Accounting: What the World's Best Forensic Accountants and Auditors Know - Greg Shields
Introduction to Forensic Accounting:
The purpose of a forensic accountant is to determine if a financial crime has occurred. They are meant to investigate corruption, and fraud by reconstructing and analyzing digital information and financial records.
Certified Fraud Examiners can help investigators accomplish this.
When investigating multinational corporations it is imperative to focus on the tax obligations within a corporation’s alternative nation(s) of operation.
There are often clues indicating financial crimes if you pay attention to international currency exchange rates.
Forensic accountants must first perform interviews to gather relevant information. Doing so helps understand an organization's vulnerability for fraud. Forensic accountants investigate embezzlement allegations.
Simplifying information found is critical to effectively communicate evidence. This helps authorities understand key issues and details about a case. Do not dismiss your intuition when you are doing forensic accounting. Always keep an open mind, and drop all assumptions. Doing so will increase chances of uncovering the truth.
Common Types of Fraud:
A common type of business fraud is skimming. This happens a lot in businesses that operate primarily in cash. Skimming is when an employee up-charges a client, without notifying the company it works for. The employee then pockets the difference between the up-charge and the original fee. While this may seem harmless, it is illegal for w2 employees to do so. This happens often in intelligence work, medical practices (co-payments), construction workers, retailers, and merchandising businesses.
Skimming occurs when a company makes profit from a cash transaction but the accounting record states that they sold the product/service at cost price or at a discount.
To avoid skimming business owners need to set up policies which lower their organizations vulnerability to such employee run schemes. A smart prevention technique is the 3 receipt policy. Employees should be mandated to always give receipts to customers, even if they don’t want one. Then they should store a second receipt in each customer's file, and a third receipt in a master database. In addition cameras should be present in all places where cash is exchanged. Doing so will ensure skimmers understand their financial crimes are trackable.
If an employee takes a check addressed to the company and deposits it to their personal account, the employee can then adjust accounting records to ensure the missing funds go unnoticed. These types of fraudsters often use shell companies to get away with this.
If a supervisor and a vendor have the same address that is a red-flag and a sign of fraudulent activities. Also if a vendor's only client is the company under investigation that is another indication of fraudulent activities.
In large corporations the payroll department can build “ghost employees” and defraud an organization by collecting income on behalf of an employee who does not exist. It is important for forensic accountants to pay attention to cross functional databases. Doing so can help determine if a single individual was incharge of fraud or if it was a coordinated group effort.
Examples of cross functional databases include sick day databases, company technology credential databases, company insurance benefits database, vacation days databases, and work performance reviews databases. A ghost employee will not have any records in these databases because they are outside the payroll department's scope of authority. Ghost employees can be identified by irregularly large transactions.
Stolen inventory is another form of fraud forensic accountants must be aware of. When examining financial records look for unusual shrinkage trends of inventory. Also pay attention to the size of such shrinkage. If the pattern of inventory shrinkage is a consistent size and occurs at consistent time intervals, there is a red flag of stolen inventory. For example if the records indicate the same exact amount of $ (in inventory) is sold every x amount of days then fraud is likely occurring. This is because real businesses selling legitimate inventory have an element of randomness.
Forensic accountants must show up to inventory storage facilities and see if what they observe reflects what is being shown on the financial records.
For organizations to mitigate against such risks, the people in charge of the balance sheets should have zero authority over inventory counts. Separate teams need to be used for each business activity.
Management embezzlement is when executives exonerate each other's loans from the company. Meaning the CEO takes a loan from the company and then the CFO forgives the loans.
Finance officers in government agencies often reroute relatively small amounts from invoices to their personal accounts. Essentially they abuse public trust and continue to steal government funds until their peers report it.
Security fraud is when there is a misrepresentation of data in SEC filings. Failed ventures and risky ventures that did not pay off are often losses/deals which companies try to hide. It is important for forensic accountants to learn SEC requirements.
Another form of security fraud is when there is a misappropriation of investment funds. When companies take investments and put them into hedge funds without informing investors, fraud is occurring.
Sophisticated fraudsters will steal company money and keep moving from “dummy accounts” to other “dummy accounts.” As the money is moved between multiple accounts, the fraudsters slowly withdraw small amounts from each account. By the time the funds get to their final destination, the funds are entirely diminished.
Forensic accountants must use subpoenas and search warrants to collect employee travel records, spending records, bank accounts, and personality profiles. All this should occur before investigative interviews are done. By collecting all this data, “unknown” sources of income can be identified prior to interviews.
Forensic accountants can investigate the following financial documents: mortgage applications, credit card statements, appointment books, bank statements, business projects, security/crypto exchanges, car loans, student loans, credit reports, tax returns.
