CHAPTER 4
Challenges and Opportunities in Forensic Accounting
Executive Summary
High-quality financial information is the lifeblood of capital markets, and that lifeblood can be adversely affected by the existence and persistence of financial statement fraud (FSF). Forensic accounting has made impressive progress in the past two decades in the aftermath of financial scandals at the turn of the twenty-first century and the 2007 to 2009 global financial crisis. Forensic accounting has moved to the center stage of accounting as the most challenging, exciting, and rewarding field of accounting. This chapter presents emerging issues in forensic accounting in the areas of litigation consulting, expert witnessing, valuation, and fraud investigation.
Introduction
Forensic accounting has evolved in the past decade as primarily a fraud investigation to the full pledged nonfraud accounting and investigative activities. There are still many challenges in forensic accounting, and this chapter presents these challenges and the related opportunities. Challenges presented in this chapter are forensic accountants’ involvement with risk assessment, cyberattacks, corporate governance, and information technology (IT). This chapter also presents emerging issues in fraud and nonfraud forensic accounting services.
Forensic Accounting Challenges and Opportunities
Forensic accounting fraud and nonfraud services are challenging and rewarding. Owing to advancements in technology, forensic accountants need improved skills to properly and accurately use IT, Big Data, and data analytics to improve the effectiveness of their forensic accounting services. Analytical skills are often used to tackle Big Data, which is becoming more prevalent in businesses, particularly in larger firms. Specific skills include database manipulation and slice and dice. These techniques are IT-related, because the accounting field is moving toward data analytics, data mining, and manipulation of data instead of codifying data.1 Owing to this advancement in technology, forensic accountants’ job opportunities are increasing. According to Association of Chartered Certified Accountants (ACCA), the rise of corporate governance is leading to increasing demand. Corporate governance measures are designed to hold corporate gatekeepers accountable and to oust unethical and illegal business practices. Forensic accountants investigate these practices and aid in the trail process during litigation procedures.2
The rise of emphasis on corporate governance is a direct result of recent well-known fraud cases such as Enron and WorldCom, among others. Fraud cases presented in previous chapters suggest that ineffective corporate governance has contributed to the existence and persistence of financial statement fraud (FSF). Forensic accountants understand that fraud happens from an ineffective corporate governance, insufficient internal controls, and improper regulations and standards. Forensic accountants often advocate for open communication, established oversight, and a set of rules that punish the guilty to solidify corporate governance. If fraud happens, often because of failures in corporate governance, forensic accountants will review financial statements, identify red flags and areas of high risk for fraud potential, and follow red flags to fraudulent behavior.3
Forensic Accounting Opportunities
Forensic accountants have provided a variety of fraud and nonfraud services, including FSF investigation, litigation consulting, expert witnessing, and valuation, among other services. These services have contributed to the success of businesses and individuals as well as the accounting profession. Many professional organizations, particularly the Big 4, have established expertise and market niche in forensic accounting. Deloitte has a project deliver analyst position, which requires assistance with federal investigations, anti-money laundering (AML) compliance, support tasks, and analysis of fraud, whereas KPMG, PwC, and EY have similar positions.4 In the government sector, the Tennessee Bureau of Investigation (TBI) has forensic services divisions located in Nashville, Knoxville, and Memphis, in which employees investigate crime scenes, respond to violent crime, and examine medical material.5 The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its “Fraud Risk Management Guide” in September 2016, that encourages engagement of all corporate gatekeepers including the board of directors, management and internal and external auditors, legal counsel, and forensic accountants in FSF risk assessment and management.6
The Securities and Exchange Commission (SEC) has recently taken three initiatives, namely, the Financial Reporting and Audit Task Force, the Microcap Fraud Task Force, and the Centre for Risk and Quantitative Analytics to investigate and combat FSF.7 Forensic accounting practices are exciting and rewarding. The forensic accounting field is experiencing rapid growth. The rise of technology has increased the number of jobs and requirements for forensic accountants. The ACFE released a global study in 2017 that showed a 31-percent increase in compensation when a forensic accountant obtains a Certified Fraud Examiner (CFE) certification.8 The average annual salary for a forensic accountant, according to Glassdoor statistics, is $80,464.9
Challenges for Forensic Accountants
Forensic accountants are facing many challenges in successfully performing their professional services. The most prevailing challenges for forensic accountants are in the areas of fraud investigation, risk assessment, and corporate governance, among others, addressed in this section.
Financial Fraud Investigation
FSF is defined in previous chapter as deliberate misstatement or omission of amounts or disclosures of financial statements to deceive financial statement users, particularly investors and creditors. There is a variety of FSF schemes as discussed in the previous chapters. The motivation to commit FSF not only comes from pressures that are placed on management to succeed but also comes from departmental budget requirements including income and profit goals. FSF is harmful in many ways; for example it10:
1. Undermines the reliability, quality, transparency, and integrity of the financial reporting process. An increasing number of financial restatements and recent enforcement acts by the SEC against big corporations (e.g., Enron, WorldCom, Xerox, ImClone, Global Crossing, Qwest, Halliburton, Bristol-Myers, Tyco, Dynegy, Adelphia Communications, and Computer Associates) for alleged FSF has severely undermined the public confidence in the veracity of financial reports.
2. Jeopardizes the integrity and objectivity of the auditing profession, especially auditors and auditing firms. Andersen, one of the Big-5 CPA firms, during the past several months, has dismantled its international network and allowed offices to join rival firms. The jury’s guilty verdict of obstruction of justice effectively ended Andersen’s audit practice.
3. Diminishes the confidence of the capital markets, as well as market participants, in the reliability of financial information. The capital market and market participants, including investors, creditors, employees, and pensioners, are affected by the quality and transparency of financial information they use in making investment decisions.
