FAMILY OF FRAUD

THE FAMILY OF FRAUD AND THE CPA
"A WATCHDOG IF NOT A BLOODHOUND"

Copyright . James J. Rigos. All rights reserved.

Table of Contents

I. INTRODUCTION
II. AICPA STANDARDS
III. LEGAL AUTHORITY
IV. ILLEGAL ACTS
V. SAS 82 REVISIONS TO SAS 53 AND 54
VI. GOING CONCERN ASSUMPTIONS
VII. THIRD PARTY DISCLOSURES
VIII. MANAGEMENT'S RESPONSIBILITY TO REPORT
IX. RIGOS PROTECTIVE FORMS

I. INTRODUCTION

  A.  In General

  A CPA's training and expertise in the internal control structure of a business enterprise creates certain public expectations. These public expectations have led the courts to recognize that a CPA has an affirmative duty to discover circumstances which relate to the "family of fraud". This includes illegal acts and insolvency circumstances that might indicate the enterprise is violating the going concern assumption. Financial fraud, particularly employee embezzlement, is frequently a related problem where we are held to an even higher standard. When financial fraud is found to have existed in the enterprise; the question always is "where was the CPA?" This is responsive to the public expectation that CPAs should be watchdogs if not bloodhounds.

  B.  Expectation Gap

  The AICPA in the mid 1980s was one of the first accounting organizations to address the "expectation gap". This "gap" is the difference between our professional standards and what the public expects from CPAs. Court decisions also drove the realization that auditing standards in these areas had to be raised and that practitioners be made aware of the risks. The AICPA's Statements on Auditing Standards create higher standards in three significant fraud related areas. Many authorities attribute claims developing from one or more members of the family of fraud to be the largest dollar source of litigation against small to medium sized CPA firms.

  C.  Financial Fraud Legislative Bills

      1.  1995 Reform Act: The above controversy is not over. The AICPA, "Big 6" firms, and high-tech companies lobbied the U. S. Congress to pass a family of federal bills to "reform the abuses in litigation" concerning class action lawsuits filed under the 1933 and 1934 SEC Acts. The Private Securities Litigation Reform Act of 1995 (H.R. 1058) passed both houses of Congress in November 1995. The bill eliminates joint and several liability unless the plaintiff can prove the CPA committed fraud and allows courts to award fees and costs for frivolous or meritless suits. It would also immunize forward-looking statements from liability, such as earning projections, that later prove to be wrong. The significant risks have to be disclosed to gain this protection.

      2.  Wyden Bill: There was a another provision enacted into law with the Securities Litigation Reform bill that has received much less attention. This is the much-masticated Wyden bill, named after Sen. Ron Wyden (D.-Ore.) who has been introducing portions of it in the House since the COSO release. Wyden (and others in Congress) were reacting to high-profile instances of CPA firms allegedly rubber-stamping questionable financial statements in the 1980s and escaping any meaningful professional discipline.

      3.  Illegal Acts: The Wyden bill requires auditors to perform sufficient procedures to provide "reasonable assurance of detecting illegal acts". Illegal acts are intended to include SAS 82 management fraud. If management refuses to report same to the SEC within one business day, the auditor must. Wyden thus places an affirmative duty on the auditor to "bark" at least to the SEC. The SEC has established a Public Auditing Disciplinary Board partially independent of the accounting organizations. Some expect media-focused public discipline for serious cases where the CPA should have known the client was "cooking the books". The Government is now involved in the fraud and illegal acts standard setting process which has been jealously monopolized by AICPA and FASB.

      4.  Public Interest: The controversy concerning the above legislation is indicative of a deeper trend. Many see the ideal outside auditor as a representative of the public. Indeed, the "P" in CPA stands for "public". This view is that the auditor's overall duty to the public capital markets must supersede the confidentiality relationship to a client when the auditor uncovers serious fraud or illegal acts. Senator John Kerry (D.-Mass.) during the 1995 Congressional hearings, used the word "police" when describing CPAs and the audit function. His view is that a certified opinion should include a "description of the integrity of the company's management". His question is "what value is an audit certifying that GAAP presentation has been consistently followed if the underlying numbers are fraudulent?"

  D.  Contributory Negligence

  A big and unique problem is that the contributory negligence of the client is not usually allowed as an offset to a CPA's failure to detect fraud. The rationale supporting this rule is that the CPA has such a high degree of expertise and knowledge in financial and internal control structure matters that he should have been aware of any major control weaknesses. The CPA was in the best position to improve the internal control and therefore the weakness is not primarily the fault of the client. This rationale, combined with the non-proportionality of joint and several liability means the CPA can be held liable for 100% of the fraud damages even though only 10% at fault.

II. AICPA STANDARDS

  SAS 53 and 54 are supplemented and partially superseded by SAS 82 in 1998; the new provisions blend the distinction between fraud and illegal acts. Analytically it is useful to consider them separately and integrate the going-concern assumption covered by SAS 59.

  A.  Statement on Auditing Standard 53

      1.  Reasonable Assurances: The audit must be designed to provide reasonable assurances that any material errors and irregularities will be detected. This includes intentional or unintentional misstatement (falsification, alteration or manipulation) by management or omissions. Misappropriation of assets (embezzlement) by employees is also covered under the standard. SAS 53 requires CPAs to adopt an attitude of professional skepticism in planning the audit; this creates the watchdog role. CPAs who fail to detect material fraud need to be able to demonstrate that their engagement planning, performance and judgment were reasonable. This demonstration is accomplished through written documentation in the work papers.

