Category Archives: Ethics

An Ethical Toolbox

As CFE’s we know organizations that have clearly articulated values and a strong culture of ethical behavior tend to control fraud more effectively. They usually have well-established frameworks, principles, rules, standards, and policies that encompass the attributes of generally accepted fraud control. These attributes include leadership, an ethical framework, responsibility structures, a fraud control policy; prevention systems, fraud awareness, third-party management systems, notification systems, detection systems, and investigation systems.

CFE’s are increasingly being called upon to assist in the planning for an assessment of a client organization’s integrity and ethics safeguards and then as active members of the team performing the engagement. The increasing demand for such assessments has grown out of the increasing awareness that a strong ethical culture is a vital part of effective fraud prevention.  Conducting such targeted research within the client organization, within its industry; and its region will help determine the emerging risk areas and potential gaps in most organizational anti-fraud safeguards. Four key elements of integrity and ethics safeguards have emerged over the past few years.  These are the fraud control plan, handling conflicts of interest, shaping ethical dealings with third parties, and natural justice principles for employees facing allegations of wrongdoing.

The need for a fraud control plan is borne out by an organization’s potential fraud losses; typically, about five percent of revenues are lost to fraud each year, according to the ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse. A fraud control plan typically will articulate an organization’s fraud risks, controls, and mitigation strategies, including:

–Significant business activities;
–Potential areas of fraud risk;
–Related fraud controls;
–Gaps in control coverage and assurance activities;
–Defined remedial actions to minimize fraud risks;
–Review mechanisms evaluating the effectiveness of fraud control strategies.

Management should review and update the fraud control plan periodically and report the results to the audit committee and senior management. Thus, the role of the board and of the audit committee of the board are vital for the implementation of any ethically based fraud control plan. The chairman of the board is, or should be, the chief advocate for the shareholders, and completely independent of management. It is the chairman’s primary job to direct the company’s executives and drive oversight of their activities in the name of the shareholders. An independent and highly skilled audit committee chairman is essential to maintain a robust system of checks and balances over all operations. To be truly effective, the chairman must be independent of those he or she is charged with watching.  The chairmen of the board and the audit committee must devote material time to their duties. While the board can use the company’s oversight functions to maintain a checks and balances process, there is no substitute for personal, direct involvement. The board must be willing to direct inquiries into allegations of misconduct, and have unquestioned confidential spending authority to conduct reviews and investigations as it deems necessary.

One of the most effective compliance tools available to the board is the day-to-day vigilance of the company’s employees. When an individual employee detects wrongdoing, he or she must have an effective and safe method to report observations, such as a third-party ethics hotline that reports to the chairman of the board and audit committee. All employees must be protected from retribution to avoid any possibility of corrupting the process.

A zero-based budgeting process, requiring that the individual elements of the company’s budget be built from the bottom up, reviewed in detail, and justified, can identify unusual spending in numerous corporate and operating units. This provides an in-depth view of spending as opposed to basing the current year’s spending, in aggregate, on last year’s spending, where irregularities may be buried and overlooked.

In organizations with an internal audit division the overall review would typically be performed by Director of Internal Audit (CAE) whom the CFE and other specialists would support. This review should be integrated into the organization’s wider business planning to ensure synergies exist with other business processes, and should link to the organization-wide risk assessment and to other anti-fraud processes.

The ACFE tells us that there is a growing consensus that managing conflicts of interest is critical to curbing corruption. Reports indicate that unmanaged conflicts of interest continue to cost organizations millions of dollars. To minimize these risks, organizations need a clear and well-understood conflict of interest policy, coupled with practical arrangements to implement and monitor policy requirements. Stated simply, a conflict of interest occurs when the independent judgment of a person is swayed, or might be swayed, from making decisions in the best interest of others who are relying on that judgment. An executive or employee is expected to make judgments in the best interest of the company. A director is legally expected to make judgments in the best interest of the company and of its shareholders, and to do so strategically so that no harm and perhaps some benefit will come to other stakeholders and to the public interest. A professional accountant is expected to make judgments that are in the public interest. Decision makers usually have a priority of duties that they are expected to fulfill, and a conflict of interests confuses and distracts the decision maker from that duty, resulting in harm to those legitimate expectations that are not fulfilled. Sometimes the term apparent conflict of interest is used, but it is a misnomer because it refers to a situation where no conflict of interest exists, although because of lack of information someone other than the decision maker would be justified in concluding (however tentatively) that the decision maker does have one

A special or conflicting interest could include any interest, loyalty, concern, emotion, or other feature of a situation tending to make the decision maker’s judgment (in that situation) less reliable than it would normally be, without rendering the decision maker incompetent. Commercial interests and family connections are the most common sources of conflict of interest, but love, prior statements, gratitude, and other subjective tugs on judgment can also constitute interest in this sense.

The perception of competing interests, impaired judgment, or undue influence also can be a conflict of interest. Good practices for managing conflicts of interest involve both prevention and detection, such as:

–Promoting ethical standards through a documented, explicit conflict of interest policy as well as well-stated values and clear conflicts provisions in the code of ethics;
–Identifying, understanding, and managing conflicts of interest through open and transparent communication to ensure that decision-making is efficient, transparent, and fair, and that everyone is aware of what to do if they suspect a conflict;
–Informing third parties of their responsibilities and the consequences of noncompliance through a statement of business ethics and formal contractual requirements;
–Ensuring transparency through well-established arrangements for declaring and registering gifts and other benefits;
–Ensuring that decisions are made independently, with evidence that staff and contractors routinely declare all actual, potential, and perceived conflicts of interests, involving at-risk areas such as procurement, management of contracts, human resources, decision-making, and governmental policy advice;
–Establishing management, internal controls, and independent oversight to detect breaches of policy and to respond appropriately to noncompliance.

Contemporary business models increasingly involve third parties, with external supplier costs now representing one of the most significant lines of expenditure for many organizations. Such interactions can provide an opportunity for fraud and corruption. An enterprise’s strong commitment to ethical values needs to be communicated to suppliers through a Statement of Business Ethics. Many forward-thinking organizations already have codes of ethics in place that set out the values and ethical expectations of both their board members and staff. The board code of conduct should define the behavioral standards for members, while the staff code of conduct should detail standards for employee conduct and the sanctions that apply for wrongdoing. Similar statements also are appropriate for third parties such as suppliers, service providers, and business partners.

A statement of business ethics outlines both acceptable and unacceptable practices in third-party dealings with an organization. Common features include:

–The CEO’s statement on the organization’s commitment to operating ethically;
–The organization’s values and business principles;
–What third parties can expect in their dealings with the organization and the behaviors expected of them;
–Guidance related to bribery, gifts, benefits, hospitality, travel, and accommodation; conflicts of interest; confidentiality and privacy of information; ethical communications; secondary employment; and other expectations.
–Contact information for concerns, clarification, reporting of wrongdoing, and disputes.

Once established, the organization needs to implement a well-rounded communication strategy for the statement of business ethics that includes education of staff members, distribution to third parties, publication on the organization’s website, references to it in the annual report, and inclusion in future tender proposals and bid packs.

