Managing the evaluation process of fraud risk is crucial to any organization.  There are two types of fraud.  One is misappropriation of assets aka embezzlement of cash and the other is financial reporting aka cooking the books.  Both types of fraudulent activity should be evaluated at minimum annually.  The risk we will be reviewing in this article is management override of internal controls.  According to the AICPA (American Institute of Certified Public Accountants) they call management override of internal controls the Achilles heel of fraud prevention.  Consider adding this risk and evaluating management override of controls in your fraud risk assessment. 

What is management override of internal controls? Good question.  It is simply management’s intervention in handling financial information and making decisions contrary to internal control policy.  Usually, this risk is highest when executive management or upper management’s salary is tied to the financial performance of the organization.  This risk of management override of internal controls traditionally occurs in for profit or public entities.  However, if your organization is a nonprofit or municipality and there are managers whose bonus is tied to grant revenues or other similar revenues, your organization is at risk of management override of controls to some level.  At which level depends on each individual’s organization’s structure. 

Let’s look into a couple of higher risk accounts.  These include revenue recognition and inventory quantities.  We will review each one and the most common type of fraudulent financial reporting.

Inventory Fraud Schemes

  1. Place fictitious inventory on the books
  2. Do not record purchases, but count them as inventory
  3. Capitalize expenses and place them in inventory or some other asset

Procedures When Inventory Fraud Risks Are Identified

  1. Perform an inventory at the end of the reporting period.  Perform unannounced inventory count in between reporting periods and compare these inventory observations with year-end observations to ascertain reasonableness and accuracy. 

  2. Perform analytical procedures to ascertain reasonableness of the item count and dollar amount.  An example of a red flag is a number on the inventory records for a certain location is highly improbable due to the limited size of the location. 

a. Percentage of inventory to total assets higher than average of the last 3 – 5 years
b. Ratio of cost of sales to total sales decreased over time?
c. Is inventory increasing faster than sales?
d. Compared to prior years has inventory turnover slowed down?
e. Is the number of inventory items too large to fit in the location?

3. Ask employees straight-forward questions such as:

a. Has anyone asked you to inflate inventory in any way?
b. Has anyone asked you not to record purchases or to wait in recording them?
c. Do you know anyone that is committing fraud?

Red Flags to Look For

  1. Large differences between reported inventory balance and the observed inventory balance
  2. Inventory tag or count sheet has been altered or have signs of being altered
  3. No eliminations of intercompany and interplant inventory movement
  4. General journals are used to increase the inventory balance and is there backup files to ascertain the general journal amounts

Revenue Recognition Fraud Schemes

A picture containing text, person

Description automatically generated
  1. Hold the accounting books open for revenue to recognize the next period’s revenues in the current one
  2. Book revenue before contracts are finalized
  3. Bill and hold scheme (customer agrees to purchase goods, but seller has possession of the product until customer requests shipment

Procedures When Revenue Recognition Fraud Risks Are Identified

1. Perform analytical procedures such as:

a. Accounts receivable turnover ratio (has AR turnover slowed down compared to prior periods), Is the aging reporting large past-due balances from related parties or unfamiliar customers

2. Vouch revenue vouchers (invoices) near and after year-end.  This procedure will give you insight as to whether revenues were reported in the correct period

3. Review all general journals posted to revenues to ascertain existence and classification

So far we identified a couple of procedures your organization could be performing when fraud risks related to revenue recognition and inventories reported.  But where do you start?  How do you not solely detect fraudulent financial reporting but prevent it? 

The AICPA provides excellent material on how to prevent management override.  No procedure is full proof or provides absolute assurance but it is better to be prepared and proactive rather than being reactive and facing the consequences of a reactive organization. 

Create an Audit Committee

The audit committee will be the group charged with providing oversight of the financial reporting process, audit process, organization’s system of internal controls (checks and balances), and compliance with laws and regulations.  If an organization is too small and cannot create an audit committee the current board of directors can be considered the audit committee.  What should the audit committee do?  Firstly, each member should have an excellent understanding of the business.  If your organization is a local government, each member should understand the financial processes of the local government.  Understanding how the whole entity works together will help each member identify fraud risks or risks to human error. 

