The Fraud Audit: Responding to the Risk of Fraud in Core Business Systems by Leonard W. Vona Copyright 2011 John Wiley & Sons, Inc.

Transcription

1 The Fraud Audit: Responding to the Risk of Fraud in Core Business Systems by Leonard W. Vona Copyright 2011 John Wiley Sons, Inc. EAPPENDIX Fraud Audit Planning Program: Revenue Recognition FRAUD RISK STRUCTURE: REVENUE RECOGNITION SAS 99 states that the auditor should ordinarily presume that there is a risk of material statement due to fraud related to revenue recognition. The search for revenue fraud should start with understanding how management has historically misstated revenue. Revenue fraud can be categorized into four major groups, with each group having several general schemes and several industry-specific fraud schemes. I. Management records fictitious revenue through a false billing scheme. Illusion is the key word in this fraud scheme. Management must provide representations, supported by documentation, that a customer exists, delivery has occurred, or that services have been rendered, and that the revenue transaction has been realized. Documentation will be obtained, created, or altered to support the false assertions. The overall 347

2 348 Appendix E audit approach should search for and critically examine each of the main revenue assertions. The attributes of a false billing scheme are: A. The revenue transaction is recorded through the billing system. B. The revenue transaction is recorded through the use of fictitious customers and the use of real customers. C. Management obtains, creates, or alters documents to provide the illusion that the customer ordered the product or services. D. The delivery of the product is disguised in one of many methods. E. The realization of the receivable is concealed. II. Improper recognition of revenue either because it was recorded prematurely or intentionally delayed to a later period. In this case, the problem relates to: A. The revenue is not realized and is eventually returned. The audit approach should focus on the realization assertion. B. The revenue is eventually recognized. This fraud scheme is the most difficult to detect because all the revenue assertions are achieved. The audit should focus on the delivery point of the revenue transaction and the documentation. C. Improper recognition schemes occur as follows: Recognition of revenue on soft sales from customers that have not agreed to purchase the item. Recognition of revenue on products that is incomplete or flawed. Recognition of revenue on partial shipments. Recognition of revenue involving multiple deliverables that have not all been satisfied Recognition of revenue in the improper period. A single revenue transaction. Misapplication through timing factors. Premature recognition. Delayed recognition. Disputed sales. D. Related party transactions are frequently linked to sham transactions and occur as follows: Sales activity between two parties, often related by law or industry, where insufficient consideration is given for the sales transaction. Seller provides total financing to transfer consideration. Below FMV transactions. Borrowing or lending on an interest-free basis or at a rate of interest significantly above or below market rates.

3 Appendix E 349 Exchanging property for similar property in a non-monetary transaction. Loans with no scheduled terms for when or how the funds will be repaid. Loans with interest accruing differently from market rates. Loans to parties lacking the capacity to repay. Loans advanced for valid business purposes and later written off as noncollectible. Nonrecourse loans to shareholders. Agreements requiring one party to pay the expenses on the other s behalf. Business arrangements where the entity pays or receives payments of amounts at other than market values. Consulting arrangements with directors, officers, or other members of management. Goods purchased or sent to another party at less than cost. Material receivables or payables from/to related parties such as officers, directors, and other employees. E. Consignment income. Transfer of product is based on a consignment contract. F. Channel stuffing. The practice of offering extremely favorable terms to move a sales transaction into a current period. The inducement is so favorable the customer purchases the product in the current period instead of in a later period. Signs of the practice are large discounts, pricing below FMV or cost, extended payment terms, no repayment schedule, or loans to help finance the purchase. G. Round tripping. Sales activity between parties where there is no measurable economic benefit. The main purpose is to increase sales with no measurable benefit to the bottom line. No cash has transferred between the parties. H. Barter. Sales transaction occurs through a swap of products or services. III. Creation of revenue through journal entries. This fraud scheme is easy because none of the revenue assertions need to be achieved. Revenue is misstated simply through one or more journal entries. No customer accounts are impacted. The journal entries maybe recorded in the general ledger or in top-sided journal entries.

