WinterSeminar 22January2015 - AGA Boston Chapter ·...
Transcript of WinterSeminar 22January2015 - AGA Boston Chapter ·...
DAVID L. COTTON, CPA, CFE, CGFM COTTON & COMPANY LLP CHAIRMAN
Dave Cotton is chairman of Cotton & Company LLP, Certified Public Accountants. Cotton & Company is headquartered in Alexandria, Virginia. The firm was founded in 1981 and has a practice concentration in assisting Federal and State government agencies, inspectors general, and government grantees and contractors with a variety of government program-‐related assurance and advisory services. Cotton & Company has performed grant and contract, indirect cost rate, financial statement, financial related, and performance audits for more than two dozen Federal inspectors general as well as numerous other Federal and State agencies and programs. Cotton & Company’s Federal agency audit clients have included the U.S. Government Accountability Office, the U.S. Navy, the U.S. House of Representatives, the U.S. Capitol Police, the U.S. Small Business Administration, the U.S. Bureau of Prisons, the Millennium Challenge Corporation, the U.S. Marshals Service, and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Cotton & Company also assists numerous Federal agencies in preparing financial statements and improving financial management, accounting, and internal control systems. Dave received a BS in mechanical engineering (1971) and an MBA in management science and labor relations (1972) from Lehigh University in Bethlehem, PA. He also pursued graduate studies in accounting and auditing at the University of Chicago, Graduate School of Business (1977 to 1978). He is a Certified Public Accountant (CPA), Certified Fraud Examiner (CFE), and Certified Government Financial Manager (CGFM). Dave served on the Advisory Council on Government Auditing Standards (the Council advises the United States Comptroller General on promulgation of Government Auditing Standards—GAO’s yellow book) from 2006 to 2009. He served on the Institute of Internal Auditors (IIA) Anti-‐Fraud Programs and Controls Task Force and co-‐authored Managing the Business Risk of Fraud: A Practical Guide. He served on the American Institute of CPAs Anti-‐Fraud Task Force and co-‐authored Management Override: The Achilles Heel of Fraud Prevention. He is the past-‐chairman of the AICPA Federal Accounting and Auditing Subcommittee and has served on the AICPA Governmental Account-‐ing and Auditing Committee and the Government Technical Standards Subcommittee of the AICPA Professional Ethics Executive Committee. He authored the AICPA’s 8-‐hour continuing professional education course, Joint and Indirect Cost Allocations—How to Prepare and Audit Them. He is presently serving on the AICPA’s Performance Audit Standards Task Force and the Fraud Risk Guide Task Force, sponsored by COSO and the ACFE. Dave served on the board of the Virginia Society of Certified Public Accountants (VSCPA) and on the VSCPA Litigation Services Committee, Professional Ethics Committee, Quality Review Committee, and Governmental Accounting and Auditing Committee. He is member of the Greater Washington Society of CPAs (GWSCPA). He is a member of the Association of Government Accountants (AGA) and past-‐advisory board chairman and past-‐president of the AGA Northern Virginia Chapter. He is also a member of the Institute of Internal Auditors and the Association of Certified Fraud Examiners.
Dave has testified as an expert in governmental accounting, auditing, and fraud issues before the United States Court of Federal Claims and other administrative and judicial bodies. Dave has spoken frequently on cost accounting, professional ethics, and auditors’ fraud detection responsibilities under SAS 99, Consideration of Fraud in a Financial Statement Audit. He has been an instructor for the George Washington University masters of accountancy program (Fraud Examination and Forensic Accounting), and instructs for the George Mason University Small Business Development Center (Fundamentals of Accounting for Government Contracts). Dave was the recipient of the AGA’s 2006 Barr Award (“to recognize the cumulative achievements of private sector individuals who throughout their careers have served as a role model for others and who have consistently exhibited the highest personal and professional standards”) as well as AGA’s 2012 Educator Award (“to recognize individuals who have made significant contributions to the education and training of government financial managers”).
dco$on@co$oncpa.com 1
Winter Seminar 22 January 2015
Using CAATs to Find Fraud
◆ Perspectives ◆ What are CAATs? ◆ Data Analysis Techniques using IDEA
and ACL ◆ A Generic Approach to Data Analysis ◆ Benford’s Law ◆ Does It Work?
