Category Archives: Conducting Internal Investigations

Fraudsters, All Too Human

Our certified Chapter members often get questions from clients and employers related to why a fraudster who’s victimized them did what he or she did. Examiners with the most experience in the process of interviewing those later convicted of fraud comment again and again about the usefulness to their overall investigation of a basic understanding of the fraudster’s basic mind set. Such knowledge can aid the examiner in narrowing down the preliminary pool of suspects, and, most importantly, assist in gaining an admission in a subsequent admissions seeking interview. ACFE experts regard fraud (and the process of interviewing) primarily as human constructs, and especially within the content of the interview process, to be able to tie in the pressure that the individual might have been under (as they perceived it) to the interview process; to understand that individual with regard to their rationalization as they were able to affect it, significantly increases the possibility of getting the compliance and cooperation that the examiner wants from the interviewee.

During your investigation, it’s important to remember that people do things for a reason. The fraud examiner might not understand the reasons a fraudster commits his or her crime, but the motivations certainly make sense to the perpetrator. For example, a perpetrator might commit fraud because her life has spiraled out of control, although it might not be out of control under a objective, reasonable person’s definition. But in the perpetrator’s view, her life has become so problematic that fraud is the only way she can see to restore balance. And during the fraud examination, if the examiner can get the suspected perpetrator to talk about the lack of control in her life, the examiner can often use this information to compel the fraudster to admit guilt and provide valuable insight into ways that similar frauds might be prevented in the future.

As a continuation of this line of thought, the examiner should consider possible human motives when examining evidence. Motive is the power that prompts a person to act. Motive, however, should not be confused with intent, which refers to the state of mind of the accused when performing the act. Motive, unlike intent, is not an essential element of crime, and criminal law generally treats a person’s motive as irrelevant in determining guilt or innocence. Even so, motive is relevant for other purposes. It can help identify the perpetrator; it will often guide the examiner to the proper rationalization; it further incriminates the accused, and it can be helpful in ensuring successful prosecution.

The examiner should search relevant documents to determine a possible motive. For example, if a fraud examiner has evidence in the form of a paycheck written to a ghost employee, she might suspect a payroll employee who recently complained about not receiving a raise in the past two years. Although such information doesn’t mean that the payroll employee committed fraud, the possible motive can guide the examiner.

ACFE experts also agree that interviewers should seek to understand the possible motives of the various suspects they encounter during an examination. To do this, interviewers should suspend their own value system. This will better position the interviewer to persuade the suspect(s) to reveal information providing insight into what might have pressured or motivated them and how they might have rationalized their actions. In an interview situation, the examiner should not suggest reasons for the crime. Instead, the examiner should let the individual share his motivations, even if the suspect reveals her motivations in an indirect manner. So when conducting an interview with a suspect, the interviewer should begin by asking questions about the standard procedures and the actual practice of the operations at issue. This is necessary to gain an understanding of the way the relevant process is intended to work as opposed to how it actually works. Additionally, asking such basic questions early in the interview will help the interviewer observe the interviewee’s normal behavior so that the interviewer can notice any changes in the subject’s mannerisms and word choice.

Always remember that there are times when rational people behave irrationally. This is important in the interview process because it will help humanize the misconduct. As indicated above, unless the perpetrator has a mental or emotional disorder, it is acceptable to expect that the perpetrator committed the fraud for a reason. Situational fraudsters (those who rationalize their right to an illegal enrichment and perpetrate fraud when the opportunity arises) do not tend to view themselves as criminals. In contrast to deviant fraudsters, who are more proactive than situational fraudsters and who are always on the alert for opportunities to commit fraud, situational fraudsters rationalize their crimes. Situational fraudsters feel that they need to commit fraud to regain control over their lives. Thus, an interviewer will be more likely to obtain a confession from a situational fraudster if she can genuinely communicate that she understands how anyone under similar circumstances might commit such a crime. Genuineness, however, is key. If the fraudster in any way detects that the interviewer is presenting a trap, he generally will not make any admission of wrongdoing.

So, in your examinations, never lose sight of the human element; that by definition, fraud involves human deception for personal gain. Why do people deceive to get what they want, or in some cases, what they need? Most humans commit deceptive acts to protect themselves from various consequences of the truth. Avoiding punishment is the most common reason for deception, but there are other reasons, including to protect another person, to win the admiration or respect of others, to avoid embarrassment, enjoy the thrill of accomplishment and to avoid hard work to achieve goals. When people feel that their self-security is threatened, they might resort to deception to preserve their image. Further, people can become so engaged in managing how others perceive them that they become unable to separate the truth from fiction in their own minds.

The ability to sympathetically cast oneself into the human situation of others is one of the most valuable skills that a fraud examiner can have in our efforts to determine the truth.

Then & Now

I was chatting over lunch last week at the John Marshal Hotel here in Richmond with a former officer of our Chapter when the subject of interviewing came up; interviewing generally, but also viewed in the context of the challenges and obstacles that fraud examiners of the next generation will face as they increasingly confront their peers, the present and future fraudsters of the Millennial and Z generations.

