Spotting Financial Distortions: A Primer for Attorneys

Transcription

1 Spotting Financial Distortions: A Primer for Attorneys The Web Conference Series For Corporate Counsel January 17, 2007 To ask a question using the question pane Enter your question into the text area and click Ask. The presenter will address your question shortly. 1

2 To answer a polling question: When a poll is posted Click the radio button next to your response choice. Need assistance? Contact Live Meeting Customer Support US / Canada: International: Toll Free International: lmhelp@microsoft.com Web: 2

3 Addressing Trends Sharing Solutions 2006 Year in Review book coming in January Today s summary in March InsideCounsel Advance copy for today s participants Today s Moderator Robert Vosper Editor, InsideCounsel InsideCounsel is the leading publication exclusively for general counsel and other in-house counsel Editorial mission be the business and management tool for the corporate legal department Dedicated to the exploration of the relationship between in-house counsel and the law firms that serve them 3

4 Today s Presenters Mark Plichta Senior Counsel, Foley & Lardner LLP Member of Transactional & Securities Practice Area Practice covers mergers & acquisitions, and general corporate business law Regularly counsels publicly held companies regarding compliance matters Today s Presenters James Pajakowski Managing Director, Protiviti Inc. Member of Protiviti s Global Business Risk Services Group Focuses on financial Investigations & Litigation Consulting practice, e-discovery and Data Forensics Consulting, Sarbanes- Oxley Compliance Consulting, Financial Risk Consulting, and Operational Risk Consulting Experience includes audit services, business process improvement consulting, enterprise risk management projects 4

5 Spotting Financial Distortions: A Primer for Attorneys The Web Conference Series For Corporate Counsel January 17, 2007 Discussion Topics SOX: Results so far Recent fraud statistics Identification and detection techniques Common fraud scenarios Client considerations Protiviti s 2007 Fraud Risk Management Survey Accounting issues to watch in 2007 Areas of focus / key take-aways 5

6 Results So Far SOX 404 Compliance Results for Year 1 filers (through May 30, 2006): Almost 3,600 filed internal control reports Over 580 companies, or 16.2 percent, reported material weaknesses Results for Year 2 filers (through May 30, 2006): Over 2,900 companies filed internal control reports 215 ( 7.4%) reported material weaknesses While over 16% of companies subject to Section 404 disclosed internal control weaknesses in their first year of reporting, more than half of these companies reported in Year 2 that they had corrected them. Year 1 and Year 2 Section 404 Disclosure Stats 6

7 Live Meeting Poll How many financial restatements has your organization experienced within the last three years? One Two Three Four or more Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu. Results So Far Restatement Activity (forecasted) Source: Audit Analytics.com April 25 and June 9,

8 Results So Far Restatement Activity (cont d) The number of restatements is expected to increase in 2006 compared to 2005, however this increase is being driven by smaller companies. Large audit firms clients were responsible for 65% of the restatements in 2005, however they were associated with less than half of public company restatements in the first half of Meanwhile smaller auditing firms clients share of restatements has more than doubled, with 497 restatements in the first half of 2006 compared to 185 restatements in the first half of History of Restatements 8

9 History of Restatements (cont d) History of Restatements (cont d) 9

10 Does SOX Have A Positive Impact on Companies? Wall Street Journal May 8, 2006 Tracking the Numbers / Outside Audit: Checks on Internal Control Pay Off Regulation Pays Share price performance of companies complying with internal-control rules called for under the Sarbanes-Oxley Act * * From March 31, 2004 to March 31, % Russell 3000 share index 17.7% Companies that reported no internal-control weaknesses in 2004 or % Companies reporting internal-control weaknesses in 2004, but no weakness in 2005 Companies reporting internal-control weaknesses in both 2004 and 2005 Down 5.7% Securities Fraud Class Actions Decreased in 2006 In 2006, securities fraud class actions decreased by 38%, while allegations of specific accounting irregularities in filed complaints increased Cases involving other accounting irregularities dramatically increased almost 50% related to stock-option issuances Total Disclosure Dollar Loss was $52B in a 44% decrease from 2005 (i.e., market capitalization losses at end of class period, typically time of disclosure of alleged fraud) Maximum Dollar Loss fell from $362B in 2005 to $294B in 2006 (i.e., shareholder losses measured by largest capitalization decline experienced during class period 10

