Over the past several decades, a significant amount of academic research has been focused on fraud in general and financial statement fraud in particular (Healy and Wahlen, 1999). These studies address the trends, determinants, and consequences of financial fraud, as well as the responsibility for preventing, detecting, and remediating that fraud.
The wave of financial scandals at the turn of the 21st century elevated the awareness of fraud and the auditor's responsibilities for detecting it. The frequency of financial statement fraud has not seemed to decline since the passage of the Sarbanes-Oxley Act in July 2002. For example, the 2005 biennial survey of more than 3,000 corporate officers in 34 countries conducted by PricewaterhouseCoopers (PwC) reveals that in the post-Sarbanes-Oxley era, more financial statement frauds have been discovered and reported, as evidenced by a 140 percent increase in the discovered number of financial misrepresentations (from 10 percent of companies reporting financial misrepresentation in the 2003 survey to 24 percent in the 2005 survey). The increase in fraud discoveries may be due to an increase in the amount of fraud being committed and/or also due to more stringent controls and risk management systems being implemented (PricewaterhouseCoopers 2005). The high incidence of fraud is a serious concern for investors as fraudulent financial reports can have a substantial negative impact on a company's existence as well as market value. For instance, the lost market capitalization of 30 high-profile financial scandals caused by fraud from 1997 to 2004 is more than $900 billion, which represents a loss of 77 percent of market value for these firms (Glass Lewis & Co., 2005), while recognizing that the initial market values were likely inflated as a result of the financial statement fraud.
Factors Affecting Financial Fraud at an Organization
Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, states that three conditions are generally present when fraud occurs. First, there is an incentive or a pressure to commit fraud. Second, circumstances provide an opportunity for fraud to be perpetrated (e.g., weak controls or ability of management to override controls). Finally, there is an attitude or rationalization for committing fraud. These conditions collectively are known as the fraud triangle. I have reviewed the academic findings related to the presence of these conditions in cases of financial statement fraud.
Bell and Carcello (2000) find support for the existence of fraud triangle conditions for a sample of financial fraud companies. They estimate a logistic regression model predicting the incidence of fraud and find several risk factors associated with fraud: rapid growth, weak control environment, management overly preoccupied with meeting analysts' forecasts, management that lied to auditors or was overly evasive, ownership status, and an interaction between the control environment and management attitude toward financial reporting. The Bell and Carcello (2000) study does not, however, find evidence of a significant association between financial fraud and some of the traditional risk factors such as high management turnover, rapid industry growth, declining industry conditions, significant and unusual related party transactions, and compensation arrangements tied to reported earnings. Hernandez and Groot (2007b) also find that the use of incentive systems and opportunities for fraudulent behaviour are associated with higher fraud risk assessments by audit partners; however, the most important factors are senior management ethical attitudes and dishonest communication from management with the external auditor. Rezaee (2005), in his analysis of five alleged fraud cases, also finds support for the existence of all three of the fraud triangle conditions in fraud firms. Many other studies have focused on just one of the three aspects of the fraud triangle. These studies are discussed below.
Incentives/Pressures
The incentive to misstate earnings can arise due to pressure to meet analysts' forecasts, compensation and incentive structures, the need for external financing, or poor performance. Dechow et al. (1996), using a sample of 92 firms subject to accounting enforcement releases during the period 1982-1992, find that an important motivation to manipulate earnings is the desire to attract external financing at low cost. Erickson et al. (2006) investigate whether executive equity incentives are associated with accounting fraud. They examine a sample of firms accused of fraud during the 1996-2003 period and do not find any relation between equity incentives and the likelihood of the firm reporting fraudulent financial information. In contrast, Efendi et al. (2007), using a sample of firms that restated their financial statements, find the likelihood of a misstated financial statement increases when the CEO has a sizable amount of stock options "in-the-money." They also find that misstatements are more likely for firms constrained by debt covenants, firms raising new debt or equity capital, or firms that have a CEO who serves as the chairman of the board. Burns and Kedia (2006) also document that stock options are associated with stronger incentives to misreport because options make CEO wealth a convex function of stock price. Beneish (1999a) finds that, for a group of firms subject to accounting enforcement actions by the SEC, managers are more likely to sell equity holdings and exercise stock appreciation rights in periods when earnings are inflated, suggesting insider trading behaviour may be informative about earnings overstatements. Summers and Sweeney (1998) find similar results for the relationship between insider trading and fraud. More recently, there is evidence that hundreds of firms were involved in intentional backdating of stock options (Lie, 2005), which again provides evidence that stock option compensation provides incentives for fraudulent behavior. A Glass Lewis & Co. (2006) report states that about half of the companies implicated in backdating their stock options have restated their financial statements.
