Chapter 7 Test For Forensic Accounting & Fraud Examination, 1 E Mary-jo Kranacher Isbn-10; 047043774x Wiley 2010

Transcript

Forensic Accounting By Mary-Jo Kranacher, CPA/CFF, CFE Chapter 7 Fraud Detection: Red Flags and Targeted Risk Assessment LEARNING OBJECTIVES 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 7-10 Describe management’s primary responsibilities. Discuss methods used to address management override and collusion. Define the ‘‘expectations gap.’’ Describe the role of the external auditor in the financial reporting process. Explain the concept of materiality. Compare and contrast earnings management and fraud. Recognize red flags for fraud. Identify behavioral red flags. Explain what is meant by an anomaly and give examples of certain types of anomalies. Discuss the components that frame the fraud risk assessment process. True/False Answer: 7-T/F #1. Management must design, implement, and maintain internal controls and financial reporting processes to produce timely financial and nonfinancial information that reflects the underlying economics of the business. T Answer: 7-T/F #2. Management need not develop a methodology to measure their performance since this is done with the released annual financial statements. F Answer: 7-T/F #3. In very few cases will a company fall under the purview of more than one set of regulations or taxing authorities influences. F Answer: 7-T/F #4. Even though independent auditors are “independent,” management is still responsible for cooperation in order for them to complete their work. T Page 1 of 17 Answer: 7-T/F #5. “One-time” transactions of large values should be scrutinized to ensure they have an appropriate underlying business rationale because generally such transactions will be fraudulent. F Answer: 7-T/F #6. An independent auditor’s “adverse” opinion on financial statements indicates the auditors have completed their work and are concerned with the “going concern” aspects of the audited entity. F Answer: 7-T/F #7. FASB 2 defines materiality as the “magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement.” T Answer: 7-T/F #8. Illegal acts have materiality thresholds and require that auditors pay close attention to their nature and corresponding consequences to the company. F Answer: 7-T/F #9. Earnings management below a threshold value may be judged immaterial. T Answer: 7-T/F #10. Most audit committees have the authority to investigate any matters within the scope of their responsibility, including internal control deficiencies, concerns about the financial reporting process, suspected corruption, and alleged illegal acts. T Answer: 7-T/F #11. A major difference between auditors and fraud examiners is that most auditors match documents to numbers to see whether support exists and is adequate, whereas fraud examiners determine whether the documents are real or fraudulent.. T Answer: 7-T/F #12. The company should communicate its expectations and commitment to honest and ethical behavior to vendors, suppliers, customers, contractors, and others who do business with the organization. T Page 2 of 17 Answer: 7-T/F #13. Common tipsters for fraud are employees, co-workers, managers, and outside colleagues who interact with the fraudster daily, weekly, or monthly. T Answer: 7-T/F #14. Unusual behaviors such as irritability or the inability to relax are examples of analytical anomalies.. F Answer: 7-T/F #15. Most of a company’s information systems feed directly into the general ledger and other aspects of the accounting system. F Answer: 7-T/F #16. CAATTS (computer-aided auditing tools and techniques) are used primarily to select samples and detect collusion . F Answer: 7-T/F #17. The first step in the ten-step approach to targeted fraud risk assessment is “Identify the business processes and consider differences in those processes in foreign operations, as well as between subsidiaries and decentralized divisions.” F Answer: 7-T/F #18. Data mining software such as Access, ACL, or IDEA allow a large amount of data to be evaluated quickly for symptoms of fraud and provide evidence of the fraud act or concealment of the fraud.. T Answer: 7-T/F #19. A fraudster, aided by the digital age, can easily minimize the amount of information captured concerning his nefarious activities. F 7-T/F #20. Electronic storage Answer: of entity financial and nonfinancial records is expensive and access to the information in data warehouses is limited to data mining activities. F Multiple Choice 7-M/C #1. The Statement of Auditing Standards (SAS) No 1 states (select the most correct answer): Page 3 of 17 A. B. C. D. Answer: management is responsible for adopting sound accounting policies and for establishing and maintaining internal control consistent with management’s assertions embodied in the financial statements. management is responsible for adopting sound accounting policies which will result in adequate protection of entrusted assets. management is responsible for adopting sound accounting principles which will result in accurate and proper