4. Makes the capital market less efficient. Auditors reduce the information risk that may be associated with the published financial statements and thus make them more transparent. The information risk is the likelihood that financial statements are inaccurate, false, misleading, biased, and deceptive. By applying the same financial standards to diverse businesses and by reducing the information risk, accountants contribute to the efficiency of our capital markets.
5. Adversely affects the nation’s economic growth and prosperity. Accountants are expected to make financial statements among corporations more comparable by applying the same set of accounting standards to diverse businesses. This enhanced comparability makes business more transparent, the capital markets more efficient, free enterprise system possible, and the economy more vibrant and prosperous. The efficiency of our capital markets depends on receiving objective, reliable, and transparent financial information. Thus, the accounting profession, especially practicing auditors, plays an important role in our free enterprise system and capital markets. However, Enron, WorldCom, and Global Crossing debacles cast some doubt that the role of accountants can be compromised.
6. Results in huge litigation costs. Corporations and their auditors are being sued for alleged FSF and related audit failures by a diverse group of litigants, including class action suits by small investors and suits by the U.S. Department of Justice. Investors are also given the right to sue and recover damages from those who aided and abetted securities fraud.
7. Destroys careers of individuals involved in FSF such as top executives being barred from serving on the board of directors of any public companies or auditors being barred from practice of public accounting. Several senior executives of Adelphia Communications were arrested on July 24, 2002, for allegedly committing fraud by stealing hundreds of millions of dollars from the battered cable company and engaging in financial shenanigans.
8. Causes bankruptcy or loss of substantial economic losses by the company engaged in FSF. WorldCom, with $107 billion in assets and $41 billion in debt, finally filed for Chapter 11 bankruptcy protection on July 21, 2002. WorldCom’s bankruptcy is the largest U.S. bankruptcy ever, almost twice the size of Enron.
9. Encourages regulatory intervention. Regulatory agencies (e.g., the SEC) considerably influence the financial reporting process and related audit functions. The current perceived crisis in the financial reporting process and audit functions has encouraged lawmakers to establish accounting reform legislation (Sarbanes–Oxley [SOX] Act of 2002). The SOX Act will drastically change the self-regulating environment of the accounting profession to a regulatory framework under the SEC oversight function.
10. Causes destructions in the normal operations and performance of alleged companies. Alleged FSF of Enron, WorldCom, Global Crossing, and Adelphia has caused these high-profile companies to file bankruptcy, and their top executives have been fined and, in some cases, indicted for violation of Securities Acts.
11. Raises serious doubt about the efficacy of financial statement audits. The financial community is demanding that high-quality audits and auditors should improve their audit effectiveness and efficacy to produce the needed assurance.
12. Erodes public confidence and trust in the accounting and auditing profession. One message that comes through loud and clear these days in response to the increasing number of financial restatements and alleged FSF is that the public confidence in the financial reporting process and related audit functions is substantially eroded.
The COSO released its “Fraud Risk Management Guide” in September 2016, which suggests a comprehensive monitoring and assessment approach in managing fraud risk, including FSF by all corporate gatekeepers from the board of directors to management, internal auditors, external auditors, and others such as short sellers and forensic accountants.11 All corporate gatekeepers play an important role in preventing, detecting, and correcting FSF, as depicted in Exhibit 4.1.
FSF is intentional wrongful acts by management to mislead shareholders and other stakeholders by presenting materially misstated financial reports. This type of fraud is intentionally committed to benefit the company to the detrimental of shareholders or engaging in fraud against the company involving misappropriation of assets. The elements of fraud are as follows:
• A false representation of a material nature
• Knowledge that the representation is false or reckless disregard for the truth (Scienter)
• Reliance on the false representation by the victim
• Financial damages are incurred (to the benefit of the perpetrator).
• The act was intentional.
The important element of management and occupational fraud is the intent and knowingly engaging in fraud. Although “intent” is an element of fraud, the presence of “intent” is difficult to prove in fraud cases by “direct” evidence. Thus, forensic accountants usually focus on other three elements of fraud, as depicted in Exhibit 4.2. The three elements are “The Act,” “The Conversion,” and “The Concealment” that are the metrics used by forensic accountants in analyzing corporate fraud. The “Act” is usually the theft or engaging in FSF. The “Concealment” usually involves efforts to conceal the “Act.” “Conversion” is when the fraudsters convert the assets to their own benefit. The Act involves the actual perpetration of fraud, for example, taking cash or the misappropriation of assets. Conversion involves converting business resources for personal use and/or transferring the business and its resources to others. Concealment involves the actions and steps taken by the fraud perpetrators to hide fraud by destroying documents and evidence, changing the business structure, and altering financial records.
Elements of Fraud as Proxies for Intent/Scienter/Knowledge of Wrongdoing (Dimond of Fraud Actions)
Source: This Dimond of fraud actions is developed based on the original triangle of characteristics of the crime by Albrecht, S., C.O Albrecht. C. C.C Albrecht. 2006. Fraud Examination, 2nd Edition, Thompson, South Wetern, Canada.