With regard to poorly performing firms, Rosner (2003) examines whether failing firms are more likely to engage in income-increasing manipulation, and whether auditors detect the over-statements in firms they perceive to be failing. Her findings suggest that the behaviour of failing firms that do not appear distressed on the basis of accrual data, but nonetheless show significant decreased cash flows, is consistent with material earnings overstatements in non-going-concern years that are followed by overstatement reversals in going-concern years. The accrual behaviour of these firms resembles that of firms sanctioned by the Securities and Exchange Commission (SEC) for fraud.
Opportunities
Statement on Auditing Standards No. 99 (AU Section 316) provides examples of risk factors that may increase the opportunity to commit financial statement fraud (AICPA, 2002). These risk factors include the nature of the industry or the entity's operations such as significant complex or related party transactions, ineffective monitoring of management, a complex organizational structure such as one that involves several legal entities, and ineffective controls due to a lack of monitoring of controls or circumvention of controls. Albrecht and Albrecht (2003) also discuss factors increasing the opportunity to commit fraud and note that having an effective control structure is probably the single most important step to eliminate (or minimize) opportunity to commit fraudulent acts.
Several studies have shown that ineffective monitoring of management in the form of weak corporate governance is associated with a higher likelihood of fraud. Dechow et al. (1996) find that firms manipulating earnings are more likely to have less independent boards, more likely to have a unitary structure for chairman and CEO, more likely to have a CEO who is also the firm's founder, less likely to have an audit committee and less likely to have an outside block holder. Beasley (1996) also finds that the proportion of independent members on the board of directors is lower for firms experiencing financial fraud compared to no-fraud firms. Similarly, Farber (2005) finds that fraud firms have poor governance relative to no-fraud firms (fewer independent board members, fewer audit committee meetings, fewer financial experts on the audit committee, a smaller percentage of Big 4 auditing firms, and a higher percentage of CEOs who are also chairman of the board). The results are consistent with independent corporate governance mechanisms being more effective in the monitoring function.
Abbott et al. (2004) address the impact of audit committee characteristics (independence, activity level, and financial expertise) on the likelihood of financial statements being restated (and also fraud). The authors examine two different groups of firms: 88 firms that restated their financial statements (from 1991-1999) as well as 44 firms reporting fraudulently, both with matched samples. The independence and activity level of the audit committee are negatively associated with the occurrence of restatement. There is also a negative association between an audit committee that includes at least one member with financial expertise and the occurrence of restatement. The results are similar for the fraud sample in that companies having an audit committee with at least one member with financial expertise are less likely to file fraudulent financial statements. McMullen and Raghunandan (1996) also document that companies with financial reporting problems are less likely to have an audit committee composed of independent directors. Additional research suggests that financial and auditing literacy of audit committee members improves the quality of financial reports (McDaniel et al. 2002; Bedard et al. 2004; Carcello et al. 2006; DeZoort, 1998)
Loebbecke et al. (1989) survey audit partners that have had experience with financial fraud and find that dominated decisions by management and weak internal controls are the primary conditions that increase the opportunity for fraud. Smith et al. (2000) examine a model where the strength of internal controls is inversely related to the propensity of a manager to commit fraud. In their model, the auditor's assessment of the control system affects their allocation of effort between control testing and substantive testing, but the likelihood of detecting the fraud does not increase when the auditor exerts effort to assess controls. In summary, academic research has documented that firms with a weak corporate governance structure are more likely to report fraudulent financial information. The higher incidence of fraud among these firms is at least in part due to the greater opportunities associated with a poor governance structure, where corporate governance is one of the controls recognized to address the risk of management override.
The Role of the Auditor in Reducing Opportunity
Because of their ability to detect and, in some cases, investigate fraudulent financial reporting, external auditors also act as a significant deterrent by reducing the opportunity to commit fraud. Most of the studies examining the auditor's role in constraining managers' attempts to manage earnings examine discretionary accruals. High discretionary accruals are not necessarily indicative of fraud, but possibly are indicative of aggressive and opportunistic reporting.
