Kenneth G. Dixon School of Accounting LEARNING FROM WORLDCOM: IMPLICATIONS FOR FRAUD DETECTION THROUGH CONTINUOUS ASSURANCE J. Randel Kuhn, Jr. University.

Slides:

Advertisements

Similar presentations

Audit Evidence Week 11.

Advertisements

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

Auditing Concepts.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

Peter Plevka, BMC Software Managing IT and Your Business – Optimizing Mainframe Cost and Performance.

The Islamic University of Gaza

Audit Planning and Analytical Procedures Chapter 8.

1. Research Topics for Continuous Auditing Mike Groomer Professor of Accounting and Information Systems Kelley School of Business Indiana University.

The Acceptance and Adoption of Continuous Auditing by Internal Auditors: A Micro Analysis Miklos A. Vasarhelyi Micheal Alles Siripan Kuenkaikaew James.

Continuous Audit at Insurance Companies

Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.

Property, Plant, and Equipment; Depreciation and Depletion.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter.

Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.

Advanced Accounting Information Systems

Principles of Information Systems, Sixth Edition Transaction Processing & Enterprise Resource Planning Systems Chapter 9.

Audit Automation as the Foundation of Continuous Auditing Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Learning Objectives LO1 Describe the finance and investment process: risk assessment, typical transactions, source documents, controls, and account balances.

AUDIT PROCEDURES. Commonly used Audit Procedures Analytical Procedures Analytical Procedures Basic Audit Approaches - Basic Audit Approaches - System.

Slide © The McGraw-Hill Companies, Inc., 2006 Property, Plant, and Equipment; Depreciation and Depletion l At the same time, we also look at:  Gain.

Business Risk and Business Environment Fixed assets are often the large category of assets Because there is typically limited activity in fixed assets.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

How Will Continuous Auditing and XBRL-GL Work Together to Provide Improved Business Value? Nigel J. R. Matthews, BASc, CA ACL Services Ltd.

ANALYTICAL PROCEDURES SECTION 7

McGraw-Hill/Irwin Copyright © 2011 The McGraw-Hill Companies, All Rights Reserved Chapter 14 Enterprise Resource Planning Systems.

Why Do We Need Accounting? Companies of all sizes need to implement a streamlined accounting system in order to accurately record and report business transactions,

7 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 7.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved

Information Fusion in Continuous Assurance Johan Perols University of San Diego Uday Murthy University of South Florida UWCISA Symposium October 2, 2009.

Transaction Processing & Enterprise Resource Planning Systems Chapter 9.

1 Designing Substantive Procedures The auditor “must plan and perform the audit to reduce the audit risk to an acceptably low level that is consistent.

Getting synergies from rapid access to data

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Quality Control Project Management Unit Credit Value : 4 Essential

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 8.

Internal Control in a Financial Statement Audit

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 8.

Event Management & ITIL V3

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

AUDITING THE REVENUE CYCLE AND RELATED ACCOUNTS

S14: Analytical Review and Audit Approaches. Session Objectives To define analytical review To define analytical review To explain commonly used analytical.

Copyright © 2007 Pearson Education Canada 1 Chapter 14: Completing the Tests in the Sales and Collection Cycle: Accounts Receivable.

Enterprise Assets Management EGN 5622 Enterprise Systems Integration Fall, 2015.

CISB594 – Business Intelligence Business Performance Management.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.

FINANCE MODULE. The various subsystems Financial Accounting Investment management Controlling Treasury Enterprise controlling.

Fundamentals of Information Systems, Third Edition1 An Overview of Transaction Processing Systems Every organization has transaction processing systems.

McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.

Integration integration of all the information flowing through a company – financial and accounting, human resource information, supply chain information,

Analytical Review and Audit Approaches

Chapter 10 Auditing the Revenue Process McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Electronic Presentations in Microsoft ® PowerPoint ® Prepared by Brad MacDonald SIAST © 2003 McGraw-Hill Ryerson Limited.

Management Information Systems Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 3b.

Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.

18-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright  2003 Pearson Education Canada Inc. CHAPTER 13 The Use of Automated Working Papers and Analysis During the Audit of the Sales and Collection.

F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.

