Fraud, Internal Controls, and Cash
This reading provides an overview of fraud risk and internal control systems to mitigate them in the corporate world. Barely a day goes by when the news does not include a story about embezzelement or other fraud at companies throughout the US. Part of the role of the accounting system is to help prevent and detect fraud. This information is extremely important for non-accountants to understand as well. If your company does not have strong internal controls, fraud could impact your bottom line or even get you involved in an investigation into criminal behavior.
Describe Fraud in Financial Statements and Sarbanes-Oxley Act Requirements
Financial statements are the end result of an accountant's work and are the responsibility of management. Proper internal controls help the accountant determine that the financial statements fairly present the financial position and performance of a company. Financial statement fraud occurs when the financial statements are used to conceal the actual financial condition of a company or to hide specific transactions that may be illegal. Financial statement fraud may take on many different methods, but it is generally called cooking the books. This issue may occur for many purposes.
A common reason to cook the books is to create a false set of a company's books used to convince investors or lenders to provide money to the company. Investors and lenders rely on a properly prepared set of financial statements in making their decision to provide the company with money. Another reason to misstate a set of financial statements is to hide corporate looting such as excessive retirement perks of top executives, unpaid loans to top executives, improper stock options, and any other wrongful financial action. Yet another reason to misreport a company's financial data is to drive the stock price higher. Internal controls assist the accountant in locating and identifying when management of a company wants to mislead the inventors or lenders.
The financial accountant or members of management who set out to cook the books are intentionally attempting to deceive the user of the financial statements. The actions of upper management are being concealed, and in most cases, the entire financial position of the company is being purposely misreported. Regardless of the reason for misstating the true condition of a company's financial position, doing so misleads any person using the financial statements of a company to evaluate the company and its operations.
How Companies Cook the Books to Misrepresent Their Financial Condition
One of the most common ways companies cook the books is by manipulating revenue accounts or accounts receivables. Proper revenue recognition involves accounting for revenue when the company has met its obligation on a contract. Financial statement fraud involves early revenue recognition, or recognizing revue that does not exist, and receivable accountings, used in tandem with false revenue reporting. HealthSouth used a combination of false revenue accounts and misstated accounts receivable in a direct manipulation of the revenue accounts to commit a multibillion-dollar fraud between 1996 and 2002. Several chief financial officers and other company officials went to prison as a result.
Concepts In Practice
Internal Controls at HealthSouth
The fraud at HealthSouth was possible because some of the internal controls were ignored. The company failed to maintain standard segregation of duties and allowed management override of internal controls. The fraud required the collusion of the entire accounting department, concealing hundreds of thousands of fraudulent transactions through the use of falsified documents and fraudulent accounting schemes that included revenue recognition irregularities (such as recognizing accounts receivables to be recorded as revenue before collection), misclassification of expenses and asset acquisitions, and fraudulent merger and acquisition accounting. The result was billions of dollars of fraud. Simply implementing and following proper internal control procedures would have stopped this massive fraud.
Many companies may go to great lengths to perpetuate financial statement fraud. Besides the direct manipulation of revenue accounts, there are many other ways fraudulent companies manipulate their financial statements. Companies with large inventory balances can misrepresent their inventory account balances and use this misrepresentation to overstate the amount of their assets to get larger loans or use the increased balance to entice investors through claims of exaggerated revenues. The inventory accounts can also be used to overstate income. Such inventory manipulations can include the following:
- Channel stuffing: encouraging customers to buy products under favorable terms. These terms include allowing the customer to return or even not pick up goods sold, without a corresponding reserve to account for the returns.
- Sham sales: sales that have not occurred and for which there are no customers.
- Bill-and-hold sales: recognition of income before the title transfers to the buyer, and holding the inventory in the seller's warehouse.
- Improper cutoff: recording sales of inventory in the wrong period and before the inventory is sold; this is a type of early revenue recognition.
- Round-tripping: selling items with the promise to buy the items back, usually on credit, so there is no economic benefit.
These are just a few examples of the way an organization might manipulate inventory or sales to create false revenue.
One of the most famous financial statement frauds involved Enron, as discussed previously. Enron started as an interstate pipeline company, but then branched out into many different ventures. In addition to the internal control deficiencies discussed earlier, the financial statement fraud started when the company began to attempt to hide its losses.
The fraudulent financial reporting schemes included building assets and immediately taking as income any projected profits on construction and hiding the losses from operating assets in an off-the-balance sheet transaction called special purpose entities, which are separate, often complicated legal entities that are often used to absorb risk for a corporation. Enron moved assets that were losing money off of its books and onto the books of the Special Purpose Entity. This way, Enron could hide its bad business decisions and continue to report a profit, even though its assets were losing money. Enron's financial statement fraud created false revenues with the misstatement of assets and liability balances. This was further supported by inadequate balance sheet footnotes and the related disclosures. For example, required disclosures were ramped up as a result of these special purpose entities.
Sarbanes-Oxley Act Compliance Today
The Enron scandal and related financial statement frauds led to investors requiring that public companies maintain better internal controls and develop stronger governance systems, while auditors perform a better job at auditing public companies. These requirements, in turn, led to the regulations developed under SOX that were intended to protect the investing public.
Since SOX was first passed, it has adapted to changing technology and now requires public companies to protect their accounting and financial data from hackers and other outside or internal forces through stronger internal controls designed to protect the data. The Journal of Accountancy supported these new requirements and reported that the results of SOX have been positive for both companies and investors.
As discussed in the Journal of Accountancy article, there are three conditions that are increasingly affecting compliance with SOX requirements:
- PCAOB requirements. The PCAOB has increased the requirements for inspection reports, with a greater emphasis on deficiency evaluation.
- Revenue recognition. The Financial Accounting Standards Board has introduced a new standard for revenue recognition. This requirement has led to the need for companies to update control documentation.
- Cybersecurity. Cybersecurity is the practice of protecting software, hardware, and data from digital attacks. As would be expected in today's environment, the number of recent cybersecurity disclosures has significantly grown.
Under current guidelines, instead of the SOX requiring compliance with just the financial component of reporting and internal control, the guidelines now allow application to information technology (IT) activities as well. A major change under the SOX guidelines involves the method of storage of a company's electronic records. While the act did not specifically require a particular storage method, it did provide guidance on which records were to be stored and for how long they should be stored.
The SOX now requires that all business records, electronic records, and electronic messages must be stored for at least five years. The penalties for noncompliance include either imprisonment or fines, or a combination of the two options.