wiley finance accounting minibook

Accounting e-sampler

MinibookFeaturing:

Audit and Assurance Essentials: For Professional Accountancy Exams, Frequently Asked Questions on IFRS,

Countering Fraud for Competitive Advantage,

IFRS Essentials, Managing Fraud Risk,

IFRS and XBRL.

FREE Sample

Chapters

This edition first published 2012. © 2012 John Wiley & Sons Ltd.

Registered office John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com/finance.

The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

www.wiley.com/go/ifrscataloguewww.wiley.com/go/auditingfraud&compliance

Save 30% on these and other accounting titles by quoting APQ30 when you checkout at www.wiley.com

What you need, when you need it…

Like most organisations, knowledge is the foundation of our business; without it, we stand still. Utlising that

knowledge by sharing chapters from the books of some of the most respected authors in the profession,

Wiley are proud to offer you this free e-sampler.

We hope you enjoy it and benefit from it. Please feel free to share, post or tweet and let us know what you

thought of it via the social media links below.

To keep up-to-date with our latest publishing in this area and to receive information on forthcoming titles,

promotions and discounts, sign up to receive our newsletter here

www.wiley.com/go/accounting

SAVE 30%

http://www.facebook.com/wileyglobalfinance

http://www.twitter.com/wiley_finance

Please feel free to post this product

Accounting e-sampler

Minibookon your blog or website

Or forward it to anyone you think may enjoy it!

Thank you

Table of Contents04 Audit and Assurance Essentials:

For Professional Accountancy Exams, + Website Katharine BagshawExtract: Chapter 1 - Auditors, audits and other types of assurance and passing the exam first time

24 IFRS and XBRL: How to improve Business Reporting through Technology and Object TrackingKurt Ramin, Cornelis ReimanExtract: Chapter 1 - Introduction to and objectives of IFRS

30 Countering Fraud for Competitive Advantage: The Professional Approach to Reducing the Last Great Hidden CostMark Button, Jim GeeExtract: Chapter 1 - Introduction

38 Frequently Asked Questions on IFRSSteven CollingsExtract: Chapter 1 - What is the Role of the IASB

46 Managing Fraud RiskA Practical Guide for Directors and ManagersSteve GilesExtract: Chapter 1 - Responsibility

66 IFRS EssentialsDieter Christian, Norbert LüdenbachExtract: Chapter 1 - The Conceptual Framework for Financial Reporting

3

4

Audit and Assurance EssentialsFor Professional Accountancy Exams, + WebsiteKatharine Bagshaw9781119968795 • 508 pages • Pbk • Feb 2013 • £45.00 / €54.00 / $75.00

5

1 AUDITORS, AUDITS AND OTHER TYPES OF ASSURANCE AND PASSING THE EXAM FIRST TIME

Covering: The Role of Audit and Other Types of Assurance in the Economy, Account-ability, Stewardship and Agency Theory, the Relationship between Auditors, Manage-ment and Shareholders, Overview of the Assurance Process from Planning to Reporting, the Style and Content of Auditing and Assurance Exams, Study Technique and Exam Technique.

Why do I need to read this section?

Because:

• questions on the nature and purpose of audit and assurance engagements are set regularly;

• of rising levels of audit exemption, particularly in Europe;

• of the important differences between audits, other forms of assurance, and non-assurance engagements;

• there are many misconceptions about audit and assurance which this short section will help you eliminate at the outset;

• there are many misconceptions about effective study, how examiners set papers and exam technique. This section should help you make the best use of the limited time you have to study for this paper.

With the exception of the material on study, exams and technique, all of the informa-tion in this section is covered in more detail in subsequent sections.

What is important in this section?

Understanding:

• that audit is a sub-set of assurance and that all assurance engagements are character-ised by an assessment of the risk of material misstatement;

• the limitations of an audit as well as its benefi ts;

• that compilation and agreed-upon procedures engagements in which practitioners do not obtain any assurance at all are very different to assurance engagements such as audits and reviews.

What sort of questions come up in this area?

Questions regularly set in this area cover:

• the nature, purpose, advantages and disadvantages of an audit;

• the difference between audit and other forms of assurance such as reviews;

c01.indd 3 2/2/13 8:59 AM

COPYRIG

HTED M

ATERIAL

4 Audit and Assurance Essentials for Professional Accountancy Exams

• the difference between assurance and non-assurance engagements, and what type of engagement is appropriate in a given set of circumstances.

How do I stand out from the crowd?

• Distinguish clearly between audits, reviews, other types of assurance, and non-assur-ance engagements.

• Give examples of non-audit assurance to demonstrate your appreciation of its grow-ing importance.

• Use terminology accurately.

1.1 THE NEED FOR AUDIT AND OTHER TYPES OF ASSURANCE

Like it or not, most of us have little choice about letting others manage our assets for us. We hand over our money to companies, banks, pension funds and governments in the hope that they will look after it and use it properly. We need auditors because we want some assurance about this. We want to be confi dent that the companies we invest in, the banks that look after our cash, the pension funds we hope will provide for our retirement and the governments that spend our taxes, will use the money we give them the way they ought to, the way they say they will. We also want to know that the money we donate for the educa-tion of poor people, for example, goes mostly towards school buildings rather than on the salaries of administrators, and we look to auditors for assurance about that, too.

Audit is a type of assurance. All large-scale operations need auditors because their direc-tors need assurance that the assets and resources for which they are responsible are well- managed. Directors cannot always rely on what they are told by the employees who report to them. Employees make mistakes. Even where there are few mistakes, employees natu-rally seek to present their own performance in a favourable light. An independent view is likely to be more objective, accurate and critical. Many large bodies such as universities, hospitals and health authorities as well as companies, banks, government departments and pension funds, have internal audit functions for these reasons. Many of these entities are also subject to independent regulatory oversight and have external auditors, because the people needing assurance are not just their directors, but the people to whom the direc-tors are directly or indirectly accountable. Companies, including banks, are accountable to their shareholders. Banks are also accountable to their depositors to some extent but the position of depositors is generally akin to that of creditors, rather than shareholders. Pension funds are accountable to the trustees who act on behalf of pensioners and govern-ments are accountable to taxpayers and electorates. We are all at different times in our lives shareholders, depositors, taxpayers and pensioners. This means that the entities that man-age our assets are accountable to us. The external auditors we appoint to them, directly or indirectly, report to us on the fi nancial statements that their directors prepare.

Auditors, Management and Shareholders: Fiduciary Duties, Accountability, Stewardship and Agency

External audits of companies are performed because of the separation of the ownership and management of company assets.

c01.indd 4 2/2/13 8:59 AM6

Section 1 – Auditors, Audits and Other Types of Assurance 5

Companies belong to their shareholders.1 Shareholders pay for their shares in the hope that the company will be well-managed, pay dividends from profi ts and that the value of their shares will increase. They need some confi dence in what the company’s manag-ers, i.e. its directors or those charged with its governance, to whom they have entrusted their money, tell them about the company’s performance and position.

Company managers are accountable to shareholders for their stewardship of the company’s assets. They have a fi duciary relationship with shareholders which means that they must act in good faith, for the benefi t of the company and all of its shareholders, rather than running the company for their own benefi t, or for the benefi t of just a few shareholders.

Management accounts to shareholders by preparing fi nancial statements showing the company’s performance, i.e. a profi t and loss account, its position, i.e. a balance sheet, and its cash fl ows.2 If shareholders are dissatisfi ed with how management has performed, they can sell their shares or, if enough of them are dissatisfi ed, replace management.

Companies employ external auditors to report to the shareholders on the fi nancial statements prepared by management.

Auditors report to shareholders on whether the fi nancial statements give a true and fair view of, or present fairly in all material respects, the fi nancial position and performance of the company. The audit report adds credibility to the fi nancial statements.3

Management, not auditors, are responsible for the preparation of fi nancial statements. If the fi nancial statements do not give a true and fair view or present fairly the fi nancial position and performance of a company (the two phrases are deemed to be equivalent), auditors qualify their audit opinion.

Auditors are the agents4 of the shareholders who appoint them, but shareholders rarely disagree with the recommendation of management who also negotiate the auditors’ terms, conditions and remuneration. The payment of auditors by the people they are reporting on creates a potential confl ict of interest. For this reason, professional bodies and independent audit regulators monitor the conduct of audits.

In many jurisdictions, until fairly recently, there were statutory audit requirements5 for all incorporated entities.6 Audit exemption has changed this, particularly in the EU

1 ‘Stockholders’ in some jurisdictions.2 Financial statements also usually include a statement of changes in equity. 3 In some jurisdictions, auditors report to directors as well as, or instead of, shareholders. The

phrase ‘true and fair’ is used in the UK. ‘Present fairly’ is used in the USA.4 Directors are also the agents of shareholders, appointed to manage the company’s assets.5 Statutory requirements are requirements created by legislation (law).6 In some jurisdictions a large number of incorporated entities such as companies were created

because of an advantageous tax regime. In others, businesses are more likely to be constituted as partnerships or other unincorporated associations for the same reason. There is now a level of uniformity within the EU because of European company law. It provides for two basic

c01.indd 5 2/2/13 8:59 AM7


where the vast majority of companies are exempt from audit requirements based on their size.7 However, audits of smaller entities continue for several reasons. In family-owned companies, most of the shareholders may also be directors who are actively involved in the day-to-day running of the business. Owner-managers do not need audi-tors to report to them on their own performance. Other shareholders, however, who are not involved in the business, may want an audit. Some smaller companies are required to have an audit despite the fact that they fulfi l the size criteria for exemption, because of the public interest considerations arising from the fact that they operate in the banking, insurance or other fi nancial services sectors, to which special requirements always apply.

The position described above is the UK position. It is similar to the position elsewhere in Europe because all EU Member States are subject to EU audit legislation.

The position in the USA is somewhat different. In the UK and Europe, company audit requirements are in legislation. There are no statutory audit requirements in the USA. Audits are required by the Securities and Exchange Commission (the SEC), a securities regulator, for entities whose securities are listed on the exchanges it regulates, such as NASDAQ and the New York Stock Exchange (NYSE). Auditors in the USA generally report to directors as well as stockholders and the purpose of assurance is to promote the orderly and effi cient running of the capital markets.

Assurance and Risk

Audits of historical fi nancial information benefi t existing and potential owners of companies by reducing the risk they take when they invest in companies. Audits also provide assurance to employees, tax authorities, customers and suppliers, lenders, trade unions and governments, all of whom need to know that the company they are dealing with is what it appears to be on paper. For tax authorities, audits reduce the risk of collecting the wrong amount of tax. For employees, audits reduce the risk that they will be employed by an entity that cannot pay them. For customers and suppliers, audits reduce the risk that orders will not be despatched and that invoices will not be paid. For lenders, audits reduce the risk that loans will not be repaid. Audits help

categories of company: private and public. The basic distinction between the two is that pri-vate companies may not offer their shares or debt securities for sale to the public. In France a Société Anonyme or SA is a public company, a Société à Responsabilité Limitée or SARL is a private company. In Germany and other German-speaking jurisdictions, an Aktiengesellschaft or AG is a public company, a Gesellschaft mit beschränkter Haftung or GmbH is a private company. In the UK, a Public Limited Company (Plc) is a public company, a Limited Company (Ltd) is a private company.

7 Size criteria for audit and accounting purposes in many jurisdictions are based on turnover, assets and number of employees. While the criteria for turnover and assets have changed, the criterion for the number of employees has not, and in the EU that number has been 50 employees for a small company for many years. These limits are dealt with in more detail in section 9.

c01.indd 6 2/2/13 8:59 AM8


maintain the quality of fi nancial information on the public record used by government and trade unions in collective negotiations between employer, employees and govern-ment representatives. In these ways, the assurance provided by audits contributes to the proper functioning of the economy and society as a whole, as well as benefi ting shareholders.

Different Types of Assurance

Audit is only one type of assurance, but it remains the most widely recognised. For exam purposes, the most important distinctions are between:

• reasonable assurance engagements, such as audits of historical fi nancial information in which the practitioners’ (auditors’) conclusion is in the form of a positive audit opinion;

• limited assurance engagements, such as reviews of historical fi nancial informa-tion which consist primarily of inquiries and analytical procedures, in which the practitioners’ conclusion is expressed in negative terms, on whether anything has come to their attention to indicate that the fi nancial statements may be materially misstated;

• engagements which do not involve assurance, such as compilation engagements, in which practitioners compile fi nancial information from information supplied, often referred to as accounts preparation engagements, and agreed-upon procedures engagements in which practitioners report on the factual fi ndings of procedures they have agreed to perform.

It is important to note that the core work of practitioners in many jurisdictions con-tinues to be accounts preparation, tax and audit work, despite the fact that much of this work is now automated. Changes in recent years mean that fi rms are no longer restricted to this type of work though, and an increasing number of smaller fi rms now specialise in providing business and systems advice. Nevertheless, all businesses, espe-cially small businesses, are likely to continue to need professional help to comply with regulatory requirements for the foreseeable future.

In both compilation engagements and audit engagements, the fi nancial statements, including the underlying assumptions and signifi cant judgements made, remain the responsibility of the client.

The proprietors of many businesses assume, perhaps understandably, albeit mistakenly, that good quality accounts preparation software means that they can dispense with the services of a professional accountant. Professional accountants sometimes lose clients who decide either to prepare their own accounts, or to employ cheaper accountants without professional qualifi cations, only to have the client return after a few years when things have gone wrong. Rightly or wrongly, the level of technical expertise and professional judgement required to prepare even a simple set of fi nancial statements in many jurisdictions is greater than is often expected.

c01.indd 7 2/2/13 8:59 AM9


The benefi ts of employing a professional accountant to prepare accounts or perform an audit include the fact that professional ethics require practitioners to avoid being asso-ciated with misleading information. Professional ethics also require that practitioners be objective in the case of accounts preparation engagements, and independent in the case of audit engagements. Professional accountants are subject to regulation and dis-ciplinary arrangements and are accountable for the quality of their work not just to the client, but to a professional body and in some cases an independent regulator.

Assurance can be obtained on non-fi nancial information such as the effectiveness of internal controls and greenhouse gas statements, and on forward-looking information such as profi t forecasts and projections, as well as on historical fi nancial information. Different types of assurance are discussed further in section 8.

The Purposes, Benefi ts and Limitations of Audit

The purpose of an audit is to enhance the confi dence of intended users in the fi nancial statements.8

The objectives of auditors are to obtain reasonable assurance about whether the fi nan-cial statements are free from material misstatement and have been prepared in accord-ance with the fi nancial reporting framework.9

The benefi ts of an audit include:

• reducing the risk of management bias, fraud and error;

• enhancing the credibility of fi nancial information through auditor independence and expertise so that:

– customers and suppliers can confi dently do business with the audited entity and banks and others can lend to it;10

– markets can allocate capital effi ciently;

• the recommendations auditors can make for improvements to internal control;

• the fi nancial discipline imposed by an audit which helps companies grow.

The inherent limitations of an audit include:

• the fact that 100% testing cannot be performed;

• human error in the selection, performance and evaluation of audit procedures;

• time and cost constraints which mean that audit evidence is persuasive rather than conclusive;

8 ISA 200 on overall objectives, paragraph 3.9 ISA 200 on overall objectives, paragraph 11.10 For very small businesses, audited fi nancial statements are less important to banks lending to

them than the security provided by attaching charges to personal and business assets, such as directors’ homes, land and buildings, inventory and receivables.

c01.indd 8 2/2/13 8:59 AM10


• the inherent limitations of internal controls, which include the possibility of manage-ment override of controls, and fraudulent collusion in which employees collude to misappropriate assets and falsify the related records to cover it up;

• the inherent limitations of fi nancial reporting, which include subjectivity and the need to exercise judgement in calculating estimates such as depreciation and allow-ances for bad debts.

An audit is not always in the best interests of a company, or even possible. Audits are not cheap. A compilation engagement may suffi ce if the association of a well-regarded practitioner with the fi nancial statements is all that is required. Certain conditions must be met for any assurance to be obtained and, if they are not, audits and reviews cannot be performed. The criteria for assurance engagements are further discussed in section 8.

The Assurance Process

Audits, reviews and other reasonable and limited assurance engagements all broadly follow the same overall process.

Acceptance and planning Before accepting any assurance engagement, practitioners must ensure that they have complied with ethical and quality control requirements. Ethical requirements demand that they independent of the entities on which they report and competent to perform the engagement. There must be no confl ict of interests with existing clients and man-agement must not lack integrity. Quality control requirements demand that the fi rm has in place procedures to ensure that assurance engagements are conducted in accord-ance with professional standards, by having proper methodologies, human resources procedures and training, for example. They also require the supervision and review of work on individual engagements. If the engagement is a new one, the fi rm must com-plete the protocols for changes in professional appointment and make inquiries of the previous practitioner about whether there is any reason the engagement should not be accepted.

