This article was written on September 11th 2016. It has now been 15 years since the attacks of September 11, 2001, but the memory of this day will never be forgotten by billions of people across the globe.
The 9/11 events were a vivid example of the fact that without financing, terrorism is impossible. After the tragic events from that day, a number of countries, and especially the US (with CIA and FBI on board) began developing procedures and mechanisms that will help them find grey or black financing, in an attempt to stop new threats in the world. Supported by the American Patriot Act, these services were made possible, on two governmental levels – forensic audit was developed within national authorities and on courts level. This is when the word “forensic” in auditing and accounting terminology was born. The word ‘forensic’ has an ancient history and originated from the tribunes of Rome where Cesare brought criminals to the public Forum for them to get justice. US authorities were making good progress, however not every country was as when it came to developing the discipline. The first professional group that was interested in forensic accounting and auditing was the Certified Public Accountant (CPA).
Initially, Belgium was not a leader in the field, as for a long time CPA believed that it was not their responsibility to investigate fraud. There was only a number of frauds that were meant to be communicated to the management team, the shareholders and only in certain cases, to the official authorities. CPA was not expected to play the role of a detective in Belgium and conduct any investigations in companies and organisations.
Meanwhile, many enterprises realised that 75% of all fraudulent activities were committed by internal people. It was discovered that a simple solution to these problems could be conducting a forensic audit and appointing a forensic auditor who, in cooperation with other employees in the company, will establish a procedure aimed at avoiding fraudulent activities internally. The shareholders in a company have certain expectations from CPA which means that there’s a lot of pressure on the forensic auditor when it comes to meeting these expectations. Naturally, fraudulent activities are complex; not only from a professional point of view, but in certain cases, from a legal perspective too. It would be unachievable for CPA to systematically control every transaction and it would be unachievable for the forensic auditor to read every email exchanged between employees of the company, for example, as this would be considered as an invasion of their private sphere. Forensic auditing and accounting is based on fraudulent activities or suspicions of that kind.
What is understood under “Fraud”? The Oxford Dictionary defines it as “Wrongful or criminal deception intended to result in financial or personal gain”. Fraud is therefore a business risk. So what are Forensic accountancy and audit related to?
Let’s turn our attention to External Audit, Internal audit, criminal audit and compliance audit. External audit is organised by an official body who needs to certify the correctness of financial statements of a company. The CPA’s main activities are to organise external audits. Internal audit is done by the company’s department, based on instructions by the management team and often, by the audit committee. Not every company is large enough to have its own internal auditor or internal audit team, so this could also be organised by a certified association (external) or a member of the finance department, preferably by a controller (internal). The internal auditing communicates via the audit committee with the CPA. Two important Institutes that are committed to this job are the Institute of Internal Auditors (IIA) and the European Confederation of Internal Auditing (ECIIA). Without the active involvement of the internal audit process, it is difficult to see how the Board of Directors, or equivalent body, can gather sufficient objective information to carry out its stewardship function, be aware of the risks of fraud or report effectively on internal control”. Criminal audit is using the methodologies and techniques from financial auditing that are adapted for fighting against organised crime. This technical domain is inspired by criminal law. During a compliance audit, the auditor investigates if the organisation is compliant with all applied laws and regulations.
Furthermore, non-financial issues can also influence the profitability of the company. Therefore, fraud in relation to non-financial issues is also part of the Forensic audit spectrum. Subjects as Corporate Social Responsibility, Corporate Governance, Risk Management and respect of Ethical Codes are the fundamentals of non-financial issues. A better reputation of the organisation is more trustworthy to the public and it increases profit, while also helping create better management of the company risks and opportunities.
Sustainable business was an issue that Belgian enterprises have been communicating to the public, while promising higher profits, better image, better relationship to quality management, better motivation of its personnel, competitive advantage etc. Fraud is seen like a dark cloud over an organisations, so it is vital that key employees are monitored regularly to avoid potential risks and the management team of each company needs to have a procedure for updating the monitoring processes. Specific attention should be given to promotion, evaluation and bonus systems and employees who could easily access financial data to obtain their bonus targets.
Every company’s management team needs to have a crisis plan when it comes to fraudulent activities which could potentially help limit the consequences of the fraud. Each sector has its own weaknesses, so fraud must be focussed on the activity of the company in the micro chain. The areas on which managers need to focus are numerous – insurance fraud, telecom fraud, computer fraud, credit card fraud, tax fraud.
‘The Fraud triangle’ is a framework often mentioned in literature, which is designed to explain the reasoning behind a worker’s decision to commit workplace fraud. The three stages that it includes are the pressure on the individual, the opportunity to commit fraud and the ability to rationalise the crime.