financial statements. management is responsible for adopting sound internal control policies which will protect entity assets from reasonable loss and damage. A Answer: 7-M/C #2. Overall, management must design, implement, and maintain: A. an internal controls program to protect entity assets, liabilities, and owners’ equity. B. internal controls and financial reporting processes to produce timely financial and nonfinancial information that reflects the underlying economics of the business. C. an accounting system that is in full compliance with U.S. GAAP accounting principles. D. All of the choices are correct. C Answer: 7-M/C #3. In a collusive environment: A. management is responsible for all acts of fraud. B. the fear of detection is usually more than adequate to stop fraud by senior management. C. internal and external auditors must design procedures to detect such activity. D. All of the choices are correct. C 7-M/C #4. In searching for breakdowns of internal controls by collusion and fraud, auditors: A. should check all journal entries made on holidays, weekends, and late at night. B. should discuss with employees any journal entry which has been made to reduce liabilities or increase owners’ equity. C. should verify all journal entries and values associated with consolidations which resulted for work within spreadsheets. D. should obtain an understanding of the internal control processes regarding journal entries and other adjustments. Page 4 of 17 Answer: D 7-M/C #5. A. B. C. Answer: D. A With regard to the review of accounting estimates: prior years’ estimates should be examined for consistency. significant changes in estimating procedures are prohibited. the concealment of fraud through estimates is hard since all estimates can be directly tied to the individual responsible for them. All of the choices are correct. Answer: 7-M/C #6. The public perception of independent auditors, particularly with regard to asset misappropriation, corruption, and misstated financial statements, is that: A. independent auditors have overcome the “expectations gap.” B. an independent auditor’s responsibility is to provide reasonable assurance that the financial statements are free from material misstatement whether by error or fraud. C. independent auditors are responsible for fraud detection. D. audited financial statements are free of estimates and misstatements. C Answer: 7-M/C #7. An auditor’s opinion of: A. “unqualified” indicates that there are major problems with the financial statements presented by management. B. “unqualified” indicates that the independent auditors believe the financial statements presented by management are fairly presented. C. “qualified” indicates that the independent auditors believe the financial statements presented by management meet the guidance of U.S. GAAP. D. All of the choices are correct.. B Answer: 7-M/C #8. As a result of its significant concern with financial statement fraud, the accounting profession responded in 2002 with: A. SAS No. 1 – Consideration of Fraud in a Financial Statement Audit. B. SAS No. 99 – Consideration of Fraud in a Financial Statement Audit. C. the creation of the Public Company Accounting Oversight Board (PCAOB). D. guidance to overcome the “expectation gap” held by the public. B 7-M/C #9. The difference between fraud and errors is: A. the materiality of the value involved. Page 5 of 17 Answer: B. C. D. B intent of those involved. whether it affects owners’ equity or not. All of the choices are correct. Answer: 7-M/C #10. Fraud can be committed by: A. intentional misapplication of accounting principles that guide the disclosure of financial information. B. omission of events, transactions, or other significant information in the notes related to the financial statements. C. alteration of the underlying accounting data. D. All of the choices are correct. D Answer: 7-M/C #11. SAS No. 99 lists several steps in considering the risk of fraud in a financial statement audit. All of the following are correctly stated except: A. Auditors must brainstorm with the key personnel of both the internal and independent audit teams to plan a strategy to detect fraud. B. Auditors must evaluate the audit evidence throughout the audit and respond to any identified misstatements. C. Auditors must determine the types of fraud risks that exist. D. Auditors are required to report all fraud to an appropriate level of management. A Answer: 7-M/C #12. Materiality is relative. As such: A. the amount of stockholders’ equity is used as a base. B. the type of account and its related financial statement plays an important role in materiality. C. net income is more critical than total revenues or total expenses. D. materiality threshold values should be increased where management barely qualifies for bonuses and other short-term compensation. B Answer: 7-M/C #13. Earnings management may: A. increase current period net income. B. decrease current period net income. C. may involve “consuming” prior period reserves for current period performance. D. All of the