Administrative requirements include the need to issue an engagement letter and liaise with third parties involved in the engagement such as internal auditors, fi rms appointed to other group companies, and any experts. Timetabling and allocation of staff are sub-stantial exercises for large engagements, particularly where there are tight reporting deadlines for large listed entities.

Commercial considerations are always relevant. Has a reasonable fee been negotiated? Is the client able to pay? Firms may perform credit checks using credit rating agencies, like any other business extending credit to a new customer.

Risk assessment by understanding the business All assurance engagements involve risk assessment. Risk assessments for reasonable assurance engagements involve extensive analysis of the risks associated with internal control, where appropriate. They go further than assessments for limited assurance engagements in which the risk analysis will only extend to determining the risks of material misstatement.

c01.indd 9 2/2/13 8:59 AM11


Evidence-gathering For reasonable assurance engagements, evidence-gathering involves responding to the assessed risks with tests of control and substantive procedures. Substantive procedures consist of tests of details and analytical procedures.11

Reporting

RA: True and fair, or presents fairly in all material respects

LA: Nothing has come to our attention to indicate that the information may be materially misstated

Finalisation

Written representations, subsequent events and going concern reviews

Evidence-gathering

RA: Substantive procedures and tests of controls responding to the assessed risks

LA: Inquiries, analytical and other procedures responding to the risk of material misstatement

Risk Assessment by Understanding the Business

RA: Full risk assessment and response LA: Assessment sufficient to identify areas that

may be materially misstated

Engagement Acceptance and Planning

Ethics, quality control, administration Commercial considerations

RA = reasonable assurance engagements

LA = limited assurance engagements

Figure 1.1 Overview of the assurance process

11 Tests of details involve checking individual transactions such as invoices, and balances such as receivables. Analytical procedures involve the analysis of aggregated data, such as review of expenditure on a monthly basis.

c01.indd 10 2/2/13 8:59 AM12


In limited assurance engagements, evidence-gathering involves addressing the risks of material misstatement with inquiries, analytical and other procedures as appropriate. There is much less emphasis on internal control and practitioners do not seek to verify or substantiate responses to queries in the way that they do for reasonable assurance engagements.

FinalisationThe areas covered when fi nalising an assurance engagement include:

• written representations which are required to confi rm that management acknowl-edges its responsibility for the information reported on and for the systems underly-ing it. Representations also confi rm that all relevant information has been provided to practitioners. They confi rm management assertions and support other evidence in material areas such as the key assumptions on which signifi cant estimates are based;

• subsequent events reviews which are performed after the period-end. Some subse-quent events, such as a signifi cant bad debt or the acquisition of a signifi cant new business shortly after the period-end, may require adjustment or disclosure in the information reported on.

Assurance Reports

Assurance reports generally include:

• a title and addressee such as, ‘Independent auditors’ report to the shareholders of XYZCO;

• an introductory paragraph identifying the information reported on, such as the fi nan-cial statements prepared in accordance with IFRS, often referring to page numbers;

• the responsibilities of management for the information and the assumptions on which it is based;

• the practitioners’ responsibilities to conduct the engagement in accordance with ethical and quality control requirements, auditing or other relevant standards and a summary of the work performed;

• a conclusion in the form of either an opinion on truth and fairness/fair presenta-tion in a reasonable assurance engagement, or, in a limited assurance engagement, a conclusion on whether anything has come to the practitioners’ attention to indicate that the information is materially misstated;

• a signature, date and location.

In the UK, the requirement that all fi nancial statements give a ‘true and fair view’ was fi rst introduced in the Companies Act 1947 and amended the former phrase ‘true and correct’. The phrase ‘presents fairly in all material respects’ is more commonly used in the USA.

c01.indd 11 2/2/13 8:59 AM13

14


The ‘true and fair view’ is enshrined in the European Community’s Fourth Directive which sets out the form and content of company accounts.

What an Audit is Not: Common Myths about Auditing and Financial Reporting

An audit is not a guarantee that the fi nancial statements are not materially misstated. The audit opinion is just that, an opinion.

Auditing standards recognise that a properly performed audit may not detect a mate-rial misstatement, because of the inherent limitations of an audit, internal controls and fi nancial reporting. Audit risk is the risk that an unmodifi ed audit opinion is issued where a modifi ed one is appropriate. That risk can be reduced to a quantifi able and acceptable level, but it cannot be eliminated altogether.

Some corporate collapses are the result of management fraud, but most arise from some combination of a lack of profi tability, an inability to manage cash fl ows or exces-sive debt. They are rarely, if ever, caused by auditors.

A Short History

Audits and auditors have been around for a long time. An auditor is someone who hears or listens. The Latin root of the word auditor is auditus, meaning ‘a hearing’. Historically, senior estate staff were said to hear accounts of the management of medieval estate assets and report back to landowners. Modern auditors came into being when companies and corporations started to proliferate in the UK, USA and elsewhere in the 19th century.

Modern companies in the UK and corporations in the USA and elsewhere are artifi cial legal persons. They exist in their own right independently of their directors and owners (their shareholders or stockholders). Companies and corporations have rights such as limited liability and obligations such as the requirement to prepare fi nancial statements and, in some cases, to have them audited.

In the UK, the Joint Stock Companies Act 1844 and the Limited Liability Act 1855 facilitated collective investments in the risky, diverse and large-scale projects of the industrial revolution such as mines and railways, often overseas. The propensity of some promoters of such projects to overstate their prospects to impressionable inves-tors, together with the need for stocks and shares12 in such entities to be properly priced and traded in well-ordered markets, led to the development of the stock markets, secu-rities legislation and companies legislation. The basic system of company registration introduced in the mid-1800s is still in place in the UK. The forbears of the professional accountancy bodies and fi rms were founded in the late 19th and early 20th centuries in the UK and the USA.

12 In the UK, investors in companies hold shares. In the USA, investors in corporations hold stocks. There is little now to distinguish between the terms ‘stocks’ and ‘shares’. US business terminology is more conservative than its UK equivalent and the term ‘company’ in the USA can refer to a partnership or other unincorporated association, as it once did in the UK. Shares in the UK are traded not on London’s Share Exchange but on its Stock Exchange.

c01.indd 12 2/2/13 8:59 AM

15


Prior to the 1844 Act, corporate bodies such as companies and corporations could only be formed by Act of Parliament or Royal Charter or other mechanisms designed for large institutions and groupings such as ecclesiastical institutions, universities, hospitals, cities, guilds and professions. The British East India Company was granted a Royal Charter in 1600. The Dutch East India Company was chartered in 1602 by the States-General of the Netherlands. Both were granted trading monopolies and administra-tive powers. Much general trade in goods and services in the UK and elsewhere in the world was transacted by individuals and unincorporated associations until the mid-19th century. This was administratively cumbersome because any legal or other action by the association had to be conducted in the joint names of all those involved.

Industrialisation and the development of company law in the UK and securities legisla-tion in the USA in the late 19th and early 20th centuries changed all of this. Modern audit requirements vary enormously from jurisdiction to jurisdiction. We have seen that in the USA there is no statutory requirement for the audit of any entity and that only those with debt or equity securities listed on a US exchange are required to have an audit. By contrast, in some European countries all incorporated entities, regardless of size, are still subject to a statutory audit requirement under company law. Some jurisdictions, including some in the former Soviet Union, have introduced audit require-ments conducted under international standards for the fi rst time only fairly recently.13 Some former European colonies in Africa and Asia still follow the practices of the old colonial power, but this is changing.

1.2 PASSING THE EXAM FIRST TIMEAuditing and Assurance Exams and Study Technique

Auditing and assurance present nothing like the intellectual challenge of accounting for deferred tax, fair values, or complex fi nancial instruments, but some very bright people struggle with auditing and assurance exams. There are four ways to avoid this struggle:

• respect the paper: auditing and assurance exams usually have more words than num-bers. Some students leave revision for the paper until the last minute, spending more time on other papers that are genuinely more diffi cult. Auditing is not rocket science but it does require time and effort and it cannot be picked up overnight, don’t under-estimate it;

• question practice and more question practice: many students overdo rote learning at the expense of question practice. We learn how to sail by messing around in boats. To become a better mountaineer, it is necessary to climb a few mountains. Reading books about sailing and climbing will help, but they are no substitute for the real thing. To pass auditing and assurance exams, it is necessary to practice questions. Most students who struggle with auditing and assurance exams are not lazy, but their efforts are sometimes misdirected and altering the learning/question practice ratio in favour of the latter always helps;

• better exam technique: poor exam technique is probably the least common reason for failing auditing and assurance exams, but it can be important. No matter how

13 Tax audits are still required in many jurisdictions.

c01.indd 13 2/2/13 8:59 AM

16


well you answer questions 1 and 2, in almost all cases, it is virtually impossible to pass the paper if you do not attempt questions 3 to 5. A very small minority of stu-dents have handwriting that is so poor as to be illegible where handwritten papers are submitted but many students irritate markers with untidy handwriting, and it is generally better not to irritate your marker if you can avoid it.

• ‘. . . my English lets me down’, is a common worry among students whose fi rst language is not English. It is almost always nonsense. If students make it as far as taking the exam, the quality of their written English is rarely, if ever, the problem. It is important to note that the correlation between oral and written skills is not always as close as might be expected. Some students who do not speak English particularly fl uently are very articulate in writing. The fact that you cannot speak English as well as you would like does not mean that you cannot pass an auditing and assurance exam.

Markers rarely see truly incomprehensible exam scripts and those that are, are usu-ally written by students whose fi rst language is English. It is much more common for exam scripts simply not to have enough in them for a pass, and this is true regardless of whether the student’s fi rst language is English.

Some accountancy students with a business, scientifi c or technical background fi nd it diffi cult to articulate their thoughts and written papers can present a signifi cant chal-lenge. It is no exaggeration to say that some of the brightest students have problems in this area. It is often less the result of an inability to write well, and more a lack of confi dence and practice. Students appearing to struggle with a question, when asked to express the answer verbally, are sometimes very well able to do so but have a mental block when it comes to writing it down. The appropriate advice in such cases may simply be to ‘write down what you are thinking’, or ‘write down what you have just said’. Such students need to be strongly encouraged to write things down, because question practice is not just ‘helpful’, it really is essential to passing the exam fi rst time;

• good material and good teachers: there is a small amount of very poor study mate-rial around, a great deal of indifferent material and some very good material. It all claims to be the best. Give yourself a chance and use the best you can fi nd and trust your own judgement. Read a bit of it and see. Does it make sense? Is it hard to read? Time spent trying to learn from excessively detailed materials that cover the syllabus but do not explain it, is time lost. If the study materials you have been using have not worked for you, use different material. The same considerations apply to tuition providers.

Some students fail auditing and assurance exams repeatedly, by just a few marks. The cause is almost always some combination of the factors listed above. Re-sitting audit-ing and assurance exams is avoidable.

Practising questions It is always a great deal easier to read the book than it is to try a question but the key to passing auditing and assurance exams is practising questions, in full, under exam conditions. There are two reasons for this. Firstly, it makes neurons fi re and

c01.indd 14 2/2/13 8:59 AM

17


establishes good thinking habits. Secondly, you learn from the answer. It does not matter how badly you do, provided you try the question without looking at the answer, giving it a decent amount of time, and then underline the elements of the answer you missed, and write or paste them into your own answer. The fact that you may never look at the question again is of no importance. The action of writ-ing or pasting the missed material into your own answer means that when you next encounter something similar, you are much more likely to remember what you missed.

No study material can cover all of the material in every possible exam. Learn from the answers to questions, particularly past exam questions, as well as the study material. There are many past papers together with answers freely available on the examining bodies’ web-sites; use them.

Different types of questionQuestions come in many shapes and sizes.

Short form questions generally need answers in note form only; no marks are awarded for writing in full sentences. This type of question does need practice though because short form answers can degenerate. Markers sometimes have to decide whether the student really understands the point and deserves a mark, but has simply failed to articulate it clearly, in which case half a mark may be appropri-ate, or whether the student simply doesn’t understand and is perhaps trying to hide the fact by being cryptic.

Consider the following part response to the question, ‘. . . give examples of require-ments relating to long service applicable to key audit partners’:

(a) ethical prohibitions on engagement partners serving PIE audit clients for over 7 years;

or

(b) professional ethical requirements force staff on audit clients to change so as to avoid long service

The latter point is long on form but has little content. Despite its length, it will probably attract fewer marks than the former. The former is more specifi c in that it refers to engage-ment partners rather than staff, and does not simply repeat information in the question. It gives a time period rather than simply referring to long service and it refers to PIEs rather than audit clients generally. Even if the fi gure given in the fi rst point was wrong, more credit might be given for this than for simply referring to long service. The second point uses three words in referring to professional ethical requirements and uses the term ‘change’, which is correct, but the term ‘rotate’ would be better because that is the term used in IESBA’s Code.

Letters, reports and briefi ng notes: if letters, reports or briefi ng notes are asked for, the for-mat alone will often attract marks. Students sometimes waste an extraordinary amount of time trying to think of amusing names for companies or individuals which, unfortunately, can irritate markers. It is much better, albeit not as much fun, to stick with an established format and a set of names and addresses for where they are not provided in the question.

c01.indd 15 2/2/13 8:59 AM

18


Letters need to look something like this:

Benco Inc Vinco Partners 1, High Street 2, High Street Upton UptonMidshire 67467 Midshire 67767

5 March 20XX

Dear Mr X/John [Salutation appropriate to the relationship – if in doubt, be formal]

Proposed Services for Benco Inc [Subject matter]

Thank you for coming into the offi ce last week to discuss your requirements. I have great pleasure in setting out below the different types of services we are able to offer. I also sug-gest below which of those service might be appropriate to your specifi c circumstances. [Brief, polite formalities]

[Brief summary and conclusions/recommendations if appropriate]

Details of the [subject matter] are included in appendix 1 to this letter

Appendix 1

Reports need to look something like this:

Title: Vinco Partners – Developing Criteria for Engagement Quality Control Reviews

Report to: the Partners of Vinco

Partners’ meeting date: XX/YY/20XX

Prepared by: D Fraser, K Smith

Principal Conclusions and Recommendations

The fi rm is required to develop a policy for the performance of Engagement Quality Control Reviews (EQCRs) for audit clients other than listed entity audit engagements.

We recommend that EQCRs be conducted for the following audit clients [Main headings of report]

• all entities in the fi nancial services sector;

• entities with not-for-profi t status where revenue exceeds $XXX;

Time and cost budgets for the performance of EQCRs in the fi rst year are expected to be. . . .

c01.indd 16 2/2/13 8:59 AM

19


Briefi ng notes need to look something like this:

Detailed Recommendations/Findings/Methodology

Background

We are a growing fi rm. . . .

1. Entities in the fi nancial services sector

We currently have 16 clients in this sector ranging from. . . .

2. Not-for-profi t entities

We currently have a large number of smaller not-for-profi t entities but very few are audit clients. . . .

Time and cost budgets

The principal assumptions underlying the calculations set out in appendix 1 are as follows. . . .

Appendix 1

Title: Briefi ng Notes for Audit Team Members Not Present at the XX/YY/20XX Planning Meeting for the Audit of Timco for the period-ended. . . .

Subject: Discussion of the susceptibility of the fi nancial statements to material misstatement arising from fraud and error

Date: XX/YY/20XX

Prepared by: T Evans

Summary of conclusions: the initial assessment of the risk of material misstatement due to fraud in prior years has been LOW, due to the high quality of the control environment and despite some signifi cant high risk areas. In the current year . . .

Considerations relevant to the assessment

• The fi nancial statements consist of a balance sheet, statement of comprehensive income, cash fl ow statement and statement of changes in equity. An unmodifi ed audit opinion was issued . . .

• Signifi cant risk areas in prior years have included: poorly controlled overseas subsidiaries, complex fi nancial instruments . . .

• The overall control environment has been assessed as good in the past but there have been signifi cant changes in management during the year . . .

• Etc.

c01.indd 17 2/2/13 8:59 AM

20


What do I do if . . .?

• The question seems to want the same information twice: it is acceptable to repeat yourself across two different questions, but it is not acceptable within one ques-tion. If in doubt as to where within a question to include material, include it at the fi rst possible point and then refer to it the next time it seems to be relevant. The mark allocation might give some indication as to where the material fi ts best.

