Detecting Fraud Involving Senior Executive Override & Collusion

Transcription

1 Detecting Fraud Involving Senior Executive Override & Collusion Presented by Tim Leech, Managing Director, Risk Oversight Inc. June 14, 2011

2 Agenda Management override & collusion and the Achilles heel Why is the topic important? External audit handicaps and enablers Internal audit handicaps and enablers Techniques to assess override and collusion risk Override and collusion approach tactics Questions 2

3 Management Override & Collusion and the Achilles Heel Achilles Heel Injuries: a) Have a male to female ratio of 20:1 b) Disproportionately impact men in their 40s and 50s c) Often involve playing sports and/or macho behavior d) Often involve trying to do something that, with the benefit of hindsight, was a really dumb idea e) Are something that happen to other people not me 3

4 Why Is This Topic Important? ANSWER: It is at the root of The public s expectation gap Sarbanes-Oxley (SOX) and other similar laws A large percentage of the really big corporate disasters Billions of dollars in litigation expense to CPA firms and corporations 4

5 External Audit: Handicaps Human nature Contract/engagement relationships who does the auditor really work for? Decades of playing the earnings management game Ineffective client screening/risk assessment tools/methodologies Audit partner and staff reward systems 5

6 External Audit: Handicaps Flawed audit paradigm doesn t focus on error root-cause analysis Litigation exposure if accounting errors are documented and analyzed but warning signs ignored External audit staffing model junior staff do a large % of the audit work Inadequate use of technology to detect readily available fraud warning signs 6

7 External Audit: Enablers AICPA guidance Management Override of Internal Controls Excellent SAS 99 Drop the integrity presumption/assume fraud may be present Good Idea SOX and SAS 99 Authoritative support to bill more time to evaluate fraud risk July 2008 guidance Managing the Business Risk of Fraud: A Practical Guide Pretty Good 7

8 Internal Audit: Handicaps Reporting lines don t bite the hand that feeds you. Many IA departments report to the CFO IA historical track record of avoiding high-risk zones Audit committees that want soothing assurances, not harsh truths or residual risk status reports 8

9 Internal Audit: Handicaps Risk of being dead right there are more than a few do the right thing CAEs in the Internal Auditor Cemetery IIA standards/inspections that support not looking at controversial topics or high-risk areas IA staff who can t see fraud red flags even when smacked in the face more than once 9

10 Internal Audit: Enablers SOX has forced IA to focus on ICFR and fraud Audit committees and senior management now show more interest in identifying material weaknesses before outside auditors do Class B (per Moody) control weaknesses increasingly linked to cost of capital, credit ratings, reserve requirements 10

11 Techniques to Assess and Override & Collusion Risk Score the organization s CPI Cliff Proximity Index Determine the outside auditor s CPTI Cliff Proximity Tolerance Index 11

12 Techniques to Assess and Override & Collusion Risk Calculate the odds of a wrong audit opinion Management/Board s Integrity & Risk Tolerance?/20 Management/Board s Knowledge of Business?/20 Management & Auditor s ICFR Effectiveness Prediction Error Rate?/20 + Audit Team s Knowledge/Experience/Nose/Track Record?/20 Audit Team s Fraud Detection Skills & Tools?/20 12

13 Techniques to Assess and Override & Collusion Risk Score Management s Lies, Omissions, and Half-Truths Frequency/Magnitudes ( LOHFM Index ) Determine the auditor s risk tolerance to high LOHFMI scores 13

14 Techniques to Assess and Override & Collusion Risk Calculate, analyze, and monitor a DIMIT rating for individual audit partners and managers (DIMIT = Damn, I missed it) 14

15 Techniques to Assess and Override & Collusion Risk Calculate a pushing the envelope score. Analyze how management approaches other areas like tax compliance, general compliance, contract compliance, compliance with union contracts, etc. Leopards don t change their spots 15

16 Override & Collusion Audit Approach Tactics Minimize management s ability to advance a plausible deniability defense (e.g., I had no idea this was happening, I didn t know it was wrong, etc.) GRC technology can be used to record management/staff representations 16

17 Override & Collusion Audit Approach Tactics Analyze in detail all audit adjustments for the past 5 years and determine which category each adjustment should be assigned to: 1. Intent/In plain view/catch me if you can 2. Intent/Deception/I can fool the auditor 3. Reckless/Negligent 4. Knowledge deficient/know what they didn t know 5. Knowledge deficient/don t know what they didn t know 6. Others? More research required 17

18 Override & Collusion Audit Approach Tactics Provide all audit team members with deception-detection skills training 18

19 Override & Collusion Audit Approach Tactics Call for and financially support research to better understand the root causes internal and external audit failure. The major problem currently is that few organizations, including the IIA and AICPA, are doing much in this area. 19

20 Override & Collusion Audit Approach Tactics Don't tip toe around when discussing ethics and fraud. Have frank, candid discussions with management and the audit committee on all issues where the company and the auditor and auditor s firm are, or may be, approaching the edge of the cliff 20

21 Detecting Fraud Involving Senior Executive Override & Collusion Good Luck! Luck plays a big part dodging fatal bullets 21

22 Detecting Fraud Involving Senior Executive Override & Collusion Questions 22