Digital Forensics
Digital forensic is the merging area of practice for forensic accountants that create both challenges and opportunities for them. Particularly, digital analysis can serve as an effective tool in identifying material errors and irregularities and detecting fraud. Digital forensics, including computer forensics and network forensics, is a digital data analytics technique used in investigating and analyzing evidence in online computer networks. There are multiple types of software that can be used to analyze digital data. An example includes the Forensic Toolkit, which often is called the FTK. The FTK is produced by ACCESSDATA, which is a forensic service firm founded in 1987 to help clients address fraud using its software. The toolkit itself has been ported over to mobile and e-technology platforms to further its mobility. According to Grant Thornton, a modestly sized accounting firm, the use of FTK is prevalent in its offices.12 In terms of software function, it locates evidence and then analyzes the location it originated from. The evidence is stored in a central database making it easy to access. Along with ease of accessing, having a central database reduces cost of maintenance. For more information pertaining to the forensic toolkits functionality and Grant Thornton’s opinion on the software, please visit accessdata.com.13
Benford’s law, one of the most commonly used techniques, is used in digital analysis. In applying the Benford’s law, a forensic accountant could extract the first number from a dataset using the “Left” function in excel, and then execute a “Sumif” function to calculate the percentage of numbers that begin with 1–9. In a normal dataset, there will be more 1’s than 2’s, 2’s than 3’s, 3’s than 4’s, consecutively. Other digital analysis techniques include:
Searching for duplicate transactions, searching for rounded amounts, and performing ratio analysis in which the ratio of the highest value to the lowest (maximum/minimum), the ratio of the highest value to the next highest (maximum/second highest), and the ratio of the current year to the previous year are analyzed.14
The importance of digital forensics is ever increasing in the current business environment, because companies are moving toward a reduced, or paperless environment. A byproduct of this shift is an increasing proportion of digital to nondigital evidence. A fraud examiner proficient in digital forensics can recover seemingly deleted documents, e-mails, files, programs, and so on, by having proficient knowledge of a computer’s registry. This change in environment works in the favor of the fraud examiner because, previously, if a paper file and its backups were destroyed the file would be gone. However, in computerized systems it is much more difficult to delete all traces and backups of a file owing to the sheer amount of storage possibilities.15 Digital fraud is growing as e-commerce strategies are becoming more common business practices, and thus digital fraud perpetrators are fined for engaging in digital fraud transmitting by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice.16
Big Data and Data Analytics
IT advances (e.g., cloud, social media, and analytics) enable organizations to have an unprecedented amount of structured, semi-structured, and unstructured data. The emergence of “high-volume, high-velocity, and high-variety” information that can be processed electronically to facilitate decision making is usually described as Big Data.17 Big Data has also received common acceptance and practical application in the business community. For example, more than 98 percent of all stored information is electronic, compared with about 25 percent of such information, which was digital in 2000.18 Because traditional rules-based relational database techniques, such as matching, sorting, filtering, and query design, often result in false positives or missed fraud detection opportunities, forensic accountants nowadays incorporate data visualization, predictive analytics, behavior analytics, content analytics, social network analysis, geo-spatial analytics, and numerous advanced antifraud techniques.19
Forensic accountants are now able to obtain a huge amount of both structured (e.g., general ledger or transaction data) and unstructured data (e.g., e-mail, voice, or free-text fields in a database), together with an increasing amount of nontraditional data sources such as third-party watch lists, news media, free-text payment descriptions, e-mail communications, and social media. As a result, forensic accountants use advanced technological tools in the investigation. For example, forensic accountants use social media and web monitoring, voice searching and analysis, visualization, and reporting tools.20 There is a shortage of forensic accountants who possess Big Data/analytical skills and are able to use sophisticated analytical tools to effectively and accurately identify potential risks and proactively search for irregularities and assess and manage their risk profile. The growing demand and inadequate supply of Big Data professionals raises the question whether there is adequate training related to Big Data at the undergraduate/graduate level in the forensic accounting education. The integration of Big Data into the forensic accounting and business curriculum supports the market demand in these two areas and keeps the business curriculum aligned with the practices.
The following examples illustrate the use of Big Data (analytics) in the forensic accounting practice. First, when forensic accountants investigate fraud, corruption, or bribery cases, they take industry-specific norms or regulations into consideration and use keyword phrases to identify potential frauds. Second, by utilizing historical activities or transaction data, forensic accountants can use predictive modeling and other advanced analytics to detect suspicious and anomalous transactions, high-risk events, or potential fraudulent behaviors or activities. Third, by mining across multiple sources of databases (e.g., customer or third-party databases), forensic accountants can use entity resolution algorithms to identify hidden relationships, addresses, and aliases and investigate conflicts of interest, fake identities, or sanctioned individuals/entities.
Fourth, forensic accountants use social network analytics to detect hidden relationships, bogus vendors, or fake bank accounts when they analyze both structured and unstructured data in the format of visuals and links from social media. Fifth, a large amount of unstructured text data is available from the free-text field of journal entries, payment description, expense details, e-mails, social media, documents, presentations, and hard drives of individual employees or the organizations. Forensic accountants use text mining or text analytics with heuristic rules and statistical techniques to discover the sentiments and conceptual meanings of large amounts of text data, which help to identify potential frauds or noncompliance in the organization. Finally, besides traditional simple spreadsheets or static charts and graphs, forensic accountants use data visualization techniques and interactive dashboards to present evidence in an easy-to-understand manner.
Data analytics has the potential to significantly improve the effectiveness and efficiency services performed by forensic accountants. Data analytics have been used by accountants and auditors for many years, and forensic accountants should use more advanced data analytics in identifying red flags, patterns of errors, irregularities, and fraud. Data warehousing and data mining techniques are the process of identifying and analyzing patterns in massive datasets to predict future norms. Data mining is the process of exploring large datasets to discover patterns and predictive analytics through use of algorithms. This process has been exaggerated through the many prevalent software.21 The most popular software includes Microsoft SharePoint, Dundas BI, and IBM Cognos Analytics. Data warehousing is a database linking relationships to queries. Data warehouses are not used to process transactions, and it uses historical transaction data to consolidate useable data to be analyzed.22
Forensic accountants use the above-mentioned techniques during investigations. For data mining, Dundas BI can be used to analyze data. This software can provide real-time data analysis and can use visualizations to aid in easy understanding of complex data. According to the Dundas website, dashboards can be combined with data and exported into different business applications.23 The applications include Microsoft SharePoint and HTML5. Microsoft SharePoint is used to create websites for businesses.24 The website can use HTML5, which is the latest evolution of HTML and is a markup language that allows the usage of documentation.25 Forensic accountants can use these powerful tools during investigations to articulate important data through visualizations that are easy to understand.
