Who's Allegedly 'Cooking the Books' and Where?

To learn how alleged financial-statement fraud schemes have changed, the Deloitte Forensic Center analyzed hundreds of SEC Accounting and Auditing Enforcement Releases (AAERs) issued from 2000 through 2008 and compared the fraud schemes alleged by the SEC in these AAERs in 2007 and 2008. The study had five key findings:

Nearly one-third (32%) of the individuals identified in the SEC's enforcement releases alleging financial-statement fraud that we analyzed for 2008 had roles other than CEO, chief financial officer (CFO), chief accounting officer (CAO), or controller (see Chart 1, page 2). While those may be the “usual suspects” when fraud is alleged, the SEC also alleged involvement by people in other management roles such as sales, operations and planning, as well as general counsel and directors.

The consumer business, financial services and life science and health-care industries showed at least one-third growth in their share of alleged fraud schemes in 2008 AAERs compared with 2007. This may be in part due to increased regulatory attention to the financial-services and life science and health-care industries.

While revenue recognition manipulation was the financial-statement fraud most commonly alleged by the SEC from 2000 to 2008, representing 38% of such schemes, its dominance has been diminishing quite rapidly. This may have implications for corporate fraud risk assessments and regulatory policy.

The six most common revenue recognition manipulation schemes alleged by the SEC in 2008 showed considerable changes from 2007 in terms of the proportion represented by each such scheme. Recognition of revenue from sales transactions billed but not shipped (“bill-and-hold”) doubled its proportion of such schemes, while recognition of revenue when products or services are not delivered, delivery is incomplete or items are delivered without customer acceptance, increased by approximately one-third.

Improper disclosures and manipulation of expenses both increased by approximately one-third their proportion of financial-statement fraud schemes alleged by the SEC in 2008 compared with 2007, while alleged manipulation of accounts receivable, reserves and other liabilities decreased (see Chart 2, page 6). These year-on-year comparisons show considerable volatility, illustrating how risk managers always face a moving target. In-house counsel can use the detailed results of this study to facilitate a discussion with management, those charged with governance, and the head of the internal-audit function about ways to update or enhance fraud risk assessment and management. Here are some detailed results drawn from our analysis:

Executives at Risk

As Chart 1 shows, a large number of financial-statement fraud allegations ' 24% ' are directed at managers involved in sales, operations, planning, and similar roles. Many held the title of vice-president or senior vice-president. This suggests the SEC is seeking to hold accountable executives in a wide variety of functions if they are allegedly involved in helping to perpetrate financial statement fraud. Non-financial functions, including directors and general counsel, might be thought not to need training about recognizing and reporting potential financial-statement fraud. The SEC's actions suggest such training could be valuable.

Industry Patterns

Of the 1,501 alleged fraud schemes identified in the 430 AAERs from 2000 to 2008 that we analyzed for this study, two-thirds were accounted for by two industries: TMT (technology, media and telecommunications) had 37%, and 29% were in consumer business (retail, wholesale & distribution; consumer services; consumer products; tourism, hospitality and leisure; and health plans). Three industries followed with 8%-9% each: manufacturing, life science and health care, and financial services. In contrast, for 2008, financial services took third place with 18% (up from 13% in 2007) and life science and health care was in fourth place with 12% (up from 8% in 2007). This shift may be in part due to increased regulatory attention to the financial services and health-care industries. In-house counsel and other risk managers may wish to adjust to this changing regulatory environment.

Changing Revenue Recognition Schemes

As Chart 2 below shows, for the AAERs we studied from 2008, just 30% of the alleged fraud schemes related to revenue recognition, down from 33% in 2007. This change is part of a broader trend beginning in 2003. The overall decline may be the result of new guidance from the SEC and special emphasis on this issue in professional literature. So this might be viewed as a success ' but also a challenge, because risk management may need to be applied to a greater variety of financial-statement schemes in the future. In-house counsel may wish to consider possible changes in the company's fraud-prevention programs in response to this shifting environment.

Other Trends

Chart 2 shows the proportions of different categories of alleged financial statement fraud in 2007 and 2008 SEC AAERs. While revenue recognition manipulation was the largest single alleged financial-statement fraud scheme in both years, we note the increase in the proportion of all schemes relating to alleged improper disclosures, from 13% in 2007 to 18% in 2008, as well as the increase in manipulation of expenses, from 12% of all alleged schemes in 2007 to 16% in 2008. To have such jumps in the mix of alleged fraud schemes from one year to the next is a reminder that fraud risk assessments may need to be updated to reflect appropriately the current degree of risk. Also, anti-fraud controls previously considered sufficient to address a particular risk might no longer be sufficient if the level of risk has increased significantly.

