Methods for detecting fraud in financial reporting
B uggers, auditors and investors often face inaccurate financial statements when dealing with small legal entities and large holding companies. The purpose of financial reporting fraud can be to hide losses or improperly inflate asset values. The methods for detecting fraudulent schemes are as varied as the types of fraud themselves, which, moreover, are constantly being improved. Auditors play the most active role in detecting fraud.
According to article 159 of the Criminal Code of the Russian Federation, fraud is an unlawful seizure of someone else's property by deception or abuse of trust. In relation to distortion of financial statements, fraud is understood as a way to take possession of someone else's property by providing an investor, client or partner with knowingly false information.
For comparison: in the Anglo-Saxon system of law, the very fact of providing inaccurate financial information is recognized as an independent crime. Whereas in Russian practice, financial reporting fraud is considered only as part of a crime, for example, tax evasion or fraud as such.
Various methods of financial fraud always pursue one of four possible goals:
- overestimate the amount of revenue;
- overestimate the size of net assets;
- show a larger than in reality, the amount of net profit;
- distort the true picture with the aim of tax evasion.
On the basis of unreliable reporting, it is impossible to make objective economic decisions, for example, about the acquisition of a company or the conclusion of a cooperation agreement.
Features of the audit in detecting financial fraud
The law sets out the requirements for an annual statutory audit for a large number of companies. These are public joint stock companies, companies with assets above a certain threshold, insurance companies, banks, pension funds. An audit is also carried out on an initiative basis, for example, before the acquisition of a company or at the request of one of the shareholders or founders.
Auditing organizations that operate with rigorous audit standards and methodologies have developed several effective methods for detecting financial fraud.
The legal framework for detecting fraud is the Law No. 115-FZ "On Counteracting the Legalization (Laundering) of Criminally Obtained Incomes and the Financing of Terrorism." In their own work, auditors, which previously relied on the Federal Auditing Standards (FSAD) 5/2010 "Responsibilities of the auditor to address fraud in the course of the audit", are now guided by International Auditing Standard 240 "Responsibilities of the auditor in relation to fraud in the audit of financial statements ".
The transition to international standards allows specialists to identify actions similar to fraud, but not to give just such a criminal-legal qualification, but to transfer this responsibility to law enforcement agencies. To this end, the standard recommends that auditors use the term “fraud”.
It is necessary to distinguish "unfair act" in the understanding of auditors from "error" in the understanding of Russian accounting standards, where errors include both bona fide delusions, misunderstanding of accounting rules and regulations, and malicious acts and fraud. When preparing a report for presentation to interested parties, the auditor must comprehensively formulate an understanding of the facts identified, whether it is intentional misstatement or an accidental error.
In the practice of auditors, there are many dissimilar events that, under certain circumstances, could qualify as financial fraud. The reasons are most often:
- weak control over the activities of divisions or branches by the management or shareholders of the company;
- absence or inoperability of the internal control system;
- complex or unusual transactions, entering into economic and legal relations, which did not arise in the company's activities before;
- making transactions that require the company's management to subjectively assess the steps and their consequences.
The Professional Standard gives an auditor who finds a fact similar to fraud the right to request further clarification from company management. The clarifications may relate to how management assesses the very possibility of the risk of misstatement of the financial statements and to the assets or account balances that are most likely to identify such risks. Auditors may also inquire about the internal procedures for identifying risk in reporting. Additional questions usually include the procedure by which executive management communicates the risks of financial fraud and the response to those responsible for corporate governance, as well as the procedure for communicating to company personnel about the avoidance of misstatements in the financial statements and the response to such misstatements.
Any additional clarifications form the basis of the auditor's position in determining whether he is dealing with an error or fraud. If the action can be unconditionally recognized as unfair, it is the auditor's responsibility to inform law enforcement agencies of the suspicion of financial fraud.
Methods for detecting financial fraud
Since international auditing standards do not directly provide specific proposals on how to identify risks, the auditors adapted the international method for identifying financial frauds Managing the Business Risk of Fraud: A Practical Guide for use on Russian soil.
It will be interesting for practitioners in the document to define the means and methods of control that help to identify areas of risk, relying on methods of measuring comparable indicators. For example, fundamentally different numbers in the balance sheet and the income statement can help determine the area of possible risk.
Based on these possibilities and based on the methodology, the auditors divide the process of identifying misstatements in the reporting into seven main stages. This sequence of actions will allow you to identify financial fraud most effectively:
- The first step is to determine whether the company's apparent business practice suggests an opportunity to identify the risk of fraud.
