The report, “Mitigating the Risk of Common Fraud: Information on SEC Enforcement Actions,” analyzed 204 enforcement actions related to financial statement fraud, of which 140 systems of fraud were identified. His findings and comments on fraud deterrence and detection are particularly timely given the heightened risk of financial reporting fraud amid the coronavirus pandemic.
“There are three takeaways from the report,” said Julie Bell Lindsay, executive director of the Center for Audit Quality (CAQ). “First, the risk of financial statement fraud in public enterprises is real, and the risk of fraud has only increased due to COVID-19. Second, the most powerful fraud deterrence and detection requires extreme vigilance on the part of all participants in the financial reporting ecosystem: internal and external auditors, audit committees, public company management and regulators. . Finally, state-owned enterprises can effectively combat fraud by exercising a critical mindset, focusing attention on high-risk areas of business and business-specific risks, and performing regular quantitative and qualitative risk assessments. .
“Businesses need to recognize what they don’t know and hire advisors to advise them when it comes to understanding fraud risks and making resource decisions. They may not be able to rely on past experiences with what types of fraud to watch out for and how to strengthen controls. “
Brad Preber, CEO, Grant Thornton
The types of business challenges noted in the report application cases include reduced demand; higher supplier costs; and the pressures to meet analysts’ forecasts and expectations, all of which are present and heightened in the current environment. The SEC Enforcement Division opened 150 COVID-related investigations and recommended several fraud actions related to COVID in the single period from mid-March to September 2020.
Analysis of SEC data in the report found that the most common types of financial statement fraud were incorrect revenue recognition (43%), manipulation of reserves (24%), inventory errors ( 11%) and loan depreciation issues (11%).
Incorrect revenue recognition emerged as the most prevalent area of fraud in almost every year of the study, resulting from timing, valuation, fictitious revenue, and use of the percent complete method. In the area of reserve manipulation, the report highlights how the new accounting requirements for measuring credit losses under ASC 326 (CECL) require more judgment from senior management and encourage companies to consider additional potential fraud risks when adopting the new accounting model.
“These two areas both require management judgment to make estimates, which makes them so vulnerable to fraud,” said Brad Preber, CEO of Grant Thornton, co-chair of the Anti-Fraud Collaboration Steering Committee. “And they are often not based on facts that can be fully substantiated, or the facts can be manipulated to disguise judgments to appear reasonable or justifiable when they are not.”
False or intentionally incomplete financial statement disclosures, material weaknesses in internal control and unsupported journal entries were also observed as significant areas of fraud.
How are the risks of fraud prevalent
External auditors play an important role in deterring and detecting fraud. The report notes that they are a link in the financial reporting chain, and current business challenges and remote audits create increased risks for auditors.
“One thing that is not generally fully understood is that auditors are required to test management’s statements to provide reasonable assurance as to the existence of material misstatements in the financial statements due to fraud or error. . But the external auditor does not have an increased responsibility for detecting fraud, ”said Preber. “Fraud is intentionally designed to hide the transaction from outside detection, and collusion makes detection more difficult if management is not honest with auditors.”
The report highlights the areas where fraud was most often found in enforcement measures. These include technology service companies (17%), finance (13%), energy (11%) and manufacturing (9%). There was a parallel between the most common types of fraud and these industry sectors; for example, technology service companies have complex revenue recognition issues, and financial and energy companies struggle with impaired reserves and loans.
The conclusions were based on SEC filers of all sizes. Seventy-nine of the enforcement actions analyzed (39%) targeted companies with a market capitalization of less than $ 250 million, 44 (22%) targeted small-cap companies, and 22 (11%) targeted companies medium and large cap.
CFOs of public companies (54%) were the most frequently charged employees, followed by CEOs (31%). Factors and root causes that can contribute to fraud include the tone set by company management, business challenges in a high pressure environment, and inexperienced staff.
“It is important to have discussions about values and the need for ethical behavior in this environment,” said Preber. The report underscores the importance of tone at the top, including boards of directors and senior management. For large companies, the tone in the middle also has a significant impact on the risk of fraud. “Middle managers are the closest to financial reporting workers and need to reduce communication about company culture and values, especially in a remote environment,” Lindsay said.
Employees lacking experience and training are less able to identify and tackle fraud, according to the report. This can include complex accounting standards, internal controls, and awareness of fraud schemes perpetrated by others. “This is especially important for small businesses,” Lindsay said. “If they don’t have the right people, they have to get them. “
Areas of deficiency should also be assessed. “Businesses need to recognize what they don’t know and hire advisors to advise them when they are needed to understand fraud risks and make resource decisions,” said Preber. “They may not be able to rely on past experiences on what types of fraud to watch out for and how to strengthen controls.”
According to the report, state-owned enterprises can effectively combat fraud by exercising critical thinking through independent thinking, having a questioning mindset throughout the financial reporting process, focusing attention on areas of potential high risk for the company and its sector, and by carrying out both quantitative and qualitative actions. regular risk assessments. “The CAQ recommends that fraud prevention should not be an afterthought in planning and responding to crises, it should be the starting point,” said Lindsay. Businesses are urged to remain vigilant and focus on the fundamentals of financial reporting, controls, and record keeping and decision making processes.
Preber recommends that companies take a common sense approach to risk management.
“Most companies undertake an enterprise risk management exercise once a year, but facts and circumstances have changed and require a more diligent and periodic review of risks with the right expertise,” he said. . “Does the company have sufficient controls, policies and procedures to reduce the risk of fraud to an acceptable level? If not, they should empower the board, internal audit and middle management to manage risk responsibly and not wait until after the fact.