Spotting Financial Distortions:

A Primer for Attorneys

The Web Conference Series For Corporate Counsel
January 17, 2007

To ask a question using the

question pane
Q

Enter your question into the text area and click Ask.

The presenter will address your question shortly.

To answer a polling question:

Q

When a poll is posted

Click the radio button next to your response choice.

Need assistance?
Q Contact Live Meeting Customer Support

US / Canada: 1-800-893-8779
International: +1.971-544-3222
Toll Free International: 00.800.9522.3000
Email: lmhelp@microsoft.com
Web: www.livemeeting.com/support

Addressing Trends
Sharing Solutions
Q

2006 Year in Review book coming in January

Todays summary in March InsideCounsel

Advance copy for todays participants

Todays Moderator
Robert Vosper
Editor, InsideCounsel
Q

InsideCounsel is the leading publication

exclusively for general counsel and
other in-house counsel
Editorial mission be the business and
management tool for the corporate
legal department
Dedicated to the exploration of the
relationship between in-house counsel
and the law firms that serve them

Todays Presenters
Mark Plichta
Senior Counsel, Foley & Lardner LLP
Q

Member of Transactional & Securities

Practice Area
Practice covers mergers &
acquisitions, and general corporate
business law
Regularly counsels publicly held
companies regarding compliance
matters

Todays Presenters
James Pajakowski

Managing Director, Protiviti Inc.

Q

Member of Protivitis Global Business Risk

Services Group
Focuses on financial Investigations &
Litigation Consulting practice, e-Discovery
and Data Forensics Consulting, SarbanesOxley Compliance Consulting, Financial
Risk Consulting, and Operational Risk
Consulting
Experience includes audit services,
business process improvement
consulting, enterprise risk management
projects

Spotting Financial Distortions:

A Primer for Attorneys
The Web Conference Series For Corporate Counsel
January 17, 2007

Discussion Topics
Q

SOX: Results so far

Recent fraud statistics

Identification and detection techniques

Common fraud scenarios

Client considerations

Protivitis 2007 Fraud Risk Management Survey

Accounting issues to watch in 2007

Areas of focus / key take-aways

Results So Far SOX 404 Compliance

Q

Results for Year 1 filers (through May 30, 2006):

Almost 3,600 filed internal control reports
Over 580 companies, or 16.2 percent, reported material
weaknesses

Results for Year 2 filers (through May 30, 2006):

Over 2,900 companies filed internal control reports
215 ( 7.4%) reported material weaknesses

While over 16% of companies subject to Section 404 disclosed

internal control weaknesses in their first year of reporting,
more than half of these companies reported in Year 2 that they
had corrected them.

Year 1 and Year 2 Section 404

Disclosure Stats

Live Meeting Poll

How many financial restatements has your
organization experienced within the last three
years?
Q
Q
Q
Q

One
Two
Three
Four or more

Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu.

Results So Far Restatement Activity

2000
1800
1600
1400
1200
1000
800
600
400
200
0

2001

2002

2003

2004

2005

2006
(forecasted)

Source: Audit Analytics.com April 25 and June 9, 2006

Results So Far Restatement Activity

(contd)
Q

The number of restatements is expected to increase in 2006

compared to 2005, however this increase is being driven by
smaller companies.
Large audit firms clients were responsible for 65% of the
restatements in 2005, however they were associated with less
than half of public company restatements in the first half of
2006.
Meanwhile smaller auditing firms clients share of
restatements has more than doubled, with 497 restatements in
the first half of 2006 compared to 185 restatements in the first
half of 2005.