choices are correct. D Page 6 of 17 Answer: 7-M/C #14. Accounting principles and policies: A. were designed to provide some degree of choice to management. B. are”one-size-fits-all” to ensure comparability between companies. C. preclude using GAAP compliant alternatives to manage income. D. None of the choices are correct. A Answer: 7-M/C #15. The primary responsibility to oversee management and direct the internal audit and the external auditor with regard to the organization’s internal controls over financial reporting and the company’s internal control processes rests with the: A. external audit committee. B. independent auditors. C. president/CEO. D. board of directors and/or the audit committee if one exists. D Answer: 7-M/C #16. Audit committees generally have the right to all of the following except: A. retain legal counsel, investigators, and forensic accountants. B. take testimony of employees under oath. C. retain nonauditor accountants. D. retain other professional advisors as necessary to carry out their duties. B Answer: 7-M/C #17. The main deterrent for fraud in the corporate environment: A. remains the internal audit team. B. remains the external audit team. C. is the threat of getting caught. D. is the effectiveness of the SEC and FBI investigators. C Answer: 7-M/C #18. As related to operations, the internal auditors evaluate: A. division profitability. B. product line profitability. C. segment profitability. D. All of the choices are correct. D 7-M/C #19. Upon discovering fraud, internal auditors: Page 7 of 17 A. B. C. D. Answer: Answer: must fully investigate it and determine perpetrator(s), value, damage, and recommend possible action. should only continue their investigation if the fraud is in the present or immediately previous period. have an obligation to notify management or the board of directors when the incidence of significant fraud has been established to a reasonable degree of certainty. must provide the audit committee and the board of directors with a preliminary written statement detailing the known facts and presenting reasonable suspicions as to perpetrators, values, methods, and time periods affected. C 7-M/C #20. Anomalies are: A. most often red flags that indicate fraud is present. B. part of the day-to-day operations for most companies. C. seldom seen in companies with good internal controls and procedures. D. Both “A” and “C” are correct. B 7-M/C #21. The major approaches to fraud detection are through: I. Red flags that ultimately point to problems underlying the foundation upon which transactions are recorded. II. Whistleblowers. III. Targeted risk assessment. Answer: Answer: A. B. C. D. C I and II. II and III. I and III. I, II, and III. 7-M/C #22. The first step to detecting fraud is to: A. build an internal control system. B. establish an audit committee and identify its authority. C. seek out red flag transactions and possible anomalies. D. build an understanding of the organization and the environment in which it operates. D 7-M/C #23. The second step to develop an approach to fraud detection is to: Page 8 of 17 Answer: A. B. C. D. A develop an understanding of the control environment. develop a system of internal controls. define the authority of the audit committee. identify the members of internal audit and the audit committee. Answer: 7-M/C #24. Red flags, symptoms of fraud, often go unnoticed or are not vigorously pursued because: A. there is not supporting evidence of fraud. B. the red flags are not associated with financial statement preparation. C. there are many red flags in day-to-day operations that are not fraud indicators. D. the audit committee is involved in other investigations. C Answer: 7-M/C #25. The 2008 biennial ACFE Report to the Nation: A. shows that almost half, 46.2 percent, of the frauds are detected by accident. B. shows that frauds detected or exposed by tips and accident total almost 55 percent of the frauds discovered. C. shows that tips and internal controls are the two largest identifiers for fraudulent activities. D. shows that fraud exposed by accident has increased in the last two years from 20 percent to approximately 25.4 percent. C Answer: 7-M/C #26. Some of the analytical anomalies include all of the following except: A. transactions too small or too large for normal activity. B. explained cash shortages. C. excessive purchases. D. excessive debit and credit memos. B Answer: 7-M/C #27. Journal entries of concern include: A. entries made by accounting personnel. B. entries made by members of senior management. C. routine accrual entries prepared at year-end. D. All of the choices are correct. B Page 9 of 17 Answer: 7-M/C #28. The Sarbanes-Oxley Act of 2002, in particular section 404: A. ensures that customers receive accurate and timely invoices. B. ensures that vendors are paid accurately. C. puts considerable emphasis on the system of internal controls. D. All of the choices are correct. C Answer: 7-M/C #29. Three of the various objectives of an internal control program are: A. fraud prevention, fraud