4 350 Appendix E IV. Misapplication of GAAP. This can be related to: A. Misapplication of the fundamental revenue assertions. Here, the management team intentionally misapplies one of the four key criteria to recognize revenue. The auditor needs to identify the specific criteria and determine how management could manipulate the criteria and then conceal the truth. A transaction has to occur entailing an exchange. The conversion of income to revenue is essentially complete. The price is fixed and determinable. Collection is reasonably assured. B. Misapplication of industry GAAP. As stated above, there are a number of specific GAAP pronouncements covering revenue. Here, the management team intentionally misapplies the criteria established under the specific accounting pronouncement. The auditor needs to identify the specific criteria and determine how management could manipulate the criteria and then conceal the truth. C. Improper and inadequate disclosures. D. IllustrativeofGAAP-specific. Withthistransaction,alegitimate sales order is received and executed. However, the terms require the seller to hold the goods until the purchaser is ready to take acceptance. SEC Staff Accounting Bulletin 14 states bill-and-hold transactions can be booked as revenue only after the following criteria are met: The risks of ownership must have passed to the buyer. The customer must have made a fixed commitment to purchase the goods, preferably in written documentation. The buyer, not the seller, must request that the transaction be on a bill-and-hold basis. The buyer must have a substantial business purpose for ordering goods on a bill-and-hold basis. There must be a fixed schedule for the delivery of goods based on what is customary in the buyer s business. The seller must not have retained any specific performance obligations such that the earnings process is not complete. The ordered goods must have been segregated from the seller s inventory and not subject to being used to fill other customer orders. The products must be complete and ready for shipment.

5 Appendix E 351 FRAUD CONCEALMENT STRATEGY When an individual decides to commit internal fraud, how to conceal the true nature of the transaction is a critical aspect of his or her plan. The goal is to have the business transaction look like a real transaction. Each fraud scheme has a typical way to conceal it. However, how the individual implements the concealment strategy varies, based on the person s position (opportunity) and the company s internal procedures. The auditor should give consideration to the opportunity list in relation to the system under audit. Methods to conceal the true nature of the transaction will vary with the business system, employee position, and computerized systems versus manual systems, required documents, internal controls, and corporate governance issues. In some instances, the individual may use more than one layer of concealment techniques to hide the true nature of the business transaction. The auditor should design an audit approach based on the mechanics of the fraud scheme and the concealment strategy. 1. Fictitious delivery of the product or service. This will occur through the creation of false documentation. 2. Real delivery to false or hidden locations. Here, the company ships product to non-customers for the illusion of sale through the use of freight forwarders, other company warehouses and concealed or false locations, or consignment locations. Or the company ships to distributors without title transfer. 3. Shipment of nonexistent or incomplete product. This occurs through the actual shipment of a container that is either empty, filled for weight purposes, or an incomplete product. 4. Shipment to a real customer that did not order the product. Management ships an actual product to a customer that never ordered the item. 5. Concealment of returns. This requires the delaying of the return after the audit period, recording the return as something other than a return, or a combination of efforts to conceal the return and the adjustment. 6. Subsequent credits or adjustments. Since the fictitious revenue cannot be realized, the receivable must be cleared through credit memos or actual adjusting entries.

6 352 Appendix E 7. Disguised customer remittances. The documentation supporting the source of the remittance is altered or created to provide the illusion of realization. 8. Use of company funds to provide illusion of customer remittances. Here, the company uses multiple bank accounts, subsidiary bank accounts, or foreign bank accounts. 9. Lapping scheme to provide illusion of customer remittances. Other customers remittances or credit balances are applied to the fictitious revenue. 10. Undisclosed terms and conditions. The customer is offered verbal terms or side agreements that are not disclosed to the auditor. Or, the auditor can also be given draft documents, altered copies, or false documents. 11. Right of return not disclosed. The customer is provided the opportunity to return the product through a trial period, approval period, or some other program. 12. Created, altered, or fictitious documentation. 13. No documentation supporting verbal representations. 14. Falsifying company reports to provide an illusion of an event or representation. 15. Control over confirmations. With fictitious customers, the customer addresses are under the control of management. With real customers, the management team must exert some control over the response. In certain industries, obtaining responses can be difficult, so management offers assistance in obtaining the response. 16. There are cases in which the customer conspired against the auditor to falsely respond to the confirmation. 17. Intentional misrepresentation by management. 18. Improper criteria used in estimates. 19. Collusion with outside experts to provide false representations. PLANNING THE REVENUE AUDIT During planning, the auditor should consider the following: 1. Structure the brainstorming session to include a discussion of the revenue fraud schemes in relation to the specific client industry and client accounting practices. This discussion should: Using the Fraud Risk Structure as a guide, identify how the inherent revenue schemes would occur.