Engaged and capable employees underpin the success of most organizations, yet management does not always recognize the bottom-line effects and employee turnover costs when innocent employees are the subject of allegations of fraud and other wrongdoing. About 60 percent of allegations against employees turn out to be unsubstantiated, according to the ACFE. A charter of rights compiles in a single document all the information that respondents to allegations of wrongdoing may require. Such a charter should be written in an easy-to-understand style to meet the needs of its target audience. It should:

–Outline the charter’s purpose, how it will operate, how it supports a robust complaints and allegations system, and how it aligns with the organization’s values;
–Describe how management handles workplace allegations and complaints, and ensure principles of natural justice and other legislative obligations, such as privacy, are in place;
–Provide a high-level overview diagram of the allegation assessment and investigation process, including the channels for submitting allegations; the distinct phases for logging, assessing, and investigating the allegations; and the final decision-making phase;
–Include details of available support such as contact information for human resource specialists, details about an external confidential employee help line, and processes for updates throughout the investigation;
–Illustrate the tiered escalation process for handling allegations that reflects (at one end) how issues of a serious, sensitive, or significant nature are addressed, and encourages (at the other end) the handling of low level localized issues as close to the source as possible;
–Provide answers to frequent questions that respondents might have about the process for dealing with allegations, such as “What can I expect?” “Are outcomes always reviewable?” “What does frivolous and vexatious mean?” “What will I be told about the outcome?” and “What happens when a process is concluded?”;
–Outline the options for independent reviews of adverse investigation outcomes.

For Appearance Sake

By Rumbi Petrozzello, CPA/CFF, CFE
2017 Vice-President – Central Virginia Chapter ACFE

Last Thursday, the 15th of June 2017, the New York State Senate Committee on Ethics and Internal Governance met. The previous sentence reads like a big yawn with which no one, beyond perhaps the members of the committee itself, would be concerned. However, this meeting was big news. The room was packed with members of the media and every member of the committee was in attendance. Why? Because this was the first meeting the committee had empaneled since 2009, as confirmed by the committee’s published archive of events. It turns out that it was indeed a big deal that all committee members were in attendance because, for eight years straight, none of the committee members had attended a single meeting.

If you are thinking that the ethics committee did not meet for eight years because there were no ethical issues to discuss and our state’s legislative leadership practiced only ethical and upright behavior, you would be sorely mistaken. John Sampson, the State Senator who chaired the committee at that last meeting in 2009 was found guilty, of obstruction of justice and of lying to federal agents in 2015 and sentenced to jail time in January 2017. Evidently, taking their cues from the tone at the top evidenced by the leadership of their ethics committee, during the same eight-year meeting hiatus, seven other state senators were convicted on charges that included mail fraud, looting a nonprofit and bribery.

So, you might ask, what happened at the meeting last week? The committee had come together to discuss stipends, that are supposed to go to committee chairs, that were apparently also being paid to committee vice-chairs (and, in one case, to a deputy vice-chair, whatever that is). There was a motion proposed to stop making these payments to anyone but the committee chair. It seems that just coming together was more than enough work for the committee and, therefore, they tabled the motion, a motion that would not even have been binding, until its next meeting. It should be noted that two of the senators receiving this chair stipend, as vice-chairs, serve on the ethics committee and both voted to postpone voting on the motion. It would be laughable if it were a laughing matter.

Think about where you work and about all the clients with whom we work, as fraud examiners and forensic accountants. We work with our clients and with those who employ us to suggest comprehensive policies that cover good business practices and ethical behaviors and actions. Reading about the shenanigans of the State Senate Committee on Ethics recalled several thoughts:

The assumption that personnel will automatically be motivated to behave as corporate owners want is no longer valid. People are motivated more by self-interest than in the past and are likely to come from backgrounds that emphasize different priorities of duty. As a result, there is greater need than ever for clear guidance and for identifying and effectively managing threats to good governance and accountability.

Even when different employee backgrounds are not an issue, personnel can misunderstand the organization’s objectives and their own role and fiduciary duty. For example, many directors and employees at Enron evidently believed that the company’s objectives were best served by actions that brought short term profit:

—through ethical dishonesty, manipulation of energy markets or sham displays of trading floors;
—through book keeping that was illusory;
—through actions that benefited themselves at the expense of other stakeholders.

Frequently, employees are tempted to cut ethical corners, and they have done so because they believed that their top management wanted them to; they were ordered to do so; or they were encouraged to do so by misguided or manipulative incentive programs. These actions occurred although the board of directors would have preferred (sometimes with hindsight) that they had not. Personnel simply misunderstood what was expected by the board because guidance was unclear or they were led astray and did not understand that they were to report the problem for appropriate corrective action, or to whom or how.

Among our clients, lack of proper guidance or reporting mechanisms may have been the result of directors and others not understanding their duties as fiduciaries. Directors owe shareholders and regulators several duties, including obedience, loyalty, and due care. Recognition of the increasing complexity, volatility and risk inherent in modern corporate interests and operations, particularly as their scope expands to diverse groups and cultures has led to the requirement for risk identification, assessment and management systems.

  • If our client businesses want to do an excellent job at implementing effective ethics programs, orientation of new employees should always involve a review of the code of ethical practice by the staff tasked with compliance and with enforcing policies. How many entities are actively practicing what they preach during such sessions? The values that a company’s directors wish to instill to motivate the beliefs and actions of its personnel need to be conveyed to provide the required guidance. Usually, such guidance takes the form of a code of conduct that states the values selected, the principles that flow from those values, and any rules that are to be followed to ensure that appropriate values are respected.
  • After orientation, what steps are companies taking to maintain their ethics programs on an on-going basis? Principles are more useful to employees than just rules because principles facilitate interpretation when the precise circumstances encountered do not exactly fit the rules prescribed. A blend of principles and rules is often optimal in maintaining of a code of conduct in the long term.
  • Is leadership periodically coming together to talk about where their firm stands when it comes to ethics and compliance? A code on its own may be nothing more than ‘ethical art’ that hangs on the wall but is rarely studied or followed. Experience has revealed that, to be effective, a code must be reinforced by a comprehensive ethical culture.
  • Is anyone reviewing how whistleblowing claims are being dealt with? Does the company even have a whistleblower program? If so, does the staff even know about it and how it works? Whistle-blowers are part of a needed monitoring, risk management and remediation system.
  • Is leadership setting a positive tone at the top and displaying the behaviors that it is demanding from employees? The ethical behavior expected must be referred to in speeches and newsletters by top management as often as they refer to their health and safety programs, or to their antipollution program or else it will be viewed as less important by employees. If personnel never or rarely hear about ethical expectations, they will perceive them as not a serious priority.

Once, I worked at a company where senior management smoked in the office; behavior that is illegal and was, on paper, not allowed. When staff members complained to human resources, no corrective action was taken. Frustrated, some staff members called the city hotline to file a report. Following visits from the city, human resources put up no smoking signs and then notices encouraging employees to keep reports of inappropriate staff smoking internal. By only paying lip service to policy, this company’s management seemed populated by future candidates for the State’s Senate Ethics Committee. But my former employer doesn’t stand alone as evidenced by frauds at Wells Fargo and at others. A company can pull out screeds of rules and regulations, but what matters most is what the staff knows and what the leadership does.

In the case of the New York State Senate Committee on Ethics and Internal Governance, what it did was delay a vote on the issues before it until the next meeting. And when will the next meeting be? After taking eight years to set up its last meeting, the committee was in no hurry to set a date for the next. They adjourned without scheduling the next one. They did, however, take a moment to congratulate themselves on attending this meeting. You can’t forget the important stuff.