deterrence, and fraud mitigation. B. fraud prevention, fraud deterrence, and fraud detection. C. fraud deterrence, fraud detection, and fraud prosecution. D. fraud elimination, fraud deterrence, and fraud mitigation. B Answer: 7-M/C #30. The foundation behind the use of nonfinancial information for fraud detection is that: A. prenumbered forms function as fraud deterrents. B. the more data available, the harder it is to conceal fraud. C. every accounting event has a quantity of units associated with it. D. the world revolves around quantities and prices. D Answer: 7-M/C #31. When using red flags as a basis for further investigation: A. each fraud will have some unique attributes. B. each fraud has common elements making identification easier. C. red flags prove of very limited value due to their massive number in dayto-day operations. D. All of the choices are correct. A Answer: 7-M/C #32. Targeted fraud risk assessment starts with: A. a hotline or anonymous tip. B. the observance of an individual living above his income. C. a solid knowledge, skill, and ability in fraud detection and investigation. D. the discovery of fraudulent documents within a particular department. C 7-M/C #33. Targeted fraud risk assessment is consistent with the PCAOB’s Auditing Standard No. 5 (AS5) which: A. requires a top down approach. Page 10 of 17 B. C. Answer: D. A requires the audit team to hold a brainstorming session at the beginning of each investigation to determine who has the ability to commit the potential fraud. requires the board of directors to review the internal controls of the entity when fraud of a material amount is detected. requires the audit committee report directly to the independent auditor. Answer: 7-M/C #34. Information systems: A. as a mechanism for fraud prevention, deterrence, and detection cannot be overstated. B. usually provide weak evidence trails due to their digital nature. C. can be used to reconstruct actual data flow of considerable value to the fraud specialist. D. generate small amounts of red flags, each of which requires further investigation. C Answer: 7-M/C #35. The key to successful fraud detection and investigation using digital tools and techniques requires: A. a systems-type approach. B. a targeted approach. C. a results-driven approach. D. access to data warehouses and data mining tools such as Access, ACL, or IDEA. B Short Answer Essay Answer: 7-SAE #1. Define the terms fraud prevention, fraud deterrence, and fraud detection and identify issues of timing. Fraud prevention is a continuous process, yesterday, today, and tomorrow focused on not allowing the three legs of the fraud triangle – pressure, opportunity, and rationalization to align at any time. Fraud deterrence is similar to fraud prevention, a continuous process, yesterday, today, and tomorrow however, rather than focused on internal factors with the fraudster, focused on environmental factors such as whistleblower hotlines, ethics programs, and internal controls. Fraud detection is after the fact and requires identification of the fraudster, the activity, the value, the timing, etc which will enable prosecution. 7-SAE #2. Provide at least five examples of typical internal control weaknesses. Page 11 of 17 Answer: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. (Answers may include weaknesses not identified here.) Typical internal control weaknesses include: Lack of segregation of duties. Lack of physical safeguards. Lack of independent checks. Lack of proper authorization. Lack of proper documentation and other records. Override of existing internal controls. Inadequate accounting system. Inadequate employee education (expectations). Reactive fraud detection approach. Inadequate surprise audits. Inadequate whistleblower opportunities and protection. Answer: Answer: 7-SAE #3. It is said the nonfinancial numbers are powerful tools for the fraud examiner. Explain why and provide examples of how. (Answers will vary but should generally follow the concept as stated in the text.) Businesses frequently deal in quantities with extended costs or price for many events. If one hundred cans of red paint are purchased for five dollars each as initial inventory, for sale at nine dollars each and eight are documented as sold, ninety-two should be remaining. If ninety-four or ninety are in the physical inventory count extended inventory values of ($5 × 92) four hundred and sixty dollars is not justified and the declaration of sales of ($9 × 8) seventy-two dollars comes under suspicion. A warehouse concept with eight part-time employees would be an issue to investigate if the site recorded (8 workers × 40 hours) three hundred and twenty hours worked each weekly pay period. 