Joseph Wells says somewhere, in one of his excellent writings, that skill as an interviewer is one of the most important attributes that a CFE or forensic accountant can possess and probably the one of all our skills most worthy of on-going cultivation. But, as with any other professional craft, there are common pitfalls of which newer professionals especially need to be aware to increase their chances of successfully achieving their interviewing objectives.

Failure to plan sufficiently is without a doubt, the primary error interviewers make. It seems that the more experience an interviewer has, the less he or she prepares. Whether because of busyness or overconfidence, this pitfall spells disaster. Not only does efficiency suffer because the interviewer might have to schedule another interview, but effectiveness suffers because the interviewer might never discover needed information. Fraudsters often take time before interviews to prepare answers to anticipated questions. The ACFE reports having briefed career criminals on their tactics, thoughts and behaviors about interviews, and they typically respond, “I had my routines that I was going to run down on them” and “I always had my story made up”.

During his or her planning for an interview, the CFE must carefully consider the interviewee’s role in the fraud and his or her relationship to the fraudster (if the interviewee isn’t the fraudster), available information, desired outcomes from the interview and primary interview strategy plus alternate, viable strategies. The success or failure of the interview is determined prior to the time the interviewer walks into the room. Either the interviewer is part of his or her own plan or she is part of someone else’s. The CFE, not the interviewee, has to control the interview.

An interviewer whose mind is made up before an interview even begins is courting danger. Confirmation bias (also known as confirmatory bias or myside bias) greatly decreases the likelihood that an interviewer dismisses, ignores or filters any contradictory information during an interview, whether the interviewee expresses it verbally or non-verbally. Thus, interviewers might not even be aware that they’re missing important information that could increase the examination’s effectiveness.

How many times have experienced practitioners been told by colleagues that they believed that particular interviewees were guilty only to later discover they were actually innocent? If such practitioners hadn’t been aware that their colleagues could have caused them to have confirmation bias, they might have dismissed contradictory interviewee behaviors during subsequent interviews as minor aberrations. It’s imperative that the interviewer maintain an open mind, which isn’t so much a skill set as an attitude. The effective interviewer gives the interviewee a chance by looking at all the data, listening to others and theorizing a hypothesis without precluding anything. Also, the ACFE tells us, if the interviewer maintains an open mind, the interviewee will perceive it and be more cooperative.

A guiding principle should be, the interview is not about the CFE; the CFE is conducting the interview. The interview is a professional encounter. If you don’t conduct the interview, someone else can conduct it, but the interviewee remains the same. Interviewers are replaceable; interviewees aren’t. Never lose sight of this foundational truth. If the interviewer personalizes the interview process s/he will focus on his or her inward emotions rather than on the interviewee’s verbal and non-verbal behavior. An interviewer’s unfettered emotions will have a debilitating impact on a number of levels.

If the interviewer becomes personally involved in an interview, the interviewer becomes the interviewee and the interviewee becomes the interviewer. Most of us want to search for connections to others. But if we connect too strongly, we will become so similar (at least in our own minds) to interviewees that we might have difficulty believing the interviewee is guilty or is providing inaccurate information. Once that occurs, the interviewer probably wont obtain necessary evidence or could discount incriminating evidence.

Before each interview, remind yourself that your objective is to collect evidence in a dispassionate manner; you won’t become emotionally involved. Focus on the overall objective of the interview so that you won’t be caught up in details that could connect you too closely with the interviewee. If, for example, you discover that the interviewee is from the same part of the country you’re from, remind yourself of the many persons you know who also are from that area so you’ll dilute the influence that this information could have on your interview.

With regard to interviewing members of the present and up-and-coming generation, a majority of our youngest future citizens spend an inordinate amount of time looking at plastic screens as a significant mode for learning, communicating, being entertained and experiencing the world instead of interacting directly with others in the same space and time. This places novice CFE interviewers at a disadvantage because they have been formally trained that much of the communication between an interviewer and an interviewee takes place non-verbally. Concurrently, the verbal aspects of communication are replete with meta-messages. For example, what kind of impression does an individual make whose voice inflection rises or falls at the end of a sentence? Can this inflection be as adequately and consistently communicated via a text message compared to in-person communication? This example (and there are many more) contains the essence of the interviewing process. Unfortunately, nuances, interpersonal communication subtleties and appropriate responses that were previously thought to be integral parts of the social modeling process aren’t as readily available to the current generation of interviewers and interviewees as they were to previous generations. Research has shown that electronic devices, such as tablets, cellphones and laptops shorten attention spans. Web surfers usually spend no more than 10 to 20 seconds on a page before ads or links distract them and they move on to burrow down into succeeding rabbit holes.

A great deal of communication now takes place via 244-character communication snippets on Twitter. The average person checks his or her phone once every six minutes. Psychologists have recently coined the term ‘nomophobia’, the fear of being out of cellphone contact; shortened from ‘no-mobile-phone-phobia. A 2015 global study reported that students’ ‘addiction’ to media is similar to drug cravings.