11 Securities Fraud Class Actions Decreased in 2006 (cont d) Three contributing factors cited: Strengthened federal enforcement environment / pressure on companies to conduct internal investigations that implicate individual executives responsible for fraud Strong stock market combined with lower stock price volatility Majority of securities fraud class actions filed in late 1990s-early 2000s are behind us Recent Fraud Statistics 11

12 Three Perspectives on Fraud Black s Law Dictionary defines fraud as: All means by which one individual can get an advantage over another by false suggestions or suppression of the truth. It includes all surprise, trick, cunning or dissembling, and any unfair way by which another is cheated. Institute of Internal Auditors defines fraud as: Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage. Statement on Auditing Standards No. 99 ( SAS 99 ) defines fraud as: An intentional act that results in a material misstatement in financial statements that are the subject of an audit. Two types of misstatements are relevant to the auditor s consideration of fraud: (1) fraudulent financial reporting and (2) misappropriation of assets. Common Types of Financial Fraud Asset Misappropriation (91.5%) $150,000 median loss Corruption (30.8%) $538,000 median loss Fraudulent Financial Statements (10.6%) Most costly, median losses of $2 million per scheme Note: The sum of percentages in this chart exceeds 100% because a number of cases involved multiple schemes that fell into more than one category. Source: Association of Fraud Examiners 2006 Report to the Nation 12

13 Who Discovers Fraud? Tips (34.2%) By accident (25.4%) Internal Audit (20.2%) Internal controls (19.2%) External Audit (12%) Notification by law enforcement (3.8%) Note: Total exceeds 100% because some survey participants cited more than one method for initial discovery of the frauds Source: Association of Fraud Examiners 2006 Report to the Nation Occupational Frauds Based On Industry Sorted By Frequency Industry Banking/Financial Services Government and Public Admin Manufacturing Health Care Insurance Retail Education Service (general) Service (professional, scientific or technical) Construction Utilities Oil and Gas Real Estate Wholesale Trade Transportation and Warehousing Arts, Entertain. and Recreation Communications/Publishing Agriculture, Fishing and Hunting Mining Source: Association of Fraud Examiners 2006 Report to the Nation # Cases Median Loss $258,000 $82,000 $413,000 $160,000 $100,000 $80,000 $100,000 $163,000 $300,000 $500,000 $124,000 $154,000 $200,000 $1,000,000 $109,000 $175,000 $225,000 $71,000 $17,000,000 13

14 Who Benefits from Fraud? Management Fraud Acts where the principal benefits of the act are derived by the company Employee Fraud Acts where the principal benefits of the act are derived by the individual Third Party Fraud Acts where the principal benefits of the act are derived by an entity outside the organization Examples include: Financial Statement Fraud Bribery Price Fixing Contract Bidding Fraud Examples include: Embezzlement Theft of Company Property T&E Fraud Vendor Kickbacks Diversion of Corporate Opportunities Unauthorized Use of Property Examples include: Duplicate Invoices Altered Payee on Checks Commission Schemes Related Party Transactions Supplier Fraud Contractor Fraud Who s Involved in Fraudulent Acts? Department Board of Directors Executive / Upper Management Accounting Customer Service Finance Information Technology Internal Audit Human Resources Manufacturing Legal & Marketing Production / Public Relations Purchasing Research & Development Sales Warehousing / Inventory Billing Schemes 1% 25.7% 31% 4.8% 3.8% 3.3% 1.4% 1.4% 5.2% 3.3% 7.1% 1.9% 7.6% 2.4% Cash Larceny 17.8% 43% 11.2% 5.6% 0.9% 1.9% 0.9% 18.7% Source: Association of Fraud Examiners 2006 Report to the Nation Check Tampering 1.6% 26.4% 57.4% 4.7% 4.7% 0.8% 0.8% 0.8% 3.1% Corruption 2.2% 27.9% 14.9% 7.8% 4.5% 2.6% 3.3% 1.9% 6.3% 6.3% 5.6% 1.1% 13.8% 1.9% Expense Reimbursement 2.6% 34.4% 31.8% 3.9% 1.9% 0.6% 0.6% 1.3% 1.9% 1.3% 1.9% 0.6% 2.6% 14.3% 14

