Managerial Auditing Journal

Fraud auditing
Rocco R. Vanasco
Article information:
To cite this document:
Rocco R. Vanasco, (1998),"Fraud auditing", Managerial Auditing Journal, Vol. 13 Iss 1 pp. 4 - 71
Permanent link to this document:
http://dx.doi.org/10.1108/02686909810198724
Downloaded on: 03 March 2015, At: 06:10 (PT)
References: this document contains references to 405 other documents.
To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 11193 times since 2006*
Users who downloaded this article also downloaded:
William Hillison, Carl Pacini, David Sinason, (1999),"The internal auditor as fraud-buster", Managerial Auditing Journal, Vol.
14 Iss 7 pp. 351-363 http://dx.doi.org/10.1108/02686909910289849
Harold Hassink, Roger Meuwissen, Laury Bollen, (2010),"Fraud detection, redress and reporting by auditors", Managerial
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)

Auditing Journal, Vol. 25 Iss 9 pp. 861-881 http://dx.doi.org/10.1108/02686901011080044

Rani Hoitash, Ariel Markelevich, Charles A. Barragato, (2007),"Auditor fees and audit quality", Managerial Auditing Journal,
Vol. 22 Iss 8 pp. 761-786 http://dx.doi.org/10.1108/02686900710819634

Access to this document was granted through an Emerald subscription provided by 294800 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.

*Related content and download information correct at time of download.

 Fraud auditing
This paper examines the role
of professional associations,
governmental agencies, and
international accounting and
auditing bodies in promulgat-
ing standards to deter and
detect fraud, domestically
and abroad. Specifically, it
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
focuses on the role played by
the US Securities and
Exchange Commission (SEC),
the American Institute of
Certified Public Accountants
(AICPA), the Institute of
Internal Auditors (IIA), the
Institute of Management
Accountants (IMA), the Asso-
ciation of Certified Fraud
Examiners (ACFE), the US
Government Accounting
Office (GAO), and other
national and foreign profes-
sional associations, in pro-
mulgating auditing standards
and procedures to prevent
fraud in financial statements
and other white-collar crimes.
It also examines several fraud
cases and the impact of
management and employee
fraud on the various business
sectors such as insurance,
banking, health care, and
manufacturing, as well as the
role of management, the
boards of directors, the audit
committees, auditors, and
fraud examiners and their
liability in the fraud preven-
tion and investigation.
Managerial Auditing Journal
13/1 [1998] 4–71
© MCB University Press
[ISSN 0268-6902]
[4]
Rocco R. Vanasco
Director, Center for Internal Auditing Studies, National-Louis University, Chicago,
Illinois, USA
Introduction
Fraud is an ever-present threat to the effec-
tive utilization of resources and hence will
always be an important concern of manage-
ment (Brink and Witt, 1982).
Chandler et al. (1995), in their article titled
“Changing perceptions of the role of the com-
pany auditor, 1880-1940” believe that the prob-
lems facing the auditing profession today
may stem from the ostensible obsession with
fraud detection shown by some Victorian era
practitioners. This obsession created an
expectation gap among the public. Emphasiz-
ing fraud detection as the primary audit
objective lasted until the 1930s, when the
principal audit objective became the verifica-
tion of the accounts.
According to the 1921 edition of Spicer and
Pegler’s Practical Auditing, the principal
reason for instituting an audit are to detect
fraud and errors. Walker (1993) observed that
auditors have become less interested in
detecting fraud. There is evidence that audi-
tors do not regard the reporting of significant
audit observations to stakeholders as an
integral part of the audit and accept no
responsibility for the audited financial state-
ments. In general they are not overly con-
cerned with detecting fraud and errors.
In the late 1940s, the external auditors did
not assume a direct responsibility for fraud
because of their inability to detect fraud
involving unrecorded transactions, theft, and
other irregularities. This was done to shield
accounting firms from lawsuits holding them
responsible from frauds (Brink and Witt,
1982).
Fraud has attracted the attention for schol-
ars, investigators, auditing and accounting
associations, and government agencies,
nationally and internationally. Fraud’s many
definitions include those given below.
Prosser (1971) describes the elements of
fraud as follows:
• false representation of a material fact;
• representation made with knowledge of its
falsity;
• a person acts in the representation; and
• the person acting is damaged by his/her
reliance.
For Elliot and Willingham (1980), financial
fraud is the “deliberate fraud committed by
management that injures investors and credi-
tors through materially misleading financial
statements.”
The Institute of Internal Auditors (1985), in
its SIAS No. 3, Deterrence, Detection, Investi-
gation, and Reporting of Fraud, has referred
to fraud as encompassing “an array of irregu-
larities and illegal acts characterized by
intentional deceptions. It can be perpetrated
for the benefit or the detriment of the organi-
zation.”
The National Commission on Fraudulent
Financial Reporting (1987) defines fraudulent
financial reporting as an “intentional or
reckless conduct, whether by act or omission,
that results in materially misleading finan-
cial statements.”
The American Institute of Certified Public
Accountants (1988), in its SAS No. 53, The
Auditor’s Responsibility to Detect and Report
Errors and Irregularities, introduced the
term irregularities to describe intentional
misstatement of financial statements (man-
agement fraud) and theft of assets (employee
fraud).
Sawyer (1988) views fraud as a false repre-
sentation or concealment of material fact to
induce someone to part with something of
value. For Arens and Loebbecke (1994), fraud
occurs when “a misstatement is made and
there is both the knowledge of its falsity and
the intent to deceive.” For Wallace (1995),
fraud is “a scheme designed to deceive; it can
be accomplished with fictitious documents
and representations that support fraudulent
financial statements.” For Flesher (1996),
fraud means “dishonesty in the form of inten-
tional deceptions or a willful misrepresenta-
tion of fact.” For Albrecht (1996a), every fraud
consists of three elements:
1 theft act which involves taking cash, inven-
tory, information, or other assets manu-
ally, by computer, or by telephone;
2 concealment which involves the steps
taken by the perpetrators to hide the fraud
from others; and
3 conversion which involves selling or con-
verting stolen assets into cash and then
spending the cash.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Fraud rulings on management’s and audi-
tors’ liability are of great concern to boards of
directors, audit committees, management,
independent auditors, internal auditors,
fraud examiners, and regulatory agencies.
The American Association of Certified Public
Accountants (AICPA), the Institute of Inter-
nal Auditors (IIA), the Association of Certi-
fied Fraud Examiners (ACFE), and other
regulatory agencies have taken bold steps in
condemning fraudulent and unlawful acts in
their regulations, codes of conduct, and audit-
ing standards.
Several frauds reported in the last few
decades have led the government and the
auditing profession to rethink and re-engi-
neer their audit tools and procedures to safe-
guard corporate assets better. Furthermore,
the cost of litigation of fraud cases has cre-
ated a new wave of scandals and the auditors’
liability has skyrocketed in billions of dollars
as attested from the following events:
• An editorial in Fortune (1978) reported that
increased time pressure has led indepen-
dent auditors to do a sloppy job in their
audits. Out of 1,100 practitioners, 58 percent
had indicated that they had signed off on a
required audit step without completing the
work or noting the omission.
• Thornhill (1985) observed that the US mili-
tary is defrauded by US$500 million to US$1
billion a year by unscrupulous contractors.
• The Institute of Financial Crime Preven-
tion (1986) reported that situation pres-
sures, opportunities to commit fraud, and
personal integrity are the three variables
influencing the likelihood of fraud. Of all
internal thefts 80 percent are committed by
one employee acting alone.
• Thomas (1990a) reported that fraud has
caused billion dollar losses to financial
institutions and greatly increased the
number of lawsuits. The Lincoln Savings
and Loan Association and the so-called
“Keating five” lost US$2.3 billion in 1990s
second quarter. The 2,500 S&Ls posted
US$271 million in losses in the first quarter
of 1990. Rankin (1990) also reported that two
of the Big Six firms face over US$13 billion
in damages from related lawsuits.
• Schmedel and Berton (1992) reported a tax
scandal in the Wall Street Journal concern-
ing the Resolution Trust Corporation, a
federal thrift cleanup agency, which filed a
US$400 million civil suit against Arthur
Andersen & Co. claiming that the account-
ing firm was negligent in auditing the col-
lapsed Benjamin Franklin Savings Associa-
tion. Andersen Consulting had failed to
withhold Colorado’s income tax from the
pay of 35 nonresident employees. As part of
the civil settlement, Andersen paid
Colorado nearly US$1 million in taxes,
penalties, and investigation costs.
• Based on information from the US Cham-
ber of Commerce, Davia et al. (1992) esti-
mated that the cost of fraud in the USA
exceeds US$100 billion dollars annually.
They wonder whether or not anyone is
“watching the store.”
• KPMG Peat Marwick surveyed the 2,000
largest companies in the USA to assess the
extent of fraud in US corporations (1993).
These include manufacturers, insurance
companies, health care organizations, utili-
ties, and consumer products companies. Of
the 330 responding companies, 26 percent
acknowledged that they had experienced
fraud during the previous 12-month period.
The average cost to the company was
US$200,000 per incident.
• The Wall Street Journal (1994a) reported
that Montedison, the Italian food and chem-
ical group, filed a suit against its former
auditor Price Waterhouse, Italy, seeking
damages of more than one trillion lire
(US$610 million). The suit seeks to recoup
losses stemming from alleged “serious
negligence” in Price Waterhouse’s account-
ing from 1983-1992.
• Schmitt and Berton (1994) reported in The
Wall Street Journal that Deloitte agreed to
pay US$312 million to settle US claims
related to S&L failure. The 18 pending law-
suits were seeking over US$14 billion for
theft-related work in the 1980s. The account-
ing firm also agreed to provide training and
supervision for partners auditing financial
statements.
• Gardner (1996) reported in The White Paper
that GAO has estimated that total year loss
to Medicare because of fraud and abuse is
approximately US$47 billion, or 10 percent
of total Medicare spending.
In 1988, Berton reported in The Wall Street
Journal that the malpractice claims against
the accountants totaled US$1 billion; by
including the charges brought under RICO
cases, it would add up to US$4 billion in
claims. In 1992, it was estimated that there
were about US$30 billion in damage claims
facing the profession as a whole.
On 6 August 1992, the Big Six firms, over-
whelmed by the cost of litigation of cases
claiming auditors’ malpractice, issued a
Statement of Position entitled The Liability
Crisis in the United States: Impact on the
Accounting Profession. The statement
requests a substantive reform of both federal
and state liability laws, specifically the
replacement of joint and several liability with
a proportionate liability. It states:
While other serious problems must also be
addressed, the principal cause of
[5]
 Rocco R. Vanasco unwarranted litigation against the profes-
Fraud auditing sion is joint and several liability, which
governs the vast majority of actions brought
Managerial Auditing Journal
13/1 [1998] 4–71 against accountants at the federal and state
levels. The profession is merely asking for
fairness – the replacement of joint and sev-
eral liability with a proportionate liability
standard that assesses damages against
each defendant based on that defendant’s
degree of fault. Proportionate liability will
help restore balance and equity to the liabil-
ity system by discouraging suits and giving
blameless defendants the incentive to prove
their cases in court rather than settle.
The chairman and senior partner at Price
Waterhouse warned that runaway litigation
seriously undermines the ability of the finan-
cial reporting system to provide information
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
that supports competitive decision making by
US companies. Unrealistic expectations and
the risk-shifting liability system have com-
bined to create a situation in which auditors
are viewed as absolute guarantors against
fraud, failure, and financial ruin. Unwar-
ranted litigation and forced settlements
account for the vast majority of claims
against auditors pose a grave threat to the
health of many businesses and professions
(O’Malley, 1993a).
Berton (1992a), in his editorial entitled
“Holding accountants accountable,” discour-
ages the notion of “safe harbor” for accoun-
tants since it might be an open door for their
negligence. Such safe harbor may hurt their
reputation by conveying to the public that
they want audit fees without the commensu-
rate responsibilities. Lee (1992), in his editor-
ial entitled “The audit liability crisis: they
protest too much,” believes that the
contention of the Big Six US audit firms on
curving unwarranted litigation is plain:
They are being extorted by an unfair legal
system, and if the public expects their con-
tinued services, the system must be changed
so as not to interfere with the maximization
of their profits. The statement ignores a very
real audit crisis, involving enormous corpo-
rate failures and frauds, especially in bank-
ing and insurance. Auditors have been
found “guilty in court, have been censored
by regulators, and have had their licenses
suspended in some states, yet the Big Six
appear obsessed with their economic entitle-
ment as a virtual monopoly and clueless as
to their need to raise their professional
standards.
Barron et al. (1977) conducted a nationwide
survey to elicit views within the financial
community on two major issues:
1 the auditor’s responsibility for detecting
corporate irregularities and illegal acts;
and
2 the auditor’s responsibility for disclosing
irregularities and illegal acts.
[6]
The survey demonstrates an “expectation
gap” between auditors and other segments of
the financial community about the duty to
discover deliberate material defalcations of
the financial statements. It also shows an
“expectation gap” between auditors and
bankers and financial analysts with respect
to a number of possible auditor disclosures.
Lowe and Pany (1993) surveyed 141 mem-
bers of a municipal court jurors pool and 78
auditors from a large international account-
ing firm to assess their attitude toward the
auditing profession. The result of the study
reveals an “expectation gap.” The jurors view
the auditor’s role as that of a public watchdog
or guardian to the extent of expecting the
auditor to actively search out the smallest
fraud. Auditors disagree with this characteri-
zation of their task.
Epstein and Geiger (1994) conducted a
nationwide survey of stock investors which
revealed a startling evidence of the “expecta-
tion gap” between the assurances auditors
provided on financial statements compiled by
management and the expectation of investors
and other users of financial statements. Over
70 percent of the 246 investors surveyed
believe that auditors should be held responsi-
ble for detecting material misstatements due
to fraud, and some 47 percent expect auditors
to provide absolute assurance that financial
statements contain no material misstatement
due to errors.
Part I: Fraud and the law
In the last few decades, a plethora of fraud
suits have been filed under the Securities
Acts, the Racketeer Influence and Corrupt
Organizations Act (RICO), and Common Law,
some of which will be examined below.
The role of the securities and exchange
commission
Auditors must recognize their responsibil-
ity to the public investors by including
management activities in their review (SEC,
1940).
To protect users of financial statements,
many of whom suffered great losses in the
1929 stock market crash, the Securities and
Exchange Commission (SEC) adopted the
1932 New York Stock Exchange rule requiring
all companies, whose stock was listed by the
Exchange, to furnish their shareholders
audited financial statements at least annually.
The SEC has been very active in protecting
the public interest since its inception and has
questioned the role of the auditing and
accounting profession when faced with mate-
rially misstated financial statements in
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
violation of the securities laws. The SEC has
not hesitated to prosecute corporations and
auditors in several cases of fraudulent finan-
cial statements. The SEC’s proceedings are
based on the following 1933 and 1934 securi-
ties laws.
Section 11(a) of the Securities Act of 1933
states that both the company filing the regis-
tration and its auditors may be held liable to
the initial purchasers of the securities in the
event that the registration statement is found
to contain material misstatements or omis-
sion.
The Securities Exchange Act of 1934
expands coverage to subsequent purchasers
and sellers of stock. For many years, the
accountants’ liability for issuing unqualified
opinions on misstated financial statements
seems to be under Section 18 of the 1934 Act
which states:
Any person who shall make or cause to be
made any statement in any application,
report, or document filed pursuant to this
title … which statement was at the time and
in the light of the circumstances under
which it was made false or misleading with
respect to any material fact, shall be liable to
any person (not knowing that such state-
ment was false or misleading) who, in
reliance upon such statement, shall have
purchased or sold a security at a price which
was affected by such statement, for damages
caused by such reliance, unless the person
sued shall prove that he acted in good faith
and had no knowledge that such statement
was false or misleading (11 USC 78, 1970).
For the SEC, financial statements are materi-
ally misstated if:
a substantial likelihood exists that a reason-
able shareholder would consider it impor-
tant in making an investment decision or it
would have significantly altered the total
information mix available.
The following cases illustrate the SEC’s deter-
mination to curb fraudulent acts that injure
the public interest.
In 1939, the SEC conducted hearings which
disclosed that the audited financial state-
ments of McKesson & Robbins, Inc., a drug
company listed in the New York Stock
Exchange, contained US$19 million of ficti-
tious assets, about one-fourth of the total
assets shown in the balance sheet. The ficti-
tious assets included US$10 million of nonex-
istent inventory. At that time, the standards
did not require any observation of invento-
ries. In 1940, the SEC issued Accounting
Series Release (ASR) No. 19, In the Matter of
McKesson & Robbins. In its release, the SEC
suggested that auditors investigate the man-
agement of new clients and noted:
• Numerous auditing procedures require
strengthening inventory procedures.
• Auditors should be responsible for detect-
ing gross misstatements whether resulting
from collusion or otherwise.
• Auditors must recognize their responsibil-
ity to the public investors by including
management activities in their review.
In the 1941 fraud case of United States v.
White, the auditor was convicted of criminal
fraud under Section 17 of the Securities Act of
1933 for his failure to disclose several
instances of questionable accounting prac-
tices in connection with the registration
statement (Boyton and Kell, 1996).
In 1942, the SEC promulgated Rule 10b-5
which states:
It shall be unlawful for any person, directly
or indirectly, by the use of any means or
instrumentality of interstate commerce or
mail, or of any national securities exchange:
• to employ any device, scheme, or artifice
to defraud;
• to make any untrue statement of a mate-
rial fact or to omit to state a material
fact necessary in order to make the
statement not misleading; or
• to engage in any act, practice, or course
of business which operates or would
operate as a fraud or deceit upon any
person in connection with the purchase
or sale of any security (17 CFR 240.10b-
5).
Under clauses (a) and (c) of Rule 10b-5, the
courts may impose liability on directors,
officers, and professional advisers for fraudu-
lent acts that intentionally deceive a corpora-
tion’s existing and potential stockholders and
creditors. Clause (b) does not specifically
state that the untrue statement or omission of
fact had to be made with the intention to
defraud. No express statute of limitations
applies to Rule 10b-5. Court cases in 1967
made it clear that privity was not required in
10b-5 cases (Wallace, 1995).
In the fraud case of United States v.
Benjamin, 328 F. 2d 824,863 (2d Cir. 1964), the
auditor was convicted in a criminal action
under Section 24 of the 1933 Securities Act for
his failure to exercise due diligence that
would have revealed misrepresentations in
proforma financial statements used in con-
junction with the sale of unregistered securi-
ties. On this matter, the court’s opinion
states:
In our complex society, the accountant’s
certificate and the lawyer’s opinion can be
instruments for inflicting pecuniary loss
more potent than the chisel or the crowbar.
Of course, Congress did not mean that any
mistake of law or misstatement of fact
should subject an attorney or an accountant
to criminal liability simply because more
skilled practioners would not have made
them. But Congress equally could not have
intended that men holding themselves out
[7]
 Rocco R. Vanasco as members of these ancient professions
Fraud auditing should be able to escape criminal liability
on a plea of ignorance when they have shut
Managerial Auditing Journal
their eyes to what was plainly to be seen or
13/1 [1998] 4–71
have knowledge they did not possess.
In the fraud case of Fischer v. Kletz (known as
Yale Express), 266 F. Supp. 180 (SDNY, 1967),
the company issued financial statements
which were materially misstated. They
reported a net income of US$1,400,000 instead
of a loss of US$1,254,000 and charged to
retained earnings an additional US$629,000.
The suit was filed under Section 182 of the
1934 Securities Act and Rule 10b-5. The court
noted:
The auditor has a duty to anyone still rely-
ing on his report to disclose subsequently
discovered errors in the report. This duty
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
exists regardless of the auditor’s lack of
financial interest in any transactions to
which the information relates. The obliga-
tion arises because of the auditor’s special
relationship that provides access to the
information.
The landmark fraud case Escott v. BarChris
Construction Corporation (283 F. Suppl 643,
1968) represents a violation of Section 11 of
the 1933 Securities Act. The plaintiffs claimed
that the registration statement for deben-
tures contained materially false statements
and material omissions. The court’s opinion
noted that:
• the registration statement (Form S-1) was
false and misleading; and
• the CPA firm failed to comply with gener-
ally-accepted auditing standards (GAAS).
The judge reprimanded the auditor for not
exercising a skeptical attitude and stated that
the auditor “was too easily satisfied with glib
answers to his inquiries. But there were
enough danger signals in the materials which
he did examine to require some further inves-
tigation on his part.”
The fraud case United States v. Simon, (425
F. 2d 796, 1969), known as the Continental
Vending case, involved both criminal and
civil proceedings against three CPAs. The US
government’s case of fraud against the CPAs
was initiated on the ground that the Conti-
nental’s audited financial statements were
misleading. The finding by the jury that the
balance sheet did not present fairly Continen-
tal’s financial position led to the conviction of
the three CPAs. The auditors were found
guilty, were fined US$17,000, and their
licenses to practice as CPAs were revoked.
The Equity Funding fraud caused a scandal
in the business community. The Wall Street
Journal (1974) reported that a financial vice-
president testified that he was ordered by the
firm’s chairman to inflate the profits falsely.
Robert Loeffler, the court appointed trustee of
[8]
Equity Funding, grouped the fraudulent
activities into three categories:
1 the creation and inflation of assets in the
balance sheet;
2 the borrowing of cash without recording
the corresponding liability; and
3 the creation of phony insurance which was
sold to other insurance companies.
The fraud case of Hochfelder v. Ernst & Ernst,
503 F. 2d 1110 (1974), represents a violation of
the Rule 10(b)-5 under the Securities
Exchange Act of 1934. The suit was brought
by a group of investors against the CPA firm
that audited the First Securities Company of
Chicago, a small brokerage firm. The presi-
dent had persuaded the investors to mail him
their personal checks for a fund from which
he was to invest in escrow accounts yielding
high returns to the investors. It was discov-
ered later that no such escrow accounts with
accounting records of the First Securities
Company existed. The president had diverted
the investors’ checks for his own use.
In the United States v. Natelli, 527 F. ed 311
(1975), known as the National Student Mar-
keting Corporation case, two auditors were
convicted of criminal liability for failing to
properly disclose the write-off of uncollectible
accounts. The accompanying footnote failed
to indicate that regular sales for 1968 were
overstated 20 percent and actual net earnings
were only 46 per cent of the reported earn-
ings. The Court concluded that:
• The treatment of the retroactive adjustment
was done intentionally to conceal errors in
the 1968 statements.
• A professional cannot escape criminal
liability on a plea of ignorance when they
have shut their eyes to what was plainly to
be seen.
A 1976 decision by the US Supreme Court in
Ernst & Ernst v. Hochfelder, 425 US 185, 96s ct
1375, 47 L Ed 2d 668 (1976), marked the end of
the accountant’s liability for ordinary negli-
gence under Section 10 of the 1934 Act. The
Court stated:
When a statute speaks so specifically in
terms of manipulation and deception, and of
implementing devices and contrivances –
the commonly understood terminology of
intentional wrongdoing – and when its
history reflects no more expansive intent,
we are quite unwilling to extend the scope of
the statute to negligent conduct.
Based on the above court ruling, an auditor is
no longer liable to third parties under Section
10(b) and Rule 10b-5 of the 1934 Act for ordi-
nary negligence. The auditor has no liability
in the absence of any intent to deceive or
defraud.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In 1976, the SEC issued Accounting Series
Release (ASR) No. 165. Whenever an audit
change occurs, clients must report it in Form
8-K within the prior two years:
there were any disagreements with the
former accountant on any matter of
accounting principles or practices, financial
statement disclosure or auditing scope or
practice, which disagreement if not resolved
to the satisfaction of the former accountant
would have caused him to make reference in
connection with his report on the subject
matter of the disagreement.
In cases of management fraud, the auditor
should resign from the audit engagement.
In United States v. Weiner, 578 F. 2d 757 (9th
Cir. 1978), three auditors of Equity Corpora-
tion of America were convicted after a jury
trial of multiple counts of securities fraud
and filing false statements with the SEC. The
case involved the auditors’ failure to detect
that US$2 billion of the company’s US$3.5
billion of assets were fraudulently obtained
through computer-produced, bogus insur-
ance policies. In addition to criminal convic-
tions against the three auditors, five account-
ing firms paid US$44 million in damages. At
Equity Funding, many employees knew about
the fraudulent activities and even partici-
pated in the fraud (Boynton and Kell, 1996).
In Cenco Inc. v. Seidman & Seidman, 686 F.
2d 449 (7th Cir. 1982), the defendants were
charged with violating SEC Rule 10b-5 and
several federal securities laws. The case dealt
with the auditors’ failure to detect US$25
million inventory fraud perpetrated by top
management. In this particular case, the
judge made a distinction between manage-
ment fraud and employee fraud:
• Auditors are not detectives hired to ferret
out fraud.
• Auditors must investigate if they suspect
fraud; but in this case, the former manage-
ment made fraud difficult to detect because
two executives turned the company “into
an engine of theft against outsiders.”
In 1984, the Wall Street Journal reported that
the SEC challenged InterFirst’s claim of
US$54 million in tax benefits from a net oper-
ating loss carry-forward. The SEC questioned
the claim, which was supported by the Inter-
First’s outside auditor, Arthur Andersen.
Wallace (1995) observed that this is indicative
of the close, advocate-type relationship
depicted by the media between auditors and
their clients, which emphasizes disagree-
ments with regulators and government agen-
cies.
In 1990, Accounting Today reported that in
an administrative proceeding, the SEC
barred a big six public accounting firm from
accepting any new SEC engagement in the
New York area for a 45-day period. The action
was triggered by the finding of a SEC law
judge that the firm engaged in “unethical and
improper professional conduct” in two audits
of US Surgical Corp, because it failed to:
• exercise due care;
• maintain the proper level of professional
skepticism; and
• resolve the serious question of client
integrity before certifying the financial
statements.
The alleged misconduct resulted in the
issuance of unqualified audit reports on state-
ments that were incorrect for significantly
overstating income.
To deter auditors’ involvement in fraudu-
lent financial statements, the SEC can initiate
administrative proceedings against auditors
under Administrative Rule 2(a) which states:
The Commission may disqualify and deny,
temporarily or permanently, the privilege of
appearing or practicing before it to any
accountant who:
• does not possess the requisite qualifica-
tions to represent others;
• is lacking in character or integrity; and
• is engaged in unethical or improper
professional conduct, willfully aiding
and abetting the violation of any provi-
sion of the federal securities laws.
Sommer (1975) refers to a SEC chairman’s
reasoning behind the issuance of injunctive
proceedings against public accountants:
Put very simply, when the Commission
discerns that the auditor has not been alert
to his duty, that he has gone through an
exercise by rote, or that has not been true to
the duty of fair presentation, then in my
estimation, the Commission should prop-
erly authorize an action to enjoin the
accountant from a repetition of those faults.
In 1991, the SEC investigated Guarantee Secu-
rity Life Insurance Co., the brokerage firm of
Merrill Lynch, and the auditors of Coopers &
Lybrand regarding a malpractice of related-
party transactions. In 1993, Price Waterhouse
(PW) successfully fought off allegations of
audit fraud brought by the SEC in a Southern
District of New York bench trial. The SEC had
alleged that PW violated and aided in the
violation of antifraud provisions of the Secu-
rities Act of 1933 and the Securities Act of
1934 in auditing AM International for the
fiscal year ending July 31, 1980. The court
rejected the “SEC’s expertise on practically
all contested accounting or auditing issues”
and adopted a liability rule in an SEC injunc-
tion action most favorable to the accounting
profession (Seamons, 1993).
The most troublesome aspect of the audit-
ing profession is that some companies can get
away if they set their minds in perpetrating
[9]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 10 ]
fraud even if a major accounting firm is mon-
itoring the company’s books and annual
reports. The SEC reported that in 1991 and
1992, four top executives at the former
Jamaica Water Power of Purchase, New York,
invented fake assets and overstated the value
of others in order to sell stock and collected
bonuses based on grossly overstated profits.
The profits were reported in financial state-
ments audited by the accounting firm of
Ernst & Young. Even after the company’s
president had brought in another accounting
firm, Deloitte & Touche, to investigate the
suspicious figures, nothing much was done
(Norris, 1995).
In 1994, the SEC filed a complaint against
former Comptronix chairman William
Hebding, former president Allen Shifflett,
and former controller J. Paul Medlin, accus-
ing them of overstating Comptronix profits
and then trying to hide the fraud from the
company’s independent auditors and board.
The former company officials have agreed to
repay investors about US$1.1 million in order
to settle fraud and insider trading charges
(New York Times, 1994a).
In 1994, the SEC filed a civil fraud against
Marvin G. Basson, a certified public accoun-
tant, who allegedly conspired to commit secu-
rities fraud by certifying financial statements
that: “fraudulently overstated Towers’ assets,
revenue, and income.” In April 1994, Towers
and its founder, Steven Hoffenberg, were
indicted on criminal fraud charges. The for-
mer vice-president, Charles Chugerman,
pleaded guilty to criminal fraud charges for
doctoring computer runs and otherwise falsi-
fying Towers books to mislead investors and
ratings services about Towers’ financial
health (New York Times, 1994a; Wall Street
Journal, 1994b).
In 1995, the SEC filed a complaint in Federal
District Court in Manhattan against Soft-
point, a Nevada company. The SEC alleged
that Softpoint’s officers had engaged in an
international complex fraud. Softpoint,
which develops and sells a computer-driven
cash register, issued 420,000 shares to a group
of “fictitious” foreign companies. Most of
those shares, which the foreign firms bought
at a discount, were then resold to US
investors, raising US$1.72 million, most of
which went back to Softpoint (Eichenwald,
1995).
The same year, the SEC filed charges
against Bankers Alliance Corporation, Carpe
Diem International, Lee Financial, and
related companies in an operation that SEC
termed a Ponzi scheme. (The Ponzi scheme,
named after Charles Ponzi, the organizer of
such scheme in the USA in 1919-20, is a swin-
dle in which a quick return on an initial
investment is paid out of funds from new
investors in order to lure the victim into
bigger risks.) The SEC alleged that the defen-
dants made misleading claims in newspaper
ads, promising investors unrealistic high
rates of return in questionable investments.
A judge in the Federal District Court in Wash-
ington issued a restraining order against the
named companies (Antilla, 1995).
To prevent securities fraud, the SEC issued
new disclosure rules in 1996. These rules aim
at eliminating the watering down of stock
through false issuing to lure investors. This
practice started in the nineteenth century,
when Daniel Drew did this with the Erie
Railroad stocks (Donlan, 1996).
On October 14, 1996, Barron’s reported that
both the SEC and NASDAQ investigated
Novatek International. It is believed that the
medical-products marketing concern was
largely a stock rig perpetrated by its control-
ling shareholder, ex-convict William Trainor.
The company has filed for Chapter 11 bank-
ruptcy protection (Laing, 1996).
In November 1996, the SEC filed the first
suit to halt securities manipulation over the
Internet. At the agency’s request, a federal
judge in Washington froze the assets of
Charles O. Huttoe, the chairman of Systems
of Excellence, and the assets of Theodore R.
Melcher Jr and Shannon B. Terry, operators
of an electronic newsletter, SGA Goldstar.
The SEC complained that the newsletter
writers, in cahoots with Huttoe, touted the
company over the Internet. When the stock
price took off, investigators say, the writers
and Huttoe dumped the shares. Kenneth
Lench, the SEC branch chief of the investiga-
tion warned that “investors should be wary of
biases of people who recommend securities,
particularly when they are anonymous”
(Hannon, 1996).
The SEC’s Regulation S prohibits the sale of
Reg S stock by US corporations to foreigners.
In 1996, a federal jury found Arthur Feher Jr
guilty of criminal fraud for issuing new Reg S
shares to a Canadian (Palmer, 1996).
The racketeer influenced and corrupt
organizations act
RICO claims against accountants were
unheard of, but presently fifty such cases
involving claims against large and local CPA
firms are filed (Wallace, 1995).
In 1970, the US Congress enacted the Racke-
teer Influenced and Corrupt Organizations
Act (RICO) as a weapon against mobsters and
racketeers who were influencing legitimate
business. The act defines the term “racketeer-
ing activities” to include crimes such as mail
fraud and fraud of the sale of securities. The
RICO Act provides treble damages in civil
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
cases brought under the Act. For civil cases,
the standard of proof requires a “preponder-
ance of evidence.” The plaintiff must prove
that the defendant:
• employed any device to defraud;
• made untrue statement of material fact or
omitted material fact;
• engaged in act, practice, or course of busi-
ness to commit fraud or deceit in connec-
tion with purchase or sale of securities.
Plaintiff must also prove: damages sustained;
material misstatement or omission; reliance;
and scienter. For criminal cases, the standard
of proof is “beyond a reasonable doubt.” Sec-
tion 32(a) establishes criminal liability for
“willfully” and “knowingly” making false or
misleading statements in reports under the
1934 Act. This section also provides for crimi-
nal penalties for violating the antifraud pro-
visions of Section 10(b) consisting of fines of
not more than US$100,000 or imprisonment of
not more than five years or both.
The Schacht v. Brown fraud case (1983) was
the first audit failure case brought under
RICO. Three separate auditing firms were
found liable for alleged damages of US$100
million for “fraudulent prolongation of the
corporation’s life beyond solvency.” Plaintiff
claimed that each CPA firm knew of the sub-
sidiary company’s insolvency. Each auditing
firm issued nonetheless unqualified financial
statements from 1974 through 1977 (Boynton
and Kell, 1996).
In 1985, the US Supreme Court heard the
case of Sedima v. Imrex and approved the
expansive scope to which RICO was being
applied to cover cases involving legitimate
business enterprises and individuals affili-
ated with those enterprises. The Court con-
ceded that RICO may have evolved into some-
thing quite different from the original con-
ceptions of its enactors, but concluded that
“this defect – if defect it is – is inherent in the
statute as written and its correction lies with
Congress.”
Back in 1986, Martha Brannigan and
Richard Koening reported in The Wall Street
Journal that nine were indicted in the fraud
case of ESM Government Securities Litigation
v. Alexander Grant & Co. under the RICO
jurisdiction. This case involved Jose L.
Gomez, a former manager/partner of Alexan-
der Grant & Co., who pleaded guilty to know-
ingly approving ESMs false financial state-
ments from 1978 through 1984, thus allowing a
fraud that reached US$320 million in losses to
investors. In 1987, Brannigan also reported
that Gomez continued to participate in the
fraud because of his inability to face up to
having made a mistake. Berton (1986)
reported in The Wall Street Journal that
Alexander Grant & Co. faced claims of US$300
million in actual damages and as much as
US$1 million in punitive damages, or five
times the firm’s malpractice insurance cover-
age. The defendant is reported to have
reached out-of-court settlements approaching
US$50 million.
Welton (1988) compared both Federal and
State RICO statutes as they affect accoun-
tants. He concluded that the cumulative effect
of litigation under federal and one or more
state RICO statutes could lead to catastrophic
liability of up to 39 times the actual damages.
In 1990, Laventhol & Horvath was the first
big accounting firm to be found guilty of a
RICO charge in a case involving the audit of a
federal tax-shelter program. The accounting
firm collapsed and its former partners agreed
to pay US$48 million to avoid personal bank-
ruptcy.
In 1991, Berton and Truell reported in the
Wall Street Journal that a class action lawsuit
was filed against Price Waterhouse in federal
court in Los Angeles on behalf of BCCI’s 1.2
million depositors seeking multibillion dollar
treble damages under the RICO Act. Price
Waterhouse was paid at least US$4 million for
work performed for BCCI in the USA.
