Issue 10 | December 2013

Fraud Awareness an Ongoing Concern

Cyber fraud gets more sophisticated

With Bernie Madoff’s employees facing a jury trial this month, and International Fraud Awareness Week having recently taken place, the timing is good to focus on the latest fraud threats being discussed. Oftentimes, frauds can include basic low tech approaches. For instance, in the trial, Madoff was said to have hired employees with limited technical skills and no experience who then would create broker statements with false data by cutting and pasting. The employees contended that they trusted Madoff as a mentor and were unaware that they were doing anything wrong.

Accountants scratch their heads wondering how the SEC could have missed such basic shortcomings, especially considering that Madoff’s auditor was a one man shop, which would typically not have the trained resources to provide a valid audit opinion. Even so, looking out for low tech defalcations, while vitally critical, is not enough these days. The rapid advances of technology enable the creation of frauds at a pace that can be difficult to keep up with.

 Indeed, a recent Intuit study, the 2013 Future of Accountancy Report, states that “Business complexity will increase, making it even tougher for accounting firms and professionals to stay up to date and informed on key regulatory, compliance and business issues…The professionals of 2020 will understand data integrity, security and privacy concerns as well as the broader use of decision-support systems.” Accountants will need to persistently focus on enhancing their technical acumen in order to fulfill that prophecy. The benefit, the study proclaims, will be that “Technology consulting opportunities for accounting professionals will increase. Data management, compliance, security and privacy consulting opportunities will be particularly strong.”

To help, the AICPA in October produced a white paper, The Top Five Cybercrimes, to alert accountants in public practice as well as industry of cybercrimes currently of greatest concern, along with assistance in dealing with them. The cybercrimes covered are:

1.  Tax-refund fraud
2.  Corporate account takeover
3.  Identity theft
4.  Theft of sensitive data
5.  Theft of intellectual property

A 2012 report of the Treasury Inspector General for Tax Administration estimated 1.5 million undetected tax returns with over $5 billion of tax refund fraud. Often these involve use of deceased taxpayers’ names and social security numbers. Those performing pension plan audits are also faced with this type of concern, and need to design procedures to validate that distribution payees are still living. Fraud of the Day, a feature highlighted on the International Fraud Awareness website, relates the story of a man that forged his dead mother’s signature on pension checks for several years after her death before being caught.

 Corporate account takeover can occur when a controller’s login credentials are illicitly acquired through email attachments web downloads or file transfers. Or a cybercriminal can hack into a computer, find the banking information, access the account online through the hijacked computer, and transfer funds.

With identity theft and theft of sensitive data, the key information is gained virtually, similar in fashion to corporate account takeover, or in low tech ways, such as dumpster diving or copying from credit card receipts. Fraud of the Day relates the use of a “Zapper,” software that modifies electronic cash register or point of sale networks, in order to skim funds. The Zapper is loaded from a memory stick or CD. In one case, the Zapper was employed on a hand held scanner used for inventory control. The scanner enabled access to a restaurant’s inventory control system, where sales and inventory date could be manipulated to cover up the skimming.

Intellectual property theft is facilitated by the easy access and copying of files, such as movies and music that can be purchased once and resold multiple times. Even more insidious is state-sponsored cyber theft, such as coming from China, where all kinds of proprietary data are stolen.

The Top Five Cybercrimes quotes a Verizon study that determined that 87% of security breaches could have been avoided had reasonable security controls been in place. Some strategies suggested by the AICPA white paper for dealing with cyber risks are 1) security audits and controls, 2) business insurance, and 3) an incident response plan.

Security audits are considered the best defense. The white paper suggests that “For optimal results, clients should ask their CPA to audit their privacy and security policies and controls.” Preventive control strategies to then consider include patching vulnerabilities, limiting access internally, building firewalls and intrusion detection systems for external threats, and putting monitoring systems in place.

Business insurance should be in place and reviewed periodically to cover losses from cybercrime, just as with any other insurable risk.

An incident response plan should be developed and ready for deployment, that identifies which of the five described cybercrimes are a threat, what types of losses could be incurred, and how to respond and achieve full recovery.

The whitepaper concludes “The proliferation of cybercrime does not require CPAs to assume the role of cyber security expert. However, by becoming and remaining informed and aware of the core elements of cybercrime, and seeking assistance from security professionals when necessary, CPAs can best identify preventive, detection and reparative measures.” Integra International is fortunate to have a depth of knowledge in this area within the association with members, such as Steve Ursillo, Jr. from Providence, R. I., who specialize in information system security, internal control assessments, fraud detection, data extraction and analysis, and information technology assurance services. 

For further information, see The Top Five Cybercrimes and International Fraud Awareness Week and 2013 Future of Accountancy Report

Nontraditional Profit Reporting Threatens Comparability

IFRS and GAAP often sidestepped for more attractive numbers

Recently, our Integra International member in New Zealand, John Cockcroft, shared with us an article from the New Zealand Herald raising concerns about a “loss of faith in accounting standards.” New Zealand has adopted International Financial Reporting Standards (IFRS), the goal of which is a standardized, comparable set of reporting standards worldwide. However, as the article by Brian Gaynor pointed out, companies are making all kinds of adjustments to their profit numbers to make them look better than the IFRS reported amounts do.

This sentiment was echoed in the USA in November when social media phenomenon Twitter launched its public stock offering. Under US GAAP, Twitter showed a loss of $134 million for the first nine months of the year. After some adjusting, a better looking non-GAAP net loss of $44 million appeared, and adjusted EBITDA actually reflected a positive $30 million. Twitter justifies the adjustments stating that “We are presenting the non-GAAP measures of Adjusted EBITDA and non-GAAP net loss to assist investors in seeing our operating results through the eyes of management, and because we believe that these measures provide an additional tool for investors to use in comparing our core business operating results over multiple periods with other companies in our industry.”

Interestingly, Michael Prada, IFRS Foundation Chairman, just spoke in Japan on the topic “À la carte accounting will not deliver globally consistent standards.” While trumpeting the success of IFRS, he deplores the persistence in some countries of hanging on to certain local standards while contending they are converging with IFRS. Prada notes that 85% of the 81 countries profiled thus far are already committed to full IFRS adoption. Unfortunately, as observed in the October Audit & Accounting Alert, those persisting in their old ways, including the US, make up half of the world’s population.

Experiences in New Zealand and the US show that even if a set of common standards are widely adopted, the goal of uniformity will be defeated if a more effective means of applying and enforcing the standards is not implemented. 

In the case of Twitter, knowledgeable accountants may understand the rationale of recasting profits in certain cases. The major adjustments related to stock-based compensation and amortization of acquired intangibles. While management may be justified in using nontraditional metrics which better suit their purposes, the average investor may not have the level of sophistication necessary to evaluate the differences and how they compare to other companies.

Companies in the US cannot be faulted for modifying results. The SEC established Regulation G which allows just such measures, as long as GAAP is presented alongside. Nevertheless, with either US GAAP or IFRS, more work needs to be done to find ways to reduce the confusion and potential deception, intentional or otherwise, that has arisen from the prevalence of alternative profit reporting. Of course, that may appear like an easy task compared to getting the US to finally adopt IFRS, considering the seemingly intractable differences witnessed between the FASB and IASB. 

TFor further information, see New Zealand: Good and bad news in reporting season and Twitter IPO - S-1 Amendment and À la carte accounting will not deliver globally consistent standards.

Additional A&A News

The following links provide a selection of current articles devoted to highlighting other A&A topics currently making news.

1. UK governmental audit changes could undermine independences
2. CPA Profession’s Journey of Greatness
3. Why CFOs Must Become Chiefs of XBRLk
4. The Great IFRS Swindle: Accountants Scamming Accountants
5. Compromise for Lease Accounting Overhaul Starts to Fall Apart
6. IASB Adjusts to Changing Relationship with FASB