The attention span of the average adult is believed to have fallen from 12 minutes in 1998 to five minutes in 2014. If interviewees’ attentive capacities are just five minutes, or less, then after that point interviews provide diminishing returns. Our attention deficits probably result from a lack of self-discipline and the delusional belief that we can cognitively multi-task. We can’t do anything about our natural limitations, but we can discipline ourselves to pay attention. We can also plan and conduct our interviews with few distractions. Interviewers new and experienced should require that all participants turn off their cellphones and, when possible, interviewers should try to ask questions in an unpredictable order.

So, we can expect that a new generation of fraud examiners will soon be interviewing individuals for extended periods of time who have as much of a dearth of direct, face-to-face interpersonal communication as they do. At the extreme, we can envision two or more uncomfortable people in an interview room. All of whom can only remain in the moment for five minutes or less and are fidgety because they need plastic-screen fixes.

An additional challenge will be that CFEs of the Millennial and Z generations will soon be spending hours interviewing older interviewees who are more familiar, explicitly and implicitly, with the subtleties of interpersonal communication. These are people who have spent significantly more time in direct, face-to-face communication. The interpersonal communication-challenged interviewer will be at a significant disadvantage when interviewing guilty, guilty-knowledge, deceptive and/or antagonistic interviewees. As my lunch companion pointed out, many experienced fraudsters are master manipulators of inexperienced interviewers.

It is urgent that younger fraud examiners and forensic accountants be instructed in the strongest terms to put down their plastic screens and practice engagement with others in direct communication, with friends, family and those who cross their paths in the normal flow of life. As a lead CFE examiner or supervisor, encourage your younger employee-colleagues to write down their communication goals for each day. Suggest they read all they can on face-to face interviewing and questioning plus verbal and non-verbal behaviors. They can take interviewing and public-speaking classes or join a toastmasters group. Anything to get them to converse and observe body language and expressions.

Interviewing techniques are the vehicles that ride up and down the road of interpersonal communication. If that road isn’t adequate, then drivers can’t maneuver their vehicles. Your younger employees are the only persons who can bring themselves up to the necessary interpersonal speed limit to make their one-on-one interviews successful.

Confidential Sources & Informants

There has been much in the news recently concerning the confidential sources and informants involved in current Federal on-going criminal and non-criminal investigations.  During the more complex of our examinations, we, as practicing fraud examiners and forensic accountants, can also expect to encounter the same types of sources and informants. Both sources and informants serve the same purpose, to provide information helpful in the development of a case. However, there are notable differences between confidential sources and confidential informants; the two terms should not be used interchangeably.

A confidential source furnishes information simply consequent on being a member of an occupation or profession and has no culpability in the alleged offense. For example, confidential sources might include barbers, attorneys, accountants, and law enforcement personnel. A confidential informant on the other hand has a direct or indirect involvement in the matter under investigation, and s/he might (incidentally) also be culpable. The distinction between the two sources is their involvement or noninvolvement in the offense. As every CFE knows, informants can pose treacherous legal issues for the fraud examiner.

There is no question that information provided by a well-placed informant can be invaluable to any case; secretly photographed or recorded conversations provided by an informant are the most convincing type of evidence. This information is generally viewed as something the use of which is sure to be successful for a criminal prosecutor, because there is little that a white-collar criminal can dispute when caught red-handed in the fraudulent act.

The ACFE identifies several types of informants with which a CFE might expect to become directly or indirectly involved: the basic lead, the participant, the covert, and the accomplice/witness.

—Basic Lead Informants. This type of informant supplies information to the investigator about illicit activities that they have encountered. The reasons that the informant decides to supply information are varied; some informants simply want to “do their part” to stop an unscrupulous activity, while others are interested in harming the criminals against whom they are informing. For instance, many informants in drug, prostitution, or illegal gambling endeavors are involved in those activities as well and intend to eliminate some of their competition. Whatever the reason, these informants’ only role in an investigation is to supply useful information.

—Participant informants.  The participant informant is directly involved in gathering preliminary evidence in the investigation. The informant in this instance not only supplies an investigation with information, but the informant is also involved in setting up a “sting” operation, initiating contact with the criminal for arrest purposes. A participant informant is just what the name suggests, a participant in the investigation of criminal activity.

—Covert informants. A covert informant also supplies information on criminal behavior to an investigator or to authorities. The difference between covert informants and other types of informants is that a covert informant is one who has been embedded in a situation or scenario for a period, sometimes for years, and is called upon only sporadically for newly uncovered information (i.e., tip-offs) and leads. These types of informants are often referred to as moles because of the nature of their insulated situation as inside sources. There are two instances in which covert informants are commonly used: in organized crime and in hate-extremist group investigations. Covert informants are often culled to get information about upcoming criminal activities by such groups.

—Accomplice/witness informants. The accomplice/witness informant is often called upon to provide information concerning criminal activity. Unlike other types of informants, the accomplice/witness informant seeks to avoid prosecution for an offense by providing investigators with helpful information. For example, the government might promise leniency if the accomplice/witness informant offers details about a co-conspirator.