Lying and omitting important details because of a knowledge gap is mortgage fraud. Lying about foreclosure is fraud as well. Removing names from title documents behind someone's back is title fraud. Lying about asset prices leads to value fraud.
District attorneys and law enforcement can provide search warrants to force records protected by confidentiality agreements to be released. In trial transparency of how legal documents were retrieved are needed.
Most fraud occurs when employees steal funds from organizations. Having genuine relationships with employees and training them on fraud detection and prevention helps minimize the likelihood of fraud. Employees must be educated on ethics and the consequences of fraud on a routine basis. It is also important for organizations to have fraud reporting mechanisms which protect whistleblower anonymity.
The person doing a company's accounting, should never be the one writing checks. Checks should be written by one person, signed by another, and delivered by a third person. A minimum of three people should be a part of the process of authorizing and dispersing funds and documentation processes should always be used.
Occupational Fraud: Asset misappropriation, check tampering, skimming, cash register disbursement, payroll fraud.
Unauthorized side deals and bid rigging are both forms of corruption schemes.
When dealing with financial statement fraud, focus on reliability of reporting, compliance with regulators, and the effectiveness/efficiency of business operations.
Internal Controls to Minimize Risk of Fraud:
Always use a separation of duties. If one person is issuing an invoice, a separate person in a different office should receive and deposit the company’s money. Then financial records and general ledger maintenance should occur in a third office by a separate person.
After a bank wire has been set up, only an owner should be able to authorize if funds have been sent to the correct account. “Positive Pay” is a banking service which mitigates risks of check fraud by ensuring only pre-approved checks can be used to spend money. Employees should not be allowed to sign checks.
When choosing auditors, make sure they are not related to people in the organization being investigated.
Cross train employees and move them around to work with different teams or parts of an organization. Doing so can easily reveal fraud.
For employee expenses mitigate the risk of fraud by providing corporate cards. Doing so ensures employees can not lie on expense reports.
Build a company culture where employees are encouraged to report fraud.
It is important for forensic accountants to beware of legal thresholds or rules for payment amounts/frequencies. Look for patterns where the fraudster is repeatedly barely under the threshold.
Data shows that business records on accounting statements only start with the number “1” 30% of the time. If the number “1” is the first digit of over 50% of business records that is a red flag indicating fraud.
During forensic accounting investigations it's important to use “read only” documents which cannot be altered or edited.
Audit Command Language is a software tool which can be used for fraud detection.
Check for duplicate values in payment records. Often fraudsters will send the same check to two different addresses. They can also collude with vendors and split profits in duplicate check schemes.
When analyzing financial data look for irregular ratios. One indication of fraud is when there is a high ratio between non current assets to total assets. Another indication of fraud is when the ratio between gross margins and sales growth is high.
Forensic accountants should look for outliers in databases. How does the largest number in a database compare to the second largest number? Pay attention to your intuition as you observe such outliers.
Forensic accountants should be able to map patterns to identify shell companies vs legitimate vendors.
When hiring a forensic accountant it’s important they can blend in with company culture so that they can collect accurate information during investigative interviews. Hire them in a double position such as admin/secretary so they can develop relationships for 4-6 weeks while collecting records quietly. The investigative interview process will be easier if “co-worker” rapport is made.
Use ACFE to get a certified fraud examiner qualification:
While internal audits can be used to optimize business operations, external audits are always more reliable for investors.
Some audit evidence a Forensic Accountant can use: General Ledger, invoices, cash register receipts, video tapes, time cards, and notes from board meetings.
Check kiting is a form of check fraud. It uses float (the time it takes for a check to clear) to make use of non-existent money in a checking account.
Investment Fraud:
Auditing investments involve making sure the money paid for an investment and date the investment was made is accurately depicted in company records. To mitigate risk the person who initiates an investment should be different from the person who authorizes an investment. The person in charge of recording the investment should also be different. And the person tracking the investment results should also be different. Having these separation of duties minimizes the risk of fraud.
For investments, always check the source that issued the certificate of ownership. To verify loans and debts check board meeting notes and see if dates match with records. Always double check this information with the issuer of the loans.
Track the amount of common stock issued and how much money was collected and what it was used for. Track all “buybacks” of common stock and the values they occurred at. Track all stock and cash dividends. It is important to audit all retained earnings.
Audit intangible assets as well such as: Intellectual property and brand equity amortization.
Intangible Amortization = (Cost of Asset - Residual Value) / Lifespan
Auditing Human Resources:
Analyze internal contracts and assess risks of current HR strategies vs industry benchmarks. Make sure employee benefits are implemented as promised. Make sure payroll is implemented in a dependable way. Make sure labor laws are followed. Make sure issues of discrimination are actively mitigated by providing means of reporting. Analyze how employees are being treated. Compare your analysis results to the rest of the industry. Consider employee turnover rate, absences, vacant positions, legal issues, and other metrics to determine a numerical value of what changes would bring.
