In this blog, we're going to talk about the Fraud Action Statement, the "what" part of the Fraud Risk Statement, but first the answers to the fraud trivia from the last blog:
What was the first recorded financial collapse? Medici Bank went insolvent in 1494 due to extensive spending. Check out Business Insider’s List of the worst company collapses in history.
Who coined the phrase “White Collar Crime”? Criminologist Edwin Sutherland created the phrase in the 1930s
.Name a CEO of a publicly traded company that lied about their credentials. You may be surprised how many there are.
I selected David Edmondson of Radio Shack. In January 2005, shortly after RadioShack announced that Edmondson would be taking over as CEO, he was arrested in Southlake, Texas, for driving while intoxicated, his third such charge. Edmondson pleaded guilty and was sentenced to 30 days in jail. The incident prompted the Fort Worth Star-Telegram to begin looking more closely at his past. Source Wiki.
Name a CEO who committed a material asset misappropriation scheme. Hint: There may be more than you think. Parmalat, Polly Peck, Tyco plus all the Ponzi schemes.
Name a college football head coach that never played football. George O’Leary, who coached Notre Dame for five days, stated in his resume that he received three letters for playing football. However, the college records showed he never played football. Source NY Times.
What is the relevance of these questions? Professional skepticism is more than just a state of mind, it requires corroboration of the facts, regardless of who is making the statement.
Fraud Action Statement - The “what” of a fraud scheme
In setting up a fraud audit, we’ve discussed developing the Fraud Risk Statement. This includes the person committing the fraud. The next part is the Fraud Action Statement, an act committed by the person committing the Fraud Risk Statement. The Fraud Action Statement is “what” the person is doing rather than “how” the person is committing the fraud scheme.
In writing the fraud action section of the fraud risk statement, you will need to decide if you want to be high-level or very specific. Regardless of what you choose, your knowledge of the fraud action should be very specific. I think sometimes it is easier to illustrate the concept than try to explain the concept, so let’s look at the expenditure cycle to illustrate the concept of a generic-level description of the fraud action rather than a detailed description of the Fraud Action Statement. Within the expenditure cycle we will use product substitution to illustrate the concept:
First, product substitution refers to the knowing and willful replacement of something, without the purchaser's knowledge or consent. Follow the step-down process starting with a generic description of the Fraud Action Statement to the eventual specific description. We will look at four levels from the most general to the most specific.
Highest (generic) level: Vendor overbills the company.
Second level: Vendor commits a product substitution scheme.
Third level, perpetrated by supplier:
Fraud Risk Statement: Supplier alone (or in collusion with an internal person) commits a product substitution scheme (or provided expired goods) resulting in warranty issues (or internal person receives a bribe for accepting expired goods).
This could be a
- Fitness issue
- Knock off products
- Obsolete or expired products
- Used, surplus, or outdated materials or components
- Materials that do not conform to contract requirements
Third level, perpetrated by the manufacturer:
Fraud Risk Statement: Manufacturer alone intentionally misstates facts about the composition of their goods resulting in potential legal liabilities costs.
This could include
- Chemical composition
- Country of origin
- False testing statements
- False specifications
Third level, perpetrated by a counterfeiter
Fraud Risk Statement: Counterfeiter sells to your company mislabeled refurbished components resulting in damages to company reputation.
This could include:
- Parts that do not contain the proper internal construction (die, manufacturer, wire bonding, etc.) consistent with the ordered part
- Parts that have been used, refurbished, or reclaimed, but represented as a new product.
- Parts that have a different package style or surface plating/finish than the ordered parts.
- Parts sold with modified labeling or markings intended to misrepresent the part’s form, fit, function, or grade.
Fourth level, expenditure specific
Fraud risk statement and expenditure specific.
I would argue that even at the most detailed level, the relevance of the statement needs to coincide with your expenditure area. Think how your fraud risk statement would change if your expenditure was construction compared to food or more specifically, seafood?
Also, think about how your Fraud Risk Statement would change at this level if you changed the person committing the scheme. How is it different if that person is the receiver or senior manager and acts alone or in collusion?
Let’s assume you are preparing a Fraud Risk Assessment for the purchase of seafood. The following examples illustrate a more specific Fraud Risk Statement.
- Supplier operating alone mislabels seafood that has been farm-raised as wild catch resulting in potential reputation risk.
- Fisherman (Manufacturer) mislabels sea bass or snapper when the actual fish is a less desirable fish resulting in an intentional product substitution scheme.
- Restaurant or grocery store intentionally mislabels a less desirable fish such as sea bass or snapper resulting in mischarging of consumers.
Why, you may ask, did I select sea bass or snapper? Current studies indicate that these two fish may have a mislabeling rate as high as 70%. Knowledge of the product enhances the fraud auditor’s ability to create a fraud risk statement that tells the fraud auditor what to look for and how to create specific red flags.
Fraud Risk Statement and Sophistication of Concealment
The Fraud Risk Statement does not specifically state the concealment strategy but certainly infers the concealment strategy. If you think about the preceding examples, they infer that by using a white fish, the end user will not be able to distinguish between the sea bass and the less desirable fish.
Take the first example for instance. Since the label on the box indicates wild catch rather than farm-raised, the receiver will indicate that the physical item matches the purchase order. Accounting will pay the invoice because the purchase order and the receiving report indicate a positive match. The test of internal controls will indicate compliance. But would the fraud auditor be fooled? You will need to ask that question of yourself.
So, at what level should you write your fraud risk statement?
It is not for me to say. I would like you to draw your own conclusions. The factors that I would look for are:
- Experience of the auditor
- Knowledge of the core business system.
- Knowledge of the industry
- Knowledge of the products your company is purchasing or selling
- Purpose of the audit. Are you testing internal controls or searching for fraud in your core business systems?
Developing these skills and obtaining knowledge is how we will make audit the number one reason for fraud detection. Next month we will elaborate on how to create fraud risk statements using the payroll core business system.
- What was the biggest corporate lawsuit settlement?
- Excluding the biggest lawsuit, what is the aggregate dollar value of the next 10 largest corporate settlements?
- What is a stockholder derivate lawsuit?
- Are banks being sued for how they administered the first-come-first-serve provision of the PPP Loan program?
- What cost Walmart more money to settle the FCPA allegations? Fines & penalties or forensic accounting and legal fees?
- Are lawsuits an indicator or weak internal controls? (This is an opinion question rather than a fact statement).