Foley & Lardner Attorneys Guide to Spotting Financial Distortions

8/10/2019 Foley & Lardner Attorneys Guide to Spotting Financial Distortions

1/26

Spotting Financial Distortions:A Primer for Attorneys

The Web Conference Series For Corporate Counsel

January 17, 2007

To ask a question using thequestion pane Enter your question into the text area and click Ask.

The presenter will address your question shortly.


2/26

To answer a polling question:

When a poll is posted Click the radio button next to your response choice.

Need assistance?Contact Live Meeting Customer Support

US / Canada: 1-800-893-8779

International: +1.971-544-3222

Toll Free International: 00.800.9522.3000

Email: [email protected]

Web: www.livemeeting.com/support


3/26

Addressing TrendsSharing Solutions

2006 Year in Review book coming in January

Todays summary in March InsideCounsel

Advance copy for todays participants

Todays Moderator

Robert Vosper

Editor, InsideCounsel

InsideCounsel is the leading publicationexclusively for general counsel andother in-house counsel

Editorial mission be the business and

management tool for the corporatelegal department

Dedicated to the exploration of therelationship between in-house counseland the law firms that serve them


4/26

Todays Presenters

Mark PlichtaSenior Counsel, Foley & Lardner LLP

Member of Transactional & SecuritiesPractice Area

Practice covers mergers &acquisitions, and general corporatebusiness law

Regularly counsels publicly heldcompanies regarding compliancematters

Todays Presenters

James PajakowskiManaging Director, Protiviti Inc.

Member of Protivitis Global Business RiskServices Group

Focuses on financial Investigations &Litigation Consulting practice, e-Discoveryand Data Forensics Consulting, Sarbanes-Oxley Compliance Consulting, Financial

Risk Consulting, and Operational RiskConsulting Experience includes audit services,

business process improvementconsulting, enterprise risk managementprojects


5/26

Spotting Financial Distortions:A Primer for Attorneys

The Web Conference Series For Corporate Counsel

January 17, 2007

Discussion Topics

SOX: Results so far

Recent fraud statistics

Identification and detection techniques

Common fraud scenarios

Client considerations

Protivitis 2007 Fraud Risk Management Survey

Accounting issues to watch in 2007

Areas of focus / key take-aways


6/26

Results So Far SOX 404 Compliance

Results for Year 1 filers (through May 30, 2006): Almost 3,600 filed internal control reports

Over 580 companies, or 16.2 percent, reported materialweaknesses

Results for Year 2 filers (through May 30, 2006): Over 2,900 companies filed internal control reports

215 ( 7.4%) reported material weaknesses

While over 16% of companies subject to Section 404 disclosed

internal control weaknesses in their first year of reporting,more than half of these companies reported in Year 2 that theyhad corrected them.

Year 1 and Year 2 Section 404Disclosure Stats


7/26

How many financial restatements has your

organization experienced within the last three

years?

One

Two

Three

Four or more

Live Meeting Poll

Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu.

Results So Far Restatement Activity

0

200

400

600

800

1000

1200

1400

1600

1800

2000

2001 2002 2003 2004 2005 2006

(forecasted)

Source: Audit Analytics.com April 25 and June 9, 2006


8/26

Results So Far Restatement Activity(contd)

The number of restatements is expected to increase in 2006compared to 2005, however this increase is being driven bysmaller companies.

Large audit firms clients were responsible for 65% of therestatements in 2005, however they were associated with lessthan half of public company restatements in the first half of2006.

Meanwhile smaller auditing firms clients share of

restatements has more than doubled, with 497 restatements inthe first half of 2006 compared to 185 restatements in the firsthalf of 2005.

History of Restatements


9/26

History of Restatements (contd)

History of Restatements (contd)


10/26

Wall Street Journal May 8, 2006

Tracking the Numb ers Outside Audit:

Checks on Internal Control Pay O ff

27.7%

Down5.7%

25.7%

Russell 3000

share index

17.7%

Companies that

reported no

internal-controlweaknesses in

2004 or 2005

Companies

reporting

internal-controlweaknesses in

2004, but no

weakness in 2005

Companies reporting

internal-controlweaknesses in both

2004 and 2005

Regulation

PaysShare price performance

of companies complying

with internal-control rules

called for under the

Sarbanes-Oxley Act *

* From March 31, 2004 to March 31, 2006

Does SOX Have A Positive Impact onCompanies?