• The question has something in it that I can’t fi nd a use for in the answer: tutors spend a lot of time persuading students to answer the question that is set, rather than the question the student thinks should have been set, but sometimes it seems impos-sible to use what appears to be background information. If you really cannot fi nd a use for it, maybe it is just background information. For example, the introduction to some questions refers to the name of the relevant ISA. Generally, this is genuine background information. It does, of course, mean that no credit will be given for mentioning the name of the ISA in the answer. If a question does not mention the name of an ISA, it might be appropriate to refer to it in an answer but it is unlikely that much credit will ever be given for doing so.

• I seem to be stating something really obvious: some questions seem to want you to make some very simple observations, such as the fact that profi ts have risen in analytical procedures questions. If the question asks you to comment on profi ts, you do need to make the observation, but you also need to explain its signifi cance. It is perfectly acceptable to guess what the signifi cance might be, but if you really have no idea, you should still make the observation.

• The question asks for three examples and I’ve got four: ask yourself whether you really have four, or whether two are just different aspects of the same point, and whether you can make them together as one point.

• The question asks for three examples but I’ve only got two: have you really only got two? Are there perhaps two elements of one example that can be separated out? If you really only have two, don’t say the same thing twice just to make three points because it is usually very obvious and, once again, it irritates markers.

Syllabus coverage: there is far too much to learn! All of the professional bodies revise their syllabuses regularly. Standard-setters are in the business of setting and revising standards. These revisions are often described as radical, but real change is slow. Basic questions on the audit of income, expenditure, property, plant and equipment, inventories, receivables, cash, bank, payables and long-term liabilities have been set in much the same way for many years, and continue to be set, because they remain relevant.

Examiners cannot cover the entire syllabus in one paper, but most attempt to cover it over a series of papers. This means that if an area that is not often examined came up last time, it is less likely to come up this time. If an area that is often examined has not come up for some time, it is more likely to come up next time. It really is worthwhile looking at past papers on the examining body’s web-site to form your own opinion on what might come up. Examiners occasionally examine the same obscure area in quick succession, in

c01.indd 18 2/2/13 8:59 AM

21


an attempt at raising awareness of something they think needs more attention because students did very badly in it the fi rst time round. Many examiners also have their ‘pet’ subjects, which is another reason for looking at what has come up recently.

In a perfect world, with unlimited time to revise, students would go into an exam hav-ing thoroughly revised all areas for all papers. Working all areas in detail is ideal but most students simply will not do this. Some hard decisions have to be made about what to cover in detail, what to skim and what to leave out altogether.

Most students try to work the key areas in some detail and have an overview of the other areas. Working key areas in a lot of detail and ignoring other areas completely is another approach and it can work, but it is risky because it limits the number of ques-tions students can attempt in the exam.

Students who choose unpopular questions stand out. Unlike many other exams, there is scope in marking auditing and assurance exams for the exercise of judgement, and for giving or withholding from the student the benefi t of the doubt. Markers try not to reward students who attempt unpopular questions disproportionately, but there are fewer candidates to compare the student against, which may work in the student’s favour. This is one reason for attempting such questions but if you really know very little about an obscure area, it is probably best avoided if possible. It is better to scrape a pass on a question that everyone tries, than to fail, marginally, an obscure one!

For a variety of reasons, not all auditing and assurance standards are clear. Occasionally an error has been made, but this is very rare. Sometimes a matter is deliberately left unclear when members of a standard-setting board cannot agree, and a standard needs to be issued. Everyone goes away thinking that their position has been accommodated. Examiners tend to avoid these areas.

No more knowledge-based questions? From time to time, professional bodies and the bodies that regulate them announce that there have been too many knowledge-based questions and not enough emphasis on higher-level skills, especially application skills. The rationale is that rote learning is not just lazy, but unnecessary because professional ethics and auditing standards are all available online, and many exams are conducted on an open-book basis. Students cannot apply what they do not know, though, and they cannot apply what they do not understand. Some basic knowledge is essential and it is still impossible to pass audit-ing and assurance exams without it.

Terminology On the face of it, much of the terminology used by auditors about audits and assurance seems to be straightforward, but it should be treated with care. Many of the words used, such as ‘independence’, ‘review’ and ‘assurance’ have one meaning in ordinary English as well as a technical meaning in the context of auditing and assurance. It is important to understand and use the technical meaning properly. This is one of the reasons that some students underestimate auditing and assurance papers.

c01.indd 19 2/2/13 8:59 AM

22


Having a life There is nothing mysterious about passing auditing and assurance exams. No magic wand is required. All that is required is a plan to get through the material in the time period allotted, and a modicum of discipline in sticking to the plan. Easier said than done, of course, but not that hard. Boredom is a problem and managing distractions can be important. Getting friends and family into the habit of leaving you alone for two hours three evenings a week may be hard, but it can be done. Harder still is getting yourself into the habit of staying away from Facebook, emails, texts and TV on a regu-lar basis, but even that can be done. If you cannot face going back to the same room to study, do it somewhere else, but not somewhere with a TV. Try moving the furniture around. If your desk faces a window, turn it to the wall. The alternative is living in a permanent state of anxiety about how much work you have not done!

Exam Technique

In the exam centre:

• if you can, answer the questions on the paper in reverse order. It means you are out of synch with everyone else and will not be distracted by what they are doing. Alternatively, just do the easiest question fi rst to give yourself confi dence, but be strict with the amount of time you spend on it;

• remember that if you are submitting a handwritten paper, poor handwriting irritates markers and you want to make the marker’s life easy. Really clear handwriting is unusual and makes an exceptionally good impression;

• split answers up into manageable chunks that the marker can tick, but don’t do so artifi cially because it is usually very obvious;

• highlighting and underlining can also irritate markers and are sometimes prohibited;

• answer the question set, not the question you think should have been set;

• take the easy marks: if the question asks for a letter, prepare a letter. If it asks for a report, include a title, an executive summary, a description of the work per-formed, etc. If brief notes are asked for, no marks will be available for anything more;

• keep on writing: exams are sometimes deliberately set so there is insuffi cient time to answer all questions on the basis that real life is like this, but there will always be questions you struggle to answer. Think about what the examiner is really looking for, but remember that if you do not write anything, you cannot earn marks. If you write something, it might earn marks.

In the vast majority of cases, examiners are looking for a very small amount of knowl-edge, but mostly for a lot of imagination in applying that knowledge to a given scenario.

It is impossible to memorise a complete list of tests of controls and substantive pro-cedures, and all of the fi nalisation procedures for audits, reviews, compilation and agreed-upon procedures engagements, but students sometimes appear to believe that that is the right thing to do. Even the most experienced audit partners cannot do this, but what practice and experience does enable them to do is to come up with a lot of

c01.indd 20 2/2/13 8:59 AM

23


examples. Auditing and assurance exams are often the fi rst stages of that experience and students should have confi dence that what they invent, or make up in terms of tests, has value.

Section essentials: what you need to remember

• Why assurance is needed.

• The overall assurance process.

• The meaning of the terms stewardship, agency and accountability.

• The benefi ts and limitations of an audit, and alternatives to audit.

• The differences between audits and reviews.

• That you have bigger battles to fi ght than passing auditing and assurance exams! Make sure you get through them fi rst time.

c01.indd 21 2/2/13 8:59 AM

IFRS and XBRLHow to improve Business Reporting through Technology and Object TrackingKurt Ramin, Cornelis Reiman9781118369739 • Hbk • 752 pages • Feb 2013 • £45.00 / €54.00 / $75.00

24

15

1INTERNATIONAL FINANCIAL REPORTING IS ON THE MOVE, and

common world-wide business and fi nancial reporting formats are develop-ing. The recent so-called global fi nancial crisis emphasises the need for fi nan-

cial reporting standards. In effect, International Financial Reporting Standards can be a precursor and an example for a much needed global framework for fi nancial and legal standards.

The goal of the IFRS Foundation (IFRSF) is to develop a single set of high-quality, understandable, enforceable and globally accepted fi nancial reporting standards based upon clearly articulated accounting principles.

As of 2005, the European Union (EU) requires all publicly traded entities in member states to prepare their consolidated fi nancial statements under IFRS. These accounting standards may differ signifi cantly from the US-based Gener-ally Accepted Accounting Principles (GAAP) previously applicable.

More than 150 countries now require the application of IFRS in one form or another. The International Accounting Standards Board (IASB) and the US Financial Accounting Standards Board (FASB) are actively pursuing con-vergence projects. China, India, Japan and other countries have been agreed upon convergence. In May 2012, the Pan African Federation of Accountants

CHAPTER ONE

Introduction to and objectives of IFRS

p01.indd 15 1/16/2013 9:27:38 PM

25

16 ◾ International Financial Reporting Standards (IFRS)

(PAFA) – representing 34 African nations – made a broad policy resolution to adopt IFRS, IPSAS and ISA.

Once global convergence is completed by the IASB, financial statements will be fully comparable worldwide. Needless to say, accounting and financial reporting changes have an impact on capital markets and on critical financial measures, such as profits, earnings per share, valuation of assets and credit rat-ings. This overview is designed to provide an understanding of the basic issues when people are reporting using IFRS, such as the following:

Corporate

▪ How are business combinations accounted for under IFRS 3? ▪ What further changes are planned regarding measurement, such as the

application of fair value? ▪ How are goodwill and other intangibles accounted for? ▪ How does adopting IFRS in separate financial statements affect distribut-

able profits? ▪ What are the new rules when accounting for pensions and stock options

under IFRS 2?

Banking and capital markets

▪ How are financial covenants affected by moving to IFRS? ▪ What is the impact of IFRS on performance indicators, such as EBITDA

(earnings before interest, taxes, depreciation and amortisation) finance costs, net debt and net worth?

Tax

▪ How is tax affected by adopting IFRS in separate financial statements? ▪ What is the impact of IFRS on de-recognition of financial assets and off-

balance sheet arrangements?

The first section of this chapter provides an overview of the International Accounting Standards Board and its predecessor, the International Accounting Standards Committee (IASC). It explains the history, organisation, structure and funding, and provides a list of key members and thought leaders. In addi-tion, it outlines what the IASB has achieved so far and gives an idea as to where the IASB is heading.

The body of this chapter presents a summary of the individual Interna-tional Financial Reporting Standards and International Accounting Standards

p01.indd 16 1/16/2013 9:27:38 PM

26

Introduction to and objectives of IFRS ◾ 17

(IAS) as originally developed by the IASC. Obviously, for a more detailed discus-sion, the reader should always refer to the original pronouncements (the full set of Standards), which include implementation guidance and the basis for conclusions by the board. A full set of Standards (approximately 3,000 pages) is published annually, in different versions and languages, by the IASB. For electronic updates, see www.ifrs.org.

One of the major accomplishments of the new organisation, the IASB, is the development of standards for small and medium-sized enterprises (IFRS for SMEs). An overview on these standards is provided, too.

Interpretations play an important role in the implementation and use of the standards. They apply to certain sections of the standards and require a highly technical understanding and knowledge of IFRS. In legal cases, where interpretations are involved, it is recommended that the history and exposure drafts for the development of the interpretations are reviewed.

Reconciling differences between existing accounting principles is one of the main topics lawyers must understand. Therefore, reconciling items between US GAAP and IFRS are explained. Of course, regulators play an important role in the enforcement of IFRS. Their international involvement through the IOSCO (International Organisation of Securities Commissions) is important for the future development of the Standards.

Adoption of IFRS has increased dramatically in recent years. It is estimated that more than 150 countries apply the standards in full, or corporate entities in those countries are permitted to use them, or apply them partially. In this regard, the EU can be considered a role model and pioneer in the adoption of IFRS.

At the same time, related and supplemental business and financial report-ing standards are developed by different international organisations, such as the IFAC (International Federation of Accountants), IPSAS (International Public Sector Accounting Standards) and GRI (Global Reporting Initiative). A brief overview of these organisations, and their associated activities, appears in later sections.

It is worth noting that technology is the main driver for globalisation. It plays an important part in the implementation of IFRS. Several tools were devel-oped in conjunction with educational materials, checklists and model financial statements. These are often presented at seminars and conferences.

The localisation of the standards, as facilitated by translation, is another key factor for the adoption of standards. A brief description of the IASB trans-lation policy is provided. Finally, the future application of IFRS is heavily influenced by advances in technology. As in other sectors, such as worldwide

p01.indd 17 1/16/2013 9:27:38 PM

27

18 ◾ International Financial Reporting Standards (IFRS)

logistics, ‘barcoding’ of financial information is now a major topic for discus-sion. Extensible Business Reporting Language (XBRL), based on XML, will bind together all the members of the business reporting supply chain and eliminate re-keying of finance and accounting information. The IFRS – XBRL taxonomy, available in multiple formats and languages, is important in the further adop-tion and development of standards.

Jointly with the US FASB, the IASB has a heavy Work Plan and related guidance, such as new presentation formats and management commentary.

At the end of this book, the reader can find lists of helpful resources, such as checklists, references to publications, websites and abbreviations. In the next chapter we look at the importance of IFRS to business.

It is also noteworthy that, associated with IFRS material throughout this book, in relation to all images, abstracts, screenshots and related text, the following applies: Copyright © 2012 IFRS Foundation. All rights reserved. Reproduced by John Wiley & Sons, Ltd with the permission of the IFRS Foun-dation. No permission is granted to third parties to reproduce or distribute.

p01.indd 18 1/16/2013 9:27:38 PM

28

Countering Fraud for Competitive AdvantageThe Professional Approach to Reducing the Last Great Hidden CostMark Button, Jim Gee9781119994749 • Hbk • 208 pages • Feb 2013 • £34.99 / €42.00 / $60.00

30

31

JWBK572-c01 JWBK572-Gee Printer: Yet to Come December 25, 2012 19:43 Trim: 229mm × 152mm

1

Introduction

In an era of tighter budgets and more competitive markets, organisationsare looking for innovative ways to reduce costs and increase profits.Many strategies and innovative ideas have been pursued and advocatedby gurus, from contracting out to flatter management structures. Much ismade of their potential to achieve what is often described as ‘competitiveadvantage’.1 Business schools in universities around the world are fullof academics who advocate lots of ways to achieve this. One measure,however, has not been on the ‘radar’ of the vast majority – investing inmeasures to counter fraud. This is largely because fraud is a hidden cost.Frequently it is not measured, or it is gauged using detected fraud losses,which hide the true costs. This book will show that it is reasonable toassume that in most organisations fraud losses are around 5 per cent,something ACFE, through less valid research, have been showing forsome time.2 Now consider 5 per cent of the procurement budget or pay-roll in your organisation; in most cases that would amount to a significantsum of money. The good news is that there are measures to substan-tially reduce this, and the application of appropriate methods can reap30 per cent plus reductions in fraud losses. This can be done relativelycheaply, thus producing returns on investment of 12 × or more.3 Thisbook will outline a model to achieve this: the professional approachto reducing fraud – the last great hidden cost – to reap competitiveadvantage.

There are lots of books on the market which tell you how to prevent orinvestigate fraud. Some of these are very good. However, they all missone obvious point – fraud is a business cost like staff, capital, marketingetc. All organisations suffer from fraud, even if they think they don’tbecause there have been no detected frauds. Most frauds by their natureare undetected, and fraud costs money. Because of the lack of accuratemeasurement, it is the last great cost many organisations unknowinglyhave, which could also be substantially reduced. In the commercialsector this could reap a competitive advantage, and in the increasinglyfinancially strained public sector, it could stave off cuts in services.Countering Fraud for Competitive Advantage (CFCA) therefore offers

COPYRIG

HTED M

ATERIAL


Introduction 3

so they are unable to move, amongst many others. Indeed in Americaan article on the impact of the recession found that:

� More than half the adult workforce has experienced a ‘work-relatedhardship’ of unemployment, a pay cut, reduction in working hours oran involuntary move to part-time employment;

� Over 70 per cent of Americans over the age of 40 have been affectedby the economic crisis;

� The net worth of the average American household has shrunk by20 per cent;

� Long-term unemployment is at the highest levels since the 1940s; and� 20 per cent of Americans have seen a 25 per cent or greater reduction

in household income.4

Consider some of the impacts on the UK which have been noted:

� Around 1.2 million local government workers have experienced a payfreeze for three years, which amounts to a 15 per cent pay reductionin real terms;5

� From 2011, UK public sector workers were told to expect pay risesof no more than 1 per cent for two years with 710,000 workers to losetheir jobs by 2017;6

� Since the recession began, unemployment in the UK has risen from1.61 million in December 2007 to 2.67 million in December 2011 –an increase of over 1 million;7

� All this has occurred at a time when inflation has regularly beenbetween 3 and 5 per cent; and8

� A study for the Yorkshire and Clydesdale Banks has also claimedthat 2 million families feel under strain due to financial and moneyworries.9

Consider how many of your staff and families might be experiencingsome of the above. Most will not turn to fraud as a consequence, butsome will.