7 Appendix E 353 Using the Fraud Concealment Strategy as a guide, identify how the inherent revenue scheme would be concealed. Identify any client practices that may create problems, such as right of return or distributorship arrangements. Review industry-specific fraud schemes, such as front-loading for a construction contractor. Include any past problems with the client. 2. Using the fraud theory, understand management s motivation for underor overstatement of revenue. This facilitates where and how to search for the fraud. 3. Understand how the key revenue assertions occur within the company by revenue source. 4. Obtain a thorough understanding of the revenue cycle and types of revenue transactions. The auditor should inquire about: Earnings process in relation to the general rule for revenue recognition; there are four elements: An exchange transaction has taken place. The earnings process is essentially complete. The seller s price to the buyer is fixed and determinable. Collectability is reasonably assured. 5. Discuss how those assertions could be falsified and subsequently concealed. 6. Determine if there are any specific GAAP pronouncements for revenue recognition. 7. Develop global-based analytical analysis around the relevant fraud schemes: Understand the sources of revenue. Differentiate revenue created through the billing system and revenue created through other sources. Differentiate revenue recorded through the sales system and revenue recorded via journal entry. Identify revenue via new customers versus existing customers. Identify revenue recorded at the end of an accounting period. Identify revenue recorded after a significant business event. Identify new customers or new accounts. Identify revenue recorded through noncustomer accounts. Identify revenue by product line. The goal should be a disaggregated analysis at the lowest level practical. Analyze credit activity by customer as to cash, adjustments, or returns. Search for activity by ship-to address.

8 354 Appendix E 8. Develop questions for the interviewing of management. Understand how the key revenue assertions occur in the company. Identify which revenue schemes relate to the individual being interviewed. Understand what impact the individual has on the documentation supporting the revenue assertion. Inquire as to negotiation strategies with customers. Identify customers controlled by non-sales force personnel. 9. Discuss improper revenue recognition for the company. Remember the identification of a risk of material misstatement due to fraud involves the application of professional judgment and includes consideration of: The type of risk that may exist. As mentioned above, the auditor should consider how management would misstate revenue, first at a top-side level, then at the specific scheme level. The significance of the risk; that is, whether it is of a magnitude that could result in a possible material misstatement of the financial statements. The likelihood of the risk or scheme s occurring within the industry and organization. The pervasiveness of the risk; that is, whether the potential risk is pervasive to the financial statements as a whole or specifically related to a particular assertion, account, or class of transactions. AUDIT AREAS FOR FALSE BILLING SCHEMES 1. Customer master file. False billing schemes require the revenue transaction to be recorded in a customer account. Creation of a fictitious customer. Real customers with no current sales activity. Real customers with multiple accounts. Look-alike customer. Real customer that is not a knowing participant. New customers with large sales activity at the end of a reporting period. Dormant customers with large sales activity at the end of a reporting period. Large customers with multiple bill-to addresses.

9 Appendix E 355 House accounts with large sales activity at the end of a reporting period. Match customer database to personnel or vendor database for name, address, telephone number, and federal identification number. Missing credit terms amounts or large credit terms for new customer. Missing key identifying information, such as contact name, identification number, etc. 2. Sales transaction. The scheme requires the creation of a sales transaction, such as: Sales to fictitious customers. Sales to real customers. Sales to noncustomer accounts. Sales to related parties. Fictitious sales to fictitious customers, real customers, noncustomer accounts, or related parties. Incomplete sales. Disputed sales. Sales with no commission or assigned to a sales representative or territory. Sales to a noncustomer account. Missing customer information, i.e., sales order number. Search on ship-to address. Same address for more than one customer. No recorded ship-to address. Frequency of sales activity at the end of a reporting period. Large sales transaction at end of reporting period. New customers at end of reporting period. 3. Realizationofrevenue. The scheme requires the illusion of a customer s paying the receivable. Credits to a customer s account originating from noncash receipts. Deposit of personal funds to provide realization. Creation of false documents to provide the illusion of a cash receipt. Misapplication of customer cash receipts to provide the illusion of realization. Early or false recognition of returns and adjustments. Realization through loans. Realization through circular transactions.