Securities Fraud Class ActionsDecreased in 2006

In 2006, securities fraud class actions decreasedby 38%, whileallegations of specific accounting irregularities in filedcomplaints increased

Cases involving other accounting irregularities dramaticallyincreased almost 50% related to stock-option issuances

Total Disclosure Dollar Loss was $52B in 2006 - a 44%decrease from 2005 (i.e., market capitalization losses at end of

class period, typically time of disclosure of alleged fraud)

Maximum Dollar Loss fell from $362B in 2005 to $294B in2006 (i.e., shareholder losses measured by largestcapitalization decline experienced during class period


11/26

Securities Fraud Class ActionsDecreased in 2006 (contd)

Three contributing factors cited:

Strengthened federal enforcement environment /pressure on companies to conduct internalinvestigations that implicate individual executivesresponsible for fraud

Strong stock market combined with lower stockprice volatility

Majority of securities fraud class actions filed inlate 1990s-early 2000s are behind us

Recent Fraud Statistics


12/26

Three Perspectives on Fraud Blacks Law Dictionary defines fraud as:

All means by which one individual can get an advantage over another byfalse suggestions or suppression of the truth. It includes all surprise, trick,cunning or dissembling, and any unfair way by which another is cheated.

Institute of Internal Auditors defines fraud as: Any illegal acts characterized by deceit, concealment or violation of

trust. These acts are not dependent upon the application of threat ofviolence or of physical force. Frauds are perpetrated by parties andorganizations to obtain money, property or services; to avoid payment orloss of services; or to secure personal or business advantage.

Statement on Auditing Standards No. 99 (SAS 99) defines fraud as: An intentional act that results in a material misstatement in financial

statements that are the subject of an audit. Two types of misstatements arerelevant to the auditors consideration of fraud: (1) fraudulent financialreporting and (2) misappropriation of assets.

Common Types of Financial Fraud

Asset Misappropriation (91.5%) $150,000 median loss

Corruption (30.8%) $538,000 median loss

Fraudulent Financial Statements (10.6%)

Most costly, median losses of $2 million per scheme

Note: The sum of percentages in this chart exceeds 100% because a number of cases involvedmultiple schemes that fell into more than one category.

Source: Association of Fraud Examiners 2006 Report to the Nation


13/26

Note: Total exceeds 100% because some survey participants cited more than one

method for initial discovery of the frauds


Who Discovers Fraud?

Tips (34.2%)

By accident (25.4%)

Internal Audit (20.2%)

Internal controls (19.2%)

External Audit (12%)

Notification by law enforcement (3.8%)

Occupational Frauds Based On Industry Sorted By Frequency

MiningAgriculture, Fishing and HuntingCommunications/PublishingArts, Entertain. and Recreation

Transportation and Warehousing

Wholesale TradeReal Estate

Oil and GasUtilitiesConstructionService (professional, scientific or technical)Service (general)

EducationRetailInsuranceHealth Care

Manufacturing

Government and Public Admin

Banking/Financial Services

Industry

$17,000,0001$71,0008

$225,00016$175,00022

$109,00027

$1,000,00030$200,00030

$154,00032$124,00034$500,00035$300,00058$163,00060

$100,00073$80,00075

$100,00078$160,00089

$413,000101

$82,000119

$258,000148

Median Loss# Cases



14/26

Examples include:

Embezzlement

Theft of Company Property

T&E Fraud

Vendor Kickbacks

Diversion of CorporateOpportunities

Unauthorized Use of Property

Who Benefits from Fraud? Management Fraud Acts where the

principal benefits of the act are

derived by the company

Employee Fraud Acts where the


derived by the individual

Third Party Fraud Acts where the


derived by an entity outside the

organization

Examples include: Financial Statement Fraud Bribery Price Fixing Contract Bidding Fraud

Examples include:

Duplicate Invoices

Altered Payee on Checks

Commission Schemes

Related Party Transactions

Supplier Fraud

Contractor Fraud

Whos Involved in Fraudulent Acts?