CFCA, however, will set out a holistic strategy to counter fraud whichhas been shown to produce a 12 to 1 return on investment.10 Fraud lossescan be reduced at a very reasonable cost and those saved resources canbe used to enhance profitability in the commercial sector, or be investedin frontline services in the public and not-for-profit sectors.

This book is aimed at those who run organisations and want them tobe more financially healthy and stable. It is aimed at those who directlyundertake counter-fraud work and who want to be more effective and


2 Countering Fraud for Competitive Advantage

more than a book on how to prevent and investigate fraud. It offers acompletely new way of looking at the problem and a holistic model forcountering it.

There are some organisations which don’t even compile regular statis-tics on detected frauds, because they are seen as unusual and rare. Othersdo use statistics, but focus on detected frauds. Such measures are flawedbecause many frauds are undetected and many go on for a long timebefore they are detected. Our research shows that average losses fromfraud and error are around 5 per cent. In many organisations this is evenhigher. So consider an organisation with a $100 million turnover: if theyare performing in an average way they could be losing around $5 millionto fraud. Now just answer the four questions below about what you arecurrently doing to counter fraud:

� Do you accurately measure fraud losses?� Do you have an independent hotline which is well publicised to report

fraud and abuse?� Do you pursue measures to develop an anti-fraud culture?� Do you use data-mining and matching to conduct pro-active investi-

gations?

If the answer to any of these is no you are at higher risk of fraud andyou are likely to be above average in fraud losses, so the $100 millionorganisation could be losing well over $5 million to fraud. Similarlyconsider the traits of an organisation at higher risk from fraud from itsstaff:

� Staff with perception that they are poorly paid;� Staff with perception that they have poor conditions of employment;� Staff with high levels of job dissatisfaction;� Large number of staff wanting to leave;� Tolerance of petty crime/fraud; and� Immoral/unethical working practices.

If any of these apply to your organisation you may be at greater riskof fraud. Also consider one of the most common reasons perfectly law-abiding and honest employees turn to fraud: personal financial problems.The USA, UK and many other countries are in the midst of one of theworst recessions since the end of the Second World War. This has led tomany people losing their jobs, downgrading to lower-paid work, havingto take pay cuts, losing over-time, living in houses with negative equity

32


Introduction 3

so they are unable to move, amongst many others. Indeed in Americaan article on the impact of the recession found that:

� More than half the adult workforce has experienced a ‘work-relatedhardship’ of unemployment, a pay cut, reduction in working hours oran involuntary move to part-time employment;

� Over 70 per cent of Americans over the age of 40 have been affectedby the economic crisis;

� The net worth of the average American household has shrunk by20 per cent;

� Long-term unemployment is at the highest levels since the 1940s; and� 20 per cent of Americans have seen a 25 per cent or greater reduction

in household income.4

Consider some of the impacts on the UK which have been noted:

� Around 1.2 million local government workers have experienced a payfreeze for three years, which amounts to a 15 per cent pay reductionin real terms;5

� From 2011, UK public sector workers were told to expect pay risesof no more than 1 per cent for two years with 710,000 workers to losetheir jobs by 2017;6

� Since the recession began, unemployment in the UK has risen from1.61 million in December 2007 to 2.67 million in December 2011 –an increase of over 1 million;7

� All this has occurred at a time when inflation has regularly beenbetween 3 and 5 per cent; and8

� A study for the Yorkshire and Clydesdale Banks has also claimedthat 2 million families feel under strain due to financial and moneyworries.9

Consider how many of your staff and families might be experiencingsome of the above. Most will not turn to fraud as a consequence, butsome will.

CFCA, however, will set out a holistic strategy to counter fraud whichhas been shown to produce a 12 to 1 return on investment.10 Fraud lossescan be reduced at a very reasonable cost and those saved resources canbe used to enhance profitability in the commercial sector, or be investedin frontline services in the public and not-for-profit sectors.

This book is aimed at those who run organisations and want them tobe more financially healthy and stable. It is aimed at those who directlyundertake counter-fraud work and who want to be more effective and

33


Introduction 5

Once an investigation has been completed there is a wide range ofoptions open to an organisation to sanction the fraudster and secureredress. Chapter 8 will show that the traditional criminal sanctions areonly one of many that a fully equipped counter-fraud professional canuse.

Central to this book is making fraud a cost. In Chapter 9 the importanceof this metric, as well as many others, is identified. The chapter examinesthe importance of metrics (or key performance indicators as some callthem) and how they can be created for an organisation. Some of thepotential drawbacks are also explored.

Much of what is advocated in this book could not be undertakenwithout professional counter-fraud staff who possess the appropriateknowledge and skills. They are needed to influence the organisationtowards this professional approach, to develop the strategy, to lead ondeveloping an anti-fraud culture and prevention, to detect and investigatefraud, to pursue sanctions and redress, and to manage performance.Chapter 10 explores the origin of these functions, what they need to doand why organisations should invest in them.

In the final chapter the model is drawn together and reasonable reduc-tions in fraud losses are applied to the leading companies in the world,the USA, UK, France and Germany. The chapter shows the substantialgains in profitability some companies could achieve if they pursued theprofessional approach to countering fraud.

END NOTES

1. See for example Porter, M.E. (2004) Competitive Advantage. New York: Free Press;Briggs, R. and Edwards, C. (2006) The Business of Resilience. London: Demos;Champy, J. and Hammer, M. (1993) Reengineering the Corporation: a Manifestofor Business Revolution. New York: Harper Collins; Hamel, G. and Prahalad, C.K.(1996) Competing for the Future. Harvard: Harvard Business School Press. See alsohttp://www.time.com/time/specials/packages/completelist/0,29569,2086680,00.html for the 25 most influential business books.

2. See ACFE (2010) Report to the Nation on Occupational Fraud and Abuse. Austin:ACFE; and Gee, J. Button, M. and Brooks, G. (2011) The Financial Cost of Fraud.What the data from around the world shows. London: PKF/CCFS.

3. NHSCFSMS (2007) Countering Fraud in the NHS: Protecting Resources forPatients. 1999–2006 Performance Statistics. London: CFSMS.

4. Warner, J. (2010) What the Great Recession Has Done to Family Life. New YorkTimes. http://www.nytimes.com/2010/08/08/magazine/08FOB-wwln-t.html.

5. New Policy Institute (2012) Living on the Edge: Pay in Local Government. Retrieved12 April 2012 from http://www.unison.org.uk/acrobat/5821.pdf.



see greater tangible results. And it is aimed at all those who sufferfrom the cost of fraud currently being too high – shareholders whosecompanies are not as profitable as they might be; employees whose jobsecurity is undermined; taxpayers who do not get the quality of publicservices that they pay for; and those donating to charities where thecharitable purpose is undermined. We all have a stake in fraud beingtackled effectively.

1.1 BOOK OUTLINE

In the next chapter we begin by considering what fraud is; the diversityof it as well as the scale of it. It will show how diverse it can be as well ashow significant a drain it can represent on an organisation. The chapterwill also consider what the impact of fraud on an organisation can be.

In Chapter 3 the book considers the fraudster and the culture offraud. There has been limited interest in fraud amongst researchers, butthe chapter unpicks some of the research to reveal types, profiles andthe motivation of fraudsters. Culture also plays a very important part ininfluencing levels of fraud and this chapter examines some of the factorscontributing to this.

The resilience of organisations and countries to fraud is the subjectof Chapter 4. The chapter shows that resources and attention on fraudat a national level is often lacking. This is also often replicated inthe strategies to counter fraud. Data on the quality of organisations’strategies to counter fraud are explored.

In Chapter 5 the book turns to strategies which can be used to reducefraud. This chapter focuses upon the mechanics of measuring fraudand how this is very important in the overall strategy to counter fraud.The chapter describes the basic principles of fraud measurement andexamines how this should shape the overall counter-fraud strategy.

Changing attitudes towards fraud is as important as measures to pre-vent fraud. There are a very wide range of measures which can be usedto achieve these aims. Chapter 6 builds upon the research on fraudsters,as well as the extensive crime prevention research to demonstrate a widerange of tools to prevent fraud and create an anti-fraud culture.

Unfortunately it is never possible to prevent all frauds and those thatdo occur need to be detected quickly, and investigated to the higheststandards. In Chapter 7 the tools to detect and investigate fraud effec-tively are examined. In doing so the chapter draws upon some of theextensive research from psychology for detecting deception.

34


Introduction 5

Once an investigation has been completed there is a wide range ofoptions open to an organisation to sanction the fraudster and secureredress. Chapter 8 will show that the traditional criminal sanctions areonly one of many that a fully equipped counter-fraud professional canuse.

Central to this book is making fraud a cost. In Chapter 9 the importanceof this metric, as well as many others, is identified. The chapter examinesthe importance of metrics (or key performance indicators as some callthem) and how they can be created for an organisation. Some of thepotential drawbacks are also explored.

Much of what is advocated in this book could not be undertakenwithout professional counter-fraud staff who possess the appropriateknowledge and skills. They are needed to influence the organisationtowards this professional approach, to develop the strategy, to lead ondeveloping an anti-fraud culture and prevention, to detect and investigatefraud, to pursue sanctions and redress, and to manage performance.Chapter 10 explores the origin of these functions, what they need to doand why organisations should invest in them.

In the final chapter the model is drawn together and reasonable reduc-tions in fraud losses are applied to the leading companies in the world,the USA, UK, France and Germany. The chapter shows the substantialgains in profitability some companies could achieve if they pursued theprofessional approach to countering fraud.

END NOTES

1. See for example Porter, M.E. (2004) Competitive Advantage. New York: Free Press;Briggs, R. and Edwards, C. (2006) The Business of Resilience. London: Demos;Champy, J. and Hammer, M. (1993) Reengineering the Corporation: a Manifestofor Business Revolution. New York: Harper Collins; Hamel, G. and Prahalad, C.K.(1996) Competing for the Future. Harvard: Harvard Business School Press. See alsohttp://www.time.com/time/specials/packages/completelist/0,29569,2086680,00.html for the 25 most influential business books.

2. See ACFE (2010) Report to the Nation on Occupational Fraud and Abuse. Austin:ACFE; and Gee, J. Button, M. and Brooks, G. (2011) The Financial Cost of Fraud.What the data from around the world shows. London: PKF/CCFS.

3. NHSCFSMS (2007) Countering Fraud in the NHS: Protecting Resources forPatients. 1999–2006 Performance Statistics. London: CFSMS.

4. Warner, J. (2010) What the Great Recession Has Done to Family Life. New YorkTimes. http://www.nytimes.com/2010/08/08/magazine/08FOB-wwln-t.html.

5. New Policy Institute (2012) Living on the Edge: Pay in Local Government. Retrieved12 April 2012 from http://www.unison.org.uk/acrobat/5821.pdf.

35

36



6. BBC News (2011) Osborne Confirms Pay and Jobs Pain as Growth Slows. Retrieved12 April 2012 from http://www.bbc.co.uk/news/uk-politics-15931086.

7. BBC News (2012) Business Tracker. Retrieved 12 April 2012 from http://www.bbc.co.uk/news/10604117.

8. BBC News (2012) Economy Tracker. Retrieved 12 April 2012 from http://www.bbc.co.uk/news/10612209.

9. Top News (2010) Impact of the Recession in the Lives of Families. Re-trieved 12 April 2012 from http://topnews.us/content/221202-impact-recession-lives-families.

10. NHSCFSMS (2007) op. cit.

Frequently Asked Questions on IFRSSteven Collings9781119998976 • Pbk • 416 pages • April 2013 • £24.99 / €30.00 / $40.00

38

39

Chapter 1

What is theRole of theInternational

AccountingStandardsBoard (IASB)?

Whatexactly does the IASBdoandwhatare its objectives?

COPYRIG

HTED M

ATERIAL

40

10 Frequently Asked Questions in IFRS

AnswerThe IASB was previously known as the International Account-ing Standards Committee (IASC) until April 2001, when itbecame the IASB.

The IASC was originally set up in 1973 and was the sole bodyto have both responsibility and authority to issue internationalaccounting standards. In 2001, when the IASB took over respon-sibility for international financial reporting, it took on all of theIASC’s standards (which were all prefixed with ‘IAS’ – e.g. IAS2 Inventories, IAS 10 Events After the Reporting Period). TheIASB amended many of the standards, but then began to issueits own standards, which were known as International FinancialReporting Standards (IFRS). This is why you see standards pre-fixed with IAS (IASC standards) and IFRS (IASB standards). Theterm ‘IFRS’ has become a somewhat generic term that refers toall the standards (both IAS and IFRS).

The setup of the IASB is as follows:

Monitoring BoardApprove and

oversee trustees

IFRS Foundation(22 trustees)

IFRS AdvisoryCouncil

IASB(16 members)

IFRS InterpretationsCommittee

Working groupsfor major agenda

projects

41

Chapter 1: What is the Role of the IASB 11

Monitoring BoardThe Monitoring Board has been subject to criticism over theyears because of its lack of accountability and lack of respon-siveness to the concerns of its constituent members. However,the responsibilities of the monitoring board are to oversee theIFRS Foundation trustees, participate in the trustee nominationprocess and approve appointments of new trustees.

It also has responsibility to review and provide advice to thetrustees on the fulfilment of their responsibilities: there is anobligation for the trustees to report, on an annual basis, to theMonitoring Board. The Monitoring Board also has the authorityto request meetings with the trustees, or separately with thechairs of the trustees and the IASB, to discuss any area of thetrustees’ or IASB’s work.

IFRS FoundationThe 22 trustees within the IFRS Foundation act under the termsof the IFRS Foundation Constitution. It is a requirement of thisconstitution that in order to ensure a broad international basis,the Foundation must comprise of:

• six trustees that are appointed from Asia/Oceania regions;• six trustees that are appointed from Europe;• six trustees that are appointed from North America;• one trustee that is appointed from Africa;• one trustee that is appointed from South America; and• two trustees that are appointed from any area, but this is

subject to the Foundation maintaining an overallgeographical balance.

The IFRS Foundation oversees the IASB, and in addition thetrustees appoint members of the:

• IASB;• IFRS Advisory Council; and• Interpretations Committee.

42


Other responsibilities include monitoring the IASB’s effective-ness, securing funding and approving the IASB’s budgets.

IASBThe IASB comprises 16 members (of whom only three may bepart-time) that are appointed for a term of three to five years.The IASB has overall responsibility for all technical matters,which include:

• preparing and issuing IFRSs;• preparation, and issuance, of exposure drafts;• setting up procedures for reviewing comments received on

documents that have been published for comment; and• issuing bases for conclusions.

It is expected that by July 2012, the IASB will comprise of thefollowing:

• four members from Asia/Oceania;• four members from Europe;• four members from North America;• one member from Africa;• one member from South America; and• two members appointed from any area (subject to the IASB

retaining overall geographical balance).

Each member of the IASB has one vote and the approval often members is required for exposure drafts to be issued asdiscussion or as the final standard. If there are fewer than 16members of the IASB, approval by at least nine members isrequired.

IFRS Advisory CouncilThere are approximately 40 members appointed to Council bythe trustees for a renewable term of three years. Each memberhas a diverse geographic and functional background.

43

Chapter 1: What is the Role of the IASB 13

Council provides a forum for participation by organizationsand those individuals that have an interest in internationalfinancial reporting. It meets at least three times a year and itsprimary responsibilities include:

• advising the board on agenda decisions and priorities;• giving advice to the trustees and the board; and• passing on the views of the council members on the major

standard-setting projects.

Ultimately, IFRSs are the basis of international financial report-ing and must be complied with in their entirety; in otherwords, financial statements can never be prepared using a mixof IFRSs and national accounting standards. There are severalsteps involved in the creation of an IFRS, which include:

1. Setting the agenda.2. Planning the project.3. Developing and publishing a discussion paper.4. Developing and publishing an exposure draft.5. Developing and publishing an IFRS.6. Procedures after the IFRS is published.

Clearly, once a standard has been published, that is not nec-essarily the end of the line. There is often a need to amend astandard for a variety of reasons, and any necessary (but noturgent) changes are incorporated within the IASB’s AnnualImprovements Project. There are generally two types ofamendments required to an IFRS/IAS:

• To clarify a standard due to ambiguous wording or becauseof unintentional gaps within the standard itself.

• To correct a minor (and unintended) consequence, conflictresolution, and to deal with any oversights. It is important toemphasize that the correction does not introduce, orchange, the existing principles contained within thestandard.