Researchers have argued that Big N auditors constrain managers' attempts to manage earnings through accruals and document evidence consistent with higher discretionary accruals for firms audited by non-Big N auditors (Becker et al., 1998; Francis et al., 1999). Carcello and Nagy (2002) examine the relation between auditor industry specialization and financial fraud and find a negative relation. Knapp and Knapp (2001) examine the effects of audit experience on the effectiveness of analytical procedures in detecting financial statement fraud and find that audit managers are more effective than audit seniors in assessing the risk of fraud with analytical procedures. Similarly, Bernardi (1994) finds that managers outperform seniors in a fraud detection case when they are exposed to an initial evaluation of client integrity and competence; however, this finding is attributable to managers with a high level of moral development.
Academic studies have also investigated whether the length of the client-auditor relationship is likely to impact the quality of the audit. Findings generally suggest that longer auditor tenure is associated with greater earnings quality (Iyer and Rama 2004; Myers et al., 2003). Specifically related to the frequency of financial statement fraud, Carcello and Nagy (2004) compare firms cited for fraudulent financial reporting from 1990 through 2001 to a set of control firms and other non-fraud firms and find that fraudulent financial reporting is more likely to occur in the first three years of the auditor-client relationship (Casterella et al. 2002; Davis et al., 2003; Copley and Doucet, 1993).
The audit engagement environment has also been shown to affect fraud risk assessments. Time budget pressure can decrease auditor attention to the task of detecting fraud (Braun 2000). Auditors suffer from a "dilution effect" when given both relevant and irrelevant information in assessing the risk of fraud, and holding auditors accountable to superiors results in more conservative fraud risk assessments (Hoffman and Patton, 1997; Hackenbrack, 1992).
In summary, several factors that affect the quality of audits have been found to be associated with the likelihood of client firms reporting fraudulent financial information. Specifically, these are audit firm size, the level of auditor industry specialization, the length of auditor tenure, and the experience of the auditor. Engagement factors such as time budget pressure and accountability to superiors can also impact an auditor's ability to assess aspects of information indicative of fraud.
Attitudes/Rationalizations
Accounting standards can contribute to reducing both the opportunity and attitude toward fraudulent financial reporting. Nelson et al., (2002) find that the precision of accounting standards influences managers' attempts to manage earnings. They find that when accounting standards are precise, managers are more likely to attempt earnings management with transaction structuring (such as structuring a lease in a particular way to avoid a capital lease classification or by opportunistically timing sales of available-for-sale securities), and auditors are less likely to adjust those attempts. Managers were more likely to make attempts that decrease income with unstructured transactions (such as increasing or decreasing estimates involving judgment) when standards were imprecise. Managers are more likely to make attempts to increase earnings, but auditors are more likely to require adjustment in those cases, particularly if the amount is material.
Hernandez and Groot (2007a) use a sample of audit partner risk assessments made as part of client acceptance or continuance decisions for a Big 4 audit firm in the Netherlands and find that manager integrity, honesty, and ethics are considered to be the most important factors in fraud risk assessments, followed by concerns about aggressive revenue recognition and accounting estimates. Gillett and Uddin (2005) find the attitude of the CFO toward the behavior of fraudulent reporting to be a major influence on intention to misreport; however, compensation structure was not found to be a good indicator of intentions to report fraudulently.
In summary, academic research documents evidence of a relation between many of the incentives, opportunities, and attitudes identified in the auditing standards and the existence of fraud. This would suggest that the use of checklists identifying the existence or absence of these incentives and/or opportunities for particular clients would be helpful in an auditing setting. As discussed in the next section, however, the findings on the benefits of checklists in identifying fraud are mixed.
Procedures and Ability of Auditors to Detect Fraud
Current professional standards and authoritative guidance require auditors to provide reason- able assurance that financial statements are free from material misstatements, whether caused by errors or fraud. What constitutes "reasonable assurance" has been extensively and inconclusively debated in the literature and within the accounting profession (PCAOB, 2005; Rezaee, 2004; Harrington, 2003).5 The lack of a commonly accepted definition of reasonable assurance coupled with limitations of audit methods in identifying fraud, cost constraints of audits, and high expectations by investors have widened the expectation gap regarding auditor responsibility for detecting financial statement fraud. The CEOs of the six largest International Audit Networks believe that there should be a constructive dialog among investors of global companies and capital markets, auditors, and regulators to narrow the "expectation gap" (International Audit Networks, 2006).
