of the risk management process.
· 86% of directors indicated that their ERM is inadequately resourced.
Observations from COSO’s 2010 Report on ERM include the following:
· 72% of executives responded that improvement in ERM was needed.
· Over half of the organizations have not established a board subcommittee to oversee ERM.
· 60% of the organizations performed ERM on an informal or ad hoc basis in specific areas with no ERM applied company-wide.
Considered in the aggregate, the results of these surveys should be alarming. Financial statement fraud is up in the last decade versus the preceding decade. Top executives are involved in almost 90% of financial statement frauds. The typical financial statement fraud occurs for over two years before detection. Fewer than 5% of occupational frauds are discovered by external auditors. Less than half of publicly-traded companies have board subcommittees assigned to risk management. A majority of executives believe that improvement is required in ERM and that inadequate resources have been designated for the process. SAS 99’s emphasis on management override has not resulted in effective detection of financial statement frauds perpetrated by high-level executives. SOX’s mandate to make executives and directors responsible for the prevention of financial statement fraud has not succeeded. Senior executives are the primary perpetrators and directors have not developed reliable risk management systems.
The results of these surveys point up the expectation gap that auditors face. Owners and third party users of financial statements generally expect the auditor to detect all fraud. Auditors need to bring healthy doses of professional skepticism to their work. In addition, they need to focus on fraud risks and specifically investigate those areas that benefit executives (e.g., incentive compensation plans and debt covenants). Rigorous analytic review procedures that tie income statement and balance sheet accounts together should be designed. Finally, if earnings don’t translate into cash flow to equity, further investigation is warranted. Almost a decade after SOX and SAS 99, we expected to see improvement in fraud detection and prevention. For now, we appear to be no better than we were before Enron and WorldCom.
No comments:
Post a Comment