Every company needs a fraud response plan, says Kelly Todd, managing member and the member in charge of forensic investigations at Forensic Strategic Solutions LLC, of Birmingham.
“Occupation fraud” — committed against a company by its own officers, directors or employees — “is likely the largest and most prevalent threat,” according to a 2018 report compiled by the Association of Certified Fraud Examiners.
The ACFE also reports these statistics for U.S. fraud cases:
• Average loss — $100,000
• Median duration before detection — 16 months
• Corruption — 30 percent of total cases
• Means of detection — a tip, 37 percent of the time
Nonetheless, the percentage of cases referred for prosecution has dropped 16 percent in 10 years, most commonly because the victim organization feared bad publicity.
Accounting shenanigans that prop up securities was the biggest fraud category, reaching historic highs in 2018.
According to corpgov.law.harvard.edu, in 2018, “Securities class action filings involving accounting allegations remained at uncharacteristically high levels as the trend of core filings against larger defendant firms continued.
“There were 143 securities class actions involving accounting allegations (accounting case filings) during 2018, nearly 86 percent more than the historical average.”
The report also stated, “The number of accounting cases containing an allegation and announcement of internal control weaknesses exceeded the historical average for the sixth consecutive year.”
Given all of this, the accounting industry, specifically the auditing sector, is looking for ways to reform the auditing process, where independence from the company being audited and ethical conduct is paramount.
Clive Viegas Bennett, CEO of MGI Worldwide, writes in Accountancy Age, “The huge independence edifice is built on quicksand because the auditors are paid directly by the companies they audit.”
A prime example of the issues facing the auditing world is the case involving accounting firm PricewaterhouseCoopers, the Federal Insurance Deposit Corp. and what used to be Alabama’s third largest bank, Colonial.
Earlier this year, PricewaterhouseCoopers announced that it has settled with the FDIC for $335 million over its audits of Colonial Bank, which failed during a financial crisis. The suit was related to professional negligence claims brought by the FDIC against PwC coming out of the firm’s audit of Colonial. The FDIC sought to hold PwC liable for not detecting fraud during audits of Colonial Bank, and a federal judge said the accounting giant had not designed its audits to detect fraud. An Alabama federal district court had earlier awarded damages of $625 million to the FDIC.
“I consider auditor independence to be a misnomer,” says Todd DeZoort, professor of accounting in the Culverhouse College of Commerce and the University of Alabama’s Durr-Fillauer Chair in Business Ethics. “While some auditors should be careful to manage their financial and relational dependencies on a client, I believe auditor independence is impossible in our current system. My research indicates that stakeholders are interested in auditor reliability, which flows from auditor integrity, expertise, independence and pursuit of objectivity.”
DeZoort says a quality audit “should help a client clean up financial reporting and internal control problems that, if unaddressed, can be catastrophic to a company. The audit function is there to serve the public interest and protect very vulnerable stakeholders in a very complicated and high risk reporting environment.”
DeZoort teaches a seven-step fraud risk management model that includes fraud risk governance, fraud risk assessment, prevention, investigation, reporting, mediation and, last but not least, detection, which is where Todd and her troops come in.
Forensic accounting, according to DeZoort, is more focused on risk assessment and investigation, while fraud prevention is the responsibility of management and internal auditing.
In her work as a forensic accountant and fraud examiner, Todd works closely with defense and plaintiff attorneys, audit committees, corporate boards and government inspector generals. Her experience in litigation consulting includes services in civil proceedings, including the calculation of economic damages in a broad range of personal and corporate disputes. Todd has testified as an expert witness in federal and state courts.
“I think one of the things that is important to keep in mind,” Todd says, “is while, yes, every company should have a fraud response plan, there really is a dividing line between companies based on their size and what they are capable of from a resource standpoint. You are going to tend to see response plans and protective detection and that sort of thing in a much larger company, because they have the resources to do it.”
Todd points out that fraud is not something that happens every day. “It is not a normal occurrence in a business.”
And while much of today’s corporate fraud may be linked to technology, technology is “having a huge and growing impact on auditing and fraud examination,” says DeZoort. “For example, we are seeing a surge in the use of artificial intelligence in both auditing and fraud examination, allowing advanced data analytics involving 100 percent of transactions rather than just traditional random samples.
“We see anti-fraud professionals conducting more advanced quantitative and qualitative data analytics with technology, including data mining, digital analysis and linguistic text analysis.”
“When we go in, or a business suspects that there is a problem, one of the first things we want to do generally is ask for mirror images of the computers,” Todd says. “So if the business doesn’t realize, or hasn’t thought through how they are going to respond to the event, how they handle the evidence, or potentially the event, they may not even recognize what could potentially be evidence, that if handled improperly, by the wrong people or just handled improperly in general, could render that potential evidence useless in a court of law.”
She says handling electronic information, handling employees and suspects can be tricky for a company if there is no plan. “And a lot of times when there is no one suspected, they may have no idea who may be involved. And so it is just thinking through those initial steps in how to deal with something that a business is not accustomed to dealing with on a daily basis,” Todd says.
Todd says her firm has been using data analytics or data mining for 20 years. “Now, artificial intelligence is really changing the landscape as far as the ability to proactively look for fraud, or just patterns of wrongdoing. I think it is going to change the accounting profession. What it is not going to do, though, is once the patterns are identified, it is not going to be able to go and investigate the fraud, and it is not going to be able to develop the evidence and interviews. While it may change the initial detection, it is not going to change the investigative part of it.”
Todd says it is important to separate prevention and detection from investigation. “Detection could happen internally in a company. But from our standpoint, because we are outside, we are typically called in when a company believes it has a problem, or they may have detected something, but they don’t have the resources to actually investigate and develop the evidence to take it to law enforcement.
“Fraud, for us, is really about looking for the footprint of the beast. Fraud leaves a pattern, leaves trends in the data, or in the financial statements or in any various financial reports. And so what we are doing, we are going in and, based on what the company may believe has happened, we work under what is known as the fraud theory approach. We form a hypothesis based on what we believe may have happened, and then we test that hypothesis through document review, collection of electronic evidence, accounting transactions, that sort of thing, and then interviewing. And we generally go from the general to the specific. As we are making our way through our investigation, we start with the big picture, and follow that trail to more specific information and eventually work our way into some kind of solution, depending on what the client is looking for. If it is looking for a confession from the suspect, then the specific is going into seeking a confession through an interview.”
Todd says there is often an “aha” moment in the investigation — when investigators are following one path “and all of a sudden something unleashes, and we are ‘Oh my gosh, you are not going to believe this. It is this person as opposed to that person.’”
Todd says a high percentage of fraud cases settle out of court or in guilty pleas. Forensic accountants are sometimes called the “detectives of the accounting world,” and Todd says there are some key things to look for when questioning people involved in suspected company fraud.
“Forever, people thought it was about body language,” Todd says, “and while body language is important, it is only one of many ways to tell if someone is being deceptive with you. The more things that are happening across various channels if you will, speech, a tone of voice and the jittery body language, the more of those that are happening at one time, the more likely it is that the person is being deceptive. The key is to be able to identify their baseline, what is normal for that person.”
Todd says, “If you think fraud is not going to happen, you are wrong because it is, but when it does, do not take matters into your own hands, and be certain to put together a team of experts that know what they are doing.”
Bill Gerdes and Art Meripol are freelance contributors to Business Alabama. Gerdes is based in Hoover and Meripol in Birmingham.