Perspectives
◆ Marwick, Mitchell & Company--1908 audit of the Northern Shoe Company of Duluth, Minnesota
dco$on@co$oncpa.com 2
Winter Seminar 22 January 2015
Ten Reasons Why My 1967 Computer Is Better Than Any Computer Made Today
10. Came preloaded with all the software needed 9. Doesn’t need a power cord or batteries 8. Has unlimited RAM and storage 7. Has never needed an upgrade 6. Was fully Y2K compliant, even in 1967
Ten Reasons Why My 1967 Computer Is Better Than Any Computer Made Today
5. Can be used on airplanes during take-off and landing
4. Has never needed to be returned for service 3. Doesn’t need a mouse, keyboard, or external
monitor 2. Bill Gates has not derived, does not derive, and
will not derive any revenue from it
1. Has never said “This program has performed an illegal operation and will be closed.”
dco$on@co$oncpa.com 3
Winter Seminar 22 January 2015
What Are CAATs? ◆ Computer-based tools that permit auditors to
increase their personal productivity as well as that of the audit function. [CAATTs & Other BEASTS for Auditors, by David G. Coderre; 1998, Global Audit Publications]
◆ The power of CAATs: The U.S. Department of Redundancy Department has 135,000 employees. How long would it take auditors to manually search payroll records to identify duplicate payments by searching based on duplicate social security numbers?
Types of CAATs ◆ Word processing ◆ Spreadsheet ◆ Database ◆ Statistical sampling ◆ Data mining ◆ Real time testing programs (continuous
auditing) ◆ Integrated audit software ◆ Data analysis ◆ Benford’s Law
dco$on@co$oncpa.com 4
Winter Seminar 22 January 2015
Data Analysis Software
◆ Useful for identifying misappropriation of assets and fraudulent financial reporting
◆ Allows limitless number of analytical relationships to be assessed – within large databases – comparing large databases
◆ Identifies anomalies ◆ Further (human) investigation is almost
always needed
Data Analysis Software
◆ Access and Excel ◆ Interactive Data Extraction and
Analysis (IDEA) ◆ Audit Command Language (ACL)
Ø Windows based and user friendly Ø Require creativity and imagination Ø Supplements--but does not replace--
intelligent audit work
dco$on@co$oncpa.com 5
Winter Seminar 22 January 2015
Valuable Resources ◆ Fraud Detection Using Data Analysis
Techniques to Detect Fraud, David G. Coderre, Global Audit Publications, 1999.
◆ CAATTs and Other BEASTs for Auditors, 3rd Edition, David G. Coderre, Ekaros Analytical Inc., 2005
◆ Internal Audit—Efficiency through Automation, David G. Coderre, John Wiley & Sons, 2009.
David G. Coderre
h"p://www.caats.ca
dco$on@co$oncpa.com 6
Winter Seminar 22 January 2015
ACL Data Analysis Techniques
v Filters v Sorts v Statistics v Gaps v Duplicates v Aging v Confirmations v Samples
v Classification v Summarization v Stratification v Join and Define
Relationships v Trend Analysis v Regression
Analysis v Parallel Simulation v Digital Analysis
Filters ◆ Show me only certain transactions that I might
be interested in ◆ I.e. filter out the “static” inherent in large
databases ◆ Show me all invoices approved and paid on days when
the boss was not in the office ◆ Show me all transactions initiated on Sundays and
holidays ◆ Show me all journal entries initiated on the last three
days of the quarter
dco$on@co$oncpa.com 7
Winter Seminar 22 January 2015
Sorting ◆ Put the data into an order that is easier to
analyze ◆ E.g. aged accounts payable ◆ Sort by vendor name;
– Or sort by vendor address; – Or sort by vendor telephone number; – Or EFT account number
◆ Sort by policy number…
Statistics
◆ Average value, standard deviation, highest/lowest value, etc.