Rigging the Casino

I attended an evening lecture some weeks ago at the Marshall-Wythe law school of the College of William & Mary, my old alma mater, in Williamsburg, Virginia. One of the topics raised during the lecture was a detailed analysis of the LIBOR scandal of 2012, a fascinating tale of systematic manipulation of a benchmark interest rate, supported by a culture of fraud in the world’s biggest banks, and in an environment where little or no regulation prevailed.

After decades of abuse that enriched the big banks, their shareholders, executives and traders, at the expense of others, investigations and lawsuits were finally initiated, and the subsequent fines and penalties were huge. The London Interbank Offered Rate (LIBOR) rate is a rate of interest, first computed in 1985 by the British Banking Association (BBA), the Bank of England and others, to serve as a readily available reference or benchmark rate for many financial contracts and arrangements. Prior to its creation, contracts utilized many privately negotiated rates, which were difficult to verify, and not necessarily related to the market rate for the security in question. The LIBOR rate, which is the average interest rate estimated by leading banks that they would be charged if they were to borrow from other banks, provided a simple alternative that came to be widely used. For example, in the United States in 2008 when the subprime lending crisis began, around 60 percent of prime adjustable-rate mortgages (ARMs) and nearly all subprime mortgages were indexed to the US dollar LIBOR. In 2012, around 45 percent of prime adjustable rate mortgages and over 80 percent of subprime mortgages were indexed to the LIBOR. American municipalities also borrowed around 75 percent of their money through financial products that were linked to the LIBOR.

At the time of the LIBOR scandal, 18 of the largest banks in the world provided their estimates of the costs they would have had to pay for a variety of interbank loans (loans from other banks) just prior to 11:00 a.m. on the submission day. These estimates were submitted to Reuters news agency (who acted for the BBA) for calculation of the average and its publication and dissemination. Reuters set aside the four highest and four lowest estimates, and averaged the remaining ten.

So huge were the investments affected that a small manipulation in the LIBOR rate could have a very significant impact on the profit of the banks and of the traders involved in the manipulation. For example, in 2012 the total of derivatives priced relative to the LIBOR rate has been estimated at from $300-$600 trillion, so a manipulation of 0.1% in the LIBOR rate would generate an error of $300-600 million per annum. Consequently, it is not surprising that, once the manipulations came to light, the settlements and fines assessed were huge. By December 31, 2013, 7 of the 18 submitting banks charged with manipulation, had paid fines and settlements of upwards of $ 2 billion. In addition, the European Commission gave immunity for revealing wrongdoing to several the banks thereby allowing them to avoid fines including: Barclays €690 million, UBS €2.5 billion, and Citigroup €55 million.

Some examples of the types of losses caused by LIBOR manipulations are:

Manipulation of home mortgage rates: Many home owners borrow their mortgage loans on a variable- or adjustable-rate basis, rather than a fixed-rate basis. Consequently, many of these borrowers receive a new rate at the first of every month based on the LIBOR rate. A study prepared for a class action lawsuit has shown that on the first of each month for 2007-2009, the LIBOR rate rose more than 7.5 basis points on average. One observer estimated that each LIBOR submitting bank during this period might have been liable for as much as $2.3 billion in overcharges.

Municipalities lost on interest rate swaps: Municipalities raise funds through the issuance of bonds, and many were encouraged to issue variable-rate, rather than fixed-rate, bonds to take advantage of lower interest payments. For example, the saving could be as much as $1 million on a $100 million bond. After issue, the municipalities were encouraged to buy interest rate swaps from their investment banks to hedge their risk of volatility in the variable rates by converting or swapping into a fixed rate arrangement. The seller of the swap agrees to pay the municipality for any requirement to pay interest at more than the fixed rate agreed if interest rates rise, but if interest rates fall the swap seller buys the bonds at the lower variable interest rate. However, the variable rate was linked to the LIBOR rate, which was artificially depressed, thus costing U.S. municipalities as much as $10 billion. Class action suits were launched to recover these losses which cost municipalities, hospitals, and other non-profits as much as $600 million a year; the remaining liability assisted the municipalities in further settlement negotiations.

Freddie Mac Losses: On March 27, 2013, Freddie Mac sued 15 banks for their losses of up to $3 billion due to LIBOR rate manipulations. Freddie Mac accused the banks of fraud, violations of antitrust law and breach of contract, and sought unspecified damages for financial harm, as well as punitive damages and treble damages for violations of the Sherman Act. To the extent that defendants used false and dishonest USD LIBOR submissions to bolster their respective reputations, they artificially increased their ability to charge higher underwriting fees and obtain higher offering prices for financial products to the detriment of Freddie Mac and other consumers.

Liability Claims/Antitrust cases (Commodities-manipulations claims): Other organizations also sued the LIBOR rate submitting banks for anti-competitive behavior, partly because of the possibility of treble damages, but they had to demonstrate related damages to be successful. Nonetheless, credible plaintiffs included the Regents of the University of California who filed a suit claiming fraud, deceit, and unjust enrichment.

All of this can be of little surprise to fraud examiners. The ACFE lists the following features of moral collapse in an organization or business sector:

  1. Pressure to meet goals, especially financial ones, at any cost;
  2. A culture that does not foster open and candid conversation and discussion;
  3. A CEO who is surrounded with people who will agree and flatter the CEO, as well as a CEO whose reputation is beyond criticism;
  4. Weak boards that do not exercise their fiduciary responsibilities with diligence;
  5. An organization that promotes people based on nepotism and favoritism;
  6. Hubris. The arrogant belief that rules are for other people, but not for us;
  7. A flawed cost/benefit attitude that suggests that poor ethical behavior in one area can be offset by good ethical behavior in another area.

Each of the financial institutions involved in the LIBOR scandal struggled, to a greater or lesser degree with one or more of these crippling characteristics and, a distressing few, manifested all of them.

Overhanging Liabilities

Most experienced CFE’s are familiar with financial fraud cases involving the overhanging liabilities represented by artfully constructed schemes to avoid income taxes since multiple ACFE training courses over the years have focused on the topic in detail.  But for those new to fraud examination and to the Central Virginia Chapter, a little history.  Before 2002, accounting firms would provide multiple services to the same firm. Hired by the shareholders, they would audit the financial statements that were prepared by management, while also providing consulting services to those same managers. Some would also provide tax advice to the managers of audit clients. However, the Sarbanes-Oxley Act of 2002 (SOX) restricted the type and the intensity of consulting services that could be provided to the management of audit clients because the provision of such services might compromise the objectivity of the auditor when auditing the financial statements prepared by client management on behalf of the shareholders. Nevertheless, both before and after the passage of SOX, as subsequently reported in the financial press, both the major accounting firms Ernst & Young (E&Y) and KPMG were offering very aggressive tax shelters to wealthy taxpayers as well as to the senior managers of their audit clients.