In an effort to provide guidance to auditors in fulfilling their requirements as related to detecting financial statement fraud, the AICPA issued SAS No. 82 in 1997 and subsequently SAS No. 99 in 2002, entitled Auditors' Consideration of Fraud in a Financial Statement Audit. Among other things, these standards provide auditors with a checklist of risk factors to consider when making a fraud risk assessment. In this section, we first discuss research related to the usefulness of checklists in general, and then we discuss the findings of research specifically related to SAS No. 82 and SAS No. 99. We conclude this section with a discussion of research related to other fraud detection decision aids such as regression and analytical procedures.
Symptoms of fraud are often referred to as "red flags." SAS No. 99 identifies "red flags" as risk factors and further categorizes those risk factors in the three areas included in the fraud triangle: pressures/incentive, opportunity, and attitudes/rationalizations. Albrecht and Albrecht (2003) categorize the symptoms of fraud into six types: (1) accounting anomalies; (2) internal control weaknesses; (3) analytical anomalies; (4) extravagant lifestyles; (5) unusual behaviours; and (6) tips and complaints. One of the major challenges in identifying fraud is that while symptoms of fraud ("red flags") are observed frequently, the presence of such issues is not necessarily indicative of fraud (Albrecht and Romney 1986) and investigation of such anomalies usually results in a conclusion that fraud was not the underlying cause. It is also difficult to combine and weight fraud risk factors to assess overall fraud risk and formulate an audit plan (Patterson and Noel, 2003). Further, due to attempts by perpetrators to conceal their acts, "red flags" may be relatively few in frequency and minor in amount, at least in the early stages of fraudulent financial reporting.
Studies examining the use of questionnaires or checklists in assessing fraud risk have found mixed results. In one of the first studies in this area, Pincus (1989) examines the efficacy of a "red flags" questionnaire for assessing the risk of material fraud of a client using 137 auditors as subjects. Her findings suggest that the use of a questionnaire was dysfunctional for the fraud case, i.e., questionnaire users assessed the risk of fraud to be lower than nonusers. Similarly, Asare and Wright (2004) study the impact of alternative risk assessment methods (risk checklist versus no checklist) and audit program development (standard program versus no program) on the quality of audit procedures chosen and the propensity to consult fraud experts, with data based on a case from an SEC Accounting and Auditing Enforcement Release (AAER). The authors find that auditors given the standard audit program designed a relatively less effective audit program than those without the standard program (relative to a benchmark program from a panel of experts), and auditors using a standard checklist made lower risk assessments than those without a checklist. However, they did find a higher fraud risk assessment was associated with a propensity to seek consultation of fraud experts.
Relative Impact of Fraud Audit Standards
Academic studies have also attempted to identify the impact of fraud auditing standards on audit practice. Shelton et al. (2001) analyse audit manuals and practice aids and find that, although all of the firms studied include all of the SAS No. 82 factors in their audit practice aids, certain other fraud risk factors identified in academic research are not included in firm practice aids, such as (1) whether fraud risk assessments are separate or integrated with other risk assessment practices; (2) the timing of fraud risk assessment; and (3) the method of assessing fraud risk. These findings suggest that auditors limit their consideration of red flags to those included in the questionnaire.
Glover et al. (2003) find support for the use of questionnaires by comparing pre-and post-SAS No. 82 planning judgments. The authors find that post-SAS No. 82 judgments are more sensitive to fraud risk factors. For instance, post-SAS No. 82 participants are more aware of the need to modify audit plans and are more likely to increase the extent of their audit tests in response to increased fraud risk, as compared with the pre-SAS No. 82 participants. Glover et al. (2003), however, do not find evidence that auditors modify the nature of their planned tests in response to fraud risk either before or after SAS No. 82. These findings are consistent with Zimbelman (1997), who examines whether SAS No. 82 caused auditors to spend more time reviewing fraud cues and designing audit plans that are more sensitive to fraud risk. The results suggest that separately assessing fraud risk will influence auditors' attention to fraud cues and audit planning decisions and lead to overall increases in budgeted hours, but the nature of audit plans may not be affected.
Apostolou et al. (2001) examine how auditors evaluate the relative importance of 25 management fraud risk factors ("red flags") in the fraud risk assessment required by SAS No. 82. They find management characteristics and influence over the control environment red flags were approximately twice as important as operating and financial stability characteristics red flags, and about four times as important as industry conditions red flags. Furthermore, these three characteristics account for almost 40 percent of the decision weight.