◆ Show me all vendor payments that are more than two standard deviations from the mean
◆ Show me every unit price for product A that is more than 1 standard deviation from the mean
◆ Show me the ratio of total hours to standard hours by department
dco$on@co$oncpa.com 8
Winter Seminar 22 January 2015
Gaps
◆ Used when we have pre-numbered forms or transactions
◆ Show me all missing checks ◆ Show me missing health insurance claims ◆ Show me missing purchase orders ◆ Show me missing vouchers for benefits ◆ Show me all work days with zero cash receipts ◆ Show me NON-gaps where gaps should be
Duplicates ◆ Used in situations when duplicates should not
occur ◆ Show me all payroll transactions in the pay period that
have duplicate: – Payees – SSN – Payment addresses – EFT transfer destinations
◆ Show me duplicate PO#, invoice #, receipt #, check #, etc.
dco$on@co$oncpa.com 9
Winter Seminar 22 January 2015
Aging ◆ We all use aged A/P and A/R listings ◆ AGE function can calculate the number of days
between two date fields ◆ Show me the time elapsed between bid received and bid
opening ◆ Show me the time elapsed between the time an item is
added to inventory and when that item is declared “scrap” or disposed of “due to obsolescence”
◆ Show me the elapsed time between receipt of an invoice and the payment date; and compare to “discount taken” values
Expressions and Calculations ◆ Can be used to test for and detect errors in
accounting software ◆ But, can also be used to detect outside intervention
into an otherwise okay system ◆ Recalculate units x unit price and show me all cases where the
result does not equal the value in the extended amount field ◆ Recalculate each item’s beginning inventory quantity +
purchased quantity; compare to ending inventory quantity ◆ Recalculate vacation accruals for every payroll transaction
and show me every case where the result differs from what was recorded
dco$on@co$oncpa.com 10
Winter Seminar 22 January 2015
Classify ◆ Counts the number of unique values in a
selected character field(s) and the corresponding totals of other numeric fields
◆ Show me how many hysterectomy procedures have been performed, by sex: – Female: 127 – Male: 3 – [sex field blank]: 12
◆ Show me travel expense reimbursements by employee
Summarize ◆ Similar to CLASSIFY, but sorts data by
specified field and provides a detailed listing of transaction information for all records in that classification
◆ Show me all transactions for vendor A, B, C ◆ Show me all payroll transactions for employee A, B, C ◆ Show me all employee expenses transactions for
employee A, B, C
dco$on@co$oncpa.com 11
Winter Seminar 22 January 2015
Stratify ◆ Groups transactions into specified ranges of values
(strata) ◆ Show me numbers of contracts and values within certain
strata – $0 - $45,000: 27 ($609,336) – $45,001 - $49,500: 12 ($543,216) – $49,501 - $50,000: 425 ($21,241,925) – $50,001 - $100,000: 5 ($442,895) – $100,001 - $1,000,000: 3 ($619,764)
Join and Define Relation ◆ JOIN combines data from two databases into a single
database ◆ DEFINE lets you specify the relationship of interest ◆ Show me employee expense claims by employees who were
on vacation/sick/holiday leave on the day the expense was incurred
◆ Show me vendor addresses that match employee addresses ◆ Show me all instances in which a person made a DNC/
RNC campaign contribution within 60 days of getting a Federally-guaranteed loan
dco$on@co$oncpa.com 12
Winter Seminar 22 January 2015
Trend/Regression Analysis ◆ Trend analysis looks at historical trends that
data exhibit ◆ Regression analysis uses historical data to
predict what future values will be ◆ Looking at electricity or water usage trends will show
anomalous changes—investigate any spikes ◆ Regression analysis of electricity or water usage will
predict what the usage should be in the current or future periods—investigate any variances
Data Analysis--A Generic Approach
1) Identify all available databases ü Internal to the organization ü External to the organization
2) List record fields in all available databases 3) Formulate hypotheses about record field
relationships based on specific audit objectives 4) Program analytical tests for each hypothesis
