The financial scandals of the past two years at companies like Enron and WorldCom have placed tremendous pressure on everyone involved in the financial reporting process. CPA firms, corporate management and financial analysts have all been challenged to increase their vigilance in preventing and detecting fraud.

Much of the emphasis has been on the accounting profession. In fact, the Sarbanes-Oxley Act of 2002 is the most significant piece of legislation to affect the profession in 70 years. It created a new Public Company Accounting Oversight Board (PCAOB) to establish and enforce auditing, quality control and ethical standards for auditors of public companies.

An equally important focus has been to strengthen corporate governance so that public companies themselves become equally vigilant in preventing and detecting fraud. The MACPA recently spoke with corporate executives about the tools they are using to help with these efforts.

SAS 99 Exhibit
In October 2002, the Auditing Standards Board (ASB) issued a new audit standard, dubbed SAS 99, providing U.S. auditors expanded guidance for detecting material fraud. It warns auditors of the danger of getting too close to management, and declares that every engagement should be approached with skepticism. It also makes specific suggestions on how to strengthen internal control.

“SAS 99 also does something no audit standard has ever done before,” explains past chair of the MACPA Financial Institutions Task Force Matthew Burgess, general auditor with VW Credit in Auburn Hills. “An attached exhibit challenges corporate management to be equal partners with their auditors in creating an environment that will deter and prevent fraud.”

The AICPA and six other professional associations issued the exhibit, called “Management Antifraud Programs and Controls: Guidance to Help Prevent and Deter Fraud,” as a set of recommendations for boards of directors, audit committees and management. It spells out ways companies can create an environment that will neither condone, nor be conducive to, the existence of illegal activities.

“The exhibit’s recommendations fall into three broad categories,” explains MACPA Chair of the Board Karen Wiltsie, audit partner with Deloitte in Detroit, one of a number of Michigan CPA firms helping companies implement a comprehensive system of internal controls. “It focuses on creating a culture of honesty by setting a ‘tone at the top’ for ethical behavior and on establishing some very specific antifraud controls.”

“Neither fraudulent financial reporting nor misappropriation of assets can occur without a perceived opportunity to commit and conceal the act,” agrees AICPA/MACPA Board Member Leslie Murphy, managing partner of Client Services with Plante and Moran in Southfield. “The exhibit spells out how organizations can identify risks, take steps to mitigate them and implement effective internal controls.”

The responsibility of evaluating management’s anti-fraud controls is squarely on the shoulders of the audit committee members. According to Murphy, “Delegated by the board of directors, it is the audit committee’s responsibility to make certain senior management, particularly the CEO, has implemented an effective system of internal controls.”

Fraud Prevention
Fraud can be difficult to detect because it often involves concealment through falsification of documents or collusion. The risk can be reduced through a combination of prevention, deterrence and detection measures. 

“The first step is to put internal controls in place to persuade individuals that they should not commit fraud because of the likelihood of detection and punishment,” says Murphy. “Stopping fraud before it occurs is much less costly than having to investigate it after the fact.” 

The key elements of the anti-fraud programs and controls discussed in the SAS 99 Exhibit include:

• Creating and maintaining a culture of honesty and high ethics. An ethical culture needs to be set by management through their daily words, but more importantly, their actions. Companies should clearly communicate a code of conduct to all employees so they may be empowered to make appropriate ethical decisions even when they are far from headquarters or confronted with a new dilemma. 
• Evaluating the risks of fraud, and implementing controls. The controls spelled out in the SAS 99 exhibit include preventative controls (reducing the opportunity to commit fraud), mitigation controls (reducing the impact of the potential fraud), and transference (selecting appropriate fraud insurance, such as a fidelity insurance policy). 
• Developing an appropriate oversight process. All levels of an organization should adopt a level of fraud awareness similar to a “neighborhood watch” program. Since tips from employees are the number one way fraud is uncovered, employees should have a means to communicate wrongdoing without fear of retribution. 
• Demanding independent verification. Internal and external auditors can help to ensure that controls are operating effectively. Such reviews should be reported directly to the audit committee.