History of Restatements

History of Restatements (contd)

History of Restatements (contd)

Does SOX Have A Positive Impact on

Companies?
Wall Street Journal May 8, 2006

Tracking the Numbers / Outside Audit:

Checks on Internal Control Pay Off

Regulation
Pays
Share price performance
of companies complying
with internal-control rules
called for under the
Sarbanes-Oxley Act *
* From March 31, 2004 to March 31, 2006

27.7%

25.7%

Companies reporting
internal-control
weaknesses in both
2004 and 2005

Russell 3000
share index

17.7%
Companies that
reported no
internal-control
weaknesses in
2004 or 2005

Companies
reporting
internal-control
weaknesses in
2004, but no
weakness in 2005

Down
5.7%

Securities Fraud Class Actions

Decreased in 2006
Q

In 2006, securities fraud class actions decreased by 38%, while

allegations of specific accounting irregularities in filed
complaints increased
Cases involving other accounting irregularities dramatically
increased almost 50% related to stock-option issuances
Total Disclosure Dollar Loss was $52B in 2006 - a 44%
decrease from 2005 (i.e., market capitalization losses at end of
class period, typically time of disclosure of alleged fraud)
Maximum Dollar Loss fell from $362B in 2005 to $294B in
2006 (i.e., shareholder losses measured by largest
capitalization decline experienced during class period

10

Securities Fraud Class Actions

Decreased in 2006 (contd)
Q

Three contributing factors cited:

Strengthened federal enforcement environment /
pressure on companies to conduct internal
investigations that implicate individual executives
responsible for fraud
Strong stock market combined with lower stock
price volatility
Majority of securities fraud class actions filed in
late 1990s-early 2000s are behind us

Recent Fraud Statistics

11

Three Perspectives on Fraud

Q

Blacks Law Dictionary defines fraud as:

All means by which one individual can get an advantage over another by
false suggestions or suppression of the truth. It includes all surprise, trick,
cunning or dissembling, and any unfair way by which another is cheated.

Institute of Internal Auditors defines fraud as:

Any illegal acts characterized by deceit, concealment or violation of

trust. These acts are not dependent upon the application of threat of
violence or of physical force. Frauds are perpetrated by parties and
organizations to obtain money, property or services; to avoid payment or
loss of services; or to secure personal or business advantage.

Statement on Auditing Standards No. 99 (SAS 99) defines fraud as:

An intentional act that results in a material misstatement in financial
statements that are the subject of an audit. Two types of misstatements are
relevant to the auditors consideration of fraud: (1) fraudulent financial
reporting and (2) misappropriation of assets.

Common Types of Financial Fraud

Q

Asset Misappropriation (91.5%)

$150,000 median loss

Corruption (30.8%)
$538,000 median loss

Fraudulent Financial Statements (10.6%)

Most costly, median losses of $2 million per scheme

Note:

The sum of percentages in this chart exceeds 100% because a number of cases involved
multiple schemes that fell into more than one category.

Source: Association of Fraud Examiners 2006 Report to the Nation

12

Who Discovers Fraud?

Tips (34.2%)
By accident (25.4%)
Internal Audit (20.2%)
Internal controls (19.2%)
External Audit (12%)

Notification by law enforcement (3.8%)

Q
Q
Q
Q

Note:

Total exceeds 100% because some survey participants cited more than one
method for initial discovery of the frauds

Source: Association of Fraud Examiners 2006 Report to the Nation

Occupational Frauds Based On Industry

Sorted By Frequency
Industry
Banking/Financial Services
Government and Public Admin
Manufacturing
Health Care
Insurance
Retail
Education
Service (general)
Service (professional, scientific or technical)
Construction
Utilities
Oil and Gas
Real Estate
Wholesale Trade
Transportation and Warehousing
Arts, Entertain. and Recreation
Communications/Publishing
Agriculture, Fishing and Hunting
Mining

# Cases
148
119
101
89
78
75
73
60
58
35
34
32
30
30
27
22
16
8
1

Median Loss
$258,000
$82,000
$413,000
$160,000
$100,000
$80,000
$100,000
$163,000
$300,000
$500,000
$124,000
$154,000
$200,000
$1,000,000
$109,000
$175,000
$225,000
$71,000
$17,000,000

Source: Association of Fraud Examiners 2006 Report to the Nation

13

Who Benefits from Fraud?