2.6%2.2%1.6%N/A1%Board of Directors

31.8%14.9%57.4%43%31%Accounting

34.4%27.9%26.4%17.8%25.7%Executive / UpperManagement

1.9%

13.8%

1.1%

5.6%

6.3%

6.3%

1.9%

3.3%

N/A

2.6%

4.5%

7.8%

Corruption

0.6%N/A0.9%3.3%Information Technology

1.9%4.7%5.6%3.8%Finance

3.9%4.7%11.2%4.8%Customer Service

N/A

18.7%

N/A

N/A

0.9%

1.9%

N/A

N/A

N/A

Cash Larceny

2.4%

7.6%

1.9%

7.1%

3.3%

5.2%

1.4%

1.4%

N/A

BillingSchemes

ExpenseReimbursement

CheckTamperingDepartment

0.6%N/AInternal Audit

N/AN/AWarehousing / Inventory

14.3%3.1%Sales

2.6%N/AResearch & Development

0.6%0.8%Purchasing

1.9%N/A

Marketing / Public

Relations

1.3%0.8%Manufacturing &Production

1.9%N/ALegal

1.3%0.8%Human Resources



15/26

Whos Involved in Fraudulent Acts? (contd)

N/A1.4%1%1.1%3.1%Board of Directors

25%42.4%47.6%11.1%17.3%Accounting

48.2%23%19.4%23.7%50%Executive / UpperManagement

N/A

19.4%N/A

2.2%

N/A

1.4%

N/A

0.7%

N/A

0.7%

0.7%

7.9%

Skimming

N/AN/A4.2%N/AInformation Technology

12.5%1%3.2%8.2%Finance

5.4%9.7%12.1%1%Customer Service

7.9%

17.4%2.6%

4.2%

1.6%

8.9%

0.5%

1.6%

N/A

Non-CashMisappropriations

1%

11.2%N/A

3.1%

1%

1%

2%

1%

N/A

FinancialStatement

Fraud

Wire TransferSchemes

PayrollSchemesDepartment

N/AN/AInternal Audit

N/A1%Warehousing / Inventory

7.1%5.8%SalesN/A3.9%

Research &

Development

N/AN/APurchasing

1.8%1%Marketing / PublicRelations

N/A3.9%Manufacturing &Production

N/A2.9%Legal

N/A2.9%Human Resources


Identification and Detection


16/26

Typical Factors - Intentional FinancialDistortions

Incentive / Pressure

Rationaliz

ation O

pportu

nity

Preve

nt

Deter

Detect

Eva

luate

Mitigate

Monitor

Typical Factors - Unintentional FinancialDistortions

Pressure

Complexity C

apacity

Preve

nt

Deter

Detect

Eva

luate

Mitigate

Monitor


17/26

Common Fraud Scenarios:Excerpt of Potentially Material Frauds

Percentage-of-completionOn false estimations

CollusionTo non-existent customersRecord fictitious revenue

Recording revenue instead ofliability when cash received

Side agreements

Record revenue when:

Obligation exists to provide

future services

Buyer right-of-return

No buyer obligation-to-pay

Inability of buyer to pay

Goods dont meet buyerspecifications

Record revenue when:

Customer has options toterminate, void or delay sale

Channel stuffing

Bill and hold

Holding books open untilafter period end

Side agreements

Back-Dating salesagreements and documents

Ship goods before sale is completeRecognize unearnedrevenue

Materially overstate revenues

ExamplesFraud RiskSub-CategoryCommonFraud Scenario

Common Fraud Scenarios:Excerpts of Potentially Material Frauds (contd)

Inappropriate methods

Excessive lives

Depreciating or amortizingcosts too slowly

Bad debts

Bad loans

Excess and obsoleteinventory

Bad investments

Continuing to carry worthlessassets

Start-up costs

R&D costs

Normal period expenses

Overstating goodwill in anacquisition

Improper capitalizationShifting current periodexpenses to future periods

Materially understateexpenses

Supplier credits and rebates

Kickbacks

On receipt of vendor credits

Like-kind exchanges withintent to record a gain

Barter transactions

On exchange of similar assetsRecord fictitious revenue(contd)

Materially overstate revenues(contd)



18/26

Common Fraud Scenarios:Excerpt of Potentially Material Frauds (contd)

Hiding losses underdiscontinued operations

Misuse of discontinued operations

Mixing gains from recurringand non-recurring activities

Mingling operating and non-operating income

Restructuring charges vs.

operating expenses

Not segregating unusual and non-recurring gains/losses fromnormal operating results

Bad investments stock

Bad investments -acquisitions

Fixed assets under-performing plants, etc.

Failing to record assetimpairments to reduce to net-realizable value

Bad debts

Bad loans

Excessive and obsoleteinventory

Failing to record losscontingencies to reduce to net-realizable value

Overstating assetsMaterially misleadingpresentation of financialposition and/or results ofoperations


Ask these Questions

Where are the weakest links in the systemscontrols?

What deviations from conventional good accountingpractices are possible?

How are off-line transactions handled and who hasthe ability to authorize these transactions?

What would be the simplest way to compromise the

system? What control features in the system can be

bypassed by higher authorities? What is the nature of the work environment?


