The sudden implosion of many companies at the dawn of the Third Millennium was not a repudiation of GAAP. It was a break- down in the system of checks and balances that supported GAAP. Even governmental and charitable organizations were infected.

The revenue recognition principle still applies, even though companies reported as current income cash they would not receive for several years. The consistency principle was routine- ly violated as depreciation schedules were strung out over sev- eral years, falsely lowering expenses and thus increasing income. The prudence principle flew out the window as the wildest revenue forecasts drove investors to a fury. Managers, in collusion with their auditors, mocked the full disclosure principle as they reported nonexistent income and hid liabilities behind offshore partnership shells.

Yes, these have been some hard times for managers and accountants—and harder for lots of investors. As a manager, you should understand the temptations that will be placed before you. If you work in a public company, the pressure on quarterly earnings can crush you like a bug if you don’t meet your num- bers. If you work for a privately held firm, bankers and taxing authorities will show great interest in your financial reports.

By providing a check on unscrupulous managers, the audit function should stop the sort of abuses that have resulted in corporate scandal. The audit function failed in most cases through personal cupidity on the part of auditors rather than structural flaws in the audit process.

Your business should have two types of audits. An internal audit will look at things like financial controls to make it harder for assets to be diverted from within the company. An external audit will declare that the firm’s financial reports meet GAAP standards. Both are often conducted simultaneously.

Studies suggest that internal business fraud losses average 6% of revenue of all U.S. business revenue. A small percentage of owners make off with the most money, but employees are the most active. Since we have just learned about the materiali- ty constraint, ask yourself if 6% of revenue is worth trying to recover. Yes, the cost/benefit constraint does kick in.

A series of best practices have developed over time to con- trol internal fraud. These internal controls cover the handling of cash and cash-generating items such as invoices and purchase orders, access to computer systems and programs, and prepa- ration of financial statements.

The most common types of fraud committed by employees involve making charges to expense accounts to cover theft of cash/inventory, “lapping” (using a customer’s check from one account to cover theft from a different account) and transac- tion fraud, deleting, altering, or adding false transactions to steal assets.

Fraud by owners and managers often takes place at man- Position

Owner

Volume 12%

Percent

$1,000,000

Management 30% $250,000

Employee 58% $60,000

Table 2-2. Business fraud loss

agement levels above the one to which the internal control structure applies. Management fraud frequently involves using financial statements to create the illusion that the entity is healthier and more prosperous in order to cover misappropria- tion of assets. The misappropriation is usually shrouded in a maze of complex business transactions.

Internal controls include such procedures as monitoring activities, segregating financial responsibilities, physical control of cash and convertible assets, procedural controls for things like numbered invoices, access control to sensitive areas, and various authorization and approval levels.

Tip-Offs to Fraud

• Financial pressures—These are usually caused by an immediate financial need.

• Poor internal controls—These are especially crucial for the review and timely counting of liquid assets like cash.

• Too much control—The most common reason for the opportu- nity to commit financial crime is that too much authority or responsibility is placed in one employee, circumventing a good sys- tem of internal control.

• Lax management—Management must take responsibility for averting internal crime and properly supervise and review subordi- nates’ work.

• Failure to screen employees—Integrity is tough to measure, so screen out those potential employees who have a known history of dishonesty.

• Poor money management—Employees with a known history of credit problems are at high risk for handling financial transactions.

(See above.)

• Personality changes—These could be the result of financial pres- sures, marital problems, gambling, drugs, and alcohol—all of which can lead to theft.

• Living beyond one’s means—Employee with conspicuous spend- ing habits or a penchant for expensive items often support their lifestyles through internal crimes.

• Outside business interests—The financial obligations imposed by outside employee business interests provide a strong motivation for internal crimes.

In establishing internal controls, good manage- ment decisions help in creating a positive work environment. If the con- trols are presented as pru- dent for the health of the company and designed to help protect employees from suspicion, accept- ance is high. If the cost/benefit threshold is crossed and the controls restrict work and increase frustration, they often increase the possibility of fraud.

If your company has no internal controls or does not pay attention to them, it could be beneficial to have an audit with a stated objective of examining internal controls. After all, a main reason for internal controls is to reduce the risk to the integrity of the firm’s financial statements.