There are three essential procedures for the investigator to keep in mind and follow when using sources and informants. First, strive to keep the informant’s identity as confidential as possible. Second, independently verify the information provided by the source or informant. Third, develop witness and documentary evidence from independently verified information. For example, an informant might indicate that an investigative target committed fraud. If the fraud examiner subsequently conducts an interview and gets a confession out of the target, the information is no longer dependent on the informant’s claim.

If the confidential source or informant has provided documents, names of potential witnesses, or other evidence, all reasonable steps must be taken to protect the identity of that source. Care should be taken to ensure that the questioning of other witnesses is done in a manner that does not reveal its origin. This can usually be accomplished by phrasing questions in a certain way. For example, Smith furnished confidential information about Jones, the co-owner of Jones Brothers Construction Company. When the fraud examiner confronts Jones, she does not want him to know that she has talked to Smith.

If necessary, in this example, the fraud examiner would display the evidence from witnesses and documents that would not reveal the source or informant’s identity. The information from the source or informant is basically useless unless the fraud examiner can verify its authenticity and independently corroborate it. Suppose a source furnishes the fraud examiner with copies of documents showing that Jones Brothers Construction Company’s building code violations dropped by 80 percent since a bribery arrangement allegedly began. This kind of evidence would corroborate the source’s story. If a source told the fraud examiner that Jones frequently had drinks with Walters, the city’s chief building inspector, the fraud examiner would want to find out some way to verify this information. Recall that the third objective when using sources is to develop the witness’s information and other evidence so that it makes a cohesive case.

Fraud examiners should make every effort to develop and cultivate a wide range of sources. Business and financial institution executives, law enforcement and other governmental personnel, medical and educational professionals, and internal and external auditors are always good contacts for practicing fraud examiners.

The fraud examiner should strive to make contacts in her community, well in advance of needing the information they can provide; my contacts on LinkedIn and in the Central Virginia ACFE Chapter have proven their investigative value again and again!  If the fraud examiner receives an allegation and needs confidential information, s/he might obtain assistance from a source cultivated earlier.  Additionally, we need sources to feel confident that they can share information with us without being compromised. In theory, the source will never have to testify; s/he has no firsthand knowledge. Firsthand information comes either from a witness or from a document.

The fraud examiner might also encounter new sources when tracking leads during a specific investigation. S/he might interview a stockbroker from whom the target purchased stock but who does not want his identity revealed. The fraud examiner shou1d not encourage a person to provide confidential information, but rather try to get verifying reports on the record. But if the fraud examiner promises confidentiality for a source’s information, she must abide by that promise.

The ACFE advises that active recruitment of informants is generally not desirable because doing so might appear unseemly to a jury. It is better to encourage an informant to come forward. It is also desirable to develop an informant relationship, but such relationships must be handled carefully. The fraud examiner must be careful to clearly document the adequate predication for an informant’s involvement. Generally, the most fundamental questions concerning informants will focus on the degree of their culpability or the lack of it. There have been cases where the informant is guiltier than the target; in such cases the court might rule that the informant’s information cannot be introduced.

Finally, it’s recommended that all contact with informants and-sources be reported on a memorandum, although the confidential source or informant’s identity should not be included in the report. Instead of including the source or informant’s identity, the fraud examiner should use symbols to denote the source’s identity. It is further recommended that sources be preceded with an “S,” followed by a unique identifier (i.e., source #1 would be “S-l”; source #2 would be “S-2”). The symbols for informants would then be “I-1” and “I-2.”

Generally, disclosure of the identities of sources and informants should be on a strict need to-know basis. For that reason, the person’s identity should be maintained in a secure file with limited access, and it should be cross-indexed by the source’s symbol number. The reliability of the source, if known, and whether the person can furnish relevant information should always be documented in writing.

Structure & Scope

T.J. Jones presented himself as a turnaround specialist to the Chairman of the Board of Central State Corporation, a medium sized, public company, a mid-western manufacturer of computer equipment, who hired him to take over a large, but under-performing division of the company.  Jones immediately set out lofty goals for sales and profits and very quickly replaced all the existing senior staff of the division with new hires loyal to himself. To meet his inflated goals, two of Jones’s managers, in addition to legitimate equipment sales, shipped bricks to distributors and recorded some as sales of equipment to retail distributors and some as inventory out on consignment. No real products left the plant for these “special sales.” The theory was that actual sales would inevitably grow, and the bricks could be replaced later with real products. In the meantime, the unwitting distributors thought they were holding consignment inventory in the unopened cartons.

The result was that overstated sales and accounts receivable quickly caused overstated net income, retained earnings, current assets, working capital, and total assets. Prior to the manipulation, annual sales of the division were $135 million. During the two falsification years of the fraud, sales were $185 million and $362 million. Net income went up from a loss of $20 million to $23 million (income), then to $31 million (income); and the gross margin percent went from 6 percent to 28 percent. The revenue and profit figures outpaced the performance of Central State’s industry category. The accounts receivable collection period grew to 94 days, while it was 70 days elsewhere in the industry.