In 1992, investors’ rights to sue a company’s
auditors for alleged securities fraud and
violations under the RICO Act has been
upheld by the US District Court for the South-
ern District of Florida. In Sahlen & Associ-
ates, Inc., investors in Sahlen & Associates
brought suit against defendants that includes
auditor KPMG Peat Marwick after Sahlen
declared bankruptcy and its stock became
worthless. The court ruled the allegations
that generally accepted auditing standards
had been violated, along with allegations that
KPMG knew of or recklessly ignored other
irregularities, were sufficient to sustain a
Rule 10b-5 claim under the Securities
Exchange Act of 1934. The court also ruled
that investors could bring a RICO action
against KPMG, as RICO requirements were
satisfied by allegations that multiple mis-
statements to investors were made to further
a scheme to defraud (Balinga, 1992).
In 1993, the US Supreme Court heard the
case of Reves v. Ernst & Young, which
involved investors’ losses related to a farm-
ers’ co-operative that went bankrupt, and
ruled that RICO “requires some participation
in the operation or management of the enter-
prise itself ” (Bergstrom and Morrison, 1993).
In 1994, the Teamsters Union filed a US$22
million lawsuit in the US District Court in
Minneapolis against Midwest Motor Express,
accusing the Bismarck, ND, trucking com-
pany of fraud under the Racketeer Influenced
and Corrupt Act (RICO). The Teamsters
alleged that Midwest embezzled millions of
[ 11 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 12 ]
dollars from its employees and that the com-
pany defrauded workers of wages and bene-
fits under the guise of saving the company
(Schulz, 1994). In 1995, Midwest Motor
Express won the case against the Teamsters
Union. Judge Patrick Conmy of US District
Court of North Dakota, Southwestern Divi-
sion, said there is no factual basis to support
the Teamsters’ contention that Midwest used
mail services with the intent to defraud
employees (Schulz, 1995).
In 1996, the Wall Street Journal reported
that Federal Judge Michael B. Mukasey of the
US District Court for the Southern District of
New York dismissed all racketeering charges
against Arthur Andersen & Co. in lawsuits
involving the DeLorean Motor Co. Mukasey
retained portion of the suits alleging negli-
gence and fraud by the accounting firm as
DeLorean’s auditor (Berton, 1996).
Common law liability
Fraud stories seem almost like soap operas.
The faces and sets change, and plots can
take on surprising twists; but in both cases
corruption and ruination unfortunately
seem omnipresent (Graham, 1996).
Auditors are accountable not only under the
1933 Act and RICO statute, but also under
common law for materially misstated finan-
cial statements. Common law is based on
judicial precedents rather than legislative
enactment. The judge has the legislative
flexibility to consider social, economic, and
political issues as well as prior case law. In
fraud cases, auditors are accountable for
breach of contract. Under the Tort Law, audi-
tors are also accountable for ordinary negli-
gence, gross negligence, and fraud.
Breach of contract
Auditors’ liability in fraud cases arises from
breach of contract when they: issue standard
reports which do not comply with GAAP; do
not deliver the audit report by the agreed-
upon date; or violate the clients confidential-
ity relationship.
In the 1971 fraud case of Tenants’ Corpora-
tion v. Max Rothenberg, the co-operative sued
the auditors for alleged failure to detect defal-
cation under two alternatives:
1 breach of contract to perform an audit; and
2 negligence in failing to exercise due care
in performing the audit and in complying
with GAAS.
The trial court in New York found the audi-
tors were engaged to perform an audit and
were negligent in not doing so. The court
noted:
Regardless of whether the auditors received
the invoices for purposes of audit or other-
wise, they had a duty to detect defalcations
and on the basis of the evidence gathered
could have and should have noted these
defalcations.
The message of this fraud case is simple;
although the contract does not call for an
audit examination or detection of fraud, audi-
tors should be responsible for disclosing
circumstances causing them to believe fraud
exists.
In the 1982 fraud case of Fund of Funds, Ltd
v. Arthur Anderson & Co., the plaintiff sued
the auditors for breach of contract because
the auditors failed to disclose irregularities
totaling US$120 million to the client when the
auditors’ engagement letter contained a spe-
cific representation that any irregularities
would be revealed. Anderson admitted dis-
covery of the violation of the contract in
auditing King Resources Corporation, but
declined to disclose the irregularities to Fund
of Funds because of the AICPA’s Ethics Rule
301 that prohibits disclosure of confidential
information (Boynton and Kell, 1996). The
jury found Arthur Anderson liable for aiding
and abetting violations of securities laws
(Rule 10b-5) and common law fraud because of
their failure to disclose their knowledge of
King Resources’s wrongdoing to Fund of
Funds Limited. In addition, the jury found
the accounting firm guilty of breach of con-
tract because they did not comply with the
specific representation in their engagement
letter. The plaintiff was awarded damages of
US$81 million.
Ordinary negligence
Ordinary negligence is the failure to exercise
the due care that a reasonable, prudent
person would exercise in the same circum-
stances.
In 1939, in the Matter of Interstate Hosiery
Mills Inc. (4 SEC 706, at 713), the court felt that
the auditor was negligent in carrying out his
duty. A prudent practitioner must recognize
unfamiliar situations and take such precau-
tionary measures as warranted by the cir-
cumstances. In such instances, the auditor
should adopt extra precautions and a skepti-
cal attitude:
On the other hand, he did not attempt to
translate the pounds and bale figures in
their confirmations into dollars for compar-
ison with the inventory recapitulations,
which was among the working papers.
Indeed, he was not familiar with the market
price of silk and never inquired concerning
it, accepting Marien’s pricing without ques-
tion and relying entirely upon Marien’s
representation that the total inventory
figure agreed with the corporation’s own
records.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In the Amoco Chemical Corp. v. Hill, Del Super
(318 A. 2d 617), the court defined negligence
as:
the failure to employ such care as a reason-
ably prudent and careful person would use
in similar circumstances; it is the doing of
an act that a person of ordinary prudence
would have done under similar circum-
stances.
The court rulings on fraud cases seem to
indicate that auditors have potential liability
for ordinary negligence to primary beneficia-
ries for whose benefit they intend to provide
the information, and foreseen beneficiaries
for whom they know the client will provide
information. This also reflects the view of the
American Law Institute, in its Restatement of
Torts (1977, No. 552).
Court rulings on auditors’ responsibility
and liability on fraud cases is not consistently
applied.
They may be dependent on the judge’s
interpretation and other circumstances as is
evidenced in the following fraud cases.
In 1968, the court ruled in the Rhode Island
fraud case of Rusch Factors v. Touche holding
auditors responsible for “careless financial
misrepresentations relied upon by actually
foreseen and limited classes of persons” when
ordinary negligence is proven. The court
noted:
Why should an innocent reliant party be
forced to carry the weight and burden of an
accountant’s professional misconduct? Isn’t
the risk of loss more easily distributed and
spread by imposing it on the accounting
profession, which can pass the cost of insur-
ing against the risk on its customers, who
can in turn pass the cost onto the entire
consumer ublic?
In 1969, the Iowa Supreme Court held in Ryan
v. Kanne that third parties could recover from
auditors for ordinary negligence when the
audit was known to benefit identified parties
before the auditor’s report was issued.
In 1972, in the case of Rhode Island Hospital
Trust National Bank v. Swartz, the court held
auditors liable for ordinary negligence to
third parties even if they expressed a dis-
claimer on the related financial statements.
The negligence arises for failing to explain
fully the reasons for the disclaimer of opinion
and the effect this information would have in
the financial statements.
In the 1983 fraud case of Citizens State Bank
v. Timm, Schmidt & Co., the court held the
tortfeasor liable for foreseeable consequences:
A tortfeasor is fully liable for all foreseeable
consequences of his act except as these
consequences are limited by policy factors.
In the 1983 New Jersey fraud case of
H. Rosenblum, Inc. v. Adler, the court held
that auditors have a responsibility not only to
their clients but also to investors and others
relying on audited financial statements.
In 1985, the New York Court of Appeals
rejected the foreseeable standard in Credit
Alliance Corporation v. Arthur Andersen &
Co. The court established three criteria for
determining whether a plaintiff can bring a
claim against auditors for ordinary negli-
gence:
1 the plaintiff did in fact rely on the audi-
tors’ report;
2 the auditors knew that the plaintiff
intended to rely on their report; and
3 the auditors, through some action on their
part, evidenced understanding of the
plaintiff ’s intended reliance.
In the 1986 fraud case of International
Mortgage Co. v. John P. Butler Accountancy
Corp., the California Appeals Court favored
the third party. Auditors issuing an unquali-
fied opinion on misstated financial
statements can be sued by third parties.
In 1992, the US District Court for the North-
ern District of California, in the case of
Software Toolworks, Inc. Securities Litigation,
granted a summary judgment to Deloitte &
Touche in connection with a public stock
offering by Software Toolworks. Deloitte had
audited financial statements that were incor-
porated in Toolworks’ prospectus for the
offering, and investors alleged that those
statements had made improper inclusions in
a revenue category. In granting summary
judgment, the court pointed out that Deloitte
had performed extensive testing of
Toolworks’ revenue recognition procedures
(Software Toolworks, 1992).
Gross negligence
Gross negligence is the failure to use even
slight care in the circumstances. Auditors
acted carelessly and recklessly in conducting
the audit.
In the 1938 fraud case of State Street Trust
Co. v. Ernst & Ernst, the auditors failed to
assess the collectibility of the accounts
receivable. The court recognized the liability
to third parties due to the auditors’ gross
negligence and reckless misstatements which
constituted gross negligence. Later, the Third
Circuit Court in McLean v. Alexander (599 F
2d 1190 -3d Cir. 1979) defined recklessness as:
Highly unreasonable conduct involving not
merely simple, or even inexcusable negli-
gence, but an extreme departure from the
standards of ordinary care, and which pre-
sents a danger of misleading buyers or sell-
ers that is either known to the defendant or
is so obvious that the actor must have been
aware of it.
[ 13 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 14 ]
In one of the first fraud cases of Ultramares
Corp v. Touche (255 NY 170, 1931), the auditors
failed to discover fictitious accounts receiv-
able. The auditors’ negligence was deemed so
gross that it constituted fraud. Judge Cardozo
stated on this matter:
If liability for negligence exists, a thought-
less slip or forgery beneath the cover of
deceptive entries may expose accountants to
a liability in an indeterminate amount for
an indeterminate time to an indeterminate
class.
The court believed that gross negligence
existed in this case because “in certifying to
the correspondence between balance sheet
and accounts the defendants made a state-
ment as true to their own knowledge, when
they had … no knowledge in the subject.”
US Federal sentencing guidelines
The guidelines are a reaction to a natural
frustration with the criminal justice system.
There was a feeling that federal judges were
not giving long enough sentences to white-
collar criminals and were not imposing
large enough fines (US District Judge
Marvin Aspen, 1991).
The corporate sentencing guidelines were
mandated by Congress in the Comprehensive
Crime Act of 1984. The Act established the
USA Sentencing Commission (USSC) which
issued the Sentencing Guidelines for Individu-
als in 1987. On May 1, 1991, the USSC submit-
ted to Congress its Proposed Guidelines for
Sentencing Corporations which became law
on November 1, 1991. The Sentencing Com-
mission added an eighth chapter “Sentencing
of organizations” to the seven earlier chap-
ters of the Federal Sentencing Guidelines.
According to the Sentencing Commission, the
eighth chapter was “designed so that the
sanctions imposed upon organizations and
their agents, taken together, will provide just
punishment, adequate deterrence, and incen-
tives for organizations to maintain internal
mechanisms for preventing, detecting and
reporting criminal conduct” (Sittenfeld,
1996). Under the new federal sentencing
guidelines, fines for a felony or a certain type
of misdemeanor can range from US$5,000 to
US$72,500,000. Upper-level management can
minimize an organization’s exposure to
awards of this magnitude by requiring an
internal control structure commensurate
with those guidelines (Fargason, 1992).
Organizations were charged to respond to
Congress’ reactions to the recent fraud scan-
dals regarding the Savings-and-Loan (S&L)
crisis of the 1980s, BCCI, and the securities
industry which were dealt too easily by the
court system (Alpert, 1992). The new guide-
lines deal with white-collar crimes, antitrust
violations, bid rigging, securities violations,
price fixing, bribery, environmental viola-
tions, embezzlement, mail fraud, and others.
The Federal Sentencing Guidelines reaffirm
the old legal doctrine of respondeat superior.
The organization is responsible for the
wrongful action of its employees while acting
in their official capacity. Organizations may
minimize exposure to illegal acts by commu-
nicating to all employees and agents unethi-
cal behavior through training programs,
establishing proactive antifraud programs,
enhancing fraud awareness, and initiating
fraud compliance audits. The Sentencing
Guidelines creates an extraordinary risk for
corporations. Corporations will be held crim-
inally responsible even if those in manage-
ment had no knowledge of participation in
the criminal events. In the matter of US v.
Bank of New England, WA, 921F. 2d 844, 856
(1st Cir.), cert. denied, 484 US 943 (1987), a
corporation can be criminally responsible for
the collective knowledge of several of its
employees even if no single employee
intended to commit crime. In the matter of
New York Central and Hudson River Railroad
v. United States 212 US 481 (1909); Standard Oil
Co. of Texas v. United States 307 F. 2d 120 (5th
Cir. 1962), corporations can be held crimi-
nally responsible for criminal acts of its
employees, “if those acts are done in the
course and scope of their employment and for
the ostensible purpose of benefiting the cor-
poration.”
The Guidelines assign point values to
guilty organizations based on mitigating and
aggravating circumstances. The fine goes up
if, among other things:
• the organization engaged in similar mis-
conduct in the past;
• the crime violates an existing judicial order
or injunction; and
• the organization employs a high-level
person who has a prior criminal record.
The fine goes down if the organization has an
effective program to prevent or detect viola-
tions of law. Organizations may help the judge
reduce the culpability score if they can
demonstrate that such activities are self-
reporting to authorities, co-operating with
authorities, accepting responsibilities, and
maintaining an effective compliance pro-
gram. Mitigating factors allow for probation
for organizations which have established an
effective anti-fraud control program that
“was reasonably designed, implemented, and
enforced so generally it will be effective in
preventing and detecting criminal conduct
(Alpert, 1992). An effective program includes
the following criteria:
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
• establishing a compliance program which
can reasonably be expected to reduce the
prospect of criminal activity;
• assigning responsibility to specific high-
level individuals for overseeing compliance
with standards and procedures;
• not allowing discretionary authority to
individuals who in the organization know
or should have known would have a propen-
sity to engage in illegal activities;
• installing monitoring and auditing systems
designed to detect criminal conduct;
• communicating standards and procedures
to all employees and agents through train-
ing programs and printed materials;
• reinforcing standards consistently through
appropriate disciplinary mechanisms; and
• responding to reported offenses with actions
taken to prevent recurrences (Flesher, 1996).
Sittenfeld (1996) offers tips to organizations to
comply with The Federal Sentencing Guide-
lines for Organizations. Internal auditors can
support management anti-fraud efforts in the
following areas by:
• making certain that preventive, detective,
and reporting controls are in place to sat-
isfy the mandate of the Sentencing Commis-
sion;
• knowing that punishments are prescribed
in the Guidelines and what organizations
can do to deflect them;
• developing a clear understanding of the
deterrent provisions of the Guidelines, how
they can affect the organization’s daily
operations, and which set of internal con-
trol will satisfy the Guidelines and protect
the organization; and
• advising management with regard to how
the organization can derive the greatest
benefit from incentives offered by the
Guidelines.
Jennings (1997) believes that the internal
auditor’s role is to make sure that the organi-
zation’s program has monitoring and audit-
ing systems that provide a check on financial
and accounting controls. The auditor should
detect the types of crimes and regulatory
violations to which the company is vulnera-
ble, and monitor how effectively the compli-
ance program itself is operating. The internal
auditor should also research ways to take
advantage of mitigating factors under the
Guidelines, as well as strategies for dealing
with employee reporting and for designating
the most appropriate person for compliance
responsibility.
An effective compliance program with the
Sentencing Guidelines must demonstrate
commitment, oversight, responsibility,
staffing, and due diligence. The Due
Diligence Program of The Federal Sentencing
Guidelines requires that:
• standards and procedures to reduce crimi-
nal conduct within the organization must
be in place;
• high level personnel must be in charge of
the program;
• due care must be exercised in terms of
delegating authority;
• effective communication and training
regarding standards and procedures must
be established;
• mechanisms for monitoring, auditing, and
reporting criminal misconduct must exist;
• consistent enforcement of standards,
including investigation and discipline,
must be assured; and
• procedures for feedback and correction
should criminal incidents be uncovered
must be established (Federal Sentencing,
1991).
The US Sentencing Guidelines provide for
incremental lower fines when an organiza-
tion reports an offense to the authorities,
cooperates in the investigation, identifies and
disciplines the wrongdoers, and takes vigor-
ous steps to reduce the likelihood for an
offense to be committed.
Fiorelli and Rooney (1997) find that the
Internal Control – Integrated Framework
(1992) of the Committee of Sponsoring Orga-
nizations (COSO) and the Sentencing Guide-
lines are related since both focus in develop-
ing a strong system of internal control. All
the Sentencing Guidelines’ requirements
“can be explained within the context of
COSO.”
The foreign corrupt practices act
In the long run, an international agreement
is needed to curb the use of bribes by
transnational corporations (Clinard, 1990).
The USA’s revulsion to bribery was evidenced
during the 1970s when well-known US compa-
nies such as Lockheed, Northrop, and Gulf
Oil were making headlines almost daily
because they paid large sums of money to
high foreign officials in order to close impor-
tant deals (Evans et al., 1994).
The Internal Revenue Service (1976) found
that bribes abroad may have led to tax fraud
in accounting. A SEC-sponsored voluntary
compliance program (1976) disclosed that
over 250 US corporations had made question-
able or illegal payments in the USA and
abroad. Many of the illegal payments were
made through off-the-books “slush funds” or
improper invoicing practices.
To deter corrupt practices, the US Congress
enacted the Foreign Corrupt Practices Act
(FCPA) on December 19, 1977. The Act
[ 15 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 16 ]
amends Section 13(b) of the Securities
Exchange Act of 1934.
Its accounting requirements apply to all
companies that are registered under Section
12 of the 1934 Securities Act or that are
required to file report under Section D of the
Act. The accounting provision of the Act is
administered and enforced by the SEC.
The FCPA requires SEC-registrant compa-
nies to implement an internal control struc-
ture sufficient to provide reasonable assur-
ance that:
• transactions are executed in accordance
with management’s general and specific
authorization;
• transactions are recorded as necessary: to
permit preparation of financial statements
in conformity with generally accepted
accounting principles or any other criteria
applicable to such statements and to main-
tain accountability for assets;
• access to assets is permitted only in accor-
dance with management’s general or spe-
cific authorization; and
• the recorded accountability for assets is
compared with existing assets at reason-
able intervals and appropriate action is
taken with respect to any differences.
The FCPA’s provision to devise and establish
an internal control system tends to deter
fraudulent reporting. The SEC has not pre-
scribed any detailed procedure or technique
to ensure compliance with the FCPA but has
held that management has such responsibil-
ity. The SEC has, however, identified the fol-
lowing concepts in evaluating an internal
control structure:
• appraisal of the overall control environ-
ment;
• translation of broad objectives into specific
objectives;
• consideration of detailed procedures and
techniques to achieve specific objectives;
• monitoring control procedures to deter-
mine if they are functioning as intended;
and
• evaluation of the system for reasonable
assurance by considering the benefits
and/or alternative controls.
The bribery of foreign officials in order to
obtain, retain, or direct business to any
person is considered an illegal act. Under the
FCPA, fines of up to US$1 million on compa-
nies and up to US$10,000 for each individual
and imprisonment for up to five years were
recommended. Insurance companies do not
cover the FCPA provisions. Companies are
not allowed to pay for individual fines.
In the 1988 Omnibus Trade and Competi-
tiveness Act, Congress direct the President to
seek an agreement with the member
governments of the Organization for Eco-
nomic Cooperation and Development (OECD)
to ban the use of bribery by transnational
corporations. The Act signed by President
Reagan amended the FCPA in order to
address its perceived deficiencies. The
amendments affect: the accounting provi-
sions; the criminalization of foreign bribery;
and he enforcement of the act. The term “rea-
sonable detail” as used in the record keeping
requirement and the “reasonable assurance”
as used in the internal control system must
meet the “prudent man” test. Criminal liabil-
ity is applied for firms and individuals who
make payments to third parties while know-
ing that the payment would be used by the
third party for purposes barred by the FCPA.
Criminal penalties have been increased from
US$1 million to US$2 million for companies,
and from US$10,000 to US$100,000 for individ-
uals.
Enforcement of the antibribery provisions
for all jurisdictions has been consolidated
within the Justice Department whereas the
SEC retains the responsibility to enforce the
provision relating to the company’s books
and records and internal controls.
From 1980 to 1994 several corporations have
been indicted for bribery under the FCPA.
Harris and Ricks (1994) reported in The Wall
Street Journal that Lockheed Corporation
and two of its executives had been indicted on
charges of making illegal foreign payments in
violation of the FCPA. Lockheed made illegal
payment to Leila Takla, a member of the
Egyptian Parliament. On January 27, 1995,
Lockheed pleaded guilty for conspiring to
violate US antibribery laws and was fined
US$24.8 million. It admitted to falsifying
records and lying to the Pentagon in selling
three C-130 cargo planes for US$79 million to
Egypt (Pasztor, 1995).
In Canada, state law bans bribery of federal
and provincial government officials but does
not address such payment to foreign govern-
ment employees. The US Foreign Corrupt
Practices Act and the UN Draft International
Agreement on Illicit Payments could provide
Canada with a framework for drafting laws
prohibiting bribes of foreign officials (Klotz,
1994).
In May 1994, the OECD, whose membership
consists of 26 industrialized countries, issued
a statement recommending that its members
act to “combat the bribery of foreign public
officials in connection with international
business transactions” (Kimelman, 1994).
In 1996, the US SEC accused Montedison of
Italy of hiding millions of dollars in bribes
and for submitting fraudulent financial
reports (Taylor, 1996).
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In 1996, an Argentine federal judge initiated
a formal investigation into a US$249 million
contract between the local IBM and Banco de
la Nacion Argentine. At issue is whether IBM
paid probes to obtain the contract. The US
Justice Department and the SEC are looking
into whether IBM violated the FCPA provi-
sions (Friedland, 1996).
The same year, international organizations
such as the World Bank and the Organization
of American States (OAS) came out against
corruption in cross-border business transac-
tions. The United Nations’ General Assembly
has even asked member states to make
bribery in international business a crime and
to remove rules allowing corporations to
classify bribes as deductions (Lavelle, 1997).
In Russia, the privatization of business has
led to increased opportunities for public
officials to engage in bribery. Determining
liability under the FCPA is fraught with legal
ambiguities in a country undergoing major
legal and economic changes. Most Depart-
ment of Justice enforcement actions so far
have focused on bribery involving high gov-
ernment officials (Dugan and Lechtman,
1996). Thueson (1997) reported that kickbacks
and bribes – though technically illegal in
Russia, are normal business practices. Lack
of internal controls and documentation, and
“ethical lapses” seem to be the major hurdles
for Western companies doing business in
Russia. It is possible for a Russian company
to hire a government agency official as a
consultant on a business matter even though
the agency official is reviewing the business
matter under consideration.
Part II: Fraud and the professional
standards
The role of the AICPA
Independent auditors should accept the
responsibility for the discovery and disclo-
sure of those irregularities which the exer-
cise of due audit care by a prudent practi-
tioner would normally uncover (Mautz and
Sharaf, 1961).
More than once the American Institute of
Certified Public Accountants (AICPA) has
come to the rescue of the accounting and
auditing profession in fraud cases by rectify-
ing the situation and issuing auditing stan-
dards and procedures. These fraud cases,
which have been widely publicized, have had
a profound effect on the profession as the
independent auditor’s responsibility has
changed drastically over the years. In the
early 1900s, the external auditors’ primary
responsibility was the detection of fraud
because audits were primarily involved with
cash transactions.
In 1936, the American Institute of Accoun-
tants (AIA) issued a pronouncement titled
“Examination of financial statements by
independent public accountants.” It did not
require confirmation of receivables in the
case of companies having an adequate system
of internal control. In the case of inventories,
the external auditor relied principally for
information on the responsible officers and
employees of the company. The 1939 spectacu-
lar fraudulent case of McKesson & Robbins,
Inc. changed all that. It brought to the public
attention that independent auditors had
issued an unqualified opinion on financial
statements without observing the physical
inventory on hand nor confirming accounts
receivable balances with debtors. The SEC
had recommended the strengthening of audit-
ing procedures about inventory reporting.
This led the AICPA to appoint the Committee
on Auditing Procedures (CAP) to examine
audit procedures and other “public discus-
sions” related to McKesson & Robbins regard-
ing a US$19 million overstatement of inven-
tory and accounts receivable. The same year,
the CAP issued the Statements on Auditing
Procedures (SAP) No. 1, Extension of Auditing
Procedures, which recommended: the obser-
vation of physical inventory; the direct confir-
mation from the debtor which should be
regarded as a normal audit procedure in all
cases where receivables constituted a signifi-
cant proportion of total assets; the appoint-
ment of independent certified public accoun-
tants; and a report from the independent
certified public accountant. SAP No. 1 also
authorized the substitution of other proce-
dures under certain circumstances.
In 1951, the CAP felt that an examination of
financial statements did not warrant the
discovery of irregularities and adopted the
following position on fraud:
The ordinary examination incident to the
issuance of an opinion respecting state-
ments is not designed and cannot be relied
upon to disclose defalcations and other
similar irregularities, although their dis-
covery frequently results.
The AICPA contends that a detailed examina-
tion of financial statements is not called for
by the cost/benefit relationship:
If an auditor were to attempt to discover
defalcations and similar irregularities, he
would have to extend his work to a point
where its costs would be prohibitive … It is
generally recognized that good internal
control and surety bonds provide protection
much more cheaply.
In 1960, the AICPA issued SAP No. 30, which
was later incorporated in the Statement of
Auditing Standard (SAS) No. 1, Codification of
Auditing Standards and Procedures in 1972.
[ 17 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 18 ]
The auditor acknowledged responsibility for
detecting fraud that would normally be
uncovered by an examination performed in
accordance with GAAS:
The responsibility of the independent audi-
tor to detect fraud (which responsibility
differs as to clients and others) arises only
when such failures clearly result from non-
compliance with generally accepted audit-
ing standards.
It was felt that the cost of the discovery of
fraud would be prohibitive:
If an objective of an independent auditor’s
examination were the discovery of all fraud,
he would have to extend his work to a point
where its cost would be prohibitive. Even
then he could not give assurance that all
types of fraud had been detected or that
none had existed because of items such as
unrecorded transactions, forgeries, and
collusive fraud would not necessarily be
uncovered. It is generally recognized that
good internal control and fidelity bonds
provide protection more economically and
effectively.
Mautz and Sharaf (1961) question the AICPA’s
position to eliminate or minimize the respon-
sibility to uncover fraud through audit-client
agreements, letters, and statements in the
professional literature. They list three
motives for the refusal to uncover fraud:
1 the auditor appears to be renouncing
his/her right to an area in which he/she
has competence and in which he/she can
be of service;
2 as a professional group auditors are in
effect refusing to provide an effective ser-
vice to the business community; and
3 auditors are emphasizing to clients and
the world at large their unwillingness to
accept responsibility, to provide a difficult
but useful service.
They argue that there is a considerable differ-
ence between a reasonable search for major
irregularities and the complete search for
possible errors. There are indeed a consider-
able number of irregularities which even an
elaborate search might not detect; there are
also a considerable number of errors which a
reasonable investigation might not disclose.
They also feel that such position cannot but
“lessen the prestige of the profession, particu-
larly in view of the fact that the service and
the responsibility we now deny, at one time,
was claimed rather forcefully.”
After the Equity Funding scandal, the SEC
summoned the public accounting profession
and demanded to know what they planned to
prevent the recurrence of similar catastro-
phes. The AICPA responded by issuing SAS
No. 16, The Independent Auditor’s Responsibil-
ity for the Detection of Errors or Irregularities
in 1967 which was superseded by SAS No. 1. It
dealt with the auditors’ responsibility for
detecting fraud. The auditor is required to
look specifically for irregularities which may
have a material effect on the financial state-
ments. It states:
Under generally accepted auditing stan-
dards, the independent auditor has the
responsibility, with inherent limitations of
the auditing process, to plan his examina-
tion to search for errors or irregularities
that would have a material effect on the
financial statements, and to exercise due
skill and care in the conduct of that exami-
nation.
The possibility of material errors or irregu-
larities should influence the independent
auditor to adopt a skeptical attitude in the
examination of the financial statements. SAS
No. 16 (Section 316) states:
The auditor should plan and perform his
examination with an attitude of professional
skepticism, recognizing that the application
of his auditing procedures may produce
evidential matter indicating the possibility
of errors and irregularities.
Later the AICPA issued SAS No. 17 (Section
316), which even more explicitly requires
design of the audit to provide reasonable
assurance of detecting material errors and
irregularities. Both SASs 16 and 17 have been
credited to the SEC chief accountant’s persua-
sive ability (Sack, 1987).
The 1967 fraud case of Fischer v. Kletz led
the AICPA to issue in October 1969 the State-
ment of Auditing Procedures (SAP) No. 21
which provides that errors discovered after
the completion of an audit are not to be con-
cealed by the auditors’ silence.
In May 1973, the AICPA appointed a special
committee to “study whether the auditing
standards which are currently considered
appropriate and sufficient in the examination
of financial statements should be changed in
the light of the Equity Funding fraud.” In
February 1975, the special committee issued
its report and concluded that “Customary
audit procedures properly applied would have
provided a reasonable degree of insurance
that the existence of fraud at Equity Funding
would be detected.” The special committee
felt that the audit procedures were adequate
and recommended a restatement of those
sections of SAS No. 1:
It seems clear that the auditor has an obliga-
tion to discover material frauds that are
discoverable through the application of
customary auditing procedures applied in
accordance with generally accepted audit-
ing standards. The auditing profession
should, on an ongoing basis, continue to
improve the efficiency of customary audit
procedures to the end that probability of
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
discovery of material frauds continues to
increase within the limits of practicality
(Cooper and Flory, 1976).
In March 1975, the Financial Accounting
Standards Board (FASB) released a discus-
sion memorandum entitled Analysis of Issues
Related to Criteria for Determining Material-
ity which lists the following factors that are
weighted by auditors in materiality judg-
ments and by investors and creditors in
making investing and lending decisions:
• environmental factors;
• enterprise related factors;
• accounting practices; and
• uncertainty.
It seems that the auditor’s responsibility to
detect management fraud depends on the
manner in which it was perpetrated, its per-
vasiveness, and the likelihood of its discovery
through competent application of auditing
procedures. However, if management fraud is
discovered, the adequacy of disclosure
depends on the anticipated impact such infor-
mation will have on users of financial reports
(Thomas, 1979).
In 1978, the AICPA’s Independent Commis-
sion on Auditors’ Responsibilities (the
“Cohen Commission” named after the chair-
person, Manuel Cohen, a former SEC Com-
missioner) issued a 195-page report on the
appropriate responsibilities of independent
auditors. The Cohen Commission defined
fraud as follows:
Viewed broadly, any intentional act
designed to deceive or mislead others is
fraud. Fraud in the business environment
with which the auditor is concerned has a
more specialized meaning. Fraud may occur
at the employee or management level. Fraud
by nonmanagement employees are gener-
ally designed to convert cash or other assets
to an employee’s own benefit … Fraud at the
management level includes intentional
misrepresentations that may lead to
improper selection of accounting principles
or inclusion of false amounts, or the omis-
sion of amounts from financial statements.
It is usually accompanied by acts of conceal-
ment, such as omission of entries, manipula-
tion of documents (including forgery), or
collusion among individuals inside or out-
side the company.
Since 1985, the AICPA has been promoting the
legislation which transpired in the fraud case
Credit Alliance Corporation v. Arthur Andersen
which rejected the “foreseeability standard”
and held auditors liable for ordinary negli-
gence only to those people whom they
acknowledged in writing were known to be
relying on their reports.
In 1987, the well-publicized case of E.S.M.
Government Securities fraud case represented
a real threat to the entire accounting
profession’s reputation. This led the AICPA to
establish the following auditing standards
and procedures.
In April 1988, the AICPA issued SAS No. 53
(AU 316), The Auditor’s Responsibility to
Detect and Report Errors and Irregularities,
which distinguishes between errors and
irregularities:
The term errors refers to unintentional
mistakes in financial statements and
includes mathematical or clerical mistakes
in the underlying records and accounting
data from which the financial statements
were prepared, mistakes in the application
of accounting principles, and oversight or
misinterpretation of facts.
The term irregularities refers to inten-
tional distortions of financial statements,
such as deliberate misrepresentations by
management, sometimes referred to as
management fraud, or misappropriation of
assets, sometimes referred to as defalca-
tions.
SAS No. 53 requires external auditors to:
• understand the characteristic causes and
signs of errors and irregularities;
• assess the risk that errors or irregularities
may cause a company’s financial
statements to contain a material misstate-
ment. Higher-than-normal risk of irregu-
larities exist when working capital is inade-
quate or the client’s industry experiences
several business failures;
• design the audit to provide reasonable
assurance of detecting errors and irregular-
ities that are material to the financial state-
ments; and
• disclose irregularities to outside agencies.
SAS No. 53 also requires auditors to maintain
an attitude of professional skepticism when
planning and performing an audit:
The auditor neither assumes that manage-
ment is dishonest nor assumes unquestion-
able honesty. Rather, the auditor recognizes
that conditions observed and evidential
matter obtained, including information
from prior audits, need to be objectively
evaluated.
Albrecht (1996b), in “The expectation gap,”
argues that the only way SAS 53 could narrow
the expectation gap between users and inde-
pendent auditor expectations would be if:
SAS No. 53 changed the way auditors con-
ducted audits so that they actually detected
more frauds; or changed user expectations
about what auditors are supposed to do. He
believes that SAS 53 “hadn’t changed the way
auditors conducted financial statement audit
nor had it changed user expectation.”
In 1988, the Auditing Standard Board issued
SAS No. 54 (Section 317), Illegal Acts by
Clients, which superseded SAS No. 17. The
statement defines illegal acts as violation of
[ 19 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 20 ]
laws or governmental regulations and pro-
vides guidance in three general areas:
1 an auditor’s responsibility for detecting
and disclosing illegal acts;
2 the audit procedures an auditor should
consider both in the apparent absence of
illegal acts and when illegalities are possi-
ble; and
3 how an auditor should respond to detected
illegal acts (Ricchiute, 1996).
When auditors become aware of possible
illegal acts, they should obtain an understand-
ing of the circumstances of the act and gather
sufficient evidence to judge the effect of the
illegal act on the financial statement. When
illegal acts may have occurred, Arens and
Loebbecke (1994) suggest the following steps:
1 the auditor should inquire of management
at a level above those likely to be involved
in the potential illegal act;
2 the auditor should consult with the client’s
legal counsel or another specialist who is
knowledgeable about the potential illegal
act; and
3 the auditor should consider accumulating
additional evidence to determine if there
actually is an illegal act.