©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Audit Planning and Analytical Procedures Chapter 8.

BUSINESS INFORMATION SYSTEMS

Auditing Concepts.

Audit Risk The risk that an auditor will give an inappropriate audit opinion when the financial statements are materially misstated.

Developing the Overall Audit Plan and Audit Program

Auditing Information Technology

Audit Planning and Analytical Procedures

Financial Accounting (FI)

Chapter 13 Overall Audit Plan and Audit Program

Chapter 13 Overall Audit Plan and Audit Program

Presentation transcript:

Kenneth G. Dixon School of Accounting LEARNING FROM WORLDCOM: IMPLICATIONS FOR FRAUD DETECTION THROUGH CONTINUOUS ASSURANCE J. Randel Kuhn, Jr. University of Central Florida Steve G. Sutton University of Central Florida University of Melbourne

Kenneth G. Dixon School of Accounting Purpose of the Study To examine the key methods of fraud utilized by the management at WorldCom and to demonstrate how the use of established principles of analytic monitoring could be used to detect fraud executed through normal operating transactions. To demonstrate integration procedures for the prescribed monitoring in an SAP-based enterprise systems environment similar to WorldCom’s. To highlight the intractable monitoring problem presented by the myriad of loosely connected legacy systems feeding into WorldCom’s consolidated SAP system.

Kenneth G. Dixon School of Accounting Contribution to Continuous Audit Research Provides detailed understanding of how continuous assurance techniques explored in the research literature can be applied to effectively identify fraud in a known fraud situation. Moves the literature on continuous audit modules forward by addressing the complexities of implementation within a standardized enterprise software environment. Addresses the realities and risks associated with large numbers of disparate legacy systems.

Kenneth G. Dixon School of Accounting Categorize operating expenses as capital expenditures. Reclassify acquired MCI assets as goodwill. Include future company expenses as write-downs of acquired assets. Manipulate the bad debt reserve calculations. Fraud Strategies at WorldCom

Kenneth G. Dixon School of Accounting Continuous Assurance Framework Traditional attestation framework provides only a snapshot of the financial reporting system, thus inhibiting timely decision-making and limiting audit scope. Continuous auditing addresses these faults by immediately identifying irregularities, increasing audit coverage, and functioning remotely.

Kenneth G. Dixon School of Accounting Continuous Assurance Framework Early work by Groomer and Murthy (1989) and Vasarhelyi and Halper (1991) laid the foundation for continuous auditing research. The three phases of continuous auditing are: 1. Measurement – key management reports (e.g. financials) 2. Monitoring – comparison to metrics and error notification 3. Analysis – auditor review of alarms and investigation Nature of auditing transforms from substantive- based test of details approach to auditing by exception.

Kenneth G. Dixon School of Accounting Framework Internal Information Corporate IT structure incorporating, legacy, ERPs, middleware, and Web Monitoring IT Structure Corporate Strategic and Tactical Metrics Internal and External Monitoring Metrics Monitoring Analytics and Exception Reporting Alarms External Information To Other Stakeholders Audit Exceptions To Operations Scorecard Obtained from Vasarhelyi working paper, Rutgers University.

Kenneth G. Dixon School of Accounting System Architecture The integrated platforms and automated business processes of ERP applications enable effective use of continuous auditing procedures. WorldCom utilized an SAP R/3 enterprise system to process business transactions and produce consolidated financial statements.

Kenneth G. Dixon School of Accounting System Architecture Two continuous auditing system architecture models exist in research literature: 1. Monitoring and Control Layer (MCL) 2. Embedded Audit Module (EAM) MCL uses an independent server controlled by the auditor that receives scheduled data interfaces from the client’s enterprise system (i.e. near real-time) and is analyzed against a set of rules.

Kenneth G. Dixon School of Accounting System Architecture EAM functionality/logic is embedded into the client’s system and operates real-time. MCL represents the least intrusive, most efficient, and more independent alternative; especially in a resource-constrained SAP environment. Data extraction for MCL can occur via either BAPI with RFC or direct extraction from table data (e.g. GLPCT/GLPCA).