Conclusion

Financial-statement fraud risks may be changing. In-house counsel and those responsible for risk management, governance and internal audit may wish to consider the potential impact on their organization's fraud risk assessment and risk management activities.

Study Methodology

The SEC reports on its administrative enforcement actions through its Accounting and Auditing Enforcement Releases (AAERs). The Deloitte Forensic Center's staff reviewed more than 1,700 AAERs issued by the SEC from January 2000 through December 2008. For our analysis, we considered, where possible, the AAERs that most comprehensively addressed particular instances of alleged financial-statement fraud at SEC-registered companies. This resulted in the inclusion of more than one AAER for some companies, when the SEC issued multiple AAERs detailing multiple, discrete alleged fraud schemes. We excluded releases that repeated alleged fraud schemes we had already identified, or which dealt with alleged insider trading, actions against vendors, or auditors. This filtering process resulted in the 430 AAERs relating to 392 companies that are the subject of this study.

We sorted companies into nine industries, using categories we developed, as well as noting sub-industries as appropriate. We classified the alleged frauds identified into 12 categories and 61 subcategories based on how the alleged fraud was committed.

Toby J.F. Bishop ([email protected]), a member of this newsletter's Board of Editors, is director of the Deloitte Forensic Center, and Frank E. Hydoski ([email protected]) is national leader of Analytic & Forensic Technology practice, both for Deloitte Financial Advisory Services LLP. The views expressed in this article are those of the authors and may not be those of Deloitte Financial Advisory Services LLP.

[IMGCAP(1)]

[IMGCAP(2)]

As the economic downturn and financing challenges continue to put many organizations under heightened pressure, financial-statement fraud remains
a concern to lenders, investors and regulators. In a poll conducted during an April 23, 2009 Deloitte online seminar entitled “Managing Fraud Risk: Insights and Practical Strategies,” 72% of the 2,123 respondents indicated a belief that the number of accounting frauds uncovered would increase over the next two years.

When asked which type of financial-statement fraud was of greatest concern to them in the current economic environment, in second place after the usual answer ' manipulation of revenue recognition, chosen by 41% of respondents ' was manipulation for debt covenant compliance purposes. This scheme is not usually brought up in studies of common financial-statement frauds, but in this seminar it was selected by 18% of respondents. These results suggest that financial-statement fraud continues to be an important business risk for organizations to guard against.

How Fraud Schemes Have Changed

To learn how alleged financial-statement fraud schemes have changed, the Deloitte Forensic Center analyzed hundreds of SEC Accounting and Auditing Enforcement Releases (AAERs) issued from 2000 through 2008 and compared the fraud schemes alleged by the SEC in these AAERs in 2007 and 2008. The study had five key findings:

Nearly one-third (32%) of the individuals identified in the SEC's enforcement releases alleging financial-statement fraud that we analyzed for 2008 had roles other than CEO, chief financial officer (CFO), chief accounting officer (CAO), or controller (see Chart 1, page 2). While those may be the “usual suspects” when fraud is alleged, the SEC also alleged involvement by people in other management roles such as sales, operations and planning, as well as general counsel and directors.

The consumer business, financial services and life science and health-care industries showed at least one-third growth in their share of alleged fraud schemes in 2008 AAERs compared with 2007. This may be in part due to increased regulatory attention to the financial-services and life science and health-care industries.

While revenue recognition manipulation was the financial-statement fraud most commonly alleged by the SEC from 2000 to 2008, representing 38% of such schemes, its dominance has been diminishing quite rapidly. This may have implications for corporate fraud risk assessments and regulatory policy.

The six most common revenue recognition manipulation schemes alleged by the SEC in 2008 showed considerable changes from 2007 in terms of the proportion represented by each such scheme. Recognition of revenue from sales transactions billed but not shipped (“bill-and-hold”) doubled its proportion of such schemes, while recognition of revenue when products or services are not delivered, delivery is incomplete or items are delivered without customer acceptance, increased by approximately one-third.