      2.  Report Internally: In addition, the Standard requires such discoveries to be reported to the client's audit committee. The auditor is to consider whether the financial statements are materially affected by an irregularity. If they are and the client refuses to make the revision, the auditor should withdraw. Disclosure of irregularities to parties other than the client's senior management and audit committee is not required. Indeed, paragraph 29 states that disclosure to third parties is a violation of the ethical and legal obligation of confidentiality unless there is an affirmative legal duty such as an SEC registered client. This prohibition is designed to promote full, honest, and candid disclosure between the CPA and the client. This is a complex area with conflicting decisions and the auditor may find it useful to consult with legal counsel.

  B.  Statement on Auditing Standard 54

      1.  Affirmative Duty: SAS 54 creates an affirmative duty of the auditor to detect client-originated illegal acts that have a material effect on the financial statements. This duty relates more to financing and accounting aspects than operating areas. This Standard refers to violations of laws or government regulations and directs the auditor to understand those that apply to the entity. The question of whether an act is, in fact, illegal may be beyond the auditor's professional competence. This determination would generally be based on the advice of an informed expert qualified to practice law in the jurisdiction. The Standard does not address whether the auditor should retain counsel to make this evaluation or can rely upon the opinion of the client's attorney.

      2.Qualitative and Quantitative Factors: The auditor should consider both the quantitative and qualitative materiality of the illegal act. The auditor should also evaluate the adequacy of disclosure in the financial statements. Financial statement disclosure is required if material revenue or earnings are derived from the illegal act or it creates a risk of loss of a significant business relationship. The illegal act must also be communicated to the audit committee; there is a suggestion to consult with legal counsel. The communication may be oral but should be documented in the working papers. When was the communication made, who was there, and what was said should be detailed. If very high risk, withdrawal should be considered.

      3.  External Disclosure: Disclosure of illegal acts to other than the audit committee is not required. Paragraph 23 again states the principle that disclosure to third parties is a violation of the auditor's ethical and legal obligations of confidentiality unless it is an affirmative duty, such as to the SEC on Form 8-K or in response to a successor CPA's inquiry.

      4.  Legal Problem: Both these AICPA Standards are negative about disclosure where there is no affirmative duty. That is because a CPA is a fiduciary and under a duty to keep secret a client's confidences. In Wagenheim v. Alexander Grant, 482 N.E.2d 955 (Ohio App. 1983), the plaintiff-client handled payroll check preparation and related tax deposits for various companies a number of whom were also clients of the CPA firm. It came to the CPA's attention that the plaintiff was $150,000 short in their own cash accounts and was using their customers' cash advances as working capital. The CPA requested that the plaintiff disclose the cash flow problem to its customers. When they refused, the CPA notified all of their mutual clients and advised them not to send additional payroll funds to the plaintiff. The Court held this constituted a breach of the confidentiality standard creating liability for the CPA firm.

      5.  Whistleblowing: A few decisions have held a CPA liable for not making disclosure of client's secrets when the effect is to allow a criminal wrongdoing to continue. For most civil disputes, the courts have followed the AICPA's posture against disclosure where there is not a previously issued financial statement. Farlow v. Peat, Marwick & Mitchell, 956 F.2d 982 (10th Cir. 1992) held that there was no duty to whistleblow to potential investors lacking a fiduciary relationship with the CPA firm.

      6.  Uncertainty: On the other hand, some decisions have held the CPA liable for not making disclosure of client secrets when the effect is to allow a wrongdoing to continue. See, for example, Funds of Funds v. Arthur Andersen, 545 F. Supp. 1314 (S.D.N.Y. 1982) which resulted in an $80.7 million verdict against the auditor. The basis was that the CPA allegedly failed to directly or through financial statement disclosure reveal that one client had defrauded another. This tension between professional standards and the public interest expressed by Judges and Juries has no easy solution.

  C.  Statement on Auditing Standard 59

  GAAP and the historical cost-based valuation method assume the enterprise is a "going concern".

      1.  Going-Concern Assumption: SAS 59 requires the auditor to evaluate whether there is a substantial doubt the enterprise will be in business a year hence. SSAR 7 applies this going-concern question to reviews and compilations. If serious insolvency warnings exist, the CPA should inquire about management's plans to correct the situation.

      2.  Insufficient Evidence by Management: If the correction plans are insufficient, the CPA should make disclosure in the financial statements including an additional final paragraph in the opinion to reflect this concern. If management will not approve sufficient disclosures, the auditor should issue either a qualified or an adverse opinion. In extreme cases, the enterprise's assets should be restated to liquidation values.

      3.  Litigation Risks: If the client is forced to seek protection from their creditors in the bankruptcy courts, an injured party may argue SAS 59 was violated a year earlier and that the CPA's opinion should have disclosed same. Many of the Savings and Loan lawsuits against accountants are bottomed upon a going concern assumption violation.

  D.  Statement on Auditing Standards 60 and 71

  SAS 60 establishes an affirmative duty on a CPA to inform the audit committee of "reportable conditions" relating to internal control defects.

1. Interim Statements: SAS 71 extends this requirement to interim financial statements. Therefore significant deficiencies in the design or operation of the internal control structure must be investigated and reported. There is no requirement that this report be written but it should be thoroughly documented in the working papers. Notice that this duty is independent of any duty to discover past fraud.