Using an experimental approach with 52 audit managers as subjects, Wilks and Zimbelman (2004a) examine the use of the fraud triangle decomposition in SAS No. 99. Specifically, they investigate whether separate assessments of attitude, opportunity, and incentive risks prior to assessing overall fraud risk improves an auditor's sensitivity to high levels of incentive or opportunity risks. The authors find that auditors that decompose fraud risk assessments are more sensitive to opportunity and incentive cues when making their overall assessments than auditors that simply make an overall fraud risk assessment. The increased sensitivity to opportunity and incentive cues, however, appears to happen only when those cues suggest low fraud risk. When opportunity and incentive cues suggest high fraud risk, auditors are equally sensitive to those cues whether they use a decomposition or a holistic approach.
In another study, Wilks and Zimbelman (2004b) recommend that, because of the strategic nature of fraud, policymakers should replace standards that inhibit auditors' strategic reasoning with standards that encourage such reasoning. Specific findings include: (1) auditors who use long checklists tend to be inaccurate in assessing fraud risk; (2) auditors generally overweigh clues about management's character, which are likely to be wrong; (3) auditors are often insensitive to new evidence regarding fraud risk; and (4) when auditors use procedures based on prior audits, they become predictable and less effective. Wilks and Zimbelman (2004b) suggest that (1) audit standards should be designed to consider how management might manipulate fraud cues; (2) standards should encourage auditors to gather new, unusual, or random audit evidence; and (3) auditors should develop audit strategies that are unpredictable.
Carpenter (2008) examines brainstorming sessions (as required by SAS No. 99) and resulting auditor fraud judgments. Interestingly, the results of brainstorming were an overall loss in the number of ideas but the generation of more quality fraud risk assessment ideas. The improvement in effectiveness from her experimental research is especially evident in senior and manager auditors' final fraud risk assessments. Carpenter et al. (2006) find that when fraud is present, a group that interactively brainstorms outperforms auditors brainstorming individually and those that do not brainstorm, providing further evidence of the benefit of interactive brainstorming sessions. The results of this research are particularly relevant given the findings from PCAOB inspection teams of instances where audit teams did not hold or document a brainstorming session, held the brain- storming session after substantive testing had already begun, or did not have all key members of the audit team present at the session (PCAOB, 2007b).
Hackenbrack (1993) investigates the effect of auditor experience with different-sized clients on auditor evaluations of fraudulent financial reporting indicators using two experiments. He finds that auditors assigned primarily to audits of large companies placed more emphasis on the opportunities to commit fraud than auditors assigned to small companies. Reasons for this difference relate to differences in control structures between large and small firms and the effect of such differences on auditor perceptions of the importance of opportunities. One suggestion is that "red flag" lists need to take into account the effect of client size on different fraud risk factors.
Regression Models and Other Decision Aids
Several studies have examined whether the use of models, such as regression models, im- proves upon auditors' ability to detect fraud. Bell and Carcello (2000) investigate whether a logistic regression model including significant risk factors performs well in predicting fraud using 77 fraudulent engagements and 305 non-fraud engagements with various risk factors included as explanatory variables. A main finding is that a simple logistic model outperforms auditors in fraud risk assessment. Eining et al. (1997) also find that supplementing a checklist with a model or expert system aids auditors in assessing fraud risk and determining appropriate audit procedures.
To summarize the findings on the use of decision aids as a tool for detecting fraud, there is very limited evidence that the use of checklists improves an auditor's ability to assess fraud risk. Much of the research suggests that the use of checklists and questionnaires may actually restrict the auditor's generation of ideas, and Wilks and Zimbelman (2004b) provide suggestions for improving the audit approach. Research also supports the use of regression models or the use of expert system aids to improve the assessment of fraud risk.
An additional area that requires attention is the ability of executive-level management to override internal controls. This significant issue was a prevalent cause of many of the late 1990 and early 2000 financial scandals (Tyco, Enron, WorldCom and Adelphia). In response, the AICPA issued Management Override of Internal Controls: The Achilles' Heel of Fraud Prevention - The Audit Committee and Oversight of Financial Reporting (AICPA, 2005). One impact of this white paper is that the evaluation of internal controls should also address controls to monitor and restrict management override (e.g., review of journal entries and diligent audit committee). The possibility of management override is discussed throughout PCAOB Auditing Standard No. 2 and PCAOB Auditing Standard No. 5 (PCAOB 2004c; PCAOB 2007a); however, the PCAOB inspections have still noted instances where audit teams have failed to consider the risk of management override, particularly with respect to journal entries and accounting estimates (PCAOB 2007b).