Q

Management Fraud Acts where the

Examples include:
Financial Statement Fraud
Bribery
Price Fixing
Contract Bidding Fraud

principal benefits of the act are

derived by the company
Q

Examples include:
Embezzlement
Theft of Company Property
T&E Fraud
Vendor Kickbacks
Diversion of Corporate
Opportunities
Unauthorized Use of Property

Employee Fraud Acts where the

principal benefits of the act are
derived by the individual

Third Party Fraud Acts where the

Examples include:
Duplicate Invoices
Altered Payee on Checks
Commission Schemes
Related Party Transactions
Supplier Fraud
Contractor Fraud

principal benefits of the act are

derived by an entity outside the
organization

Whos Involved in Fraudulent Acts?

Billing
Schemes

Cash Larceny

Check
Tampering

Corruption

Expense
Reimbursement

Board of Directors

1%

N/A

1.6%

2.2%

2.6%

Executive / Upper
Management

Department

25.7%

17.8%

26.4%

27.9%

34.4%

Accounting

31%

43%

57.4%

14.9%

31.8%

Customer Service

4.8%

11.2%

4.7%

7.8%

3.9%

Finance

3.8%

5.6%

4.7%

4.5%

1.9%

Information Technology

3.3%

0.9%

N/A

2.6%

0.6%

Internal Audit

N/A

N/A

N/A

N/A

0.6%

Human Resources

1.4%

N/A

0.8%

3.3%

1.3%

Legal
Manufacturing &
Production
Marketing / Public

1.4%

N/A

N/A

1.9%

1.9%

5.2%

1.9%

0.8%

6.3%

1.3%

Relations

3.3%

0.9%

N/A

6.3%

1.9%

Purchasing

7.1%

N/A

0.8%

5.6%

0.6%

Research & Development

1.9%

N/A

N/A

1.1%

2.6%

Sales

7.6%

18.7%

3.1%

13.8%

14.3%

Warehousing / Inventory

2.4%

N/A

N/A

1.9%

N/A

Source: Association of Fraud Examiners 2006 Report to the Nation

14

Whos Involved in Fraudulent Acts? (contd)

Department

Board of Directors
Executive / Upper
Management

Financial
Statement
Fraud

Non-Cash
Misappropriations

Payroll
Schemes

Skimming

Wire Transfer
Schemes

3.1%

1.1%

1%

1.4%

N/A
48.2%

50%

23.7%

19.4%

23%

17.3%

11.1%

47.6%

42.4%

25%

1%

12.1%

9.7%

7.9%

5.4%

Finance

8.2%

3.2%

1%

0.7%

12.5%

Information Technology

N/A

4.2%

N/A

0.7%

N/A

Internal Audit

N/A

N/A

N/A

N/A

N/A

Human Resources

1%

1.6%

2.9%

0.7%

N/A

Legal
Manufacturing &
Production
Marketing / Public

2%

0.5%

2.9%

N/A

N/A

1%

8.9%

3.9%

1.4%

N/A

1%

1.6%

1%

N/A

1.8%

3.1%

4.2%

N/A

2.2%

N/A

N/A

2.6%

3.9%

N/A

N/A

11.2%

17.4%

5.8%

19.4%

7.1%

1%

7.9%

1%

N/A

N/A

Accounting
Customer Service

Relations

Purchasing
Research &
Development
Sales
Warehousing / Inventory

Source: Association of Fraud Examiners 2006 Report to the Nation

Identification and Detection

15

Ra
ti

on
ali

nit
rtu
po

za

te
ga
iti er
t
De

Op

tio
n

Ev
al
Pr uat
ev e
en
t

Typical Factors - Intentional Financial

Distortions

Incentive / Pressure
Mo
n
it
Dete or
ct

xit

y
cit

Co
m

ple

pa
Ca

te
ga
iti er
t
De

Ev
al
Pr uat
ev e
en
t

Typical Factors - Unintentional Financial

Distortions

Pressure
Mon
it
Dete or
ct

16

Common Fraud Scenarios:

Excerpt of Potentially Material Frauds
Common
Fraud Scenario
Materially overstate revenues

Sub-Category
Recognize unearned
revenue

Fraud Risk
Ship goods before sale is complete

Examples
Q
Q
Q

Q
Q

Record revenue when:

Q Customer has options to
terminate, void or delay sale

Q
Q
Q
Q

Record revenue when:

Q Obligation exists to provide
future services
Record fictitious revenue

Channel stuffing
Bill and hold
Holding books open until
after period end
Side agreements
Back-Dating sales
agreements and documents
Buyer right-of-return
No buyer obligation-to-pay
Inability of buyer to pay
Goods dont meet buyer
specifications

Recording revenue instead of

liability when cash received
Side agreements

To non-existent customers

Collusion

On false estimations

Percentage-of-completion

Common Fraud Scenarios:

Excerpts of Potentially Material Frauds (contd)
Common
Fraud Scenario
Materially overstate revenues
(contd)

Sub-Category
Record fictitious revenue
(contd)

Fraud Risk
On exchange of similar assets

Examples
Q

On receipt of vendor credits

Q
Q

Materially understate
expenses

Shifting current period

expenses to future periods

Improper capitalization

Q
Q
Q
Q

Continuing to carry worthless

assets

Q
Q
Q

Depreciating or amortizing
costs too slowly

Q
Q

Like-kind exchanges with

intent to record a gain
Barter transactions
Supplier credits and rebates
Kickbacks
Start-up costs
R&D costs
Normal period expenses
Overstating goodwill in an
acquisition
Bad debts
Bad loans
Excess and obsolete
inventory
Bad investments
Inappropriate methods
Excessive lives

17

Common Fraud Scenarios:

Excerpt of Potentially Material Frauds (contd)
Common
Fraud Scenario
Materially misleading
presentation of financial
position and/or results of
operations

Sub-Category
Overstating assets

Fraud Risk
Failing to record loss
contingencies to reduce to netrealizable value

Failing to record asset

impairments to reduce to netrealizable value

Examples
Q
Q
Q

Q
Q

Not segregating unusual and nonrecurring gains/losses from

normal operating results

Misuse of discontinued operations

Bad debts
Bad loans
Excessive and obsolete
inventory
Bad investments stock
Bad investments acquisitions
Fixed assets underperforming plants, etc.
Mixing gains from recurring
and non-recurring activities
Mingling operating and nonoperating income
Restructuring charges vs.
operating expenses
Hiding losses under
discontinued operations

Ask these Questions

Q

Where are the weakest links in the systems

controls?
What deviations from conventional good accounting
practices are possible?
How are off-line transactions handled and who has
the ability to authorize these transactions?
What would be the simplest way to compromise the
system?
What control features in the system can be
bypassed by higher authorities?
What is the nature of the work environment?

18

Entity Level Red Flags

Q

Q
Q

Internal control gaps, deficiencies,

weaknesses
Business results that continually
outperform expectations
Management override of controls
Rapid or significant turnover of
resources
Senior management
Key financial positions
Key employees
Inadequate segregation of duties
Turnover
Cut-backs / lay-offs

Unusual end-of-month or end-ofquarter variations

High-level of related-party
transactions
Systems are manual and/or
decentralized
Employee, customer or vendor
complaints
Repeated changes of independent
public accountants
Continuous problems with various
regulatory agencies
Significant and continuing issues
with reconciling financial
statements to underlying support

Process-Level Considerations - Be
Skeptical!
Q
Q
Q
Q

Q
Q
Q
Q
Q
Q

Always request original documents

Ask yourself whether transactions make sense (e.g. too high, low, round, often, rare)
Have documents been altered?
Look to see where the documents are maintained (e.g. are certain invoices maintained
separately from all other invoices)
Is there a right to audit relationship with customers and vendors? (if so, have they or
you exercised that right)?
Are reconciliations of underlying data to summaries (bank recs, A/R, A/P) always
delayed or do they always involve significant and conflicting reconciling items?
Do employees have close personal relationships with vendors?
Is there a lack of supporting documentation?
Do background checks on employees and vendors identify related parties and DBAs?
Does an answer not make sense?
Are you avoided more than usual?
When asking a relatively simple question, are you unexpectedly referred to someone
high up in the organization?
Go with your gut