      2.  Third-Party Duty: Again, there is no duty to report such internal control defects to third parties. Monroe v. Hughes, 31 F.3rd 772 (9th Cir. 1994) held that even if the alleged "reportable condition" was a "material weakness" the auditor was not required to do anything more than report the situation to management and the audit committee. Thus SAS 60 follows the SAS 53 and 54 standard of not requiring the auditor to become a "whistle blower".

III. FRAUD DISCOVERY NEGLIGENCE

  A.  Elements of Negligence

  The plaintiff has the burden of proof on each of the four required elements. Therefore, the CPA only has to prevail on one element to escape liability.

      1.  A Legal Duty: A CPA is under a legal duty to exercise reasonable or "due" care. A CPA's normal professional skill and examination procedures are the proper fraud detection standard. The question is whether the defendant acted as a reasonably prudent CPA under the circumstances. A few states hold a CPA to his profession's standard of conduct in the defendant's local community; most states now use a national standard which usually starts by examining the official pronouncements of the AICPA.

        a.   GAAP and GAAS: Expert opinion regarding generally accepted auditing standards (GAAS) and generally accepted accounting principles (GAAP) will establish the negligence criteria for the jury. But "generally accepted" implies that a principle may not be "universally accepted"; it all depends on the circumstances. See Halvorson v. Sooy, 99 Or. App. 255, 782 P.2d 161, 163 (1989) which held accounting standards involve expertise beyond a layman's understanding thus requiring expert testimony and opinion. A practitioner may deviate from GAAP if he can demonstrate that following GAAP would result in a misleading presentation; this shifts the burden of proof.

        b.   Expert Testimony: The Halvorson case distinguished between an expert testifying he "might" have performed differently and one who testified a reasonable CPA "would" have performed differently. The plaintiff's expert CPA testified that the defendant's allegedly negligent tax advice should have been written and if the defendant had done more thorough research, the advice might not have been given. The opinion said that this was inadequate to establish the standard. To prevail the plaintiff's expert must testify that the defendant "should" have done it differently. Id at 163.

        c.   Accounting Standards Not Controlling: AICPA standards comprise only one bit of evidence. Because they are not developed by the courts or legislature these standards are not controlling. The Judge is not required to give a jury instruction that adherence to AICPA standards precludes negligence. See Maduff Mortgage Corp. v. Deloitte, Haskins & Sells, 98 Or. App. 497, 779 P.2d 1083, 1086 (1989). On the other hand, a violation of standards is only some evidence of negligence, it is not conclusive. See Mishkin v. Peat, Marwick, Mitchell & Co., 744 F. Supp. 531, headnote 4 at 532 and 543-44 (S.D.N.Y. 1990). Similarly, the firm's internal manuals, checklists, and testing programs are considered to be relevant to the question of the standard to be applied. See Bily v. Arthur Young & Co., 271 Cal. Rptr. 470 headnote 4 at 470 and 487-88 (Cal. App. 6th Dist. 1993).

      2.  Breach: Breach of duty or failure to conform to the required standard is the second element. The basic question involves a comparison of the required standard with performance as rendered. If the CPA's performance was substantially deficient, the breach element is met. Breach may be shown by direct evidence of specific acts or omissions or by circumstantial evidence. The doctrine of "res ipsa loquitur" may impute liability where the damages would not ordinarily occur in the absence of a reasonable CPA's negligence. National Surety Co. v. Lybrand, 256 App. Div. 226 (N. Y., 1939) held that it was a jury question whether the obvious practice of "lapping" and "kiting" checks should have put the CPAs upon inquiry as to possible defalcations; circumstantial evidence was sufficient supported by expert opinion testimony.

      3.  Causation: Casual relationship between the CPA's conduct (or lack of conduct) and the resulting damages is the third element.

        a.  Test: The plaintiff must rely upon the CPA's professional work and make two showings. First, that "but for" the defendant's lack of reasonable care, the damages would not have resulted. Second, that the legal principle of "proximate cause" is met. A proximate cause cannot be too remote or indirect, and the causal chain cannot be broken by new independent causes which intervene unexpectedly. This element is met if a business person testifies that they would have made better decisions had they had the proper information.

        b.   Case Authority: See Touche Ross v. Commercial Union Insurance, 514 So.2d 315 (Miss., 1987) which held that the criminal conduct of a bank's president which began four months after the opinion was issued was an unforeseeable intervening cause which broke the casual connection between the auditors' (alleged) negligence and losses sustained by the bank's insurer. Burton v. Mackey, 104 Or. App. 361, 801 P.2d 865 (1990) was a case arising after the seller of a business was successfully sued by the buyer for fraud. The seller then sued his CPA who had prepared the financial statements given to the buyer. The Court held that even if the CPA was negligent, that negligence did not cause the seller's fraud. The fraud was caused by the information the seller generated and knew to be false when he presented the financial statements to the buyer.

      4.  Damages: Damages must be present and material. Nominal damages are not sufficient, and it should have been foreseeable by a reasonable CPA in the position of the defendant that such harm would flow from the breach of duty. Consequential damages, such as a loss of an entire business, may be recovered if it was foreseeable they would occur as a consequence of the negligent conduct.

        a.   But For Test: Recoverable damages must have been avoidable "but for" the CPA's negligence. Therefore fraud embezzlement losses occurring before the CPA's engagement are not generally recoverable because they could not have been avoided. Note, however, that if the plaintiff can prove the CPA's past association with the internal control system was such that they knew (or should have known) of the inherent weakness there could still be a recovery. This is especially the case if the CPA designed, installed and monitored the defective internal control system.

        b.  Certainty Required: Damages must be proven to a reasonable degree of certainty. See Olson, Claugh and Straumann, CPAs v. Trayne Properties, Inc., 392 N.W. 2d 2 (Minn., 1986) in which the client claimed as damages the loss of business, commission revenue and damage to its reputation. These damages were purportedly suffered when the accountants withdrew because the fee was not paid; they left uncompleted a number of their assignments. The CPAs refused to continue until they were paid but failed to tender a written withdrawal. The Court held that the client's proof of loss, grounded on hearsay and on the opinion of one employee, was inadequate. Therefore the damages were too speculative and not calculable to the required reasonable degree of certainty. Id at 4.

