Five-Step Approach to Fraud Detection: #2 Know the Symptoms of Occurrence
April 2010
The Five-Step Approach to Fraud Detection
is a strategy I use to detect fraud in any area, and a template I provide to
company executives and managers when helping them establish control systems
designed to detect frauds in their day-to-day operations. This is the second
in a series of articles in which I will demonstrate how you can apply this strategy
to your own environment.
by
Scott Langlinais
Langlinais
Fraud and Audit Advisory Services
Here is the Five-Step Approach:
- Know the Exposures
- Know the Symptoms of Occurrence
- Be Alert for Symptoms and Behavior Indicators
- Build Audit Programs/Detective Processes To Look for Symptoms
- Follow through on All Symptoms Observed
Step one halts most people because if you have no idea what can go wrong
in your area, the rest of the strategy collapses. This continues a series of
articles in which I will walk through some very common and dangerous frauds
that affect all organizations, regardless of industry, to help you understand
how to apply the strategy to create an environment hostile towards fraud.
Risk: Revenue Manipulation
By this we mean when executives and managers manipulate revenues around a
period end to craft an earnings figure that is more in line with either stakeholder
expectations or their compensation stipulations. Whether I am performing a tactical
review of an area or discussing fraud-prevention strategy with executives, I
always begin with a "What Can Go Wrong" list, in which I list potential perpetrators
and fraud acts. Considering the risk of executives managing earnings relative
to revenues, here are a few good examples of what can go wrong.
-
The executive team directs Finance and Accounting to recognize revenues
on contracts that were not completed and signed as of a period end. After
the deals are signed, they are back-dated to the previous reporting period.
-
To hit their revenue target for the quarter, an account manager on an
ongoing project makes a covert agreement with the customer: the manager
will provide a favor or free services if the customer accepts the invoice
3 months early. The manager tells the customer not to pay the invoice until
ready but fails to tell their Accounting Department about the arrangement.
Therefore, Accounting recognizes the revenues when they see the invoice
sent, which is in the wrong reporting period, and fails to account for the
cost of the favor or free services the manager is providing.
-
Executives fail to close enough deals to make their projections. However,
they record the sales in the current quarter anyway because they believe
the deals will close in the first couple of weeks of the following quarter.
They direct the shipping department to load the items on a truck, send the
truck off site, and instruct the driver to wait a few days before delivering
the products to the customer, so they can "prove" they shipped the goods
and recognized the revenues in the same period.
-
An executive directs that legitimate sales be held in backlog (a "rainy
day fund") until they are needed in a future quarter.
Typically, my What Can Go Wrong documents for a particular area will list
at least two or three dozen frauds stated in a single sentence or two. It is
important to list both the perpetrator and the fraud act when you create your
own exposure lists. Resist the urge to eliminate the perpetrator; their inclusion
in your list brings the fraud to life and gives your list a sense of action.
Earnings management frauds such as these are perpetrated by high-level folks,
and can result in millions of dollars in fines by the Securities and Exchange
Commission (SEC) and severe market damage. MicroStrategy's executives learned
this in 2000 when the SEC brought civil charges against the company's executives
for improper revenue recognition. The top three executives were ordered to pay
a total of $11 million in fines and penalties to the SEC, while the company's
stock price plummeted from $260 per share to $86 in a single day of trading
and continued to decline thereafter.1
Too often we focus on the easy targets—the clerk in the corner rather than
the company's rainmakers. But your most dangerous frauds will be those perpetrated
by executives, so be sure to include them as potential perpetrators.
Symptom Identification
The next step in the process is to list the symptoms, or what these frauds
would look like in the books and records. Here is a short list derived from
the frauds listed above—you are likely to come up with many more.
-
There is a flurry of deals booked on the last day of a reporting period,
particularly in the evening.
-
A contract has been physically altered, and appears to be back-dated.
-
Some sales are reversed or voided, or a significant amount of products
are returned, in the first few days after a period end, or just after the
auditors leave.
-
A disproportionate number of delinquent/uncollectible invoices to customers
relative to the total population of delinquencies are from invoices which
bear a date such as March 31, or June 30—just before a period end.
-
An e-mail exchange exists between a customer and one of your account
managers which covertly alters the terms of the contract.
-
The revenue recognition period differs from the period in which the contract
was signed.
-
A shipment straddling a period end takes an unreasonable amount of time
to reach the customer.
You will notice that I did not list a single control weakness. A control
weakness is not a symptom of fraud. Just because a control is present does not
mean a fraud is not occurring. Conversely,
just because a control is absent does not mean a fraud
is occurring. Likewise, just because someone
smokes does not mean they have lung cancer, and just because they do not smoke
does not mean their lungs are clear. A doctor must look for the symptoms, as
should we.
Build Audit Programs/Detective Processes To Look for Symptoms
This is the last step I will discuss in the five-step approach to fraud detection;
the other two are self-explanatory. If you perform audits, your step here is
to include symptom detection in your audit programs. Auditors: look for symptoms
of fraud! Quit looking for approval signatures and thinking your work is done;
every fraudulent disbursement or expense report I have seen in my career had
an approval signature on it. This does not mean someone approved the frauds,
it just means the approver failed to pay attention, did not take their authority
seriously, did not have time to properly review the item, or did not understand
(or care about) what they should have been looking for.
If you manage an operational or finance/accounting unit, then design processes
to detect symptoms. Managers generally understand how to establish preventative
controls: approval signatures for checks over a certain amount, requiring original
receipts on expense reports, three-way matching approved purchase orders to
invoices to packing slips. But managers are not so good at establishing processes
to detect frauds after the perpetrator has run the gauntlet of front-end controls.
It is like a rancher who builds a fence around his livestock but has no way
to catch the thief who has jumped the barrier.
Following are some audit tests/detective processes designed to catch the
symptoms listed above. In each of these cases, you will need to ensure proper
documentation exists around the sale, including a contract dated in the same
period as the revenue recognition. Also—this is an important procedure—confirm
the sale and terms with the customer, by phone, not by boilerplate letter or
e-mail.
-
Using system queries or data analysis software such as Idea®, stratify
sales by date, and look for a spike in sales just before a period end. Working
backwards from the period-end date, select large sales for testing.
-
Extract large or round sum sales that were voided or reversed just after
a period end, and test those transactions.
-
Analyze invoices which are very delinquent (i.e., over 90 days), and
determine whether a disproportionate number (and amount) of those invoices
were originally issued just before a period end.
-
Analyze product returns and reasons for the returns, and determine whether
a disproportionate number (and amount) of those products were shipped just
before a period end.
-
Consider an e-mail search of account managers whose deals demonstrate
a high percentage of reversal, delinquency, or any of the other symptoms
listed above. Seek side deals with customers documented in the e-mail.
Of course, the descriptions of these tests are too general to properly implement,
but they should provide you with an idea about how to construct detective procedures
within your own environment. Good luck in discovering symptoms of earnings management!
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author's employer or IRMI. Expert Commentary articles
and other IRMI Online content do not purport to provide legal, accounting, or other
professional advice or opinion. If such advice is needed, consult with your attorney,
accountant, or other qualified adviser.