44


However, in situations when the amendment is consideredpriority, the IFRS interpretations committee will deal withsuch issues. IFRS interpretations committee does not issuestandalone standards, but it is important to point out thatIFRICs are authoritative. There are seven steps that IFRSinterpretations committee must follow to achieve transparencyand consistency:

1. Identify the issue(s).2. Set an agenda.3. Hold the IFRIC meeting and vote.4. Draft an interpretation.5. IASB release the draft interpretation.6. Allow the comment period and deliberation process to take

place.7. IASB release the interpretation.

Managing Fraud RiskA Practical Guide for Directors and ManagersSteve Giles 9780470979457 • Hbk • 352 pages • Oct 2012 • £34.99 / €42.00 / $60.00

46

47

CH01XML 05/31/2012 13:29:59 Page 17

1 Responsibility

Fraud Awareness Quiz – Question 1Who is responsible for preventing and detecting fraud in your organisation?

What a mess – how could all this have been allowed to happen?

I am sitting in the boardroom of our new offices in Covent Garden, London. It is March 1991. I amabout to present the monthly update report on the progress of the Polly Peck case to ChristopherMorris, Fergus Falk and the various other partners and lawyers who together comprise the seniormembers of the Touche Ross investigation team. It is almost six months since Christopher was firstappointed as joint administrator of Polly Peck, charged specifically with investigating thecircumstances of the collapse of the company and the activities of its then Chairman and ChiefExecutive, Asil Nadir. Much has happened since then.

The investigation team has been working hard and the partners are not yet aware of all of theresults. I know that what I have to say in thismeetingwill have a big impact. There are three parts tomy report.

I begin bygiving anupdateon thenewoffices, reminding everyoneabout the background.Wemovedin earlier in themonth on the advice of our security consultants. These menwork for a specialist firmand come highly recommended by the police. They aremainly from an army background inmilitarysecurity anddefence intelligence and, having left the army, they are now the acknowledged experts intheUK in all aspects of corporate security and counter-surveillance. Their first piece of advice is to tellus thatweneed our ownpremises, separate fromToucheRoss’s existing buildings. Their reasoning issimple, if extreme: the locations of the firm’s main offices in various buildings around London are allwell-known; they present an obvious target which, for example, could be fire-bombed by the otherside in order to destroy evidence; and the team needed its own secure, self-contained and secretpremises fromwhich to run the investigation most effectively. Obviously, as we are nowworking inthe new offices, we took their advice. Somebody in the meeting asks how we came to choose thisparticular suite of offices. I say that the security advisers located it for us bymeans of a fairly basic buteffective vetting process. They obtained a list of premises with available office space to rent in centralLondon and then proceeded to visit each office. Their technique was very simple. They arrivedunannouncedat eachoffice in turn, alwaysdressed smartly inbusiness suits andcarrying clip-boards.They proceeded to walk through the buildings until challenged. They were looking for the buildingwhere the challenge processwas both quick and robust. The CoventGarden offices passed these tests(theother buildings visiteddidnot) and theyadvisedus to take them. I thenmention the second,moreprosaic advantage of being here, which is that these premises have a lot of storage space and we arecertainly going to need it, given all the evidence that we are rapidly accumulating on the case. Theoffices are now the base for the entire investigation team. Everyone agrees withme that they are idealfor our purposes. I say onemore thing about the newpremises: everyone can speak openly and freelyin today’s meeting because the security consultants came in earlier this morning and carried out a“sweep” of the boardroom to make sure that it is free of any surveillance bugs or listening devices.There are a number of nervous smiles around the room at this news.

COPYRIG

HTED M

ATERIAL

48

CH01XML 05/31/2012 13:29:59 Page 18

I now turn to the more serious matter of what looks like some major control weaknesses at PollyPeck. The team has made progress with one of the key areas of the investigation – asset tracing. Wehave already come across an array of money transfers out of the London head office bank account.As a court-appointed administrator, Mr Morris has the power to compel each of Polly Peck’svarious bankers to supply details and paperwork of all transactions going across the account. Allthe requests for this information have now been sent out and the replies from the banks are startingto come in. Our analysis and reviewwork is at an early stage but there is one feature that is startingto cause us some concern. We can identify a series of large cash payments going out of the account,all for round-sum amounts (e.g. £100,000 or £150,000 or £250,000 etc.). These payments have beenposted in Polly Peck’s books to the inter-company account with Unipac, the group’s main tradingsubsidiary in the TRNC. However, from the initial review of the information received from thebanks, it seems that much of the money does not arrive there! The money appears to be transferredinitially to accounts in the Channel Islands, from where it is splintered and diverted to a variety ofother destinations, all in accordance with instructions from Polly Peck. We will be able to confirmthese destinations when we receive all the documentation from the banks in due course. I mentionalso that the purpose of these transfers is entirely unclear at present. Why does Unipac, a veryprofitable company (at least, according to the accounts) apparently need so much cash fromLondon? There is silence in the room now. I come to the most disturbing part. It seems that all ofthese transfers were approved by Mr Nadir himself and were paid away on his sole signature. MrNadir was able to do this because, we believe, he enjoyed sole cheque signing powers, to anunlimited amount, on the Polly Peck bank accounts. If this is indeed the case, then there were noeffective controls over his use of corporate funds whatsoever, despite Polly Peck being a listedcompany.

I can see that this news has certainly got everyone’s attention. There is more to come.

My third point is to inform everyone about the contents of a report just in from our undercoverinvestigators in the TRNC. I need to say something about these undercover investigators.Originally, we had assumed that members of the investigation team would soon be travellingto the TRNC to review the Polly Peck group assets there. Questions of the ownership of assets in theTRNC and their recoverability were proving to be far from straightforward. For example, we couldsee from the accounting documentation that tens of millions of pounds of Polly Peck money wereapparently located in the TRNC, held on deposit with three local banks. The joint administratorswrote to these three banks, instructing them to remit this money to London, only to receive repliesexpressing regret that they were unable to comply with the instructions because the funds were“blocked”. This sounded highly suspicious and clearly we needed to resolve the position.However, our security consultants strongly advised against any members of the investigationteam travelling to the TRNC. In their view, the threat of violence can never be ruled out when thestakes are as high as in this case. Also, the UK has no extradition treaty with the TRNC and they feltit was highly likely that if any of the team went out there the individuals would not be allowed toleave. Given the influence of MrNadir on the island, they felt that any Touche Ross representativesworking in the TRNC would be detained at the end of their visit to be used as bargaining chips insubsequent negotiations. So, rather than travel ourselves we decided to hire two investigators totake a look at the situation on the ground in the TRNC, in a covert capacity. Accordingly, theinvestigators had travelled secretly to the TRNC three weeks ago and we received their first reportonly the day before.

So, I take the meeting through the key points in the investigators’ report. I know that they will be asshocked at its contents as all of us who read it yesterday were. I say that the investigators havevisited the three banks in the TRNC that claim to be holding Polly Peck’s money. Photographs of thebanks are attached to the report and I hand these out around the table. The banks look small, shabby

18 Managing Fraud Risk

49

CH01XML 05/31/2012 13:29:59 Page 19

and run down even, not places that give confidence that they should be holding millions of poundsof Polly Peck’s funds. I now come to themost alarming part of the report. The investigators have alsobeen able to check the ownership structure of the banks. It turns out that all three of them are ownedby Mr Nadir himself! Everyone in the room is now looking around at each other.

These are all senior accountants and lawyers, with years of experience of looking into corporatecollapses and scandals. So, a number of them no doubt suspected that something like this had beengoing on.However, the reality still comes as a big shock tomost people in the room. There had been nodisclosure of this obvious conflict of interestwith thebanks inPollyPeck’s annualReport andAccountsand of course the lack of an effective control over Mr Nadir’s cheque-signing powers had not beendisclosedanywhere. FergusFalk says somethingquietly, almost tohimself, but it captures exactlywhatwe are all feeling: “Well, well, well, what a mess – how could all this have been allowed to happen?”

Introduction

Fraud is a significant risk to the profits and reputation of all businesses today. The starting point forany organisation in fighting fraud effectively is a clear understanding of where responsibility formanaging this risk lies. Fergus Falk’s comment, back in 1991, was absolutely the key question –exactly who was responsible for the problems that we were uncovering at Polly Peck? This Chapterprovides directors andmanagerswith an overview, a frameworkwithinwhich effective governance,risk management and internal controls can be developed. There was no such strong framework inplace at Polly Peck and it was this structural weakness that made it so vulnerable to fraud.

This Chapter starts with a look at how the delegates on my courses and workshops over the yearshave answered the responsibility question in the Quiz. The answers enable us to draw a number ofconclusions on areas where businesses can improve their approach. Next, we look at the powerfulResponsibility Framework and consider the governance, risk and controls theory that underpins it.There is then a section introducing the topic of the responsibility of auditors (both internal andexternal) in preventing and detecting fraud. This is an important area because audit responsibility isoftenmisunderstood and also, in practice,many organisations place toomuch reliance on traditionalaudit techniques to fight fraud. Finally, theChapter closeswith an overviewof themodern approachto managing fraud: it is a strategic, risk-based approach that is rooted in governance mechanisms,with resources devoted to “upstream activities” of prevention anddeterrence, backed up bymoderndetective techniques and access to specialist investigation resources.

This Chapter emphasises from the outset the importance of factors such as corporate culture, toneat the top and awareness of risk in the successful management of fraud threats.

As an example of best practice in strategic fraud risk management, consider the followingcomments in an extract from my interview with Frazer. Frazer is a senior manager in a largegovernment department in the UK’s public sector. I began the interview by asking him what levelof priority was given to fraud in his organisation. This is his reply:

Fraud risk management has been reported by the Chair of the Audit and Risk Committeeas one of the top three priorities for our board, so it’s given very high priority. It’s primarilydriven by guidance on how we manage public finances and we are required to have inplace a process for understanding and managing cases of fraud so it’s managing publicmoney. Our Accounting Officer is accountable to make sure we have that and it is treatedextremely seriously by our most senior officers.

1 – Responsibility 19

50

CH01XML 05/31/2012 13:30:0 Page 20

There is a very powerful message here. Directors andmanagers need to understand that, althoughanti-fraud controls are crucial (and these are discussed at length throughout the book) the culture,tone and risk profile of their business will provide the entire context in which these controlsare set.

Another important point (and one of my key messages) is that if fraud is to be managedsuccessfully, it must not be looked at in isolation but rather it should be put in its proper contextof business risk. All organisations need a proper understanding and assessment of fraud riskwithin their own business profiles in order to be able to design effective and proportionate controlsto manage the various threats that fraud poses both to their profits and to their reputation. This isthe essence of taking a risk-based approach.

Before we go on to discuss the risk-based approach, we begin with the Quiz and the answers toQuestion 1.

Answers to the Quiz

Fraud Awareness Quiz – Question 1Who is responsible for preventing and detecting fraud in your organisation?

The first question of the Quiz addresses the issue of responsibility directly. The answers given bydelegates onmy courses and the points arising in the subsequent discussions providemewith a goodindicator of how effective fraud prevention, deterrence and detection is likely to be within theindividual organisations represented in the room on a particular day. When taken together over theyears, these answers provide a useful insight into a number of general attitudes to fraud thatare common in business organisations today that can lead to vulnerabilities in day-to-day practice.

The answers given to the question will vary of course depending on the mix of experience andbackgrounds of delegates on any one day. Nevertheless, there are similarities and patterns fromwhich conclusions may be drawn. Set out below are the most often repeated comments anddiscussion points that I have heard, in order of frequency:

� “Everyone”. Most delegates write down one word as their answer to this question – everyone.This is now by far the most popular response I get in any discussions around responsibility, notonly when discussing fraud specifically but also in a wider risk management context too. It wasnot always so: 12 years ago when I started lecturing on fraud most people would nominatespecific individuals or departments such as “Internal Audit” or “Security” or “Compliance” oreven the Money Laundering Reporting Officer as having responsibility. Today there is muchgreater awareness of the power and effectiveness of getting everybody in an organisationinvolved in the fight against fraud. However, the one-word answer of “everyone” can seem tobe a little routine, a little superficial sometimes. It needs to be tested further (see below).In addition, a more forensic approach to the question of where responsibility lies in businessis required.

� “Internal Audit”. Many delegates believe that internal auditors have specific responsibility forpreventing and detecting fraud. Interestingly, external audit is almost never put forward as ananswer. “Internal audit” is of course most often given as an answer by those delegates who arethemselves internal auditors. In the subsequent discussions it is sometimes unclear on whatexperience their answer is based, because most of these delegates admit that they do notthemselves carry out specific anti-fraud auditing. Many have been involved in investigating


51

CH01XML 05/31/2012 13:30:0 Page 21

frauds that have occurred but this is not the same thing – it is reactive work, responding to aspecific situation revealed by a tip-off or otherwise. It is not proactive fraud prevention anddetection work. We will look at aspects of fraud investigations in Chapter 9 of the book but itis important at this stage to emphasise that if internal auditors are going to be involved asfraud investigators they need two things to be effective in that role. First, they need sometailored investigation training – on the rules of evidence, on how to handle themselves whenconducting interviews under pressure etc. Secondly, they need access to modern auditingtools – in particular computer-assisted audit techniques (“CAATs”). Unfortunately, most ofthe internal auditors who attend these sessions have neither. The role of auditors (bothinternal and external) in anti-fraud work is sometimes poorly understood and reliance on atraditional audit approach is often ineffective. This is discussed in detail later in the book.

� “The board”. Although there is greater awareness today than there was in the 1990s of theresponsibilities of the board of directors in preventing and detecting fraud, this answer has oftento be teased out of delegates during discussions. This is more than a little surprising. The simplefact is that those individuals at the top of an organisation (whether directors, partners or a seniormanagement team) are ultimately responsible for the risk management systems and internalcontrols operating in every business. Fraud falls firmly within this framework and yet this basicgovernance point does not seem to be widely understood.

� “Management”. It is also surprising that this answer is not given more often. Management, inparticular departmental heads and linemanagers, have prime responsibility formanaging risk inbusiness today. However, delegates often have to be prompted and reminded of this. This makesme question whether in practice managers are sufficiently “hands on” in dealing with risk. If not,this is a significant weakness, especially in an area like fraud. For example, it would be verydangerous for any organisation if its Head of Procurement was not well aware of fraud risks inthe supply chain and buying processes of the business.

� “The RiskManager”. The perception of fraud as a business risk is increasing but unfortunatelyfew delegates seem aware of one of the key principles ofmodern riskmanagement, namely that“risk devolves to the line”. In other words, effective management of risk is carried out by linemanagers and departmental heads, rather than by nominated individuals. The importance ofthe role of the RiskManager has increased following the recent financial crisis, when an under-pricing of risk in financial services in particular was one of the factors in a number of largeinstitutions either failing (e.g. Lehman Brothers) or being compelled to seek governmenthelp (e.g. the Royal Bank of Scotland). The role of the Risk Manager is one of engagementand influence, of coordination, of reporting – not of managing risk directly. The day-to-daymanagement of risk has to be devolved to managers throughout the business if it is to beeffective.

� “Security”.Amuch rarer answer these days, other than by delegates from financial services andinsurance institutions or from the public sector, where organisations typically employ teams ofinvestigators and specialists to deal vigorously with the risks posed by organised crime gangs,benefit cheats and other external fraud threats.

There are never any right or wrong answers to questions around responsibility but what I wouldsay is that most of the responses that I am given are incomplete. In fact I would go further and saythat it is very rare indeed for a delegate to give me what I would regard as a complete answer tothis question. The answer that I always look for, and try to steer the discussion towards, bringstogether three of the answers given above: first, the board and senior management team;secondly, managers – in particular departmental heads and linemanagers; and thirdly, everyone.


52

CH01XML 05/31/2012 13:30:0 Page 22

These elements combine to form the powerful “Responsibility Framework” which we will turnto shortly.

Before discussing the Responsibility Framework, there is one other important point that I want tomake arising out of the discussions with delegates on the responsibility question. As mentionedabove, by far themost common answer that I am given to this question is “everyone”. It is of courseencouraging that managers and staff seem very well aware of the importance of this inclusiveconcept, no doubt from other training they have received in areas like risk management. Butperhaps because I hear it so often, I have grown concerned that this has become simply a defaultanswer, a stock response without real meaning or reference to what is actually happening withinbusinesses. To help explore what the answer “everyone” might mean in practice I often ask asupplemental question as follows:

If I were to go to your offices, pick three people at random from your organisation (they couldbe the Chairman, the receptionist, middle managers, clerks - anyone) and ask them thequestion “who is responsible for preventing and detecting fraud in your organisation”, areyou confident that I would receive the same answer that you have just given me, namely“everyone”?