The use of analytical procedures as substantive evidence gathering requires that forensic accountants pay attention to underlying relationships and develop a precise and independent expectation of the account balance and related risks (i.e., the inherent and control risk). If there are any unexpected differences, they should be assessed and their impacts be evaluated. Analytical procedures provide indirect evidence and as such draw auditor attentions to things out of norm, irregularities, and red flag symptoms. In the case that an explanation for the abnormalities cannot be obtained, forensic accountants should perform other procedures to gather sufficient evidence that the abnormalities were not caused by a misstatement. Analytical procedures can be particularly effective for assertions in which potential misstatements are not apparent or where evidence is not available. When higher levels of assurance are required, analytical procedures should be applied to more predictable relationships. Relationships involving transactions subject to management discretion and those pertaining to balance sheet are less predictable by nature.26
Scholars have used a wide range of data sources, well-developed core analytics capabilities, and integration of the Internet of things (IoT) and artificial intelligence (AI) into processes to improve their engagement and interactions with customers.27 The following are the advantages of using data analytics:28
1. Competitive advantage from analytics continues to grow as more than half (59 percent) of executive report their company is using analytics to gain a competitive advantage.
2. Analytics is driving customer engagement because the most analytically mature organizations are twice as likely to report strong customer engagement as the least analytically mature organizations.
3. Analytically mature organizations use more data sources to engage customers.
4. Sharing data can improve influence with customers and other groups.
EY conducted a Global Forensic Data Analytics Survey in 2018.29 The survey focused on technological advancement and its effect on businesses. As technology advances, the risk profile of business changes. The most important risks affecting firms today are data privacy and cybersecurity, at a 40 percent increase and 38 percent, respectively. However, the effectiveness of forensic data analytics on fraud risk management reveals that for the largest category, internal investigations has 50 percent of respondents claiming that the FDA method is somewhat effective. This is indicative of a lack of connection between fraud risk profile, fraud risk management of the profile, and the use of forensic data analytics to mitigate the inherent risks of technology.30 In practice, it is important for forensic accountants to use the necessary skills to work in the era of technological era.
Corporate Governance Challenges
Corporate governance has evolved as a central theme for public companies in the aftermath of the 2007 to 2009 global financial crisis. In today’s global environment, business organizations are under scrutiny and profound pressures from lawmakers, regulators, the investment community, and their diverse stakeholders to accept accountability and responsibility for their corporate governance effectiveness and financial reporting process. Corporate governance is a process (journey) of managing corporate affairs to create shareholder value while protecting interests of other stakeholders. Corporate governance can strengthen the safety, efficiency, depth, and liquidity of capital markets and reliability of public financial information. Effective corporate governance ensures strong investor protection, giving rise to high-quality financial reports, which enables investors to make sound investment decisions. Forensic accountants can investigate corporate irregularities, illegal acts, and fraud as well as prevent, discover, and correct them to improve the reliability of financial reports used by investors.
Sound investment decisions by investors improve efficiency of capital markets that results in economic prosperity and growth for the nation. Corporate governance has been transformed from simply a routine set of compliance requirements to a strategic business imperative. The integrity, reliability, and transparency of financial reports is a function of corporate governance effectiveness. Corporate governance measures and practices have become a mandate for both public and private firms, regardless of their size, type, or location. No longer is corporate governance just seen as one of many compliance requirements. Today, good corporate governance measures and procedures are being actively integrated into the corporate culture, business model, and the environment of companies across the country and around the world to ensure accountability and sustainability. Corporate gatekeepers are the focal point of these efforts and the conduits of company information to shareholders, management, customers, suppliers, financiers, government, and the community.
Competition among global capital markets can be healthy in producing an adequate level of protection for investors through the right balance of corporate governance and regulatory reforms. Corporate governance functions constitute an important element of the corporate governance structure. There are seven essential corporate governance functions: oversight, managerial, compliance, internal audit, advisory, external audit, and monitoring. A well-balanced implementation of these seven interrelated functions produces effective corporate governance, reliable financial reports, and credible audit services. This integrated approach underscores and reaffirms the primary goal of corporations to create sustainable shareholder value while protecting the interests of other stakeholders. Given that the primary purpose of any business, particularly public companies, is to create substantial and enduring value, the goal of corporate governance is to ensure that all participants are working to achieve this goal.
The seven interactive functions should be properly integrated into the overall corporate culture, business environment, and corporate strategy and accountability. Three of these seven functions, however, are essential to the achievement of sustainable and long-term corporate performance. These corporate governance functions are the oversight function assumed by the board of directors, the managerial function delegated to management, and the monitoring function exercised by shareholders. Effective corporate governance should develop a right balance between the achievement of short-term targets and long-term sustainable performance. To effectively fulfill their fiduciary duties, corporate governance participants should lead from the front and by example in managing the organization for the best interests of its stakeholders. Corporate governance should create an appropriate balance of power-sharing that:
• provides shareholder democracy in freely electing directors (e.g., the majority voting system).
• enables the board of directors to make strategic decisions and oversee and consult with management without micromanaging.
• empowers management to run the company.