Guy and Mancino (1992) suggest the following
additional steps:
• report the fraud or illegal acts to the audit
committee;
• consider the implication of fraud or illegal
act for other aspects of the audit;
• insist the financial statements be revised;
• withdraw from the engagement and com-
municate in writing the reasons for the
withdrawal; and
• prepare a letter stating the agreement or
disagreement with the company’s state-
ments.
In 1995, the US Congress passed the securities
law titled The Private Securities Litigation
Reform Act which demands that auditors
first hunt for illegal acts. Previously, auditors
were required to look for illegal acts only if
their suspicions were aroused. The new law
says an auditor must first hunt for illegal
activities, then check for misleading numbers
or omissions in a company’s financial state-
ments (MacDonald, 1996). The act imposes,
for the first time, a duty on an independent
auditor of a public company to report fraud
or illegal activity to the SEC. Under the act,
an auditor’s responsibility covers any activ-
ity in violation of law, such as EPA, FOA, and
EEOC violations (Rossow, 1996).
Under SAS No. 54, an auditor’s responsibil-
ity to detect and report misstatements result-
ing from illegal acts on financial statement
amounts that have a direct material impact
on financial statements is identical to SAS
No. 53 which requires external auditors to
report errors and irregularities. Examples of
illegal acts having a direct material effect
include violations of tax laws or of govern-
ment grant contracts. Examples of illegal acts
having a material but indirect effect on finan-
cial statements include violations of equal
employment and antitrust laws (Ricchiute,
1996).
The AICPA has recognized the establish-
ment of an adequate internal control struc-
ture as a preventive measure of potential
irregularities. In April 1988, the AICPA
issued SAS 60, The Communication of Control
– Structure Related Matters Noted in an Audit
which defines a reportable condition as a
“significant deficiency in the design or opera-
tion of the internal control structure which
could adversely affect the organization’s
ability to record, process, summarize, and
report financial data consistent with the
assertions of management in the financial
statements.”
In 1991, Congressmen Ron Wyden, Edward
J. Markey, and John D. Dingell felt that fraud
detection should be one of the primary goals
of any audit of financial statements. They
introduced HR 4313, “Financial Fraud Detec-
tion and Disclosure Act,” which represents
an attempt to put more pressure on indepen-
dent auditors to detect fraud. In March 1993,
the AICPA announced its endorsement of HR
574, the Financial Fraud Detection and Dis-
closure Act (the Wyden Act), on the basis that
it should bolster public confidence in the US
financial reporting system by requiring audi-
tors to provide earlier public notification of
possible misconduct (Barlas, 1993).
The same year, Congressman Henry Gonza-
lez introduced the HR 6, the Deposit Insur-
ance Reform Bill. The bill would require
external auditors who suspect wrongdoing to
report the findings to management, which is
then responsible for informing the SEC
within one day. If the organization does not
inform the SEC on time, the auditor must
resign and send a copy of the findings to the
agency (International Auditor, 1991a).
In 1993, the AICPA made a proposal that
would mandate the SEC to establish a report-
ing system that would require public compa-
nies to state whether their internal controls
over financial reporting were effective and to
have their statements publicly corroborated
by an independent auditor. John B. Sullivan,
chairman of the AICPA’s Accounting Stan-
dards Board, maintains that such a system
would serve as a weapon against financial
fraud. Walter P. Schuetze, former SEC chief
accountant, maintains that such a system
would not prevent dishonest companies from
“cooking the books” and could thus provide a
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
false sense of security (Journal of Accoun-
tancy, 1993).
In August 1993, the AICPA’s Board of Direc-
tors issued a statement entitled Meeting the
Financial Reporting Needs of the Future: A
Commitment from the Public Accounting Pro-
fession (AICPA, 1993a). The AICPA endorsed
the recommendation of the Public Oversight
Board and proposed several accounting
reforms in order to improve fraud detection,
strengthen auditor independence, and other
related auditing issues. This was done in
response to some prominent business failures
that had eroded public confidence. The
AICPA unveiled a historic initiative to
increase public confidence in financial
reporting and to improve the climate for tort
reform by expanding auditors’ effort to:
• improve the prevention and detection of
fraud;
• enhance the utility of financial reporting to
those who rely on it;
• assure the independence and objectivity of
the independent auditor;
• discourage unwarranted litigation that
impedes innovation and undermines the
profession’s ability to meet evolving finan-
cial reporting needs; and
• strengthen the accounting profession’s
disciplinary system.
The reform calls for a systematic review of
alleged accounting failures (Miller, 1993). The
board of directors also endorsed the proposed
federal “Financial Fraud Detection and Dis-
closure Act” and stressed that auditors
should receive a stronger support from man-
agement to allow them to prevent and detect
fraud:
Every participant in the financial reporting
process has a stake in preventing wrongdo-
ing and all should be expected to share the
responsibility. Management, for example,
should renew its emphasis on ethical values
throughout the organization. It is also criti-
cal that an open line of communication with
the independent auditor be maintained.
Therefore, advisors, such as attorneys,
should be called upon to bring to the inde-
pendent auditor’s attention instances of
suspected fraud so that the auditor can, to
the extent possible, confirm or dispel those
suspicions. Regulators who possess such
knowledge should also be required to make
that information known to the auditors.
In its 1993 annual report, the Public Over-
sight Board (POB) of the American Institute
of CPAs focused on the accounting profes-
sion’s response to the growing liability crisis.
According to POB chairman A.A. Sommer Jr,
the board will support efforts to pass legisla-
tion that restores the balance between
accountability and liability. Sommer believes
that auditors should be accountable for
damages caused when they fail to meet their
responsibilities, but not for the frauds and
shortcomings of others or for the failures of
government policies (Sommer, 1993).
In March 1993, the AICPA POB published a
report, In the Public Interest: Issues
Confronting the Accounting Profession
(AICPA, 1993b) and stated that an indepen-
dent auditor cannot be expected to detect
certain forms of management fraud. Such
statement may not be in consonance with
some people who believe that uncovering
management fraud should be an auditor’s
main priority (Knutson, 1994). The POB how-
ever recommended increased efforts by CPA
firms to assure the implementation of SAS
No. 53. Soon thereafter the AICPA issued a
response to the POB recommendation in the
form of a White Paper that restated the audi-
tor’s responsibility to detect material mis-
statement, including management fraud
(Carmichael and Craig, 1996).
In May 1996, the Auditing Standards Board
(ASB) issued a proposed SAS, Consideration
of Fraud in a Financial Statement Audit. This
will replace SAS No. 53, The Auditor’s Respon-
sibility to Detect and Report Errors and Irreg-
ularities. The proposed statement:
• describes fraud and its characteristics;
• requires the independent auditor to assess
the risk of material misstatement due to
fraud and provides categories of fraud risk
factors that should be considered;
• provides guidance on how the auditor
should respond to the results of the assess-
ment;
• provides guidance regarding the auditor’s
communication about fraud to manage-
ment, audit committees, and others.
The risks of fraudulent financial reporting
are broken down into three categories:
1 management characteristics;
2 industry characteristics; and
3 operating characteristics and financial
stability.
The standard reaffirms the independent
auditor’s present responsibility to plan and
perform the audit in order to obtain reason-
able assurance about whether the statements
are free from material misstatements, and
whether such misstatement is caused by
error or fraud (Hrisak, 1996). The indepen-
dent auditor is required to consider both the
fraudulent financial reporting (management
fraud) and the misappropriation of assets
(employee fraud). External auditors must
therefore take proactive steps to ascertain the
existence of fraud, such as verifying more
receivables, confirming sales and shipments,
and conducting site inspections of client
facilities. Along with the auditor’s increased
[ 21 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 22 ]
responsibility will be guidelines regarding
the involvement of the board of directors and
the weak systems of internal control (Demery,
1996).
The proposed standard, for the first time,
uses the word “fraud” instead of “irregular-
ity.” Under the proposed revision, AU 110
would read as follows:
The auditor has a responsibility to plan and
perform the audit to obtain reasonable
assurance about whether the financial state-
ments are free of material misstatement,
whether caused by error or fraud.
The standard will force independent auditors
to document in their working papers that
they have considered the risk of fraud in their
audits:
In planning the audit, the auditor should
document in the working papers evidence of
the performance of the assessment of the
risk of material misstatement due to fraud,
including any fraud risk factors that the
auditor believes, individually or in combina-
tion, significantly impact the risk of mater-
ial misstatement together with the auditor’s
response to those risk factors. In addition, if
during the performance of the audit, fraud
risk factors and other conditions are identi-
fied that cause the auditor to believe that the
risk of material misstatement due to fraud
has increased, the changed assessment, and
any further response that the auditor con-
cluded was appropriate also should be docu-
mented.
Albrecht (1996b) believes that the required
documentation “will narrow the expectation
gap because they will force auditors to con-
sider fraud explicitly in every financial state-
ment audit.”
The standard also requires the independent
auditor to discuss with management the
possibility of fraud:
The auditor also should inquire of manage-
ment to obtain the client’s view regarding
the risk of material misstatement due to
fraud. Information from that inquiry could
identify fraud risk factors that may affect
the auditor’s assessment and related
response. Some examples of matters that
might be discussed as part of the inquiry
are: whether there are particular subsidiary
locations, business segments, types of trans-
actions, account balances, or financial state-
ment categories where fraud risk factors
exist or may be more likely to exist; and how
management may be addressing such risks.
The standard raised the following concerns:
the increased cost of performing the financial
audits; the increased exposure of auditors to
litigations; and the flaws related to the fraud
risks factors (Albrecht, 1996b).
David Landsittel, chairman of the ASB’s
Fraud Task Force, commented on the new
SAS No. 82, Consideration of Fraud in a
Financial Statement Audit (1996). It provides a
“benchmark for what auditors need to do to
fulfill their responsibilities related to consid-
eration of fraud in an audit.” The better our
profession can become in detecting fraud, the
better we will serve the public interest and
increase the value of our services (Hrisak,
1996).
Michael H. Sutton, SEC chief accountant,
lauded the new AICPA Statement as the most
recent effort by the profession to help gain
public confidence. He also praised SAS No. 82
for referring to fraud by name, for the first
time, instead of by its euphemistic term
“irregularities” and for describing over 40
fraud risk factors that auditors must consider
in planning and performing the audit
(Sutton, 1997a).
Fraud and bankruptcy often are found in
lawsuits against auditors. The auditor’s
detection and disclosure responsibilities in
these areas are a focus of the Private Securi-
ties Litigation Reform of 1995. The Act
reaffirms the auditor’s responsibilities
regarding SAS No. 53, The Auditor’s Responsi-
bility to Detect and Report Errors and Irregu-
larities. SAS No. 54, Illegal Acts by Clients,
and SAS No. 82, Consideration of Fraud in a
Financial Audit (Palmrose, 1997).
The role of the institute of internal auditors
The internal auditor is vitally concerned
with all manners of waste and fraud, what-
ever the source and however small the size.
This is rooted in the understanding that a
tiny cloud can mushroom in to a tempest
that may rock the pillars of the enterprise
(Sawyer, 1988).
The IIA emphasis on fraud is reflected in the
Standards of Professional Practice for Inter-
nal Auditors (SPPIA). Section 280 states:
In exercising due professional care, internal
auditors should be alert to the possibility of
intentional wrongdoing, errors and omis-
sions, inefficiency, waste, ineffectiveness,
and conflict of interest. They should also be
alert to those conditions and activities
where irregularities are most likely to
occur.
The standards do not, however, specify that
internal auditors are responsible for the
detection of fraud. Internal auditors must be
alert and consider the possibility of fraud
when carrying out an audit. Internal auditors
cannot give absolute assurance that fraud
does not exist:
Internal auditors cannot give absolute
assurance that noncompliance and irregu-
larities do not exist. Nevertheless, the possi-
bility of material irregularities of noncom-
pliance should be considered whenever the
internal auditor undertakes an internal
audit assignment.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
In 1985, The Institute of Internal Auditors
deemed fraud so important to issue SIAS No.
3, “Deterrence, detection, investigation, and
reporting of fraud” to codify the internal
auditor’s responsibility for fraud. The SIAS
added several subsections to Standard 280 to
address the issue of fraud detection.
In 1986, The Institute of Internal Auditors
took a stand on internal audit involvement in
the prevention of fraudulent activity – partic-
ularly, fraudulent financial reporting, and
issued a paper entitled The Role of Internal
Auditors in the Deterrence, Detection, and
Reporting of Fraudulent Financial Reporting
(Institute of Internal Auditors, 1986). The
paper was prepared for the National Commis-
sion of Fraudulent Financial Reporting.
The pervasive influence by the Institute of
Internal Auditors to deter, detect, and report
fraud will be discussed in the following sec-
tions.
The role of the association of certified
fraud examiners
Most of the internal frauds investigated by
Certified Fraud Examiners (CFEs) such as
embezzlement, kickbacks, and false invoic-
ing, even if they involve big dollars, aren’t
material to the financial statements of the
corporation and don’t have to be disclosed.
But leave that fraud untended and the situa-
tion might change (Kramer, 1996).
The Association of Certified Fraud Examin-
ers (ACFE) was founded in 1988 for the pur-
pose of reducing incidents of white-collar
fraud. The ACFE runs a program to accredit
as Certified Fraud Examiners (CFEs) people
with skills necessary to detect, investigate,
and deter fraud. CFEs often have accounting
or auditing backgrounds and work in such
fields as forensic accounting, fraud auditing
and investigations, loss prevention, law
enforcement, research and academics, and
public accounting. CFEs can cash in on white
collar crime by offering expert assistance to
attorneys and litigators (Cohenson and
Dispasquale, 1993).
According to Wells (1997), the CFE would
have knowledge in four specific areas:
1 the investigation of fraud;
2 the legal principles involving the proof of
fraud;
3 the schemes involved in fraudulent finan-
cial transactions; and
4 an understanding of criminal behavior
concerning fraudulent conduct.
CFEs often work as forensic accountants.
Bologna et al. (1993) define forensic account-
ing as follows:
Forensic and investigation accounting is the
application of financial skills and an inves-
tigative mentality to unresolved issues,
conducted within the context of rules of
evidence. As a discipline, it encompasses
financial expertise, fraud knowledge, and a
strong knowledge and understanding of
business reality and the working of the legal
system. Its development has been primarily
achieved through on-the-job training, as
well as experience with investigating offi-
cers and legal counsel.
Forensic accounting, which implies any
court-related work done by an accountant,
can provide fraud review teams for the mem-
bers of the legal profession. In criminal or
legal cases, forensic accountants can work for
the prosecution, defense, and even the court
(Thornhill, 1995). Wells (1995) believes that
forensic accounting has reached its limits
and will not continue to grow whereas fraud
examination has been described as the
growth field for the twenty-first century.
Most industrial companies are subject to
three layers of financial review – internal
auditors, auditors employed by lending insti-
tutions, and independent public auditors. If
any one of these financial reviews uncovers
suspicious activity, they may decide to call on
a fraud auditor, sometimes referred as a
forensic accountant. The inquiry of the foren-
sic accountant will differ from that of the
previously described audits in that the foren-
sic accountant will be specifically looking for
fraud. According to Luizzo and Van Nostrand
(1994), the fraud auditor typically builds a
case by carefully examining records. When
something out of the ordinary is noted, the
fraud auditor delves deeper to find out why it
occurred. CFEs are engaged by a company as
consultants after an auditor has noted some
irregularity, specifically fraudulent activities.
While financial auditors focus on the finan-
cial transactions themselves and rely exten-
sively on the internal controls in determining
the nature, timing, and extent of the audit
process, fraud auditors instead go deeper to
the behavior that underlies each transaction
and look at how the central systems can be
circumvented (Bologna and Lindquist, 1995).
Robertson (1996) observed that fraud exam-
iners have little in the way of standard pro-
grams or materiality guidelines to limit their
attention to fraud possibilities: “They float on
a sea of observations, of exceptions and oddi-
ties that may be the tip of a fraud iceberg.”
De Groot (1997) observed that fraud exami-
nation and forensic accounting in The
Netherlands became “more prevalent in 1992
when KPMG announced that it was setting up
a forensic accounting department.” He gives
four reasons for the sustained growth of fraud
examination and forensic accounting:
[ 23 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 24 ]
1 the rising company fraud and the waning
interest of the police and courts in such
cases;
2 the conduct of criminal audits to keep
criminal influence at bay;
3 the preparing and refuting claims becom-
ing a bread-and-butter activity for forensic
accountants; and
4 the defendants’ legal counsels increas-
ingly disputing the findings of accountants
and fraud examiners.
The role of the institute of management
accountants
The heat is on auditors these days. Busi-
nesses are going belly up at record rates.
And frequently the employees and the stock-
holders of these fragile firms are the last to
know (Frank, 1982).
The Institute of Management Accountants’
(IMA) research report The Role of Analytical
Procedures in Detecting Management Fraud
addresses the need to improve the auditor’s
ability to detect management fraud with a
better knowledge of analytical procedures
(Freedman, 1993).
The IMA believes that management and the
board of directors should establish an inter-
nal control structure to prevent or detect
fraud. Part of that structure is the control
environment. Factors in that environment
are:
• management philosophy;
• operating style which sets the tone for com-
pany activities;
• a strong commitment by management to
ethical conduct reflected in its written
policies and personnel practices, and
• interest in effective control which fosters
the creation of the appropriate environ-
ment.
The role of the Treadway Commission
The Treadway Commission urged all partic-
ipants in the financial reporting process – to
consider several specific risk factors when
planning or reviewing proposed audit activi-
ties (Jeffords et al., 1992).
In 1987, the Commission on Fraudulent
Financial Reporting (Treadway Commission)
issued 49 recommendations to reduce the
incidence of fraudulent financial reporting.
The Commission concluded that the primary
responsibility for fraudulent reporting rests
with the management and the board of direc-
tors of the company that issue the report. The
Commission reported:
• all public companies should maintain inter-
nal controls that will provide reasonable
assurance that fraudulent financial report-
ing will be prevented or subject to early
detection; and
• that the “tone set by top management” is of
overriding importance.
The Commission further stressed that users
of audited financial statements should expect
auditors to:
• perform the audit with technical compe-
tence, integrity, independence, and objectiv-
ity;
• search for and detect material misstate-
ments, whether intentional or uninten-
tional;
• prevent the issuance of misleading finan-
cial statements.
The Commission, therefore, recommended to
independent public accountants that:
• auditing standards be changed to recognize
the auditor’s responsibility for detecting
fraudulent financial reporting better; and
• the auditor’s standard report be improved
to better communicate the work done by the
auditor.
The Commission identified the following
risks:
• Internal environmental risk which consists
of conditions, circumstances, and influ-
ences on a company that are subject to
management control; and
• External environmental risk which includes
industry conditions, regulatory and legal
considerations, and the business environ-
ment.
The Treadway Report found that frauds were
often initiated during good times, as growth
got out of hand and pressures for adequate
working capital created incentives to distort
records (Wallace, 1995).
Jeffords et al. (1992) examined 910 cases
submitted to the Internal Auditor during the
nine-year period from 1981-1989 to assess the
specific risk factors cited in the Treadway
Commission Report. Approximately 63 per-
cent of the 910 cases are classified under the
internal control risk which include:
• lack of regular, independent checks in per-
formance;
• inadequate organizational control methods;
• inadequate methods of communicating or
enforcing the assignment of authority and
responsibility; and
• unauthorized access and physical control of
assets, records, computer programs, or
data.
Almost two-thirds of the 910 cases can be
classified according to the risk factors identi-
fied by the Treadway Commission.
In 1992, the Commission of Sponsoring
Organizations (COSO) of the National Com-
mission on Fraudulent Financial Reporting
published its report, Internal Control –
Integrated Framework. COSO urges
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
corporations to report on their internal con-
trol, advice that has been strongly criticized
by some people who may believe that honesty
can be legislated. However, several cases
show that top company executives have been
accused of committing fraudulent financial
reporting (Roy, 1993).
Fraud and the professional code of
conduct
In order to reduce the risk of fraud, organi-
zations must develop a climate that rein-
forces ethical behavior (Tate, 1996).
Rule 102 of the AICPA Code of Professional
Conduct states that “the members shall main-
tain objectivity and integrity, shall be free of
interest, and shall not knowingly misrepre-
sent facts or subordinate his/her judgment to
others.” The concepts of objectivity and
integrity are the cornerstone of most profes-
sional associations, but some professionals
do not adhere to them in practice.
In a recent National Business Ethics Sur-
vey conducted by the Ethics Resource Center,
nearly one-third of employees sometimes felt
pressures to engage in misconduct to achieve
business objectives. One-fourth of the respon-
dents believe that their companies ignore
unethical conduct to meet business objectives
and nearly one employee in six said their
company overtly encourages misconduct to
meet business objectives. The Ethics
Resource Center also reported that one-third
of the employees surveyed witnessed miscon-
duct at work, but less than half reported it to
their employers. The majority of those who
did report misconduct were not satisfied with
their company’s response. The likelihood that
employees report the misconduct they
observed increased significantly in compa-
nies with comprehensive ethical programs,
and they were much more likely to be satis-
fied with the outcome of their report than
those without ethics programs (Internal
Auditor, 1995a).
Brief et al. (1997) examined one of the most
common types of fraud investigated by the
SEC -the failure to report write-offs of over-
stated assets. The study found, based on
responses by more than 400 people, that 47
percent of the top executives, 41 percent of the
controllers, and 76 percent of the graduate-
level business students included in the study
were willing to commit fraud by understating
write-offs that cut into their companies prof-
its. Such findings are indicative of the current
state of ethics in financial reporting. They
provide but one reason why Congress, the
SEC and the investing public all attach such
high value to the independent attest role of
the auditing profession (Sutton, 1997b).
Part III: The role of management,
audit committee and auditors
The role of management
Due to criticisms of the profession resulting
from auditors’ nondiscovery of several large
management frauds, auditors now have
greater responsibility for discovering man-
agement fraud than previously (Arens and
Loebbecke, 1994).
According to Kapnick (1980), management
fraud stems from “improper actions of man-
agement, normally accompanied by false
documentation of transactions or withhold-
ing of relevant information, resulting in a
material impact on the financial statements
and in financial detriment to shareholders or
creditors.” He lists the following examples of
management fraud and their underlying
reasons:
• misappropriation of assets;
• reporting inflated asset values on operating
results so that those perpetrating the fraud
can retain their positions;
• increasing their remuneration;
• enhancing the holdings of company stock;
• improper use of assets to the benefit of man-
agement;
• overstatement of assets or understatement
of liabilities to present a favorable financial
position or results of operations;
• the siphoning off of assets through transac-
tions with affiliated entities;
• kickbacks and other irregular transactions
between officers and outside parties; and
• lack of disclosure of significant informa-
tion.
Management may make use of: false account-
ing entries; misleading information; forged
documents; unrecorded liabilities; or
recorded transactions with undisclosed ele-
ments. If evidence of top management fraud
is disclosed, the board of directors or the
audit committee should be alerted, and possi-
bly the regulatory agency. The collapse of the
Lincoln Savings and Loan Association is an
example of management fraud.
Sawyer (1988) believes that the three condi-
tions under which fraud exists are attributed
to the environment or climate set by senior
management and the board:
1 situational pressures experienced by
employees of enterprises;
2 uncontrolled access to assets, coupled with
management’s indifference; and
3 personal trait undermining personal
integrity.
He lists eight reasons behind management
fraud:
1 Executives sometimes take rash steps
from which they cannot retreat.
[ 25 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 26 ]
2 Profit centers may distort facts to hold off
divestment.
3 Incompetent managers may deceive in
order to survive.
4 Performance may be distorted to warrant
large bonuses.
5 The need to succeed can turn managers to
deception.
6 Unscrupulous managers serve interests
which conflict.
7 Profits may be inflated to obtain advan-
tages in the marketplace.
8 The one who controls both the assets and
their records is in a perfect position to
falsify the records.
Experience has shown that certain condi-
tions in an organization constitute symptoms
of possible management fraud. The standards
require internal auditors to have knowledge
about factors (red flags) that have proven to
be associates with management fraud. The
following conditions are considered indica-
tors of possible management fraud:
• managers repeatedly assuming subordi-
nates’ duties;
• managers dealing in matters outside their
profit center’s scope;
• managers not complying with corporate
directives and procedures;
• generous performance-based reward sys-
tems;
• a domineering management;
• a management preoccupation with
increased financial performance;
• complex sales transactions and transfers of
funds between affiliated companies;
• a manager continually handling the most
pressing issues of a company creating an
opportunity to commit fraud;
• suspension of normal and appropriate
procedures; and
• unreasonable sales and production goals.
Loebbecke et al. (1989) surveyed 121 audit
partners in the Big Six accounting firms.
They reported having found 354 irregulari-
ties. Fifty-five percent involved management
fraud perpetrated by 384 individuals, and 45
percent involved defalcations perpetrated by
178 individuals.
Marsh et al. (1994) reported that fraud cases
involving top management has become com-
mon in continental Europe, especially in
Germany. This has been attributed to the
recession which has made some fraudulent
acts difficult to hide.
Calderon and Green (1994) made an analy-
sis of 114 actual cases of corporate fraud pub-
lished in the Internal Auditor between 1986
and November 1990. They found limited sepa-
ration of duties, false documentation, and
inadequate or nonexistent control account
for 60 percent of the cases. Moreover, the
study found that professional and managerial
employees were involved in 45 percent of the
cases. Based on the findings, they
recommended the following:
• To deter fraud, internal auditors should
ensure that strong prevention systems
based on the fundamental principles of
good internal control be established and
used.
• To detect and investigate fraud, organiza-
tions must ensure the existence of strong
internal audit departments with sufficient
resources to pursue the increased responsi-
bilities faced by internal auditors.
A study was conducted to use a generalized
quantitative-response model, EGB2, to model
and forecast management fraud. EGB2 aver-
aged 89.3 percent predictive capability for
both symmetric and asymmetric cost
assumptions of Type I and Type II errors. The
predictive features of EGB2 are important to
independent auditors since type II error can
be very costly to the firm in terms of litiga-
tion (Hansen et al., 1996).
The role of the audit committee
In many cases, top management apparently
did not believe that fraud could take place in
their organization. The assumption was that
people were honest, and internal control
prevented fraud, waste, and abuse (Alpert,
1992).
The AICPA’s SAS 61 (AU 380), “Communica-
tion with the audit committee” (1988)
requires external auditors to make oral or
written communication to the audit commit-
tee on material misstatements in the finan-
cial statements. The auditors should inform
the audit committee of the board of directors
of all irregularities.
The IIA’s SIAS No. 3, Deterrence, Detection,
Investigation and Reporting of Fraud also
requires internal auditors to inform manage-
ment, the board of directors, or the audit
committee of suspected wrongdoing:
When the incidence of significant fraud has
been established to a reasonable certainty,
management or the board should be notified
immediately.
The Treadway Commission’s investigations
indicated that audit committees could serve
very effectively to reduce the incidence of
fraud. Marsh and Powel (1989) recommend an
audit committee charter for fraud prevention.
The charter should include responsibilities
dealing with:
• financial reporting;
• corporate governance; and
• internal control.
 Rocco R. Vanasco The role of internal auditors
Fraud auditing It is a challenge to the internal auditor to
Managerial Auditing Journal give fraud the balanced attention it
13/1 [1998] 4–71 deserves, while achieving the total range of
internal auditing services (Brink and Witt,
1982).
The SPPIA stresses that the role of internal
auditors in fraud auditing is to be alert to:
• the possibility of fraud; and
• conditions and activities when irregulari-
ties are most likely to occur.
Brink and Witt (1982) suggest the following
internal auditors’ responsibilities in the area
of fraud control:
• Assist and cooperate with organizational
and other personnel that have been
assigned responsibilities in connection
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
with the instigation of actual or suspected
fraud.
• Be alert to the possibilities of fraud in the
review of operating activities carried out by
organizational personnel.
• Carry out such special assignments relat-
ing to fraud as may be required by responsi-
ble members of the organization.
• Help evaluate the extent to which fraud
prevention and detection are given fair
consideration along with other operational
activities.
• Seek directly or indirectly to achieve the
balanced fraud oriented efforts that will
assure maximum achievement of all other
types of needed organizational services.
In 1988, IIA chairman of the board Bill Duane,
in his article, “Building together the future,”
summarized succinctly the role of the mod-
ern internal auditor: “We are the control
experts, the control consultants, the can-do,
value-added members of the management
team. We know better than anyone else how
to combat fraud, error, and waste.”
There seems to be a consensus that auditors
need to sharpen their skills in identifying red
flags in detecting fraud. Thompson (1991)
views the internal auditor role with regard to
fraud as identifiers, investigators, resident
experts, and educators.
Albrecht et al. (1993) believe that traditional
skills required in the field of auditing are not
adequate to identify fraud. Modern auditors
must possess:
• effective communication;
• reasoning; and
• problem-solving skills.
Internal auditors must also be familiar with a
variety of auditing skills which are still
essential to:
• analyze internal control;
• collect, evaluate, and summarize data; and
• identify fraud.
Planning and management skills become
increasingly important as the auditor
advances in the organization.
According to a study sponsored by The
Institute of Internal Auditors, internal audi-
tors need skills that go far beyond the tradi-
tional requirements of the field. A wide vari-
ety of auditing skills are still essential to
analyze internal controls: collect, evaluate,
and summarize data; and identify fraud
(Albrecht et al., 1993).
Thompson (1995) provides important
lessons for the internal auditing profession.
The first lesson that internal auditors should
keep in mind is that business changes should
be carefully scrutinized. It is their job to cau-
tion management about fraud implications of
new products, investments, deals, partner-
ships or programs. The second lesson is that
marketing and sales fraud should be carefully
handled. Internal auditors can help in this
area by advising management on the com-
pany’s exposures associated with deceptive
sales practices. The third lesson is that execu-
tive directors’ stewardship is being closely
scrutinized. Internal auditors should there-
fore educate corporate officers about the
importance of executive example.
To Bologna and Lindquist (1995), auditors
have to enhance their knowledge of the char-
acteristics and attributes of fraud because 90
percent of fraud cases are discovered only by
accident.
Part IV: Fraud in government and
nonprofit entities
The role of the US general accounting
office
Fraud is a significant problem for govern-
ments today and one that can be reasonably
expected to grow (Ziegenfuss, 1996).
When performing audit work under the US
General Accounting Office (GAO) standards,
the auditor is required to report irregulari-
ties and illegal acts to the client agency under
audit contract. Aspects of responsibility
under the Generally Accepted Government
Auditing Standards (GAGAS) for detecting
and reporting errors, irregularities, and
illegal acts include the following:
• Being aware of characteristics and types of
potential material irregularities.
• Exercising due care in pursuing indica-
tions of irregularities and illegal acts.
• Under required circumstances, reporting
indications of irregularities to law enforce-
ment or regulatory agencies.
The GAO Field Work for Financial Audits
require government auditors to:
[ 27 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 28 ]
• Provide reasonable assurance of detecting
irregularities material to the financial
statements.
• Provide reasonable assurance of detecting
material misstatements resulting from
direct-effect illegal acts.
Friedman (1995) reported that the firm of
Long & Edmunds relies heavily on the state of
the client’s internal controls to assess the
potential for fraud. In auditing government
entities and nonprofit organizations, Long &
Edmunds consider several things during an
audit that might warn of fraud or misstate-
ments, including:
• the way the client’s financial staff responds
to questions;
• improper segregation of duties;
• poor recordkeeping;
• a lot of cash activity; and
• the lack of a bidding process for the pur-
chase of goods and services.
Ziegenfuss (1996) performed a study to deter-
mine the amount and type of fraud occurring
in state and local government. The study
revealed that the most frequently occurring
types of fraud are:
• misappropriation of assets;
• theft;
• false representation; and
• false invoices.
The reasons for the increased fraud in state
and local governments are:
• poor management practice;
• economic pressure;
• weakened society values;
• people being not held responsible for their
actions; and
• inadequate training for those responsible
for fraud prevention/detection.
The most often reported “red flags” are:
• weaknesses in internal control;
• ignoring audit reports;
• inventory losses;
• nonreliance on internal/external audit
reports;
• not paying attention to employee
comments; and
• actual expenses exceed those budgeted.
The nonprofit organization sector
The nonprofit community during the past
ten years has had to repeatedly defend its
credibility as a result of well-publicized
scandals (Reis, 1996).
Recent events have shown that fraudulent
financial statements and embezzlement can
occur even among charitable organizations
and large companies like Leslie Fay, Phar
Mor and Miniscribe. It has been estimated
that 60 percent of people are only as honest as
a particular situation warrants them to be.
They will be dishonest if that seems more
beneficial (Johnston, 1995).
Revelations about fiscal misconduct in
nonprofit organizations have drawn attention
to the role of the auditor in the detection of
fraud. Nonprofit organizations must gain a
better understanding of what an audit is
designed to achieve (Tate, 1996).
According to Reis, the debacles at Covenant
House, United Way of America and the Foun-
dation for New Era Philanthropy are exam-
ples of how the nonprofit community is forced
to take two steps back for every bold step
forward. To prevent fraud in nonprofit orga-
nizations, he suggests, among other things,
that an audit of a nonprofit organization’s
financial statements be comprehensive. Man-
agement and the board of trustees should ask
auditors for a management letter on the suffi-
ciency of internal accounting and financial
controls.
Part V: The industry sector
The bank sector
The directors of commercial banks often are
held accountable for subordinate fraud,
even when they have no suspicion of the
existence of fraudulent activity (Schadewitz
and Blevins, 1996).
In the last few decades, several hundred bank-
ing fraud cases have been reported by the
press worldwide, some of which were really
spectacular for their sophisticated schemes.
Some of them are discussed below.
The role of bank directors, security person-
nel, audits, and examiners of financial insti-
tutions is the deterrence and detection of
fraud. Gup (1994) observed that banks have
learned the hard way how to protect them-
selves against scams that defraud financial
institutions of billions of dollars. Statistics
indicate that small banks are at most risk of
being defrauded. The five most common
schemes that result in major frauds that con-
tribute to failures of financial institutions
are:
1 nominee loans;
2 double pledging of collateral;
3 reciprocal loan arrangements;
4 land flips; and
5 linked financing.
In 1978, a survey of EDP-related fraud was
conducted in the banking and insurance
industries in cooperation with the Bank
Administration Institute, the American
Insurance Association, the American Council
of Life Insurance, and the Life Office Manage-
ment Association. Of the 5,127 banks sur-
veyed, 105 reported they had experienced at
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
least one case of what was believed to be EDP-
related fraud. The survey indicated that the
banking schemes most frequent used were
misposting or misdirecting deposits. Other
most frequently used scheme included credit-
ing loans to borrowers who never received
the funds, or who, in fact may have never
existed. In some other cases, perpetrators
made unauthorized extensions of credit
limits and loan due dates. The perpetrators of
fraud in the bank industry were, in order of
frequency, clerks, loan officers, data proces-
sors, tellers, and item processors. The method
of detection identified in the event or factors
that triggered the detection of fraud were:
• internal controls;
• routine audits;
• customer complaint/inquiry;
• accident, tip-off, unusual activity of perpe-
trators;
• change in operations, EDP, or financial
statements (AICPA, 1984).
Colvin et al. (1983) reported in Fortune that
the United American Bank of Knoxville used
other banks, all controlled by the same family,
as a means of transferring problem loans
thus keeping them from being detected by the
auditors. The Federal Deposit Insurance
Corporation Improvement Act (FDICIA)
examiners found that the “bank had about
US$377 million, or nearly half its total assets,
in loans the FDIC classified as partly or
totally uncollectible.” Nearly half of the prob-
lem loans were made to United American’s
former chairman Jake F. Butcher, his family
associates and their interests.