dco$on@co$oncpa.com 13
Winter Seminar 22 January 2015
Data Analysis--A Generic Approach 5) Run tests (output is your “hit list”) 6) Evaluate initial hit list and refine the tests 7) Re-run refined test to produce shorter, more
meaningful hit list (repeat steps 5-7, as needed) 8) Evaluate (via record analysis, interview, or other
technique) every item on the refined hit list 9) Dispose of every hit:
ü Valid explanation found ü Probable improper transaction--full investigation
needed
Data Analysis--A Generic Approach
10) Identify control problems and corrective actions needed
dco$on@co$oncpa.com 14
Winter Seminar 22 January 2015
Data Analysis
◆ Keep the programs developed and refined over time
◆ Run as batch programs as frequently as resources allow
◆ Explore feasibility of real-time tests of transactions: continuous auditing
Real-Time Transaction Tests—Continuous Auditing
◆ Add a loop to the existing accounting system transaction process
◆ Loop goes through the internal or external audit organization
◆ Transactions that fail the audit organization’s [secret] tests get stopped for further analysis
dco$on@co$oncpa.com 15
Winter Seminar 22 January 2015
Real-Time Transaction Tests—Continuous Auditing
◆ Can be very rigorous—apply data analysis tests to every transaction
◆ Can be less rigorous—only focus on some high-risk types of transactions (for example, notify the auditors whenever there is a JE greater than $50,000)
Does data analysis really work? ◆ C&C audits Federal agency financial
statements ◆ We’ve made data analysis a routine part of
these audits ◆ Once various testing algorithms are
defined, the testing is easy and inexpensive ◆ But, the results can be significant
dco$on@co$oncpa.com 16
Winter Seminar 22 January 2015
A data analysis success story
◆ In a Federal agency audit, tests for duplicate payment to funding recipients identified two duplicate payments: one for $289,499 and another for $36,216
◆ The agency recovered $325,715 (an amount equal to approximately half of our audit fee)
◆ Just as important were the internal control improvements that resulted from this finding
32
Data Analysis Case Study: Daewoo v United States of
America
dco$on@co$oncpa.com 17
Winter Seminar 22 January 2015
33 Daewoo v United States
n Daewoo Engineering and Construction Co., Ltd., was awarded an $88 million contract to build a 2-lane highway around Babeldaop Island, Republic of Palau
n Daewoo encountered weather-related delays n The road was supposed to have been completed in
2001 n The road was finally completed in the fall of 2007 n Daewoo submitted a $64 million claim to the
Army Corps of engineers
34 Daewoo v United States
dco$on@co$oncpa.com 18
Winter Seminar 22 January 2015
35
Daewoo v United States
ü DOJ hired Cotton & Company to help defend against the claim
ü We spent 3 weeks in Palau auditing the claim ü Daewoo’s claim contained equipment costs
(about 85% of the claim), labor costs, and other costs, including the “kitchen sink”
36
A true “kitchen sink” claim
dco$on@co$oncpa.com 19
Winter Seminar 22 January 2015
37
A true “kitchen sink” claim
38
Convoluted claim presentation
ü 300+ pages ü Costs for Daewoo as well as Daewoo’s 6
subcontractors ü Different formats and bases
dco$on@co$oncpa.com 20
Winter Seminar 22 January 2015
39 Convoluted claim presentation—equipment
costs
40
Auditing the Claim n We asked for the Excel spreadsheets that
generated the many pages of equipment cost schedules
n We “unhid” the hidden columns n We rearranged the columns so that they were
consistent for all spreadsheets n We merged the spreadsheets into a single
spreadsheet n We performed a “data sort” on the “Chassis No.”
column
dco$on@co$oncpa.com 21
Winter Seminar 22 January 2015
41
42
Auditing the Claim n We sought Daewoo’s explanation for the
duplicated equipment n To “prove” that they had certain items of
equipment, Daewoo’s equipment manager revealed a previously undisclosed spreadsheet
dco$on@co$oncpa.com 22
Winter Seminar 22 January 2015
43
44
Auditing the Claim n We used this newly discovered spreadsheet to
identify scrapped equipment in the claim n Duplicated and scrapped equipment in the claim
totalled at least $2,020,252.
