Printer Friendly

A new era: using the internal audit to spot fraud.

Numerous headlines regarding recent litigation cases tell the tale: a strong internal audit group can be the most effective weapon for stopping fraud in its tracks.

An effective internal audit group can do everything from evaluating the substance of transactions and testing for compliance with GAAP and accounting and financial reporting procedures, to blowing the whistle on alleged financial statement fraud.


No longer is an internal audit function merely an option or recommendation. Also gone are the days when the external auditors may perform the internal audit function.

A review of litigation matters from the last few years in which financial statement fraud was allegedly perpetrated shows that senior management had undermined or tried to suppress the effectiveness of the internal audit function. Findings of internal auditors were either ignored, especially when red flags were raised, or the responsibility for internal audits was outsourced to external auditors.


Internal control over financial reporting is defined by the Sarbanes-Oxley Act as a "process designed by, or under the supervision of [the CEO and CFO, or equivalent individuals] ... to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:

"(1) pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions ...;

"(2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures ... are being made only in accordance with authorizations of management and directors; and

"(3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the issuer's assets that could have a material effect on the financial statements."


The internal audit group is expected to be knowledgeable with the GAAP applicable to its company's transactions in this new era of SOX. The SEC requires that the internal control report disclose any material weaknesses in the company's internal control over financial reporting. PCAOB Auditing Standard No. 2 defines material weakness as "a significant deficiency or combination of significant deficiencies that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected."

Internal auditors are not expected to be experts in detecting and investigating financial statement fraud. They can, however, offer advice on how to develop and test policies and procedures that are designed to result in transactions being recorded in accordance with GAAP with a focus on preventing financial statement fraud.

By reviewing some of the transactions whereby a company's management deliberately misstated its financial statements--usually to meet analyst expectations or position itself for a successful merger--internal auditors can assess if their company has policies and procedures in place to support the prevention, detection and correction of certain conditions, such as those shown below.


GAAP does not prohibit bill-and-hold sales, but certain conditions must be present for the revenue to be in accordance with GAAP. The SEC has issued Accounting and Auditing Enforcement Releases (AAER) nos. 108, 196 and 817 that speak to the propriety of recording bill-and-hold sales. There are seven criteria that have to be met for the arrangement to qualify as revenue.

More notably, the buyer--not the seller--must request the bill-and-hold arrangement, which typically occurs in a situation where the buyer does not have the warehouse space to store the goods, but there should be clear indication that the buyer has a business purpose for buying more goods than it is able to store.

If the buyer purchased under a bill-and-hold arrangement in response to a sales promotion initiated by the seller, AAER No. 817 states the "revenue" should be evaluated by ascertaining that the buyer had a substantial purpose for ordering the goods on a bill-and-hold basis.

Shipping documents showing delivery to an address other than the buyer's known shipping address may indicate potential bill-and-hold arrangements, which then might raise some follow-up questions, such as is this a bill-and-hold and if so, did it meet the SEC rules?


Shipments in material amounts near or at year-end may not necessarily translate to channel stuffing, but if there is a sense of pressure within the company to book revenue, past events have shown that not all the revenue was legitimate.

In these cases, there was management override of controls, and prompt detection would have made the difference. Large out-going shipments on New Year's Eve may be worth asking about, as are habitual last-minute shipments during interim periods.


Side letters or side agreements have been shown to amend the original contract by altering payment terms or granting additional rights to the buyer.

Sales personnel should be advised of the effect of such arrangements on revenue recognition, and the internal control policy should require that side arrangements, if entered into, be properly considered in the evaluation of their impact on the revenue, if any, to be recognized. The existence of side letters may be difficult to ascertain, but if the risk is there, sending out confirmations to customers may really be the only way. Confirmations should be designed carefully with questions to elicit the specific information the internal auditor is seeking, as opposed to generic "yes" or "no" questions.