In 1986, Keoning reported in the Wall Street
Journal that Home Savings Bank was suing
its former auditor Arthur Andersen & Co.
and was seeking at least US$275 million in
compensatory damages. The Home Savings
Bank alleged that the auditors did not dis-
cover the fraudulent use of the securities that
the bank used as collateral for loans to ESM
Government Securities.
In 1991, with bank failures at an all-time
high, Congress passed legislation requiring
internal control reports by insured deposi-
tory institutions. The FDICIA requires a
statement of management’s responsibility of
the institution’s annual report for:
• establishing and maintaining adequate
internal controls over financial statement
reporting and for complying with applica-
ble laws and regulations; and
• management’s assessment of the effective-
ness of the internal control and the compli-
ance with designated laws and regulations
(FDICIA, 1991).
According to FDIC chairman L. William
Seidman, who testified before a House Energy
and Commerce subcommittee, banks’ inde-
pendent auditors should share with regula-
tors their suspicion of bank fraud. He added
that “banks’ independent auditors should
report to the bank when they detect fraud. If
they resign from the account, they should
report the reasons to regulators” (FDIC,
1986).
In 1992, the Federal Deposit Insurance Cor-
poration negotiated a US$400 million settle-
ment with Ernst & Young. This settlement
covered all cases brought against the account-
ing firm by federal regulators (Berton, 1992).
Price Waterhouse, also in 1992, faced a
US$338 million jury verdict. The 11-month
trial involved a bank audit that was
conducted by an inexperienced auditor who
did not discover bad loans and failed to iden-
tify reckless loan approval procedures
(Berton and Adler, 1992).
The same year, an US$8 billion negligence
suit was brought against two of the world’s
largest accounting firms, Price Waterhouse
and Ernst & Whinney (now part of Ernst &
Young) in connection with their audits of the
scandal-riddled Bank of Credit and Commerce
International (BCCI). Touche Ross, the liq-
uidator of BCCI, charged the firms with negli-
gence in their 1985 and 1986 audits of the
bank, which collapsed in 1991 amid what is
considered to be the largest fraud in banking
history.
Touche Ross claims that the massive fraud
should have been noticed years before it
finally came to light in 1991 (Souter, 1992). The
report on the BCCI prepared by Senator John
Kerry’s subcommittee claims that the Bank of
England was wholly deficient in its supervi-
sion of BCCI and conspired with BCCI audi-
tor Price Waterhouse and BCCIs main share-
holder to keep the bank going after seeing
clear evidence of fraud. The Bank of England
and Price Waterhouse flatly denied these
allegations claiming that they did not give
evidence directly to the subcommittee (The
Economist, 1992). On October 22, 1992, the UK
government released the result of an inquiry
by a senior judge into the handling of the
fraud-ridden Bank of Credit and Commerce
International, taking to task BCCI auditor
Price Waterhouse, BCCI major shareholder
Abu Dhabi, and the bank’s main supervisor,
the Bank of England. Lord Justice Bingham
stated in his report that the Bank of England
should have been more alert to early indica-
tion of possible fraud (The Economist, 1992b).
Fialka (1993) reported in the Wall Street
Journal that former BNL-Atlanta manager
Christopher Drogoul claimed that the exter-
nal auditors failed to uncover US$5 billion of
allegedly fraudulent loans to Iraq in the late
1980s. Drogoul, in a testimony before the
[ 29 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 30 ]
House Banking Committee, stated that the
officials of the Banca Nazionale del Lavoro in
Rome encouraged him to make and conceal
the large loans to Iraq while other bank
branches were forbidden to make similar
loans.
According to the Commercial Crime
Bureau, a division of the International Cham-
ber of Commerce, there has been a significant
increase in reports of investment schemes
involving the buying and selling of the so-
called prime bank instruments. Areas of high
risk for banks are procurement fraud, fraudu-
lent transfers, and transaction fraud (Warner,
1994).
The Justice Department reported that con-
victions for bank fraud in 1994 dropped 17.3
percent to 626 while fraud convictions at
S&Ls plunged 37 percent to 192. From 1984-
1994, 70 percent of the financial crimes were
committed by outsiders. Directors and offi-
cers made up 22 percent of the remaining
criminals, while chief executive officers,
chairmen of boards and presidents accounted
for 8 percent (Shannon, 1995).
Champlain (1995) observed that a financial
institution could be instantly brought to its
knees by just one fraudulent wire transfer.
Wire transfers pose the single greatest risk of
loss to a financial institution because of the
speed with which losses can occur. As a pre-
ventive measure, he recommends proper
separation of duties to ensure that no single
individual has the ability to initiate, verify,
and transmit outgoing wire, or redirect
incoming wires to accounts other than those
specified in the original instructions.
The IIA Fort Worth Chapter (1996) reported
that the review of a customer’s request to
refinance his loan revealed that a loan officer
was granting advances on customers’ line of
credit that were in excess of the customers’
authorized limit. There were also some ques-
tions about the loans the officer made and his
personal relocation expenses when he joined
the company. A system was developed to
detect line of credit advances that exceeded
the authorized limit.
Check fraud is the No. 1 bank crime. Some
90 percent of bank crimes involve checking
accounts. Criminals pass some 2,000 bad
checks a day in the USA, costing businesses
US$10 billion a year. Banks alone lose US$625
million a year from check fraud. To safeguard
against bad checks, both the East and West
Coast Banks and Credit Union require that
noncustomers leave their fingerprint near
the signature when cashing a check. The
simple system involves rubbing a finger on a
small blotter and pressing it on the check
(Knight and Ridder, 1997).
In 1997, a former Chemical Banking Corpo-
ration trader, Victor Gomez, was sentenced to
three years prison for concealing a US$66
million trading loss amassed through failed
bets on Mexican pesos. Mr Gomez pleaded
guilty for conspiracy and making false
entries in bank records. He doctored trading
records to conceal the trades from the New
York-based bank (Simon, 1997).
Germany’s commercial banks have been hit
by three large financial fraud scandals involv-
ing metal and engineering giant Metallge-
sellschaft, real estate development concern
Dr Jungen Schneider, and international
sports flooring company Balsam. Balsam’s
four-man management board was arrested on
suspicion of committing fraud, evading taxes,
and falsifying data to obtain loans. Balsam
owed 50 German and foreign banks roughly
US$900 million. German banks defend their
credit policies by saying that corporate
financing is a risky business and that there is
no foolproof method for preventing fraud and
abuse (Protzman, 1994a).
In Hungary and the rest of Eastern Europe,
there is a continuous battle between the inter-
nal auditors, who are responsible for report-
ing suspected fraud to the police and the bank
treasurers, liquidity managers, and other
financial directors who want the big stable
clients. Those clients are often involved in
illegal activities. In this difficult environ-
ment, internal auditors are attempting to
educate managers in the ways of capitalism
(Kovacs, 1996).
The health care sector
Over the past five years, estimated losses
from health care fraud totaled about US$418
billion – or as much as four times the cost of
the entire savings and loan crisis (Cohen,
1995).
Fraud in the health care industry has been
rampant worldwide in the last three decades
as shown from the following cases of health
care abuses. In the USA, health care fraud is
of such magnitude that it has attracted the
attention of the US Congress and local gov-
ernments. Laws have been enacted to curve
health care fraud. Some fraudulent health
care cases are discussed below.
Blue Cross and Blue Shield of Missouri
(1992) had developed a program aimed at
reducing health care fraud, billing errors,
and waste. The Audit and Quality Manage-
ment Program saved the insurer members
US$3.5 million during the first six months of
1992 (National Underwriter, 1992).
The IIA Baltimore Chapter (1992) reported a
case in which the manager had confessed to
writing checks payable to fictitious health
care providers and depositing the checks into
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
a personal bank account. The manager, a
trusted employee, confessed to stealing US$4
million over a two-year period and losing
most of it at casinos in Atlantic City and Las
Vegas.
The Risk and Insurance Management Soci-
ety’s Report noted that many managed care
techniques designed to curb employee health
benefit costs can also be used to reduce work-
ers’ compensation costs. Companies can use
“medical bill audits” to root out fraud, over-
charges, and duplication that can inflate
employers’ tabs for occupational illness and
injury (Wojcik, 1993).
The National Association of Attorneys
General’s Health Care Task Force estimated
that fraud accounted for over US$80 billion of
the US$817 billion spent in health care in
1992. Employers need to be aware of the signs
of employee fraud, which is a growing prob-
lem in the health care industry. Cottrell and
Albrecht (1994) observed that managers, audi-
tors, and employees should be aware of the
symptoms that suggest internal fraud. They
should also know that these symptoms are
neither productive nor absolute and that a
full investigation of all symptoms is neces-
sary.
According to the results of a survey con-
ducted by the Health Insurance Association
of America, fraud by physicians, hospital
labs, and equipment providers nearly quadru-
pled from 1990 through 1992. As fraud abuse
levels rise, insurers are calling for software to
detect billing aberrations, fraud, and abuse in
health care claims (Friedman, 1994).
The 1994 Department of Health and Human
Service Office of the Inspector General (OIG)
investigation discovered that billing discrep-
ancies varied. The OIG believes that hospitals
intentionally defrauded the Medicare pro-
gram. Medicare also caught hospitals wrong-
fully submitting billings for experiential
automatic implantable cardiac defibrillators
(Gardner, 1996).
In 1994, Cigna HealthCare has joined with
IBM to develop and implement a technologi-
cal tool that analyzes providers’ behavior
patterns to identify potential abusers of
health care. The fraud and abuse manage-
ment system uses claim data to examine the
billing and medical activities of health care
providers to help determine the most likely
abusers (“Cigna-Healthcare,” 1994).
Gardner (1995) reports that the Department
of Justice and other federal entities estimate
that as much as 10 percent of our national
health care bill is lost to fraud and abuse.
This means that as much US$100 billion may
be lost this year due to health care fraud. This
has led US Senator William S. Cohen (R-
Maine) to introduce a bill titled “Health Care
Fraud Prevention of 1995” in order to combat
fraud and abuse in the health care system.
The Caremark International Inc. in 1995
pleaded guilty and paid US$159 million in
civil and criminal damages. The home-
health-care company was charged with pay-
ing kickbacks to physicians in return for
referrals within its home-infusion, oncology,
hemophilia, and human-growth-hormone
business (Stodghill, 1995).
Stohl (1996) offers three fraud cases related
to the health care industry:
1 Case A. An audit investigation revealed
that customers were never credited for
refunds and that Quality Insurance Com-
pany kept over US$10 million belonging to
customers, including US$2.1 million due
Stone Building Corporation. Quality never
attempted to refund the money improperly
withheld from other customers.
2 Case B. An audit of a credit balance review
of County General Hospital for the state’s
Medicaid program revealed that the
finance director admitted issuing fictitious
refund checks, never intended for the pay-
ees to receive them. The Medicaid pro-
gram was refunded the full amount and
the falsification was treated as a routine
exception rather than fraud.
3 Case C. An audit of the country’s health
benefits program revealed that a consul-
tant acknowledged receiving commission
from the winning HMO and denied any
wrongdoing. The benefit committee dis-
agreed with the consultant and replaced
him.
From the lessons learned from the above
cases, Stohl drew the following conclusions:
• Fraud detection lies in the detail.
• Follow-up is critical.
• Suspected wrongdoing should be fully
investigated to determine criminal intent.
• Fraud can be anywhere.
• Perpetrators often believe they are justified
in the action taken.
Stohl advises that auditors must be alert for
industry practices that may actually be dis-
honest. Last year’s accepted practice may be
tomorrow’s fraud.
The San Diego Union-Tribune (1996)
reported that a federal court fined Laboratory
Corporation of America US$187 million for
fraudulent billings to state and federal gov-
ernment insurers. This scam is know as “add-
on billing.” The lab encouraged doctors to
test patients by offering them a discounted
price on a battery of tests, some of which were
not necessary to the patient’s treatment. The
lab billed the doctors for the lower rate while
charging the government insurer the full
amount.
[ 31 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 32 ]
On August 21,1996, President Clinton signed
into law the Health Assurance Portability
and Accountability Act, common known as
the Kassenbaum-Kennedy Bill. The Bill
grants government investigators plus
Medicare and Medicaid groups more funding
and more power to pursue fraud and abuse
cases. It also creates new incentives to launch
investigations, makes changes in the punish-
ment of health care providers that engage in
misconduct. Crane and Slavitt (1997)
observed:
Congress used a two-barreled shotgun
approach in funding to combat fraud and
abuse. First, the appropriation levels made
the act remove any doubt that Congress is
finally getting serious about fraud and
abuse. Second, Congress created a self-per-
petuating fund that will assure that fraud
and abuse is a never-ending problem.
A survey conducted for the American Associ-
ation of Retired Persons (AARP) by Interna-
tional Communications Research Group,
which last December interviewed 2,000 adults
nationwide, found that 93 percent of Ameri-
cans think health-care fraud is widespread –
and that “there is more of it in Medicare and
Medicaid than in any other kind of health
care.” June Gibbs Brown, Inspector General
of the Department of Health and Human Ser-
vices (HHS), stated that the federal govern-
ment is fighting Medicare fraud since the new
computer system is able to analyze data, look
for trends, and look for problem at areas that
emerge. The pilot program called Operation
Restore Trust has already recovered US$139.3
million in fraud from both Medicare and
Medicaid providers (McLeod, 1997).
The General Accounting Office (GAO) esti-
mates that fraud accounts for ten percent of
the US$700 billion spent on health care in the
USA annually. This includes improper
Medicare, Medicaid, and CHAMPUS billing
practices by doctors and hospitals companies,
such as charging for tests, services or prod-
ucts not provided (Iraola and Klubes, 1997).
In Italy, massive corruption was revealed in
the pricing and registration of drugs. Conse-
quently, the Italian pharmaceutical industry
is on the brink of collapse. The network of
fraud and corruption encompasses every
stage between the manufacture and market-
ing of drugs (Abbott, 1993). Even the former
Italian health minister, Francesco
DeLorenzo, had apparently been colluding
with drug companies to fix drug prices and to
guarantee payoffs to pharmaceuticals. Sev-
eral Italian universities have been accused of
accepting bribes to give the right “advice”
(Nature, 1993).
In Germany, officials of the Allgemeine
Ortskrankenasse health insurance network,
accused German artificial heart valve suppli-
ers of bribing surgeons and administrators at
almost all western German public hospitals
specializing in heart surgery. The bribes
resulted in millions of dollars of annual over-
charges to the German national health care
system (Protzman, 1994).
In the UK, pharmacists collude with physi-
cians to defraud the National Health Service
(NHS). This may occur after a relationship
has developed and the physician seeks to pay
for purchases through prescriptions of expen-
sive drugs which do not go to patients
(Duggan, 1995).
The insurance sector
An accountant is not a guarantor of the
reports he prepares and is only duty bound
to act honestly in good faith and with rea-
sonable care in the discharge of his profes-
sional obligations (SEC v. National Life
Insurance Co., 1974.)
Borda (1987) reported that the casualty insur-
ance frauds cost the public US$15 billion each
year and may add to as much as 25 percent to
policy premiums. Every insurance policy
bought by the public comes with a rate that
includes enough to cover legitimate claims,
fraud, and profit for the company.
Tucker (1988) reviewed the early contribu-
tions of Kenneth W. Stringer to the Audit Risk
Model for insurance companies providing
fidelity bonds. The studies show that 10 per-
cent of the claims submitted had been the
results of collusion, forgery, and other irregu-
larities. The studies warn that total reliance
on internal control to deter fraud is insuffi-
cient.
Briloff (1991) reported in the Wall Street
Journal, that Guarantee Security Life Insur-
ance Co., a Florida company, was able to com-
plete related-party transactions with its prin-
cipal securities broker Merrill Lynch & Co.
from 1984 through 1988. In August 1991 Guar-
antee became insolvent and its 57,000 policy-
holders were temporarily prevented from
collecting their annuities. The suit filed by
the Florida Insurance Commission accused
Merrill Lynch of fraud and also accused
Coopers & Lybrand, Guarantee’s auditors, of
malpractice and breach of fiduciary duties.
Omaha Indemnity Company is still recover-
ing from US$500 million in reinsurance fraud
losses inflicted by two of its managing gen-
eral agents (MGAs) in a period of only a few
years. After reconstructing confusing masses
of poorly kept records, Omaha Indemnity
found that Royal American Managers (RAM)
Inc. had processed US$196.3 million in premi-
ums but reported only US$61 million to
Omaha Indemnity. RAM had pocketed
US$34.6 million of the money, and much of the
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
remainder had been absorbed in transactions
among a network of companies, several of
which were controlled by RAM principals
James Wining and Willie Schonacher Jr
(McLeod, 1993).
The IIA Dallas Chapter (1993) reported that
the audit of the National Flood Insurance
Program determined that a claim agent, who
processed flood insurance claims, fabricated
claims, arranged for the claims manager to
issue the checks, and then recalled the
checks. The checks were passed to outside
accomplices who cashed them and split the
money with the claim agent. Federal agents
were notified and the claims agent was
arrested. The auditor recommended halting
the practice of allowing checks to be returned
to the original requestors.
The IIA Houston Chapter (1993) reported
that an internal audit determined that an
officer of an insurance company was with-
drawing funds from dormant accounts con-
taining unclaimed monies and buying
cashier’s checks. The cashier’s checks were
made payable to various bill collectors, car
dealers, and relatives. The officer had stolen
US$60,000 and was convicted of fraud. The
auditors recommended strengthening the
internal control on dormant accounts.
At the Farmer Insurance Group of Compa-
nies, management realized that to curb fraud
it was necessary to have a precise and mean-
ingful vision statement. As the Home Office
analyzed how best to handle such detailed
matters as handling fraud situations, it real-
ized that developing an overall vision of the
audit would help keep the department
focused on its goals (Jacka, 1995).
Fraud in the insurance sector is so perva-
sive forcing Jim Brown to combat it with
great fervor. As Louisiana Insurance Com-
missioner, he increased manpower and
budget for fraud detection and financial
auditing in 1992. He improved his depart-
ment’s link with federal investigators and
encouraged state legislators to pass laws
making it easier to detect and prosecute
insider fraud.
The results are impressive: 32 insurance
executives in Louisiana were convicted of
various white-collar crimes; two former state
insurance commissioners and a former
deputy commissioner pleaded guilty of fraud,
and 36 out of 100 licensed insurers were
closed for being near insolvency (Covaleski,
1994).
On October 14, 1994, the Wall Street Journal
(1994c) reported that the SEC lodged charges
against the former controller of Guarantee
Security Life Insurance for taking part in
fraudulent record-keeping and reporting to
hide the insurance’s financial condition. The
SEC alleged that the former controller pre-
pared financial statements for Guarantee
Security that masked the fact that bond
trades between the insurance company and
Merrill Lynch during the 1980s were sham
transactions designed to mislead regulators
and investors about the financial condition of
Guarantee and its parent, Transmark USA.
In 1995, Montana Goverment Mark Racicot
signed into law State Bill 253, the Insurance
Fraud Protection Act. The law makes insur-
ance fraud a felony. Companies accepting
premiums without providing coverage and
consumers supplying false oral or written
information could be charged with fraud. The
bill will help to reduce the estimated US$85
million of fraudulent insurance in the state
(Cox, 1995).
On April 2, 1996, the Miami Daily Business
Review reported that the New York Life Insur-
ance Co. was ready to settle a federal fraud
suit for US$187 million. The investors claimed
New York Life Insurance, through an aggres-
sive marketing program, made materially
false statements and hid relevant information
about the partnership’s prospects and risks.
The 1996 survey by the Insurance Research
Council (IRC) found stronger support for
actions of insurance companies and law
enforcement to vigorously investigate and
punish insurance criminals, particularly
corrupt professionals, including doctors and
lawyers involved in fraud rings. In 1995,
between US$5.2 billion and US$6.3 billion was
added to the insurance bills of personal car
insurance policyholders because of outright
fraud or claim padding, according to an IRC
estimate (IRC, 1997).
Prudential Insurance, New York Life, Met-
ropolitan Life, and other insurance compa-
nies have faced insurance commissioner
investigators, class action lawsuits and thou-
sands of complaints by policyholders about
misrepresentations known as “churning.”
Policyholders were promised that thy would
never again have to make life insurance pay-
ments when, in fact, they were being charged
a fixed amount per year (PR Newswire, 1997).
On January 13, 1997, the US District Court
in Los Angeles approved the settlement of two
class actions against Connecticut General
Life Insurance Company (“CGLIC”). The
class actions alleged that CGLIC committed
fraud and misrepresentation in the sale of life
insurance policies by, among other things,
falsely representing the number of payments
that would be required for the life insurance
policies sold to the Class. The benefits pro-
vided to the Class under this settlement also
include US$35 million in future adjustments
CGLIC will make to a group of policies which
were impacted by adjustments the company
[ 33 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 34 ]
made to recover the cost of the DAC Tax and
the provisions of the Omnibus Budget Recon-
ciliation Act of 1990 (Life Insurance Industry,
1997).
Insurance fraud is also increasing in the
international area as well due to better com-
munications and transportation capabilities
that allow perpetrators to move into and
around the global arena.
The retail industry sector
Dishonest employees are by far one of the
leading causes of lost dollars to any com-
pany. These employees will not only steal
from you, but they will take precautions to
avoid detection (Dabney, 1997).
The University of Florida’s 1996 National
Retail Security Survey on retail loss preven-
tion reported that retail security executives
continue to believe that employee theft is
their firms’ most significant source of finan-
cial loss. Responses indicate that a 38.4 per-
cent of shrinkage losses is attributed to
employee theft, 35.8 percent to shoplifting,
19.4 percent to administrative errors, and 6.4
percent to vendor fraud. On average, 31.1
employee theft apprehensions were reported
for every US$100 million in sales (Dabney,
1997). To prevent employee fraud, retail
industries perform background checks, crim-
inal checks, and drug testing.
Part VI: The international arena
Most fraudsters have moved in from offering
penny stocks. They are now likely to peddle
derivatives such as currency or bond
futures (Mulder, 1995).
Most countries do not have a governmental
body like the US Securities and Exchange
Commission to check on potential securities
fraud, nor have a professional association of
the sophistication of the AICPA that has
greatly enhanced the prestige of the auditing
profession. The Institute of Internal Auditors,
the only international auditing association,
has struggled to harmonize the internal
auditing profession worldwide despite the
wide cultural, economic, and political differ-
ences among countries. In an age of commu-
nication, the national boundaries have been
shattered and the auditing profession must
operate within the global village despite its
constraints.
The European Union perspective
Globalization spurs complex market and
political environments, and language and
currency complications. In this dynamic
milieu, there is plenty of opportunity for
things to go wrong (Thompson, 1995).
Member States of the European Union (EU)
require different actions from auditors in
cases of fraud. Auditors in France may be
required to report irregularities to authori-
ties while auditors in The Netherlands may
be required to withdraw from the engage-
ment and report irregularities to a special
government agency. In the UK, auditors may
report to the authorities when the circum-
stances warrant (Schilder, 1996).
Fraud has become of great concern in the
European Union. The EUs common agricul-
tural policy (CAP) is prone to fraud. For more
than a decade the European Court of Auditors
has been making an annual report on fraud.
Myriad frauds have been uncovered, ranging
from theft of food aid to fraudulent claims
and awards from structural funds. According
to MEP John Tomlinson, the CAP is the great-
est incentive to crime in Europe (Meall, 1995).
The annual report of the European Union’s
Court of Auditors revealed that fraud, corrup-
tion, and mismanagement are ubiquitous in
the EU. In 1993 alone, one-tenth of the EU’s
total went astray through fraud or misman-
agement in the common agricultural policy
and the regional aid funds (The Economist,
1994). Of the US$93.6 billion doled out by the
EU in 1994 to its 15 member nations, every-
thing, from agricultural subsidies to high-
ways in needy regions, the EU’s own auditors
estimate that an outstanding US$10 billion
was wasted through mismanagement and
fraud (Pope, 1995). The European Commis-
sion proposed that all member states treat
fraud against the EU budget as a criminal
offense.
In 1996, Ernst & Young International Fraud
Network surveyed the finance directors of
more than 800 companies from 11 countries –
including The Netherlands and the UK –
operating internationally. The result of the
survey shows:
• Almost 60 percent of the finance directors
acknowledged that internal controls were
not keeping pace with the growth of their
companies.
• More than half of the companies had no
written fraud policy.
• Over three-fourths of those surveyed
believed that the fraud they detected could
have been avoided.
• Over three-fourths of fraud detected was
committed by the companies’ own staff.
• More than a quarter of the companies suf-
fered losses in excess of US$1 million as a
result of fraud during the past five years (De
Groot, 1997).
The European (1996) reported that the Euro-
pean Commission revealed 4,750 instances of
fraud perpetrated against the EU’s 1995
budget which amounted to ECU 1.15 billion.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Klaus Hansch, President of the European
Parliament, stressed that the success in coun-
tering fraud could be achieved if national
authorities lived up to their Maastricht
Treaty responsibility to treat fraud against
the EU budget on a par with cheating the
national coffers. Most fraud relates to the EUs
agricultural budget and many cases deal with
export subsidies.
The African countries
The Nigerian perspective
It appears that a glitch in diverting the fax
can result in it being sent to the wrong
receiver. This represents the best opportu-
nity for the Nigerian Security Service to
track down the criminals (Nnanna, 1995).
In many African countries, the audit budget
is always below the adequacy for any effective
audit planning. Under these circumstances,
fraud detection may be the last priority.
Nnanna (1995) reported that fax fraud in
Nigeria is rampant and is costing companies
several million dollars. Because a fax is trans-
mitted over a telephone line, it is possible to
intercept the information. The process is
similar to tapping into a phone call. Hackers
divert faxes to other local fax receivers where
the fax’s information is used to deceive,
defraud, or blackmail the sender or receiver.
Some organizations concerned with security
are arming themselves with fax encryption
device. The new device locks between a fax
machine and the phone jack, and scrambles
the signal as it is transmitted. The signal can
only be decoded by a matching device in the
receiving end. TRW Electronic Products Inc.
has sold several thousand of the TRW Fax
Encryptors (Internal Auditor, 1991b).
Ekong (1995) observed that in Nigeria, man-
agement, directors, and foreign shareholders
of the African Development Bank are able to
create a self-engineered mess. The sharehold-
ers were unable to elect a new president of the
bank and expressed serious concern over
nearly US$1 million spent on equipment
which is not working, over US$750,000 spent
on unauthorized and abandoned projects, and
fraud totaling over US$270,000 resulting from
spurious claims for educational allowances
by staff.
According to the Corruption Perception
Index prepared by Transparency Interna-
tional, based in Berlin, Nigeria tops the list as
the most commercially corrupt country in
the world. Pakistan, Kenya, Bangladesh, and
China round out the top five (Internal
Auditor, 1997).
Stenger (1997), of the US Secret Service’s
financial crimes division, stated that “Since
1990, Nigerian advance fee fraud, known as 4-
1-9 after a section of the Nigerian criminal
code, has emerged as one of the most lucra-
tive fraudulent activities perpetrated by orga-
nized criminal elements within the Nigerian
community.” The “419” scams invite foreign
companies to participate in a multi-million-
dollar swindle against the Nigerian Central
Bank and a national Oil company.
Asian countries
The Chinese perspective
After one of the most serious swindles ever
attempted against a Chinese bank, two
Chinese-Americans were sent to prison. The
sentences were among the heaviest handed
down against US citizens (The White Paper,
1994a).
The White Paper (1994a) reported that the
Chinese government charged that Francisco
Huang Moy and Raymond C. Lee had per-
suaded a small-town branch of the Agricul-
ture Bank of China to issue the 200 standby
letters of credit totaling US$10 billion by
using as a collateral a phony US$10 billion
letter of credit from a nonexistent bank.
The Indian perspective
Fraud in the workplace is one of internal
auditing’s grimmest nightmares, and it is
often one of the most public (Cisz, 1997).
Dalal (1994) reported that members of India’s
Parliament were accusing top government
ministers of playing an integral role in a 1992
securities fraud scandal. A government
report acknowledges the fraud violations but
attributes them to the previous government.
Opposition members of parliament did not
seem pleased with the government denials of
wrongdoing and by the small fines against the
banks implicated in the scandal.
McDonald (1995) reported a securities
fraud. Pawan Sachdeva, a new Delhi shoe
maker, drew attention when it came up
US$4.3 million short in a complicated double-
issue scheme which is unfortunately common
in India. Authorities charged the officials of
the two Securities and Exchange Board of
India with collusion. Both had granted the
permission of 60-day period between the two
issues when the limit was 30 days. Pawan
Sachdeva was arrested on charges of falsely
overstating the number of the shares of his
company.
The Indonesian perspective
The fraud scandal reported sparked a public
outcry against collusion between bank
officials’ politically backed borrowers (The
White Paper, October 1994).
The White Paper (1994) reported that busi-
nessman Eddy Tansil was found guilty of
causing a US$449 million loss to the Indone-
sian government. Tansil allegedly obtained
the loans from petrochemical projects that
[ 35 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 36 ]
were never built. The businessman altered
and misused credits managed by the state-
owned P.T. Bank Pembangunan. The Indone-
sian government fined him US$231 million for
the losses.
The Japanese perspective
Daiwa Bank Ltd of Japan pleaded guilty to
conspiring to conceal US$1.1 billion in trad-
ing losses from US regulators and agreed to
pay a US$340 million fine, one of the largest
ever imposed by the USA (Wall Street Jour-
nal, 1996a).
Smith (1995) reported that the Federal
Reserve had kicked the Daiwa Bank out of the
US When the trader Toshihide Iguchi
incurred a US$1.1 billion in trading losses,
top management at the Daiwa Bank allegedly
told Iguchi to carry on with his theft and
forgery while they looked into ways to
conceal the losses. The bank postponed an
investigation by claiming Iguchi was on vaca-
tion. The Fed’s banishment of Daiwa forced
Japan’s Ministry of Finance to arrange the
consolidation of Daiwa and Sumitomo
Bank.
The Malaysian perspective
Respected employees who steal net more
each year than all the nation’s professional
criminals (Porter, 1971).
Jayasankaran (1995) reported a security
fraud perpetrated by the Malaysian rubber
company’s Ayer Molek which spawned a
series of events that threatened to destroy a
major financial institution, generated law-
suits and police investigations, called into
question Malaysia’s justice system, and
embarrassed the central bank.
The Singaporian perspective
Crime and fraud have surpassed terrorism
as the major threats to multinational corpo-
rations (Shapiro, 1994).
On March 4, 1995, The Economist reported the
securities fraud in the Singapore’s stock
exchange. The Singapore International Mon-
etary Exchange (SIMEX) regulations have
been seriously tightened in the wake of the
Singapore-staged collapse of Barings. The
Finance Minister Richard Hu recommended
greater separation of trading and settlement
accounts and activities, and of company and
client investing.
The Taiwanese perspective
Taiwan’s stock exchange index has fallen by
a third since the beginning of 1995. Investors
are worried about a number of financial
scandals that have emerged recently (The
Economist, 1995a).
Baum (1994) reported that the Taiwanese
government is suffering a political scandal
linked to securities fraud. Legislator Oung
Da-ming is suspected of illegal trading prac-
tices and unsettled payments worth US$128
million. Oung invested funds for legislators
who hoped to raise revenue for their political
party. His illicit connections with other mem-
bers of parliament has caused a scandal that
has affected both the ruling Kuomintang
party and the Democratic Progressive Party.
The Economist (1995a) reported alleged
frauds that emerged in August 1995 in rela-
tion to Chanhus City Fourth Credit Coopera-
tive, a credit union; International Bills
Finance Corporation, a large underwriter of
commercial papers; and Fengyuan Credit
Union. The fraud had shown glaring gaps in
financial supervision and stock manipula-
tion.
The Anglo-Saxon countries
The Australian perspective
All public held companies should adopt and
implement a code of ethics. The code should
be supported in the highest levels in the
organization (Sawyer, 1988).
Part of a special report on ethics on internal
auditing, a probe by the Independent Com-
mission Against Corruption in New South
Wales, Australia, into the issuance of drivers’
licenses by the Roads and Traffic Authority
(RTA) determined that a number of motor
vehicle registries had been engaging in vari-
ous corrupt practices for several years. In
response, the RTAs Internal Audit Branch
launched a concerted effort to develop new
anti-fraud and anti-corruption strategies that
go well beyond the investigation’s findings
(Williams, 1993).
The Canadian perspective
Fraud schemes often are global crimes,
skipping over national borders and involv-
ing people from many countries (The White
Paper, 1997).
As it moves into the twenty-first century,
Canada’s accounting profession is working
constantly to improve the services it pro-
vides. In their standard-setting efforts,
accounting professionals are dealing with
new kinds of information such as fraud, per-
formance reporting, sound business prac-
tices, and internal control (Dalglish, 1994).
An expectation gap exists in Canada. Users
of financial statements believe that auditors
can detect all misstatements with the same
level of assurance, whereas most auditors
would agree that they cannot possibly detect
misstatements arising from fraud or illegal
acts with the same level of assurance that
they can detect misstatements arising from
error. The cause of this expectation gap can
be traced in part to the auditing sections of
the CICA Handbook which state that auditors
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
seek “reasonable assurance whether the
financial statements are free of material
statements but fail to define the term “reason-
able assurance” (Cockburn, 1993).
In the Canadian case of International
Laboratories Ltd v. Dewer (Manitoba), 54 ALR
2d, published in the American Law Report,
the court found the auditors negligent for
failing to exercise his intuitive feelings and
professional skepticism:
In holding the defendants liable for their
negligence in not discovering the defalca-
tions, the court placed emphasis upon the
fact that the defendant auditors had at one
point suggested to another manager the
position of power held by the latter, and the
opportunity afforded him for any possible
fraud, but had failed to communicate to
their employers, the shareholders, the dan-
ger which existed, and had not taken any
steps to discover whether or not he was in
fact taking advantage of his position.
The UK perspective
When confronted with the necessity for a
decision on a difficult question of policy
with respect to financial statements, the
accountant should search his conscience
rather than the statutes (Andersen, 1963).
In the UK, auditors have been reluctant to
reveal fraud for fear of reprisals. Experience
indicates that accountants who defend their
professional ethics and refuse to condone or
participate in illegal behavior will lose their
jobs (Lovell, 1993).
In 1992, the Institute of Chartered Accoun-
tants in England and Wales published a
report written by three academics titled
“Expectation gap can be bridged.” The report
asserts that the profession needs to embrace
the role of detecting fraud, widen its responsi-
bility beyond the shareholders as a group,
and spin off its audit regulatory role to an
independent agency.
In January 1995, Britain’s Auditing Practice
Board (APB) issued two statements of audit-
ing standards – SAS 110 and SAS 120 dealing
with the assessment of fraud risk. SAS 110
“Fraud and error” addresses the questions of
how much responsibility auditors and man-
agement must take when it comes to detect-
ing and reporting fraud and illegal acts. The
exposure draft would require auditors to
assess the risk that fraud or error may cause
the financial statements to contain material
misstatements (Crane, 1993). The Statement
supplies guidance on the auditors’ responsi-
bility to consider fraud and error in an audit
of financial statements. It notes that auditors
should plan and perform their audit proce-
dures, and evaluate and report on the results
thereof, recognizing that fraud or error may
materially affect the financial statements
(SAS 110, 1995). The second statement, SAS
120, “Consideration of law and regulations”
establishes standards and provides guidance
in the auditors’ responsibility to consider law
and regulations in an audit of financial state-
ments. Both statements require auditors to
design audit procedures so as to have a rea-
sonable expectation of detecting misstate-
ments arising from fraud or error that are
material to the financial statements. Some
believe that the cost of checking representa-
tions and genuineness of documents in order
to ferret out fraud would probably double the
cost of audits. It is therefore desirable that the
Auditing Practices Board (APB) define the
concepts of “reasonable expectations” and
“arising from fraud or error” (Singleton,
1994).