dco$on@co$oncpa.com 23
Winter Seminar 22 January 2015
Auditing the Claim Ø More significant than scrapped and duplicated
equipment, was the impact on the claim of the equipment rates Daewoo used
Ø Daewoo claimed equipment using a COE rate schedule manual (EP 1110-1-8, Construction Equipment Ownership and Operating Expense Schedule)
dco$on@co$oncpa.com 24
Winter Seminar 22 January 2015
Auditing the Claim Ø The COE Rate Manual uses very complex
algorithms to compute operating and standby rates for hundreds of pieces of equipment
Ø We used Excel to replicate the COE algorithms, inserting Daewoo’s actual costs in place of new equipment cost information
Ø Daewoo’s actual equipment rates were significantly lower than the COE rates
dco$on@co$oncpa.com 25
Winter Seminar 22 January 2015
Daewoo’s Explanations
Ø Duplicated and scrapped equipment were insignificant errors in their claim
Ø The Army had agreed to allow them to use COE equipment rates
dco$on@co$oncpa.com 26
Winter Seminar 22 January 2015
FRAUD
opportunity
Motive Pressure
Attitude rationalization
The Army had agreed to allow them to use COE equipment rates in an earlier, much smaller
change order
FRAUD
opportunity
Motive Pressure
Attitude rationalization
The Army had agreed to allow them to use COE equipment rates in an earlier, much smaller
change order
dco$on@co$oncpa.com 27
Winter Seminar 22 January 2015
A Compelling Trial Exhibit
A Compelling Trial Exhibit
dco$on@co$oncpa.com 28
Winter Seminar 22 January 2015
Fraud Counterclaims by the Government
Ø At the conclusion of Daewoo’s case presentation, DOJ requested and was granted leave to file fraud counterclaims
Ø The fraud provisions of the Contract Disputes Act
Ø The False Claims Act
Ø The Special Plea in Fraud (Fraud Forfeiture)
Ø Fraud in the Inducement (bait & switch)
dco$on@co$oncpa.com 29
Winter Seminar 22 January 2015
Daewoo v United States
We noted that all Daewoo’s “errors” in the claim increased the amount of the claim; no errors had the effect of reducing the claim. This would be a remarkable coincidence in a random review of claim elements, or any means of “sampling” by auditors. See, e.g., DX 1015 (Cotton Report); DX 1015 (Cotton Supplemental Report); Tr. 17303 (McGeehin). The possibility that the inflationary effects of Exponent’s and Daewoo’s errors resulted from innocent mistakes is remote.
--The Honorable Robert Hodges
dco$on@co$oncpa.com 30
Winter Seminar 22 January 2015
Daewoo v United States
Defendant showed that Daewoo had equipment acquisition and maintenance costs in its records, but no one chose to compare the records with the Manual to see if the acquisition costs were less than those set out in the manual. If they did, they discovered that the manual rates were higher and ignored the records. In other words, plaintiff purposely avoided looking at its own acquisition costs in favor of the higher manual numbers. This intentional inflation of the claim is fraud.
--The Honorable Robert Hodges
Daewoo v United States The Government proved by any standard that Daewoo’s $64 million claim was fraudulent. Plaintiff made the claim for purposes other than a good faith belief that the Government owed Daewoo that amount. Plaintiff in fact did not believe that the Government owed it $64 million as a matter of right. The Project Manager testified at one point that Daewoo filed at least $50 million of the claim to indicate “the seriousness of the situation” and to get the Government to “pay attention” so it would agree to a cheaper method of constructing embankments. … If so, this is further evidence of bad faith. It means that Daewoo submitted a certified claim as a negotiating ploy; that is, for a reason other than an attempt to recover money for which Daewoo believed the Government is liable.
--The Honorable Robert Hodges
dco$on@co$oncpa.com 31
Winter Seminar 22 January 2015
Daewoo v United States
We made an effort to warn plaintiff of the dangers developing in it case, and to urge that counsel resolve the matter with defendant rather than forcing an Opinion of this nature. Rarely does a case of this magnitude provide evidence of fraud so clearly.