  B.  Contributory Negligence

      1.  State Statute: Most states have statutes which provide that contributory negligence will not bar recovery in tort, but any damages recovered will be reduced proportionally by the percentage of fault of the receiving party.

      2.  Partial Defense Against Client: A representation letter may be helpful in proving that the client's fraud damages should be subject to an offset. The CPA has the burden to prove the client was negligent and thus should not recover the full amount of the damages.

        a.  Lincoln Grain: See Lincoln Grain, Inc. v. Coopers and Lybrand, 345 N.W. 2d 300 (Neb., 1984) which held the jury assumption of the risk (a complete bar to recovery) instruction was in error. Any client contributory fault was only a partial defense even if it substantially contributed to the CPA's failure to perform. However, the trial court erred in excluding from evidence the CPA's report which reflected there were no internal control problems within the client's organization.

        b.  Halla: See also Halla v. Baumann, 454 N.W. 2d 905, (Minn., 1990) which found plaintiffs 80% at fault for failing to establish internal financial controls to protect the company from internal embezzlement after receiving an express warning by the CPA.

      3.  Contrary View: The courts have not usually allowed an offset where the negligence was related to fraud prevention and discovery. The theory is that a CPA has a much superior expertise and knowledge of internal control structure than most clients who are not aware of or understand the risks involved. Perhaps the CPA should have told the client the internal control system was deficient. Absent explicit directions for improvement, a CPA may remain fully liable even though the client failed to exercise due care to protect themselves.

        a.  Garnac: Garnac Grain v. Blakley, 932 F.2d 1563 (1984) reversed a lower court decision; the opinion held that the fraud discovery malpractice case should not have been dismissed on summary judgment. The client's comparative negligence does not apply to diminish the damages resulting from the CPA's failure to detect employees' embezzlements. The Court's opinion emphasized that this was not a physical damage case but rather involved financial matters in which the CPA was an expert.

        b.  Fullmer: Fullmer v. Wohlfeiler & Beck, 905 F.2d 1394 (10th Cir. 1990) held the client's negligence is only a defense or offset if it substantially contributed to the CPA's failure to perform or the client furnished the CPA inaccurate information. This suggests that a client representation letter that contained incomplete, inaccurate and/or wrong statements about the internal control structure might qualify. The offset has to go the CPA's work itself and impede or distract the ability to perform properly and discover the fraud.

        c.  Howard: Howard Street Jewelers, Inc. v. Wegad, 589 A.2d 1285 (Md. App. 1991) was a case in which the jury found for the CPA. On appeal, the court reversed the jury verdict that the client was contributorily negligent in a cash embezzlement situation. The client's case was based upon the CPA's failure to suggest how the source of the cash shortages could be discovered. The CPA argued that the damages were caused by the client's own failure to act on information it knew independently. The opinion held that contributory negligence does not apply to accountant's negligence if the client justifiably relied upon the CPA's knowledge and skills. The CPA is an expert in financial and accounting control systems; that is why business enterprises hire CPAs.

        d.  Howard: On appeal at 605 A.2d 123 (Md. App. 1992) the Court of Appeals of Maryland reversed the Court of Special Appeals and reinstated the jury verdict. While the opinion agreed that there is rarely contributory negligence in a CPA's fraud discovery duty, the extreme facts of this case warrant an exception. The CPA had warned the client that there were unexplained cash shortages and that the employees could be stealing from the business. The client ignored these warnings and the red flags of the cashier setting aside sales tickets and purchasing luxuries beyond her financial means. The client's wife also warned her husband and son who worked in the business that she thought the cashier was stealing; the husband and son dismissed the wife's instincts as "paranoid".

      4.  Safe Harbor: There is one set of facts under which the courts are realizing the auditor's ability to find fraud is inherently limited. Where the fraud was committed by management for the corporation's benefit (as opposed to fraud committed strictly for personal gain), the auditor has an absolute defense against the client or its successor-in-interest.

        a.  Crazy Eddie: In re Crazy Eddie Securities Litigation, 802 F. Supp. 804 (E.D.N.Y. 1992) involved management preparing false inventory records and sales entries which were then submitted to the auditor. This same fraudulent information was also submitted by the company to the SEC. Crazy Eddie subsequently went bankrupt and the bankruptcy trustee brought suit against Peat Marwick for negligence in failing to discover the fraud. The holding was that the officers' actions on behalf of the corporation imputes the fraud to the corporation so that it (or its successor in interest - the bankruptcy trustee) is barred from later bringing a claim. Id at 817-18.

        b.  Seidman: Similarly, Seidman & Seidman v. Gee, 625 So.2d 1 (1992) reversed a $16 million dollar jury verdict for the bankrupt trustee. The opinion held the corporate officer's fraud was imputed to the corporation because it benefited the corporation.