The participants in the corporate governance process are the board of directors, executives, stakeholders/shareholders, and gatekeepers, including internal auditors, external auditors, financial analysts, legal counsel, financial advisors, and regulators. Forensic accountants can provide consulting services to all corporate governance participants from the board of directors to management and internal and external auditor and legal counsel in effectively discharging their fiduciary duties. Forensic accountants in investigating corporate misconduct, irregularities, fraud, and illegal acts can improve the effectiveness of corporate governance. Forensic accountants can provide a wide range of services to corporate governance participants, including anticorruption compliance, forensic technology investigation, fraud prevention, and dispute services. Compliance services aid in the minimization of risk associated with manipulation of laws, regulations, and corporate governance. Fraud perpetrators often commit fraud on the occupation and management level, so strict compliance is necessary for those positions. Compliance minimizes risks by testing internal control, enhancing policies regarding corporate governance and fraud risk management, and correcting fraud loopholes. Compliance services are usually linked with investigations. Investigations can vary in subject, but usually revolve around management and employees.31
Whistleblowing Program, Policies and Procedures
Much of fraud is being discovered through unanimous tips from employees, customers, suppliers, and others. The audit committee of public companies is responsible for overseeing the establishment and enforcement of whistle-blower programs in compliance with the requirements of SOX and SEC-related rules.32 SOX created the opportunity for confidential and anonymous submissions of complaints by requiring that the company’s audit committee establish procedures for receiving, recording, retaining, and treating such complaints. Section 301 of SOX requires audit committees of public companies to establish effective programs and procedures for handling the concerns and complaints of whistle-blowers.33 Pursuant to the passage of SOX, concerned employees are enabled to report financial and accounting irregularities as well as fraud without undue fear of suffering demotion, suspension, harassment, threats, loss of job, or any other form of retribution.
To implement provisions of SOX pertaining to whistle-blowers effectively, public companies should establish whistle-blower programs and procedures that enable employees to report suspected incidents of misconduct anonymously. These programs and procedures encompass establishing an effective hotline with a toll-free number and the capability to accept collect calls, a fax number, a regular mail address or post office box, and a confidential website. Anonymous reporting channels may be particularly useful in encouraging the reporting of wrongdoing by organizational members because anonymity should minimize personal “costs” of reporting, such as retaliation and other potential penalties. A benefit of such channels is that employees often discover FSF before other monitors (e.g., internal auditors, external auditors, and/or regulators) and, consequently, often can inform the organization earlier than others.
The past decade, particularly the post-SOX period, provides a better understanding of what whistle-blowers are and the important role they can play in preventing, reporting, and correcting corporate corruption, fraud, and financial malfeasance. Whistleblowers at Enron (Sherron Watkins) and WorldCom (Cynthia Cooper) prove that they are often the brightest, best qualified, most courageous, and most committed employees in organizations who risk their employment and life for speaking out about wrongdoings. Sections 301 and 806 of SOX and SEC-related rules require (1) the audit committee to establish procedures for the receipt, retention, and treatment of complaints received by the company relevant to accounting, internal accounting control, or auditing matters as well as confidential and anonymous submission by employees of concerns regarding questionable accounting or auditing matters; and (2) that the company provide whistle-blower protections for its employees who willingly report evidence of fraud or violations of securities laws.34 SOX and the SEC do not require any specific procedures for whistle-blower programs and procedures and give flexibility to the listed companies and their audit committees to establish whistle-blower programs and procedures that are suitable for and tailored to their particular situations.35
The SOX of 2002 and SEC-related rules require that the audit committee establish and maintain appropriate whistle-blower programs for the receipt, process, and retention of complaints regarding internal control accounting and auditing matters.36 Such programs must establish procedures and mechanisms that encompass the confidential and anonymous submission of concerns on questionable accounting and auditing matters by employees. The SEC requires that the audit committee establish specific mechanisms tailored and suitable to the company’s circumstances and needs for whistle-blower programs. The whistle-blowing program must be established in compliance with both the SOX of 2002 and the Dodd–Frank (DOF) Act of 2010. Section 301 of the SOX contain whistle-blowing provisions that require the audit committee to establish policies and procedures regarding the receipt, retention, and treatment of complaints about violations of accounting and auditing standards, and Section 806 prohibits retaliations against whistle-blowers.37
Section 806 of the DOF of 2010 provides protections for whistle-blowers in securities fraud cases and has directed the SEC to establish rules regarding confidential and anonymous submissions of violations of security laws and conduct of fraudulent and unethical activities by public companies.38 Whistleblowers are protected and rewarded for informing the SEC of corporate wrongdoings. Forensic accountants can assist the audit committee to assess the effectiveness of the whistle-blowing policies, procedures and practices. Forensic accountants can also be source of information for the SEC in investigating and enforcing its whistle-blowing processes.
Sustainability Reporting and Assurance and Forensic Accountants
Business sustainability has garnered considerable attention in the wake of the recent global financial crisis and is now emerging as a central issue for regulators and public companies. In particular, business sustainability focuses on protecting interests of all stakeholders from shareholders to creditors, employees, customers, suppliers, government, environment and society. Thus, effective sustainability performance is expected to better align interests of management with those of all stakeholders and better protect them from receiving fraudulent financial information. Thus, effective sustainability performance improves sustainable financial health, corporate governance, quality of financial information, enhances the integrity and efficiency of the capital market, and improves investor confidence. Poor sustainability performance adversely affects corporate governance, the company’s potential, performance, financial reports and accountability and can pave the way for business failure, fraudulent public financial information, inefficiency in capital markets and loss of investor confidence. The important question address in section is “Do firms that issue sustainability report engage less in FSF and what forensic accountants can do to prevent and detect FSF in the context of sustainability reporting and assurance?”
The holistic and comprehensive definition of sustainability reporting is the process of disclosing information relevant to both financial and nonfinancial key performance indicators (KPIs) for all five areas of multiple bottom line performance: economic, governance, social, ethics, and environmental (EGSEE).39 Sustainability disclosures affect financial reporting quality in several ways. First, sustainability reporting reduces incentives for focus on short-term performance of manipulating earnings to meet analysts’ earnings forecast. Second, sustainability reporting focuses on improving corporate governance which will reduce opportunities to engage in fraudulent financial activities. Third, sustainability disclosures reduce information asymmetry which improves quality of financial reports. Forensic accountants are capable of assisting business organizations in avoiding short-termism phenomenon, combatting fraudulent activities and minimizing information asymmetry.