Amazingly, I have worked with very few delegates who have given a confident, unqualified“yes” to this supplemental question! It does happen, but it is rare. The implication of this is thatthe answer “everyone” is indeed a default option, an idealised response or a “best practice”solution. It is likely that many organisations are failing in practice to get all of their staff involvedin the fight against fraud. Awareness of responsibility is a basic requirement for good riskmanagement.

Consider the following. If a hypothetical fire (of whatever sort) were to go off in your business howwould you want your people to react? Pretty obviously, you will want the first person whobecomes aware of it to be the one who shouts “Fire!” You absolutely do not want that employee toleave it to someone else because the individual does not consider it to be his or her responsibility.This principle applies to fraud as it does to any other area of risk.

Poor awareness of responsibility is a serious weakness in any organisation. The answers to the firstquestion of the Quiz that I have received over many years lead me to believe that, in the specificarea of fraud risk management, it is a serious weakness that is widespread in business today. Itneeds to be addressed proactively through training and the quality of supervision by linemanagers, which in turn requires the commitment of time, resources and money by the boardof directors. This brings us back to the Responsibility Framework.

Responsibility Framework

Introduction

The starting point of effective risk management (and fraud is of course a risk) for any organisationis to have a clear awareness throughout the organisation of responsibility at three levels: the boardof directors and senior managers; line managers and departmental heads; and every individualmember of staff. An overview of responsibility at each of the three levels is as follows:

� The board and the senior management team. The people at the top establish the values of anorganisation and set policy. The collective body (we are calling it here for simplicity “the board”)


53

CH01XML 05/31/2012 13:30:1 Page 23

has ultimate responsibility for managing risk and for putting in place an appropriate system ofinternal controls to achieve this.

� Line managers. The board delegates to line managers. It is the role of managers to implement boardpolicies on risk and control. So, managers should identify and evaluate the risks faced and design,operate andmonitor a suitable system of internal control which implements the policies of the board.

� Everyone. All employees have some responsibility for risk management and internal control aspart of their accountability for achieving their objectives. The participation of everyone under-pins the framework.

I have coined the term “Responsibility Framework” for these roles and responsibilities. Theframework can be represented diagrammatically as a triangle as shown in Diagram 1.1 above.

I always emphasise the importance of the Responsibility Framework to my delegates – bothgenerally in terms of risk management and internal controls and of course specifically aroundmanaging fraud threats. I find the responsibility triangle diagram very useful for these purposesbecause it provides a simple visual picture of the framework.

International best practice

Both the concept of the Responsibility Framework and its representation as the triangle diagramare rooted in best practice corporate governance and risk and controls theory. I have based themdirectly on the report “Internal Control: Guidance for Directors on the Combined Code” (“theTurnbull Guidance”) which was published in the UK in September 1999 and is at the time ofwriting being updated. The UK’s Turnbull Guidance is one of the key internal control frameworksthat have been developed around the world in recent years.

We need to look also at the US for ideas on responsibility within organisations. It has been theAmericans who have led the way on this with two key control frameworks being developed in theUS in the last 20 years. First, the “Internal Control – Integrated Framework” developed in 1992 bythe Committee of Sponsoring Organisations of the Treadway Commission (“COSO”). This iscurrently being updated but it is still regarded as setting the standard for internal controlframeworks around the world. The second key development affects those corporations with a

1 The Board

2 Line Managers

3 Everyone

Delegateto

Underpinnedby

Diagram 1.1 Responsibility Framework


54

CH01XML 05/31/2012 13:30:1 Page 24

listing in the US who need robust control frameworks in order to comply with the requirements ofthe Sarbanes-Oxley Act 2002 (“SOX”).

All of these three frameworks are different but mutually compatible and each will be reviewed insome detail in Chapters 5 and 6 of the book.

Practical application

It is important to say, however, that whilst the Responsibility Framework is based uponinternational best practice, it is not simply a theoretical construction. It is to be found operatingin practice day to day in those businesses with a strong controls and risk management culture allover the world.

As an example of this, the importance of the Responsibility Framework is understood absolutely bySharon, the deputy CEO of a large financial institution in the Caribbean. Consider the followingextract frommy interview with her carried out for the purposes of this book. I started the interviewby asking her the same question about the responsibility for preventing and detecting fraud that wehave looked at as Question 1 in the Quiz. Here is Sharon’s reply:

Steve, you would have to start off with something that is just so complicated! Well, Ishould say first the responsibility for ensuring that fraud is dealt with in a certain manneris vested in the executive and in the board. That’s the way because obviously theleadership has to set the tone within the organisation and that is one of the thingsthat is clear in our organisation. But then we say to our staff that everybody in theorganisation is responsible for detecting fraud. You need this because it is only throughyour people in your branches saying if they see somebody doing this or doing that you aregoing to find out about fraud. You are not going to know sitting in a head office whatsomebody might be doing in a branch at the other end of the island! So therefore whatdoes that mean for us? Firstly we have to develop the policies. We have determined in ourorganisation that there is to be zero tolerance for fraud. What that means is that it doesnot matter whether the fraudulent act results in the end in an actual loss to theorganisation because the person carrying out the act simply does not remain with usany longer. And it does not matter how long they were with us – they have to go. That iseasier said than done. It is difficult to do but once you say it then you have to live by it andpeople have to understand it thatway, which is why it is so important to have buy-in at themore senior level and line-management level with respect to this.

And people in the organisation understand that now. So even when they think thatsomebody finds somebody who has done something fraudulently and they know it isfraudulent and evenwhen they know the bank hasn’t lost anymoney as a result, they alsoknow the person can’t remain in the organisation and we have set that awareness forourselves. Another major thing for us is that we have to constantly train our people. Youhave to train people, let people understand what a fraudulent act is and then understandwhy it is important for us that we have zero tolerance. They need to understandwhat is sowrong about this, what did they do, how fraud at the end of the day can destroy aninstitution and if it destroys the institution then you yourself will not have a job and weneed to keep connecting those dots all the time. So the thing we do, after we have thepolicies, is we do the training and it is very important in the training to keep showing thelive example of what has happened, scenario-based training as you would call it.


55

CH01XML 05/31/2012 13:30:1 Page 25

And then of course whatwe do is we say to themanagers of the branches and the businessunits that the cost of the fraud is to hit your bottom line, it does not come into head office.So you are very careful, you want to make sure managers understand their responsibilitybecause they have tomanage this, especially nowwith the way themarket is. When thereis pressure tomake results you can’t have all this fraud affecting your P & L. If there is fraudin one of our branches it’s actually the branch itself that bears the cost, it’s making clear tothe branchmanager that he’s the point man on this, he’s the guy who has to manage this.Those are the things that people need to learn and understand.

Sharon clearly “gets it” and so does her bank. She sets out here a very practical approach to fraudrisk management and mentions two of the key ingredients that we will look at in detail later: theimportance of culture (in the case of her bank it has a “zero tolerance” attitude to fraud) and theimportance of getting the message conveyed to staff through training with senior staff memberstaking the lead.

The linkage between risk management and internal controls

Overview

Wewill look at both riskmanagement and internal controls in detail in later Chapters of the book. Itis useful at the outset, however, to set out some fundamental points regarding risk and controls andhow the two inter-relate. Directors and managers need a good understanding of how thisrelationship works if their organisations are going to be able to manage fraud risk effectively.My discussions with delegates on the courses suggest that there may be some confusion as to howrisk and controls actually relate to each other in practice, particularly for those who are not from afinancial or an accounting background.

So, here are five key ideas that directors andmanagers should always bear inmindwhen looking atrisk and controls:

� Risk, broadly defined, means uncertainty. In a business context risk equates to “uncertainty ofoutcome”. If a company knew for certain what was going to happen in the future there would beno risk, but of course this is not possible. Consequently, risk must be managed.

� Risk should be optimised, rather than minimised. That is to say, every business should belooking to optimise the amount of risk it is prepared to accept in the pursuit of value, with thecrucial reference point always being the risk appetite of each individual business.We consider theconcept of risk appetite further in Chapter 4. Businesses will never be able to grow or achieve theircorporate objectives simply by minimising risk. This is an important point and one that is notalways readily apparent. As an example, I am often asked to speak about risk management atconferences and I sometimes find it an interesting exercise to ask delegates to raise their hands ifthey agree with the following statement: “We are looking to minimise risk in our business”. Thereare always more hands raised than are not raised in answer.

� Risk is dynamic, it changes all the time. Internal controls are not dynamic, however. In manyorganisations, especially mature businesses, control systems and procedures have evolvedslowly over time and may be characterised as being essentially historic, as remaining “anchoredin the past”. As a result, gaps often appear between risks (which are changing) and controls(which are slow to react to those changes). There is real danger for all businesses if these gaps areallowed to grow too wide.


56

CH01XML 05/31/2012 13:30:1 Page 26

� Risk determines controls, not the other way around. Internal controls exist for many reasonsbut fundamentally they are there to help to manage risk. It is simply not possible, therefore, forany organisation to have an effective and efficient system of internal controls in place unless it isbased on a thorough, systematic and ongoing assessment of risk in the business.

� Understand the essence of the control concept. Key aspects of controls need to be understoodalso, in addition to the ideas on risk. Here, there are two crucial questions about controleffectiveness. All directors and managers need to know what these questions are, they needto ask them regularly within their businesses and they need to understand the answers beforethey can properly conclude on the adequacy of their internal control systems. The first keyquestion is: “are the controls effectively designed?” The key reference point here is risk and thebasic equation is: the higher the risk, the stronger the controls. For a control to be properlydesignated as “strong” generally it will require the involvement of a senior manager or anexperienced member of staff. As a matter of principle, high-risk areas should not be allocated tojunior or inexperienced members of staff. The second key question is: “are the controls workingeffectively, in accordance with the control design?” Just because a control or procedure happensto be written down in a manual does not mean that it will be carried out in practice. From myexperience, internal auditors often spend more time on the second question than on the first.They look in particular for evidence that controls are working rather than first consideringwhether the design of the control is appropriate. This is a mistake.

Control design linked to risk

Before moving on to look at the importance of evidence and the evidence-based approach, thereis one point coming out of the above analysis that is worth emphasising. Controls need to beproperly designed if they are to be effective. Good control design is impossible without goodrisk analysis. This is as true for fraud as it is for any other area of risk in business. One of thefundamental requirements for effective management of fraud is for an organisation to under-stand where the threats are in its own particular business model. This requires a thorough,systematic and informed assessment of fraud risk in the business. We will refer to this later as a“fraud risk profile”. The great majority of delegates that I work with tell me that their ownorganisations do not have such a fraud risk profile. In reply I tell them that this is a seriousweakness, so that this is often the first key action point for delegates arising on the day.

The importance of evidence

Introduction

Evidence is critical in discharging management responsibilities in business today. One of thebig changes between how business was conducted in the 1990s and how it is conducted todayas we move into the second decade of the new millennium is the emphasis now put ondecisions and actions to be “evidence-based”. In the previous century this was not so. Then,executives and managers would routinely act on decisions based on judgement calls arising outof discussions that were not written down or on information not retained or simply on “gutfeel” – a phrase that, in the business context, usually refers to pattern-recognition, the instinctsthat make a manager good at his or her job. It would be both risky and unprofessional to takethis approach today. Courts of law, regulators, auditors and other interested third parties lookfor evidence to support the decisions taken, especially where those decisions turn out, withhindsight, to have been sub-optimal – an executive euphemism for what are commonly knownas mistakes! If there is no evidence to support the decision-making process and it turns out thatmistakes have been made, then the directors and managers concerned are always vulnerable to


57

CH01XML 05/31/2012 13:30:1 Page 27

accusations that they had not discharged their responsibilities properly and had thereforebeen negligent.

Examples

There are many examples today of the need for business decisions to be based firmly on evidence.Consider the following three examples that I use regularly in my training courses:

Example: external audit questioning. The first is from my own experience as an externalauditor. I startedwork in 1979 as a trainee accountant in London. From time to time I would berequired to ask questions of the FinanceDirector of the audit client that I wasworking on. Heremy duties were very clear: I was to be fully briefed and prepared, arrange for a convenient timeto meet the Finance Director, go in armed with my notebook and questions, ask the relevantquestions, record faithfully the answers given and . . . nothing else. That was it! If the answersto any of the questions I raised were considered to be of fundamental importance to the auditopinion, the audit partner would include the question concerned in the firm’s “Letter ofRepresentation” addressed to the board of directors of the client company, who would berequired to sign it before the audit opinion was signed off in order to provide formal writtenconfirmation of key representations made to us during the course of the audit. If I was startingmy audit career again today I would do everything as before (obviously my notebook wouldnow be replaced bymy netbook!) but with one crucial addition. On completion ofmymeetingwith the Finance Director I would have to carry out work myself in order to obtain sufficient,reliable, independent corroborative evidence that what he or she told me was actually true.The whole catalogue of corporate scandals involving people at the top of major corporationsin the intervening 30 years (BCCI, Barings, Maxwell, Enron, WorldCom, Refco, Parmalat,Soci�et�e G�en�erale, Madoff and of course Polly Peck amongst many others) has destroyedforever the myth of self-evident senior management probity, honesty and integrity.

Example: anti-money laundering. My second example relates to the fight against financialcrime in its broadest sense – that of anti-money laundering and counter-terrorist financing.The 21st century has seen a marked increase in the rigour with which the authorities aroundthe world have attempted to combat money laundering and the financing of terror. Theterrorist atrocities in the US on 11 September 2001 increased the momentum here because ofthe realisation thatmuch of themoney needed byMohammedAttah and his co-terrorists fromal-Qaeda to prepare for the attacks (to pay for food, accommodation, training courses to learnhow to fly aeroplanes etc.) was sent to bank accounts they had set up in the US from banks inGermany and the Middle East using standard bank transfer mechanisms. One consequence isthat terrorist financing since that time has been closely coupled with money laundering interms of the law and regulations. Financial institutions are now required to have measures inplace to prevent and deter money laundering and terrorist financing and to report any“suspicious transactions” promptly to the authorities. Legislation such as the USA PATRIOT Act2001 and the Proceeds of Crime Act 2002 in the UK place significant personal responsibility onnominated officers (usually the Money Laundering Reporting Officers or “MLROs”) in thisregard. Potentially, these individuals could end up in jail if they are found to have beennegligent in carrying out their duties. It is therefore imperative thatMLROs document fully thereasons for all decisions taken. This applies in particular in situations where the MLRO hastaken the decision that a transaction reported to him or her by a member of staff as being“suspicious” is not to be reported onto the authorities because their own investigation hasshown it not in fact to be part of a money laundering or terrorist financing scheme. Ifsubsequently this decision turns out to have been wrong, so that a money-launderer and/or a


58

CH01XML 05/31/2012 13:30:2 Page 28

terrorist has indeed been allowed to take advantage of the system as a result, it is critical thatthe MLRO is able to point to the evidence of his or her notes showing that, in all thecircumstances available at the time, the decision taken was reasonable. Without the evidencethe court is likely to conclude that no work was carried out, with the result that the MLROcould well end up in jail for negligence.

Example: UK Bribery Act 2010.Another example can be found in the UK’s Bribery Act 2010.Wewill look at the Act in detail later in the book – it is highly relevant because, in my view, briberyand corruption should properly be viewed as important component parts of corporate fraud,as will be demonstrated in the next Chapter. The key point to make on the Bribery Act at thisstage is that the only defence to the new and far-reaching section 7 offence under the Act ofthe failure of a commercial organisation to prevent bribery is that, despite a particular case ofbribery, the organisation in fact did have “adequate procedures” in place to prevent and deterbribery. Examples of what these procedures might be are provided in guidance issued by theMinistry of Justice and include suchmeasures as a bribery risk assessment, a zero tolerance anti-bribery policy signed off by the board, appropriate policies on gifts and hospitality, and robustcontrols such as whistleblowing hotlines and staff training programmes. The essential featurethough is that all of these measures and procedures must actually exist. For example, theremust be evidence of the training being carried out, with a register showing the dates when thetraining took place and the names of those who attended.

Evidence of management of fraud risks

This focus on evidence has as much importance for fraud as it has for all other areas of riskmanagement. As we have seen, it is necessary that awareness of responsibility for preventing anddetecting fraud exists at all levels if an organisation is to have a solid foundation for themanagement of fraud risk. Equally important, however, is that the organisation is able to pointto policies, procedures, controls and behaviours that demonstrate that the Responsibility Frame-work is real and that it exists in practice and not just in theory. Governance and anti-fraud controlsare discussed in detail throughout the book but as examples of minimum standards here thefollowing should apply:

� An anti-fraud policy statement. There should be a clear statement by the board, signed off by theChairman or CEO, of the organisation’s robust attitude towards fraud and the severe conse-quences for anyone attempting fraud against the organisation.