Interviews help HR audits. Ask HR to keep a log of issues that are not currently covered by HR policies.
Auditing Inventory Management:
Make sure organizations have the proper rights to legally resell or use inventory commercially. Audit how much inventory is being bought and sold and its financial value. Learn the organization's current inventory count/management system and observe it in practice. Companies who outsource their inventory count system are less susceptible to fraud. Always observe product quality of the inventory. Ask if any inventory is being held in consignment at other locations. Ask for the amount and value of inventory which is being offered on consignment. Then call and visit these locations and check if the numbers match.
Auditing Internal Controls:
Find previous organizational mistakes and correct them. Prevent them from happening again. Make sure everything bought or sold is approved by the company. Make sure all payments collected and dispersed are approved by the company. Ensure authorization is systematized and everything is accounted for and accurately recorded. Any and all mistakes must be accounted for and rectified. Ensure employee grievances are reported. The intent of internal controls is to segregate duties in order to ensure data integrity. Internal controls should stress the importance of ethics and should always be able to assess risk. It’s important to understand how an organization's current internal controls affect employee work performance. It is also important to audit the flow of information within an organization. Managers need to explain their roles and responsibilities to employees. It is important to evaluate how internal controls hold up over the test of time.
ISA315 is the International Standards for Auditing. The standardization helps understand inherent risks such as how likely a financial misstatement occurs in an account. They also help understand the risk of misrepresenting assets that are illiquid or difficult to liquidate. They use industry trends and the current economic landscape to determine this.
Auditors must provide a “control risk” to identify how likely internal controls and systems will fail to identify a financial misstatement. They also must determine a “detection risk” as to how likely a given misstatement won’t be discovered.
Audit Reports:
Unqualified Opinion: Done by a CPA. It states that all accounting standards have been met. It states that accounts are all sufficiently maintained. It states the auditors responsibilities, as well as the audit intent and audit discoveries.
Qualified Opinion: Accounting standards have not been met but zero numbers have been misrepresented. The report must justify why the accounting methods are not considered to be up to standard. It also must state the auditors responsibilities, as well as the audit intent and audit discoveries.
Adverse Opinion: When business records are not up to accounting standards and numbers are misrepresented. After an adverse opinion financial records must be fixed and the audit process must restart.
Disclaimer of Opinion: If an audit fails, the auditor must state why the audit could not be completed. Was there missing data? Was the staff uncooperative? Were people being extorted? Did corrupt government officials stop the audit due to conflicts of interest and fear of further corruption being found?
All audit reports must reflect if the intentions of audits have been met and what actions must be taken. This is expressed in a final opinion. It should state the likelihood of mistakes being repeated.
Contingent liabilities must be evaluated. Meaning what are the odds that decisions from the past will incur costs in the future? Are there any potential future legal issues, future IP disputes, future tax liabilities, etc? If probability and cost of these contingent liabilities are not forecastable then auditors must communicate that.
Understand that when the law is broken, attorney client privilege can be broken. Meaning if fraud or other crimes have been committed, privacy is no longer protected.
Audits must report type 1 and type 2 events which lead to changes in existing financial records.
A type 1 event must be reported if a legal settlement paid out is different from what is listed on a financial statement. Or if a sale of an investment is different from the value reported. Type 1 events also occur when equipment is disposed of at a loss value. If losses occur due to customer bankruptcy, lay offs, or uninsured loss of goods, then auditors must report these as type 1 events. Type 1 events lead to adjustments being required on financial statements.
A type 2 event occurs after a sheet date but does not relate to conditions at a year's end date. If government involvement decreases the value of inventory that is a type 2 event. If inventory is lost due to natural disaster that is another type 2 event. When mergers and acquisitions occur those also must be reported as type 2 events. Vendor bankruptcy and issuance of stocks/bonds are also type 2 events. After auditors report these type 2 events, companies must adjust their records accordingly.
Obtaining management and attorney letters and communications can help uncover the truth.
Auditors must also report unaccounted for property, changes in equity, and any unusual business activities.
Auditors must always update their reports when new facts are discovered. Auditors must obtain client representation letters to avoid confusion of unauthorized communications.
Remember that an audit completion date is not the same as an audit report release date. The audit completion data is when evidence is collected and the auditor is ready to form an opinion. The audit release date is when the client can use the audit information.
After an audit logically reveals the cause and effects of results, form a timeline of events. Summarize the timelines. Understand the who, what, where, when, and why of the circumstances. Understand why the audit discovery is relevant and when rectifications should be made. Look for ways evidence can be corroborated. Provide recommendations of who can implement solutions. Compare the organizations actual behavior to ideal compliant behavior and make recommendations along with predictions about the expected results.