19

Monitor Fraud Risk with ComputerAssisted Audit Techniques

Q
Q

Q
Q
Q
Q

Search for duplicate payments

Analyze voids and refunds by employee, using
passwords or employee ID numbers
Search for duplicate addresses within files: Payroll,
Vendor, Accounts Receivable Write-offs
Analyze use of override transactions
Analyze file maintenance on employee accounts
Look for patterns
List large payments to individuals

Client Considerations:
Managing Intentional and
Unintentional Financial
Distortions

20

SEC and PCAOB Guidance on Fraud

Risk Management
Proposed changes to SEC and PCAOB Internal Control
Auditing and Reporting focus on:
Q Risk management and assessment in general
Q Fraud risk management in particular:
Audit Committees role in the oversight of fraud risk
monitoring activities
Risk (and mitigation/testing) of management being able to
over-ride controls to perpetrate financial or financial reporting
fraud
Monitoring activities at all levels of the organization as
employees, supervisors and senior management perform their
daily activities and how those are assessed.

Live Meeting Poll

What is the main role of General Counsel within
your organizations fraud risk management
program?
Q

Responsible for management of one or more fraud prevention

or detection activities
Consulted by others on an as-needed basis regarding
development of programs, policies, practices or procedures
Reactive only, i.e., involvement limited to investigation,
remediation and/or prosecution / recovery
Other

Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu.

21

What is Fraud Risk Management?

Fraud risk management involves the strategies, techniques, programs and
controls utilized by an organization to evaluate, mitigate and monitor its risk to
fraud and misconduct. This includes, but is not limited to:
Q
Q
Q

Q
Q

Anti-fraud policy
Anti-fraud programs
Background checks
and screening
procedures
BoD / AC oversight
Code of conduct /
ethics
Corporate fraud risk
strategy
Corporate compliance
and ethics programs

Q
Q
Q

Q
Q

Forensic data analysis

Fraud risk assessment
Fraud risk brainstorming
sessions
Fraud testing plans
Investigative unit
resourcing
Investigative protocols
and procedures
Incident response and
case management

Q
Q

Disciplinary,
prosecution and
recovery guidelines
Preventive / detective
controls and
monitoring
Self-reporting /
disclosure guidelines
Security functions
Training and
awareness workshops
Whistleblower
programs

Entity-Level Considerations:
Control Environment
Control Environment
Q
Sets tone of organization, which
influences control
consciousness of its people
Q
Foundation for all other
components of internal control
Q
Factors include:
Integrity and ethical values
Commitment to competence
Board of Directors and Audit
Committee
Managements philosophy and
operating style
Assignment of authority and
responsibility
Human resource policies and
practices

COSO: Internal Control Integrated Framework

22

Entity-Level Considerations:
Anti-Fraud Program and Controls

Prevention
Prevention
Tone
Tone at
at the
the top
top
Value
Value system
system (Code
(Code of
of Ethics
Ethics
// Conduct)
Conduct)
Positive
Positive workplace
workplace
environment
environment
Hiring,
Hiring, promoting
promoting and
and
retaining
retaining appropriate
appropriate
employees
employees
Training
Training and
and awareness
awareness
programs
programs
Confirmation
Confirmation // affirmation
affirmation of
of
Code
Code of
of Conduct
Conduct or
or Ethics
Ethics
Ombudsman
Ombudsman programs
programs
Whistleblower
Whistleblower programs
programs
Incident
Incident response
response // case
case
management
management processes
processes
Investigative
procedures
Investigative procedures
Discipline,
Discipline, prosecution
prosecution and
and
recovery
recovery guidelines
guidelines

Deterrence
Deterrence
Active
Active oversight
oversight by
by Board
Board
and/or
and/or Audit
Audit Committee
Committee
Fraud
risk
assessment
Fraud risk assessment
and
and related
related measures
measures
Code
Code confirmation
confirmation //
affirmation
process
affirmation process
Managements
Managements
involvement
involvement in
in financial
financial
reporting
reporting process
process and
and
override
of
control
override of control
Process
Process to
to receive,
receive,
retain
retain and
and treat
treat
complaints
complaints of
of fraud
fraud //
unethical
unethical conduct
conduct
Internal
Internal and
and external
external
audit
audit effectiveness
effectiveness
Internal
Internal audit
audit
Evaluation
Evaluation of
of adequacy
adequacy
// effectiveness
effectiveness of
of
internal
controls
internal controls
Disciplinary
Disciplinary examples
examples