The number of public companies worldwide that disclose sustainability performance information has increased significantly to more than 15,000, and today, most European companies are now disclosing their sustainability performance information. The reliability and credibility of these integrated sustainability reports need to be assured by assurance providers and forensic accountants can provide assurance on the integrated sustainability reports. To integrate sustainability into corporate culture, strategic planning and business environment forensic accountants can assist management in establishing and implementing anti-fraud policies and procedures consisting of:
• Defining sustainability shared value creation in the organization
• Identifying and assessing the positive and negative impact of trends shaping the organization’s five EGSEE.
• Identifying non-financial metrics on non-financial dimensions of sustainability performance (governance, social, ethical, and environmental)
• Linking non-financial sustainability performance metrics to the sustainable financial success of the business.
• Preparing integrated sustainability reports reflecting both financial and non-financial information.
• Obtaining assurance on sustainability reports from external assurance providers including forensic accountants.
Forensic Accountants and Internal Control Reporting
Traditionally, organizations have reported their performance on economic affairs and their only focus on financial results has become complicated, irrelevant, and less value-relevant to all stakeholders including shareholders. Firm performance is measured not only by financial income, but also by the mechanisms in which business success and sustainability is measured in terms of non-financial sustainability key performance indicators pertaining to environmental, social, governance, and ethical activities. Public companies play an important role in disseminating useful, reliable, relevant, and transparent financial/quantitative and nonfinancial/qualitative information to the financial markets. Public companies are now not only report their financial statements but also the process of preparing financial statements in the context of reporting their internal control over financial reporting (ICFR).
The reliability of financial statements, the effectiveness of ICFR, and the efficacy of audits of both financial statements and ICFR under integrated financial and internal control reporting (IFICR) are vital if public companies are to attract investors and build confidence in the capital markets. Many provisions of the Sarbanes–Oxley Act of 2002 (SOX) pertain to financial reporting, including Sections 302 and 404, which require public companies’ management (CEO, CFO) to certify financial statements and report on the effectiveness of the company’s ICFR and require auditors to attest to and report on both financial statements and ICFR. Section 302 requires that the audit committee oversees the work of management and the independent auditor as related to ICFR. The audit committee’s oversight of Section 404 is essential, as mandatory ICFR is becoming an integral part of financial reporting. The effectiveness of the IFICR depends on the vigilant oversight function of the board of directors, particularly the audit committee, the responsible and accountable managerial function of senior executives, the credible external audit function of the independent auditor, and the objective internal audit function of internal auditors.
IFICR reports are expected to reduce the information risk that financial information is misleading, biased, incomplete, inaccurate, or fraudulent. In this context, audits reduce financial information asymmetries between management and shareholders and thus help investors to make more informed decisions that in turn make the capital markets more efficient and add to the nation’s economic prosperity. Management is ultimately and directly responsible for the reliability and quality of all internal and external financial reports including IFICR. Internal auditors assist management in the proper assessment, documentation and reporting of IFICR. External auditors lend more credibility to IFICR by providing reasonable assurance on the effectiveness of internal controls and the reliability of financial statements. Companies of all sizes and types worldwide benefit from an effective IFICR. Proper preparation and reporting of IFICR requires public companies to obtain:
• Management certification of financial statements in certifying reliability, completeness, and accuracy of financial statements.
• Management certification of the effectiveness of internal control over financial reporting.
• Audit report providing reasonable assurance that financial statements are free from material misstatement whether caused by error or fraud and an opinion that financial statements are prepared inconformity with applicable accounting standards.
• Audit report on the effectiveness of internal control over financial reporting.
• Audit committee review and approval of both management and auditor reports on financial statements and internal control over financial reporting.
• The board of directors’ declaration that management and auditor reports on financial statements and internal control over financial reporting be filed with regulators and disseminated to shareholders.
Forensic accountant can adopt new approaches to assessing risks and controls. Forensic accountants can monitor how technological innovation is changing businesses and their corresponding changes to risks and controls. Forensic accountants can deliver new value by implementing and creating digital tools for internal control risk assessment and management. Changes in the risk environment, technological advancements and increasing regulatory pressure have created new opportunities for forensic accountants to develop new capabilities in internal control reporting.
Forensic Accountants and Antifraud Program and Plan
The persistence of this fraud is still a significant concern for the business community and the accounting profession and has eroded investor confidence in corporate reports. From Enron and WorldCom in 2001, to Madoff and Satyam in 2009, Olympus in 2011 and Volkswagen in 2015, over the past decade, financial reporting fraud has been a dominant news item. There has been ample evidence that financial reporting fraud has undermined the integrity and quality of financial reports and has contributed to substantial economic losses. Since the passage of the SOX Act, which was primarily intended to combat financial reporting fraud, there are more incidents of FRF. Companies of all types and sizes are susceptible to employee fraud including embezzlements, thefts, and misappropriations of assets as well as Financial Reporting Fraud (FRF), or “cooking the books,” to show a rosy picture of the company so that it appears more attractive to investors than it really is.
Financial reporting fraud can occur in situations where there are unexplained accounting anomalies, unusually rapid revenue or profit growth, weak internal controls, and aggressive financial actions by senior management, among other things. The very viability of the business as well as the safety of financial markets in general are threatened when the existence and persistence of FRF go undetected. Financial reporting fraud can be detected with effective corporate governance, which includes effective antifraud policies and programs by the board of directors, management, and auditors. Effective antifraud programs, focusing on fraud awareness and education in the workplace environment, whistle-blowing policies and procedures of encouraging employees to report suspicious behavior without fear of reprisals, adequate internal control procedures designed to prevent and detect fraud, and conducting surprise audits are all examples of actions that the board of directors, management, and other corporate gatekeepers can take to significantly reduce FRF. Forensic accountant can assist public companies to prevent and detect FRF and to minimize its detrimental effects by:
• Assessing existing antifraud programs and controls, establish effective fraud prevention and detection policies and procedures, and communicate with the audit committee and independent auditors.