All the paperwork was in order because the two hand-picked managers had falsified the sales and consignment invoices, even though they did not have customer purchase orders for all the false sales. Shipping papers were in order, and several co-operating shipping employees knew that not every box shipped contained disk drives. Company accounting and control procedures required customer purchase orders or contracts evidencing real orders. A sales invoice was supposed to indicate the products and their prices, and shipping documents were supposed to indicate actual shipment. Sales were always charged to a customer’s account receivable.  During the actual operation of the fraud there were no glaring control omissions that would have pointed to financial fraud. Alert auditors might have noticed the high tension created by concentration on meeting profit goals. Normal selection of sales transactions with vouching to customer orders and shipping documents might have turned up a missing customer order. Otherwise, the paperwork would have seemed to be in order. The problem lay in Jones’ and his managers’ power to override controls and to instruct some shipping staff to send dummy boxes.  Confirmations of distributors’ accounts receivable may have elicited exception responses. The problem was to have a large enough confirmation sample to pick up some of these distributors or to be skeptical enough to send a special sample of confirmations to distributors who took the “sales” near the end of the accounting period. Observation of inventory could have included some routine inspection of goods not on the company’s premises.

The overstatements were not detected. The auditor’s annual confirmation sample was typically small and did not contain any of the false shipments. Tests of detail transactions did not turn up any missing customer orders. The inventory out on consignment was audited by obtaining a written confirmation from the holders, who apparently over the entire period of the fraud had not opened even one of the affected boxes. The remarkable financial performance was attributed to good management.

The fraud was revealed by one of Jones’ subordinate managers who was arrested on an unrelated drug charge and volunteered as a cooperating witness in exchange for the dropping of the drug charge.

This hypothetical case is a good example of the initial situation confronting management when a fraud affecting the financial statements comes to light, often with little or no warning. Everyone involved with company management will have a strong intuitive sense that an investigation is necessary; but the fact is that the company has now lost faith in the validity of its own public disclosures of financial performance.

That will need to be fixed. And it is not enough to simply alert markets that previously issued financial results are wrong; outsiders will want to know what the correct numbers should have been. The only way to find out is to dig into the numbers and distinguish the falsified results from the real ones. Beyond the need to set the numbers straight, the company will need to identify those complicit in the fraud and deal with them. This is not only a quest for justice but the need to restore credibility, and the company will be unable to do so until outsiders are satisfied that the wrongdoing executives and staff have been identified and removed.  Thus, the company needs an audit report on its financial statements. The need for a new audit report arises from the likelihood that, once a company’s financial statements have been found to be unreliable, the company’s external auditor will want to pull its existing, inaccurate,  report.

As a practical matter, pulling its report involves the external auditor’s recommendation that the company issue a press release that previously issued financial statements are not to be relied upon. Once the company issues such a press release, it will be out of compliance with any number of SEC regulations. It will no longer satisfy the threshold prerequisites for trading on the company’s securities exchange. It will be viewed by many, and certainly the plaintiff class action bar, as coming close to having admitted wrongdoing. And everyone on the outside, not to mention its own board of directors, will want answers fast. A critical step in the restoration of important business relationships and a return to compliance with regulatory requirements is the new auditor’s report. And, where fraudulent financial reporting has been discovered, an in-depth and comprehensive investigation is often the only way to get one.

A critical issue at the outset of a financial fraud investigation is its structure and scope. A key attribute for which the external auditor, as well as the SEC, will be on the lookout is that the investigation is overseen by the audit committee. In public companies, it is the audit committee that has explicit legal responsibility for oversight of financial reporting, and accounting fraud falls squarely within the orbit of financial reporting.  In addition, the audit committee, as a matter of statutory design, is structured to be independent and possessed of a level of financial sophistication that makes it the most viable subset of the board of directors to oversee the investigative efforts in this case. It’s also the audit committee that has the statutory power to engage and pay outside advisers even without the consent of management, a statutory power that can be vital if management, or part of management, as in our hypothetical case above, is a participant in the fraud.

The audit committee’s role is to oversee the investigation, not actually conduct it. For that it needs to look to outside professionals, and there are two types. The one is the outside counsel to the audit committee. If the audit committee has not already engaged outside counsel, it needs to do so. It’s audit committee counsel who will conduct the interviews, comb through the financial records, and present factual findings for audit committee consideration. Individual audit committee members may choose to sit in on interviews, and that is their choice. But it’s audit committee counsel who will conduct the investigation. The other group of professionals is the forensic accountants and/or CFEs.  Audit committee counsel, while knowledgeable of financial reporting obligations and investigative techniques, will probably not possess a sufficiently detailed knowledge of accounting systems, generally accepted accounting principles (GAAP), or computerized ledgers. For that, audit committee counsel is well advised look for help to the category of accountants and fraud examiners specifically trained in digging into financial records for evidence of fraud.

What exactly is the audit committee looking for in such an investigation? There are primarily two things. The first, obviously enough, is what the actual numbers should have been. Often fraudulent entries involve judgment calls where the operative question is not whether the number matches the underlying financial records but whether the judgment behind the number was exercised in good faith.  The operative question for the investigators is whether the executive exercised his judgment in good faith to make the best estimate allowed by reasonably available information. Sometimes it’s not so easy to tell.

