If you can't read please download the document
Upload
phamthuan
View
223
Download
1
Embed Size (px)
Citation preview
Risk Oversight Inc.
Detecting Fraud Involving Senior Executive Override & Collusion
Presented by Tim Leech, Managing Director, Risk Oversight Inc.
June 14, 2011
www.riskoversight.ca
Risk Oversight Inc.
2
Agenda
Management override & collusion and the Achilles heel
Why is the topic important?
External audit handicaps and enablers
Internal audit handicaps and enablers
Techniques to assess override and collusion risk
Override and collusion approach tactics
Questions
www.riskoversight.ca
Risk Oversight Inc.
3
Management Override & Collusion and the Achilles Heel
Achilles Heel Injuries:
a) Have a male to female ratio of 20:1
b) Disproportionately impact men in their 40s and 50s
c) Often involve playing sports and/or macho behavior
d) Often involve trying to do something that, with the benefit of hindsight, was a really dumb idea
e) Are something that happen to other people not me
www.riskoversight.ca
Risk Oversight Inc.
4
Why Is This Topic Important?
ANSWER: It is at the root of
The publics expectation gap
Sarbanes-Oxley (SOX) and other
similar laws
Billions of dollars in litigation expense to CPA firms and
corporations
A large percentage of the really big corporate
disasters
www.riskoversight.ca
Risk Oversight Inc.
5
External Audit: Handicaps
Human nature
Contract/engagement relationships who does the auditor really work for?
Decades of playing the earnings management game
Ineffective client screening/risk assessment tools/methodologies
Audit partner and staff reward systems
www.riskoversight.ca
Risk Oversight Inc.
6
External Audit: Handicaps
Flawed audit paradigm doesnt focus on error root-cause analysis
Litigation exposure if accounting errors are documented and analyzed but warning signs ignored
External audit staffing model junior staff do a large % of the audit work
Inadequate use of technology to detect readily available fraud warning signs
www.riskoversight.ca
Risk Oversight Inc.
7
External Audit: Enablers
AICPA guidance Management Override of Internal Controls
Excellent
SAS 99 Drop the integrity presumption/assume fraud may be present Good Idea
SOX and SAS 99 Authoritative support to bill more time to evaluate fraud risk
July 2008 guidance Managing the Business Risk of Fraud: A Practical Guide Pretty Good
www.riskoversight.ca
Risk Oversight Inc.
8
Internal Audit: Handicaps
Reporting lines dont bite the hand that feeds you. Many IA departments report to the CFO
IA historical track record of avoiding high-risk zones
Audit committees that want soothing assurances, not harsh truths or residual risk status reports
www.riskoversight.ca
Risk Oversight Inc.
9
Internal Audit: Handicaps
Risk of being dead right there are more than a few do the right thing CAEs in the Internal Auditor Cemetery
IIA standards/inspections that support not looking at controversial topics or high-risk areas
IA staff who cant see fraud red flags even when smacked in the face more than once
www.riskoversight.ca
Risk Oversight Inc.
10
Internal Audit: Enablers
SOX has forced IA to focus on ICFR and fraud
Audit committees and senior management now show more interest in identifying material weaknesses before outside auditors do
Class B (per Moody) control weaknesses increasingly linked to cost of capital, credit ratings, reserve requirements
www.riskoversight.ca
Risk Oversight Inc.
11
Score the organizations CPI Cliff Proximity Index
Determine the outside auditors CPTI Cliff Proximity Tolerance Index
Techniques to Assess and Override & Collusion Risk
www.riskoversight.ca
Risk Oversight Inc.
12
Techniques to Assess and Override & Collusion Risk
Calculate the odds of a wrong audit opinion
Management/Boards Integrity & Risk Tolerance ?/20
Management/Boards Knowledge of Business ?/20
Management & Auditors ICFR Effectiveness Prediction Error Rate ?/20
+
Audit Teams Knowledge/Experience/Nose/Track Record ?/20
Audit Teams Fraud Detection Skills & Tools ?/20
www.riskoversight.ca
Risk Oversight Inc.
13
Techniques to Assess and Override & Collusion Risk
Score Managements Lies, Omissions, and Half-Truths Frequency/Magnitudes (LOHFM Index)
Determine the auditors risk tolerance to high LOHFMI scores
www.riskoversight.ca
Risk Oversight Inc.
14
Techniques to Assess and Override & Collusion Risk
Calculate, analyze, and monitor a DIMIT rating for individual audit partners and managers
(DIMIT = Damn, I missed it)
www.riskoversight.ca
Risk Oversight Inc.
15
Techniques to Assess and Override & Collusion Risk
Calculate a pushing the envelope score. Analyze how management approaches other areas like tax compliance, general compliance,
contract compliance, compliance with union contracts, etc.
Leopards dont change their spots
www.riskoversight.ca
Risk Oversight Inc.
16
Override & Collusion Audit Approach Tactics
Minimize managements ability to advance a plausible deniability defense
(e.g., I had no idea this was happening, I didnt know it was wrong, etc.)
GRC technology can be used to record management/staff representations
www.riskoversight.ca
Risk Oversight Inc.
17
Override & Collusion Audit Approach Tactics
Analyze in detail all audit adjustments for the past 5 years and determine which category each adjustment should be assigned to:
1. Intent/In plain view/Catch me if you can
2. Intent/Deception/I can fool the auditor
3. Reckless/Negligent
4. Knowledge deficient/Know what they didnt know
5. Knowledge deficient/Dont know what they didnt know
6. Others? More research required
www.riskoversight.ca
Risk Oversight Inc.
18
Override & Collusion Audit Approach Tactics
Provide all audit team members with deception-detection skills training
www.riskoversight.ca
Risk Oversight Inc.
19
Override & Collusion Audit Approach Tactics
Call for and financially support research to
better understand the root causes internal
and external audit failure.
The major problem currently is that few
organizations, including the IIA and AICPA,
are doing much in this area.
www.riskoversight.ca
Risk Oversight Inc.
20
Override & Collusion Audit Approach Tactics
Don't tip toe around when discussing ethics and fraud.
Have frank, candid discussions with management and the audit committee on all issues where the company and the auditor and auditors firm are, or may be, approaching the edge of the cliff
www.riskoversight.ca
Risk Oversight Inc.
21
Good Luck!
Luck plays a big part dodging fatal bullets
Detecting Fraud Involving Senior Executive Override & Collusion
www.riskoversight.ca
Risk Oversight Inc.
22
Questions
Detecting Fraud Involving Senior Executive Override & Collusion