The Association of Certified Fraud Examiners (ACFE), in reporting on collusion in its 2018 Report to the Nations(http://bit.ly/2BIITfH), indicates that there is a direct correlation between collusion and the cost of a fraud incident, rising from an average of $74,000 for one perpetrator to $339,000 for three or more perpetrators. While this trend is alarming, there is a paucity of research on the causes and mitigation of fraud perpetrated by collusion. Beyond this observation, however, the ACFE does not correlate collusion to lax internal controls. Moreover, collusion can easily override the basic tenets of segregation of duties, which is the foundation of good internal controls.
When researching this article, the author had to rely on international studies that focused on the collusion trend in fraud. To that extent, the World Bank Group reports in its 2017 annual update that fraud collusion is rising (http://bit.ly/2Sfv65Y). Specifically, collusion accounted for 11% of all fraud reported between 2013 and 2016 (35 cases out of 311), but grew at a rate of 150% in 2017 to 22% (22 cases out of 100). Although the sample size is relatively small, and the method of accounting did change in 2017, this appears to be a disproportionally growing trend. Anecdotally, the author and colleagues also sense that this trend is growing.
The reason for this apparent trend may be simple: managers, auditors, and even forensic consultants focus on good internal controls that assume that segregation of duties will make for good controls. With collusion, this assumption can no longer be made. Are auditors too focused on fraud by assuming that proper segregation of duties occurs without collusion? If so, what can auditors do to timely detect material misstatement due to fraud, or fraud due to collusion? This article attempts to answer those questions by exploring what the standards say about collusion, then understanding the nature of collusion, and finally combining that understanding with the audit standards’ requirements to develop a set of likely responses when addressing financial statement fraud.
Collusion as Defined
AU section 316 contains two discussions about collusion. The first covers the general nature of collusion, but the second discusses it in a more nuanced form. Generally, it states:
Fraud also may be concealed through collusion among management, employees, or third parties. Collusion may cause the auditor who has properly performed the audit to conclude that evidence provided is persuasive when it is, in fact, false.(emphasis added)
Thus, the standard recognizes the risks of collusion and the elevated risk to the auditor in rendering an inappropriate opinion, colloquially known as “audit failure.” The standards were, however, amended to describe this risk in a more nuanced fashion, as stated in paragraph 86.12:
Characteristics of fraud include (a) concealment through collusion among management, employees, or third parties; (b) withheld, misrepresented, or falsified documentation; and (c) the ability of management to override or instruct others to override what otherwise appears to be effective controls. (emphasis added)
Thus, the amended standard brings to auditors’ attention the issues with two types of fraud: asset misappropriation and financial statement misstatement (also known as “management fraud”). In the first type of fraud, employees, vendors, customers, and others must recruit, or at least coordinate with, their coperpetrators. As discussed below, this is not an easy task; in an asset misappropriation scheme, recruitment and coordination requires certain amount of risk by the individuals. In addition, such collusion could at times result in misstatement of the financial statements, although this might not rise to the level of a material misstatement.
The second type of fraud requires less effort by management because managers who wish, for example, to post a debit to accounts receivable and a credit to gross sales would merely have to instruct a subordinate to post this journal entry; managers themselves often operate without much oversight. Even with a good segregation of duties, the audit standard posits, management is in an easier position to perpetrate material fraud. This increases the risk that auditors will miss the fraud.
Methods of Collusion
Having established that auditors must consider collusion, what are the unique characteristics of collusion itself? In general, collusion is a cooperative action among parties. Often, a main instigator conceives or even executes the fraud alone at the beginning, but is still constrained by whatever internal controls are in place. To breach the internal controls and achieve a higher level of fraudulent activity, any fraudster must overcome three challenges: commit the fraud, convert the fraud to a personal benefit, and conceal the actions. This becomes easier when fraudsters are working in coordination; thus, collusion is born out of necessity to overcome what would otherwise be a well-designed set of internal controls.
Initial perpetrators recruit coconspirators in a variety of ways. These methods are often outside an auditor’s ability to detect, and sometimes only known after the fact, once a fraud investigation has commenced. It may, however, benefit auditors to understand these recruitment methods, as there could be telltale signs that a coordinated scheme is underway.