• Conducting a fraud risk assessment process to identify the company’s risks and establish related control activities to effectively prevent and detect fraud.
• Evaluating and testing the design and operating effectiveness of internal controls to prevent and detect fraud.
• Standardizing the processes for fraud incident investigation and remediation and enable prompt responses to allegations or suspicions of fraud.
• Establishing antifraud programs and controls relevant to both financial reporting fraud and occupational fraud.
• Establishing antifraud deterrence; prevention, detection, and correction mechanisms driven from the corporate culture of setting an appropriate tone at the top; promoting competent and ethical behavior and reinforcing antifraud conduct; and demanding to do the right thing always.
Forensic Accountants and Enterprise Risk Management
Enterprise risk management (ERM) has recently received considerable attention from public companies, the business community, and the accounting profession. Financial scandals of the early 2000s and recent world events, including the September 11, 2001 terrorist attacks and recent cyberattacks, have generated more interest in the issue of overall ERM. Natural disasters, such as hurricanes, earthquakes, and floods, require companies to design adequate and effective disaster recovery plans and assess their risk of occurrence and their consequence on operations. Companies should conduct risk assessment periodically to identify potential risks and design appropriate controls to mitigate their adversarial impacts. The board of directors, particularly the audit committee, should oversee the company’s ERM, and both internal and external auditors should be involved in assessing risks of natural disasters and the protection of important electronics and other information.
The board of directors should oversee the company’s risk appetite and access timely information on current and emerging material risk exposures and risk response strategies, and should implement effective risk management processes. Forensic accountants can assist public companies and their boards of directors to effectively fulfill their oversight of risk assessment and management as stated below:
• Establishing a risk compliance board committee by delegating all responsibilities to such board committee.
• Making the entire board of directors responsible for risk oversight;
• Combination of the first two alternatives by making the whole Board responsible along with delegation of specific roles and responsibilities to Board committees.
COSO releases frequent reports regarding the effectiveness of the ERM framework on financial statements. In May 2010, the official COSO report was released, which provided details about key fraudulent events. The study found that most companies that committed fraud had assets around $100 million and of which executive management was involved in approximately 90 percent of cases (347 cases total). Of these cases, the most common fraud schemes were recognizing revenue at the improper time and manipulation of assets and expenses.40 Forensic accountants can assist in design and implementation of the ERM that detects and prevents FSF.
Forensic Accountants and XBRL-Generated Financial Reports
Extensible business reporting language (XBRL) is an application of extensible markup language (XML) in business and financial reporting. XBRL is now commonly accepted as the electronic method of business and financial reporting worldwide. XBRL tools, techniques, and taxonomies have been developed by the XBRL International Steering Committee available at the XBRL website (www.xbrl.org). XBRL enables computer systems to assemble data electronically in instance documents, retrieve data directly from XBRL instance documents, and convert data into human-readable financial reports. In 2004, the SEC established a voluntary XBRL filing program under its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. The Federal Deposit Insurance Corporation (FDIC) has implemented an XBRL filing system for all its banks, and European financial institutions are using XBRL in more than 25 countries.
In the United States, both regulators (SEC) and standard setters (FASB, PCAOB) have taken initiatives to address online real-time financial reporting using the XBRL format and electronic or continuous auditing. Recently, the SEC has promoted XBRL voluntary reporting and provided a faster review for companies using XBRL. It is expected that XBRL taxonomies for different industries will be further developed, and the use of the XBRL format will gain more momentum. A move toward the global acceptance of XBRL for electronic business and financial reporting requires auditors to provide assurance by conducting an integrated audit on XBRL-generated financial statements. An important issue for regulators (SEC), standard setters (FASB, PCAOB), public companies, and the accounting profession is to decide whether to require public reporting on XBRL-generated financial statements and internal control reports at a point in time (periodic filing report dates, quarterly Form 10-Q, or annual Form 10-K) or on a real-time basis. Companies, however, should use XBRL-generated financial statements and related internal controls on a real-time basis for internal purposes.
Forensic accountant can assist in an integrated audit of periodic XBRL-generated financial statements and internal controls, which requires investigation of the following:
• Internal controls over XBRL taxonomy, the tagging of data, preparation of the instance documents, the integrity of the tagged data, and the consistent application of both taxonomy and the tagged data.
• The effectiveness of both the design and operation of XBRL internal controls, including authorization procedures and selection of the appropriate taxonomy and tagged data in producing financial statements.
• The XBRL instance documents to ensure the integrity and reliability of XBRL-generated financial statements and comparability of data contained in the instance documents and the audited financial statements.
• XBRL-generated financial statements in conformity with the selected XBRL taxonomy.
Forensic accounting has advanced as one of the most demanding and rewarding areas of accounting practices, including fraud examination, anticorruption and antibribery, business valuation, litigation support, expert witnessing, and cybersecurity. This chapter presents challenges and opportunities in providing fraud and nonfraud forensic accounting services. Forensic accounting is a rewarding and exciting career with much opportunities for advancements and requirements for a balanced skill sets in technical, analytical, and communication education and practice.
Action Items
1. Forensic accounting career is exciting and rewarding.
2. Opportunities in forensic accounting are abundant.
3. Forensic accounting challenges are significant.
4. Demand for and interest in fraud and nonfraud forensic accounting services are expected to continue.
Endnotes
1. Journal of Accountancy. 2015. “Big Data Case Study: What Forensic Accountants Need to Know.” https://www.journalofaccountancy.com/issues/2015/mar/forensic-accounting-big-data-case-study.html, (accessed September 9, 2018).