15 Who s Involved in Fraudulent Acts? (cont d) Department Board of Directors Executive / Upper Management Accounting Customer Service Finance Information Technology Internal Audit Human Resources Manufacturing Legal & Marketing Production/ Public Relations Research Purchasing & Development Sales Warehousing / Inventory Financial Statement Fraud 3.1% 50% 17.3% 1% 8.2% 1% 2% 1% 1% 3.1% 11.2% 1% Non-Cash Misappropriations 1.1% 23.7% 11.1% 12.1% 3.2% 4.2% 1.6% 0.5% 8.9% 1.6% 4.2% 2.6% 17.4% 7.9% Payroll Schemes 1% 19.4% 47.6% 9.7% 1% 2.9% 2.9% 3.9% 1% 3.9% 5.8% 1% Skimming 1.4% 23% 42.4% 7.9% 0.7% 0.7% 0.7% 1.4% 2.2% 19.4% Wire Transfer Schemes 48.2% 25% 5.4% 12.5% 1.8% 7.1% Source: Association of Fraud Examiners 2006 Report to the Nation Identification and Detection 15

16 Typical Factors - Intentional Financial Distortions Evaluate Prevent Rationalization Opportunity Deter Mitigate Incentive / Pressure Detect Monitor Typical Factors - Unintentional Financial Distortions Evaluate Prevent Complexity Capacity Deter Mitigate Pressure Detect Monitor 16

17 Common Fraud Scenarios: Excerpt of Potentially Material Frauds Common Fraud Scenario Sub-Category Fraud Risk Examples Materially overstate revenues Recognize unearned revenue Ship goods before sale is complete Channel stuffing Bill and hold Holding books open until after period end Side agreements Back-Dating sales agreements and documents Record revenue when: Buyer right-of-return Customer has options to terminate, void or delay sale No buyer obligation-to-pay Inability of buyer to pay Goods don t meet buyer specifications Record revenue when: Obligation exists to provide future services Recording revenue instead of liability when cash received Side agreements Record fictitious revenue To non-existent customers Collusion On false estimations Percentage-of-completion Common Fraud Scenarios: Excerpts of Potentially Material Frauds (cont d) Common Fraud Scenario Sub-Category Fraud Risk Examples Materially overstate revenues (cont d) Record fictitious revenue (cont d) On exchange of similar assets Like-kind exchanges with intent to record a gain Barter transactions On receipt of vendor credits Supplier credits and rebates Kickbacks Materially understate expenses Shifting current period expenses to future periods Improper capitalization Start-up costs R&D costs Normal period expenses Overstating goodwill in an acquisition Continuing to carry worthless assets Bad debts Bad loans Excess and obsolete inventory Bad investments Depreciating or amortizing costs too slowly Inappropriate methods Excessive lives 17