7-SAE #4. Red flags are considered trouble signs in almost any environment and yet there seem to be many red flags in normal business operations which can reduce their value in finding fraudulent activities. Explain how this may happen. (Answers will vary but should generally follow the concept as stated in the text.) The normal business events of purchasing, selling, paying creditors, and paying employees will seldom generate red flags. However, when a customer requests a credit on his account for damaged goods or the warehouse reports merchandise damaged or destroyed in a movement digital systems commonly portray these as abnormal, red flag, events. When vendors are paid late or debit memos are issued to vendors additional red flag events may be recorded. Additionally, payables that are due every thirty days starting on January 1, will be paid three times in the first, third, and fourth quarters and four times in the second quarter of a non-leap year. This additional payment may appear as a red flag. Page 12 of 17 Answer: 7-SAE #5. The fraud examiner categorizes schemes in three ways, Category 1, Category 2, and Category 3. Explain each category. Category 1—Wrongdoing perpetrated by an insider acting alone with the principal benefit to the individual (examples include simple, one-person, gardenvariety embezzlement schemes) Category 2—Wrongdoing perpetrated by more than one individual acting collusively (possibly with individuals outside the company) with the principal benefit to the individual perpetrators or the organization (examples include sophisticated asset misappropriation, corruption, and/or financial statement fraud) Category 3—Wrongdoing perpetrated by an outside third party against the organization with the principal benefit to the third party (examples include the sales of inferior goods that do not meet contract specifications) Critical Thinking Exercise A scientist has an unlimited water supply and two buckets; one holds four gallons and the other holds nine gallons. By using nothing but the buckets and water, how can she accurately measure seven gallons of water? Answer: Use the 4 gallon bucket to fill the 9 gallon bucket up to the 8 gallon mark. Fill the 4 gallon bucket up a third time and top off the 9 gallon bucket. This leaves 3 gallons in the 4 gallon bucket. Dump out the 9 gallon bucket. Dump the 3 gallons of water from the 4 gallon bucket into the 9 gallon bucket. Fill up the 4 gallon bucket a 4th time and dump all of the 4 gallons into the 9 gallon bucket. The 9 gallon bucket now has 7 gallons of water. Text Review Questions Answer: 7-TRQ #1. What are the primary responsibilities of management? Management is first and foremost responsible for ensuring that a corporation meets is strategic, operational and performance objectives. Statement on Auditing Standards (SAS) No. 1 states that “Management is responsible for adopting sound accounting policies and for establishing and maintaining internal control that will, among other things, initiate, authorize, record, process and report transactions (as well as events and conditions) consistent with management’s assertions embodied in the financial statements.” More specifically, these latter obligations require management to design and implement a system of internal controls, processes and procedures necessary to safeguard the resources of the entity and ensure relevant and reliable financial reporting. 7-TRQ #2. Generally, how is the problem of management override and collusion addressed? Page 13 of 17 Answer: Answer: Answer: Answer: Depending on the individuals involved, internal controls cannot prevent management override or collusive behavior by and among senior management. Since prevention (segregation of duties, approvals and authorizations) is not possible in a collusive environment, the principal internal control procedures will be centered on detection. The fear of detection may be an effective deterrence mechanism, but that does not eliminate the concern that traditionally designed internal control systems centered on prevention will not be effective when management override or collusion is present. Thus, internal and external auditors, fraud examiners, and forensic accounting professionals must design procedures to detect such activity. 7-TRQ #3. What is the “expectations gap”? The perception of the public, particularly with regard to asset misappropriation, corruption and misstated financial statements, is that independent auditors are responsible for fraud detection. However, an auditor’s responsibility is to provide reasonable assurance that the financial statements are free from material misstatement whether caused by error or fraud. Auditors do not examine 100% of the recorded transactions; instead, they rely on sampling a portion of the transactions to determine the probability of whether or not the transactions are recorded properly. Further, auditors also rely on high-level analytical procedures as well as interviews, inquiries, external confirmations, inspections, physical inventories and other audit procedures to determine if the financial statements are free from material misstatement. The difference between the public’s perception of the auditor’s role and the role that audit professionals actually serve has led to an “expectations gap.” 7-TRQ #4. What is the role of the external auditor in the financial reporting process? The auditor’s role is to attest to the fairness of management’s presentation of the financial information as well as the assertions inherent in the financial statements. When auditors have completed their work, they report their findings in an audit report. 