In the 1990s, E&Y had created four tax shelters that they were selling to wealthy individuals. One Of them, called E.C.S., for Equity Compensation Strategy, resulted in little or no tax liability for the taxpayer. The complicated tax plan was a means of delaying, for up to thirty years, paying taxes on the profits from exercising employee stock options that would otherwise be payable in the year in which the stock options were exercised. E&Y charged a fee of 3 percent of the amount that the taxpayer invested in the tax shelter, plus $50,000 to a law firm for a legal opinion that said that it was “more likely than not” that the shelter would survive a tax audit. E&Y had long been the auditor for Sprint Corporation. They also took on as clients William Esrey and Ronald LeMay, the top executives at Sprint. In 2000 E&Y received:

  • $2.5 million for the audit of Sprint,
  • $2.6 million for other services related to the audit;
  • $63.8 million for information technology and other consulting services, and
  • $5.8 million from Esrey and LeMay for tax advice.

In 1999 Esrey announced a planned merger of Sprint with WorldCom that potentially would have made the combined organization the largest telecommunications company in the world. The deal was not consummated because it failed to obtain regulatory approval. Nevertheless, Esrey and LeMay were awarded stock options worth about $3ll million. E&Y sold an E.C.S. to each of the two executives. In the three years from 1998 to 2000, the options profits for Esrey were $159 million and the tax that would have been payable had he not bought the tax shelter amounted to about $63 million. The options profits for LeMay were $152.2 million and the tax thereon about $60.3 million.

Subsequently, the Internal Revenue Service rejected the E&Y tax shelter of each man. Sprint then asked the two executives to resign, which they did. Sprint also dismissed E&Y as the company’s auditor. On July 2, 2003, E&Y reached a $15 million settlement with the IRS regarding their aggressive marketing of tax shelters. Then, in 2007, four E&Y partners were charged with tax fraud. These four partners worked for an E&Y unit called VIPER, “value ideas produce extraordinary results,” later renamed SISG, “strategic individual solutions group.” Its purpose was to aggressively market tax shelters, known as Cobra, Pico, CDS, and CDS Add-Ons, to wealthy individuals, many of whom acquired their fortunes in technology-related businesses. These four products were sold to about 400 wealthy taxpayers from 1999 to 2001 and generated fees of approximately $121 million. The government claims that the tax shelters were bogus and taxpayers were reassessed for taxes owed as well as for related penalties and interest.

On August 26, 2005, KPMG in turn agreed pay a fine of $456 million for selling tax shelters from 1996 through 2003 that fraudulently generated $11 billion in fictitious tax losses that cost the government at least $2.5 billion in lost taxes. The four tax shelters went by the acronyms FLIP, OPIS, BLIPS, and SOS.  Under the Bond Linked Premium Issue Structure (BLIPS), for example, the taxpayer would borrow money from an offshore bank and invest in a joint venture that would buy foreign currencies from that same offshore bank. About two months later, the joint venture would then sell the foreign currency back to the bank, creating a tax loss. The taxpayer would then declare. a loss for tax purposes on the BLIPS investment. The way that BLIPS were structured, the taxpayer only had to pay $1.4 million to declare a $20 million loss for tax purposes. BLIPS were targeted at wealthy executives who would normally pay between $10 million and $20 million in taxes.

Buying a BLIPS, however, effectively reduced the investor’s taxable income to zero. They were sold to 186 wealthy individuals and generated at least $5 billion in tax losses. The FLIP and OPIS involved investment swaps through the Cayman Islands, and SOS was a currency swap like the BLIPS. The government contended that these were sham transactions since the loans and investments were risk-free. Their sole purpose was to artificially reduce taxes. Some argued that the KPMG tax shelters were so egregious that the accounting firm should be put out of business. However, Arthur Andersen had collapsed in 2002, and if KPMG failed, then there would be only three large accounting firms remaining: Deloitte, PricewaterhouseCoopers, and Ernst & Young. KPMG Chairman, Timothy Flynn, said “the firm regretted taking part in the deals and sent a message to employees calling the conduct inexcusable. KPMG remained in business, but the firm was fined almost a half billion dollars.

Because of the Ernst & Young and KPMG tax fiascos, the large accounting firms have become wary of marketing very aggressive tax shelters. Now, most shelters are being sold by tax “boutiques” that operate on a much smaller scale and so are less likely to be investigated by the IRS.  The question that remains, however, is to what extent should professional accountants be selling services that directly or indirectly abet even lawful tax avoidance which, as the ACFE tells us,  can so easily shade into what the IRS calls tax evasion?

Beyond the Sniff Test

Many years ago, I worked with a senior auditor colleague (who was also an attorney) who was always talking about applying what he called “the sniff test” to any financial transaction that might represent an ethical challenge.   Philosophical theories provide the bases for useful practical decision approaches and aids like my friend’s sniff test, although we can expect that most of the executives and professional accountants we work with as CFEs are unaware of exactly how and why this is so. Most seasoned directors, executives, and professional accountants, however, have developed tests and commonly used rules of thumb that can be used to assess the ethicality of decisions on a preliminary basis. To their minds, if these preliminary tests give rise to concerns, a more thorough analysis should be performed using any number of defined approaches and techniques.

After having heard him use the term several times, I asked my friend him if he could define it.  He thought about it that morning and later, over lunch, he boiled it down to a series of questions he would ask himself:

–Would I be comfortable as a professional if this action or decision of my client were to appear on the front page of a national newspaper tomorrow morning?
–Will my client be proud of this decision tomorrow?
–Would my client’s mother be proud of this decision?
–Is this action or decision in accord with the client corporation’s mission and code?
–Does this whole thing, in all its apparent aspects and ramifications, feel right to me?

Unfortunately, for their application in actual practice, although sniff tests and commonly used rules are based on ethical principles and are often preliminarily useful, they rarely, by themselves, represent a sufficiently comprehensive examination of the decision in question and so can leave the individuals and client corporations involved vulnerable to making unethical decisions.  For this reason, more comprehensive techniques involving the impact on client stakeholders should be employed whenever a proposed decision is questionable or likely to have significant consequences.

The ACFE tells us that many individual decision makers still don’t recognized the importance of stakeholder’s expectations of rightful conduct. If they did, the decisions made by corporate executives and by accountants and lawyers involved in the Enron, Arthur Andersen, WorldCom, Tyco, Adephia, and a whole host of others right up to the present day, might have avoided the personal and organizational tragedies that occurred. Some executives were motivated by greed rather than by enlightened self-interest focused on the good of all. Others went along with unethical decisions because they did not recognize that they were expected to behave differently and had a duty to do so. Some reasoned that because everyone else was doing something similar, how could it be wrong? The point is that they forgot to consider sufficiently the ethical practice (and duties) they were expected to demonstrate. Where a fiduciary duty was owed to future shareholders and other stakeholders, the public and personal virtues expected (character traits such as integrity, professionalism, courage, and so on), were not sufficiently considered. In retrospect, it would have been wise to include the assessment of ethical expectations as a separate step in any Enterprise Risk Management (ERM) process to strengthen governance and risk management systems and guard against unethical, short-sighted decisions.

It’s also evident that employees who continually make decisions for the wrong reasons, even if the right consequences result, can represent a high governance risk.  Many examples exist where executives motivated solely by greed have slipped into unethical practices, and others have been misled by faulty incentive systems. Sears Auto Center managers were selling repair services that customers did not need to raise their personal commission remuneration, and ultimately caused the company to lose reputation and future revenue.  Many of the classic financial scandals of recent memory were caused by executives who sought to manipulate company profits to support or inflate the company’s share price to boost their own stock option gains. Motivation based too narrowly on self-interest can result in unethical decisions when proper self-guidance and/or external monitoring is lacking. Because external monitoring is unlikely to capture all decisions before implementation, it is important for all employees to clearly understand the broad motivation that will lead to their own and their organization’s best interest from a stakeholder perspective.