19/26

Entity Level Red Flags

Internal control gaps, deficiencies,weaknesses

Business results that continuallyoutperform expectations

Management override of controls Rapid or significant turnover of

resources Senior management Key financial positions Key employees

Inadequate segregation of duties Turnover Cut-backs / lay-offs

Unusual end-of-month or end-of-quarter variations

High-level of related-partytransactions

Systems are manual and/ordecentralized

Employee, customer or vendorcomplaints

Repeated changes of independentpublic accountants

Continuous problems with variousregulatory agencies

Significant and continuing issueswith reconciling financial

statements to underlying support

Process-Level Considerations - BeSkeptical! Always request original documents

Ask yourself whether transactions make sense (e.g. too high, low, round, often, rare)

Have documents been altered?

Look to see where the documents are maintained (e.g. are certain invoices maintainedseparately from all other invoices)

Is there a right to audit relationship with customers and vendors? (if so, have they oryou exercised that right)?

Are reconciliations of underlying data to summaries (bank recs, A/R, A/P) alwaysdelayed or do they always involve significant and conflicting reconciling items?

Do employees have close personal relationships with vendors?

Is there a lack of supporting documentation?

Do background checks on employees and vendors identify related parties and DBAs?

Does an answer not make sense?

Are you avoided more than usual?

When asking a relatively simple question, are you unexpectedly referred to someonehigh up in the organization?

Go with your gut


20/262

Monitor Fraud Risk with Computer-Assisted Audit Techniques

Search for duplicate payments

Analyze voids and refunds by employee, usingpasswords or employee ID numbers

Search for duplicate addresses within files: Payroll,Vendor, Accounts Receivable Write-offs

Analyze use of override transactions

Analyze file maintenance on employee accounts

Look for patterns

List large payments to individuals

Client Considerations:

Managing Intentional and

Unintentional Financial

Distortions


21/262

SEC and PCAOB Guidance on FraudRisk Management

Proposed changes to SEC and PCAOB Internal ControlAuditing and Reporting focus on:

Risk management and assessment in general

Fraud risk management in particular:

Audit Committees role in the oversight of fraud riskmonitoring activities

Risk (and mitigation/testing) of management being able toover-ride controls to perpetrate financial or financial reportingfraud

Monitoring activities at all levels of the organization asemployees, supervisors and senior management perform theirdaily activities and how those are assessed.

What is the main role of General Counsel within

your organizations fraud risk management

program? Responsible for management of one or more fraud prevention

or detection activities

Consulted by others on an as-needed basis regarding

development of programs, policies, practices or procedures

Reactive only, i.e., involvement limited to investigation,remediation and/or prosecution / recovery

Other

Live Meeting Poll



22/262

What is Fraud Risk Management?

Anti-fraud policy

Anti-fraud programs

Background checksand screeningprocedures

BoD / AC oversight

Code of conduct /ethics

Corporate fraud risk

strategy Corporate compliance

and ethics programs

Forensic data analysis

Fraud risk assessment

Fraud risk brainstormingsessions

Fraud testing plans

Investigative unitresourcing

Investigative protocolsand procedures

Incident response andcase management

Disciplinary,prosecution andrecovery guidelines

Preventive / detectivecontrols andmonitoring

Self-reporting /disclosure guidelines

Security functions

Training andawareness workshops

Whistleblowerprograms

Fraud risk management involves the strategies, techniques, programs and

controls utilized by an organization to evaluate, mitigate and monitor its risk to

fraud and misconduct. This includes, but is not limited to:

Entity-Level Considerations:Control Environment

Control Environment Sets tone of organization, which

influences controlconsciousness of its people

Foundation for all othercomponents of internal control

Factors include: Integrity and ethical values Commitment to competence Board of Directors and Audit

Committee Managements philosophy and

operating style Assignment of authority and

responsibility Human resource policies and

practices

COSO: Internal Control Integrated Framework


23/262

Entity-Level Considerations:Anti-Fraud Program and ControlsPrevention

Tone at the top Value system (Code of Ethics

/ Conduct) Positive workplace

environment Hiring, promoting and

retaining appropriateemployees

Training and awarenessprograms

Confirmation / affirmation ofCode of Conduct or Ethics

Ombudsman programs Whistleblower programs Incident response / case

management processes Investigative procedures Discipline, prosecution and

recovery guidelines

Prevention

Tone at the top Value system (Code of Ethics

/ Conduct) Positive workplace

environment Hiring, promoting and

retaining appropriateemployees

Training and awarenessprograms

Confirmation / affirmation ofCode of Conduct or Ethics

Ombudsman programs Whistleblower programs Incident response / case

management processes Investigative procedures Discipline, prosecution and

recovery guidelines

Detection

Identification andmeasurement of fraud risk(fraud risk assessment)