Fraud cases.
Frauds are easier to hide when profits are
good (McCoy, 1987).
In 1987, Leeds Estate Building and Investment
Co. v. Shepherd was the first case involving an
auditor. The court’s opinion noted that audi-
tors are responsible for checking the sub-
stance of transaction, not merely their mathe-
matical accuracy.
UKs Department of Trade and Industry
investigated James Ferguson Holdings and
Barlow Clowes Gilt Managers Limited and
concluded that the affairs of both companies
were conducted in a comprehensively dishon-
est manner over a period of years to 1988. The
investigators attempted to discover why no
one was aware of what was going on at the
companies until their collapse. The inspec-
tors acknowledged that Barlow Clowes skill-
fully concealed the facts from its auditors
over a considerable period of time. Even so,
the inspectors concluded that the auditing
firm of Spicer and Pegler and Touche Ross
should have been more alert to the possibility
of fraud (Singleton Green, 1995).
In July 1991, the UK Bank of Credit & Com-
merce International (BCCI) collapsed in a
multibillion dollar fraud. Collusion at the
highest level of management and with third
parties may have contributed to BCCI’s
demise. Major customers and prominent
individuals were involved in the scheme of
fictitious loans and nonrecourse loans confir-
mations. Wellsj (1992) reported in the Wall
Street Journal that BCCI was charged with
falsifying book entries and paying substan-
tial amounts to silence its would-be whistle-
blowers.
The UK Audit Commission for Local
Authorities in England and Wales recorded
54,000 cases of fraud in 1993-1994 alone result-
ing in losses of up to £25 millon sterling. The
Commission, therefore, urged councils to
strictly observe financial control standards
(Wild, 1994).
[ 37 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 38 ]
In 1996, a major railway ticket fraud was
uncovered during an internal audit carried
out by British Rail for the Association of
Train Operating Companies. The fraud cen-
tered on transporting tickets from one station
to another, which meant that London, Tilbury
and Southwest (LTS) rail would have netted
US$1 million more that it was entitled to
under its ticketing agreement. The fraud
started when LTS management was awarded
the train franchise in December 1995 (Internal
Auditor, 1996a).
The French perspective
A wave of allegations of fraud has struck the
French business world, hurting the stock
prices of companies accused of scandal
(Echikson, 1994).
In 1994, the stocks of the French companies –
Lyonnaise des Eaux and Cie Generale des
Eaux – fell more than 10 percent the day after
a prosecutor said that the water utilities were
responsible for 80 percent of all of the coun-
try’s political corruption (Echikson, 1994).
The German perspective
Fraud is flourishing throughout Europe.
Many practioners are operating from rented
offices in German cities such as Cologne,
Dasseldorf, and Frankfurt (Gartland, 1995).
A flood of financial fraud scandals has hit
Germany from Metallgesellschaft’s losses on
trading in oil-based derivatives to the demise
of the Juergen Schneider real estate group
which has cost Deutsche Bank not only pres-
tige but has also pushed down its share price
by more than 10 percent (Bray, 1994). Accord-
ing to the German federal criminal bureau,
the Bundeskriminalamt, some 40 billion
deutschmarks a year are lost by German
citizens to fraud or poor investment advice
(Middlemann and Munchau, 1995).
In 1995, the disclosure of an alleged kick-
back scandal at auto maker Adam Opel, the
German unit of General Motors, is just one
indication that fraud is rapidly growing in
Germany. This is causing some concern
among government and industry leaders. As
Germans become far more aware of bribery,
fraud, and other economic crimes, govern-
ment officials are moving to create new legis-
lation (Gumbel, 1995).
The New York Times (1996) reported the
case involving charges of fraud at Steel and
Construction Company Thyssen AD. Some
German analysts see a new vigor by German
prosecutors willing to break the country’s
taboos by investigating allegation of corpo-
rate fraud.
The Italian perspective
In Italy, cheating the Government is such an
old and popular sport that stories about
fraud, graft, and abuse of public office are
commonplace (Bohlen, 1995).
In recent years, Italy has had its shares of
financial scandals that shocked the nation.
Bribery of government officials, counterfeit-
ing public debt, tax evasions, planned losses,
writedown of the nominal value of shares,
bribes-for-contracts, conflict-of-interest and
others have been reported by the Italian press
almost daily.
Bribes-for-contract scandals have shaken
Italy since March 1992. In 1993, the executives
of Fiat, the largest Italian car manufacturer,
admitted that Fiat had to pay kickbacks to
government officials in order to obtain public
contracts (Ciferri, 1993).
The Economist (1993) reported that the
shareholders of Montedison agreed to file a
suit against Ferruzzi Finanziaria (FerFin) for
alleged fraud involving over 560 billion lire
(US$350 million) since the shareholders of
FerFin had approved a radical writedown of
the nominal value of its shares.
In 1994, Salvatore Sciascia, tax director of
the Fininvest, a company owned by the Ital-
ian prime minister Silvio Berlusconi, turned
himself in to investigators and admitted to
have authorized bribes to government tax
authorities. Sciascia’s confession unleashed
new conflict-of-interest charges against the
prime minister (Bannon, 1994).
In 1995, prosecutors charged Cesare Romiti,
an executive of the Fiat group in connection
with accusation that the company
maintained slash funds from which it made
illegal payments to politicians in exchange
for public contracts. Fiat is Italy’s largest
company with almost 250,000 employees
(Tagliabue, 1995).
The Economist (1995b; 1995c) reported that
the treasury minister discovered 3,364 fraud-
ulent government securities with a total face
value of nearly 36 billion lire. This was the
result of counterfeiting bond certificates. To
prevent similar forgeries, Italy’s central bank
has resorted to the “dematerialization” or
paperless trading, which involves replacing
physical certificates with computerized
record of ownership of the bonds.
The same year, Gemina SpA, one of Italy’s
most powerful industrial holding companies,
incurred an unexpected US$172 million loss.
The Italian financial investigators raided
Gemina to investigate the possibility of fraud-
ulent financial statements. It is believed that
the huge loss had been planned as a prepara-
tion for the merger of some Fiat units with
the Ferruzzi Finanziaria, a holding company,
and create a US$23 billion-per-year conglom-
erate around the Montedison chemical group
which is controlled by Ferruzzi (Tagliabue,
1995).
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The Economist (1996a) reported that Italy’s
system of SIMs (Societa di Intermediazione
Mobiliare), instituted in 1991 to bring
accountability to the securities industry, has
created its own set of problems. State regula-
tor Consob has suspended 45 SIMs and has
charged two Italian subsidiaries of interna-
tional banks with many securities fraud
violations.
The Economist (1996b) reported that
Lorenzo Necci, the head of Italy’s railways,
had created a scandal named “tangentopoli”
(kickbacks). Necci, who is in jail, has been
accused of fraud, embezzlement, and crimi-
nal association.
The Wall Street Journal (1996b) reported
that the Italian stock market Consob is inves-
tigating the computer and telecommunica-
tions giant Olivetti, SpA, to determine how
the corporation incurred a huge pretax loss
of US$289.3 billion and a net debt of US$824.4
million. Management fraud may have
occurred since the executives may have acted
on an inside information to cash in their
Olivetti stock. The Consob is recommending
a revision of the current securities laws to
prevent a similar scandal.
The Swiss perspective
In the competitive global business environ-
ment, executives and auditors do not have
the luxury of identifying fraud exposure by
waiting to see what actual losses develop
(Thompson, 1995).
In the 1980s, financier Werner Rey built up a
huge international conglomerate which
collapsed in 1991 in Switzerland’s largest
corporate failure. Switzerland authorities
charged Rey with making false statements,
falsification of documents, and fraud (ACFE,
1996).
Zelenko and Urban (1994) reported that
authorities in Switzerland and Germany
were trying to unravel a massive pyramid
fraud in which thousands of small investors
have seen their savings vanish amid “unful-
filled promises of massive financial gain.”
Damara Bertges and her husband Harald, the
founders of the European Kings Club, have
been arrested. An investigating magistrate in
the Swiss canton of Uri, found that as much
as US$113 million may have been laundered
through an interlocking web of 60 companies
into bank accounts elsewhere.
The Eastern European countries
The Czech perspective
The Czech Republic has been the victim of a
number of fraud scandals since the over-
throw of communism in 1989 (Blum, 1994).
In the last few years, the Czech Republic has
been victim of fraud and economic crime
which are the most rapidly growing threats to
the economy. This is mostly due to the lack of
domestic controls and inexperience on inter-
national capital markets (Blum, 1994).
The Hungarian perspective
Internal auditors in Hungary and the rest of
Eastern Europe are confronted by some
unique challenges due to the region’s politi-
cal history (Kovacs, 1996b).
In Hungary, there is a continuous battle
between the internal auditors, who, accord-
ing to the Hungarian Banking Law, are
responsible to report suspected fraud to the
police, and the financial managers who
want to keep those stable clients, who are
often engaged in illegal activities (Kovacs,
1996).
The Russian perspective
Freedom in Russia means to many people
only the license to cut corners, to cheat, to
participate in new kinds of illegal deals that
the authorities are too lethargic and too
backward to cope with (Geis, 1994).
Geis (1994) reported that fraud is pervasive in
Russian and Eastern European countries.
The fraud and corruption that permeate life
in Russia is the result of “unbridled greed.”
No one can accomplish anything legitimately
– for a certain amount of bribe money, rele-
vant authorities do the impossible. This per-
vasive fraud, comments Geis, “eats at the guts
of the nation, challenges its integrity, and
demoralizes its citizens.”
Abelson (1994) reported a Russian stock
swindle. Wealthy Russian Sergei Mavrodi’s
MMM bilked 5 million Russians with
enticing TV ads. The Moscow investment
company shares started at US$1, rocketed to
US$55 in July, and dropped to US$.45 in
August.
Thueson (1997) observed that business
opportunities in Russia are virtually unlim-
ited but the opportunities for fraud also
abound. He warns that Russia’s natural
wealth can entice the unwary into the fraud
snare.
The Slovakian perspective
Tenders aren’t going to foreign investors, or
even to domestic investors, because these
exclusive deals are made (Huebner, 1996).
Leiding (1996) reported that the European
Bank for Reconstruction and Development
(EBRD)is no longer seen as the reconstruc-
tion and development institution after discov-
ering it was a victim of a state-sponsored
fraudulent scheme. This follows the revela-
tion that the London-based EBRD paid six
times more for privatization shares than a
group of local buyers.
[ 39 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 40 ]
South American countries
The Brazilian perspective
Nacional, which is Brazil’s seventh-largest
private financial institution, cost taxpayers
some US$5 million (Wall Street Journal,
1996c).
The Wall Street Journal (1996c) reported that
an elaborate accounting claim by the officers
of the Banco Nacional SA had concealed the
insolvency of the bank for more than a
decade. Nacional had submitted false finan-
cial statements to Central Bank administra-
tors from 1986 until its collapse in 1995. The
government discovered Nacional’s fraud only
after agreeing to assume the bank’s US$5
billion in bad debts.
The Venezuelan perspective
Venezuela’s government is keen to punish
the former top officials of Banco Latino who
have managed to slip away to southern
Florida (The Economist, 1995b).
The Economist (1995b) reported that the gov-
ernment of Venezuela charged 83 former
executives of the Banco Latino for fraud and
laundering monetary instruments in the
amount of US$2 billion.
The Banco Latino and its Miami-affiliate
Banco Latino International have filed a crimi-
nal suit in Miami, Florida, against its former
bank president, Gustavo Gomez Lopez.
Part VII: The investigative and
reporting process
Fraud indicators
While professional internal auditors may
not be insurers against fraud, their respon-
sibility for due professional care will
require an increasingly high level of alert-
ness to the indicators of fraud (Sawyer,
1988).
The SEC, in ARS No. 174, has urged auditors
to be on the alert for signs that indicate man-
agement might be seeking to conceal a deteri-
oration in the financial position of the com-
pany. Such red flags include:
• the recognition of income from transac-
tions which do not reflect actual economic
changes;
• unwarranted attempts to defer expense
recognition;
• avoiding recognition of losses; and
• timing of major transactions so as to
achieve apparent improvements in the
financial statements (Cooper and Flory,
1976.)
In April 1988, the AICPA issued SAS No. 55,
“Consideration of the Internal Control Struc-
ture in Financial Statements” which states
that the effectiveness of internal controls
depends largely on management’s integrity.
Indicators of misstatements in financial state-
ments or management fraud include:
• management’s failure to correct material
weaknesses in internal control that are
practical to correct;
• a high turnover rate in top financial posi-
tions; and
• understaffing of accounting and financial
functions.
The value of internal control is apparent in
both preventing and detecting fraud. In a
recent survey conducted by Welch et al. (1996)
shows that the majority of the members of the
Association of Certified Fraud Examiners
agree on the following findings:
• weak internal controls had created oppor-
tunities for fraud in more than 80 percent of
the cases; and
• about half of all frauds occurred in the
financial area.
Albrecht et al. (1994) believe that organiza-
tions should adopt a proactive approach to
reducing costs associated with fraud. A good
program should emphasize fraud prevention
and not reaction to already committed fraud.
The steps involved in such a model include
implementation of prevention and awareness
programs, incidence of fraud, incident
reporting, investigation, action, resolution,
analysis, publication, implementation of
controls, examination of compliance and
training, and proactive fraud auditing.
According to Robert E. Fleming, director of
auditing and accounting at Urbach Kahn &
Werlin in Albany, New York, there are many
clues that should warn CPAs about the possi-
bility of financial misstatement or fraud.
These include:
• an overly complex organizational structure
with many subsidiaries;
• unusual structured partnerships; and
• numerous joint ventures (Friedman, 1995).
Albrecht (1996) groups the indicators of
employee fraud in six categories:
1 Accounting anomalies which include
embezzlement, overstatement of expenses,
fictitious journal entries, missing docu-
ments, alterations on documents, exces-
sive voids or credits, increased past due
accounts, duplicate payments, entries
made at or near the end of accounting
periods and others.
2 Internal control symptoms which include a
poor control environment, lack of segrega-
tion of duties, lack of physical safeguards,
lack of independent checks, lack of proper
authorizations, lack of proper documents
and records, the overriding of existing
controls, and an inadequate accounting
system.
 Rocco R. Vanasco 3 Analytical symptoms which include trans-
Fraud auditing actions and amounts that are too large or
Managerial Auditing Journal too small; transactions or events that
13/1 [1998] 4–71 occur at odd times and places.
4 Lifestyle symptoms which include
employee’s greed, financial needs, or pres-
sures. Employees are living lifestyles far
beyond what they can reasonably afford.
5 Behavioral symptoms which include
employees’ unusual and recognizable
behavior patterns; unusual irritability
and suspiciousness; unsolicited confes-
sions; and others.
6 Tips and complaints which include tips
from employees that something is wrong.
For Albrecht, only the symptoms of fraud, the
red flags or indicators exist to alert manage-
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
ment of wrongdoing.
Fraud detection
In planning tests for a fraud audit, the goal
is often to test an unrepresentative set of
items, focusing on exceptions to standard
procedures (Armstrong, 1988).
The US Institute of Accountants’ SAP No. 1,
Extension of Auditing Procedures (1939)
stressed that the external auditor is not
responsible for detecting fraud in the ordi-
nary examination of the financial statements:
In making the ordinary examination, the
independent auditor is aware of the possibil-
ity that fraud may exist. Financial state-
ments may be overstated as the result of
defalcation and similar irregularities, or
deliberate misrepresentation by manage-
ment, or both… However, the ordinary
examination directed to the expression of an
opinion in financial statements is not pri-
marily or specifically designed and cannot
be relied upon to disclose defalcation and
other similar irregularities, although their
discovery may result. Similarly, though the
discovery of deliberate misrepresentation
by management is usually more closely
associated with the objective of the ordinary
examination, such examination cannot be
relied upon to assure its discovery.
For Thompson (1993c), the symptoms of fraud
are often obvious to anyone who cares to look.
These indicators may arise as a result of
control established by management, tests
conducted by auditors and other sources both
within and outside the organization. Detec-
tion of fraud consists of identifying the indi-
cators of fraud sufficient to warrant recom-
mending an investigation. The internal audit-
ing department’s responsibilities for detect-
ing fraud when conducting audit assign-
ments are to:
• Have sufficient knowledge of the indicators
of fraud.
• Be alert to opportunities such as control
weaknesses that could allow fraud.
• Conduct additional tests directed toward
detection of fraud if significant weaknesses
are found.
• Evaluate the indicators and decide whether
further action is necessary or an investiga-
tion should be recommended.
• Determine whether the organizational
environment fosters control consciousness.
• Determine whether realistic organizational
goals and objectives are set.
• Determine whether written corporate poli-
cies exist that describe prohibited activi-
ties.
• Assess whether action is taken when viola-
tions are discovered.
• Verify whether appropriate authorization
policies for transactions are established
and maintained.
• Determine whether policies, practices,
procedures, reports, and mechanisms are
developed to monitor activities and safe-
guard assets.
• Assess whether recommendations need to
be made for the establishment or enhance-
ment of cost-effective control to help deter
fraud.
• Recommend the establishment of a strong,
written statement of management’s com-
mitment to corporate ethics.
Internal auditors would be more likely to
detect fraud if they develop their ability to
recognize and question changes that occur in
organizations. Examples of audit tests to
detect fraud are:
• To detect the alteration of the beginning
balance in the monthly checking account
reconciliation, the auditor should compare
monthly balances and use change and trend
analysis. Applying analytical procedures is
a good way to detect the diversion of funds.
• The means of detecting kickbacks paid to a
new buyer is the use of change analysis
and trend analysis of buyer or vendor activ-
ity.
• The possibility of detection (or deterrence)
of a fraud involving bogus placement agen-
cies is to verify new vendor firms listed in a
professional association catalog and/or
verify the vendor name and address
through the telephone book.
• The means of detecting alteration of
receipts for employee expenses is done by
comparing the copy of a document that has
not been within the control of the employee.
This approach should only be used in
unusual fraud situations.
Loebbecke (1987) suggests assessing the risk
of irregularities and considering the pres-
ence or absence of three key criteria:
[ 41 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 42 ]
1 The degree to which conditions are such
that a material irregularity could be com-
mitted.
2 The degree to which the person or persons
in position of authority and responsibility
in the entity have a reason or motivation to
commit an irregularity.
3 The degree to which the person or persons
in positions of authority or responsibility
in the entity have an attitude or set of ethi-
cal values that they would allow them-
selves to commit an irregularity.
Thompson (1991) offers some good reasons
why auditors do not detect fraud. The
assumption is that they:
• do not believe that detection is their job,
• are too trusting of those they audit,
• believe the bosses already know and con-
done the illegal activity,
• do not know exposures in specific terms,
• do not know symptoms of fraud occurrence,
• fail to follow through on symptoms of fraud,
• are concerned about career implications of
fraud detection.
Matsumura and Tucker (1992) conducted a
study of the interaction between a manager
and an auditor which resulted in an increase
in fraud detection. In the game, the manager
chose a probability of committing fraud
whereas the auditor decided to perform tests
of transactions and detailed tests of balances.
Four independent variables – the auditor’s
penalty, auditing standards requirements, the
quality of the internal control structure, and
the audit fees – were examined to assess their
effects on tests of transactions and detailed
tests of balances, fraud detection, and inci-
dence of fraud. Increasingly the auditor’s
penalty was found to decrease fraud and
increase fraud detection.
Thompson (1992) suggests a five-step
approach for fraud detection:
1 Know fraud exposure in specific terms.
2 Know exposure specific symptoms of
fraud.
3 Be alert for fraud symptoms.
4 Incorporate into routine audit program
steps that are likely to reveal fraud symp-
toms.
5 Follow through on all observed symptoms.
Ziegenfuss’ survey (1996) of municipal and
local governments shows that the most effec-
tive tools for fraud detection are:
• internal audit review;
• specific investigation by management;
• employee notification; and
• accidental discovery.
According to the deputy director of UKs Seri-
ous Fraud Office, the reasons why auditors
fail to detect fraud are:
• inadequate scope of auditing testing and
inquiries;
• restrictions of auditors’ work by manage-
ment;
• auditors’ failure to understand the business
of the company being audited;
• failure to identify related party transac-
tions;
• reliance on uncorroborated representa-
tions from management; and
• deceptions practiced on auditors.
It is entirely possible that an auditor could
perform an audit in an entirely reasonable
way and in full accordance with auditing
standards and still not detect deliberate mate-
rial misstatement. UKs Companies Act of
1985 foresaw that possibility making auditor
deception a criminal offense (Knox, 1994).
Fraud investigation
Successful investigators and auditors follow
up on curious occurrences based upon expe-
rience, judgment, and intuition (Palmer,
1993).
According to the IIA Standards (SIAS No. 3),
the role of internal auditing in the investiga-
tion of fraud includes:
• Assessing the probable level and extent of
the complicity in the fraud within the orga-
nization.
• Assessing the qualifications and the skills
of the internal auditors and the specialists
available to participate in the investigation
to ensure that it is conducted by individuals
having the appropriate type and level of
technical expertise.
• Being cognizant of the rights of alleged
perpetrators and personnel within the
scope of the investigation and the reputa-
tion of the organization itself.
• Designing procedures to follow in attempt-
ing to identify the perpetrators, extent of
fraud, techniques used, and cause of fraud.
• Determining the knowledge, skills, and
disciplines needed to effectively carry out
the investigation.
• Coordinating activities with management
personnel, legal counsel, and other special-
ists as appropriate throughout the course of
the investigation.
When a fraud investigation reveals irregular-
ities which may have an adverse impact on
the financial position and results of opera-
tions, the director of internal auditing should
inform the appropriate management and the
audit committee.
When auditors suspect wrongdoing, a sepa-
rate audit report may be required because the
information may not be appropriate for dis-
closure to all report recipients. SIAS No. 2
suggests that the proper authorities within
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
the organization should be informed. When
senior management is involved, the audit
committee or similar high-level entity should
be notified.
Review of the draft of a proposed report on a
fraud investigation by the legal counsel
reduces the possibility of inclusion (and dis-
semination) of a statement for which the
accused employee could sue the organization.
If internal auditing wants to invoke client
privilege, consideration should be given to
addressing the report to legal counsel.
For Thompson (1991), a thorough fraud
investigation should answer the following
questions:
• Was it fraud or error?
• Who did it?
• What was the extent of the loss?
• How was it done?
For Thompson (1993d), the responsibility for
investigating suspected wrongdoing should
be clearly defined and communicated to
everyone within the organization.
Investigation consists of performing
extended procedures necessary to determine
whether fraud, as suggested by the indica-
tors, has occurred. It includes gathering suffi-
cient evidential matter about the specific
details of a discovered fraud. All fraud inves-
tigations need to start with a plan for gather-
ing and handling the evidence (Ehlers, 1996).
When conducting fraud investigations,
internal auditors should assess the probable
level and the extent of complicity in the fraud
within the organization. Internal auditors,
lawyers, investigators, security personnel,
and other specialists from inside or outside
the organization are the parties that usually
conduct or participate in fraud investiga-
tions.
Albrecht et al. (1994) suggest that formal
procedures be established in the investiga-
tion process:
• to assess the scope of the investigation;
• to determine the investigation methods;
• to follow up on tips of suspected fraud;
• to conduct interviews;
• to review documentation; and
• to report the findings.
Fraud reporting
Many internal auditors felt that finding
fraud was career limiting and possibly
career-ending, especially if the fraud discov-
ered was perpetrated by a senior member of
management (Alpert, 1992).
According to the Standards for the Profes-
sional Practice of Internal Auditing (SPPIA),
a fraud report is required at the conclusion of
the investigation. In performing an audit,
internal auditors are lacking due professional
care when they suspect employees for
misappropriating assets and confront them
with their suspicions. A suspect should not
be confronted until supporting evidence has
been gathered. Confrontation should be done
by persons who specialize in investigating
criminal activity, not by internal auditors.
The SPPIA require that when an internal
auditor identifies multiple factors that have
been linked with possible fraudulent condi-
tions and suspects that fraud has taken place,
the auditor should notify the appropriate
authorities within the company and recom-
mend an investigation. The report should
include the auditor’s conclusion as to
whether sufficient information exists to con-
duct an investigation and summarize the
findings that serve as the basis for such deci-
sion.
Reporting consists of various oral or writ-
ten interim or final communication to man-
agement. When an internal auditor’s proce-
dures lend to suspicion of some kind of
wrongdoing, the auditor should:
• determine the possible effects of the wrong-
doing;
• discuss the matter with the appropriate
level of management; and
• decide with management who should inves-
tigate or otherwise follow up the suspicion
(SIAS 3).
When wrongdoing is suspected, the auditor’s
responsibility extends to the appropriate
level of management within the organization
(PSB 85-5). A written report is required at the
conclusion of the investigation phase. It
should include all findings, conclusions, rec-
ommendations, and corrective action taken.
Internal auditing is responsible for report-
ing fraud to senior management or the board
when the incidence of fraud of a material
amount has been established to a reasonable
certainty.
Fraud deterrence
Management can reduce fraud-handling
difficulties by establishing the policy and
related approaches to handling fraud before
the fact, not after (Thompson, 1991).
Stewart (1959), in his “Nature and prevention
of fraud,” makes a good point in stressing
that defalcations and irregularities could be
reduced with a reasonable increase in audit-
ing work:
In our world of war, confusion, evil, and
suffering, the accounting profession is very
much aware of the fact that defalcations and
other irregularities have grown consider-
ably in number and amount in recent years.
American business losses from these frauds
have been estimated to range from one to
three billion dollars annually. Contrast this
with the U.S. police reports to the FBI that
[ 43 ]
 Rocco R. Vanasco total value of property stolen in 1957 by
Fraud auditing robbery, burglary, larceny, and auto theft
was US$272 million. Consider also that the
Managerial Auditing Journal
13/1 [1998] 4–71 usual embezzlement amounts range from a
few to many thousands of dollars and in
some instances to millions while the aver-
age loss from robbery and burglary in 1957
was only about US$200.
Considering the large amount of defalcations
and irregularities, one may wonder whether
an increase of audit work would have the
effect of reducing losses of this kind in an
amount equal to the cost of increasing audit-
ing (Mautz and Sharaf, 1961).
The AICPA, in its SAS No. 30, believes that
the fidelity bonds “provide more protection
economically and efficiently” than the
expenses for additional auditing work. The
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Surety Association of America remarked
instead that in many cases, reliance on bond-
ing has proved unsatisfactory because losses
far exceeded expectations (Surety Associa-
tion of America, 1954).
Preventing fraud consists of those actions
taken to discourage the perpetration of fraud
and limit the exposure if fraud does occur.
Internal auditing is responsible for assisting
in the deterrence of fraud by examining and
evaluating the adequacy and the effectiveness
of controls, commensurate with the extent of
the potential exposure/risk in the various
segments of the entity’s operations. In 1985,
The Institute of Internal Auditors issued
SIAS 3, “Deterrence, detection, investigation,
and reporting of fraud,” and recommended
that the internal auditing profession should:
• Determine whether the organizational
environment fosters control consciousness.
• Set realistic organizational goals and objec-
tives.
• Determine whether written corporate poli-
cies exist that describe prohibited activities
and the action required whenever viola-
tions are discovered.
• Assess whether appropriate authorization
policies for transactions are established
and maintained.
• Determine whether policies, practices,
procedures, reports, and other mechanisms
are developed to monitor activities and
safeguard assets.
• Assess whether communication channels
provide management with adequate and
realistic information.
• Determine whether recommendations need
to be made for the establishment or
enhancement of cost-effective control to
help deter fraud.
Internal auditors cannot guarantee that
fraud will not occur. Given its inherent limi-
tations, even an effective internal control
[ 44 ]
structure cannot provide more than reason-
able assurance that fraud will be prevented.
SIAS No. 3 emphasizes that the principal
mechanism for preventing fraud is control
and the primary responsibility for establish-
ing and maintaining control rests with man-
agement. It recommends a strong written
statement of management’s commitment to
corporate ethics. It lists the following as
examples of preventive control:
• Competitive bidding serves as a control
over fraud by restricting the ability of a
purchasing agent to reward a favored
vendor.
• Subjecting credit card charges to the same
expense controls as those used on regular
company expense forms.
Davia et al. (1992) suggest that top manage-
ment should play a proactive role in fraud
prevention by providing training in:
• disclosure of fraud;
• investigative techniques;
• the nature of evidence required to conclude
the presence of fraud; and
• the internal controls necessary to deter the
occurrence of fraud.
Wells (1993) believes that the most effective
deterrent of fraud is the specter of detection,
which can be bolstered by a stronger audit
presence. He feels that the following lessons
can be learned from those who commit finan-
cial fraud:
• the risk of fraud exists in all financial activ-
ities and with all people;
• those who commit fraud share personality
traits, mainly narcissism;
• defrauders tend to spend their money osten-
tatiously to impress those around them;
• a great deal of fraud could be prevented or
detected if auditors were more skeptical;
and
• controls are of limited value in deterring
fraud.
In 1994, Wells proposed a “Model fraud pre-
vention program” which seems to be a signifi-
cant departure from current auditing prac-
tices. The main points of this theory are
based on the following assumptions:
• the independent auditor is currently facing
unprecedented liability for failing to detect
material frauds;
• the detection of these frauds by indepen-
dent auditors is difficult at best, even with
adequate training, and
• the auditor’s primary concern should be
prevention, not detection.
The fraud prevention program should have
three realistic and measurable goals:
1 reduce losses resulting from fraud;
2 deter fraud through proactive policies; and
 Rocco R. Vanasco 3 increase the likelihood of early fraud
Fraud auditing detection.
Managerial Auditing Journal
Albrecht (1996a) agrees with chairman Wells
13/1 [1998] 4–71
that “fraud prevention is far more cost-effec-
tive than fraud detection” but for the external
auditors “activities such as client acceptance
and fraud prevention aren’t covered by ASB
standards.”
Fraud prevention in most financial institu-
tions is a top priority. Begg (1994) reported
that check fraud alone costs the banking
industry more than US$1 billion annually,
with losses per transaction averaging
between US$10,000 and US$20,000. To deter
such a fraud, First, Chicago adopted a strat-
egy, termed “shared liability” which helps the
bank and its customers jointly identify
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
approaches to fraud prevention and imple-
ment measures to reduce their exposure to
loss sharply. Procedure and technical mea-
sures to combat check fraud that can be
implemented in conjunction with a program
of shared liability include:
• screening of new account applicants;
• data sharing with banking peers;
• built-in security measures such as holo-
gram shipping on official bank or corporate
checks; and
• cash management services.
Management may not support fraud preven-
tion for three reasons:
1 Management’s concerns often are else-
where than audit or fraud.
2 Managers are reluctant to believe the
existence of fraud.
3 Management may unreasonably feel that
bringing up the presence of fraud may
alienate the work force (ACFE, 1995).
The American Society for Industrial Security
(ASIS), an international non-profit associa-
tion of precessional security, publishes a
newsletter on fraud prevention and security
related matters in the World Wide Web
(Horsburgh, 1995). The homepage hosts is
University of Stellenbosch. According to Bliss
and Aoki (1997), the perception of detection,
not internal controls per se, is the strongest
deterrent of fraud. Once the opportunity for
embezzlement and pilfering is removed most
people will follow their conscience.
Part VIII: Techniques in the
investigative and reporting process
Analytical auditing procedures
Analytical fraud symptoms are procedures
or relationships that are too unusual or too
unrealistic to be believable (Albrecht,
1996a).
Analytical auditing procedures, including
horizontal and trend analysis, are important
and effective fraud detection techniques. By
analyzing sales in the last three or five years,
auditors can detect unexpected sales trend.
Special software allow the analysis of sales by
customer, salespersons, month, and activity.
The AICPA SAS No. 8 (1992) describes ana-
lytical procedures as “evaluations of financial
information made by a study of relationships
among both financial and non-financial
data.” They involve comparisons of recorded
amounts, or ratios developed from recorded
amounts to expectations developed by an
auditor. SAS No. 8 also states that a basic
premise underlying the application of analyt-
ical procedures is that relationships among
data may reasonably be expected to exist and
continue in the absence of known conditions
to the contrary. Variability in these relation-
ships can be explained by, for example,
unusual events or transactions, business or
accounting changes, misstatements or ran-
dom fluctuation. Thus, the possibility of mis-
statements arising from fraud or errors
should be considered when unexpected differ-
ences between recorded amounts and those
determined by analytical procedures are
identified.
Gauntt and Glezen (1997) find analytical
auditing procedures a powerful tool in identi-
fying areas where the risk of errors and fraud
are high. The results of analytical auditing
procedures may be useful to auditors in the
effort to provide management with early
warnings of financial and operating prob-
lems.
The emphasis on analytical audit proce-
dures increases when the auditor either sus-
pects fraud or believes that the risk of errors
and irregularities is high. According to the
National Commission on Fraudulent Finan-
cial Reporting, the potential for detecting
fraudulent financial reporting through ana-
lytical auditing procedures has not been fully
realized. The Report points out that unusual
transactions, deliberate manipulation of
estimates or reserves, and misstatements of
revenues and assets often introduce aberra-
tions in otherwise predictable amounts,
ratios, or trends. The Report suggests that in
a number of cases reviewed by the Commis-
sion, analytical procedures might have
increased the likelihood of detecting fraudu-
lent financial reporting (PSB 89-2).
Albrecht (1996a) noted that analytical fraud
symptoms include transactions or events that
happen at odd times or places; that are per-
formed by or involve people who would not
normally participate; or that include odd
procedures, policies, or practices.
[ 45 ]
 Rocco R. Vanasco Trend analysis
Fraud auditing If auditors were responsible for the discov-
Managerial Auditing Journal
ery of all employee fraud, auditing tests
13/1 [1998] 4–71 would have to be greatly expanded (Arens
and Loebbecke, 1994.)
Trend analysis, which considers statistical
data over a period of years as a basis for fore-
casts, is a useful tool for detecting anomalies.
For instance, an auditor who performs ana-
lytical procedures on financial statements
would expect the percentage change in cost of
sales to vary little from the change in sale. A
sharp increase in production and sales that
results in greatly increased productivity or
the marketing of a new product with a high
price and a low cost may explain that the
entity’s sales people are conspiring with
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
another company’s purchasing agent to
inflate sales. Trend and ratio analysis may
detect potential fraud such as:
• An unexplained increase in the default rate
caused by bogus loans.
• An extraordinary increase in accounting
balances.
• Sudden and unjustified increase in the cost
of the service.
• Comparing the beginning balance one
month to the ending balance of the prior
month.
Discovery sampling
The only alternative to discovery sampling
is the examination of each item until an
example has been found or the entire popu-
lation has been examined (Sawyer, 1988).
Discovery sampling is used when the auditor
is examining populations where the existence
of fraud or gross error is suspected. Such
populations might include:
• fictitious employees on the payroll;
• duplicate payments;
• unauthorized shipments of goods; and
• a nonexistent collateral for loan (Sawyer,
1988).
Discovery sampling is used primarily for
search of critical deviations such as evidence
of fraud. If such deviation exists, the auditors
may abandon their sampling procedures and
undertake a thorough examination of the
population. Discovery sampling assumes that
auditors have a reason to believe that some-
one has been preparing fraudulent records.