Revenue recognized on shipments to distributors should meet the provisions of SFAS No. 48, Revenue Recognition When Right of Return Exists. If the company's customers include distributors, collection of the receivable should not be dependent on the distributor getting paid first. Amounts sitting in the receivables aging past normal payment terms or for several months may indicate that extended payment terms have been accorded the distributor.

Again, sending out confirmations will help run a tighter ship.


Reserves relating to acquisition or restructuring are liabilities deemed to have been incurred as of a certain period with the reasonable expectation that cash will be disbursed in the near future as the related bills become due and payable (such as payroll and health benefits).

When the reserves are reduced and debited, expect Cash to be the credit entry. Credits to a revenue account or expense account usually mean the initial reserve is being used differently from what the initial accounting appears to reflect.

Past cases have shown that management intentionally overstated these kinds of reserves so that the amounts can be reversed into income during the year(s) income will be needed. Procedures might include steps to follow up on reserves that have been sitting on the books longer than expected, or reserves reduced with an offset to an account other than Cash.


Creating "general reserves" has no basis in GAAP, particularly according to SFAS No. 5, Accounting for Contingencies.

Under SFAS No. 5, a contingent liability has to be probable and estimable for the amount to be recorded. To make a determination that a particular pending event is probable, an evaluation of the likelihood of that event occurring has to be made. "General" reserves have been shown to relate to no particular pending event and are likely candidates for cookie-jar reserves.


Past cases have shown that the intangible assets account created internally may contain improperly capitalized expenses in material amounts.

For example, research and development costs for computer software to be sold, leased or marketed are to be expensed until "technological feasibility" is reached.

Internal auditors in related industries should be familiar with the type of expenses being capitalized as intangible assets, and should come up with the right questions or consult with experts in the field to determine what technological feasibility means as it relates to the product in question. Accounting policies and procedures might be adjusted accordingly to assist the accounting staff in maintaining the account in accordance with GAAP.


Cases also have shown that sales returns reserves have been deliberately understated. By being on the premises, internal auditors may have the only opportunity to observe actual returns on an ongoing basis.

Internal auditors may help improve this management estimate by initiating a "reality check" on the recorded reserve. High levels of returns may be indicative of shipped goods that were not ordered by the customer, signaling potential improper revenue recognition.

Unusual or frequent returns from the same customer or group of customers also may be a red flag. Internal control procedures over the sales returns reserve should be based on the company's pattern and amounts of returns in the past, not what management says they expect returns to be.


SOX also requires a company to disclose if its audit committee includes a "financial expert," and if not, to state the reason. There are four criteria listed for a financial expert, all of which are consistent with being a CPA, including: understanding GAAP and financial statements; experience in preparing or auditing financial statements of comparable companies; experience with the structure and nature of internal controls; and experience with audit committee functions.

Having a financial expert on the audit committee is one of SOX's best provisions and greatly encourages the internal audit group to effectively communicate technical accounting issues, policies and procedures, and engage in meaningful interaction in its charge to help continuously improve the company's financial reporting system.


A. Christine Davis, CPA is a director of litigation consulting and forensic accounting at Hemming Morse in San Francisco. You can reach her at
COPYRIGHT 2005 California Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Author:Davis, A. Christine
Publication:California CPA
Geographic Code:1USA
Date:May 1, 2005
Previous Article:Members in the news.
Next Article:At your service: FTB ruling looks at "personal services," time-spread method.

Related Articles
Internal control audit proposal draws fire and praise.
Combating fraud: know the facts.
Occupational fraud - the audit as deterrent: who better to teach CPAs how to spot fraud than the perpetrators?
Taking a bite outta fraud. (Fraud Standards).
Seven professional associations jointly issue antifraud programs and controls for management.
New approaches to fraud deterrence: it's time to take a new look at the auditing process.
Fraud risk: are you prepared? The mission: to create stronger support for an ethically sound business environment.
Achilles' heel: management override of internal controls a weak link in fraud prevention.
How to prevent fraud in the workplace: small businesses often are hit hardest by white-collar crime.
Spotting fraud.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters