Internal Fraud

Businesses today face many risks and dangers that they must develop systems and methods to overcome. In fact, risk is central to the concept of entrepreneurship. Being able to create products and services that have value to the consumer is a true success in itself. Beyond that, a company has to face competition, technological and equipment issues, laws and regulations, external threats such as theft, and a multitude of internal issues. In particular, internal fraud is an issue that all companies, regardless of industry or size, must learn to keep under control or hopefully even eliminate.

Fraud is a broad concept that covers many issues. “Fraud is any and all means a person uses to gain an unfair advantage over another person” (Romney & Steinbart, 2006, p.146). In light of some of the risks listed above, fraud may seem like a minor issue that only concerns the largest businesses, but this is not the case. According to one organization:

Here are some shocking statistics:

• $652 billion in revenues are lost annually to fraud, or 5% of total revenues

• The average fraud scheme lasted 18 months before it was detected

• Organizations lose 20% of every dollar earned to some type of workplace fraud

• Fraud reduces net income dollar for dollar, meaning that if the profit margin is 10%, an additional $100,000 of revenue would have to be generated to cover a $10,000 fraud (Upcoming Events , 2006)

There are two categories of internal fraud, misappropriation of assets and fraudulent financial reporting. Each of these issues requires different but equally important internal controls to ensure they do not occur. This is where a company’s accounting information system (AIS) plays a large roll. Along with the many other aspects of an AIS, internal control is crucial to that company’s success. Lastly, companies either hire or contract out auditors, who have the job of detecting and reporting these instances of fraud both for the company itself as well as for external government agencies.

Types of Internal Fraud

SAS No. 99 defines fraud as an intentional act that results in a material misstatement in financial statements. There are two types of fraud: misstatements from misappropriation of assets and misstatements from fraudulent financial reporting.

Misappropriation of assets, also known as employee fraud, is the theft of assets and is committed by a person or group of people for personal financial gain (Romney & Steinbart, 2006, p. 147). There are three conditions that must be present for employee fraud to occur. First, there is an incentive or pressure that gives an employee a reason to commit the fraud. This pressure could be financial, such as living beyond one’s means, emotional, such as greed or job dissatisfaction, or lifestyle, such as a gambling habit, drug or alcohol addiction, or peer pressure. Second, there is an opportunity which allows a person to not only commit the fraud, but also to conceal it and to convert it to personal gain. These opportunities are mostly due to inadequate internal controls. And third, there is a rationalization that allows a person to justify their illegal behavior. The most common rationalizations are 1) an employee feels that it is owed to him/her; 2) the employee feels that the rules do not apply to him/her, or 3) the employee has a lack of personal integrity (Romney et al, 2006, pp. 150-154).

The Treadway Commission defines fraudulent financial reporting as “intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements” (Romney et al, 2006, p. 148). Examples of recent cases of fraudulent financial reporting include Enron, WorldCom, and Xerox. Risk of fraudulent financial reporting increases if an organization’s financial stability or profitability is being threatened, if pressures from analysts, investors, or performance programs are high, or if the organization’s performance is threatening the financial position of individual directors (Moschella, 2006). The opportunities and rationalizations are the same for financial statement fraud as they are for employee fraud; however, the pressures are different. Usually, the pressures for misstating financial statements are of a financial nature and include such things as pressure to meet earning expectations, impending business failure, significant cash flow problems, management pay is tied to stock performance or earnings growth, or high dependence on debt. Common ways of committing financial statement fraud are inflating revenues, overstating inventories, and concealing liabilities.

While misappropriation of assets is more prevalent, the average financial damage is much smaller than fraudulent financial reporting. For this reason, auditors tend to focus more on ensuring the accuracy of financial statements (Romney et al, 2006, pp. 148-149).

Using the AIS to Detect Internal Fraud

An Accounting Information System is the collection, preparation, and processing of financial information using human and capital resources (Romney and Steinbart, 2006). This includes using resources to detect fraud. Auditors are one such source used in the detection of fraudulent acts.

In 1982, SAS No. 82, Consideration of Fraud in a Financial Statement Audit, was created in order to define an auditor’s responsibility to detect fraud. This was later revised in SAS No. 99, in 2002. It requires auditors to first, understand fraud. This will enable them to be more effective in the detection. They must discuss the risk of misstatements in fraud; this will help them to know what particular areas in the financial statements to pay close attention to. They must gather evidence, identify risks, test records, and thoroughly question management and staff. The auditors can then use the information they gathered to assess and respond to those risks. Then, they can evaluate the results of their tests to determine if there are fraudulent acts occurring and what the impacts may be. The auditors will then document and communicate their findings (Romney and Steinbart, 2006).

There are various ways a company can make fraud less likely to occur. The company can stress integrity and ethical values in their mission statement. They can require employees to take annual vacation to keep employee morale at a higher level. They can switch the duties of employees. The company can implement oversight from independent audit committee. They can maximize their supervision ability, implement