--The Honorable Robert Hodges
Daewoo v United States Ø ALL of Daewoo’s $64 million claim was denied
Ø The Court entered judgment in the Government’s favor under fraud counterclaims pertaining to:
§ The fraud provisions of the Contract Disputes Act
§ The False Claims Act
§ The Special Plea in Fraud (Fraud Forfeiture)
§ Fraud in the Inducement (bait & switch)
Ø Daewoo was ordered to pay the Government $50,639,855.88 plus costs of the investigation
Ø Daewoo (and three key managers) remained on the EPLS while it appealed the decision rather than pay the USG the $51 million
Ø Daewoo’s appeal was ruled on in February 2009
dco$on@co$oncpa.com 33
Winter Seminar 22 January 2015
65 Daewoo v United States n ALL of Daewoo’s $64 million claim was denied n The Court entered judgment in the Government’s favor under
fraud counterclaims pertaining to:
n The fraud provisions of the Contract Disputes Act n The False Claims Act n The Special Plea in Fraud (Fraud Forfeiture) n Fraud in the Inducement (bait & switch)
n Daewoo was ordered to pay the Government $50,639,855.88 n Daewoo’s appeal was ruled on in February 2009; SCOTUS
denied cert n Daewoo FINALLY paid the Government $54+ million to get
removed from the excluded party list
The Compact Road, Fall 2009
dco$on@co$oncpa.com 34
Winter Seminar 22 January 2015
The Compact Road, Fall 2009
The Compact Road, Fall 2009
dco$on@co$oncpa.com 35
Winter Seminar 22 January 2015
The Compact Road, Fall 2009
We used data analytics to identify material amounts of duplicated and scrapped equipment in the claim
We used data analytics to demonstrate to the Court the inflationary effects of Daewoo’s misuse of the COE Rate Manual
Daewoo v United States Lessons Learned …
dco$on@co$oncpa.com 36
Winter Seminar 22 January 2015
In Summary ... ◆ Data mining, data analysis, and artificial
intelligence capabilities--hardware and software--have been improving at an exponential rate.
◆ Current technology is only a hint of what is to come, for both “routine” auditing, and fraud detection.
◆ BUT, the bad guys won’t stand still; they will advance also. All aspects of fraud detection and fraud will change including, perhaps, how we punish those we catch ...
Where to Get More Information ◆ Application of Computer Assisted Audit Techniques
Using Microcomputers, Canadian Institute of Chartered Accountants, 1994 [www.isaca.org]
◆ Internal Audit—Efficiency through Automation, David Coderre, Wiley, 2009
◆ CAATTs & Other BEASTs for Auditors, David Coderre, Global Audit Publications, 1998 [604/669-4225; or www.acl.com]
◆ Fraud Detection: Using Data Analysis Techniques to Detect Fraud, David G. Coderre, Global Audit Publications, 1999 [604/669-4225; or www.acl.com]
◆ Digital Analysis Using Benford’s Law, by Mark Nigrini, 2000, Global Audit Publications
dco$on@co$oncpa.com 37
Winter Seminar 22 January 2015
Where to Get More Information ◆ 101 ACL Applications: A Toolkit for Today’s
Auditors, Richard B. Lanza, CPA, Global Audit Publications, 1999 [604/669-4225; or www.acl.com]
◆ About Benford’s Law: I’ve Got Your Number, Mark J. Nigrini, Journal of Accountancy, May 1999
◆ About ACL: www.acl.com ◆ About IDEA: www.audimation.com
Where to Get More Information ◆ About Detective Toolkit, Fraud Investigator, and Similarity
Search Engine: www.infoglide.com ◆ About ViCLAS: http://www.rcmp-grc.gc.ca/tops-opst/
viclas-salvac-eng.htm ◆ About Data Mining:
– www.gartner6.gartnerweb.com – www.statserv.com/datamining.html – www.datamining.org/sites.htm – www.wizsoft.com
dco$on@co$oncpa.com 38
Winter Seminar 22 January 2015
Finding Fraud with Computer Assisted Audit
Techniques Dave Cotton, CPA. CFE, CGFM
Cotton & Company, LLP Alexandria, Virginia
Winter Seminar 22 January 2015