Beyond the correct numbers, the second thing for which the investigators are looking is executive complicity. In other words: who did it? Again, the good faith of those potentially involved comes into play. The investigators are not seeking simply whether executives reported financial results that turned out to be wrong. The issue rather is whether the executives tried to get them right. If they did and made an honest mistake or estimated incorrectly, that does not sound like fraud and may not even be a violation of GAAP to begin with. The main point here is that, when it comes to executive complicity, the investigators are ordinarily looking for evidence of wrongful intent (scienter). In other words, they are looking for an intentional misapplication of GAAP or an approach to GAAP that is so reckless as to constitute the equivalent of an intentional misapplication.

The scope of the investigation, then, should not pose too difficult an issue at the outset.  Initially, the scope will be largely defined by the potential improprieties that have been uncovered. The tricky question becomes: how far should the investigators go beyond the suspicious entries? The judgment calls here are formidable. One of the key issues involves the expectations of the external auditor and, beyond that, the SEC. If the scope is not sufficiently broad, the investigation may not be satisfactory to either one. Indeed, an insufficient scope can place the external auditor in a particularly awkward spot insofar as the SEC may subsequently fault not only the audit committee for inadequate scope but the external auditor’s acceptance of the audit committee’s investigative report.
An additional complicating factor involves the way fraud starts and grows. A critical issue to consider is that, overtime, as the Central State example illustrates, the manipulations will often get increasingly aggressive as the perpetrators spread the fraud throughout many line items so that no single account stands out as unusual but a substantial number are affected. For example, to prevent the distortion of accounts receivable from getting too large, Jones and his accomplices spread the fraud into inventory, then asset capitalization, then net income. The spread of the fraud is analogous to pouring a glass of water on a tabletop. It can spread everywhere without getting too deep in any one place.

So, once fraudulent financial reporting has been identified, even in just a few entries, the investigators will want to consider the possibility that it’s a symptom of a broader problem. If the investigators have been lucky enough to nip it in the bud, that may be the end of it.  Unfortunately, if the fraud has gotten big enough to be detected in the first place, such a limited size cannot be assumed. Even where the fraud ostensibly starts out small the need for a broader scope has got to be considered.

The scope of the investigation, therefore, can start out with its parameters guided by the suspicious entries revealed at the outset. In most cases, though, it will need to broaden to ensure that additional areas are not affected as well. Throughout the investigation, moreover, the scope will have to remain flexible. The investigators will have to stay on the lookout for additional clues, and will have to follow where they lead. Faced with an ostensibly ever-widening scope, initial audit committee frustration is both to be expected and understandable. But there is just no practical alternative.

The Initially Immaterial Financial Fraud

At one point during our recent two-day seminar ‘Conducting Internal Investigations’ an attendee asked Gerry Zack, our speaker, why some types of frauds, but specifically financial frauds, can go on so long without detection. A very good question and one that Gerry eloquently answered.

First, consider the audit committee. Under modern systems of internal control and corporate governance, it’s the audit committee that’s supposed to be at the vanguard in the prevention and detection of financial fraud. What kinds of failures do we typically see at the audit committee level when financial fraud is given an opportunity to develop and grow undetected? According to Gerry, there is no single answer, but several audit committee inadequacies are candidates. One inadequacy potentially stems from the fact that the members of the audit committee are not always genuinely independent. To be sure, they’re required by the rules to attain some level of technical independence, but the subtleties of human interaction cannot always be effectively governed by rules. Even where technical independence exists, it may be that one or more members in substance, if not in form, have ties to the CEO or others that make any meaningful degree of independence awkward if not impossible.

Another inadequacy is that audit committee members are not always terribly knowledgeable, particularly in the ways that modern (often on-line, cloud based) financial reporting systems can be corrupted. Sometimes, companies that are most susceptible to the demands of analyst earnings expectations are new, entrepreneurial companies that have recently gone public and that have engaged in an epic struggle to get outside analysts just to notice them in the first place. Such a newly hatched public company may not have exceedingly sophisticated or experienced fiscal management, let alone the luxury of sophisticated and mature outside directors on its audit committee. Rather, the audit committee members may have been added to the board in the first place because of industry expertise, because they were friends or even relatives of management, or simply because they were available.

A third inadequacy is that audit committee members are not always clear on exactly what they’re supposed to do. Although modern audit committees seem to have a general understanding that their focus should be oversight of the financial reporting system, for many committee members that “oversight” can translate into listening to the outside auditor several times a year. A complicating problem is a trend in corporate governance involving the placement of additional responsibilities (enterprise risk management is a timely example) upon the shoulders of the audit committee even though those responsibilities may be only tangentially related, or not at all related, to the process of financial reporting.