� Line managers should have their responsibility for managing risk in their departments set outclearly in their annual objectives. With this having been set, the appraisal process should pick upactual performance in this area. This provides managers with a clear incentive to perform in thisarea.

� All managers and staff should receive appropriate anti-fraud awareness training, both oninduction and also re-enforced periodically thereafter. Without this it will be difficult indeedto be confident that everyone in an organisation is aware of his or her responsibilities in fraudprevention and detection.

If measures such as these ones (and others) are not in place, the board and senior management willhave great difficulty in demonstrating that they have discharged their responsibilities to minimisefraud threats adequately. In the absence of any anti-fraud policy statement from the board, withoutrisk management featuring in managers’ targets and appraisals so that managers have an incentive


59

CH01XML 05/31/2012 13:30:2 Page 29

to perform in this area, and with no anti-fraud training programmes in place it will be difficultindeed for any organisation to claim with credibility that it has taken all appropriate steps tomanage its fraud risk effectively.

The role of audit in fraud prevention and detection

Overview

Audit is often thought to play a crucial role in reducing fraud risk. Indeed, if members of the publicwere to be canvassed at random and asked whether auditors were responsible for preventing anddetecting fraud, I have no doubt that the answer would be a resounding “yes”! Much of thisconviction might be to do with popular misconceptions about what auditors are actually there todo – there is little clear understanding of the roles of either internal auditors or external auditorsoutside of the respective auditing professions. However, in my experience, directors andmanagersalso place toomuch reliance on traditional auditing to provide protection against fraud. Traditionalauditing, as we shall see later in Chapter 6, will include a review of systems and controls inconjunction with a more detailed look at the documentary evidence for “samples” – a relativelysmall number of transactions, selected at random. The sample sizes will either be based on the lawsof probability or on judgement. None of this should provide assurance to senior management thatany frauds that are being committed in their organisation will be detected by the auditors.

Little training for auditors on fraud awareness

A big part of the problem is that auditors receive very little fraud awareness or investigationtraining. This was made absolutely clear to me by Teresa, an experienced internal auditor who hasheaded up internal audit departments in the past and is now a member of the audit committee of alocal authority in the UK. This is what she toldme during our interview about her own experiencesof fraud and her training:

I think in general, duringmy time as an internal auditor therewas probably very little timespent on formal fraud training. Probably the only time I came across fraud was in one ofthe organisations I worked for and then purely by chance. I just happened to stumbleacross something which was relating to the very old fashioned pension incentive schemepayments, basically payments to move people out of housing into private, rented homes.You had to fulfil certain criteria and there were many letters on file and I have to admit,when I read them, I thought it can’t possibly be a fraud because it’s too well documentedto be a fraud – but of course it was! Again, thatwas kind of I had to learn on the case if youknow what I mean because other than technical training through the ACCA (theAssociation of Certified Chartered Accountants) I really knew very little about it. So I’dsay on a day-to-day basis other than stumbling across something like that I probablywould spend very little time on it. Other than maybe, if we were doing our own auditprogramme looking at the kind of fraud risk element within it, but again you know verylittle actual time would have been spent on fraud. I think that it probably wasn’t until Ibecame the head of an internal audit department when you sort of suddenly realiseactually how these aspects link together in terms of internal audit, counter- fraud etc. andhow you know one can feed into the other and you can become much more effective. Ofcourse I was working in the local authority at that stage with a trained team of fraudinvestigators. I undertook my own training then as well so that I could understand whatthey were talking about and more about the risk of fraud within each organisation.


60

CH01XML 05/31/2012 13:30:2 Page 30

Teresa points to a lack of understanding and focus on fraud that is prevalent inmany of the internalaudit departments that I have worked with myself. Training for auditors is crucial, as Teresa’scomments indicate.

Problems and remedies

In my view, traditional auditing simply does not “cut it” in terms of effective anti-fraud work.There is often a poor appreciation and awareness of fraud risk amongst an internal audit team. Thesmall sample sizes used make it extremely unlikely that any fraudulent transactions that might bein the system will actually be selected for review during the audit process and often fraud as abusiness risk is never even discussed during the audit. External auditors are required by theirstandards to consider the issue of fraud in a financial statement audit but there remainsconsiderable scepticism amongst the delegates on my courses about the effectiveness of externalauditors in preventing and detecting fraud.

However, directors and managers need to know that there are a number of ways in which auditorscan be highly effective in the fight against fraud. The use of “surprise audits”, specific fraud auditscarried out using a more informed assessment of risk, together with audit tools that enable datamining to take place, are all examples of how to improve audit effectiveness in this area. We willlook at both the limitations of traditional auditing andmoremodern, alternative and effective auditapproaches in more detail later in Chapter 6.

The strategic approach to managing fraud risk

Best practice guidance

In 2008, an important piece of anti-fraud guidance was published entitled “Managing the BusinessRisk of Fraud: A Practical Guide”.1 This work was sponsored jointly by: The Institute of InternalAuditors, the American Institute of Certified Public Accountants, and the Association of CertifiedFraud Examiners. This guidance makes the key point that “diligent and on-going effort” is neededif an organisation is to protect itself against significant fraud threats. It sets out five key principlesfor proactive fraud risk management as follows:

� Principle 1: a fraud riskmanagement programme should be in place, as part of the organisation’sgovernance structure. This will include a written policy stating the expectations of the board ofdirectors and senior management regarding managing fraud risk.

� Principle 2: there should be an assessment of fraud risk carried out by the organisationperiodically to identify specific threats and changes to the risk profile that need to be controlledand mitigated.

� Principle 3: the organisation should have prevention controls and techniques in place to avoidpotential key fraud risk events.

� Principle 4: the organisation should have detective controls and techniques available to uncoverfraud events when preventative measures fail or unmitigated risks are realised.

� Principle 5: a reporting process should be in place, together with a coordinated approach toinvestigation and corrective action. This should help ensure that potential fraud is dealt with inan appropriate and timely manner.


61

CH01XML 05/31/2012 13:30:2 Page 31

This is powerful and best practice guidance. In my view it is essential that all organisations adoptthis strategic approach in practice if the fraud threat is to be managed effectively. In fact, I havebeen emphasising these principles tomy delegates for years in a slightly different format, one that Ihave termed the Fraud Risk Management Framework.

The Fraud Risk Management Framework

Introduction

This framework is a very simple and powerful way of demonstrating the key components offraud risk management architecture. It is neatly summarised in Diagram 1.2. I like to take mydelegates through the framework in the following way, always starting by pointing to the boxat the bottom of the diagram headed “Investigation” and telling them a little of my earlyexperiences as an international fraud investigator. There are five stages in my description to thedelegates, as follows:

1. Overview of the frameworkI first started working in the forensic and fraud auditing area in the early 1990s. At that time veryfew businesses in the UK had anything approximating to a fraud risk management programme.Most directors and managers that I spoke to at the time refused to admit that fraud was a problemat all, with a typical attitude being: there has never been any fraud in our business, our people arehonest and we trust them. It was very frustrating at times. I remember when I was in forensics atTouche Ross trying to pitch an anti-fraud risk profiling product that we were working on to theFinance Director of a travel company and being told: “that’s quite interesting, but what has it to dowith us? We do not have any fraud in our business.” Just as he was saying this, his secretary camein with a number of cheques for him to sign, which he duly did without even stopping to look atthem. I remember thinking at the time that it was perhaps no coincidence that this business hadnever discovered any fraud!

2. InvestigationDuring the 1990s the attitude of business to fraud was fundamentally reactive. Essentially,directors and managers would hide behind the fiction that fraud “never happens here” and

Risk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk RiskRisk Risk Risk Risk Risk

Prevention

Detection

Investigation

Deterrence

Reducedexposure

gap

Diagram 1.2 Fraud Risk Management Framework


62

CH01XML 05/31/2012 13:30:2 Page 32

keep their fingers crossed. Typically, on discovery of any form of financial crime, there would be aninternal investigation but very rarely would this be reported to the police. So far as managing riskwent, theywould rely on some form of fidelity insurance cover if the crimewas significant and lookto that to reduce the financial impact of the fraud.

This reactive approach is still adopted by many businesses today but it is becoming lesscommon. Now, directors and managers are looking more to investing resources in the so-called“upstream activities” of fraud prevention and deterrence. There are various reasons for this,most notably a greater realisation of the importance of reputation in business and the needalways to protect the brand. Nothing torpedoes reputation more quickly than a fraud scandal.The other main reason is more pragmatic. The insurance industry is now much less inclined topay out on a fraud claim without carrying out some review work first. Insurers expect theirclients to have in place adequate measures to prevent fraud and, if this is not in fact the case,will seek to avoid paying out under the policy on the grounds that their client has beennegligent in failing to put proper systems and controls in place and has therefore contributedto the fraud.

Of course it remains the case that fraud events need to be investigated thoroughly and profes-sionally. All organisations need to have access to investigative expertise, either internally or byusing an external source such as forensic accountants or the police. We will look at fraudinvestigations in detail in Chapter 9 of the book.

3. Prevention and deterrenceThemodern approach to fraud focuses first of all on prevention – the policies, controls, training andcommunication that organisations use to try to stop fraud from occurring. There are a variety ofanti-fraud prevention controls available, from generic controls like segregation of duties anddelegation of authority through to specific measures such as mandatory vacations and fraudawareness training. Some are more effective than others, and all must be seen in the context of theparticular circumstances and characteristics of each individual organisation. We will discuss anti-fraud prevention controls in detail in Chapter 7 of the book.

The bridge between the first box (“Prevention”) and the second box (“Detection”) is deterrence.Deterrence may be defined as the modification of behaviour through the threat of sanctions.Deterrence controls such as surprise audits have been shown to be highly effective in practice inreducing fraud, yet they are used only infrequently in business today. Fraud is, in essence, a peopleproblem and controls that seek to influence behaviour through the perception of detection are veryimportant. Deterrence mechanisms are often poorly understood by directors and managers and soare frequently under-utilised. We look at this whole area and in particular the importance of the“perception of detection” concept in more detail in Chapter 8 of the book.

4. DetectionThe second box is labelled “Detection” and delegates are always very interested in this area of thefraud framework. This observation goes wider than delegates on my training courses however, aseveryone that I have worked with in business in a forensic context has wanted to be able to detectfraud.Well, the first thing that I always say here is that fraud is in reality very difficult to detect! It isoften carried out by individuals who are in senior positions or who have worked for anorganisation for a long time and so have a detailed knowledge of the systems and of any controlweaknesses. They are therefore in the ideal position to commit and conceal fraud. The purpose ofdetective controls is to reduce the exposure gap – the length of time from when a fraud starts towhen the victim organisation finds out about it. The typical exposure gap in business will bearound18 months to two years. This often comes as quite a shock to delegates and it illustrates well


63

CH01XML 05/31/2012 13:30:3 Page 33

the practical difficulties in uncovering fraudulent schemes. This is an area we will return to atlength later in Chapter 8.

5. Risk-Based ApproachI always suggest to my delegates that the most important part of the diagram is not the boxes at allbut rather the background, which is denoted by the word “Risk”. The “risk” framework providesthe entire context within which fraud has to be managed. The delegates will broadly agree with meon this, which is always encouraging. However, when I ask how many of the organisationsrepresented in the room have taken the time and effort to identify, analyse, assess and documenttheir fraud risk exposure, very few of my delegates ever put their hands up. This remains true eventoday. It is disappointing and a little surprising given the greater awareness of the importance ofrisk management principles today. Risk is dynamic, it changes all the time. This is particularly trueof a threat like fraud and yet most businesses seem not to be aware of the importance of a regular,systematic assessment of fraud risk in order for the mitigating controls and procedures to beperiodically updated and therefore to remain adequate. Specific fraud risks change all the time. Ifanti-fraud controls remain the same, then over time there is a widening gap between risk andcontrols. There is danger for all organisations in this widening gap.

Risk principles underpin this book and we will return frequently to the risk-based approach intackling fraud frequently in the coming Chapters.

Summary – Five Key Learning Points for Directorsand Managers

This Chapter on responsibility provides the overall framework that will enable directorsand managers to deal with the threats of fraud in an effective and proportionate way.Before looking at some of the detailed controls and procedures in later Chapters it isworth pausing a moment and looking at the key lessons learned. There are five keylearning points as follows:

@ Remember the Responsibility Framework and the associated triangle diagram. All risksand controls can be fitted into this framework. Ultimate responsibility for managingrisk resides with the board and seniormanagers. This is devolved to departmental headsand line managers who become effectively the point men and women in yourorganisation in relation to risk and controls. To make the whole thing work, theframework is underpinned by everyone being aware of personal responsibility for riskand controls when carrying out their work.

@ Carry out regular fraud risk assessment (or risk profiling) exercises. Riskmust be assessedand prioritised if it is to be managed effectively. Without assessing risk it will beimpossible to design proportionate controls to manage your fraud threats effectively.

@ Make sure that everything done to manage fraud risk is evidence-based. This meansthat the fraud risk assessment must be documented and also that all policies, proce-dures, training programmes etc. must exist and be updated regularly.

@ Do not over-rely on traditional audit techniques for fraud prevention and detection. Berealistic in terms of the focus of external audit work and try to improve internal audit


64

CH01XML 05/31/2012 13:30:3 Page 34

capabilities through a combination of recruiting experts and investing in trainingprogrammes and/or modern detective tools.

@ Take a strategic approach to the problem. Commit to a fraud risk managementprogramme, be proactive and focus resources on the areas of prevention and deter-rence. Have appropriate detective measures in place to reduce the exposure gap to aminimum and have access to investigation expertise, either external or in-house, to giveassurance that potential future fraud events will be dealt with in an appropriate andtimely manner.


IFRS EssentialsDieter Christian, Norbert Lüdenbach9781118494714 • Pbk • 560 pages • Mar 2013 • £49.99 / €60.00 / $80.00

66

67

JWBK561-c01 JWBK561-Christian Printer: Yet to Come January 25, 2013 9:16 Trim: 235mm × 187mm

THE CONCEPTUAL FRAMEWORK FORFINANCIAL REPORTING

1 INTRODUCTION

The Conceptual Framework sets out the concepts that underlie the preparation and presentationof financial statements for external users (Conceptual Framework, Section “Purpose andstatus”). The relationship between the Conceptual Framework and individual IFRSs can bedescribed as follows.

� In the absence of regulation, management has to develop an accounting policy. Thataccounting policy has to be compatible with the Conceptual Framework if there are norequirements in IFRSs which deal with similar and related issues (IAS 8.11).� In a limited number of cases, there may be a conflict between the Conceptual Frame-work and the requirements of an IFRS. In such cases, the requirements of the IFRSprevail over those of the Conceptual Framework (Conceptual Framework, Section“Purpose and status”).

2 THE OBJECTIVE OF GENERAL PURPOSE FINANCIAL REPORTING

The objective of general purpose financial reporting is to provide financial information aboutthe reporting entity that is useful to existing and potential investors, lenders, and other creditorsin making decisions about providing resources to the entity (e.g. providing loans to the entityor buying equity instruments of the entity) (OB2).

Existing and potential investors, lenders, and other creditors are the primary users towhom general purpose financial reports are directed (OB5). They require useful informationin order to be able to assess the future cash flows of the entity they are evaluating. Normally,general purpose financial reports are not primarily prepared for use by management, regulatorsor other members of the public, although they may also find those reports useful (OB9-OB10).

General purpose financial reports are not designed to show the value of a reporting entity.Instead, they help the primary users to estimate such value (OB7).

Changes in the reporting entity’s economic resources and claims against the entity result fromthat entity’s financial performance and from other events or transactions such as issuingdebt or equity instruments. To properly assess the entity’s future cash flow prospects, usersneed to be able to distinguish between both of these changes (OB15).

Accrual accounting is applied when preparing the financial statements. Accrual accountingdepicts the effects of transactions and other events and circumstances on the reporting entity’seconomic resources and claims against the entity in the periods in which those effects occur,even if the resulting cash receipts and payments occur in a different period (OB17). However,the statement of cash flows is not prepared on an accrual basis (IAS 7).

COPYRIG

HTED M

ATERIAL

68


2 IFRS Essentials

3 GOING CONCERN

The financial statements are normally prepared on the assumption that the entity is a goingconcern and will continue in operation for the foreseeable future. Thus, it is assumed that theentity has neither the intention nor the need to liquidate or curtail materially the scale of itsoperations. However, if such an intention or need exists, the financial statements may have tobe prepared on a different basis and, if so, the basis used is disclosed (F.4.1).