Detection
Detection

Identification
Identification and
and
measurement
measurement of
of fraud
fraud risk
risk
(fraud
(fraud risk
risk assessment)
assessment)
Processes
Processes and
and procedures
procedures
to
to mitigate
mitigate identified
identified fraud
fraud
risk
risk
Effective
Effective internal
internal controls
controls
at
at entity
entity and
and process
process level
level
On-going
On-going monitoring
monitoring
activities
activities
Computer-assisted
Computer-assisted audit
audit
techniques
techniques
Investigation
Investigation of:
of:

Internal
Internal control
control
weaknesses
weaknesses // breaches
breaches
Non-response
Non-response to
to Code
Code
confirmation
confirmation //
affirmation
affirmation
Reported
Reported issues
issues

Live Meeting Poll

Which one of the following statements best describes your
organizations fraud risk strategy?
Q

Very well defined - strategy exists to proactively identify fraud risks and
corresponding anti-fraud programs and controls are agreed upon,
monitored and measured by Board and senior management on an on-going
basis
Defined - no formal strategy, but anti-fraud programs and controls and are
agreed upon, monitored and measured by Board and senior management
on an on-going basis
Less defined - no formal fraud risk strategy, but some anti-fraud programs
and controls exist
Reactive only Fraud risk management is limited to reacting to allegations
of fraud or misconduct.
Undefined - no formal fraud risk strategy or anti-fraud programs and
controls
Dont know

Changes directly made to this slide will not be displayed in Live Meeting. Edit this slide by selecting Properties in the Live Meeting Presentation menu.

23

Highlights and Preview Results:

Protivitis Fraud Risk Management Survey (2007)
Q

Only one-half of F1000 indicated their fraud risk strategy is very well
defined, suggesting room for improvement in many organizations
More than half of organizations do NOT include anti-fraud overview or
definition of fraud in policy
High percentage of organizations have no plan in place when fraud
reported
One-third of F1000 have no documented protocols and procedures for
investigations
One-half of F1000 have no incident response plan.

Key challenges for managing fraud risk, two-thirds indicated:

Fraud not considered high risk
No fraud here mentality
Or, dont know

Accounting Issues to Watch in 2007

Income Taxes

Pension Accounting

Q
Q

Executive
Compensation

Q
Q

Advent of FIN 48 will have companies focus on accounting, including past

accounting) for uncertain tax positions, such as:
aggressive positions
audit roulette
transfer pricing
the s word [shelters]
Again, caused by a new accounting pronouncement.
As companies approach placement of pension numbers (more of them) on balance
sheet, there may be some who discover that what they previously reflected may not
conform to the old rules (especially amounts that should be in comprehensive
income, tax-effected, time-sensitive valuations, etc.).
New proxy rules will have companies summarizing, under counsels scrutiny, more
information about executive compensation and inclusion within the proxy.
Companies may discover things that heretofore had either been un-reported or miscategorized.
Mop-up on stock compensation as it relates to back-dating.
Ongoing issues on either options or their replacements/successors: deferred
compensation plans, restricted stock, etc.

24

Areas of Focus / Key Take-Aways

1.
2.
3.
4.

Fraud risk assessment

Financial reporting risk profile
Entity-level review
Hotline and other reporting mechanisms

Thank you for your participation

Look for your advanced copy of todays program
summary in the next few weeks.
For more information on the Web Conference series visit
www.foley.com/webconference
To receive a free subscription to InsideCounsel, please visit
www.insidecounsel.com/freeoffer.

25

Thank you for your participation

Jim Pajakowski
(James.Pajakowski@protiviti.com)
Mark Plichta
(mplichta@foley.com)

26