18 Common Fraud Scenarios: Excerpt of Potentially Material Frauds (cont d) Common Fraud Scenario Sub-Category Fraud Risk Examples Materially misleading presentation of financial position and/or results of operations Overstating assets Failing to record loss contingencies to reduce to netrealizable value Bad debts Bad loans Excessive and obsolete inventory Failing to record asset impairments to reduce to netrealizable value Bad investments stock Bad investments - acquisitions Fixed assets underperforming plants, etc. Not segregating unusual and nonrecurring gains/losses from normal operating results Mixing gains from recurring and non-recurring activities Mingling operating and nonoperating income Restructuring charges vs. operating expenses Misuse of discontinued operations Hiding losses under discontinued operations Ask these Questions Where are the weakest links in the system s controls? What deviations from conventional good accounting practices are possible? How are off-line transactions handled and who has the ability to authorize these transactions? What would be the simplest way to compromise the system? What control features in the system can be bypassed by higher authorities? What is the nature of the work environment? 18

19 Entity Level Red Flags Internal control gaps, deficiencies, weaknesses Business results that continually outperform expectations Management override of controls Rapid or significant turnover of resources Senior management Key financial positions Key employees Inadequate segregation of duties Turnover Cut-backs / lay-offs Unusual end-of-month or end-ofquarter variations High-level of related-party transactions Systems are manual and/or decentralized Employee, customer or vendor complaints Repeated changes of independent public accountants Continuous problems with various regulatory agencies Significant and continuing issues with reconciling financial statements to underlying support Process-Level Considerations - Be Skeptical! Always request original documents Ask yourself whether transactions make sense (e.g. too high, low, round, often, rare) Have documents been altered? Look to see where the documents are maintained (e.g. are certain invoices maintained separately from all other invoices) Is there a right to audit relationship with customers and vendors? (if so, have they or you exercised that right)? Are reconciliations of underlying data to summaries (bank recs, A/R, A/P) always delayed or do they always involve significant and conflicting reconciling items? Do employees have close personal relationships with vendors? Is there a lack of supporting documentation? Do background checks on employees and vendors identify related parties and DBAs? Does an answer not make sense? Are you avoided more than usual? When asking a relatively simple question, are you unexpectedly referred to someone high up in the organization? Go with your gut 19

20 Monitor Fraud Risk with Computer- Assisted Audit Techniques Search for duplicate payments Analyze voids and refunds by employee, using passwords or employee ID numbers Search for duplicate addresses within files: Payroll, Vendor, Accounts Receivable Write-offs Analyze use of override transactions Analyze file maintenance on employee accounts Look for patterns List large payments to individuals Client Considerations: Managing Intentional and Unintentional Financial Distortions 20

21 SEC and PCAOB Guidance on Fraud Risk Management Proposed changes to SEC and PCAOB Internal Control Auditing and Reporting focus on: Risk management and assessment in general Fraud risk management in particular: Audit Committee s role in the oversight of fraud risk monitoring activities Risk (and mitigation/testing) of management being able to over-ride controls to perpetrate financial or financial reporting fraud Monitoring activities at all levels of the organization as employees, supervisors and senior management perform their daily activities and how those are assessed. Live Meeting Poll What is the main role of General Counsel within your organization s fraud risk management program? Responsible for management of one or more fraud prevention or detection activities Consulted by others on an as-needed basis regarding development of programs, policies, practices or procedures Reactive only, i.e., involvement limited to investigation, remediation and/or prosecution / recovery Other Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu. 21

22 What is Fraud Risk Management? Fraud risk management involves the strategies, techniques, programs and controls utilized by an organization to evaluate, mitigate and monitor its risk to fraud and misconduct. This includes, but is not limited to: Anti-fraud policy Anti-fraud programs Background checks and screening procedures BoD / AC oversight Code of conduct / ethics Corporate fraud risk strategy Corporate compliance and ethics programs Forensic data analysis Fraud risk assessment Fraud risk brainstorming sessions Fraud testing plans Investigative unit resourcing Investigative protocols and procedures Incident response and case management Disciplinary, prosecution and recovery guidelines Preventive / detective controls and monitoring Self-reporting / disclosure guidelines Security functions Training and awareness workshops Whistleblower programs Entity-Level Considerations: Control Environment Control Environment Sets tone of organization, which influences control consciousness of its people Foundation for all other components of internal control Factors include: Integrity and ethical values Commitment to competence Board of Directors and Audit Committee Management s philosophy and operating style Assignment of authority and responsibility Human resource policies and practices COSO: Internal Control Integrated Framework 22