Improper disclosures and manipulation of expenses both increased by approximately one-third their proportion of financial-statement fraud schemes alleged by the SEC in 2008 compared with 2007, while alleged manipulation of accounts receivable, reserves and other liabilities decreased (see Chart 2, page 6). These year-on-year comparisons show considerable volatility, illustrating how risk managers always face a moving target. In-house counsel can use the detailed results of this study to facilitate a discussion with management, those charged with governance, and the head of the internal-audit function about ways to update or enhance fraud risk assessment and management. Here are some detailed results drawn from our analysis:

Executives at Risk

As Chart 1 shows, a large number of financial-statement fraud allegations ' 24% ' are directed at managers involved in sales, operations, planning, and similar roles. Many held the title of vice-president or senior vice-president. This suggests the SEC is seeking to hold accountable executives in a wide variety of functions if they are allegedly involved in helping to perpetrate financial statement fraud. Non-financial functions, including directors and general counsel, might be thought not to need training about recognizing and reporting potential financial-statement fraud. The SEC's actions suggest such training could be valuable.

Industry Patterns

Of the 1,501 alleged fraud schemes identified in the 430 AAERs from 2000 to 2008 that we analyzed for this study, two-thirds were accounted for by two industries: TMT (technology, media and telecommunications) had 37%, and 29% were in consumer business (retail, wholesale & distribution; consumer services; consumer products; tourism, hospitality and leisure; and health plans). Three industries followed with 8%-9% each: manufacturing, life science and health care, and financial services. In contrast, for 2008, financial services took third place with 18% (up from 13% in 2007) and life science and health care was in fourth place with 12% (up from 8% in 2007). This shift may be in part due to increased regulatory attention to the financial services and health-care industries. In-house counsel and other risk managers may wish to adjust to this changing regulatory environment.

Changing Revenue Recognition Schemes

As Chart 2 below shows, for the AAERs we studied from 2008, just 30% of the alleged fraud schemes related to revenue recognition, down from 33% in 2007. This change is part of a broader trend beginning in 2003. The overall decline may be the result of new guidance from the SEC and special emphasis on this issue in professional literature. So this might be viewed as a success ' but also a challenge, because risk management may need to be applied to a greater variety of financial-statement schemes in the future. In-house counsel may wish to consider possible changes in the company's fraud-prevention programs in response to this shifting environment.

Other Trends

Chart 2 shows the proportions of different categories of alleged financial statement fraud in 2007 and 2008 SEC AAERs. While revenue recognition manipulation was the largest single alleged financial-statement fraud scheme in both years, we note the increase in the proportion of all schemes relating to alleged improper disclosures, from 13% in 2007 to 18% in 2008, as well as the increase in manipulation of expenses, from 12% of all alleged schemes in 2007 to 16% in 2008. To have such jumps in the mix of alleged fraud schemes from one year to the next is a reminder that fraud risk assessments may need to be updated to reflect appropriately the current degree of risk. Also, anti-fraud controls previously considered sufficient to address a particular risk might no longer be sufficient if the level of risk has increased significantly.

Conclusion

Financial-statement fraud risks may be changing. In-house counsel and those responsible for risk management, governance and internal audit may wish to consider the potential impact on their organization's fraud risk assessment and risk management activities.

Study Methodology

The SEC reports on its administrative enforcement actions through its Accounting and Auditing Enforcement Releases (AAERs). The Deloitte Forensic Center's staff reviewed more than 1,700 AAERs issued by the SEC from January 2000 through December 2008. For our analysis, we considered, where possible, the AAERs that most comprehensively addressed particular instances of alleged financial-statement fraud at SEC-registered companies. This resulted in the inclusion of more than one AAER for some companies, when the SEC issued multiple AAERs detailing multiple, discrete alleged fraud schemes. We excluded releases that repeated alleged fraud schemes we had already identified, or which dealt with alleged insider trading, actions against vendors, or auditors. This filtering process resulted in the 430 AAERs relating to 392 companies that are the subject of this study.

We sorted companies into nine industries, using categories we developed, as well as noting sub-industries as appropriate. We classified the alleged frauds identified into 12 categories and 61 subcategories based on how the alleged fraud was committed.

Toby J.F. Bishop ([email protected]), a member of this newsletter's Board of Editors, is director of the Deloitte Forensic Center, and Frank E. Hydoski ([email protected]) is national leader of Analytic & Forensic Technology practice, both for Deloitte Financial Advisory Services LLP. The views expressed in this article are those of the authors and may not be those of Deloitte Financial Advisory Services LLP.

[IMGCAP(1)]

[IMGCAP(2)]