Processes and proceduresto mitigate identified fraudrisk

Effective internal controlsat entity and process level

On-going monitoringactivities

Computer-assisted audittechniques

Investigation of: Internal control

weaknesses / breaches Non-response to Code

confirmation /affirmation

Reported issues

Detection

Identification andmeasurement of fraud risk(fraud risk assessment)

Processes and proceduresto mitigate identified fraudrisk

Effective internal controlsat entity and process level

On-going monitoringactivities

Computer-assisted audittechniques

Investigation of: Internal control

weaknesses / breaches Non-response to Code

confirmation /affirmation

Reported issues

Deterrence

Active oversight by Boardand/or Audit Committee

Fraud risk assessmentand related measures

Code confirmation /affirmation process

Managementsinvolvement in financialreporting process andoverride of control

Process to receive,retain and treatcomplaints of fraud /unethical conduct

Internal and externalaudit effectiveness

Internal audit Evaluation of adequacy

/ effectiveness ofinternal controls

Disciplinary examples

Deterrence

Active oversight by Boardand/or Audit Committee

Fraud risk assessmentand related measures

Code confirmation /affirmation process

Managementsinvolvement in financialreporting process andoverride of control

Process to receive,retain and treatcomplaints of fraud /unethical conduct

Internal and externalaudit effectiveness

Internal audit Evaluation of adequacy

/ effectiveness ofinternal controls

Disciplinary examples

Which one of the following statements best describes yourorganizations fraud risk strategy?

Very well defined - strategy exists to proactively identify fraud risks andcorresponding anti-fraud programs and controls are agreed upon,monitored and measured by Board and senior management on an on-goingbasis

Defined - no formal strategy, but anti-fraud programs and controls and areagreed upon, monitored and measured by Board and senior managementon an on-going basis

Less defined - no formal fraud risk strategy, but some anti-fraud programsand controls exist

Reactive only Fraud risk management is limited to reacting to allegationsof fraud or misconduct.

Undefined - no formal fraud risk strategy or anti-fraud programs andcontrols

Dont know

Live Meeting Poll



24/262

Highlights and Preview Results:Protivitis Fraud Risk Management Survey (2007)

Only one-half of F1000 indicated their fraud risk strategy is very welldefined, suggesting room for improvement in many organizations

More than half of organizations do NOT include anti-fraud overview ordefinition of fraud in policy

High percentage of organizations have no plan in place when fraudreported

One-third of F1000 have no documented protocols and procedures for

investigations

One-half of F1000 have no incident response plan.

Key challenges for managing fraud risk, two-thirds indicated: Fraud not considered high risk No fraud here mentality Or, dont know

Accounting Issues to Watch in 2007

New proxy rules will have companies summarizing, under counsels scrutiny, moreinformation about executive compensation and inclusion within the proxy.Companies may discover things that heretofore had either been un-reported or mis-categorized.

Mop-up on stock compensation as it relates to back-dating.

Ongoing issues on either options or their replacements/successors: deferredcompensation plans, restricted stock, etc.

ExecutiveExecutive

CompensationCompensation

Again, caused by a new accounting pronouncement.

As companies approach placement of pension numbers (more of them) on balancesheet, there may be some who discover that what they previously reflected may notconform to the old rules (especially amounts that should be in comprehensiveincome, tax-effected, time-sensitive valuations, etc.).

Pension AccountingPension Accounting

Advent of FIN 48 will have companies focus on accounting, including pastaccounting) for uncertain tax positions, such as:

aggressive positions

audit roulette

transfer pricing

the s word [shelters]

Income TaxesIncome Taxes


25/262

Areas of Focus / Key Take-Aways

1. Fraud risk assessment

2. Financial reporting risk profile

3. Entity-level review

4. Hotline and other reporting mechanisms

Thank you for your participation

Look for your advanced copy of todays programsummary in the next few weeks.

For more information on the Web Conference series visitwww.foley.com/webconference

To receive a free subscription to InsideCounsel, please visitwww.insidecounsel.com/freeoffer.


26/26

Thank you for your participation

Jim Pajakowski

([email protected])

Mark Plichta

([email protected])

Documents

Foley & Lardner Attorneys Guide to Spotting Financial Distortions