Again, according to Gerry, some or all the previously mentioned audit committee inadequacies may be found in companies that have experienced financial fraud. Almost always there will be an additional one. That is that the audit committee, no matter how independent, sophisticated, or active, will have functioned largely in ignorance. It will not have had a clue as to what was happening within the organization. The reason is that a typical audit committee (and the problem here is much broader than newly public startups) will get most of its information from management and from the outside auditor. Rarely is management going to voluntarily reveal financial manipulations. And, relying primarily on the outside auditor for the discovery of fraud is chancy at best. Even the most sophisticated and attentive of audit committee members have had the misfortune of accounting irregularities that have unexpectedly surfaced on their watch. This unfortunate lack of access to candid information on the part of the audit committee directs attention to the second in the triumvirate of fraud preventers, the internal audit department.

It may be that the internal audit department has historically been one of the least understood, and most ineffectively used, of all vehicles to combat financial fraud. Theoretically, internal audit is perfectly positioned to nip in the bud an accounting irregularity problem. The internal auditors are trained in financial reporting and accounting. The internal auditors should have a vivid understanding as to how financial fraud begins and grows. Unlike the outside auditor, internal auditors work at the company full time. And, theoretically, the internal auditors should be able to plug themselves into the financial reporting environment and report directly to the audit committee the problems they have seen and heard. The reason these theoretical vehicles for the detection and prevention of financial fraud have not been effective is that, where massive financial frauds have surfaced, the internal audit department has often been somewhere between nonfunctional and nonexistent.. Whatever the explanation, (lack of independence, unfortunate reporting arrangements, under-staffing or under-funding) in many cases where massive financial fraud has surfaced, a viable internal audit function is often nowhere to be found.

That, of course, leaves the outside auditor, which, for most public companies, means some of the largest accounting firms in the world. Indeed, it is frequently the inclination of those learning of an accounting irregularity problem to point to a failure by the outside auditor as the principal explanation. Criticisms made against the accounting profession have included compromised independence, a transformation in the audit function away from data assurance, the use of immature and inexperienced audit staff for important audit functions, and the perceived use by the large accounting firms of audit as a loss leader rather than a viable professional engagement in itself. Each of these reasons is certainly worthy of consideration and inquiry, but the fundamental explanation for the failure of the outside auditor to detect financial fraud lies in the way that fraudulent financial reporting typically begins and grows. Most important is the fact that the fraud almost inevitably starts out very small, well beneath the radar screen of the materiality thresholds of a normal audit, and almost inevitably begins with issues of quarterly reporting. Quarterly reporting has historically been a subject of less intense audit scrutiny, for the auditor has been mainly concerned with financial performance for the entire year. The combined effect of the small size of an accounting irregularity at its origin and the fact that it begins with an allocation of financial results over quarters almost guarantees that, at least at the outset, the fraud will have a good chance of escaping outside auditor detection.

These two attributes of financial fraud at the outset are compounded by another problem that enables it to escape auditor detection. That problem is that, at root, massive financial fraud stems from a certain type of corporate environment. Thus, detection poses a challenge to the auditor. The typical audit may involve fieldwork at the company once a year. That once-a-year period may last for only a month or two. During the fieldwork, the individual accountants are typically sequestered in a conference room. In dealing with these accountants, moreover, employees are frequently on their guard. There exists, accordingly, limited opportunity for the outside auditor to get plugged into the all-important corporate environment and culture, which is where financial fraud has its origins.

As the fraud inevitably grows, of course, its materiality increases as does the number of individuals involved. Correspondingly, also increasing is the susceptibility of the fraud to outside auditor detection. However, at the point where the fraud approaches the thresholds at which outside auditor detection becomes a realistic possibility, deception of the auditor becomes one of the preoccupations of the perpetrators. False schedules, forged documents, manipulated accounting entries, fabrications and lies at all levels, each of these becomes a vehicle for perpetrating the fraud during the annual interlude of audit testing. Ultimately, the fraud almost inevitably becomes too large to continue to escape discovery, and auditor detection at some point is by no means unusual. The problem is that, by the time the fraud is sufficiently large, it has probably gone on for years. That is not to exonerate the audit profession, and commendable reforms have been put in place over the last decade. These include a greater emphasis on fraud, involvement of the outside auditor in quarterly data, the reduction of materiality thresholds, and a greater effort on the part of the profession to assess the corporate culture and environment. Nonetheless, compared to, say, the potential for early fraud detection possessed by the internal audit department, the outside auditor is at a noticeable disadvantage.

Having been missed for so long by so many, how does the fraud typically surface? There are several ways. Sometimes there’s a change in personnel, from either a corporate acquisition or a change in management, and the new hires stumble onto the problem. Sometimes the fraud, which quarter to quarter is mathematically incapable of staying the same, grows to the point where it can no longer be hidden from the outside auditor. Sometimes detection results when the conscience of one of the accounting department people gets the better of him or her. All along s/he wanted to tell somebody, and it gets to the point where s/he can’t stand it anymore and s/he does. Then you have a whistleblower. There are exceptions to all of this. But in almost any large financial fraud, as Gerry told us, one will see some or all these elements. We need only change the names of the companies and of the industry.

RVACFES May 2017 Event Sold-Out!