4 QUALITATIVE CHARACTERISTICS OF USEFULFINANCIAL INFORMATION

4.1 Introduction

The objective of general purpose financial reporting (see Section 2) is a very broad concept.Consequently, the IASB provides guidance on how to make the judgments necessary to achievethat overall objective. The qualitative characteristics of useful financial information describedsubsequently identify the types of information that are likely to be most useful to the existingand potential investors, lenders, and other creditors for making decisions about the reportingentity on the basis of information in its financial report (QC1). The following chart representsan overview of the qualitative characteristics.1

Qualitativecharacteristics

Fundamental

Relevance

Predictivevalue

Confirmingvalue

Neutrality

Freedom frommaterial error

VerifiabilityUnderstand-

abilityCompleteness

TimelinessComparabilityFaithful

representation

Enhancing

4.2 Fundamental Qualitative Characteristics

Financial information must be both relevant and faithfully represented if it is to be useful (QC4and QC17).

1 See KPMG, Briefing Sheet, Conceptual Framework for Financial Reporting: Chapters 1 and 3, October2010, Issue 213.

69


The Conceptual Framework for Financial Reporting 3

4.2.1 Relevance Financial information is relevant if it is capable of making a differencein the decisions made by users (QC6). Financial information is capable of making a differencein decisions if it has predictive value, confirmatory value, or both (QC7).

Predictive value means that the financial information can be used as an input to processesemployed by users to predict future outcomes. Financial information need not be a predictionor forecast itself in order to have predictive value. Instead, financial information with predictivevalue is employed by users in making their own predictions (QC8). Confirmatory value meansthat the financial information provides feedback about (i.e. confirms or changes) previousevaluations (QC9).

The predictive value and confirmatory value are interrelated. Financial information that haspredictive value often also has confirmatory value (QC10).

Financial information about a specific reporting entity is material if omitting it or misstating itcould influence the decisions of users. In other words, materiality is an entity-specific aspectof relevance based on the magnitude or nature, or both, of the items to which the informationrelates in the context of an individual entity’s financial report. Hence, the IASB cannot specifya uniform quantitative threshold for materiality or predetermine what could be material in aparticular situation (QC11).

4.2.2 Faithful Representation A faithful representation of economic phenomena wouldhave three characteristics. It would be complete, neutral, and free from error. The IASB intendsto maximize those qualities to the extent possible (QC12).

A complete depiction includes all information necessary for a user to understand the economicphenomenon being depicted. That information includes the necessary numerical information,descriptions, and explanations (QC13).

A neutral depiction is without bias in the selection or presentation of information. A neutraldepiction is not slanted, weighted, emphasized, de-emphasized or otherwise manipulated inorder to increase the probability that the information will be received favorably or unfavorablyby users (QC14).

Free from error means that there are no errors or omissions in the description of an economicphenomenon, and the process used to produce the reported information has been selected andapplied with no errors in the process. Nevertheless, free from error does not mean perfectlyaccurate in all respects. For example, there is always some uncertainty when estimating anunobservable price or value (QC15).

Faithful representation excludes prudence because it was considered to be in conflict withneutrality (FBC3.19 and BC3.27–BC3.28).

In the Conceptual Framework, substance over form does not represent a separate componentof faithful representation because it would be redundant. This is because representing a legalform that differs from the economic substance of the underlying economic phenomenoncould not result in a faithful representation. Consequently, faithful representation implies thatfinancial information represents the substance of an economic phenomenon rather than merelyrepresenting its legal form (FBC3.19 and BC3.26). This means that substance over form is

70


4 IFRS Essentials

an important principle in IFRS. The following are examples for applying the principle ofsubstance over form with regard to the issue of revenue recognition when selling goods.

� The assessment of when to recognize revenue is based on the transfer of beneficialownership and not on the transfer of legal title or the passing of possession (IAS 18.15).For example, when goods are sold under retention of title, the seller recognizes revenuewhen the significant risks and rewards of ownership have been transferred, the sellerretains neither effective control nor continuing managerial involvement to the degreeusually associated with ownership, and the general criteria (the revenue and the costscan be measured reliably and it is probable that the economic benefits will flow to theseller) are met (IAS 18.14). This means that revenue is recognized by the seller and thegoods are recognized by the buyer when beneficial ownership is transferred.� In an agency relationship, an agent may sell goods of the principal in his own name.The agent receives a commission from the principal as consideration. In the agent’sstatement of comprehensive income, the amounts collected by the agent on behalf ofthe principal do not represent revenue. Instead, revenue of the agent is the amount ofcommission (IAS 18.8). This procedure results from the application of the principle“substance over form.” Moreover, the agent does not recognize the goods received fromthe principal in his statement of financial position because beneficial ownership is nottransferred to the agent. The principal recognizes revenue and derecognizes the goodswhen he loses beneficial ownership as a result of the sale of the goods to a third party(IAS 18.IE2c and IAS 2.34).� In an agency relationship in which an agent sells goods of his principal, the accountingtreatment described above applies. However, in some cases determining whether anentity is acting as a principal or as an agent is not straightforward. That determinationrequires judgment and consideration of all relevant facts and circumstances. An entityis acting as a principal when it has exposure to the significant risks and rewardsassociated with the sale of the goods. Features that indicate that an entity is acting as aprincipal include (IAS 18.IE21):� The entity has the primary responsibility for fulfilling the order, for example by

being responsible for the acceptability of the goods.� The entity has inventory risk before or after the customer order, during shipping oron return.� The entity has latitude in establishing prices, either directly or indirectly (e.g. byproviding additional goods or services).� The entity bears the customer’s credit risk for the amount receivable from thecustomer.

One feature indicating that an entity is acting as an agent is that the amount the entity earnsis predetermined (being either a fixed fee per transaction or a stated percentage of the amountbilled to the customer).

4.3 Enhancing Qualitative Characteristics

The enhancing qualitative characteristics enhance the usefulness of information that is relevantand faithfully represented. However, they cannot make information useful if that informationis irrelevant or not faithfully represented. They may also help to determine which of two waysshould be used to depict an economic phenomenon if both are considered equally relevant andfaithfully represented (QC19 and QC33).

71



Enhancing qualitative characteristics should be maximized to the extent possible. However,one enhancing qualitative characteristic may have to be diminished in order to maximizeanother qualitative characteristic (QC33–QC34).

4.3.1 Comparability Information about a reporting entity is more useful if it can becompared with similar information about the same entity for another period or another dateand with similar information about other entities (QC20).

Consistency, although related to comparability, is not the same. Consistency refers to the useof the same methods for the same items, either in a single period across entities or from periodto period, within the reporting entity. Comparability is the goal whereas consistency helps toachieve that goal (QC22).

The IASB also notes that permitting alternative accounting methods for the same economicphenomenon diminishes comparability (QC25).

4.3.2 Verifiability Verifiability means that different knowledgeable and independent ob-servers could reach consensus although not necessarily complete agreement that a particulardepiction constitutes a faithful representation (QC26).

Quantified information need not be a single point estimate in order to be verifiable. A rangeof possible amounts and the related probabilities can also be verified (QC26).

It may not be possible to verify some explanations and forward-looking information until afuture period, if at all. To help users decide whether they want to use that information, itis normally necessary to disclose the underlying assumptions, the methods of compiling theinformation and other factors, and circumstances that support the information (QC28).

4.3.3 Timeliness Timeliness means having information available to decision-makers intime to be capable of influencing their decisions. Normally, the older the information is theless useful it is (QC29).

4.3.4 Understandability Information is made understandable by classifying, characteriz-ing and presenting it clearly and concisely (QC30).

Financial reports are prepared for users who have a reasonable knowledge of business and eco-nomic activities and who review and analyze the financial information diligently. Sometimeseven well-informed and diligent users may need to seek the aid of an adviser to understandinformation about complex phenomena (QC32).

5 THE COST CONSTRAINT ON USEFUL FINANCIAL REPORTING

Cost is a pervasive constraint on the information that can be provided by financial reporting.Reporting information imposes costs and it is important that those costs are justified by thebenefits of reporting that information (QC35). Hence, when applying the cost constraint indeveloping an IFRS, the IASB assesses whether the benefits of reporting particular informationare likely to justify the costs incurred to provide and use that information (QC38).

72


6 IFRS Essentials

6 THE ELEMENTS OF FINANCIAL STATEMENTS

6.1 Definitions

The elements directly related to the measurement of financial position are defined as followsin the Conceptual Framework (F.4.4):

� An asset is a resource which is controlled by the entity as a result of past events andfrom which future economic benefits are expected to flow to the entity.� A liability is a present obligation of the entity that arises from past events, the settlementof which is expected to result in an outflow from the entity of resources embodyingeconomic benefits.� Equity is the residual interest in the assets of the entity after deducting all itsliabilities.

Assets and liabilities (as defined above) are not always recognized in the statement of financialposition. This is because recognition in the statement of financial position requires that therecognition criteria (see Section 6.2) are met (F.4.5).

Furthermore, the elements of performance are defined in the Conceptual Framework asfollows (F.4.25):

� Income encompasses increases in economic benefits during the period in the form ofinflows or enhancements of assets or decreases of liabilities that result in increases inequity, other than those relating to contributions from equity participants.� Expenses are decreases in economic benefits during the period in the form of outflowsor depletions of assets or incurrences of liabilities that result in decreases in equity,other than those relating to distributions to equity participants.

Income and expenses (as defined above) are not always recognized in the statement of com-prehensive income. This is because recognition in the statement of comprehensive incomerequires that the recognition criteria (see Section 6.2) are met (F.4.26).

Income encompasses both gains (e.g. from the disposal of non-current assets) and revenue(e.g. from the sale of merchandise). Similarly, expenses encompass losses as well as otherexpenses (F.4.29–4.35).

6.2 Recognition

Recognition is the process of incorporating an element (see Section 6.1) in the statement offinancial position or in the statement of comprehensive income (F.4.37).

An asset is recognized in the statement of financial position when it is probable that the futureeconomic benefits associated with the asset will flow to the entity and the asset has a cost orvalue that can be measured reliably (F.4.44).

A liability is recognized in the statement of financial position when it is probable that anoutflow of resources which embody economic benefits will result from the settlement of apresent obligation and the amount at which the settlement will take place can be measuredreliably (F.4.46).

73



The so-called matching principle applies to the recognition of income and expenses in thestatement of comprehensive income. Expenses are recognized in the statement of comprehen-sive income on the basis of a direct association between the costs incurred and the earning ofspecific items of income. This means that expenses and income that result directly and jointlyfrom the same transactions or other events are recognized simultaneously or combined. Forexample, the costs of goods sold are recognized at the same time as the income derived fromthe sale of the goods. However, the application of the matching principle does not allow therecognition of items in the statement of financial position that do not meet the definition ofassets or liabilities (F.4.50).

6.3 Measurement

The measurement of the items recognized in the statement of financial position items is definedin the individual standards. The description of different types of measurement in F.4.55 is ofno importance in practice.

7 EXAMPLES WITH SOLUTIONS

Example 1

Relevance: Predictive value and confirmatory value

Entity E discloses revenue information for 01 in its financial statements as at Dec 31, 01.

Required

Assess whether E’s revenue information is relevant within the meaning of the ConceptualFramework.

Hints for solution

In particular Section 4.2.1.

Solution

Predictive value means that the financial information can be used as an input to processesemployed by users to predict future outcomes. Financial information need not be a pre-diction or forecast itself in order to have predictive value. Instead, financial informationwith predictive value is employed by users in making their own predictions. E’s revenueinformation for the current period (01) can be used as the basis for predicting revenues infuture periods. Consequently, it has predictive value (QC8 and QC10).

Confirmatory value means that the financial information provides feedback about (i.e.confirms or changes) previous evaluations (QC9). E’s revenue information for the currentperiod (01) can be compared with revenue predictions for 01 that were made in past periods.Hence, it also has confirmatory value (QC9–QC10).

Financial information is relevant if it has predictive value, confirmatory value or both(QC6–QC7). Since E’s revenue information has predictive value as well as confirmatoryvalue, it is relevant within the meaning of the Conceptual Framework.

74


8 IFRS Essentials

Example 2

Substance over form – retention of title

On Dec 31, 01, wholesaler W delivers merchandise under retention of title to retailer R. Onthat date, the significant risks and rewards of ownership are transferred. W retains neithereffective control nor continuing managerial involvement to the degree usually associatedwith ownership. The carrying amount of the merchandise in W’s statement of financialposition is CU 4. They are sold for CU 5.

Required

Prepare all necessary entries in the financial statements as at Dec 31, 01 of (a) W and(b) R.

Hints for solution


Solution

General aspects

Irrespective of the retention of title, beneficial ownership is transferred from W to R onDec 31, 01. This is because the significant risks and rewards of ownership have beentransferred and W retains neither effective control nor continuing managerial involvementto the degree usually associated with ownership. Moreover, it can be assumed that thecriterion “probability of the inflow of economic benefits” is met because there are noindications to the contrary. In addition, it is obvious that the revenue and the costs can bemeasured reliably (IAS 18.14).

(a) W’s perspective

On Dec 31, 01, W loses beneficial ownership. Therefore, the criteria for revenue recognitionare met. The carrying amount of the merchandise sold has to be recognized as an expensein the period in which the related revenue is recognized, i.e. in 01 (IAS 2.34):

Dec 31, 01 Dr Cash 5Cr Revenue 5

Dec 31, 01 Dr Cost of sales 4Cr Merchandise 4

(b) R’s perspective

R recognizes the merchandise in its statement of financial position when obtaining benefi-cial ownership:

Dec 31, 01 Dr Merchandise 5Cr Cash 5

75



Example 3

Determining whether the entity is acting as a principal or as an agent

Entity E operates an internet business. E’s customers pay via credit card. After a credit cardcheck, the order is automatically sent to producer P who immediately sends the goods tothe final customer.

E is responsible for any defects of P’s products to the final customers. However, E and Phave stipulated that all claims of final customers are forwarded to and resolved by P at P’scost.

E receives commission of 10% of the amount billed to the final customer for each sale. Theselling prices and the conditions of sales are determined by P alone.

On Dec 07, 01, E sells goods to the final customer in the amount of CU 50. All paymentsare carried out on the same day.

Required

Assess whether E is acting as a principal or as an agent and prepare all necessary entries inE’s financial statements as at Dec 31, 01.

Hints for solution


Solution

E considers the following criteria when assessing whether it acts as a principal or as anagent (IAS 18.IE21):

� E is responsible for any defects of P’s products to the final customers. However, Eand P have stipulated that all claims of final customers are forwarded to and resolvedby P at P’s cost. This means that, in fact (i.e. when applying the principle “substanceover form”), E does not have any obligations with regard to defective goods.� E has no inventory risk, i.e. no risk of a decline in value of the goods.� The selling prices and the conditions of the sales are determined by P alone. Hence,E has no latitude in establishing prices.� The amount that E earns is predetermined, being a stated percentage of the amountbilled to the final customer.� Since the final customers have to pay via credit card, E does not bear the customers’credit risk.

According to the characteristics of E’s business, E is acting as an agent. Consequently, E’srevenue is the amount of commission:

Dec 07, 01 Dr Cash 5Cr Revenue 5

76


10 IFRS Essentials

Example 4

Is recognition of an intangible asset in the statement of financial position appropriate?

In Jun 01, entity E spent CU 100 for employee training. E’s management believes that itsemployees will make a more competent impression on E’s clients as a result of the trainingwhich will then increase E’s revenue.

Required

Assess whether the expenses for employee training have to be recognized as an intangibleasset in E’s statement of financial position. In doing so, also discuss the impact of thematching principle (F.4.50).

Hints for solution

In particular Sections 6.1 and 6.2.

Solution

Considering the matching principle (F.4.50) would suggest the following procedure: theexpense of CU 100 is at first recognized as an intangible asset in E’s statement of financialposition. It affects profit or loss in the same periods in which the related increases in revenueoccur. According to that procedure, the increases in revenue would be recognized in profitor loss in the same periods as the training costs that are necessary for creating the higherrevenue.

However, the application of the matching principle does not allow the recognition of itemsin the statement of financial position that do not meet the definition of assets or liabilities(F.4.50), or of items that are assets but do not meet the recognition criteria.

Consequently, the procedure described above (capitalization of the training costs initiallyand subsequent recognition in profit or loss when the related increases in revenue occur)cannot be applied because the training costs do not represent an intangible asset that meetsthe recognition criteria (IAS 38.69b). Consequently, they are recognized in profit or loss inJun 01.

With the continuing changes in the corporate landscape, it is more

critical than ever to ensure you are up to date and well informed.

Whether an individual, organisation or corporation,

Wiley has the resources to make sure you don’t get left behind.

Our knowledge is your power...

wiley finance accounting minibook

Documents

professional services

ifrs essentials

assurance essentials

professional accountancy

professional advice

competent professional

electronic books

free esampler