  C.  Unaudited Case Authority

  The standards of Statement on Standards for Accounting and Review Services (SSARS) require a CPA to gain an understanding of the client, their business, and the practices of the industry. While this is a lower threshold than the SAS standards discussed above, it certainly is not a safe harbor. In addition, CPAs involved in these levels of service often function as quasi-comptrollers for their clients. Accountants who install, operate and monitor the financial internal control structure of a business can be liable if their system was used for employee embezzlement. An analogy is the Uniform Commercial Code provisions under which design defects create strict liability while manufacturing defects require the plaintiff to prove negligence.

      1.  Blakely: Blakely v. Lisac, 357 F. Supp 255 (USDC, Or., 1972) stated "even when performing write-up, an accountant is under a duty to undertake at least a minimal investigation into the figures supplied to him. He is not free to disregard suspicious circumstances". Id at 266.

      2.  Wooler: Robert Wooler v. Touche Ross CPAs, 479 A.2d 1027 (1984) is a case in which the CPA's fraud prevention and detection duty is directly explored. In Wooler the accountants were performing unaudited services and failed to detect employee based embezzlements. The fraud should have been obvious due to the lack of effective internal controls. The opinion discusses the normal checklists expected to be found in an accountant's working papers which specify steps to be followed that might lead a reasonable accountant to conclude there were "suspicious circumstances". Suspicious circumstances must be investigated. Id at 1033.

      3.  Bluefield: Bluefield v. Crawford, 386 S.E.2d 310 (1989) is another case which addressed the liability of a CPA to prevent and detect employee-based financial fraud in an unaudited engagement. The opinion concludes that if an accountant discovers a materially "false matter" in the clients' books and fails to disclose it, there may be liability. Id at 315. In these cases the CPA is in the best position to detect "suspicious circumstances and red flags". While CPAs are not expected to be bloodhounds they are expected to be watchdogs, especially when they have substantial past association with the internal control structure of the enterprise.

      4.  Griffith: See Griffith Motors, Inc. v. Parker, 633 S.W.2d 319 (Tenn. App. 1982) in which the CPA was held liable for failing to detect a check-kiting scheme. The CPA's defense was that it was only a tax preparation engagement and not a reporting engagement. There was no other financial statement prepared and no engagement letter clarifying the nature and limitations of the work.

      5.  Own System: Accountants who install, operate and monitor the financial internal control structure of a business can be liable if their system was used for employee embezzlement. The longer the relationship, the more likely the liability.

  D.  Red Flags and Danger Signals / Management Fraud

  It is difficult to list all the ways that management can use to "cook the books". Review all unusual period-end closing entries and analyze all material related party transactions. Uncooperative personnel is always suspect; domination by a single person or small group without oversight is often present. Look for a high turnover of senior management. An overly complex organizational structure or missing or only photocopied documents are always suspect. In particular, look for:

      1.  In General:

        a.  External Conditions: External factors indicating high risk include a high degree of competition driving lower margins, a declining or rapidly changing industry, or new accounting, statutory, or regulatory requirements.

        b.  Internal Conditions: Certain internal conditions may indicate that management fraud has a higher than normal chance of occurring.

          (1)  Need to maintain stock prices or earnings.

          (2)  Potential merger or sale requires a given financial position.

          (3)  Management's compensation (or large bonus) requires a given financial position.

          (4)  Management commits to unduly aggressive or clearly unrealistic targets.

          (5)  Material related-party transactions.

          (6)  Access denied to certain documents, vendors, and customers.

          (7)  Company frequently changes banks.

          (8)  Company has new "equity" that is in fact debt.

      2.  Revenue Acceleration: Management may accelerate revenue from the next period to increase current period earnings.

        a.  Cut-off testing may be used to examine shipping documents and ending inventory; were any pre- or postdated?

        b.  Look for large sales transactions which may be fictitious.

        c.  Are there side agreements on sales such as a right of return that require recognition?

        d.  Have all return sales been recorded?

      3.  Expense Deferral: Similarly, management may increase period earnings by understating expenses.

        a.  Look at the vendor invoice date and compare that to when it was posted in the purchase journal.

        b.  Again it may be useful to look for such items in ending inventory.

      4.  Large Receivables: Are these real receivables and are they collectible?

        a.  Are receivables camouflaging questionable related party transactions?

        b.  Are the confirmations real and reliable; collusion is always possible? Perhaps use other verification techniques. Personal contact with the customer may be helpful.

        c.  Was there subsequent collection of the receivable?

      5.  Large Inventory: The larger the amount of inventory as a percentage of current assets, the higher the risk.

        a.  Is the client's physical count accurate? You should do more than "observe" the count. Try surprise visits on an unannounced basis.

        b.  Are there obsolete or dated items which should be written off?

        c.  Be on the alert for double counting such as inventory in transit or at multiple locations.

        d.  Is the valuation real? Compare to prices on recent invoices from vendors.

      6.  Long-Term Contracts: Both revenue and expense must be examined.

        a.  The revenue side of percentage of completion contracts can be accelerated to disguise operating losses.

        b.  Perhaps independently verify the client's estimates.

        c.  Look also for manipulation in multiple contracts with the same customer.

      7.  Self-Constructed Assets: Capitalized period expenses may be used to disguise an operating loss.

        a.  Have other than direct expenses been capitalized?

        b.  How much overhead is included?

        c.  Is there full value to the asset?

        d.  Has depreciation on other fixed assets been understated?

