What is the Audit Committee’s Role in Prevention, Deterrence and Detection of Fraud?

“Audit committees need to develop strong organization ethics programs that communicate expected behavior, candor with management and immediate attention to issues.”
-Jack Weisbaum, former CEO, BDO USA, LLP

No discussion of risk would be complete without a direct consideration of the risk of fraud and the responsibilities for dealing with fraud. AICPA Statement on Auditing Standards No. 99, outlines the following roles with respect to fraud: Auditors have the responsibility to consider the risk of fraud in planning and performing their audits, specifically as it relates to misstatements arising from fraudulent financial reporting (e.g., falsification of accounting records) and misstatements arising from misappropriation of assets (e.g., theft or fraudulent expenditures) that may lead to a material misstatement within the financial statements. However, “it is management’s responsibility to design and implement programs and controls to prevent, deter and detect fraud… Management, along with those who have responsibility for oversight of the financial reporting process (such as the audit committee, board of trustees or board of directors), should set the proper tone, create and maintain a culture of honesty and high ethical standards and establish controls to prevent, deter and detect fraud. When management and those responsible for oversight of the financial reporting process fulfill those responsibilities, the opportunities to commit fraud can be reduced significantly.” ⁹

Audit committees need to understand the following fraud risk factors that are generally present when fraud occurs: incentive or pressure to commit fraud (e.g., pressure to meet revenue and/or budgetary goals); opportunity to commit fraud (e.g., absence/lack of controls, ability for management to override controls, etc.); and rationalization (e.g., attitude or lack of ethics that allows a person to commit fraud). Together, these factors make up what is widely known as the fraud triangle.

There are several variations, currently in circulation, to the fraud triangle. One such alternative is summarized in a report published by David T. Wolfe, a forensic accountant, and Dana R. Hermanson, a professor of accounting, adding a fourth element – human capability, thus, forming the fraud diamond,¹⁰ to consider an individual’s personal traits and abilities that play a major role in determining whether fraud will actually occur in the presence of pressure, opportunity, and rationalization. For audit committees, at the core of these fraud models is recognizing the presence and interaction of the risk factors underlying fraud as the key to oversight responsibilities for the detection, deterrence and prevention of fraudulent activity.

Building upon various fraud models and based upon its own investigative experience, BDO Consulting (BDOC) – a division of BDO USA, LLP – has identified certain conditions that often create a fertile environment for fraud and negatively impact the audit committee’s ability to oversee management’s anti-fraud initiatives. Such conditions include:

Lack of awareness of fraud risk factors and warning signs
Inadequate control activities to mitigate identified fraud risk
Inadequate screening practices (for employees, vendors, customers and/or siness partners)
Insufficient understanding of ethical duties at all levels
Ineffective mechanisms for reporting and investigating fraud
Ineffective board and audit committee oversight

Fraud continues to be a hot topic and a focus in the area of risk management for organizations and particularly those charged with governance. BDOC’s Fraud Prevention Program¹¹ is based upon the belief that the effectiveness of board and audit committee oversight is a key element in significantly reducing the risk of fraud at an organization and increasing the likelihood that, if fraud does occur, it will be detected at an early stage. To achieve this, audit committees may consider employing the following best practices:¹²

Understand significant fraud risks that the organization’s business is facing via fraud risk assessment and education
Understand the programs and controls that management has developed for managing fraud risks, including relevant policies and procedures
Develop alternative sources of information about what is happening in the organization with respect to fraud risks
Seek supporting documentation and be willing to ask difficult questions
Have mechanisms in place for both reporting (e.g., “whistle-blower hotlines”) and conducting independent investigations of fraud
Independently assess and monitor the effectiveness of those mechanisms

Audit committees should be aware of the motivations that can cause personnel to commit financial statement fraud at nonprofit organizations. Many of the reasons are similar to any other entity. However, the following items are unique situations found only at nonprofit organizations.

Reason: To meet fundraising goals

Many nonprofit organizations have set fundraising goals and the desire to show that these goals have been met can be an impetus to commit fraud to make it appear as if the goals have been met. This is often desirable so that an organization can receive matching grants that will only be provided by the donor if the organization reaches a specific goal first.

Reason: To show donor restrictions being met and grant terms complied with

Nonprofit organizations are required to meet the donor restrictions placed on funds they receive and ensure that all grant terms, both federal and nonfederal, have been complied with. The failure to meet the required restrictions may mean an organization cannot report the amounts as revenue in the financial statements as well as the possibility that they may have to return the funds to the grantor. Failure to comply with grant terms can result in findings in the reports and return of the funds.

Reason: To show more expenses as program versus supporting activities

An organization may be subject to the requirement to maintain certain program versus supporting service ratios, so they may commit financial fraud to record expenses in the program service category, although they may not qualify, in order to show that they have satisfied these ratios. In addition, an organization with a larger ratio of program expenses to supporting services is viewed more favorably in the eyes of donors and the organization may want to raise more funds, so they want to report better expense ratios.

Reason: Make the organization appear less financially rich

At times, organizations may be deemed to be “too rich” by donors if they show large net assets. This will cause donors to decide not to donate funds to the organization since they appear not to need the funds. This can lead to financial statement fraud where revenues are understated in order for the organization to show its needs better.

Reason: Misclassify expenses to reduce any unrelated business income

Certain organizations may conduct activities that result in unrelated business income and incur a tax. The misclassification of expenses to the activity can make it seem that no net revenue was generated and no taxes are necessary.

These are all examples that are unique to the nonprofit industry that should be considered by the audit committee when it is considering the risk of fraud at the organization.

(9) Refer to the AICPA Auditing Standards (SAS) Codification – Post Clarity AU-C Section 240 “Consideration of Fraud in a Financial Statement Audit,” which is available on the AICPA website.

(10) Refer to “The Fraud Diamond: Considering the Four Elements of Fraud,” an article by David Wolfe and Dana Hermanson published in the CPA Journal (December 2004) and available at: http://www.nysscpa.org/cpajournal/2004/1204/essentials/p38.htm.

(11) For further information on BDOC’s Fraud Prevention Program or BDOC’s Investigations & Compliance and Risk Advisory Practices visit: http://www.bdoconsulting.com/services/consultingservices.aspx.

(12) Refer to further guidance contained within the AICPA’s “Management Override of Internal Controls: The Achilles Heel of Fraud Prevention” available at: http://www.aicpa.org/ForThePublic/AuditCommitteeEffectiveness/DownloadableDocuments/achilles_heel.pdf.