Analytical Procedures
Analytical procedures involve forming expectations and determining whether account balances and other data appear reasonable and are often used as additional inputs into fraud risk assessment. One of the first steps in forming expectations is understanding the client's business, which Erickson et al. (2000) argue is a basic audit procedure that may have aided auditors in detecting fraud in the audit of Lincoln Savings and Loan. Analytical procedures range from basic scanning to using multifactor regression models (Green and Choi, 1997). Researchers have examined the performance of different methods and techniques and their success in detecting fraud. The following are broad categories of techniques examined in the literature.
Traditional analytical review, which involves ratio analysis, has yielded limited success in identifying fraud. One of the problems with using ratio analysis is the subjectivity involved in identifying the ratios that are likely to indicate fraud. Kaminski et al. (2004) use a matched sample design and investigate the predictive ability of 21 financial ratios for a seven-year period. Of the 21 ratios examined, none were consistently significant throughout the sample period examined. Furthermore, discriminant analysis resulted in misclassifications for fraud firms ranging from 58-98 percent, leading the authors to conclude that ratio analysis has limited ability in detecting fraud. Kaminski and Wetzel (2004) conduct a longitudinal examination of ten financial ratios on 30 matched-pair firms using chaos theory. They find that none of the ratios exhibited stable or periodic behavior and do not find any difference among the dynamics of these ratios for fraudulent and non-fraudulent firms. Their study thus provides additional evidence on the limited usefulness of financial ratios alone to detect fraud.
Alternatively, Beneish (1999b, 1997) uses a sample of GAAP violators to determine whether financial statement information is useful in identifying potential earnings manipulation. He finds that financial statement information, particularly information related to receivables and sales growth, has predictive ability in a model of the probability of GAAP violations. However, Beneish (1999b) notes that while his predictive model is more cost-effective than assuming all firms are non-violators, there is a high rate of misclassification.
Calderon and Green (1994) argue that although analytical review is typically performed on an account level, conditioning the priors on exogenous information could provide more accurate signals. They investigate whether analysts' forecasts are useful in signalling the existence of fraud and find that analysts' forecasts provide an accurate signal of the presence of fraud when financial reporting is fraudulent. In the absence of fraudulent reporting, however, the signal performs poorly at indicating the absence of fraud.
Brazel et al. (2006) examine whether the relation between financial measures and nonfinancial measures can be used to assess fraud risk. They posit that because fraud firms are unlikely to misstate both financial statements and nonfinancial measures concurrently, examining the difference between the two should help decision makers in fraud risk assessment. Brazel et al. (2006) find that fraud firms have greater differences between changes in financial measures and changes in nonfinancial measures, suggesting the importance of considering nonfinancial measures when assessing fraud risk.
Another approach to identifying potential financial fraud is the application of Benford's Law, which involves digital analysis. Using Benford's Law, one can compare the actual frequency of the digits in a data set with the expected frequency and investigate any deviations. Nigrini (1999) provides a discussion of the theory and examples of applications in an auditing setting. Nigrini and Mittermaier (1997) discuss different analytical procedures auditors can perform during the planning stage using Benford's Law and illustrate a case study. Durtschi et al. (2004) also suggest that Benford's analysis can be useful as a preliminary fraud detection tool to identify accounts with irregularities, especially on large data sets and sets of numbers that result from mathematical combinations such as accounts receivable, and also when the mean of a set of numbers is greater than the median and the skewness is positive. They caution, however, that Benford's analysis is not likely to be fruitful in certain cases such as transactions that are not recorded or accounts that have a built-in threshold to be included. Cleary and Thibodeau (2005) also examine whether digital analysis using Benford's Law has merit as a fraud detection tool, and find that using a "digit-by-digit" approach increases the chance of a Type I error, but also increases the chance of finding fraud. Benford's Law has also been used to assess trends in earnings management by examining patterns in reported numbers, similar to looking for discontinuities in earnings (Nigrini, 2005).