Consequently, decision makers should take motivations and behavior expected by stakeholders into account specifically in any comprehensive ERM approach, and organizations should require accountability by employees for those expectations through governance mechanisms. Several aspects of ethical behavior have been identified as being indicative of mens rea (a guilty mind).  If personal or corporate behavior does not meet shareholder ethical expectations, there will probably be a negative impact on reputation and the ability to reach strategic objectives on a sustained basis in the medium and long term.

The stakeholder impact assessment broadens the criteria of the preliminary sniff test by offering an opportunity to assess the motivations that underlie the proposed decision or action. Although it is unlikely that an observer will be able to know with precision the real motivations that go through a decision maker’s mind, it is quite possible to project the perceptions that stakeholders will have of the action. In the minds of stakeholders, perceptions will determine reputational impacts whether those perceptions are correct or not. Moreover, it is possible to infer from remuneration and other motivational systems in place whether the decision maker’s motivation is likely to be ethical or not. To ensure a comprehensive ERM approach, in addition to projecting perceptions and evaluating motivational systems, the decisions or actions should be challenged by asking such questions as:

Does the decision or action involve and exhibit the integrity, fairness, and courage expected? Alternatively, does the decision or action involve and exhibit the motivation, virtues, and character expected?

Beyond the simple sniff test, stakeholder impact analysis offers a formal way of bringing into a decision the needs of an organization and its individual constituents (society). Trade-offs are difficult to make, and can benefit from such advances in technique. It is important not to lose sight of the fact that the concepts of stakeholder impact analysis need to be applied together as a set, not as stand-alone techniques. Only then will a comprehensive analysis be achieved and an ethical decision made.

Depending on the nature of the decision to be faced, and the range of stakeholders to be affected, a proper analysis could be based on any of the historical approaches to ethical decision making as elaborated by ACFE training and discussed so often in this blog.  A professional CFE can use stakeholder analysis in making decisions about financial fraud investigations, fraud related accounting issues, auditing procedures, and general practice matters, and should be ready to prepare or assist in such analyses for employers or clients just as is currently the case in other areas of fraud examination. Although many hard-numbers-oriented executives and accountants will be wary of becoming involved with the “soft” subjective analysis that typifies stakeholder and ethical expectations analysis, they should bear in mind that the world is changing to put a much higher value on non-numerical information. They should be wary of placing too much weight on numerical analysis lest they fall into the trap of the economist, who, as Oscar Wilde put it: “knew the price of everything and the value of nothing.”

Talking Through the Hindrances

That control self-assessment (CSA) can be used as an effective facilitation tool to develop fraud risk assessments is, I’m sure, of no surprise to many of the readers of this blog.  But, for those of you who are not so aware … typically, a control self-assessment session to identify fraud risk is a facilitated meeting of managerial and operational staff (the business process experts) coming together to openly discuss fraud risk prevention objectives related to identified risk factors associated with one or more of a company’s business processes.

Fraud prevention objectives for the business process are identified, as well as obstacles impeding the success of those objectives.  Finally, the team suggests, for upper management consideration, ways to overcome identified obstacles and a proposed corrective action plan is prepared.  At the start of the self-assessment session, the participants adopt a Team Operating Agreement to ensure that an open and honest discussion takes place in a threat free environment.  It takes a consensus of the participants to approve the operating agreement which all the participants in the session sign; no management decisions regarding actions to be taken are made during the session.

After the Operating Team Agreement is in place, team members typically develop and approve what they perceive to be a list of fraud prevention objectives for the target business process under discussion.  Once the anti-fraud objectives are defined, the participants enter a discussion (and develop a list) of what they feel to be the existing overall fraud prevention strengths of the subject process.  Next, the team discusses and develops a list of the hindrances currently preventing the process from achieving its anti-fraud related objectives.  Finally, the team develops recommendations for overcoming the identified hindrances.  Sometimes the team ranks its fraud reduction recommendations by order of importance but this step is not critical.

A CSA for fraud prevention is akin to a risk assessment brainstorming session.  For example, the scope of such a session regarding a financial reporting related business process might be tailored to the risks of financial statement fraud and misstatement as well as to the issue of management override of controls over financial statement reporting.  The objective of the CSA is for the team to identify and discuss fraud risks, fraud scenarios and mitigating controls followed by the preparation of a set of recommendations for referral to management.

For each risk factor identified the CSA team should:

–try to identify what would cause a fraud to occur, or detail the risk factor itself;
–determine the specific fraud risk;
–determine potential fraud schemes or scenarios associated with the risk;
–identify affected financial accounts;
–identify staff positions that could potentially be involved;
–try to assess the type, likelihood, significance and inherent risk involved;
–formulate the controls that could mitigate the risk;
–classify the controls by type (i.e., preventative, detective, entity, and process level);
–identify and assess residual risk.

Certified fraud examiners (CFE’s) have an active role to play in tailoring the CSA format for use in risk identification and mitigation as well as in performing actual facilitation of the CSA sessions.   Specifically, CFE’s can help client staff develop a more detailed, in-depth understanding of complex fraud risks that management and operational staff sometimes only vaguely perceive.  Armed with the knowledge developed during the CAE session(s) and coupled with their risk assessment and group facilitation skills, CFE’s can assist management and the audit committee of the client to identify, assess, and develop final fraud risk mitigation strategies to strengthen the fraud prevention program of the organization as a whole.  Following what are sometimes multiple CAE sessions, CFE’s can assist the team in detailing the menu of anti-fraud measures developed during the individual sessions in a report to client management embodying the anti-fraud recommendations of the CAE session members to the Executive Management Team and to the audit committee for their consideration.  It’s up to top management to decide which of the CSA team’s anti-fraud recommendations to implement and which of the team’s identified risks to accept.

Just a few of the advantages of conducting fraud prevention related CAE’s for critical client business processes include:

–building fraud risk awareness among those middle level managers charged with day-to- day management of our client companies business processes;
–mapping organization wide fraud prevention efforts to specific business processes;
–establishing links between information technology (IT) systems development projects and the broader fraud prevention program;
–identifying, documenting and integrating fraud prevention skill sets across all the business processes of the organization;
–support for the construction of a strong, management supported fraud prevention program that enjoys full management and board support company wide.

Finally, consider the advantages that the self assessment process brings to the ethical dimension of the utilizing enterprise.  The values that a corporation’s managers and directors wish to instill in order to motivate the beliefs and actions of its personnel need to be conveyed to provide the required guidance.  Usually such guidance takes the form of a code of conduct that states the values selected, the principles that flow from those values, and any rules that are to be followed to ensure that the appropriate values are respected.

The code of conduct itself is a worthy subject for a series of separate control self assessment sessions composed of representative levels of company staff such as the management team, lower level management and the operating staff.  The results of these sessions can be analyzed and a final comprehensive report produced documenting the comments (and even suggested revisions) that CSA participants have made regarding the code during their respective sessions.  This exercise is, thus,  an excellent vehicle to build “ownership of the code” among the staff comprising all levels of the enterprise.

Fraud is Crisis

Every fraud represents the challenge of a crisis of greater or lesser degree to the organization which suffers it.