10 356 Appendix E Search for customers with no or limited cash receipts in relation to customer sales. Search for returns, adjustments, voids, and write-offs. Search for customers with large cash receipts transaction. Search for cash receipts transaction missing identifying information. Search for cash receipt transaction from nontraditional sources. Use of controlled addresses to respond to confirmations or correspondence. When lapping is used, consider the following data analyses: Search for customer remittances check numbers that do not follow a logical date sequence. Search for accounts with frequent credit memos and other credit adjustments to the account. Search for account transfers. Search for noncustomer accounts. 4. Fictitious revenue to real customer. Here the scheme involves: Shipping products to customers that did not order the product. Shipping products to customers that agree to hold the product. Search for excessive returns, credits, voids after the end of the reporting period. Search for customer accounts with high sales volume and limited cash receipts activity. Search for aged returns and adjustments. 5. Delivery of product to customer. Some schemes include: False ship-to address. Creation of a ship-to address. Nondelivery of the product or service. Shipping unfinished products. Distributors and consignment. Trial and evaluation purpose. Bill-and-hold transactions. Month-by-month comparison of sales to detect pump up and reversal of transactions. Inspect shipping documents to see if company employees signed rather than shipping company.

11 Appendix E 357 Inspect shipping documents to see if shipped to warehouse rather than customer s regular shipping address. Inspect invoices to see if shipping information is missing. 6. Other data analysis techniques. Some to consider are: Review past revenue trends to see that they make sense. Consider seasonality, as well as economic changes. Compare past revenue trends with similar businesses in the same industry. Investigate large fluctuations. Review changes in deferred revenue. A decrease could signal a decrease in business or a release of reserves. Compare revenue with physical capacity. Is it possible to have the sales volume recorded with the capacity? Compare industry statistics such as revenue per employee, revenue per unit of production, revenue per square foot, revenue for dollar of PPE. Compare receivables to revenue: Rate of change are receivables increasing with flat or lower sales? In many well-known frauds, the buildup in accounts receivable grew as the revenue recognition policies became more aggressive. Changes in days sales outstanding. Sudden changes up or down may be indicative of fraudulent activities. 7. Terms and conditions. As applied to: Undisclosed terms and conditions, including terms written in a side letter, verbal terms, or the nonenforcement of written terms. Interpretation of the terms and conditions. Terms and conditions are not fixed and agreed to by both parties. 8. False documentation. Some examples are: Create documents. Alter or change documents. False dating of documents. False verbal representations. Providing draft documents as the properly executed documents. AUDIT AREAS FOR IMPROPER RECOGNITION SCHEMES For improper recognition the audit should focus on the outcome of the revenue transaction versus the occurrence of the transaction. There are two basic outcomes: 1. The revenue is not realized and is eventually returned. The audit should focus on events that occur after year-end.

12 358 Appendix E Credits to customer accounts resulting from returns and adjustments are indicative of improper recognition. 2. The revenue is eventually recognized. The audit should focus on the delivery and terms and conditions of the revenue transactions. Sales order. The documentation should show a clear intent to order the product. Created sales orders. Altered sales orders. Back-dated sales orders. Sales terms. The terms and conditions support the recognition of the revenue. Fraud schemes in the past have used undisclosed terms and conditions. Unconditional right to return product. Ease of return of product. Ability to cancel the order. Open payment terms. Extension of payment terms. Negotiation of terms and conditions are open. Future performance terms. Contingent on performance. Resale Refund for unsold product Future performance Delivery of product. The shipment is flawed in some aspect. Deliver incomplete product as final product. Partial shipments represented as complete delivery. Approval, trial, demo sales. Future, trial, demo sales. Future performance of services. Recognizing up-front payments as revenue. Shipments to company-controlled facilities. Shipment before customer finalizes order/contract. Shipments to freight forwarders. Shipments to other company warehouses.

13 Appendix E 359 Manipulation of the closing of the year-end books. Depending on the intent of management, the books are closed early or late. Understanding the fraud risk factors related to the pressure the organization is facing is an indicator of which way the scheme will occur. 3. Revenue created through recording journal entries. The starting point is to understand which revenue accounts are impacted by journal entries, other than posting source journals. In the brainstorming session discuss: Characteristics of fraudulent journal entries. Characteristics of misstated revenue accounts. Obtain an understanding of the entity s financial reporting process and controls over journal entries and period ending adjusting entries. Determine the use and the extent of top-sided journal entries. Determine the nature and type of journal entries impacting the account. Determine extent of account balance impacted by adjusting, reclassifying, or consolidating entries. Determine the nature, timing, and extent of auditing procedures. Nature: The type of entry will impact the nature of the audit procedures. Adjusting. Validate the assumption of the adjustment Reclassifying. Movement of the revenue steam to a different account is consistent with the transaction. Reclassification between operating and nonoperating should be scrutinized. Consolidating. Determine whether related party or intercompany revenue is properly reported and disclosed. Extent: The analysis of revenue created by journal entries will be a determining factor. Timing: Revenue misstatement, by its nature occurs at the end of a reporting period.