      8.  Inventory Valuation: Similarly, inventory allocations such as the amount of overhead charged to work-in-process can be used to manipulate cost of goods sold.

        a.  Look for inventory shortages not reflected in the ending accounts.

        b.  Changes in allocation methods or percentages are also suspect.

      9.  No Code of Ethics: Almost all companies now have a mission statement and a Code of Conduct.

        a.  The lack of same may be a red flag and danger signal of a questionable client.

        b.  Offer to create one as an Agreed-on engagement.

  E.  Red Flags and Danger Signals / Employee Embezzlements

  It is difficult to list all the ways employees may embezzle; thieves can be very creative in camouflaging their crimes. Generally, small misappropriation of assets get bigger and the employee is able to intellectually justify the illegal actions to themselves. Cash is usually the asset converted. Often embezzlers have a history of dishonesty that would have been discovered simply by checking references. But even trusted long-time employees may be involved. Some signs include:

      1.  Cost of Goods Sold Irregularities:

        a.  Analytical review producing cost of goods sold ratios significantly higher than industry average may indicate revenue evasion.

        b.  Erratic changes in this percentage may indicate that employee "skimming" is occurring especially in a retail business.

        c.  Inventory sold as scrap may not go through the normal process.

      2.  Receivables Manipulation:

        a.  Large past-due receivables may be a sign of embezzlement.

        b.  Excessive bad debt write-offs expense may be a signal of conversion of customer remittances.

        c.  Theft of payment of receivables which were previously written off.

      3.  Excessive Credit Memos:

        a.  Scrutinize accounts receivable subsidiary ledgers carefully; credit memos may be used to camouflage conversion of customer cash remittances.

        b.  Refunds may be inflated with the customer only receiving a portion.

        c.  Credit memos and/or refund checks should be authorized by non-accounting personnel.

      4.  Accounting Irregularities:

        a.  Too many accounting errors or reversing entries may be a bad sign.

        b.  Often employees involved in "lapping" or "kiting" make discovery by cut-off testing difficult by maintaining a back log of transactions to be posted.

        c.  Too many unusual journal entries may be suspect.

      5.  Internal Control Weak:

        a.  Segregation of asset custody, authorization, and recording is essential.

        b.  The processing of disbursements to "dummy vendors" and "phantom employees" is facilitated when there is inadequate disbursement oversight.

        c.  Are vendors' addresses the same as employees' or do two non-related employees have the same address?

        d.  Observe the distribution of employee checks to the individuals.

        e.  Are contracts competitively bid?

        f.  Purchase orders and segregation of duties between check preparation and signature authorization is prudent.

        g.  Is there any possibility vendors are "kicking back" some portion to the buyer?

      6.  Focus on Cash Custodians: Liquid assets ( especially cash and those easily converted to cash ( are more susceptible to theft than most other forms of assets.

        a.  Cash-handling personnel who have financial pressures, live above their means, do not take vacations, and/or never share their tasks are suspect.

        b.  Separate some part of cash custodians' duties. Someone else should reconcile the checking account.

        c.  The CPA should insist that all accounting employees be covered by fidelity bonding in a significant amount.

        d.  Review the personnel file to be sure the company performed a proper background and reference check.

        e.  The cash receipts custodian's duties should be regularly rotated.

        f.  Cash register personnel have the availability of a variety of methods to embezzle. Under-ringing sales, sweetheart sales to friends, fraudulent refunds are all possible. Look for patterns in cash overage and shortage. A good detective agency may be helpful.

      7.  Tone at the Top Weak: Ethics and moral standards of top management set the tone for the whole of the enterprise. Dishonesty flows downward and the line troops may feel justified in embezzlements if top management is also operating in gray or questionable areas.

        a.  A Code of Ethics institutionalizes standards and procedures which tend to promote an honest tone at the top.

        b.  Consider purchasing the Rigos CPE course Ethics for Corporate America and help your client prepare a mission statement and Code of Ethics.

IV. ILLEGAL ACTS

  Illegal acts are frequently related to the discovery of errors and irregularities.

  A.  Red Flags and Danger Signals

  The SAS 54 procedures are discussed above where the client has affirmatively violated a local, state or federal statute.

      1.  Troublesome Considerations: The CPA is advised to review the situation with counsel if the client's illegal act appears serious. Not only does this decision involve the interpretation of law, but a third party may subsequently take the position that the accountant was involved in the illegal act as a co-conspirator.

      2.  Red Flags and Danger Signals:

        a.  Unethical Practices: A top management structure lacking integrity may initiate or tolerate illegal acts.

        b.  Fines: Unusual fines or penalties should be investigated.

        c.  Legal Bills: Large legal bills with no detail listed on the invoices may be suspect.

        d.  Cash Transfers: Unusually large cash transactions may also be an indication that illegal activity is present.

  B.  Client - Third Party Lawsuits

  Clients who have suffered embezzlements, fraud, illegal acts or are at risk of a going concern assumption problem often are involved in litigation with third parties. The emphasis of the CPA thus turns to quantifying and reporting the liability and avoiding involvement.

      1.  FASB 5: FASB 5 addresses possible contingencies, claims and losses developing from litigation that will be resolved in the future. An auditor is required by FASB 5 to record as a liability a contingent risk if it is "reasonably probable" of assertion and material. If such a claim is not capable of reasonable estimation (and thus an accrual), it is considered a limitation on the scope of the audit; an unqualified opinion is not possible. If the claim is only "reasonably possible" of assertion (as opposed to probable) footnote disclosure may be adequate. If only "remotely possible" of assertion, no disclosure is required. The problem is that the American Bar Association's definition of these three terms does not exactly agree with FASB 5.