Seventy-one percent of surveyed companies told the financial press in a 2016 survey that they have some sort of general crisis management plan and/or program in place, and almost a further 12 percent indicated that they have one in development. A fraud related crisis has the further potential to have a very significant impact on the reputation of the company and its officers, on the company’s ability to reach its objectives, and even on its ability to survive.  Thus, executives are learning that crises in general are to be avoided, and if avoidance is not possible, that the crisis is to be managed to minimize harm. Directors are also learning that organization-wide crisis assessment, planning, and management must be part of a modern risk management program and, further, constitute a vital component of the overall fraud management program.

Unfortunately, the urgent nature of a major fraud precipitated crisis frequently triggers a focus simply on survival, and ethical concerns can be largely forgotten in the heat of the moment. A crisis is an event that brings, or has the potential for bringing, an organization into disrepute and can imperil its future profitability, growth and long term viability. Effective management of such events involves minimization of all harmful impacts. Crisis-driven reactions rarely approach this objective unless advanced planning is extensive and based upon a good understanding of crisis management techniques, including the importance of maintaining reputation based upon the company’s past, substantiated ethical behavior. If ethical behavior is considered of great importance by a corporation in its normal activities, ethical considerations should be even more so in crisis situations, since crisis resolution decisions usually define the company’s future reputation.

Not only are crisis decisions among the most significant made in terms of potential impact on reputation, remediation opportunities may also be lost if ethical behavior is not a definite part of the crisis management process. For example, avoidance of crises may be easier if employees are ethically sensitized to stakeholder needs; phases of the crisis may be shortened if ethical behavior is expected across the board by all employees; and/or damage to reputations may be minimized if the public expects ethical performance based on the company’s past corporate actions. Moreover, the degree of trust that ethical concern instills in a corporate culture will ensure that no information or option will be suppressed and not given to the decision maker(s) who must deal with the crisis. Finally, constant concern for ethical principles should ensure that important issues are identified and the best alternatives canvased to produce the optimal decision for the company.

Fundamental to the proper management of a crisis is an understanding of four phases of a crisis: pre-crisis, uncontrolled, controlled, and reputation restoration.  As I indicated above, the main goal of any general crisis management program should be to avoid crises on the front end (including those activated by frauds). If this is not possible, then the goals should be to minimize the impact. This can be done by anticipating crises or recognizing early warning signs (red flags) as soon as possible, and responding to soften or minimize the impact and shorten the time during which an anticipated crisis will be uncontrolled. These goals can best be achieved by proper advanced planning, by continued monitoring, and by speedy, effective decision making during the crisis.

Advanced planning for any type of crisis (including fraud) should be part of a modern enterprise risk assessment and contingency management program because of the growing recognition of the potential negative reputational impact of an unanticipated crisis. Fraud examiners can pro-actively assist in this process by conducting fraud risk assessments and by participating in brainstorming for potential problem areas, assessing the vulnerabilities identified, and devising suggested contingency plans for effective action. Second, red flags or warning indicators can be picked out that will identify what is developing so that the earliest action can be taken to minimize cost.

Seventy-three percent of the surveyed companies also reported having a senior-level management and corporate-level crisis management team that focuses on the individual crisis, and 76 percent had a crisis communication plan, which includes notification of the public, employees, government, and the media. The process of CFE assisted brainstorming to identify potential frauds should address fraud related scenarios that could arise from:

  1. Natural disasters;
  2. Technological disasters;
  3. Differences of expectations between individuals, groups, and corporations leading to confrontations;
  4. Malevolent acts by terrorists, extremists, governments, and individuals;
  5. Management values (ethical challenges) that do not keep pace with societal requirements, laws and obligations;
  6. Management deception;
  7. Management misconduct.

Managing the crisis effectively once it has happened is vital to the achievement of crisis management goals. Quick identification and assessment of a developing crisis can be instrumental in influencing the outcome efficiently and effectively. One of the defining characteristics of a crisis is that it will degenerate quickly if no timely action is taken so delay in identification and action can have serious consequences.

The 2016 survey also indicated that internal corporate training programs were apart of preparing for crisis awareness for most the respondents, and that 48 percent used outside contract trainers. Major factors listed by respondents as needing improvement in crisis management generally included internal awareness (51 percent), communication (46 percent), drills/training (38 percent), vulnerability/risk assessment (36 percent), information technology (33 percent), planning/coordinating (32 percent), and business continuity (25 percent).

Undivided attention to any crisis, but especially to fraud related crises, and avoidance of other related problems that can conflict decision makers will result in better decisions, just as will the making of advanced plans on a contingency basis and the integration of ethics into the fraud containment/response process. One of the most important aspects to keep in mind during the assessment of crises, and the avoidance or minimization of their impact, is the immediate and ongoing impact on the organization’s reputation. By reflecting on how the organization’s response to the crisis will affect the perception by stakeholders of it trustworthiness, responsibility, reliability, and credibility, decision makers can make choices that benefit all stakeholders and often enhance the organization’s reputational capital or shorten the period of its diminishment; here, as in all things fraud related, CFE’s, through their expertise and advice, have a critical role to play.

Public Trust

The current round of congressional hearings involving the secretarial appointments to the Trump administration appear to be raising numerous questions about conflicts of interest and as well as instances involving possible self-interested stock trading on the part of several of the wealthy candidates.  Issues involving self-interest are no less important for assurance professionals like CFE’s, auditors and public accountants than they are for presidential appointees.

The misuse of information for personal interest by an assurance professional can be detrimental to other stakeholders of the client or company involved. For example, the use of information by any professional before others have the right to use such information is unfair and considered unethical. This is the basic problem for anyone who is privy to inside information about a company by virtue of being its auditor or an employee, that is, an insider, to use that information personally or indirectly for any self-interested purpose. To ensure the basic fairness of stock markets so that the public and other non-insiders will wish to enter the market, regulatory bodies like the SEC require management insiders to wait until the information is released to the public before allowing insiders to trade, and then they must disclose these trades so the public will know what’s happened.

The prospect of a rigged game, in which insiders have an unfair advantage, would not be in the public interest or in the interest of the corporations using the market for fund raising in the long run. Insider trading rules also apply to the families of the insider, extending even to those who are not part of the immediate family but for or over whom the insider has an obvious ability to exert influence or extract gain. Some individuals with high-profile jobs in the public service go even further to avoid such conflicts of interest. To be entirely ethical, some politicians have placed their holdings, and those of their dependents, in so-called blind trusts, which are managed by someone else with instructions not to discuss trades or holdings with the politician. The situation for we auditors is somewhat different in that the ownership of shares or financial instruments of a client is forbidden based on the real or potential conflict of interest that would be created. Most auditing firms extend this ban in two ways. First, the ban is applied to the auditor’s family and to persons who would be considered significant dependents or subject to influence. Second, the ban may also apply to any client of the firm, even if that client is serviced through a wholly separate office (for international firms, even in another country) with which the individual professional does not have contact on a normally occurring basis.

Where the ban is relaxed on trading in shares of the firm’s clients for employees not directly involved in the client’s affairs, extreme care is taken through information barriers/firewalls and reporting/scrutiny mechanisms to manage the conflict of interest created. The extent of attention paid to the prevention of insider trading and even to the perception of it is indicative of the alarm with which most firms view its prospect. Confidentiality is the term used to describe keeping confidential information that is proprietary to a client or employer. The release of such information to the public, or to competitors, would have a detrimental effect on the interests of the client, and it would be contrary to the expectations of trust of any fiduciary relationship.