Bank reconciliations
The promptness with which reconciliations
are prepared by an independent party will
determine how effective they are as a con-
trol (Wallace, 1995).
Bank reconciliations play a powerful role in
detecting potential fraud by employees. The
IIA Houston Chapter (1993) reported that an
[ 46 ]
internal auditor noticed that one of the insur-
ance company’s independent agents did not
keep the agency’s bank reconciliation cur-
rent. After reviewing the evidence associated
with the agency’s bank account, the auditor
found that one of the agents, no longer with
the agency, had taken advantage of the
delayed reconciliations and purloined the
missing funds. The auditor recommended
that bank reconciliations be kept current.
The IIA Dallas Chapter (1993) reported that
an internal audit found that the branch’s
reconciliations were three months behind,
and those completed were poorly executed.
The supervisor in charge of the bank recon-
ciliations could issue, sign, and mail manual
checks to satisfy a customer’s emergency
request. After the supervisor completed the
reconciliations, the auditor reviewed them
and discovered that US$130,000 was missing.
Further investigation determined that the
supervisor had misappropriated the missing
funds. The auditor recommended segregation
of the manual checks issuance duties,
enhanced procedures for documenting cus-
tomers’ emergency requests for funds, and
tighter controls over storing and accounting
for check stock.
Inquiry
It helps to know that fraud is likely. But
some symptoms demand follow-up (Morley,
1994).
An audit technique that can help find the
people involved in the fraud is inquiry. By
asking questions whose answers the auditor
already knows, the auditor can ascertain the
interviewee’s truthfulness and desire to coop-
erate (Wallace, 1995).
To elicit information about fraud matters,
Wells (1992) suggests a “Fraud assessment
questioning” (FAQ), a non-accusatory, struc-
tured interview method. Used properly, FAQ
can provide auditors and fraud examiners the
clue of possible suspects.
Inquiry can, at times, be the best tool to
assess possible violations of company’s poli-
cies or verify allegations of fraud. The IIA
Fraud Round Table of the Internal Auditor
reported a unique case of conflict of interest
which was confirmed by inquiry:
A written complaint was received by the
senior manager and the internal auditor
stating that field supervisors were favoring
relatives with service business in violation
of the company’s code of business conduct.
The auditor decided that the direct interro-
gation of the supervisor was the best course
of action. When asked if the people who were
providing services for the project were
relatives, the supervisor answered: “They
are not relatives, they are in-laws.” The
 Rocco R. Vanasco supervisor was replaced and the boss was
Fraud auditing reprimanded.
Managerial Auditing Journal
13/1 [1998] 4–71
Part IX: The white-collar crime
White-collar crime
All types of frauds are characterized by
certain contributing factors related to the
values and motivations of the fraud perpe-
trators and the management of the
defrauded organization (Menkus, 1990).
In 1939, Edwin H. Sutherland, in his presenta-
tion at the American Sociological Society
Symposium, coined the term “white- collar
criminality” to indicate administrative
wrongdoing.
Quinney (1964) gave the following reason
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
for the lack of interest in the white-collar and
corporate crime in the 1960s:
Although there has been considerable inter-
est and activity in the study of white-collar
crime, the development of the area has been
hampered by a number of problems that
have not been made explicit. The concept
has remained unclear because criminolo-
gists have subsumed different behavior
under the term. In addition, writers have
varied on the amount of emphasis given to
the social status of the offender, have
employed different meanings of occupa-
tional activity, and have lacked consistency
in designating the illegal nature of the
offense.
The Federal Bureau of Investigation (FBI)
defines white-collar crime as:
Those acts characterized by deceit, conceal-
ment, violation of trust, and not dependent
upon the application of threat of physical
force or violence. Such crimes are commit-
ted to obtain money, property, or services; or
to secure personal or business advantage
(Kelley, 1976).
A similar definition is given by the US
Department of Justice (1977):
• Intent to commit a wrongful act or to
achieve a purpose inconsistent with law or
public policy.
• Disguise of purpose through falsities and
misrepresentations employed to accom-
plish the scheme.
• Reliance by the offender on the ignorance
or carelessness of the victim.
• Voluntary action by the victim to assist the
offender as a result of the deceit practiced.
• Concealment of the crime.
The Fraud Examiners Manual (1997) lists the
following actions constituting fraud:
• any dishonest or fraudulent act;
• forgery or alteration of documents;
• misapplication of funds or assets;
• impropriety with respect to reporting
financial transactions;
• profiting on insider knowledge;
• disclosing securities transactions to others;
• accepting gifts from vendors;
• destruction or disappearance of records or
assets; or
• any similar or related irregularity.
The Futurist, the journal of the World Future
Society, predicted that white-collar crime will
spiral upward in the knowledge-based econ-
omy. High-tech securities have independent
economies based on creating, collecting, and
distributing data. Thieves thus have new
tools for committing their crimes (Internal
Auditor, 1995b).
Nichols (1996) surveyed the following
sources of information on white-collar crime
in the Internet:
• The World Wide Web Sources provides
research, new articles, product and ser-
vices, and agencies related to white-collar
crime.
• The KPMG Investigation and Security Page
contains various fraud surveys.
• The White Collar Crime Loss Prevention
through Internal Control which is a study
conducted by Ernst & Young for Chubbs
Insurance Company. It provides guidance
on assessing exposure to fraud losses,
reviewing internal control procedures, and
specifying control objectives.
• The Statistical Sidebar provides statistics
on white collar crime criminals and their
patterns. It also provides the sources where
statistics were obtained.
• The Investigative Database, Boston, MA,
contains a 20-year investigation experience
by an investigator.
• The Statement to the Senate Appropriations
Committee issued by the Director of the
Federal Bureau of Investigation (FBI) in
March 1996, focuses on the FBI’s initiative
in conjunction with the international com-
munity to combat white-collar crime
(Nichols, 1996).
• The Business Report – “Corporate crime –
big and small” broadcast by the Australian
Broadcasting Corporation focuses on the
level of illegal corporate activity in
Australia.
• The White Collar and Corporate Crime Over-
looked posts a brief synopsis of research on
how the media overlooks white-collar
crimes.
• Crimes in St Louis provides white-collar
crime information on embezzlement and
environmental crimes committed in the
city.
• Fraud Detection Kit offers instructional
materials to help businessmen detect and
deduce occurrences of fraud within their
organizations.
[ 47 ]
 Rocco R. Vanasco • White Collar Crime discusses the serious-
Fraud auditing ness of white-collar crimes and how the law
Managerial Auditing Journal and judges impact the defense strategies for
13/1 [1998] 4–71 the companies.
• IRS Investigator’s Handbook describes how
IRS investigators trace financial transac-
tions as they relate to white-collar crime.
• The National White Collar Crime Center
provides investigative report services to
assist in the fight against economic crimes.
• The National Center for Justice provides
links to other agencies and other areas
within the domain of criminology.
• The National Fraud Information Center is a
coalition among the National Association
of Attorney Generals, the Federal Trade
Commission, the National Consumers
League, and MasterCard. It provides links
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
for contacting the coalition to report an
incident or to obtain information on previ-
ous reported activities.
• The Transparency International provides
useful information to anyone interested in
researching the international corporate
offenders.
• The Anthem Corporation distributes the
Financial Crime Investigator which allows
the user to write queries in the database
management or mainframe computer
system. Fraud indicators are matched with
profiles of specific fraud schemes.
Gulf Investigation, Inc.’s Report on white
collar (1997) is alarming:
White-collar crime is a rampant vicious
plague which is crippling the American
economy. Credit card fraud may exceed 1.5
billion in 1994. Bank and insurance fraud
has already exceeded even the most outra-
geous estimates of the 80’s. There are no real
accurate numbers for the amount of dollars
lost in check fraud, just educated estimates.
It is estimated that 90% of the daily business
transactions in the U.S. involve checks. In
1993, about 100 billion checks (not dollars)
were processed with an average return
(bounce) rate of about 2 percent. Collectabil-
ity studies in the mid-1980s reflected a 50%
recovery rate. This figure is unrealistic in
the economic climate of the 1990s. Major
retailers reported in 1992 that the amount of
uncollectible checks presented to them
increased by over 35% from 1991. The Fed-
eral Bureau of Investigation estimated in
1992 that 15 fraudulent checks were passed
each second, that equates to 54,000 checks an
hour.
In Guam, the Twenty-third Legislature intro-
duced Bill No. 116 which added a new No.
30116 to Title 5, Guam Code Annotated, rela-
tive to establishing a White Collar Crimes
Unit within the Prosecution Division of the
Department of Law. The Attorney General
may utilize the services of specified personnel
[ 48 ]
in any Executive Branch department or
agency for White Collar Crime prosecution
purposes (Charfauros, 1995).
Freeman and Forcese (1994) argue that the
war on crime in Canada largely ignores not
only such white-collar employee crime, bus
also violations committed by corporations.
These include tax evasion, bribery, fraudu-
lent advertising, illegal mergers, and monop-
oly pricing. Canadians pay increased taxes
and prices for consumer goods amounting to
as much as US$20 billion a year as a result of
white-collar crime. US statistics show that
white-collar and corporate crime accounts for
US$10 for every one dollar lost to robbery,
burglary, larceny and auto theft combined. If
this 10 to 1 ratio applies to Canada, Freeman
and Forcese estimate that corporate crime
costs Canadians about US$30 billion a year.
Employee fraud
One of the most effective ways of deterring
dishonest conduct is by not hiring dishonest
employees (Sawyer, 1988).
Kroll Associates Inc. (1993), a business fraud
detective agency based in New York City,
offers the following list of behavior and
events as early signs that may point to trouble:
• Significant changes in behavior, including
unexplained mood swings.
• Reluctance to take vacations or be away
from the office.
• Suggestions of heavy personal debts.
• Extravagant purchases or lifestyle.
• Unusually close ties to vendors or a sudden
switch in long-term vendors.
• Tendency to manage by crisis: a disregard
for structure, controls, or procedures.
• A desire to control operations and safe-
guard assets: a disregard for segregation of
duties.
• Continued adversarial relationships with
groups within and outside the organization
– particularly auditors.
• Chronic job frustration: a known malcon-
tent.
According to Bliss et al. (1997), nearly 75 per-
cent of employees steal at least once, and half
of those are repeat offenders. As a result,
almost one in three small business failures
can be attributed to internal theft. They claim
that employee fraud is far more costly and
devastating than all crimes committed by
shoplifters, vandals, and armed robbers. The
most common rationalizations for stealing
are:
• I’m only borrowing the funds until I get a
raise.
• No one will get hurt, the company has bud-
geted for this.
• Everybody does it.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The IIA Florida West Coast Chapter (1990)
reported that a bank teller frequently went on
shopping trips to New York City and Mexico,
owned an expensive condominium, and
bought expensive lunches for friends. Most
bank tellers cannot afford that lifestyle. The
auditor’s review of the branch’s record dis-
closed that almost half million dollars was
missing. The teller processed entries, per-
formed reconciliations, and handled
disbursements. There was no separation of
duties, and the teller was trusted by the
branch manager.
The Institute of Internal Auditors’ Profes-
sional Standards Bulletin (PBS 84-3) warn
that audit tests are not designed to make
detailed examinations and verifications of all
transactions to detect employee fraud and
other irregularities. However, internal
auditors have the basic responsibility to use
due professional care in the application of
audit skills, tests, and conclusions based on
the appropriate complexities of the audit
being performed. Internal auditors cannot
give absolute assurance that irregularities do
not exist. The possibility of material irregu-
larities should be considered by internal
auditors when undertaking audit responsibil-
ities (PSB 84-3).
Embezzlement
Embezzlement, like all crime, is a product of
motive and opportunity (Bologna, 1994).
Embezzlement constitutes a fraud. It is the
intentional appropriation of property
entrusted to one’s care. Embezzlers convert
property to their own use and conceal the
theft. Bologna (1994) cites the following envi-
ronmental factors that enhance the probabil-
ity of embezzlement:
• Inadequate rewards.
• Inadequate internal controls.
• No separation of duties or audit trails.
• Ambiguity in job roles, duties, responsibili-
ties, and areas of accountability.
• Failure to counsel and take administrative
action when performance levels or personal
behavior fall below acceptable levels.
• Inadequate operational review.
• Lack of timely or periodic review, inspec-
tions, and follow-up to assure compliance
with company goals, priorities, policies,
procedures, and governmental regulations.
• Failure to monitor and enforce policies on
honesty and loyalty.
Embezzlers are persons who hold fiduciary
positions. Bologna cites the following
schemes to embezzle cash:
• Borrowing cash from funds to be deposited
on the assumption that the embezzler will
make it up on the next day (lapping).
• Borrowing petty cash and submitting ficti-
tious or personal checks to keep the
account balance in line.
• Diverting petty cash for personal use by
submitting phony invoices and expense
bills.
• Recording a deposit from an interbank
transfer in the current period while failing
to record the related disbursement until the
next period kiting.
Smith (1995) offers a typology of individuals
who will embezzle:
• The “Keeping up with the Joneses” type is
the individual who wants to live a life of
luxury. The only way to afford this lifestyle
is to steal from the employer.
• The “Opportunist” type is the person who
quickly detects a lack of or a weakness in
internal control and seizes the opportunity
to use this deficiency to his benefit.
• The “Crisis/in need” type is the individual
who resorts to stealing to pay for large
family medical bills, to support his/her
abuse of an expensive substance such as
cocaine, or to pay gambling debts.
• The “Professional criminal” type is an
individual who has made a career of
stealing and has learned to cover his/her
tracks.
• The “Unsatisfied/disgruntled” type is the
individual who thinks that he/she has
been unfairly treated. He/she steals to
get the “compensation he/she deserves”
for his/her work or punish his/her
employer.
To deter embezzlement, Smith (1995) recom-
mends the following measures:
• institute strong internal control policies
which reduce the opportunity for crime;
• conduct an aggressive and thorough
background check prior to employment;
and
• identify behavior patterns and intervene
before they cause problems.
Other measures management could also
consider are:
• Create a positive work environment.
• Train all employees on drug awareness and
encourage them to seek help.
• Contract with a family crisis counseling
service to provide assistance to employees.
• Consider whether to establish a drug test-
ing policy.
• Adopt an open door policy. Encourage
employees with work-related or personal
problems to discuss them freely with man-
agement.
• Provide a telephone hotline service so
employees can anonymously report suspi-
cious wrongdoing and other ethics viola-
tions.
[ 49 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 50 ]
If an internal auditor suspects that an
employee is embezzling funds, the auditor
must:
• exercise due professional care; and
• inform the appropriate authorities in the
company.
Due professional care dictates that a suspect
should not be confronted until supporting
evidence has been gathered.
Bliss and Aoki (1997) claim that in nearly
every case of embezzlement, a detailed analy-
sis of the company records shows that the
basic accounting system and the related
accounting control structure are the key for
evidence of past, present, and future internal
fraud.
Kiting
Internal theft schemes work on the basis of
four principles: disguise, divergence, diver-
sion, and conversion (Bologna, 1994).
Kiting is the recording of a deposit from an
interbank transfer in the current period
while failing to record the related disburse-
ment until the next period. The auditor
detects kiting by:
• examining a schedule of bank transfers for
a period covering a few days before and
after the balance sheet date; and
• comparing paid checks returned in the next
day period, and dated prior to year-end,
with checks listed as outstanding on the
related bank reconciliation.
Chambers (1985) reported in the New York
Times a well-publicized kiting case involving
the president and chief executive officers of
Transit Mix Concrete Corporation and two
large banks, Marine Midland and Citibank.
The officers drew checks in the Transit Mix
Concrete account at Citibank and deposited
those checks in an account at Marine Mid-
land for Water Tunnel Associates, a dummy
company also operated by the officers of
Transit Mix Concrete. The officers of Transit
Mix Concrete Co. were charged with stealing
US$23 million.
Alexander (1985) reported another kiting
case in Time. The use of float permitted the
brokerage firm of E.F. Hutton fraudulently to
obtain interest-free loans exceeding US$8
million from 400 banks between 1980 and 1982.
Twenty or so executives participated in the
kiting scheme. Although the fraud was
insignificant to the bottom line, nonetheless
the results were devastating to Hutton, which
eventually sold out.
Larceny
The forensic auditor knows about those “red
flags” that make organizations their own
worst enemy by routine control overrides,
poor financial planning, unusual complex
procedures, and organizational indifference
(Alpert, 1992).
Bologna distinguishes larceny from embez-
zlement. The difference lies in the issue of the
legality of the article stolen. In larceny, the
thief never had legal custody, whereas the
embezzler was legally authorized by the
owner to take or receive the article and to
possess it for a time.
The IIA Baltimore Chapter (1994) reported a
case of larceny. A security group investigated
and determined that a former employee had,
through available technology, created copies
of a blank check that had been reported miss-
ing before the employee had been terminated.
The fraud totaled US$7,000. The former
employee was charged with grand larceny. As
a result, controls were put in place to deter-
mine whether or not checks are real.
Lapping
The purpose of lapping is to keep all
accounts current in order to avoid auditor
suspicion and unusual customer exceptions
to confirmation requests (Konrath, 1996).
Lapping is a type of embezzlement involving
misappropriation of cash from a customer
and covering the resulting shortage with
subsequent cash collection from another
customer. To conceal the shortage, the
defrauder attempts to:
• keep bank and book amounts in agreement
so that a bank reconciliation will not detect
the fraud;
• correct the customer’s account within a few
days. Any discrepancy in the customer’s
account can be explained as a delay in
receiving the cash or posting it.
To detect lapping, auditors:
• confirm accounts receivable;
• make a surprise cash count; and
• compare the details of Cash Receipts Jour-
nal entries with the details of the corre-
sponding deposit slips.
Lapping is an internal control weakness. It
can be prevented by separating the cash col-
lection from the recording function. Lapping
often involves fraud of small amounts. It is
detected when there is suspicion of fraud.
Pilferage
Organizations should focus their efforts not
on eliminating occasional pilferage but on
keeping it from blossoming into chronic or
professional abuses (Wells, 1994).
Webster’s Dictionary defines “pilfer” as “to
steal in small quantities.” It is done over and
over almost daily by employees at all levels of
the organization. Wells (1994) reported that in
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
the USA alone, workers annually pilfer a
billion dollars in paper clips, pencil, station-
ary, and postage. Nationwide, employees may
pilfer as much as US$200 million a day – about
US$4 per employee.
Edgerton (1992) reported that the cost of
more serious employee thefts has grown
dramatically. The survey conducted by the
London House and Food Marketing Institute
of more than 1,000 supermarkets shows that
the average amount of theft per employee
rose from US$44.72 per employee in 1989 to
168.48 in 1992 – an increase of 379 percent.
The IIA Houston Chapter (1991) reported a
case of pilferage of narcotics:
The internal auditor, while reviewing the
narcotics inventory and activity reports,
found that the beginning balances did not
always agree with the previous day’s ending
balance. When the balances disagreed, the
beginning balance was less than the previ-
ous day’s ending balance. These differences
always occurred when a particular nurse
was on duty. Further study determined that
the nurse had a personal substance abuse
and was pilfering the narcotics.
The IIA Mount Diablo Chapter (1993)
reported a case of deceitful pilfering. A
review of refund receipts issued by the
cashier during the previous months detected
more cases of questionable refunds:
• some handwritten;
• different customers; and
• no supervisor signatures.
The cashier was interrogated and admitted to
pilfering over US$25,000 via a refund scam.
The auditor recommended strengthening
internal control over refund procedures.
Part X: Accounts vulnerable to
fraud
Accounts receivable and sales
All fraud is done by those we trust… Audi-
tors and management should trust people,
but we are inviting trouble if we allow blind
trust to replace vigilance in auditing or
management (Thompson, 1992).
The case of United States v. Natelli (1975) deals
with the failure to disclose properly the write-
off of uncollectible accounts and the over-
statement of sales thus making financial
statements misleading.
Financial statements may be materially
misstated by inflated accounts receivable and
sales at year end. The two most common
schemes are:
1 fabricated invoices; and
2 increased sale prices substantially above
the company’s list prices.
Auditors can detect such a fraud while per-
forming sale cutoff tests and examining
transactions a few days before and after year
end.
Sales and marketing fraud is one of the
biggest exposure areas for companies. It may
take the form of fraudulent actions designed
to generate fictitious commissions, or sales
representatives who defraud customers for
the benefit of the company or themselves
(Internal Auditor, 1995c).
The Cohen Commission reviewed several
fraud cases and found that direct confirma-
tion of accounts receivable from outside par-
ties did not provide the expected assurance
because outsiders ignored incorrect informa-
tion and actually cooperated with manage-
ment in giving incorrect information
(Wallace, 1995).
To uncover vendor fraud, auditors look for
red flags or weaknesses in the internal con-
trol system such as:
• vendor not on the approved vendor list;
• invoice without purchase order or receiv-
ing document;
• payment without invoice;
• vendor’s address, telephone number, and
ZIP code matches employee’s address;
• sequentially numbered invoices;
• others (Kramer, 1996).
Cash receipts and disbursements
Since auditors are now sued every time
there is an undetected fraud, there should be
fewer undetected frauds and, hence, fewer
lawsuits (Albrecht, 1996b).
Commingling personal and company funds
can lead to potential fraud. The IIA North-
west Metro Chicago Chapter (1993) reported a
case in which during a controls review of a
newly established distribution center, the
internal auditor found that cash receipts,
which averaged US$125,000 daily, were
deposited in the personal account of the cen-
ter’s accountant. The accountant remitted the
cash receipts to the central accounting office
by personal check. When the auditor brought
to management’s attention the commingling
of personal and company funds, the company
established a centrally controlled bank
account and night deposit procedures.
Lack of separation of duties for cash
receipts and cash application may cause
fraudulent misappropriation of cash. The IIA
North Jersey Chapter (1995) reported that the
internal auditor’s review of the receipts’ log
and comparison of the log to bank amounts
revealed that US$39,000 had simply evapo-
rated. Further review of the cash receipt
functions performed by the same person who
made the bank deposits disclosed another
US$50,000 in revenue losses where profits
[ 51 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 52 ]
should have been realized. Afterwards, inter-
nal controls were implemented to ensure
separation of duties for cash receipts, cash
application, and cash report functions to help
prevent such losses in the future.
The IIA Houston Chapter (1997) reported
that a duplicate payment of US$75,300 was
discovered by the internal auditor during a
review of transactions. The invoice for the
duplicate payment could not be located. The
auditor reiterated the relevance of appropri-
ately documenting payment and reviewing
them for potential duplicate payments.
Petty cash
In fraud, there is no issue of materiality
(Morley, 1994).
Morley (1994) audited the petty cash fund of a
large organization and learned that:
• All fraud is committed by those we trust.
• Early detection is sometimes the best pre-
vention.
• Auditors must be persistent in following up
on explanations, particularly those that do
not make sense.
• Dumpster diving can sometimes prove to be
a useful tool in detecting fraud.
• When fraud is suspected, even the slightest
variation from the norm is worth pursuing.
• It helps to know that fraud is likely, but
some symptoms demand follow-up.
The IIA Wichita Chapter (1991) reported the
following case of cash shortage:
A special audit was conducted and employ-
ees were interviewed. A suspect was identi-
fied,but no sold evidence was found. The
manager and auditor were advised by the
legal counsel that actual theft must be
observed; witnesses must actually see a
smoking gun in the suspect’s hand, so to
speak. After hours, hidden video cameras
were installed and within 48 hours a visual
record was made of the suspect taking the
money. The employee was dismissed and
additional controls were implemented.
Inventory
When a fraud is expected, auditors perform
threat analyses, which means they examine
what assets are held and how those assets
can be taken. Then, the auditors strive to
outsmart the crooks (Wallace, 1995).
The media has reported several allegedly
fraudulent financial statements attributed to
significant inventory misstatements. A
December 1992 Wall Street article, “Inventory
chicanery tempts more firms, fools more
auditors,” stated that the “recent rise in
inventory fraud is one of the biggest single
reasons for the proliferation of accounting
scandals.”
Several fraud cases have shown that inven-
tory is often misappropriated by both man-
agement and employees. In Cenco Inc. v.
Seidman & Seidman, top management
defrauded the company of US$25 million in
inventory.
If it appears that defalcation may exist as a
result of inventory manipulation, Clyde Lev-
ington (1991) recommends the following pro-
cedures:
• take a physical inventory and account for
the purchases and cost of sales during the
period following the end of the fiscal period;
• determine the reasonableness of the gross
value of inventories at year’s end;
• verify the extensions and additions on the
inventory used to record the value at the
beginning and end of the fiscal year; and
• review the policies and the application of
the internal control procedures concerning
the custodians involved in physically han-
dling the inventory.
The IIA Calgary Chapter (1991) reported that
the internal auditor was observing a quar-
terly inventory and questioned the value of
some damaged items. The damaged items
were kept on hand until the suppliers could
inspect them and issue replacements. The
auditor found that the items were included
twice, once as inventory on hand and again as
receivables.
The IIA Atlantic City Chapter (1991)
reported the following case of inventory
fraud:
Inventory and requisitioning were con-
trolled by means of an automated perpetual
inventory system. The auditor noticed that
the requisition form was blank and the
bartender had to write in the alcoholic
beverages that were delivered. The auditor
determined that no one ever matched the
quantities input to the inventory system – a
control weakness that prevented detection
of inventory shrinkage. The auditor
matched the requisition forms with the
quantities of alcoholic beverages delivered.
Numerous deficiencies were detected. The
auditor recommended that matching
required quantities and ordered quantities
become part of the normal process of alco-
holic beverage control.
Wells (1997) reported an inventory fraud in an
US Army Commissary. The Army Audit
Agency uncovered the inventory skimming
scheme perpetrated by the meat manager.
The manager was able to defraud the Army
Commissary by raising the price of the meat
high enough to make up for the amount of
government-purchased meat he diverted to
outside restaurants. The total loss of the
scheme was estimated at US$5 million or
more.
 Rocco R. Vanasco Accounts payable/purchases
Fraud auditing When one person is given total control over
the financial records, it is a license to steal
Managerial Auditing Journal
13/1 [1998] 4–71 (Bliss and Aoki, 1997).
A transfer of cost of sales to a prepaid asset
account may cause fraudulent financial state-
ments. Thompson (1993a) reported a case of a
financial reporting fraud in which an
unrecorded cost of sales for US$1.2 million
took place. The audit manager had deter-
mined that cost of sales was 39 percent, well
within the industry standard, but the accoun-
tant responsible for preparing the cost of
sales analysis showed that cost of sales
averaged 44 percent, not 39 percent. The dif-
ference was not caused by overpayment as
alleged by the accountant but from an unsup-
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
ported adjustment made by the financial
controller to the general ledger from food
inventory account to a prepaid asset account.
Such a transfer overstated the preliminary
net income to the parent company.
The IIA San Francisco Chapter (1993)
reported a case of nonexistent vendor fraud.
An audit had shown significant control weak-
nesses in accounts payable. There was no
verification of the existence of vendors, and
checks were returned to the requesting sales-
people for delivery to the vendors. The audit
findings showed that the sales manager had
stolen US$430,000 by means of checks written
to nonexistent vendors and diverted to the
manager’s bank accounts. The auditors rec-
ommended validating vendors and stopping
the practice of hand delivery of checks.
Payroll fraud
If your readers spot a man who cheats in
little ways on their team, I suggest that they
get rid of him fast. This kind of man won’t
carry his load in little ways, so why should
you expect him to be honest in the big
things? (White, 1977).
Payroll fraud can be perpetrated by the most
common schemes:
• setting ghost employees;
• failing to delete employees who have been
terminated; and
• submitting excessive overtime.
To detect these kinds of fraud, auditors apply
the following analytical tests:
• duplicate and validity tests;
• exception testing; and
• recalculations (Crowder, 1997)
Fraud may arise from a lack of implementa-
tion in the internal control system. The IIA
Florida West Coast Chapter (1990) reported
that a company payroll clerk, who manually
prepared paychecks, figured nobody checked
to see that the amount withheld for taxes was
accurate to the penny. To make the payroll
worksheet balance, the clerk’s withholding
was increased by the pennies. Nobody com-
plained. The clerk’s good luck soured after
the pennies became quarters and the IRS
investigated the clerk’s filing for several thou-
sand dollar federal tax refund for possible tax
fraud.
The IIA Calgary Chapter (1991) reported
that an auditor performed a thorough compli-
ance test of the payroll system and found little
evidence of control in the update and check
reconciliation and distribution process. With
the help of the financial officer, the auditor
was able to convince management to imple-
ment new controls and strengthen existing
controls in the payroll systems.
The IIA North Jersey Chapter (1995)
reported that through a simple review of
payroll records, an internal auditor was able
to uncover several irregularities in the orga-
nization’s employee benefit plan such as:
• former employees were still being carried
on the employer-paid health insurance
roster;
• a 22-year-old, non-college student son of a
personnel department employee was
included in the insurance roster even
though he was not considered an eligible
dependent; and
• retired employees were present on the
active payroll and were receiving a full
retiree pension at the same time.
Pensions plans and benefits
Given current social trends, it no longer is
expedient, and could be described as impru-
dent, to assume automatically that the client
and its subordinates are trustworthy
(De Groot, 1997).
The looting of pension funds of the Salvation
Army Endowment, the Chicago Housing
Authority and other organizations has been
reported in the media. The following cases of
pension fraud show that management abuse
of pension funds is both a national and inter-
national concern.
In 1993, Britain’s Serious Fraud Office
indicted Kevin and Jan Maxwell charging
them with defrauding pension participants of
approximately US$375 million missing from
the company pension funds (Schvimmer,
1993). British fraud investigators allege that
shares belonging to Maxwell pension funds
were illegally used to secure loans to prop up
Robert Maxwell’s private ventures. In 1996,
the Serious Fraud Office found the Maxwells
not guilty of misusing L 122 million in shares
belonging to Maxwell Company pension fund
(Chernoff, 1996). The UK Goode Committee’s
report on proposed pension law reforms
would increase the accountant’s role, both as
an auditor and adviser to pension plans. The
[ 53 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 54 ]
report calls for auditors to be statutorily
required to report serious or persistent irreg-
ularities to regulators and calls for stronger
position for trustees to safeguard against
fraud or irregularity (Cole, 1993).
In 1994, the IIA Tucson Chapter reported
that confirmation notices were mailed to all
pensioners (about 1,000). The recalculation of
the pension benefits for the sample of pen-
sioners detected five pensions that were inac-
curate. The inaccuracies appeared to have
been caused by data input errors. Three of the
pensioners were due a total of US$10,000 plus
interest, and two pensioners had been over-
paid a total of US$11,000.
On April 11, 1996, President Clinton pro-
posed a plan to reduce pension fraud by
allowing audits of all retirement and pension
funds and requiring auditors to report sus-
pected bribery, theft, or kickbacks within five
days (O’Connell and Schultz, 1996).
Related-party transactions
In carrying out all phases of the audit, the
auditor should be alert to any clues regard-
ing the existence of related parties and for
transactions involving them (Kapnick,
1980).
Related-party transactions played a large role
in several well-publicized fraud cases such as
Allied Crude Vegetable Oil, BarChris, Cenco,
CIT Financial, Continental Vending, Equity
Fund, Four Seasons, Home-Stake, Homex,
McKesson & Robbins, Penn Central, Republic
National Life Insurance, Sterling, Talley
Industries, US Financial, Vesco, Westec, West-
gate and many others. Related-party transac-
tions are frequently used as conduits for
transferring assets out as the Continental
Vending Machine fraud case. To muddy the
audit trail, loan proceeds are transferred
back and forward between the companies.
In July 1975, the AICPA issued SAS No. 6,
Related Party Transactions and provided the
following definition:
Related parties exist when another entity
has the ability to significantly influence the
management or operating policies of the
transacting parties or when another entity
has an ownership interest in one of the
transacting parties and the ability to signifi-
cantly influence the other, to the extent that
one or more of the transacting parties might
be prevented from fully pursuing its own
separate interests.
In 1982, the FASB issued Statement of Finan-
cial Accounting Standard No. 57, Related
Party Disclosures which states: “Auditors’
failure of auditing related-party transactions
has been the subject of several fraud scan-
dals.” In August 1983, the AICPA issued SAS
No. 45, Related-party Transactions, which
superseded SAS No. 6. It provides guidance
for auditors in:
• identifying related-party transactions,
• determining the existence of related-party
transactions, and
• examining related party transactions and
balances.
Thomas (1989) reported in the Wall Street
Journal that the auditors who audited the
financial statements of Lincoln Savings and
Loan Association did not devote adequate
audit resources to examine the related-party
transactions and were accused of actually
approving the transactions. The Lincoln
Savings and Loan Association reported losses
exceeding US$2.5 billion!
In 1991, the AICPA, in its Accounting Trends
and Techniques, reported that of the 600 com-
panies surveyed, 192 disclosed related-party
transactions in 1990.
In Autumn 1995, the British Accounting
Standards Board (ASB) issued Financial
Reporting Standard No. 8, Related Party
Disclosures. The disclosure standard is help-
ful in reassuring readers that they have rele-
vant information about matters that may well
have affected a company’s reported perfor-
mance, but many people will see the standard
as a response to fraud that have or may have
involved related parties (Archer, 1996).
Unrecorded liabilities
Suspected wrongdoing must be fully investi-
gated, no matter who the suspect might be
(Thompson, 1993b).
The search for unrecorded liabilities includes
procedures performed through the last day of
field work, such as examining subsequent
cash disbursements. These procedures are
designed to detect liabilities that existed at
year-end but were omitted from liabilities
recorded in the client’s financial statements.
Computer fraud
The computer has greatly enhanced the
ability to conceal fraud (Levi, 1997).
In 1984, the EDP Fraud Review Task Force of
the AICPA defined EDP-related fraud as “any
intentional act, or series of acts, that is
designed to deceive or mislead others and
that has potential impact on an organiza-
tion’s financial statements.” Collier et al.
(1991) also defined computer fraud as “any
fraudulent behavior connected with comput-
erization by which someone intends to gain a
dishonest advantage.”
The first federal prosecution for computer
fraud occurred in 1966 when a programmer in
a Minneapolis bank successfully instructed
the computer to ignore all overdrafts from his
account. The discovery occurred when the
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
bank returned to manual processing after a
computer failure (Alexander, 1974).
Brandt (1977) provided an inventory of the
biggest computer fraud perpetrated against
US and foreign corporations. A lesson is to be
learned from the following examples:
• Ordinary managers and clerks have perpe-
trated more of the discovered computer
fraud than computer experts.
• Analysis of 150 cases indicated that 40 per-
cent of corporate fraud involved fraudulent
payments to creditors (disbursements),
employees via payroll, other individuals
(typically pension or insurance claims).
• Manipulation of incoming funds is most
often tied to some means of permanently
eliminated receivables from accounts
through unauthorized adjustment.
• Manipulation of transactions that are most
common include: adding unauthorized
transactions (e.g. phony purchase orders);
altering transactions (e.g. posting deposits
to another accounting); and not processing
transactions (e.g. interest income).
• Industry groups, which are expected to
have large inventory shrink, may indirectly
encourage fraud in the inventory areas.
• Means of detection of fraud are often suspi-
cions by fellow employees or excessive
greed that prompts an investigation.
In 1978, a survey of EDP-related fraud was
conducted in the banking and insurance
industries in cooperation with the American
Insurance Association, the American Council
of Life Insurance, the Life Office Manage-
ment, and the Bank Administration Institute
(AICPA, 1984).
