Detecting Fraud Involving Senior Executive Override ... · PDF fileDetecting Fraud Involving Senior Executive Override & Collusion ... view/Catch me if you can 2. ... Fraud Involving

Risk Oversight Inc.
Detecting Fraud Involving Senior Executive Override & Collusion
Presented by Tim Leech, Managing Director, Risk Oversight Inc.
June 14, 2011

www.riskoversight.ca
Risk Oversight Inc.
2
Agenda
Management override & collusion and the Achilles heel
Why is the topic important?
External audit handicaps and enablers
Internal audit handicaps and enablers
Techniques to assess override and collusion risk
Override and collusion approach tactics
Questions

Risk Oversight Inc.
3
Management Override & Collusion and the Achilles Heel
Achilles Heel Injuries:
a) Have a male to female ratio of 20:1
b) Disproportionately impact men in their 40s and 50s
c) Often involve playing sports and/or macho behavior
d) Often involve trying to do something that, with the benefit of hindsight, was a really dumb idea
e) Are something that happen to other people not me

Risk Oversight Inc.
4
Why Is This Topic Important?
ANSWER: It is at the root of
The publics expectation gap
Sarbanes-Oxley (SOX) and other
similar laws
Billions of dollars in litigation expense to CPA firms and
corporations
A large percentage of the really big corporate
disasters

Risk Oversight Inc.
5
External Audit: Handicaps
Human nature
Contract/engagement relationships who does the auditor really work for?
Decades of playing the earnings management game
Ineffective client screening/risk assessment tools/methodologies
Audit partner and staff reward systems

Risk Oversight Inc.
6
External Audit: Handicaps
Flawed audit paradigm doesnt focus on error root-cause analysis
Litigation exposure if accounting errors are documented and analyzed but warning signs ignored
External audit staffing model junior staff do a large % of the audit work
Inadequate use of technology to detect readily available fraud warning signs

Risk Oversight Inc.
7
External Audit: Enablers
AICPA guidance Management Override of Internal Controls
Excellent
SAS 99 Drop the integrity presumption/assume fraud may be present Good Idea
SOX and SAS 99 Authoritative support to bill more time to evaluate fraud risk
July 2008 guidance Managing the Business Risk of Fraud: A Practical Guide Pretty Good

Risk Oversight Inc.
8
Internal Audit: Handicaps
Reporting lines dont bite the hand that feeds you. Many IA departments report to the CFO
IA historical track record of avoiding high-risk zones
Audit committees that want soothing assurances, not harsh truths or residual risk status reports

Risk Oversight Inc.
9
Internal Audit: Handicaps
Risk of being dead right there are more than a few do the right thing CAEs in the Internal Auditor Cemetery
IIA standards/inspections that support not looking at controversial topics or high-risk areas
IA staff who cant see fraud red flags even when smacked in the face more than once

Risk Oversight Inc.
10
Internal Audit: Enablers
SOX has forced IA to focus on ICFR and fraud
Audit committees and senior management now show more interest in identifying material weaknesses before outside auditors do
Class B (per Moody) control weaknesses increasingly linked to cost of capital, credit ratings, reserve requirements

Risk Oversight Inc.
11
Score the organizations CPI Cliff Proximity Index
Determine the outside auditors CPTI Cliff Proximity Tolerance Index
Techniques to Assess and Override & Collusion Risk

Risk Oversight Inc.
12
Calculate the odds of a wrong audit opinion
Management/Boards Integrity & Risk Tolerance ?/20
Management/Boards Knowledge of Business ?/20
Management & Auditors ICFR Effectiveness Prediction Error Rate ?/20
+
Audit Teams Knowledge/Experience/Nose/Track Record ?/20
Audit Teams Fraud Detection Skills & Tools ?/20

Risk Oversight Inc.
13
Score Managements Lies, Omissions, and Half-Truths Frequency/Magnitudes (LOHFM Index)
Determine the auditors risk tolerance to high LOHFMI scores

Risk Oversight Inc.
14
Calculate, analyze, and monitor a DIMIT rating for individual audit partners and managers
(DIMIT = Damn, I missed it)

Risk Oversight Inc.
15
Calculate a pushing the envelope score. Analyze how management approaches other areas like tax compliance, general compliance,
contract compliance, compliance with union contracts, etc.
Leopards dont change their spots

Risk Oversight Inc.
16
Override & Collusion Audit Approach Tactics
Minimize managements ability to advance a plausible deniability defense
(e.g., I had no idea this was happening, I didnt know it was wrong, etc.)
GRC technology can be used to record management/staff representations

Risk Oversight Inc.
17
Analyze in detail all audit adjustments for the past 5 years and determine which category each adjustment should be assigned to:
1. Intent/In plain view/Catch me if you can
2. Intent/Deception/I can fool the auditor
3. Reckless/Negligent
4. Knowledge deficient/Know what they didnt know
5. Knowledge deficient/Dont know what they didnt know
6. Others? More research required

Risk Oversight Inc.
18
Provide all audit team members with deception-detection skills training

Risk Oversight Inc.
19
Call for and financially support research to
better understand the root causes internal
and external audit failure.
The major problem currently is that few
organizations, including the IIA and AICPA,
are doing much in this area.

Risk Oversight Inc.
20
Don't tip toe around when discussing ethics and fraud.
Have frank, candid discussions with management and the audit committee on all issues where the company and the auditor and auditors firm are, or may be, approaching the edge of the cliff

Risk Oversight Inc.
21
Good Luck!
Luck plays a big part dodging fatal bullets

Risk Oversight Inc.
22
Questions

Documents

Detecting Fraud Involving Senior Executive Override ... · PDF fileDetecting Fraud Involving Senior Executive Override & Collusion ... view/Catch me if you can 2. ... Fraud Involving