Artificial Neural Networks (ANNs) have also been suggested as a tool for creating expectations for account balances (Koskivaara 2004) that can be compared with actual balances. Noting the benefit of neural networks, Green and Choi (1997) state that neural networks "simultaneously evaluate all data input," this is in contrast with traditional analytical procedures that require the auditors to aggregate their findings. Researchers have explored whether fraud can be identified more efficiently with the help of neural network models as compared to traditional statistical models. Both Fanning et al. (1995) and Green and Choi (1997) find neural network fraud classification models to be promising in detecting fraud. Lin et al. (2003) develop a fuzzy neural network model and find it to be generally superior to the traditional models in assessing the risk of fraud.
In summary, the traditional analytical procedures have yielded limited success in identifying fraud. One of the reasons, perhaps, is that management is in a position to hide account irregularities and/or explain away any unusual deviations in accounts. Because of this limitation, as suggested by Calderon and Green (1994), auditors should also consider other exogenous factors. In addition, two potential approaches include applying Benford's Law, or using neural network systems, during analytical review.
High-Risk Areas
The PCAOB has identified several high-risk areas in which fraud either begins or is more common and in which the auditors may need to perform additional audit procedures to identify and document fraud risk (PCAOB 2004b). The areas identified by the PCAOB are revenue recognition, significant or unusual accruals, and related party transactions, estimates of fair value, quarterly financial information, and significant or unusual journal entries. We discuss the relevant research in each of these areas.
Revenue Recognition
The Committee of Sponsoring Organizations Report (COSO 1999) reveals that about 50 percent of frauds involve overstated revenues either by reporting revenues prematurely or by creating fictitious revenue transactions. A study by the General Accounting Office (GAO 2002) found that out of 919 financial statement restatements over the time period January 1997-June 2002, 38 percent were due to revenue recognition issues. Rezaee (2005) also reports that about 38 percent of financial statement fraud is committed by using improper revenue recognition. Beasley et al. (2000) report that common revenue fraud techniques include sham sales, false confirmations, premature revenue recognition before the terms of the sale are completed, modified terms through side letters, improper cut off, unauthorized shipments, and consignment sales.
While there is an extensive amount of literature related to earnings management in general (Healy and Wahlen, 1999), there is surprisingly little research related to revenue recognition practices. There does seem to be support, however, for identifying revenue recognition as a high-risk area. In a recent working paper, Caylor (2006) finds evidence consistent with companies managing earnings around various benchmarks through the timing of revenue recognition: either accelerating revenue recognition by increasing credit sales and accounts receivable or delaying revenue recognition through the use of deferred revenues.
Additional research examining changes in the timeliness and value relevance of revenue surrounding the release of revenue recognition guidance, more specifically AICPA Statement of Position 91-1 (AICPA 1991, hereafter SOP 91-1) related to software revenue recognition and SEC Staff Accounting Bulletin 101 (SEC 1999, hereafter SAB 101), provides evidence that managers use discretion available in recognizing revenue. Zhang (2005), in a study related to SOP 91-1, and Altamuro et al. (2005), in a study related to SAB 101, both find that recognizing revenue before all terms of the sale have been completed provides more timely and value-relevant information; however, it also reduces the reliability of revenue information. These studies suggest that managers use discretion in revenue recognition policies to achieve desired results; however, there are both positive and negative aspects associated with the discretion.
Marquardt and Wiedman (2004) examine three earnings management contexts: equity offerings where incentives are to increase reported earnings, management buyouts where incentives are to decrease reported earnings, and firms attempting to avoid earnings decreases. The results suggest that firms issuing equity tend to manage earnings upward by accelerating revenue recognition (with related accounts receivable being unexpectedly high), management buyout firms have un- expectedly low accounts receivables, and firms trying to avoid earnings decreases use more transitory, less costly items such as special items (one time accruals). These results are consistent with a need by auditors to match management incentives to the types of risks that should be evaluated as high.
Significant or Unusual Accruals
The issue of significant or unusual accruals relates primarily to the intentional overstatement of accruals in one period so that earnings can be managed in subsequent periods through the reversal of those accruals, and also failing to recognize losses due to asset impairments. These accruals include allowances for bad debts, loan loss reserves, merger-related expenses, and re- structuring reserves, among others. Nelson et al. (2002), in a questionnaire where audit partners and managers recalled specific experiences they had with clients they believed were attempting to manage earnings, find cookie jar reserves (i.e., intentional overstatement of accruals) to be the most common earnings management technique. The General Accounting Office study (GAO 2002) on financial statement restatements found that cost-orexpense-related restatements were the second most common, with 16 percent of all restatements identified being related to cost or expense recognition.