In the case of a fraud examiner, this expectation of trust and privacy is vital to the client’s willingness to discuss difficult issues, which are quite germane to the investigation, to get the opinion of the examiner on how they might be dealt with in court proceedings and even, eventually, in the public eye. In the case of auditors, how frank would the discussion of a contentious contingent liability be if there were a possibility the auditor would reveal the confidence? How could a contentious tax treatment be discussed thoroughly if there was the possibility of a voluntary or involuntary disclosure to the tax collection authorities? It’s therefore argued by the ACFE, the AICPA and others that the maintenance of client confidences is essential to the proper exercise of the audit function, and to the provision of the best advice based on full discussion of possibilities.

There are, however, limits to privacy that some professions have enshrined in their codes of conduct, or where these limits are spelled out in regulatory frameworks. Engineers, for example, must disclose to appropriate public officials when they believe a structure or mechanism is likely to be harmful to the users, as in the potential collapse of a building due to violations of the building code.  In most western countries, money laundering for drugs and terrorism must be reported to financial authorities by banking professionals. For auditors as well there appears to be an increasing focus on their public responsibility and an increasing expectation of action rather than silence. This trade-off between the interests of client, management, public, regulators, the profession, and management promises to be an ever growing conundrum for all professionals in the future. One issue that is not as well understood as is often thought is the consequence of a professional accountant observing strict confidentiality about the malfeasance of his or her employer, and being directed by the professional code to resign if the employer cannot be convinced to change their behavior. This would follow from the codes of conduct that require no disclosure of client/employer confidences except in a court of law or subject to a disciplinary hearing, and at the same time requiring resignation to avoid association with a misrepresentation. In the event of a resignation in silence, the ethical misdeed goes unrecognized by all stakeholders except the perpetrators and the silent professional. How does this protect the interests of the public, the shareholders, or the profession?

It has been suggested, as a topic for discussion, that strict confidentiality codes be modified to allow for the introduction of the possibility of consultation on such matters with officials of the professional’s certifying institute. Perhaps through such confidential dialogue, a means could be found to better judge what needs to be kept confidential, when and how disclosure ought to be made, and how the professional’s and the public’s interests can be protected. For an auditor, the situation is different. When an auditor is discharged, or replaced, the incoming auditor has the right to ask the outgoing auditor (and the client) what the circumstances were that led to the dismissal or resignation. In some jurisdictions, the removed auditor even has the right to address the shareholders at their annual meeting, or by mail, at the expense of the corporation involved.

CFE’s and other assurance professionals of all types are sophisticated enough to know that our professional codes don’t cover every ethical challenge and that investigations and engagements involving potential or suspected insider trading and conflicts of interest are no exception.  We must all, therefore, continue to develop judgement, values and character traits that embrace the public expectations inherent in emerging stakeholder oriented accountability and governance frameworks.

The Flavor of the Month

revolving-doorsUnsurprisingly, given issues raised by the press during the recent presidential election about cabinet candidates and the rapidly revolving door between the private sector and government, conflict of interest is again the fraud flavor of the month among the pundits.  To keep the matter in perspective, these same concerns about appointments are raised to a greater or lesser degree following every presidential election.

The ACFE tells us that a conflict of interest occurs when an employee, manager, or executive has an undisclosed economic or personal interest in a transaction that adversely affects the company, or, in the case of government, his or her office.  As with other corruption cases, conflict schemes involve the exertion of an employee’s influence to the detriment of his or her employing organization.

The clear majority of conflict cases occur because the fraudster has an undisclosed economic interest in a transaction. But the fraudster’s hidden interest is not necessarily economic. In some scenarios, an employee acts in a manner detrimental to his organization to provide a benefit to a friend or relative, even though the fraudster receives no financial benefit from the transaction herself.  A manager might split a large repair project into several smaller projects to avoid bidding requirements. This allows the manager to award the contracts to his brother-in-law. Though there was no indication that the manager received any financial gain from this scheme, his actions nevertheless amount to conflict of interest.

It’s important to emphasize that to be classified as a conflict of interest scheme, the employee’s interest in the transaction must be undisclosed. This is a crucial important point and one that’s often overlooked.  The crux of a conflict case is that the fraudster takes advantage of his employer; the victim company is unaware that its employee has divided loyalties. If an employer knows of the employee’s interest in a business deal or negotiation, there can be no a conflict of interest, no matter how favorable the arrangement is for the employee.

If an employee approves payment on a fraudulent invoice submitted by a vendor in return for a kickback, its bribery. If, on the other hand, an employee approves payment on invoices submitted by his own company (and if his ownership is undisclosed), this is a conflict of interest. The distinction between the two schemes is obvious. In the bribery case the fraudster approves the invoice in return for a kickback, while in a conflicts case he approves the invoice because of his own hidden interest in the vendor. Aside from the employee’s motive for committing the crime, the mechanics of the two transactions are practically identical. The same duality can be found in bid rigging cases, where an employee influences the selection of a company in which she has a hidden interest instead of influencing the selection of a vendor who has bribed her.

The concern voiced in the press and other media is legitimate and justified because there are vast numbers of ways in which an employee (or high level government appointee) can use his or her influence to benefit an organization in which s/he has a hidden or even a disclosed interest.

Purchase schemes and sales schemes are the two most common categories involving conflict of interest. Most conflicts of interest arise when a victim company unwittingly buys something at a high price from a company in which one of its employees has a hidden interest, or unwittingly sells something at a low price to a company in which one of its employees has a hidden interest. Most other conflicts involve employees stealing clients or diverting funds from their employer.

The ACFE says its research indicates that most conflict schemes are over billing schemes.  While it is true that any time an employee assists in the overbilling of his company there is probably some conflict of interest (the employee causes harm to his employer because of a hidden financial interest in the transaction), this does not necessarily mean that every false billing will be categorized as a conflict scheme. For the scheme to be classified as a conflict of interest, the employee (or a friend or relative of the employee) must have an ownership or employment interest in the vendor that submits the invoice. This distinction is easy to understand if we look at the nature of the fraud. Why does the fraudster overbill his employer? If she engages in the scheme only for the cash, the scheme is a fraudulent disbursement billing scheme. If, on the other hand, she seeks to better the financial condition of her business at the expense of her employer, this is a conflict of interest. In other words, the fraudster’s interests lie with a company other than her employer. When an employee falsifies the invoices of a third-party vendor to whom he has no relation, this is not a conflict of interest scheme because the employee has no interest in that vendor. The sole purpose of the scheme is to generate a fraudulent disbursement.

A short rule of thumb can be used to distinguish between over-billing schemes that are classified as asset misappropriations and those that are conflicts of interest: if the bill originates from a real company in which the fraudster has an economic or personal interest, and if the fraudster’s interest in the company is undisclosed to the victim company, then the scheme is a conflict of interest.