Of the 854 insurance companies surveyed,
the respondents identified 40 cases they
believed to be EDP-related fraud. The most
frequent scheme in the insurance industry
was generating claim payments to the perpe-
trators or to accomplices. Another scheme
was generating refunds reductions of policy
premiums by authorizing refund checks after
changing policyholder members and
addresses, or by cancelling policies to gener-
ate refund checks automatically. The perpe-
trators of fraud in order of frequency were
clerks, loan officers, data processors, supervi-
sors, insurance agents, and systems program-
mers.
In May 1983, the OECD defined computer
crime as “any illegal, unethical, or unautho-
rized behavior involving data-processing,
and/or transmission of data.”
The findings of the EDP Fraud Review Task
Force of the AICPA (1984) indicate that EDP
fraud may be directly involved by improper
manipulation of:
• input or transaction data;
• output or results;
• application programs;
• data files;
• computer operations;
• communications; and
• computer hardware, systems or firmware.
Leinicke et al. (1990) suggest the implementa-
tion of a cost-effective fraud auditing pro-
gram based on audit hooks or red flags to
detect fraud. The hooks are embedded during
the design phase of a data processing system.
For an insurance company, the audit hooks
are designed to detect unauthorized and
potentially fraudulent charges to policyhold-
ers.
Menkus (1990) observed that understanding
how computer fraud can occur will not elimi-
nate the menace; but internal auditors have
no alternative but to ferret out weaknesses
and develop counterstrategies. He listed eight
distinctive factors that contribute to the per-
sistence of the computer fraud:
1 Inadequate design of the information
system.
2 Aggregation of the information system’s
transaction processing steps so that a
review of what is taking place becomes
impossible.
3 Insufficient discrimination as to the legiti-
macy of the transaction processed by the
information system.
4 Toleration by the information system of
errors – either in data content or process-
ing results.
5 Detachment of the information system’s
ongoing operations from the physical or
functional reality to what it is supposed to
reflect.
6 Unrestrained, unmediated remote access
to an information system that is subject to
possible compromise or manipulation.
7 Restricted ability to collect sufficient
knowledge about the fraud itself – espe-
cially, its scope and extent of the loss that
has occurred.
8 Limits in the investigation tools for ana-
lyzing the knowledge that auditors may
gain about fraud.
Under the auspices of the IIA-UK and the
Chartered Institute of Management Accoun-
tants, Collier et al. (1991) surveyed 300 mem-
bers of both institutes of which 184
responded. The majority of the respondents
indicated that the organizations placed spe-
cific responsibility on the internal audit
department for prevention and detection of
computer fraud. The study also indicated that
96 percent of internal auditors consider the
possibility of fraud when examining new and
existing computerized systems. About 86
percent considered the possibility of fraud
when specific reviews were in progress. The
[ 55 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 56 ]
greatest level of threat was the false computer
input followed by unauthorized access.
Thompson (1991) believes that the move-
ment toward an increasingly computerized
global economy likely will heighten exposure
to fraud. Smith and Crumbley (1991), in Trap
Doors and Trojan Horses, introduced new
auditing techniques to prevent and detect
fraud.
The following surveys show that computer
frauds are mostly attributed to the inade-
quacy or lack of implementation of security
systems.
The IIA Wichita Chapter (February 1991)
reported that, during an audit of microcom-
puter security, the audit found that the com-
pany’s microcomputer policy manual was
rarely followed and was generally looked
upon with disdain. There were varying docu-
mentation standards, backup procedures, and
security methods, ranging from very good to
virtually nonexistent. The audit report
resulted in corrective action to revise and
expand the company’s microcomputer
manual.
Input tampering is considered to be the
most prevalent computer fraud. Input scams
can be prevented with an effective internal
control system such as:
• separation of duties;
• control totals;
• access controls; and
• audit trails (Thornhill, 1996).
Computer fraud, which is considered a crimi-
nal offense, has drawn the attention of federal
and state legislators causing them to be more
vigilant than ever. Thornhill lists the follow-
ing statutes enacted:
• Fraud in connection with Federal Inter-
state Computers (Title 18, USC Section
1030).
• The Electronic Funds Transfer Act (Title
15, USC Section 1693n).
• The Counterfeit Access Device and Com-
puter Fraud and Abuse Act of 1984 (Title 18,
USC Section 1030).
• Computer Fraud and Abuse Act of 1986
(Public Law 99-474).
• Electronic Communications Privacy Act of
1986 (Public Law 99-508).
• Small Business Computer Crime Preven-
tion Act of 1984 (Public Law 98-362).
• Computer Security Act (Public Law 100-
325).
In 1996, the US-based Computer Security
Institute (CSI) queried security practioners
from a variety of US agencies, financial insti-
tutions, and universities. The CSI survey
shows:
• 41 percent of the respondents had
experienced some form of intrusion or
unauthorized use of computer systems
within the last 12 months;
• more than 50 percent cited US corporate
competitors as likely sources of attacks;
• more than 50 percent do not have a written
policy on how to deal with network intru-
sions;
• more than 60 percent do not have a policy
for preserving evidence from criminal or
civil proceedings;
• more than 70 percent do not have a “warn-
ing” banner stating that computing activi-
ties may be monitored;
• less than 17 percent said that they would
advise law enforcement if they thought they
had been victimized;
• about 70 percent cited fear of negative pub-
licity as the reason they would not report a
suspected crime (Internal Auditor, 1996b).
According to a 1996 report from the US Gen-
eral Accounting Office, computer systems in
the US Department of Defense may have expe-
rienced as many as 250,000 hacker attacks in
1995. Such attacks are often successful, grant-
ing unknown and unauthorized persons
access to highly sensitive information, and
they double in number each year due to eas-
ier and more widespread use of the Internet
and to the increasing sophistication of com-
puter hackers (Internal Auditor, 1996c).
Rapalus (1996) feels that there has to be a
greater commitment of resources to informa-
tion systems security and increased coopera-
tion between the private sector and law
enforcement. The information age has
already arrived, “but many organizations are
woefully unprepared.”
Credit card fraud in the US involving bank
cards alone totaled US$680 million in 1995.
The growth percentage of fraud is however
decreasing as new technologies are becoming
more widely used. In 1996, Mastercard and
Visa International developed Secure Elec-
tronic Transactions (SET), a new standard for
credit card payments in the Internet. The key
to SET is that the merchant from whom the
purchase is made never gets to see the buyer’s
credit card number, instead the card number
is encrypted and sent to the merchant’s bank
(Arnold, 1996).
In the UK, a recent KPMG survey of senior-
level finance executives at 1,500 organizations
shows that finance directors are basically
uninformed about computer security issues.
The survey revealed that:
• Ninety-eight percent of the organizations
have not implemented BS7799, the IT secu-
rity standard developed in February by the
UK government and industrialists.
• Sixty-seven percent have no business conti-
nuity plan.
 Rocco R. Vanasco • Only 45 percent have a written security
Fraud auditing policy.
• Only one in five requires formal security
Managerial Auditing Journal
13/1 [1998] 4–71 compliance from business partners.
• Back-ups and disaster plans are untested.
• Compliance reviews are rare.
• Only 36 percent regularly backup data held
on PC’s (Internal Auditor, 1996b).
In the US, the Federal Bureau of Investigation
(FBI) has established International Computer
Crime Squads throughout the country in
response to the rapid escalation of computer
crime.
In 1995, the Futurist predicted that orga-
nized crime will take full advantage of the
information superhighway. A prime target
will be financial institutions. Computer-
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
literate mob groups will reroute electronic-
cash flow and steal valuable information kept
by banks (Internal Auditor, 1995b).
Whistleblowing
Employees who report illegal and unethical
practices in the workplace ought to be pro-
tected and cherished by their employers
(Vinten, 1994).
For Vinten (1994), society owes a debt of grati-
tude to its whistleblowers. He remarked that
in the real world, vigilance is needed to deal
with illegal price-fixing, cheating on govern-
ment defense contracts, abuse and incompe-
tence in hospitals, disregard of health and
safety standards.
The IIA Code of Ethics proclaims that Certi-
fied Internal Auditors or members of The
Institute of Internal Auditors “shall not
knowingly be part of any illegal or improper
activity” and mentions that auditors have an
obligation to the general public. The IIA ethi-
cal posture on informing the “public” on
irregularities seems to contradict its position
taken in the SPPIA and PSB which limits
such information internally. Ethics and loy-
alty may not follow the same line of reason-
ing. Professional Standards Bulletin 83-5
states:
When an internal auditor’s procedures lead
to suspicion of some kind of wrongdoing, the
auditor should determine the possible
effects of wrongdoing, discuss the matter
with the appropriate level of management,
and decide with management who should
investigate or otherwise follow up the suspi-
cion. When wrongdoing is suspected, the
auditor’s responsibility extends to the appro-
priate level of management within the orga-
nization.
The Standards for Professional Practice of
Internal Auditing (1988), Guideline 280.03
states:
When an internal auditor suspects wrongdo-
ing, the appropriate authorities within the
organization should be informed. The inter-
nal auditor may recommend whatever inves-
tigation is considered necessary in the cir-
cumstances. Thereafter, the auditor should
follow up to see that the internal auditing
department’s responsibilities have been
met.
The second Guideline 440.01 states that follow
up is necessary in the reporting process of
improper activities:
Internal Auditing should determine that
corrective action was taken and is achieving
the desired results, or that management or
the board has assumed the risk of not taking
corrective action on the reported findings.
The Institute of Internal Auditors, in its “IIA
position paper on whistle-blowing” recon-
firms that reporting to the board of directors
satisfies the requirements of the professional
standards, particularly when an audit com-
mittee is available to which internal audit is
granted access (Institute of Internal Auditors,
1988).
Mautz et al. (1984), in their survey on whis-
tle-blowing, relate to the unpleasant experi-
ence of whistleblowers:
Within internal auditing, loyalties are likely
to vary with personal plans and opportuni-
ties of the auditors concerned. We found no
strong understanding or teaching with
regard to an overriding professional loyalty
to an institution, position, or ideal. On a
number of occasions when the subject of
whistle-blowing slipped into the conversa-
tion, the attitude of those present was nei-
ther positive nor negative. Some of those
who had an occasion in blowing the whistle
were bitter about the results of having done
so.
There seems to be a consensus that whistle-
blowers ought to be protected from any sort of
retaliatory measures. Gill (1996) believes that
employers are often unwilling to implement
any negative employment decision against a
wistleblower for fear that the employee will
add a claim of retaliation to the suit. Albrecht
(1996a) also agrees that employees must be
given easy avenues for whistleblowing and be
reassured that it is okay to come forward.
Clinard (1990), in his survey, gave several
reasons for nor reporting corporate viola-
tions to the government:
• strong loyalty;
• an employee might not have all the perti-
nent facts about the violation;
• it would make one’s supervisors look bad;
• an individual should quit instead of going
to the government.
Chazen et al. (1985) observed that external
auditors are not legally obligated to blow the
whistle on clients. However, circumstances
may exist when auditors are legally justified
[ 57 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 58 ]
in making disclosures to a regulatory agency
or a third party. Such circumstances occur:
• when a client has intentionally and without
authorization associated or involved a CPA
in its misleading conduct;
• when a client distributed misleading draft
of financial statements prepared by a CPA
for internal use only; and
• when a client prepares and distributes in
an annual report or prospectus misleading
information for which the CPA has not
assumed responsibility.
CPAs should not view Rule 301 on confiden-
tial information as an excuse for inaction
where action may be appropriate to right the
wrongful act committed by a client. The
external auditor’s responsibilities to disclose
illegal clients acts to outside parties is the
same as for material irregularities.
To reduce governmental fraud, Congress
amended the False Claims Act of 1986 which
encourages employees to sue employers who
are defrauding the government. Title 31,
Section 3729-3732, allows individuals to file
what is called a “qui tam” lawsuit (Latin for
“in the name of the King”). Under the law, a
wistleblower can bring suit in the govern-
ment’s name against a company perpetrating
fraud against the government. The False
Claims Act permits recovery of “three times”
the amount of damages caused to the govern-
ment by the false claims, plus a US$10,000
penalty per false claim. The wistleblower,
identified as a “relator” is entitled to up to 30
percent of the amount recovered, including
attorney’s fees. In addition, the Act makes it
illegal for employers to retaliate in any way
against wistleblowers for reporting fraud
(Iraola and Klubes, 1997). Senators Charles
Grassley and Howard Berman felt that this
whistle-blowing provision was aimed at
employees of private companies. In a Febru-
ary 2, 1992 letter to the Washington Post, they
wrote that auditors “have a conflict of inter-
est and an unacceptable incentive to self-deal
if they are allowed to participate in substan-
tial recoveries simply for doing their jobs”
(Internal Auditor, 1992a).
Barlas (1990) reported that the corporate
whistle-blowers could be hurt by the Bush
Administration proposal to tighten the Com-
puter Fraud and Abuse Act of 1986. The
amendments proposed by the Justice Depart-
ment, would classify information in federal
related computer files as “property.” If a
defense contractor employee copied informa-
tion in a Pentagon weapons systems test from
a computer file and slipped that information
to a federal prosecutor or a congressional
committee chairman, that employee could be
prosecuted under federal law.
In 1991, a former Rockwell machinist David
Vosoughka filed a suit under the Federal
False Claims Act, which awards whistle blow-
ers a portion – generally 15 percent on any
money received by the government as a result
of the legal action. The lawsuit alleges that
Rockwell workers routinely charged their
time to space shuttle accounts even when
they were working on other projects. The
Justice Department joined the whistle blower
in the lawsuit and accused Rockwell Interna-
tional Corporation of overcharging NASA
possibly by billions of dollars for contracts to
build part of the space shuttle (Sims, 1991).
In 1992, many members of the US Congress
wanted to increase the protection to workers
and executives who blow the whistle on their
employers’ violations and strengthen Section
11(c) of the Occupational Safety and Health
Act (OSHA) by:
• extending from 30-180 days the time during
which an employee can file a whistle-blower
complaint; and
• allow the Department of Labor to pursue
retaliation allegation via a departmental
hearing, instead of going to federal court as
now is the case (Internal Auditor, 1992b).
Others believe that auditors should be
responsible for whistle-blowing to inform
appropriate authorities when suspected
fraud and other illegalities are discovered in
the course of an audit. Many organizations
have established hotlines as a way of meeting
the requirements of the Federal Sentencing
Guidelines of 1991. The auditing profession is,
however, struggling with the dilemma of
confidentiality and the pressures from Con-
gress to whistle-blow. If confidentiality is not
respected, the entire audit process may be
imperiled (Wallace, 1995).
In 1993, the US Congress proposed a bill
“Financial Fraud Detection and Disclosure
Act.” It aims to force auditors to report mis-
leading corporate financial accounting to the
SEC, seek to encourage such reporting by
giving auditors a time limit to resolve report-
ing problems with management, and to
confer virtual immunity from retribution if
they do report irregularities. The bill has its
critics. Although it recognizes investor’s need
for better financial reporting, it is unlikely to
catch auditors who are criminally conspiring
with their clients as such auditors would not
likely voluntarily report any wrongdoing.
The bill would involve too much government
intervention in business management
(Donlan, 1993).
US Corporations are pleading with the
Supreme Court to strengthen their legal
defenses against the False Claim Act. Since
the Department of Justice values its
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
informants, the corporate plea may be futile
(Yang, 1997).
In the UK, a bill designed to protect individ-
uals who disclose corporate wrongdoing,
failed to get through the UK Parliament. The
Public Interest Disclosure Bill would have
allowed individuals acting in the public inter-
est to obtain a court order protecting them
from termination or discrimination due to
their revelations (Chapman, 1996).
In New Zealand, the Parliament is
currently considering two pieces of legisla-
tion intended to protect whistleblowers:
1 the Wistleblowers Protection Bill, intro-
duced by Phil Goff, a private member of
Parliament, in June 1994; and
2 the Protection Disclosure Bill, a Govern-
ment Bill, introduced in August 1996.
Both bills enable whistleblowers to obtain
immunity from civil and criminal proceed-
ings. The Financial Transactions Reporting
Act of 1996 contains a specific provision for
auditors for reporting irregularities (Dalziel,
1996).
Hotlines
In 1979, the General Accounting Office (GAO)
established a whistle-blowing hotline as a
mechanism for combating fraud, waste, and
abuse in federal expenditures. The success of
the GAO hotline has led other government
agencies, including 26 statutory Inspectors
General, state and local agencies, and private
companies to implement similar programs.
The primary findings resulting from tips
received include private use of government
property, work-hour abuse by federal employ-
ees, fraud by recipients of such benefits as
welfare, social security, disability and hous-
ing, and general mismanagement by govern-
ment employees. Comptroller General Bow-
sher was satisfied with the results of the GAO
hotline and stated that “the existence of the
hot line has been a deterrent factor” (Flesher
and Buttross, 1992).
In 1979, the Department of Defense (DOD)
also established a fraud hotline. The DOD
office of the Inspectors General estimated
that “27 percent of the allegations reported to
the hotline were substantiated with identified
savings of US$5.3 million dollars in a two-year
operation” (Flesher, 1996).
Leinicke et al. (1994) reported on the hot-
lines established by five companies – Archer
Daniels Midland (ADM), First Chicago, Geor-
gia-Pacific, Keystone Insurance, and South-
ern California Edison Company. The results
show the following advantages:
• the fraud surfaced by hotline tips often
results in strengthening internal controls;
• the benefits of operating the hotlines
greatly outweighed their costs;
• if handled properly, the hotlines can be good
public relations tools; and
• they deter fraud.
In 1996, the UK’s Department of Social Secu-
rity set up a hotline for exposing individuals
suspected of making bogus claims. After
receiving an average of 250 calls per hour,
with one-third of them relating to employers –
rather than individuals – who cheat the
system, Social Security Secretary Peter Lilley
called for the establishment of a separate
dedicated line for reporting dishonest
employees. An estimated £1 billion each year
is wrongly paid to benefit claimants who
cheat the system (Internal Auditor, 1996d).
To preserve the anonymity of whistleblow-
ers, Anthem Corporation developed the
Financial Crime Investigator which helps
auditors, investigators, security personnel,
and prosecutors detect, investigate, and
combat contract and procurement fraud. The
program includes pulldown options that
provide advice on how to proceed after an
allegation is made or an anonymous tip is
given, that list the principal indicators of
contract or procurement fraud, and outline
the essential legal proofs of such fraud
(Lindquist, 1995).
Fraud and downsizing
There is a clear social price being paid by
downsizing workers, and at the same time
there is a significant increase in fraud inci-
dents among American business entities
(Van Nostrand and Luizzo, 1996).
Van Nostrand and Luizzo (1996) find a corre-
lation between downsized workers and fraud
increase. The underlying reasons are:
• loyal employees suddenly become embez-
zlers;
• the cutback of personnel in sensitive areas
such as security, payroll, management
information systems makes the company
more vulnerable to fraud;
• the employees tend to retaliate and hurt the
company by committing fraud against it;
• cutbacks are made in those areas where
more fraud protection is needed.
Norman Inkster, president of KPMG Investi-
gation and Security Inc. in Toronto, believes
that many factors in the current business
environment, such as downsizing, de-layer-
ing, and sophisticated technology, can actu-
ally generate more opportunity for fraud
(Gauthier, 1995). Unfortunately, downsizing
dampens employee loyalty, leads to increased
employee fraud and opens the door for more
management abuses.
[ 59 ]
 Rocco R. Vanasco Conflic of interest fraud
Fraud auditing The primary detective control against self-
Managerial Auditing Journal
dealing is to match the employee master file
13/1 [1998] 4–71 records against the vendor file records for
identical information, such as taxpayer
identification numbers, addresses, bank
account numbers, and the like (McNamee,
1996).
Employee fraud often arises when employees
are both self-employed and work, at the same
time, with organizations. They frequently
tend to sell their personal products to the
organizations they work with. McNamee
(1996) wrote that often organizations do not
like to do business with their employees so
that the employees are not placed in a situa-
tion where a conflict of interest exists
between the employees’ responsibilities to
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
the employers and the employees’ self-inter-
est. To prevent employee fraud, he suggests
two preventive controls that should work in
all organizations:
1 a clear communication policy addressing
conflicts of interest and self-dealing; and
2 a screen in the accounts payable program
that provides adequate location addresses
and company ownership information so
that major suppliers can be properly iden-
tified before being added to the vendor file.
Conflicts of interests can lead to types of
fraud that are difficult to detect. Financial
interest in a customer or supplier is an exam-
ple of nepotism. A purchasing agent who had
a personal interest in a supplier could charge
his employer inflated prices (Flesher, 1996).
Fabrizius (1990) reported that an audit
investigation conclusively determined that a
supervisor had repeatedly violated the com-
pany’s conflict of interest policy. These viola-
tions included receiving gifts, kickbacks,
excessive entertainment, and borrowing
money from various vendors. Certain ven-
dors admitted that they had provided to the
supervisor, such expensive items as hunting
rifles and trips to resort areas. To prevent a
reoccurrence of this type of problem, a more
effective vendor-selection process was estab-
lished.
To detect conflict of interest fraud, Kramer
(1996) suggests several steps including the
test for indicators:
• improper sole source awards;
• low-bid award;
• multiple purchases under bid limit.
Crowder (1997) also lists several procedures
to detect potential fraud arising from
employee conflict of interest. Auditors use
CATTs which allow to compare:
• vendor addresses to employee address;
• vendor address to employees’ outside busi-
ness addresses; and
[ 60 ]
• vendor telephone numbers to employees’
home telephone numbers or outside busi-
ness numbers.
Conclusion
The audit department that chooses to be
part of the fraud solution can look forward
to continuing professional challenge
(Thompson, 1991).
Fraudulent financial statements are of great
concern not only to the corporate world, but
also to the accounting profession. Every year
the public has witnessed spectacular busi-
ness failures reported by the media in major
national and international journals, newspa-
pers, and magazines. These catastrophic
events have shocked the public, undermined
auditors’ credibility in their reporting func-
tion, and eroded public confidence in the
accounting and auditing profession. Often
government agencies have been accused of
being naïve and indifferent when their fig-
ures have been grossly misrepresented.
Rather than moving toward a philosophy of a
comprehensive fraud prevention, the audit-
ing profession worldwide seems to be in a
constant motion to enact statutes and audit-
ing standards after the fraud scandals have
been reported widely in the press. Events
such as unreported revenues, manipulation
of losses, inflated sales, fraudulent write-offs
of uncollectible accounts, unusual related-
party transactions, misappropriation of
assets and many other irregularities have
spearheaded several court rulings and
shaped the auditing standards.
Leading writers list the detection of fraud
as one of the most important purposes of
auditing. They view auditing as an important
social service to the economic community
(Seidman, 1939). Mautz and Sharaf (1961) also
believe in the profession as a social service to
the community; they think that “auditors are
truly professional men if they are not in busi-
ness solely for their profit.”
The public and the auditing profession
worldwide seem to have divergent views of
what is expected from auditors. The results of
the surveys conducted by Barron et al. (1997);
Epstein and Gieger (1994); Lowe and Pany
(1993) show that an “expectation gap” exists
in the USA. The Institute of Chartered
Accountants in England and Wales (1992)
issued a report titled “Expectation gap can be
bridged” and urged the profession to embrace
the role of detecting fraud. Also in Canada, an
expectation gap exists since users of financial
statements believe that auditors can detect all
misstatements with the same level of assur-
ance, whereas most auditors would agree that
this is not the case (Cockburn, 1993). Bankers,
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
financial analysts, investors, and even jurors
expect from auditors to search for fraud.
Independent auditors, of course, disagree on
this “perceived” characterization of their
auditing tasks. The public expects auditors to
provide an absolute guarantee against fraud,
failure, and financial ruin. Shareholders and
third parties feel fully justified in demanding
that auditors compensate them for losses and
unmet expectations (O’Malley, 1993b). The
accounting profession needs to address the
public’s unrealistic expectations regarding
the independent auditor’s role in preventing
business fraud. The AICPA has been agoniz-
ing from the attacks leveled against the audit-
ing and accounting profession and appointed
several task forces to deal with the thorny
issue of fraud. Although the fraud issue is
relevant for both the public and the auditing
profession, the auditing profession must,
however, consider the cost/benefit principle
as the overriding factor in audit engagements.
There are, of course, constraints as to how
much evidence auditors can gather. Still
sophisticated management frauds will go
undetected. The historical perspective of the
events presented shows the dilemma the
AICPA is facing in meeting the public interest
in preventing the issuance of fraudulent
financial statements. The emphasis now is to
re-focus the auditor’s attention to search for
fraud when planning an audit.
The 1929 Wall Street market crash is the
classic example of fraud that shocked the
nation. It led the US Congress to take extreme
measures to protect creditors and investors
from the proliferation of fraudulent financial
statements and establish the SEC early in the
1930s. The SEC has pursued unrelentingly its
task by investigating and prosecuting corpo-
rations which have violated the securities
laws. The cases presented show that the SEC
has been quite successful in curving down
the issuance of fraudulent financial state-
ments in the USA. The SEC has become a
model governmental organization worldwide
for preventing fraud and prosecuting compa-
nies for fraudulent acts. As a result, securi-
ties regulators and exchange officials in
many countries are seeking help from their
US counterparts. The International Organi-
zation of Securities Commissioners is work-
ing to adopt the US accounting standards and
rules in disclosure and insider trading
(Schroeder, 1993).
The Institute of Internal Auditors (IIA) has
put fraud deterrence as a top priority task
from its inception. In 1985, it became clear for
the IIA to make a leap forward on this deli-
cate issue and release SIAS 3 – Deterrence,
Detection, Investigation, and Reporting of
Fraud to guide internal auditors in the deter-
rence, detection, investigation and reporting
of fraud. The IIA position is that fraud, no
matter the amount, ought to be investigated
since it may lead to discovery of larger man-
agement or employee misconduct. The same
year, the IIA restated its position on fraud by
releasing IIA Report on Fraud. The aware-
ness of fraud and its devastating results are
being communicated through seminars, con-
ferences, articles and sponsored research. Its
presence and influence are felt worldwide.
Considering the alarming increase of fraud
cases worldwide, the IIA, as an international
association, needs a more comprehensive
plan on how to assist internal auditors world-
wide to protect multinational corporations
from the ravages of fraud. The Foreign Cor-
rupt Practices Acts of 1977 and the Federal
Sentencing Guidelines of 1991 represent two
milestones for the internal auditing profes-
sion. Corporations are required to establish
an internal control system which need to be
monitored by the internal auditing depart-
ment. Heavy fines are imposed on manage-
ment for circumventing the internal control
system.
The IIA, like all other auditing and account-
ing professions, has had its ups and downs.
This led von Schweitzer (1990) to comment, in
his “Professional myopia” that the internal
auditing profession has moved from “the
bright outlook of 1984” to the “uncertainties
of the 1990s.” This may be partially true since
several auditing departments have under-
gone downsizing due to the new wave of cost
reduction and effectiveness. But most corpo-
rations are not really convinced that downsiz-
ing is the key to boost the company’s bottom
line. Considering the new wave and sophisti-
cation of corporate fraud scandals, internal
auditors will play a pivotal role in this area in
the twenty-first century.
The cases examined suggest important
lessons to learn about fraud: new programs,
products, investments, and allowances
require particular scrutiny on the part of the
auditors; failing to discover and prevent mar-
keting and sales fraud on the part of its staff
may be one of the most dangerous mistakes
an organization can make; and executives
will be under increased pressure to prove that
they are preventing fraud through their stew-
ardship of a company (Internal Auditor, 1995).
Lacativo (1995) suggests a risk-based
approach to auditing fraud to respond to the
companies’ expectation that auditors help
them meet the strict federal regulations
against fraud. A review of the current litera-
ture also suggests that companies are relying
heavily on auditors to minimize losses from
fraud. Zeune (1994), in his article “How to fool
auditors,” observed that accounting systems
do not reflect recent changes in the business
environment, the result being that it is easy
[ 61 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
The following individuals
collaborated in the research
project: Anthony C. Carrollo,
US Environmental Protec-
tion Agency; Phillip Cho-
miak, National-Louis Univer-
sity; Donald J. Eberle, Presi-
dent of the IIA Illiana Chap-
ter; Rhoda M. Espiritu,
Coopers and Lybrand; Jim
Feltes, Advocate Healthcare;
Jolene Ferguson, National-
Louis University; Robert C.
Flannery, US Department of
Agriculture; L. Bruce John-
son, Bethlehem Steel Com-
pany; Susan Lione, The
Institute of Internal Audi-
tors; Daniel T. Poludniak,
American Savings Bank;
Brian Reynolds, National-
Louis University; Clifford R.
Skousen, Utah State Univer-
sity; Loren W. Smith,
AMOCO Corporation;
Rudolph L. Tracy, USS-Gary
Works; Rao Vallabhaneni,
US Railroad Retirement
Board; Robert J. Vanek,
Centier Bank; Kenneth
Webster, Bethlehem Steel
Company
[ 62 ]
to perpetrate fraud without being detected by
auditors. This is because traditional auditing
is conducted in a vacuum, with no link
between a business’s key success factors and
the way in which those factors drive the
financial statements.
The international arena seems trouble-
some. The statistics shows that most foreign
countries do not have governmental bodies
like the US Securities Commission, cannot
afford the establishment of a sophisticated
profession like the American Institute of
Certified Public Accountants (AICPA), and
are not joining the Institute of Internal Audi-
tors (IIA) in the same number as the Anglo-
Saxon countries. The ravages of fraud in
Africa, Europe, Asia, and Eastern European
countries are devastating and getting worse.
In a global economy and multinational trade,
the trend of international fraud affects all
countries. American investors and financial
institutions have vested interest in many
foreign corporations; international fraud
puts all at risk.
Health care fraud, insurance fraud, defense
procurement fraud, and other types of fraud
against the federal government are taking an
enormous toll on the taxpayer’s money. To
reduce fraud in the industry sector, the IIA
could establish task forces to develop “indus-
try guides” dealing with fraud prevention,
detection, deterrence, and reporting. There
seems to be a consensus that both internal
auditors and external auditors need to
sharpen their skills to meet the challenges of
fraud detection and prevention.
The cases examined show that cash, inven-
tory, and related party transactions are prone
to fraud. Auditors assign a high risk index to
the potential misappropriation of inventory,
cash defalcation, and conflict of interest.
The advent of the computerized systems
has increased the improper manipulation of
input or transaction data, application pro-
grams, data files, and computer operations.
Embedded fraud is often hard to detect. To
survive in the twenty-first century, the
modern auditor needs a very extensive
knowledge and practice in EDP auditing.
The IIA must launch a “global plan” to
train and harness internal auditors with
more sophisticated techniques in combatting
fraud globally and restructure its auditing
framework to meet the needs of all internal
auditors worldwide.
References and further reading
Abbott, A. (1993), “Italian health sector in disar-
ray following more scandals”, Nature, No. 364,
August 19, p. 663.
Abelson, A. (1994), “Russian roulette”, Barron’s,
Vol. 74, August 8, p. 5.
Accountancy (1995), “Statement of auditing stan-
dard 110, fraud and error”, Vol. 115, March,
p. 125.
Accountancy (1995), “Statement of auditing stan-
dard SAS 120, Consideration of Law and Regu-
lation”, Vol. 115, March, p. 125.
Accounting Today (1990), “Big Six firm barred”,
July 23.
ACFE (1995), Fraud Examiners Manual.
ACFE (1996), “AICPA writes statement on fraud in
financial audit”, The White Paper, May/June,
p. 46.
ACFE (1996), “Top fraud fugitive arrested in
Bahamas”, The White Paper, May/June, p. 47.
AICPA, SAS 1 (1972), Codification of Auditing
Standards and Procedures, AICPA, New York,
NY.
AICPA, SAS 6 (1975), “Related party transactions”,
July, AICPA, New York, NY.
AICPA (1978), “Commission on auditors’ responsi-
bilities”, Report, Conclusions, and Recommen-
dations, AICPA, New York, NY, p. 32.
AICPA, SAS 45 (1983), “Omnibus statement on
auditing standards”, August, AICPA, New
York, NY.
AICPA (1984), Report on the Study of EDP-related
Fraud in the Banking and Insurance Indus-
tries, EDP Fraud and Review Task Force, New
York, NY.
AICPA, SAS 53 (1988), The Auditor’s Responsibility
to Detect and Report Errors and Irregularities,
AICPA, New York, NY.
AICPA, SAS 55 (1988), “Consideration of the inter-
nal control structure in financial statements”,
April, AICPA, New York, NY.
AICPA, SAS 60 (1988), The Communication of
Control – Structure Related Matters Noted in
an Audit, April, AICPA, New York, NY.
AICPA, SAS 61 (1988), “Communication with
audit committee”, April, AICPA, New York,
NY.
AICPA SAS 54 (1988), Illegal Acts by Clients,
AICPA, New York, NY.
AICPA (1991), Accounting Trends and Techniques,
AICPA, New York, NY.
AICPA (1993a), Meeting the Financial Reporting
Needs of the Future: A Commitment from the
Public Accounting Profession, AICPA, New
York, NY.
AICPA (1993b), In the Public Interest: Issues Con-
fronting the Accounting Profession, AICPA,
New York, NY.
AICPA SAS 82 (1996), Consideration of Fraud in a
Financial Statement Audit, AICPA, New York,
NY.
Albrecht, S.W., Howe, K.R. and Romney (1984),
Deterring Fraud: The Internal Auditor’s Per-
spective, IIA Research Foundation, Altamonte
Springs, FL.
Albrecht, S.W., McDermott, E.A. and Williams,
T.L. (1994), “Reducing the cost of fraud”, Inter-
nal Auditor, Vol. 51, February, p. 28.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Albrecht, S.W., Stice, J.D. and Stocks, K.D. (1993),
“What do internal auditors need to know?”,
Internal Auditor, Vol. 50, October, pp. 56-9.
Albrecht, W.S. (1996a), “Employee fraud”, Internal
Auditor, October, p. 26.
Albrecht, W.S. (1996b), “The expectation gap”, The
White Paper, Vol. 10, September/October,
p. 19.
Alexander, C.P. (1985), “Crime in the suites”,
Time, June 10, p. 56.
Alexander, T. (1974), “Waiting for the great com-
puter rip-off ”, Fortune, July, p. 146.
Allen, B. (1977), “The biggest computer frauds:
lessons for the CPAs”, Journal of
Accountancy, May, pp. 52-62.
Alpert, B.S. (1992), “Federal sentencing guide-
lines”, Internal Auditor, October, p. 46.
Andersen, A. (1963), The First 50 Years, Arthur
Andersen, Chicago, IL.
Antilla, S. (1995), “Invest $200,000, get 15 percent
rate”, New York Times, March 3, p. D1.
Apostolu, B. (1985), An Investigation of Internal
Auditor Judgment of the Indicators of Potential
Fraud: An Analytical Hierarchy Approach,
Louisiana State University, Baton Rouge, LA.
Archer, G. (1996), “Related parties: still hard to
spot”, Accountancy, Vol. 117, January, p. 64.
Arena, R.W. (1992), Auditing to Prevent Fraud and
Abuse, IIA Research Foundation, Altamonte
Springs, FL.
Arens, A.A. and Loebbecke, J.K. (1994), Auditing –
An Integrated Approach, Prentice-Hall, Engle-
wood Cliffs, NJ.
Armstrong, J.E. (1988), “Auditing to detect fraud”,
The CPA Journal, September, pp. 78-82.
Arnold, W. (1996), “Fraud, nosy web pages tor-
ment internet users”, Asian Wall Street Jour-
nal Weekly, Vol. 18, March 18, p. 19.