On May 17th and 18th the Central Virginia ACFE Chapter and our partners, the Virginia State Police and the Association of Certified Fraud Examiners (ACFE) were joined by an over-flow crowd of audit and assurance professionals for the ACFE’s training course ‘Conducting Internal Investigations’. The sold-out May 2017 seminar was the ninth that our Chapter has hosted over the years with the Virginia State Police utilizing a distinguished list of certified ACFE instructor-practitioners.

Our internationally acclaimed instructor for the May seminar was Gerard Zack, CFE, CPA, CIA, CCEP. Gerry has provided fraud prevention and investigation, forensic accounting, and internal and external audit services for more than 30 years. He has worked with commercial businesses, not-for-profit organizations, and government agencies throughout North America and Europe. Prior to starting his own practice in 1990, Gerry was an audit manager with a large international public accounting firm. As founder and president of Zack, P.C., he has led numerous fraud investigations and designed customized fraud risk management programs for a diverse client base. Through Zack, P.C., he also provides outsourced internal audit services, compliance and ethics programs, enterprise risk management, fraud risk assessments, and internal control consulting services.

Gerry is a Certified Fraud Examiner (CFE) and Certified Public Accountant (CPA) and has focused most of his career on audit and fraud-related services. Gerry serves on the faculty of the Association of Certified Fraud Examiners (ACFE) and is the 2009 recipient of the ACFE’s James Baker Speaker of the Year Award. He is also a Certified Internal Auditor (CIA) and a Certified Compliance and Ethics Professional (CCEP).

Gerry is the author of Financial Statement Fraud: Strategies for Detection and Investigation (published 2013 by John Wiley & Sons), Fair Value Accounting Fraud: New Global Risks and Detection Techniques (2009 by John Wiley & Sons), and Fraud and Abuse in Nonprofit Organizations: A Guide to Prevention and Detection (2003 by John Wiley & Sons). He is also the author of numerous articles on fraud and teaches seminars on fraud prevention and detection for businesses, government agencies, and nonprofit organizations. He has provided customized internal staff training on specialized auditing issues, including fraud detection in audits, for more than 50 CPA firms.

Gerry is also the founder of the Nonprofit Resource Center, through which he provides antifraud training and consulting and online financial management tools specifically geared toward the unique internal control and financial management needs of nonprofit organizations. Gerry earned his M.B.A at Loyola University in Maryland and his B.S.B.A at Shippensburg University of Pennsylvania.

To some degree, organizations of every size, in every industry, and in every city, experience internal fraud. No entity is immune. Furthermore, any member of an organization can carry out fraud, whether it is committed by the newest customer service employee or by an experienced and highly respected member of upper management. The fundamental reason for this is that fraud is a human problem, not an accounting problem. As long as organizations are employing individuals to perform business functions, the risk of fraud exists.

While some organizations aggressively adopt strong zero tolerance anti-fraud policies, others simply view fraud as a cost of doing business. Despite varying views on the prevalence of, or susceptibility to, fraud within a given organization, all must be prepared to conduct a thorough internal investigation once fraud is suspected. Our ‘Conducting Internal Investigations’ event was structured around the process of investigating any suspected fraud from inception to final disposition and beyond.

What constitutes an act that warrants an examination can vary from one organization to another and from jurisdiction to jurisdiction. It is often resolved based on a definition of fraud adopted by an employer or by a government agency. There are numerous definitions of fraud, but a popular example comes from the joint ACFE-COSO publication, Fraud Risk Management Guide:

Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.

However, many law enforcement agencies have developed their own definitions, which might be more appropriate for organizations operating in their jurisdictions. Consequently, fraud examiners should determine the appropriate legal definition in the jurisdiction in which the suspected offense was committed.

Fraud examination is a methodology for resolving fraud allegations from inception to disposition. More specifically, fraud examination involves:

–Assisting in the detection and prevention of fraud;
–Initiating the internal investigation;
–Obtaining evidence and taking statements;
–Writing reports;
–Testifying to findings.

A well run internal investigation can enhance a company’s overall well-being and can help detect the source of lost funds, identify responsible parties and recover losses. It can also provide a defense to legal charges by terminated or disgruntled employees. But perhaps, most importantly, an internal investigation can signal to every company employee that the company will not tolerate fraud.

Our two-day seminar agenda included Gerry’s in depth look at the following topics:

–Assessment of the risk of fraud within an organization and responding when it is identified;
–Detection and investigation of internal frauds with the use of data analytics;
–The collection of documents and electronic evidence needed during an investigation;
–The performance of effective information gathering and admission seeking interviews;
–The wide variety of legal and regulatory concerns related to internal investigations.

Gerry did his usual tremendous job in preparing the professionals in attendance to deal with every step in an internal fraud investigation, from receiving the initial allegation to testifying as a witness. The participants learned to lead an internal investigation with accuracy and confidence by gaining knowledge about topics such as the relevant legal aspects impacting internal investigations, the use of computers and analytics during the investigation, collecting and analyzing internal and external information, and interviewing witnesses and the writing of effective reports.