7-TRQ #5. How is materiality determined? FASB 2 defines materiality as the “magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement.” Thus, the auditor must apply judgment related to materiality and that judgment has an impact on the information presented in the financial statements. Further, auditors rely not only on financial assessments, they also consider various qualitative factors such as whether they have discovered fraud in prior audits or there are Page 14 of 17 allegations of illegal acts or fraud. Generally, illegal acts have no materiality threshold and require that auditors pay close attention to their nature and corresponding consequences to the company. Answer: Answer: Answer: Answer: 7-TRQ #6. Is earnings management considered fraud? Earnings management involves deliberate actions by management to meet specific earnings objectives, generally, for private gain. There is no perfect advice for auditors and forensic accountants in this regard except that management may find itself on a slippery slope—an earnings management in one period may lead to fraud in the next. Any sign of deliberate efforts to manage earnings should be considered a red flag, and those performing the work should use their heightened sense of professional skepticism to be aware of other choices made by management, signs of management override (by carefully examining journal entries, estimates, and unusual transactions), and signs of collusion among the executive ranks. Managing earnings can be fraud, whether or not material. The primary issue is whether the independent auditor or forensic accountant has clear and convincing evidence that demonstrates that earnings have, in fact, been managed. 7-TRQ #7. What are some red flags that may indicate that fraud is occurring? The red flags that can lead to a formal fraud investigation include tips and complaints, behavioral red flags, analytical anomalies, accounting anomalies and internal control irregularities and weaknesses. 7-TRQ #8. What is meant by behavioral red flags? Behavioral anomalies are exhibited in lifestyles and unusual behaviors. Lifestyle symptoms can be observed through cars, homes, boats, jewelry, clothing and other material possession of which they could not or should not be able to afford. Also, the fear of getting caught and the ramifications associated with that cause the person to exhibit unusual behaviors. The underlying cause may be guilt or fear but either way, stress is created. That stress then causes changes in the person’s behavior. Such changes include insomnia, alcohol abuse, drug abuse, irritability, paranoia, inability to relax, inability to look people in the eye, signs of embarrassment, defensiveness, argumentativeness, belligerence, confession to a trusted confidant, pointing failure at others (scapegoats), (excessive or starting) smoking and other anxiety-based symptoms. 7-TRQ #9. What are the similarities and differences between analytical and accounting anomalies? Anomalies are based on patterns or breaks in patterns. Analytical anomalies are transaction or financial statement relationships that do not make sense, such as: Page 15 of 17            Unexplained cash shortages Unexplained inventory shortages Deviations from specifications Increased scrap Excessive purchases Too many debit memos Too many credit memos Significant unexpected changes in account balances Excessive late charges Unreasonable expenses Unusual expense reimbursements Accounting anomalies are unusual activities that seem to violate normal expectations for the accounting system. For example, a fraud examiner may notice transactions being recorded in odd ways or at odd times during the month. Some irregularities in documentation may include:  Missing documents  Old items being carried on bank and other account reconciliations from one period to the next period  Excessive voids or credit memos  Common names, addresses or phone numbers of payees or customers  Names, addresses or phone numbers that are the same as those of employees  Increases in past due accounts receivables  Increases in the number and amount of reconciling items  Alterations on documents  Duplicate payments  Second endorsements on checks  Breaks in check, invoice, purchase order and other document number sequences  Questionable handwriting  Photocopied documents Answer: 7-TRQ #10. What are the main components of the fraud risk assessment process? An overview of the fraud risk assessment process includes the following components: Page 16 of 17     Evaluate the fraud risk factors Identify possible fraud schemes and scenarios Prioritize individual fraud risks Evaluate mitigating controls for those fraud schemes that are reasonably possible or probable of occurrence and are more than inconsequential or material. Page 17 of 17