Moehrle (2002) finds evidence consistent with the use of restructuring charges as a cookie jar reserve. Moehrle (2002) examines restructuring charge reversals and finds that managers are more likely to reverse restructuring charges when pre-reversal earnings fall short of analysts' forecasts or when pre-reversal net income is negative. Beatty et al. (2002) examine efforts by private versus public banks to manage earnings when threatened by the possibility of an earnings decline. The authors find that public banks report fewer small earnings declines, are more likely to use loan loss reserves and security gain realizations to eliminate small earnings declines, and report longer strings of consecutive earnings increases. Similarly, Kanagaretnam et al. (2004) find that banks use loan loss reserves as an earnings management vehicle to reduce earnings variability, while Kanagaretnam et al. (2003) examine incentives and find that bank managers save earnings through loan loss reserves in good times and borrow earnings using loan loss reserves during bad times.
While these studies focus on earnings management and not necessarily financial statement fraud, they do imply that earnings management occurs in places where management has discretionary choices. The results support the identification of significant or unusual accruals as a high-risk area.
Related Parties
Gordon et al. (2007) provide a summary of research on related party transactions and find that the mere presence of related party transactions does not appear to increase auditor risk assessments; however, the research also suggests that related party transactions is one of the top reasons cited for audit failure when a fraud does occur. Bonner et al. (1998) examine a sample of 261 firms that were subject to SEC enforcement actions between 1982 and 1995 and document that 20 percent of their sample had fraud issues that pertained to related party transactions. Most of these cases relate to disclosure problems (17 percent), while 2 percent of the sample firms reported fictitious related party sales.
Beasley et al. (2001) investigate 56 firms whose auditors were subject to actions by the SEC, for their association with fraudulent financial statements. They find that 27 percent of their sample firms had instances where the auditor had either failed to recognize or disclose related party transactions, which, in turn, translated into the reporting of inflated asset values. Gordon and Henry (2005) examine a sample of 331 firms and investigate whether related party transactions are associated with earnings management. They find earnings management to be prevalent only when companies have certain types of related party transactions. Specifically, they find companies that obtain fixed-rate financing from related parties are more likely to manage earnings. In addition, they find earnings management to be less prevalent in companies that have related party transactions with executive chairmen or the principal owner.
Fair Value Estimates
Auditing fair value estimates is the topic of one of the other groups assembled by the Auditing Section of the American Accounting Association to provide a summary of research to the PCAOB (Martin et al. 2006). Martin et al. (2006) discuss the recent FASB exposure draft titled Fair Value Measurements (FASB, 2004), and Statement on Auditing Standards No. 101, Auditing Fair Value Measures and Disclosures (AICPA 2003). To date, there has been limited academic research in the areas of estimating and/or measuring fair value. We are not aware of any research specifically related to fraudulent financial reporting through intentionally misstated fair value measurements. However, Martin et al. (2006) cite research suggesting management opportunistically uses the discretion inherent in fair value measurements. For example, research in the area of valuing employee stock options suggests that management uses allowable discretion in estimated model inputs to bias option fair values downward (Aboody et al. 2006; Balsam et al. 2003; Bartov et al. 2007).
Quarterly Financial Information and Unusual Journal Entries
I was unable to find any research that directly addresses quarterly financial reporting and fraud or the use of unusual or top-level journal entries and financial statement fraud. Academic research suggests that the fourth quarter is used more frequently to manage earnings and settle-up (Jacob and Jorgensen 2007), and there is also a greater occurrence of write-offs and asset sales in the fourth quarter (Elliott and Shaw 1988), which contributes to the increased volatility of fourth quarter earnings relative to other quarters as documented by Collins et al. (1984). In addition, there is anecdotal evidence that management uses top-level journal entries to commit fraud (e.g., WorldCom). Additional research is needed, however, both in the area of quarterly financial statements and fraudulent activity and in understanding the process of journal entry review to detect and prevent fraud.
Conceptual Framework
Attitude/Rationalizations
Likelihood of Financial Statement Fraud
Opportunity
Incentive/Pressures
Independent Variables Dependent Variable
CHAPTER THREE