2. Association of Chartered Certified Accountants (ACCA). March 1, 2017. Demand for Forensic Accountants Is Growing. https://www.accaglobal.com/us/en/member/member/accounting-business/2017/03/practice/forensic-accountants.html, (accessed September 24, 2018).
3. M.L. Bhasin. January, 2017. “Integrating Corporate Governance and Forensic Accounting: A Study of an Asian Country.” International Journal of Management Sciences and Business Research 6, no. 1.
4. Deloitte. 2018. Forensic Accountant. https://jobs2.deloitte.com/us/en/job/DELOA003X225127/Forensic-Accountant
5. Tennessee Bureau of Investigation. 2018. Forensic Services Division. https://www.tn.gov/tbi/divisions/forensic-services-division.html
6. Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2016. Fraud Risk Management Guide. https://www.coso.org/documents/COSO-Fraud-Risk-Management-Final-92816.pdf
7. Securities and Exchange Commission (SEC). May, 2013. SEC Announces Enforcement Initiatives to Combat Financial Reporting and Microcap Fraud and Enhance Risk Analysis. https://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171624975#.UubI41NMGih
8. ACFE. 2017. Compensation Guide for Anti-Fraud Professionals. http://www.acfe.com/compguide-2017.aspx
9. ZipRecruiter. 2018. Forensic Accountant Salary. https://www.ziprecruiter.com/Salaries/Forensic-Accountant-Salary
10. Z. Rezaee, and R. Riley. 2009. Financial Statement Fraud: Prevention and Detection (2nd ed., Hoboken, NJ: John Wiley & Sons, Inc.)
11. COSO. 2016.
12. ACCESSDATA. 2017. Forensic Toolkit. https://accessdata.com/products-services/forensic-toolkit-ftk
13. Ibid.
14. C. Gomes da Silva, and P.M.R. Carreira. May, 2013. Selecting Audit Samples Using Benford’s Law. AUDITING: A Journal of Practice & Theory 32, no. 2, pp. 53–65.
15. R.D. Cannon. 2006. “Computer Forensics for the Fraud Examiner,” ACFE. http://www.acfe.com/article.aspx?id=4294967651
16. Board of Governors of the Federal Reserve System. 2016. Credit and Liquidity Programs and the Balance Sheet. http://www.federalreserve.gov/monetarypolicy/bst_riskmanagement.htm
17. Gartner. 2014. IT Glossary. http://www.gartner.com/it-glossary/?s=big+data, (accessed July 31, 2017).
18. L. Crumbley, L. Heitger, and S. Smith. 2015. Forensic and Investigative Accounting (7th ed., Chicago, IL: Commerce Clearing House).
19. Ernst and Young (EY). 2016. Global Forensic Data Analytics Survey 2016. http://www.ey.com/gl/en/services/assurance/fraud-investigation—dispute-services/ey-shifting-into-high-gear-mitigating-risks-and-demonstrating-returns, (accessed July 12, 2017).
20. Ibid.
21. Oracle. n.d. What Is Data Mining? https://docs.oracle.com/cd/B28359_01/datamine.111/b28129/process.htm#DMCON002, (accessed September 27, 2018).
22. Oracle. n.d. Data Warehousing Concepts. https://docs.oracle.com/cd/B10501_01/server.920/a96520/concept.htm, (accessed September 27, 2018).
23. Dundas. n.d. Dundas BI Product Features. https://www.dundas.com/dundas-bi/features, (accessed September 27, 2018).
24. Microsoft. n.d. What Is SharePoint? https://support.office.com/en-us/article/what-is-sharepoint-97b915e6-651b-43b2-827d-fb25777f446f, (accessed September 27, 2018).
25. W3. 2017. HTML 5.2. https://www.w3.org/TR/html52/, (Accessed September 27, 2018).
26. Public Company Accounting Oversight Board (PCAOB). “AU Section 329A—Analytical Procedures,” PCAOB. https://pcaobus.org/Standards/Archived/Pages/AU329A.aspx
27. S. Ransbotham, and D. Kiron. January, 2018. “Using Analytics to Improve Customer Engagement,” MIT Sloan Management Review. http://sloanreview.mit.edu/analytics2018
28. Ibid.
29. EY. 2018. Global Forensic Data Analytics Survey 2018. https://assets.ey.com/content/dam/ey-sites/ey-com/global/topics/assurance/assurance-pdfs/ey-global-fda-survay.pdf, (accessed September 25, 2018).
30. Ibid.
31. BDO. 2018. Forensic Accounting & Investigations. https://www.bdo.com/services/business-financial-advisory/forensics-and-investigations/overview-(1), (accessed September 25, 2018).
32. Sarbanes-Oxley Act of 2002. Section 301. http://www.sarbanes-oxley.com/section.php?level=1&pub_id=Sarbanes-Oxley
33. Ibid.
34. Sarbanes-Oxley Act, 2002. Securities and Exchange Commission (SEC). April 9, 2003. SEC Final Rule: Standards Relating to Listed Company Audit Committees. Release Nos. 33-8220; 34-47654. http://www.sec.gov/rules/final/33-8220.htm
35. Ibid.
36. Ibid.
37. SOX 2002. Section 406.
38. Dodd–Frank Act of 2010.
39. Z. Rezaee. 2015. Business Sustainability: Performance, Compliance, Accountability and Integrated Reporting (Sheffield, UK: Greenleaf Publishing Limited).
40. NC State University. May 3, 2010. COSO Fraud Study 2010. https://erm.ncsu.edu/library/article/coso-fraud-study