Professional Skepticism

Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence.  Use your understanding of the organization’s internal control processes to ask hard questions.  Do not blindly believe management but ask questions to better understand the financial reports.  For example, if management is reporting cemetery interment revenues of $150,000, the audit committee could be asking how many plots were sold.  If only two plots were sold, the audit committee should be asking for the revenue receipts, cash receipts to better understand how only two plots could create $150,000 in revenues.  This is an extreme example, but I think you get my point.  Don’t simply believe the numbers but ask questions when the reports do not match up or make sense to you. 

Brain Storming to Identify Fraud Risks

What is the potential for fraud in your organization?  Where in the process could a finance personnel or accounting personnel perpetrate fraud?  A brain storming session should include internal factors and external factors that might (1) create incentive for management or other personnel to commit fraud, (2) opportunities to commit fraud, and (3) indicate how a culture or environment could cause management to rationalize committing fraud.  These three topics or items are taken directly from the fraud triangle.  According to the ACFE (Association of Certified Fraud Examiners), typically there are three items in every fraud: (1) incentive or pressure to commit fraud, (2) opportunity to commit fraud, and (3) Fraudster rationalizes the fraudulent activity.  Internal incentives, and pressure of financially performing and organization’s culture could be a risk for the first part of the triangle.  The risk of opportunity to commit fraud is at its highest when one employee performs and manages all of the financial reporting.  

Use Code of Conduct or Ethics Policy

The AICPA states that a policy does not prevent fraudulent activity but if the audit committee uses the code of conduct or ethics policy as a gauge or a way to assess the organization’s culture, this assessment should give light to unwanted procedures or attitudes that are currently being held by management and personnel.  Consider providing training to management and personnel about the code of conduct or ethics policies.  If the personnel and even management perceive the audit committee is committed to the code of conduct or ethics policy, the code of conduct or ethics policy can be used as a fraud prevention tool. 

Whistleblower Program

Creating a program which allows employees, customers, vendors, and all other stakeholders to call in on a phone line or write to a web-based platforms is key in preventing and detecting management override of controls.  The ACFE performs a biennial fraud survey and for many years the whistleblower program is the best preventive and detective fraud tool an organization can implement.  The audit committee should be reviewing on a regular basis all messages either via phone or the web-based reports.  After the review, the audit committee should look further into any or all allegations. 

Develop a Feedback Network

Identifying management override of controls is extremely difficult that is why the audit committee should have a network of professionals to help them understanding the business, its financial processes, compliance with laws and regulations, HR or compensation committee, or other key employees. 

Consider meeting with these professionals and discuss the financial reporting process (including management estimates), fraud risks, red flags such as inconsistencies with reporting.  The information used from this network can be used to brainstorm potential for fraud. 

Final Thoughts

Fraud may not be a subject anyone want to deal with, but the fact is most organization experience fraud at some level.  It is important to proactively prevent fraud and detect fraud.  If you would like to understand more and implement fraud assessment in your organization, I suggest reading the ‘Managing the Business Risk of Fraud: A Practical Guide’.  This book is free online simply google the title and you’ll be able to read a PDF version of it. 

If you would like to speak with me, I am available. Please email me at david@dfarnsworthcpa.com or call me at (408) 780-2236. Have a great day!

David Farnsworth, CPA  

P.S. We are on a mission to help local governments with fraud prevention and governmental finance. We exist to help eliminate abuse, wasteful spending and fraud. Our goal is to help you run a transparent financially responsible District or Agency. When you’re ready, here are a few ways we can help right away:  

  1. Sign-up to our monthly newsletter here. We cover topics ranging from fraud prevention, financial reporting, government budgeting, etc. 
  2. Take our fraud risk assessment (link to assessment here) We’ll give you specific recommendations on how to improve your situation right away.
  3. Receive our free fraud prevention package (click this link to schedule a meeting)
  4. Jump on a video conference call to get specific fraud prevention recommendations (click this link to schedule a meeting).  
  5. Request a proposal to perform the financial audit. request for proposal.