      2.  SAS 12: SAS 12 applies FASB 5 to litigation pending against a client. Management should send their outside counsel a letter directing the lawyer to correspond directly with the auditor. The letter should request a written statement of the dollar claim potential and degree of probability of an unfavorable outcome for all asserted lawsuits to which the lawyer has devoted substantial attention. This is required whenever there is reason to suspect client litigation such as significant fees paid to attorneys. However, judgment is required because an ongoing investigation is not yet an actual lawsuit. Some cases, such as Jenson v. Touche, 335 N.W.2d 720 (Minn. 1983) held that SAS 12 was not applicable until the suit is actually filed. This is also the ABA's position on an attorney's duty to disclose unasserted claims to the auditor.

      3.  Ever Expanding Boundaries: In Endo v. Albertine, 812 F. Supp. 1479 (Ill. 1993) the Court denied a motion to dismiss a claim in part against an auditor (and others). The suit alleged that the company's potential "Superfund" environmental liabilities were not disclosed. The opinion held that the absence of any disclosure of the probable $60 million dollar remediation claim in the offering prospectus and financial statements was a material omission creating potential liability. Id. at 1486-88. (The CPA was later dismissed on the basis of insufficient privity.)

      4.  Red Flags and Danger Signals: Even a client's statement in the representation letter that there are no lawsuits pending is not an absolute defense against a third party's suit.

        a.  Scrutinize carefully correspondence and invoices from lawyers.

        b.  Too many lawyers, each working on a different problem, may indicate trouble.

        c.  Be careful of ambiguous attorney's responses. In 1997, the AICPA issued AU 9337 which broadens the acceptable attorney's language not considered a scope limitation.

        d.  Under certain circumstances a prudent auditor might be advised to have his own attorney make an independent investigation of claims pending against a client.

  C.  Illegal Acts Defenses

  Public policy precludes clients from recovering damages when they are willful and knowing parties to the illegal acts. Many cases hold that damages flowing from illegal acts are not recoverable because to allow the client to recover for their own wrongdoing would be against public policy. In Dover v. Bacon, 859 S.W.2d 441 (Tex. App. 1993) the CPA prepared a client's tax return that failed to include a material item of income. After being convicted of tax evasion, the client sued the CPA. The Court held that even if the CPA was negligent, the client's knowing and willful participation in the illegal act barred a suit against the CPA. Id at 450-51.

  D.  Disclosure

  SAS 54 does not require disclosure of illegal acts to third parties. The court decisions agree. In Farlow v. Peat Marwick, 956 F.2d 982 (10th Cir. 1992), the holding was that there was no duty of disclosure "unless there was a fiduciary relationship with the third party...it is not the law that the CPA should blow the whistle on the client for the protection of the investors". Id at 988.

  E.  Indemnity Claim Potential

  There is one additional consideration for a CPA sued by a plaintiff alleging a SAS 54 violation. If the client's attorney authors an opinion letter to the CPA which states there are no illegal acts, and subsequently it turns up that there were, the CPA may have a claim against the attorney. The indemnity claim would be for any amount for which the CPA was held liable to the plaintiff.

      1.  Third Party Complaint: Procedurally, this would involve bringing a third party complaint against the attorney and asking for judgment in the event the CPA was held liable. Attorneys must begin to realize that CPAs are not allowed to practice law and have the right to rely upon an opinion letter from a client's attorney if it relates to their area of expertise.

      2.  Case Authority: Somers v. Gross v. Fackenthal, 574 A.2d 1056 (Pa. Sup. 1989) held that a CPA can sue the client's attorney for indemnity if the attorney was negligent in preparing an opinion letter upon which the CPA relied. The opinion letter was incomplete and exposed the CPA to loss. This was the same attorney who brought the lawsuit against the auditor on behalf of the plaintiff.

V. SAS 82 REVISIONS TO SAS 53 AND 54

  SAS 82 Consideration of Fraud in a Financial Statement Audit supersedes and expands the auditor's affirmative duty to obtain reasonable assurances under SAS 53 that the financial statements are free of material misstatements. The new pronouncement also supersedes portions of SAS 54 Illegal Acts. The new pronouncement is effective for fiscal years ending after December 15, 1997.

  A.  Three Categories of Risk Factors

  SAS 82 specifies that management' characteristics and influence over the control environment is the first risk factor category. The second factor is industry conditions involving the economy and the firm's regulatory environment. The client's operating characteristics and financial stability is the third factor. SAS 82 includes many of the red flags itemized above.

  B.  Fraud Risk Assessment and Documentation

  The CPA's professional skepticism must now specifically include a fraud risk assessment focused on the control risk factors of the client. If there is a heightened risk of fraud, tests of revenue recognition, verification of asset additions, etc., is affirmatively required. Evidence of the accountant's fraud assessment must be documented in the working papers. Significant risk factors, individually or in combination, should be itemized.

  C.  Separate Fraud Engagement

  This heightened responsibility would seem to further support the concept of charging an extra fee for a separate fraud investigation. Let the client decline to pay for this service.

  D.  Disclosure Requirements

  Disclosure to third parties may not be an ethical or legal confidentiality violation. The new pronouncement specifies governmental agencies noncompliance with funding requirements may be disclosed. Legal process and SAS 84 successor auditors communication duties may also justify disclosure. This is a complex problem and consultation with legal counsel may be appropriate.