- The second step is to assess in terms of the percentage probability of the occurrence of a potential risk.
- At the third stage, it is necessary, taking into account the likelihood of risks, to establish as reliably as possible how serious the consequences can be, how significant or insignificant the distortions are, what damage they can cause to a potential consumer of information.
- The fourth stage involves identifying divisions and employees in the area of direct responsibility of which risk factors may be, as well as determining the means and types of distortions that are most likely to occur.
- At the fifth stage, it is necessary to examine the tools at the disposal of auditors, the company itself and internal controls, with the help of which it is possible to identify misstatements, and then - to correlate these tools with potential risks.
- At the sixth stage, it will be necessary to assess how effective the tools are, whether they bring the desired result.
- The seventh, final stage implies that the degree of residual risk will be established, which remains after control of the specified instruments.
Establishing the degree of risk
Initially, the presence of a potential risk of financial fraud in a company is revealed in a conversation with audit participants, who in their assessments rely on several factors:
- availability of systems for assessing the work of employees based on financial indicators, and the ability of employees to change financial and accounting statements for personal purposes;
- the degree of pressure from management on employees;
- the degree of development of means of control.
It should always be considered that the management is fully aware of the advantages and disadvantages of the controls and can easily work around them.
Further, the areas in which the occurrence of risks is most likely are determined. These are accounting records and company assets.
The accounting statements, as a rule, reflect expenses and incomes in bad faith or assets and liabilities are estimated inaccurately. In addition, it is extremely likely that the explanatory notes to the statements are drawn up incorrectly, and the most significant points are hidden.
Most of the misstatements in financial statements are made with the aim of appropriating part of the company's assets, and sometimes transferring them to foreign accounts. It is not uncommon for management or employees to steal funds and use company assets for personal gain.
Assessment of the likelihood of realizing the risk of financial fraud
After the potential of the risks and the areas in which they can be realized have been identified, it is required to divide the risks into unlikely, possible, probable. The assessment is based on several factors:
- whether or not fraudulent schemes were detected in the company earlier;
- Whether the industry in which the company operates is generally fraudulent;
- maturity of the internal control system;
- the resources that the company uses to reduce the risks of financial fraud;
- presence in the company of a code of corporate ethics, inclusion of anti-corruption clauses in contracts;
- the number of transactions in the period and the frequency of atypical transactions;
- the complexity of the offense;
- unexplained losses;
- information about possible fraud from other sources.
Assessment of the consequences of risks
The damage from the implementation of risk factors can be maximum or minimum. Usually, the damage is assessed taking into account the significance of this or that incorrectly reflected indicator for the financial statements as a whole. The characterization of damage is also influenced by the financial position and stability of the company, as well as the value of assets at risk, their value to the company and the income they generate. When assessing damage, the cost of civil claims and the likelihood of criminal prosecution are determined if the identified risks are realized.
Analysis of employees and structural units
The personnel of the organization always refers to persons who, to a greater or lesser extent, may be interested in the misstatement of the financial statements. Identifying such misstatements requires analysis of both personnel and company structure. The factors that may motivate the commission of an unfair act, and the factors that may deter it from committing, as well as the available ways of committing such actions are subject to assessment.
For example, if the motivation system in a company is based on aggressive sales growth, then employees of the relevant departments can use changes in the terms of delivery by signing contracts on terms that are less beneficial for the company, but at the time of summing up the results of the period showing an increase in revenue.
Quality of controls
The task of the auditor is to assess the quality of the means at the disposal of the company and which help to identify flaws and fraud in the financial statements. These funds are divided into two groups: aimed at preventing and detecting misconduct.
The first group of tools includes the creation of a fraud detection program and communication to employees of data on its existence and ways of working. Preventive measures also include security screening of new personnel; creation of an effective economic security service; introduction of the concept of conflict of interest; separation of levels of responsibility and the introduction of a trade secret regime.
The second group - means of detection - includes the creation of a hot line for messages about possible incorrect actions; constant internal audit, standards and methods of checking documents for corruption; timely audits and inventories, sometimes with the involvement of external organizations; in some cases - change of the audit company; creation of a system for endorsement of internal documents at different levels.
The parallel use of detection and prevention tools helps to significantly reduce the level of risks.
The study of controls requires the auditor to study their effectiveness. In the aggregate, the application of the above methodology for identifying and assessing risks specific to audit organizations does not exclude other types of definitions associated with the activities of shareholders, government and law enforcement agencies. Sometimes, the mere right of a shareholder to request material documents allows for the identification and prevention of serious fraudulent schemes related to asset stripping.