23 Entity-Level Considerations: Anti-Fraud Program and Controls Prevention Tone at the top Value system ( Code of Ethics / Conduct ) Positive workplace environment Hiring, promoting and retaining appropriate employees Training and awareness programs Confirmation / affirmation of Code of Conduct or Ethics Ombudsman programs Whistleblower programs Incident response / case management processes Investigative procedures Discipline, prosecution and recovery guidelines Deterrence Active oversight by Board and/or Audit Committee Fraud risk assessment and related measures Code confirmation / affirmation process Management s involvement in financial reporting process and override of control Process to receive, retain and treat complaints of fraud / unethical conduct Internal and external audit effectiveness Internal audit Evaluation of adequacy / effectiveness of internal controls Disciplinary examples Detection Identification and measurement of fraud risk ( fraud risk assessment ) Processes and procedures to mitigate identified fraud risk Effective internal controls at entity and process level On-going monitoring activities Computer-assisted audit techniques Investigation of: Internal control weaknesses / breaches Non-response to Code confirmation / affirmation Reported issues Live Meeting Poll Which one of the following statements best describes your organization s fraud risk strategy? Very well defined - strategy exists to proactively identify fraud risks and corresponding anti-fraud programs and controls are agreed upon, monitored and measured by Board and senior management on an on-going basis Defined - no formal strategy, but anti-fraud programs and controls and are agreed upon, monitored and measured by Board and senior management on an on-going basis Less defined - no formal fraud risk strategy, but some anti-fraud programs and controls exist Reactive only Fraud risk management is limited to reacting to allegations of fraud or misconduct. Undefined - no formal fraud risk strategy or anti-fraud programs and controls Don t know Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu. 23

24 Highlights and Preview Results: Protiviti s Fraud Risk Management Survey (2007) Only one-half of F1000 indicated their fraud risk strategy is very well defined, suggesting room for improvement in many organizations More than half of organizations do NOT include anti-fraud overview or definition of fraud in policy High percentage of organizations have no plan in place when fraud reported One-third of F1000 have no documented protocols and procedures for investigations One-half of F1000 have no incident response plan. Key challenges for managing fraud risk, two-thirds indicated: Fraud not considered high risk No fraud here mentality Or, don t know Accounting Issues to Watch in 2007 Income Taxes Advent of FIN 48 will have companies focus on accounting, including past accounting) for uncertain tax positions, such as: aggressive positions audit roulette transfer pricing the s word [shelters] Pension Accounting Again, caused by a new accounting pronouncement. As companies approach placement of pension numbers (more of them) on balance sheet, there may be some who discover that what they previously reflected may not conform to the old rules (especially amounts that should be in comprehensive income, tax-effected, time-sensitive valuations, etc.). Executive Compensation New proxy rules will have companies summarizing, under counsel s scrutiny, more information about executive compensation and inclusion within the proxy. Companies may discover things that heretofore had either been un-reported or miscategorized. Mop-up on stock compensation as it relates to back-dating. Ongoing issues on either options or their replacements/successors: deferred compensation plans, restricted stock, etc. 24

25 Areas of Focus / Key Take-Aways 1. Fraud risk assessment 2. Financial reporting risk profile 3. Entity-level review 4. Hotline and other reporting mechanisms Thank you for your participation Look for your advanced copy of today s program summary in the next few weeks. For more information on the Web Conference series visit To receive a free subscription to InsideCounsel, please visit 25

26 Thank you for your participation Jim Pajakowski Mark Plichta 26