VI. GOING-CONCERN ASSUMPTION

  Entities with SAS 53 and 54 (82) problems often wind up in bankruptcy. Investors who lose their money may look to the auditor for life after death to assuage their own poor judgment. CPAs may be pulled into such disputes.

  A.  SAS 59 Affirmative Duty

  A going-concern assumption violation requires an explanatory paragraph in the CPA's opinion letter. This applies if there is a substantial doubt whether the client enterprise will be in business a year hence. SAS 59 imposes an affirmative duty on the auditor to investigate any substantial insolvency factors affecting the client. This is no longer optional.

  B.  Red Flags and Danger Signals

  Auditors should not ignore SAS 59 red flags and danger signs.

      1.  Poor Liquidity: Insolvency warnings may include recurring operating losses, working capital deficiencies, and low liquidity.

      2.  Liabilities: Severely delinquent payables, obligation defaults, and foreclosure proceedings may also indicate a going-concern problem.

      3.  Litigation: These insolvency factors are often accompanied by litigation.

      4.  External Factors: Adverse industry and competitive conditions may indicate trouble.

  C.  Mitigating Circumstances

  Mitigating factors and management plans may offset a bad situation, but the CPA disregards such a situation at his peril. Mitigating circumstances should be meticulously recorded in the working papers. The matter is to be ultimately determined one year hence. The difficulty is that a SAS 59 opinion may make the prophesy self-fulfilling. This is not a quantitative decision; it involves professional judgment.

  D.  Opinion Disclosure

  If the insolvency is serious, add the AICPA recommended explanatory paragraph to your opinion letter. Footnotes may also be referred to in the going-concern paragraph which should use the term "substantial doubt." See Drabkin v. Alexander Grant, 905 F.2d 453 (D.C. Cir. 1990) which held a "going concern" qualification satisfied the SAS 59 disclosure requirement. The explanatory paragraph was an adequate warning and it was not necessary to give every detail of the threatening insolvency.

  E.  Asset Impairment Problems

  The "going-concern" qualification may no longer be sufficient disclosure under FASB 121. If there is substantial doubt about the enterprise's ability to continue as a going-concern, the auditor should be sensitive to assessing the recoverability of long-term assets. If the estimated future cash flows from the asset are less than the carrying value, the historical carrying value of assets should be written down to fair value less any related costs.

VII. THIRD PARTY DISCLOSURE

  SAS 53 and 54 authorize disclosure to management or the audit committee if senior management is involved. Third party disclosure absent an affirmative fiduciary duty is prohibited by the obligation of confidentiality. SAS 82 continues this "watchdog that does not bark" concept which puts client duty over public duty. SAS 82 does authorize limited external disclosure including responses to a successor auditor. Disclosure of a client's fraud or illegal act to a governmental agency or the SEC is also authorized under certain circumstances.

  A.  Subsequent Discovery

      1.  Previously Issued Statement: If misleading financial statements have been issued, the consequences of non-disclosure to relying third parties may substantially exceed the client-generated consequences of disclosure. AICPA AU Section 561 covers the subsequent discovery of facts existing at the date of the auditor's report. It applies when the auditor becomes aware of material errors in a previously issued financial statement and knows third parties are relying.

      2.  Internal Request to Disclose: The procedure is to request management to make disclosure to such third parties. If the client refuses, the disclosure request is to be made to each and every member of the audit committee and the Board of Directors.

      3.  Auditor Notification Authorized: If the client still refuses to notify relying third parties, Section .08 authorizes the auditor to notify such third parties directly. This would only apply to a very serious situation rendering misleading the previous financial statements. Such notification should be carefully packaged and not contain unnecessary client confidences. An attorney should be consulted. U.S. v. Natelli, 527 F.2d 311 (2nd Cir. 1975) held that a CPA's failure to notify relying third parties of the correction of material misstatements in prior audited financial statements was both a civil and a criminal offense.

  B.  Publication Danger

  Publication of client-related information should only be done with the advice of counsel because the client may sue for defamation, libel, slander, emotional distress, outrage, invasion of privacy, loss of reputation, interference with a business expectancy, etc. The progressive insurance policies do cover these torts; some carriers may not provide this type of protection for accountants. Responsible insurance carriers realize that public accounting must be responsive to the public interest and that there are a few circumstances where you must take the "high road". This is the time to stand behind our CPAs and help you "fight the good fight".

VIII. MANAGEMENT'S RESPONSIBILITY TO REPORT

  SAS 55, 78, and COSO make it clear that an enterprise's internal control structure is the responsibility of management.

  A.  Shareholders' Report

  It may be useful to require the client to include in the annual shareholders' report a statement specifying management's stewardship of the enterprise's internal control structure. If this is not possible, there should be a statement in the client representation letter that management assumes the responsibility for the internal control structure.

  B.  CPA Opinion

  A good idea is to create two parts to the opinion letter contained in the annual report of Independent Public Accountants. One part should address management's assertions in the financial statements. The second part could address management's assertion that they maintain an effective internal control system over safeguarding of assets against unauthorized acquisition, use, or disposition. This will clarify that the responsibility for establishing and maintaining the internal control structure is management's ( not the external auditor's.

IX. RIGOS PROTECTIVE FORMS

  Rigos has protective legal forms on a computer template which a CPA may use to minimize their liability for undetected fraud. Contact our office to purchase same by e-mail at rigos@rigos.net.

e-mail: rigos@rigos.net