An increased focus is placed on training experts in forensic accountancy in several academic and professional institutions in Belgium. The Antwerp Management School has their own post-graduate programme in Forensic Auditing and the Institute of Forensic Auditors offers a programme for registered forensic auditors.
The following examples of conditions or events which increase the risk of fraud or error (see ISA 240 “Fraud and Error” and IFAC) could be helpful when identifying potential fraud or intentional misstatement:
- Management is dominated by one person (or a small group) and there is no effective oversight board or committee.
- There is a complex corporate structure where complexity does not seem to be warranted.
- There is a continuing failure to correct major weakness in internal controls where such corrections are practicable.
- There is a high turnover rate of key accounting and financial personnel.
- There is a significant and prolonged understaffing of the accounting department.
- There are frequent changes of legal counsel or auditors.
- The industry is declining and failures are increasing.
- There is an inadequate working capital due to declining profits or expansion that’s too rapid.
- The quality of earnings is deteriorating, for example, increased risk taking with respect to credit sales, changes in business practice or selection of accounting policy alternatives that improve income.
- The entity needs a rising profit trend to support the market price of its shares due to a contemplated public offering, a takeover or other reason.
- The entity is heavily dependent on one or a few products or customers.
- Financial pressure on top managers.
- Pressure is exerted on accounting personnel to complete financial statements in an unusually short time period.
- Unusual transactions, especially near the year-end, that have a significant effect on earnings.
- Complex transactions or accounting treatments.
- Transactions with related parties.
- Payment for services (for example, to lawyers, consultants or agents) that appear excessive in relation to the services provided.
- Inadequate records, for example, incomplete files, excessive adjustments to books and accounts, transactions not recorded in accordance with normal procedures and out of balance control accounts.
- Inadequate documentation of transactions, such as lack of proper authorization, supporting documents not available and alterations to documents (any of these documentation problems assume greater significance when they relate to large or unusual transactions).
- An excessive number of differences between accounting records and third party confirmations, conflicting audit evidence and unexplainable changes in operating ratios.
- Evasive or unreasonable responses by management to audit inquiries.
- Inability to extract information from computer files due to lack of, or non-current, documentation of record contents or programs.
- Large numbers of programme changes that are not documented, approved and tested.
- Inadequate overall balancing of computer transactions and databases to the financial accounts.
Fraudulent activities are situated in the smaller details of activities. A good knowledge of possible risks in relation to operations within the company is an absolute must-have, in order to discover all activities that can potentially lead to fraud.
Now let’s turn our attention to an actual example of a Belgian company where fraud was identified during monitoring the sales and treasury process that led to material misstatement. It was the case of a company distributing bouquets of fresh flowers to supermarkets where the purchase manager’s task is to explore options for produce in Europe and mainly in the Netherlands. The plants that the company is interested in buying are typically coming from small firms and family businesses which makes it easy to build a relationship with the owner. During the first year, the purchase manager’s work resulted in a high turnover, even though for the distributor, this represented a small percentage of the company’s purchase portfolio. Consequently, the company developed a dependency on these companies and their produce. After a certain period of time, the purchase manager started negotiating prices with one of the owners that he was purchasing plants from, who realised that now his turnover is very dependent on this client. He realised that thigh prices could harm the business and agreed to lower the prices with 10%. The purchase manager decided to split up these 10% into 6% that will go to the distributor and 4% to be paid to his offshore company. The distributor was satisfied with the fact that the purchase manager has managed to negotiate and lower the prices, without asking further questions. The sales manager then decided to reward the purchase managers of the supermarkets (by offering them restaurant vouchers, etc.) in order to obtain inside information from him so that he is aware of competitors prices and so on. As the distributor was making a lot of profits, the purchase manager introduced a system of offshore commissions to be paid in order to lower the taxes that he pays. As the purchase manager had his commission in his offshore company, started paying private local expenses with his offshore company’s credit card, which is an easy way to launder your money. The owner of the distributing company applied for a back-to-back loan with the bank in order to use the laundered money for legal business. That way, the distributor pays interest to the bank, which pays interest to the offshore company. And finally, the flowers that haven’t been sold were coming back to the distributor who was meant to get rid of the flowers, which in fact were sold to small shops’ owners who paid in cash.
This example highlights that different fraudulent activities were performed by a number of individuals working for the company.
In the case of the slightest doubts, the forensic auditor is the right man to assist. Fraud is a complex phenomenon and CFA’s guidance would be vital in clarifying the monitoring processes, identifying possible risks and opportunities for fraud, installing detecting mechanisms and looking for problem-solving solutions.