Not all conflict schemes occur in the traditional vendor-buyer relationship. Some involve employees negotiating for the purchase of some unique, typically large asset such as land or a building in which the employee had an undisclosed interest. It is in the process of these negotiations that the fraudster violates his duty of loyalty to his employer. Because he stands to profit from the sale of the asset, the employee does not negotiate in good faith to his employer; he does not attempt to get the best price possible. The fraudster will reap a greater financial benefit if the purchase price is high. In a turnaround sale or flip an employee knows his employer is seeking to purchase a certain asset and takes advantage of the situation by purchasing the asset himself (usually in the name of an accomplice or shell company). The fraudster then turns around and resells the item to his employer at an inflated price. A write off of sales scheme involves tampering with the books of the victim company to decrease or write off the amount owed by an employee’s business. For instance, after an employee’s company purchases goods or services from the victim company, credit memos may be issued against the sale, causing it to be written off to contra accounts such as Discounts and Allowances. Many reversing entries to sales may thus be a sign that fraud is occurring in an organization. Finally, some employees divert the funds and other resources of their employers to the development of their own business. While these schemes are clearly corruption schemes, the funds are diverted using a fraudulent disbursement. The money could be drained from the victim company through a check tampering scheme, a billing scheme, a payroll scheme, or an expense reimbursement scheme.

The bottom line is that every management has an obligation to disclose to the shareholder’s significant fraud committed by officers, executives, and others in positions of trust. Management does not have the responsibility of disclosing uncharged criminal conduct of its officers and executives. However, when officers, executives, or other persons in trusted positions become subjects of a criminal indictment, disclosure is required. The inadequate disclosure of conflicts of interests is among the most serious of frauds. Inadequate disclosure of related-party transactions is not limited to any specific industry; it transcends all business types and relationships.

On the detection side, CFE’s continue to point out some of the more tried and true  methods that can be used including tips and complaints, comparisons of vendor addresses with employee addresses, review of vendor ownership files, review of exit interviews, comparisons of vendor addresses to addresses of subsequent employers, and interviews with purchasing personnel for favorable treatment of one or more vendors.

Who Will Watch Over Them?

senior-citizensMichael Bret Hood’s thoughtful contribution to our most recent Fraud in the News post ( got me to thinking about the linked problems of identity theft and financial exploitation of the elderly.  The U.S. Census Bureau tells us that by the year 2030, it’s estimated that seniors over the age of 65 will comprise 72 million American citizens.  My former Medicaid Program colleagues tell me that by the age of 90, fifty percent of seniors will experience some form of disability and/or mental deterioration that will require outside assistance to perform daily tasks. Who will supervise these individuals to ensure financing decisions remain in the best interest of the senior citizens themselves and not those of fraudsters preying upon them?

Every fraud examiner (and assurance professionals in general), as a part of their routine practice, should be thinking of the design of processes and controls to protect these vulnerable individuals and their assets, to decrease the opportunity for financial fraud and to prevent access and exploitation by ethically challenged parties.

But what is financial abuse of the elderly exactly?  Experts generally say that such financial abuse, or exploitation is limited to the illegal or improper utilization of an elder’s funds, property, or assets.  Such experts usually go on to discuss undue influence or the ability of someone to misuse their power to exploit a weaker person’s trust and influence their decision making as important factors when defining this type of financial crime.  The ACFE defines the typical victims as white, widowed females who are ages 70 to 89 years. Elder financial abuse assumes many forms and occurs across varied demographics. Famous personalities such as Mickey Rooney, Zsa Zsa Gabor, J. Howard Marshall (married to Anna Nichole Smith), and Liliane Bettencourt (heiress to the L’Oreal fortune), were all victims of this sad type of financial fraud.

CFE’s should be aware that a senior whose affairs have become part of one of our investigations has usually become a victim under one or more of four different scenarios:

(1) the senior is a financial prisoner, physically and perhaps psychologically dependent on a caregiver;

(2) the senior is losing the ability to handle financial affairs because of physical or cognitive impairment; a “new best friend” gradually assumes the responsibility for handling the senior’s affairs and then abuses that trust;

(3) a widow or widower does not know how to handle financial affairs that their deceased spouse used to take care of and is taken advantage of by someone offering assistance; and

(4) a senior, perhaps out of fear or paranoia, refuses help or financial advice from reliable, responsible relatives or other individuals and instead turns to strangers.

We are fortunate in Virginia in that most of our state agencies that deal routinely with the elderly have mandatory or voluntary reporting requirements for suspected abuse, but reporting and processing requirements, as the ACFE tells us, often vary within each state. Most states have an elder abuse reporting requirement for the following professionals: police, social workers, public assistance and mental health workers, nursing home employees, and licensed health care providers. They are required to report possible instances to state agencies and, thus, an investigation commences within a prescribed period—normally 48 hours. If the agency processing the initial report is not a law enforcement entity, the agency will turn the case over to a law enforcement agency if it is believed a crime had been perpetrated. There are reporting agencies within each state; however, in most states, there is no one comprehensive, centralized entity with the ability to immediately assess the senior’s situation and put processes in place to protect the senior’s assets and interests.

I believe that we CFE’s should strongly advocate for expansion of the scope of professionals who must report abuse to include: financial planners, accountants, attorneys, bankers, funeral home directors, and church officials. Each would be in the position to assess how the individual is affected by life events. For example, a funeral home director helping a family bury an elderly parent might notice that the spouse is not sure of her financial situation or appears to have diminished mental capacity. If the employee of the funeral home were required to report an at-risk senior, the opportunity for those in a positon to take advantage of that senior may be diminished.

Specific laws have been created during the last decade by federal and state agencies to combat the growing problem of elder financial abuse. The Dodd-Frank Wall Street Reform and Protection Act contains the Senior Investment Protection Act of 2008 which protects older Americans from misleading and fraudulent marketing practices with the goal of increasing retirement security through “grants” enabling states to investigate and prosecute those who sell financial products through “misleading and fraudulent marketing practices, provide educational materials to help seniors avoid becoming a victim, establish reporting requirements, etc.

The Affordable Care Act authorized funds to create a federal elder justice coordination team. The team is charged with combining previously fragmented elder abuse initiatives across the federal government and determines what actions are needed to enhance protection efforts.  The Elder Justice Act directs the Department of Health and Human Services to develop this “coordination team” among other efforts to focus on education, research, leadership and guidance in establishing programs to prevent elder abuse. Although Congress has authorized 125 million dollars for the directives of the Elder Justice Act, only $8 million was appropriated to the 2013 federal budget.

Federal and state agencies in partnership with professional organizations like the ACFE and AICPA, law enforcement, nonprofits, the private sector, and the court system must work together to develop a new model to eradicate elder financial abuse. This new model’s primary concentration should be creating preemptive measures and processes to immediately protect the senior’s financial resources from circling predators.  CFE’s need to be aware that though Federal, state, and local agencies have assumed the responsibility for targeting elder financial abuse, these agencies, as currently constituted, cannot meet demand, generally lack funding, and have limited staffing resources. There are many successful anti-elder abuse leaders within the private and nonprofit sectors, yet accountability of who is responsible and accountable for what is an issue. A balanced partnership between the agencies, nonprofits, and the private sector may be the best long term approach to combating the problem.

Elder financial abuse can only be eradicated if a preemptive approach is adopted. Fraud examiners must understand the history and growth of elder financial abuse, the government’s attempt to enact new laws, the current mostly reactive process, and the cost to society, before brainstorming can commence to develop an effective fraud containment and prevention model. Only through a partnership between agencies, state and local authorities, private sector, law enforcement, and nonprofits can society produce a central authority that could become the shield to protect our aging population from the sad and metastasizing cancer of financial abuse.