Simply put, the ringleader exerts power over the coconspirators. When asked about the reason for a certain action—even if it is legitimate and approved—the coconspirators will constantly refer to their boss without taking any authority to themselves. This could be a red flag for auditors that a powerful supervisor is exerting such authority, and that a coordinated fraud could be underway.
Here, the ringleader offers a carrot instead of a stick. The coconspirators may be promised certain rewards such as a promotion, bonus pay, or an elevated status. The latter is particularly important to members of management in a financial statement fraud because it often carries with it the conversion element of fraud; they can command better pay, benefits, and “bragging rights.” For example, in two unpublished recent financial statement fraud cases of which the author has direct personal knowledge, the CFO committed various financial statement fraud schemes just to “make the company look good.” No direct benefit was derived; the long-term plan was to demonstrate their management capabilities and thus command better pay and benefits.
The second type of reward is more tangible: for example, gifts, unauthorized raises in pay, and increases in vacation days. This type of recruitment cannot be readily detected, except with a whistleblower program. Fellow employees, customers, and vendors who are encouraged to report suspicious activity may be able to see this more clearly than the external auditors. For their part, auditors should be able to explain and recommend an anonymous tip program, which has been consistently shown to be an effective path to fraud detection. In its 2018 Report to the Nations, the ACFE found that 40% of frauds—the highest rate—are found through anonymous tip lines (http://bit.ly/2BIITfH).
Here, the ringleader leverages some degree of expertise that others do not possess to compel the coconspirators to perform in coordination. Coconspirators may even be unwittingly participating in the fraud, innocently believing that the expertise the ringleader possesses bestows the authority to override certain controls. For example, a CFO may order a controller or a sales manager to post a sale of a transaction too early and cite that this is what “accounting rules” require. The sales manager will then create a regular transaction in the business cycle information system, which will make it harder for auditors to detect. Of course, auditors could focus on such last-minute transactions, as they may pose a higher risk, but a sophisticated CFO may circumvent this in various ways (e.g., backdating the sales transaction).
This “soft persuasion” method puts both conspirators on the same level, making them both feel and act as if their common interest is greater than that of the organization. This is the most psychologically driven type of recruitment, often accompanied by past trust, friendship, or cultural affinity. Coconspirators will generally not present any visible or verbal clues to auditors; friendship or familiarity are not likely to be obvious. The one exception is cultural affinity, which is strong and exists implicitly. If an auditor detects a particular protective demeanor between people of the same background, this could be a sign that untoward actions are underway. Of course, auditors must be careful not to make assumptions about certain cultures and only act on the facts presented to them.
Auditors should remember that materiality is not only quantitative, but also qualitative.
How Auditors Can Address the Risk of Collusion
Auditors should remember that materiality is not only quantitative, but also qualitative. For example, if a not-for-profit organization suffers even a small fraud, donors may get the impression that management is lax, and the donations may suffer as a result. Such a fraud disclosure—whether in the financial statements or otherwise—would have a material effect on the future of the organization, which auditors would be well advised to consider. It may also be helpful for auditors to recommend antifraud measures such as anonymous tip lines, training for managers and employees, and internal audits.
Second, auditors should be well trained on such matters when planning and performing their procedures. The understanding of financial transactions and the economic substance behind them is, of course, paramount to auditors’ ability to render an appropriate opinion. It is also necessary for auditors to become proficient in detecting internal control risks, such as the ability of more than one person to override such controls.
Third, auditors should let every audit stand on its own and avoid claiming that prior knowledge of the client is sufficient to know that the internal controls are well designed. For example, when a relative of an accounting clerk is newly hired to work in the warehouse, the possibilities of collusion and material theft of inventory cannot be ignored just because previous years’ audits “found nothing.” The absence of such findings, and the lack of training and sensitivity to the telltale signs of fraud by collusion, could be a sign that the fraud exists but has gone undetected (as all fraud does, initially). Delivering audits of this quality is not just compliant with GAAS, but can also render the audit firm uniquely capable of providing services, advice, and added value, especially in the antifraud arena.