Kenneth G. Dixon School of Accounting Continuous Audit Data Flow (MCL) CA Analyzer (with rule-set) Relational Database Extractor Exception Report Auditor Continuous Extraction via RFC Alerts Data Testing SAP R/3 (GLPCA/GLPCT)

Kenneth G. Dixon School of Accounting CA Analyzer Rule-Set #1 Fraud: Categorize operating expenses as capital expenditures. Detection Measure: Compare ratios of Operating Expenses to Sales Revenue and Capital Expenditures to Sales Revenue to industry averages. Analytic Metric: IF OpEx to Sales ratio is > 2% below.93 AND CapEx to Sales ratio is > 5% above.15, THEN create alert. Note: WorldCom’s 12/31/01 OpEx/Sales and CapEx/Sales ratios were.90 and.22 exceeding the threshold by $946m and $585m, respectively.

Kenneth G. Dixon School of Accounting CA Analyzer Rule-Set #2 Fraud: Reclassify acquired MCI assets as goodwill. Detection Measure: Identify significant changes to asset and goodwill accounts. Analytic Metric: IF Property, Plant, and Equipment and Goodwill account balances increase or decrease by >.01% from the last extraction, THEN create alert. Note: WorldCom Goodwill balance as of 12/31/01 was $50.5b. A.01% change would have been $5.05m. Actual account balance change for the year was $3.9b.

Kenneth G. Dixon School of Accounting CA Analyzer Rule-Set #3 Fraud: Include future company expenses as write-downs of acquired assets. Detection Measure: Compare operating profit (i.e. revenue – operating expenses) to industry trend. Analytic Metric: Graph the monthly statistic of (revenue – operating expenses) for the past 12 months. IF the slope of the trend (x=exp, y=rev) is positive, THEN create alert. Note: During the fraudulent years, the telecommunication industry experienced rising operating costs in relation to revenue (i.e. consistent negative slope).

Kenneth G. Dixon School of Accounting CA Analyzer Rule-Set #4 Fraud: Manipulate the bad debt reserve calculations. Detection Measure: Compare estimates of bad debt allowance to historical averages. Analytic Metric: IF the change in the ratio of Bad Debt Allowance to Accounts Receivable is > 1% below last month’s figure, THEN create alert. Note: A 1% decrease in estimate for WorldCom in 2001 would have resulted in a revenue increase of $23m. WorldCom actually reduced the estimate by 1.4% from prior year saving $87m in bad debt expense.

Kenneth G. Dixon School of Accounting Continuous Audit Data Flow (MCL) CA Analyzer (with rule-set) Relational Database Extractor Exception Report Auditor Continuous Extraction via RFC Alerts Data Testing SAP R/3 (GLPCA/GLPCT)

Kenneth G. Dixon School of Accounting Legacy System Complexities Disparate systems built on various technological foundations complicate the design, use, and maintenance of continuous auditing applications. Auditing the consolidated financial system provides only limited assurance. The nature of the data collection for the billing process at WorldCom illustrates the complexity.

Kenneth G. Dixon School of Accounting Telephone SwitchesTraffic Systems Legacy Billing Systems SAP R/3 (Revenue & A/R)                   Billing #1 Billing #2 Billing #30 WorldCom Billing Process

Kenneth G. Dixon School of Accounting Importance of the Study Demonstrates how a reasonable and practical implementation of continuous assurance would have detected a major fraud. Emphasizes practicality of implementation in an enterprise systems environment. Recognizes the inherent complexities of continued use of legacy systems and the related risk in any financial audit.

Kenneth G. Dixon School of Accounting Implications for Future Research Continuous audit is possible, but what are the challenges facing a comprehensive implementation?  Cost?  Consumption of system resources?  Scalability?  Maintainability of comparison data/trends?

Kenneth G. Dixon School of Accounting Implications for Future Research What are the organizational and human issues involved?  Perceptions of trust?  Gaming behavior?  Human interpretation and use of data?  Information processing biases?  Information overload?

Kenneth G. Dixon School of Accounting LEARNING FROM WORLDCOM: IMPLICATIONS FOR FRAUD DETECTION THROUGH CONTINUOUS ASSURANCE J. Randel Kuhn, Jr. University of Central Florida Steve G. Sutton University of Central Florida University of Melbourne