Not Just Large Public Companies
According to Wiltsie, it’s not just large public companies that need to implement measures to prevent and detect fraud. 

“Public companies of all sizes fall under the new regulations imposed by the new Sarbanes-Oxley law,” she explains. “And all organizations, both public and private, might do well to consider the benefits of the oversight of an audit committee.”

The AICPA recently distributed an Audit Committee Toolkit as a primer for audit committee members. It’s aimed at small- and medium-size companies, both public and private, interested in having an audit committee oversee their financial reporting process. 

“The toolkit is very specific,” explains Judith Trepeck, president of The Trepeck Group in West Bloomfield and chair of the MACPA Corporate Governance Task Force. “It is relevant for all audit committee members regardless of their financial sophistication. There’s no one who could not benefit from reading this very useful ‘how to’ document.”

Among the questions the toolkit answers include:

• What steps can be taken to make certain the audit committee’s objectives as stated in its charter are being met? How can performance be measured?
• What are the basics of establishing an effective internal control system? How can an audit committee determine whether such a system has in fact been established? 
• What questions should audit committee members ask the CEO, CFO or controller? Why is it so important to speak with them without any other corporate officer present?
• What are the regulatory responsibilities of audit committees? What SEC forms do they need to submit, where can they find them, and how do they fill them out?
• What is the definition of a “financial expert?” How can an audit committee be certain that it meets the SEC’s new requirement that at least one audit committee member be a financial expert?

Auditing Committee Matching Service
As part of its Center for Audit Committee Effectiveness, the AICPA has also created the Audit Committee Matching System to provide companies access to a database of CPAs who may meet the skills and experience necessary to serve on boards of directors and their audit committees.

“Remember, the Securities and Exchange Commission [SEC] now mandates that at least one audit committee member be a financial expert,” says Trepeck. “The matching service allows companies to find members of the AICPA who meet the SEC definition of a ‘financial expert.’"

A financial expert is defined by the SEC as a person who has the following attributes:

• An understanding of generally accepted accounting principles and financial statements;
• The ability to assess the general application of such principles in connection with the accounting for estimates, accruals and reserves;
• Experience preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the registrant's financial statements, or experience actively supervising one or more persons engaged in such activities;
• An understanding of internal controls, of procedures for financial reporting, and of audit committee functions. 

“The need for qualified people on audit committees goes beyond SEC registrant companies,” explains Trepeck. “Best practices are important for all companies, whether publicly-held or privately owned. There are thousands of not-for-profit and other organizations that should also be held to the highest standards of corporate governance.”

The most important thing for all parties to remember is that “we are all in this together,” according to Burgess.

“Preventing and detecting fraud, and creating financial disclosures that are accurate and transparent, is everyone’s business," says Burgess. “CPA firms, analysts, corporate management, boards of directors and shareholders all will benefit through the implementation of these new controls and safeguards.”

The Audit Committee Toolkit is distributed without charge by the AICPA. For further information contact the MACPA at (248) 267-3700.

*The full SAS 99 exhibit, “Management Antifraud Programs and Controls: Guidance to Help Prevent and Deter Fraud,” can be downloaded from www.aicpa.org/antifraud/management/20.htm. 

Further information on fraud and implementing antifraud programs and controls can be found at the Web sites of those organizations responsible for the SAS 99 Exhibit.

American Institute of Certified Public Accountants www.aicpa.org
Association of Certified Fraud Examiners www.cfenet.com
Financial Executives International www.fei.org
Information Systems Audit and Control Association www.isaca.org
The Institute of Internal Auditors www.theiia.org
The Institute of Management Accountants www.imanet.org
National Association of Corporate Directors www.nacdonline.org
Society for Human Resource Management www.shrm.org