Aspen, M. (1992), US district judge, quoted by
Alpert, S.B., “Federal Sentencing
Guidelines”, The Internal Auditor, October,
p. 46.
Balinga, W. (1992), “Right to bring securities fraud
and RICO action against auditors upheld”,
Journal of Accountancy, Vol. 173, June, p. 29.
Bannon, L. (1994), “Official admits to tax bribery
at Fininvest”, Wall Street Journal, July 26,
p. D13.
Barlas, S. (1990), “Justice department wants tight-
ening of computer fraud law”, Internal Audi-
tor, October, p. 11.
Barlas, S. (1993) “AICPA supports revised fraud
detection act”, Management Accounting,
Vol. 74, May, p. 9.
Barron, D.C., Johnson, D.A., Searfoss, D.G. and
Smith, C.H. (1997), “Uncovering irregulari-
ties: are we closing the expectation gap?”, The
Journal of Accountancy, October.
Baum, J. (1994), “Fast friends: stock scandal tars
all of Taiwan’s main parties”, Far Eastern
Economic Review, Vol. 157, October 27, p. 30.
Begg, T.E. Jr (1994), “Using shared liability to
combat check fraud”, The Banker Magazine,
Vol. 117, November/December, pp. 57-60.
Bergstrom, R.J. and Morrison, J.L. (1993), “RICO:
has the ultimate weapon been crushed?”,
Journal of Accountancy, June, p. 17.
Berton, L. (1986), “Grant Thorton finds itself in
turmoil”, Wall Street Journal, April 14, p. 6.
Berton, L. (1988), “Accountants try to keep RICO
at bay”, Wall Street Journal, April 29, p. 19.
Berton, L. (1992), “Legal beat: Ernst accord may
give FDIC leverage”, Wall Street Journal,
December 3, p. B11.
Berton, L. (1992a), “Holding accountants account-
able”, Wall Street Journal, September 22,
p. A18.
Berton, L. (1996), “Judge dismisses racketeering
charges against accountants in DeLorean
case”, Wall Street Journal, April, p. B8.
Berton, L. and Adler, S. (1992), “CPAs nightmare:
how audit of bank cost Price Waterhouse $338
million judgment – firm, which plans to
appeal, allegedly failed to spot a weak loan
portfolio”, Wall Street Journal, August 14,
p. A4.
Berton, L. and Truell, P. (1991), “Price
Waterhouse’s US unit received at least $4
million in fees from BCCI”, Wall Street Jour-
nal, November 11, p. A3.
Bliss, E.C. and Aoki, I.S. (1997), Are Your Employ-
ees Stealing You Blind?, Pfeiffer and Company,
San Diego, CA.
Bloombecker, B. (1990), Spectacular Computer
Crimes, Dow-Jones-Irwin, Homewood, IL.
Blum, P. (1994), “Czechs fall prey to financial
predators”, The Financial Times, April 26, p. 2.
Bohlen, C. (1995), “Bribery as a way of life in
italy”, New York Times, December 10, p. 21.
Bologna, J.G. (1992), “Thinking like a thief ”,
Internal Auditor, August 30.
Bologna, J.G. (1994), “How to detect and prevent
embezzlement”, The White Paper, August/
September, p. 4.
Bologna, G.J. and Lindquist, R.J. (1995), Fraud
Auditing and Forensic Accounting, John Wiley
& Sons, New York, NY.
Bologna, J.G., Lindquist, R.J. and Wells, J.T. (1993),
The Accountant;s Handbook of Fraud and
Commercial Crime, John Wiley & Sons, New
York, NY, p. 232.
Boockholdt, J.L., Chang, S.Y. and Finley, D.R.,
(1992), “Using duds to detect fraud”, Internal
Auditor, August, pp. 59-68.
Borda, R.L. (1987), “Insurance fraud costs billion”,
Journal of Commerce, December 3, p. 1.
Boynton, W. and Kell, W.G. (1996), Modern Audit-
ing, John Wiley & Sons, New York, NY.
Brannigan, M. (1987), “Auditor’s downfall shows a
man caught in trap of his own making”, The
Wall Street Journal, March 4, p. 31.
Brannigan, M. and Keoning, R. (1986), “Nine are
indicted in the collapse of ESM; US charges
firm hid its huge losses”, The Wall Street
Journal, April 14, p. 6.
Bray, N. (1994), “Scandals knock Deutsche bank’s
image”, Wall Street Journal, July 5.
[ 63 ]
 Rocco R. Vanasco Brief, A.P., Duketich, J.M., Brown, P.R. and Brett,
Fraud auditing J.E. (1997), “What’s wrong with the treadway
Managerial Auditing Journal commission report?”, Journal of Business
13/1 [1998] 4–71 Ethics, February, Vol. 183, p. 198.
Briloff, A.J. (1991), “Castles of sand”, Wall Street
Journal, December 22.
Brink, V.Z. and Witt, H. (1982), Modern Internal
Auditing, John Wiley & Sons, New York, NY.
Calderon, T. and Green, B.P. (1994),“Internal fraud
leaves its mark: here’s how to spot, trace and
prevent it”, National Public Accountant,
Vol. 39, August, p. 17.
Carmichael, D.R. and Craig, J.L. Jr (1996), “Pro-
posal to say ‘F’ word in auditing standards”,
The CPA Journal, Vol. 6, June, p. 22.
Chambers, M. (1985), “Two face charges in bank
theft of $323 million”, New York Times, June
28, p. B3.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Champlain, J.J. (1995), “Is your wire transfer
system secure?”, Internal Auditor, June, p. 56.
Chandler, R., Edwards, R. and Anderson, M.
(1995), “Changing perceptions of the role of
the company auditor, 1980-1940”, Accountancy,
Vol. 116, November, p. 138.
Chapman, C. (1996), “UK/wistleblower bill fails”,
Internal Auditor, October, p. 8.
Charfauros, M.V. (1995), Twenty-third Guam Legis-
lature 1995 (First) Regular Session, Bill No.
116, Section 1.
Chazen, C., Miller, R.L. and Solomon, K.I.
(1985),“When the rules say: ‘see your lawyer’,
Journal of Accountancy.
Chernoff, J. (1996), “Acquittal puts end to Maxwell
pension saga”, Pension & Investment, Vol. 241,
February 5, p. 3.
Ciferri, L. (1993), “Fiat brass to face flak at share-
holders meeting”, Automobile News, June 28,
p. 14.
Cigna-Healthcare (1994), “Cigna, IBM tech tool
targets healthcare fraud”, National Under-
writer, Vol. 98, October 3, p. 5.
Cisz, M.M. (1997), “Are your employees stealing
you blind?”, Book review, Internal Auditor,
April, p. 22.
Clinard, M.B. (1990), Corporate Corruption. The
Abuse of Power, Praeger, New York, NY.
Cockburn, D.J. (1993), “Closing the GAP”, CA
Magazine, Vol. 126, November, pp. 3-32.
Cohen, W.S., US Senator (1995), “The FBI is here”,
in Gardner, J.R. (Ed.), The White Paper,
August/September, p. 4.
Cohenson, M.S. and Dispasquale, R. (1993),
“Crime can pay for certified fraud examin-
ers”, The Practical Accountant, Vol. 26,
February, pp. 20-2.
Cole, I. (1993), “Putting trustees at the head of the
table”, Accountancy, Vol. 112, November, p. 77.
Collier, P.A., Dixon, R. and Marston, C.L. (1991),
“Computer fraud. Research findings from the
UK”, Internal Auditor, August, pp. 49-52.
Colvin, G. et al. (1983), “Jake Butcher’s fall”,
Fortune, March 21, p. 7.
Cooper, K. and Flory, S. (1976), “Lessons from
McKesson and equity funding”, Readings and
[ 64 ]
Cases in Auditing, Dame Publications,
Houston, TX.
Cottrell, D.M. and Albrecht, W.S. (1994), “Recog-
nizing the symptoms of employee fraud”,
Healthcare Financial Management, Vol. 68,
May 8, p. 22.
Covaleski, J.M. (1994), “Stamping out insurer
fraud”, Best’s Review, Vol. 95, October,
pp. 36-64.
Cox, B. (1995), “Montana governor signs tough
insurance fraud act”, National Underwriter
Property & Casualty-Risk & Benefits Manage-
ment, Vol. 17, April 24, p. 49.
Crane, M. (1993), “Auditors, their clients, fraud
and error”, Accountancy, Vol. 112, December
p. 95.
Crane, T.S. and Slavitt, E. (1997), “Congress accel-
erates fraud and abuse juggernaut”, American
Medical News, Vol. 40, January 13, p. 22.
Crowder, N. (1997), “Fraud detection techniques”,
Internal Auditor, April, p. 17.
Dabney, D.A. (1997), quoted in “Survey shows
disturbing retail fraud trend”, IIA Today,
February, p. 8.
Dalal, S. (1994), “We are not amused: Indian MPs
fume over stock-scandal report”, Far Eastern
Economic Review, Vol. 157, August 18, p. 54.
Dalglish, K. (1994), “A strategy for the twenty-first
century”, CA Magazine, Vol. 127, May, p. 3.
Dalziel, A. (1996), “Whistleblowing”, Journal of
Chartered Accountants of New Zealand,
Vol. 75, November, p. 12.
Davia, H.R., Coggins, P.C., Wideman, J.C. and
Kastantin, J.T. (1992), Management Accoun-
tant’s Guide to Fraud Discovery and Control,
John Wiley & Sons, New York, NY.
De Groot, A. (1997), “The Netherlands fraud
examiner”, The White Paper, Vol. 2, January-
February, p. 23.
Demery, P. (1996), “Increasing auditors’ responsi-
bility in finding fraud”, The Practical Accoun-
tant, Vol. 29, March, p. 8.
Donlan, T.G. (1993), “A bigger whistle: congress
pushes accountants to be more accountable”,
Barron’s, Vol. 73, July 5, p. 10.
Donlan, T.G. (1996), “Watering stock”, Barron’s,
Vol. 76, November 25, p. 66.
Duane, W. (1988), “Building together the future”,
Internal Auditor, August.
Dugan, C.F. and Lechtman, V.L. (1996), “In Russia,
bribery ban is causing difficulties”, The
National Law Journal, Vol. 19, October, p. C1.
Duggan, C. (1995), “Script fraud”, Chemist & Drug-
gist, September 16, p. S1.
Echikson, W. (1994), “Will Paris go the way of
Rome”, Fortune, Vol. 130, August 8, p. 14.
Economist (The) (1992), “Lord Justice Bingham’s
report on BCCI affair”, Vol. 325, October 24,
p. 88.
Economist (The) (1992a), “BCCI: paper thriller.
Report by Senator J. Kerry’s Subcommittee,”
Vol. 325, October 11, p. 94.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Economist (The) (1993), “Ferruzzi: hotting up
crisis prompts large stock issue”, Vol. 328,
September 14, p. 75.
Economist (The) (1994), “Big buckets always leak
most” Vol. 333, November 19, p. 58.
Economist (The) (1995),“Hu-bris: Singapore’s stock
exchange”, Vol. 334, March 4, p. 72.
Economist (The) (1995a), “Discredited”, Vol. 336,
August 12, p. 62.
Economist (The) (1995b),“Miami or bust”, Banco
Latino, July 1.
Economist (The) (1995c),“Another Italian debt
problem”, July 1, p. 68.
Economist (The) (1996a),“Simply rotten: Italian
finance”, Vol. 338, January 27, p. 66.
Economist (The) (1996b),“Same old story”, Vol. 340,
September 28.
Edgerton, J. (1992), “Employee theft on the rise”,
Louisville Courier Journal, October 30.
Ehlers, H. (1996), “Building a case”, Internal
Auditor, October, p. 38.
Eichenwald, K. (1995), “SEC sues Nevada com-
pany”, New York Times, April 28, p. D3.
Ekong, E. (1995), “Bank on verge of a nervous
breakdown”, African Business, July/August,
p. 6.
Elliot, R.K. and Willingham, J.J. (1980), Manage-
ment Fraud: Detection and Deterrence, Petro-
celli Books, New York, NY.
Epstein, M.J. and Geiger, M.A. (1994), “Investor
views of audit assurance: recent evidence of
the expectation gap”, Journal of Accountancy,
Vol. 177, January, pp. 60-2.
Ernst & Young (1992), Fraud 1992, Ernst & Young,
New York, NY.
European (The) (1996), “New moves to tackle
fraud”, May 30, p. S2.
Evans, T.E., Taylor, M.E. and Holzmann, O. (1994),
International Accounting & Reporting, South-
Western Publishing, Cincinnati, OH.
Fabrizius, M.P. (1990), “Fire in the field”, Internal
Auditor, October, p. 77.
Fargason, J.S. (1992), Legal Compliance Auditing
and the Federal Sentencing Guidelines, The
Institute of Internal Auditors, Altamonte
Springs, FL.
FASB (1975), Analysis of Issues Related to Criteria
for Determining Materiality, FASB, Stamford,
CT, March 21.
FASB (1982), “Related party disclosures”, State-
ment of Financial Accounting Standards No.
57, FASB, Norwalk, CT.
FDIC (1986), “Chairman sees expanded role for
auditors in bank fraud”, Journal of Accoun-
tancy, Vol. 162, July, p. 48.
FDICIA (1991), Supervisory Guidance on the Imple-
mentation Section 112 of the Federal Deposit
Insurance Improvement Act, Pub. L. No. 102-
105 Stat. 2236, May 14.
Federal Register (The) (1991), “Federal sentencing
guidelines”, Vol. 56 No. 95, May 16, pp. 227-86.
Fialka, J.J. (1993), “BNL-Atlanta chief says audits
failed to uncover fraud”, Wall Street Journal,
November 10, p. B14.
Fiorelli, P.E. and Rooney, C.J. (1997), “COSO and
the federal sentencing guidelines”, Internal
Auditor, April, p. 57.
Fischer v. Kletz (1967) (known as Yale Express), 266
F. Supp. 180 (SDNY).
Flesher, D.L. (1996), Internal Auditing – Standards
and Practices, The Institute of Internal Audi-
tors, Altamonte Springs, FL.
Flesher, D.L. and Buttross, T.E. (1992), “Whistle-
blowing hotlines”, Internal Auditor, August,
pp. 54-8.
Fortune (1978), Editorial, July 17, p. 95.
Frank, I. (1982), “Auditors: not detectives”, Dallas
Times Herald, August 29, p. 1.
Fraud Examiner Manual (1997), excerpts from
“Preventing internal fraud”, The White Paper,
Vol. 2, January/February, p. 31.
Freedman, J.M. (1993), “IMA research on target”,
Management Accounting, Vol. 74, May, p. 70.
Freeman, A. and Forcese, C. (1994),“Get tough on
corporate crime”, The Toronto Star, Novem-
ber 17.
Friedland, J. (1996), “Argentine judge probes IBM
contracts with tax agency”, Wall Street Jour-
nal, June 20, p. A12.
Friedman, A.S. (1994), “Software helps expose
claims fraud”, National Underwater, Vol. 98,
February 21, p. 7.
Friedman, S. (1995), “Strong internal controls are
vital”, Journal of Accountancy, Vol. 180,
October, p. 90.
Friedman, S. (1995), “Pay attention to warning
signals”, Journal of Accountancy, Vol. 180,
October, p. 88.
Gardner, J. (1995), “The FBI is here!” The White
Paper, August/September, p. 4.
Gardner, J. (1996), “The Valentine’s Day Mas-
sacre”, The White Paper, May/June, p. 49.
Gartland, P. (1995), “Germany as haven for scam
and vultures”, The European, Vol. 267, June
23, p. 4.
Gauntt, J.E. and Glezen, G.W. (1997), “Analytical
auditing procedures”, Internal Auditor,
February, p. 56.
Gauthier, T.J. (1991), “It’s elementary, my dear
internal auditor”, Internal Auditor, February,
pp. 60-3.
Gauthier, Y. (1995), “Forever fraud: interview with
N. Inkster”, Internal Auditor, Vol. 52, October,
p. 26.
Geis, G. (1994), “Fraud in the former Soviet
Union”, The White Paper, October/November,
p. 3.
Gill, J.D. (1996), “Reporting fraud under wistle-
blower statutes”, The White Paper, May/June,
p. 9.
Gill, J.D. (1996), “The private securities litigation
reform of 1995: securities fraud cases just got
tougher”, The White Paper, March/April, p. 9.
Goldstein, L.M. (1992), “Favorite frauds”, Internal
Auditor, August, pp. 35-40.
Graham, A. (1996), “Fraud and soap operas”,
Internal Auditor, October, p. 5.
[ 65 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 66 ]
Gumbel, P. (1995), “Germany catches the Euro-
pean disease”, Wall Street Journal, July 13,
p. A6.
Gup, B.E. (1994), “Protecting financial institutions
against fraud”, The Bankers Magazine,
Vol. 177, May/June, p. 38042.
Guy, D.M. and Mancino, J. (1992),“What an auditor
does when finding fraud or illegal acts”, Jour-
nal of Accountancy, January, p. 103.
Hannon, K. (1996), “Tip or tout? The perils of
buying on the buzz”, US News & World Report,
Vol. 121, December, p. 114.
Hansen, J.V., McDonald, J.B. and Messier, W.F.
(1996), “A generalized-response model and the
analysis of management fraud”, Management
Science, Vol. 42, July, p. 1022.
Hrisak, D. (1996), “Auditors must sniff out fraud”,
The Journal of Chartered Accountants of New
Zealand, Vol. 75, July, p. 30.
Harris, R.J. and Ricks, T.E. (1994), “Lockheed
faces possible suspension on Air Force con-
tracts after indictment”, Wall Street Journal,
June 14, p. A12.
Horsburgh, P. (1995), Info-sec Super Journal, World
Wide Web.
Huebner, J. (1996), quoted in Leidig, M. “Slovakia
stings EBRD”, The European, November 14.
IIA Atlantic City Chapter (1991), “Inventory dis-
crepancies”, Internal Auditor, Vol. 48, Decem-
ber, p. 69.
IIA Baltimore Chapter (1992), “$3,000,000 embez-
zlement”, Internal Auditor, June, p. 74.
IIA Baltimore Chapter (1994), “Is it real”, Internal
Auditor, June, p. 77.
IIA Calgary Chapter (1991), “Just to make sure”,
Internal Auditor, February, p. 70.
IIA Calgary Chapter (1991), “Count and count
again”, Internal Auditor, February, p. 64.
IIA Dallas Chapter (1993), “Flood insurance
claims all wet”, Internal Auditor, October,
p. 74.
IIA Dallas Chapter (1993), “$130,000 missing”,
Internal Auditor, October, p. 74.
IIA Florida West Coast Chapter (1990), “Red
flags”, Internal Auditor, October, p. 79.
IIA Florida West Coast Chapter (1990), “Pennies
add up”, Internal Auditor, October, p. 79.
IIA Forth Worth Chapter (1996), “Loan officer
stretches limits”, The Internal Auditor,
August, p. 67.
IIA Houston Chapter (1991), “Drug pilferage”,
Internal Auditor, Vol. 48, August, p. 71.
IIA Houston Chapter (1993), “Control weaknesses
= $60,000”, Internal Auditor, October, p. 74.
IIA Houston Chapter (1993), “Recommendations
are not suggestions”, Internal Auditor,
October, p. 76.
IIA Houston Chapter (1997), “Cash disbursement
controls”, Internal Auditor, March, p. 80.
IIA Mount Diablo Chapter (1993), “Deceitful
refunds”, Internal Auditor, October, p. 73.
IIA North Jersey Chapter (1995), “Evaporating
cash”, Internal Auditor, February, p. 57.
IIA North Jersey Chapter (1995), “Good for their
health”, Internal Auditor, June, p. 65.
IIA Northwest Metro Chicago Chapter (1993),
“Commingling of funds”, Internal Auditor,
December, p. 75.
IIA Round Table (1991), “It’s all relative”, Internal
Auditor, Vol. 48, October, p. 73.
IIA San Francisco Chapter (1993), “Good public
relations”, Internal Auditor, October, p. 76.
IIA Tucson Chapter (1994), “Uncertain pensions”,
Internal Auditor, June, p. 76.
IIA Wichita Chapter (1991), “Audit of microcom-
puters”, Internal Auditor, February, p. 70.
IIA Wichita Chapter (1991), “Cash shortage expe-
rience”, Internal Auditor, Vol. 48, October,
p. 73.
Institute of Chartered Accountants in England
and Wales (1992), “Expectation gap can be
bridged”, Accountancy, Vol. 110, November,
p. 11.
Institute of Financial Crime Prevention (1986),
Red Flags: What Every Manager Should Know
about Internal Crime, Institute of Financial
Crime Prevention, Austin, TX.
Institute of Internal Auditors, SIAS 2 – Communi-
cating Results.
Institute of Internal Auditors (1985), SIAS 3 –
Deterrence, Detection, Investigation, and
Reporting of Fraud, The Institute of Internal
Auditors, Altamonte Springs, FL, May.
Institute of Internal Auditors (1985), IIA Report on
Fraud, IIA Research Foundation, Altamonte
Springs, FL.
Institute of Internal Auditors (1986),The Role of
Internal Auditors in the Deterrence, Detection
and Reporting of Fraudulent Financial Report-
ing, The Institute of Internal Auditors, Alta-
monte Springs, FL.
Institute of Internal Auditors (1988), “The IIA
position on whistle-blowing”, Internal Audi-
tor, October, p. 16.
Institute of Internal Auditors (1988), Standards for
the Professional Practice of Internal Auditing,
2nd ed., The Institute of Internal Auditors,
Altamonte Spring, FL.
Institute of Internal Auditors (1992), A New Look
at Ethics and Fraud, The Institute of Internal
Auditors, Altamonte Springs, FL.
Institute of Internal Auditors (1992), “Professional
standards bulletins (PSB)”, in Gleim, I., CIA
Examination Review, Gleim Publications,
Gainesville, FL.
Institute of Internal Auditors (1992), SIAS 1 –
Control: Concepts and Responsibilities, The
Institute of Internal Auditors, Maitland, FL.
Internal Auditor (1991a), “Audit legislation weaves
its way through US Congress”, December,
p. 10.
Internal Auditor (1991b), “Fax security a grown
concern”, Vol. 48, December, p. 9.
Internal Auditor (1992a), “Debate over govern-
mental whistle-blower payment”, April, p. 10.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Internal Auditor (1992b), “Strengthening whistle-
blower protection in the workplace”, June,
p. 10.
Internal Auditor (1993), “Fraud-prone personality
type” August, p. 9.
Internal Auditor (1995a), “Employees say it’s hard
to be ethical in some organizations”, Febru-
ary, p. 9.
Internal Auditor (1995b), “To know the future”
June, p. 10.
Internal Auditor (1995c), “Sales fraud”, Vol. 52,
April, pp. 63-6.
Internal Auditor (1995d), “What did we learn in
1994”, Vol. 52, February, pp. 53-4.
Internal Auditor (1996a), “British Rail fraud
inquiry launched” p. 10.
Internal Auditor (1996b), “Businesses ignore
computer security”, p. 11.
Internal Auditor (1996c), “Hackers attack depart-
ment of defense”, October, p. 10.
Internal Auditor (1996d), “UK implements benefit
fraud hotlines”, October, p. 11.
Internal Auditor (1997), “Corrupt nations
ranked”, April, p. 9.
Iraola & Klubes (1997), Fraud on the Government:
How Citizens Can Fight Health Care and
Procurement Fraud Using the Qui Tam
Statute, Iraola & Klubes, Washington, DC.
IRC (1997), “Tougher stand on insurance fraud
endorsed by more Americans, says insurance
research council survey”, PR Newswire,
January 15, p. 115.
Jacobson, A. (1990), How to Detect Fraud through
Auditing, IIA Research Foundation, Alta-
monte Springs, FL.
Jacka, M.J. (1995), “Auditing’s vision”, Internal
Auditor, Vol. 52, June, pp. 46-9.
Jayasankaran, S. (1995), “Back to square one: the
tangled tale of Malaysia’s Ayer Molek”, Far
Economic Review, 158, September 21, p. 82.
Jeffords, R. Jr, Marchant, M.L. and Bridendall,
P.H. (1992), “How useful are the treadway risk
factors?”, Internal Auditor, June, p. 60.
Jennings, W.L. (1997), “Federal sentencing guide-
lines: what auditors need to know”, Transmis-
sion, Vol. XV, Winter, p. 1.
Johnston, J.L. (1995), “Following the trail of finan-
cial statement fraud”, Business Credit, Vol. 97,
October, pp. 47-8.
Journal of Accountancy (1993), “Internal control
audit proposal draws fire and praise” Vol. 176,
October, p. 20.
Kapnick, H. (1980), “Responsibility and detection
in management fraud”, Readings and cases in
Auditing, Dame Publications, Houston, TX.
Kelley, C.M. (1976), “Accountants and auditors vs
white collar crime”, The Internal Auditor,
June, p. 35.
Kimelman, J. (1994), “The lonely boy scout”,
Financial World, Vol. 163, August 16, p. 50.
Klotz, J.M. (1994), “Bribery of foreign officials – a
call for change in the law of Canada”, Cana-
dian Bar Review, Vol. 73, December, p. 467.
Knight and Ridder (1997), “Coastal Mississippi
banks will use fingerprints to fight check
fraud”, Tribune Business News, January 19.
Knutson, P.H. (1994), “In the public interest – is it
enough?”, The CPA Journal, Vol. 64, January,
p. 32.
Knox, J. (1994), “Why auditors don’t find fraud”,
Accountancy, Vol. 113, February, p. 128.
Koening, R. (1986), “Arthur Andersen is sued in
audits of home state”, Wall Street Journal,
January 13, p. 4.
Konrath, L.F. (1996), Auditing Concepts and Appli-
cations, West Publishing, New York, NY.
Kovacs, A. (1996), “Unstable markets”, Internal
Auditor, Vol. 52, February, p. 30.
KPMG Peat Marwick (1993), Fraud Survey Results
1993, KPMG Peat Marwick, New York, NY, p. 2.
Kramer, W.M. (1996), “What’s tougher than catch-
ing the bad guys? Dealing with management”,
The White Paper, May/June, p. 6.
Kramer, W.M. (1996), “How to develop ‘proactive’
fraud detection computer programs”, The
White Paper, September/October, p. 6.
Lacativo, B.F. (1995), “A risk-based approach to
auditing fraud”, Internal Auditing, Vol. 11,
Summer, p. 41.
Laing, J.R. (1996), “Novatek Redux: catastrophes
thick and fast”, Barron’s, Vol. 26, November 4,
p. 12.
Lavelle, M. (1997), “Nations try to match US on Biz
bribe law; but lawyers still argue over the
meaning of the FCPA”, The National Law
Journal, Vol. 19, January 20, p. B1.
Lee, T. (1992), “The audit liability crisis: they
protest too much”, Accountancy, Vol. 110,
December, p. 102.
Leiding, M. (1996), “Slovakia stings EBRD”, The
European, Vol. 340, November 14, p. 21.
Leinicke, L.M., Ostrowsky, J.A. and Rexroad, W.M.
(1994), “Fraud hotlines”, Internal Auditor,
February.
Leinicke, L.M., Rexroad, W.M. and Ward, J.D.
(1990), “Computer fraud: it works”, Internal
Auditor, August, p. 26.
Levi, P.C. (1997), “One step ahead of fraud: new
software aids in data extraction”, The White
Paper, Vol. 2, January/February, p. 6.
Levington, C.A. (1991), “40 years of embezzlement
tracking: internal auditor, April, p. 51.
Life Insurance Industry (1997), “Plaintiff ’s law
firm announces class action settlement with
connecticut General Life Insurance Com-
pany”, PR Newswire, January 22, p. 122.
Lindquist, R. (1995), “Financial crime investiga-
tor”, Management Accounting, Vol. 76, March,
pp. 63-64.
Loebbecke, J.K. (1987), “Assessing the risk of
material irregularities”, Auditing: A Journal
of Practice & Theory, Fall, pp. 1-28.
Loebbecke, J.K., Eining, M. and Willingham, J.J.
(1989), “Auditors’ experience with material
irregularities: frequency, nature, and
detectability”, Auditing: A Journal of Practice
& Theory, Fall, p. 12.
[ 67 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 68 ]
Lovell, A. (1993), “Corporate fraud and its chal-
lenge to the profession”, Accountancy,
Vol. 112, September, pp. 72-3.
Lowe, D.J. and Pany, K. (1993), “Expectations of
the audit function”, CPA Journal, Vol. 63,
August, p. 58.
Luizzo, A.J. and Van Nostrand G. (1994), “Delving
deeper to decipher fraud”, Security Manage-
ment, Vol. 38, September, p. 113.
MacDonald, E. (1996), “Auditors are ending up
between a rock and a hard place over securi-
ties law”, Wall Street Journal, December 24.
McCoy, C.F. (1987), “Financial fraud: theories
behind nationwide surge in bank swindles”,
Wall Street Journal, October 2, p. 15.
McDonald, H. (1995), “Barefoot in Bombay”, Far
Eastern Economic Review, Vol. 158, April 20,
p. 85.
McLeod, D. (1993), “Omaha Indemnity Co’s rein-
surance fraud charges against Royal Ameri-
can Managers”, Business Insurance, Vol. 27,
July 12, p. 16.
McLeod, D. (1997), “New campaign against fraud”,
AARP Bulletin, April, p. 1
McNamee, D. (1996), “Too good to be true”,
Internal Auditor, August, pp. 62-3.
Marsh, D. et al. (1994), “Something is rotten”, The
Financial Times, July 9, p. 8.
Marsh, H.L. and Powel, T. (1989), “The audit com-
mittee charter: Rx for fraud prevention”,
Journal of Accountancy, Vol. 167, February,
pp. 55-7.
Matsumura, E.M. and Tucker, R.R. (1992), “Fraud
detection: a theoretical foundation”, The
Accounting Review, Vol. 67, October, pp. 753-82.
Mautz, R.K. and Sharaf, H.A. (1961), The Philoso-
phy of Auditing, American Accounting Asso-
ciation.
Mautz, R.K., Tiessen, P. and Calson, R.H. (1984),
Internal Auditing: Directions and Opportuni-
ties, The Institute of Internal Auditors, Alta-
monte Springs, FL, p. 89.
Meall, L. (1995), “How high is the money moun-
tain?”, Accountancy, Vol. 115, January, pp. 38-9.
Menkus, B. (1990), “Eight factors contributing to
computer fraud”, Internal Auditor, October,
pp. 71-3.
Miami Daily Business Review (1996), “New York
Life Insurance Co. settling $187 million fraud
suit but denies allegations”, April 2.
Middlemann, C. and Munchau, W. (1995), “Power-
house economy lacks sophisticated savers”,
The Financial Times, September 8, p. 7.
Miller, S.H. (1993), “AICPA announces major ini-
tiative to strengthen financial reporting and
further tort reform prospects”, Journal of
Accountancy, Vol. 176, August, pp. 15-16.
Morley, R.A. (1994), “Fraud in the north woods”,
Internal Auditor, June, p. 75.
Mulder, P. (1995), cited in Peter Gartland, P.,
“Germany a haven from scam and vultures”,
The European, Vol. 267, June 23, p. 21.
National Underwriter (1992), “Mo. Blues’ pro-
grams battles fraud”, Vol. 96, November, p. 49.
Nature (1993), “Clean drugs for Italy?”, Vol. 3,
August 19.
New York Times (1994a), “SEC accord on
comptronix”, March 30, p. D7.
New York Times (1994b), “SEC suit on towers”,
September 22, p. D3.
New York Times (1996), “Prosecution at Thyssen
Roils German executives”, August 16.
Nichols, A. (1996), “Finding fraud in the Internet”,
Internal Auditor, October, p. 24.
Nnanna, O. (1995), “Nigeria: fraud on the line”,
African Business, December, p. 31.
Norris, F. (1995), “Fraud can occur at a company,
even with auditors checking”, New York
Times, September 12, p. D6.
O’Connell, V. and Schultz, E.E. (1996), “Greater
pension security in Clinton goal”, Wall Street
Journal, April 12, p. C25.
O’Malley, S.F. (1993a), “Legal liability is having a
chilling effect on the auditor’s role”, Account-
ing Horizons, Vol. 7, June, pp. 82-87.
O’Malley, S.F. (1993b), “Toward a better under-
standing of the expectation gap”, CPA Review,
Vol. 63, February, pp. 6-7.
Palmer, J. (1996), “First-time loser; executive
convicted of fraud in Reg S Case”, Barron’s,
May 13.
Palmer, R.D. (1993), “You’re not old as you look”,
Internal Auditor, August, p. 64.
Palmrose, Z.-V. (1997), “Who got sued?”, Journal of
Accountancy, March, p. 67.
Pasztor, A. (1995), “Lockheed pleads guilty to
conspiring to violate anti-bribery regula-
tions”, Wall Street Journal, January 30,
p. B5C.
Pope, K. (1995), “European Union’s did to its poor
nations is wasting billions”, Wall Street Jour-
nal, April 3, p. A1.
Porter, D.I. (1971), “The insurance manager’s
responsibility in preventing employee fraud”,
The Weekly Underwriter, January 23, p. 23.
PR Newswire (1997), “Weiss v. Metropolitan Life
Insurance fraud case”, January 17, p. 117.
Professional Standards Bulletins (PSB) 84-3 (1993),
“Independence – responsibility for detecting
all irregularities”, CIA Review by I. Gleim,
University Station, Gainesville, FL.
Professional Standards Bulletins (PSB) 85-5,
“Professional proficiency – suspected wrong-
doing”.
Professional Standards Bulletins (PSB) 89-2,
“Internal auditing procedures – analytical
procedures”.
Prosser, W.L. (1971), Handbook of the Law of Torts,
West Publishing, St Paul, MN.
Protzman, F. (1994), “German bankers defend
lending practices”, New York Times, June 23,
p. DL.
Protzman, F. (1994), “Health-fraud accusations in
Germany”, New York Times, May 31, p. 1.
Quinney, R. (1964), “The study of white-collar
crime. Toward a reorientation in theory and
practice”, in Geir, G. and Meyer, R.F. (Eds),
White-Collar Crime, Free Press, New York, NY.
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Rankin, K. (1990), “E&Y Deloitte face $13 billion in
S&L damages”, Accounting Today, August 27,
p. 1.
Rapalus, P. (1996), “Businesses ignore computer
security”, Internal Auditor, p. 11.
Reis, R. (1996), “10 steps toward avoiding another
era of scandals”, Fund Raising Management,
Vol. 27, April, p. 46.
Ricchiute, D.N. (1996), Auditing, South-Western
Publishing, Cincinnati, OH.
Robertson, J.C. (1996), Auditing, Irwin, Chicago,
IL.
Roy, N.P. (1993), “Can honesty be legislated?”,
Financial Executive, Vol. 9, January-February,
p. 1.
Rossow, M.M. (1996), “When your auditor blows
the whistle: how to deal with a IOA crisis”,
Journal of Corporate Accounting & Finance,
Vol. 7, Spring, p. 99.
Sack, R.J. (1987), “The SEC and the profession: an
exercise in balance”, Research in Accounting
Regulation, Vol. 1, pp. 167-73.
San Diego Union-Tribune (1996), “Lab fined $187
million for medical billing fraud” November
24.
SEC (1940), in the Matter of McKesson & Robbins,
Accounting Series Release No. 19.
SEC (1976), 12(b) of Form 8-K, Accounting Series
Release No. 165.
Sawyer, L. (1988), Internal Auditing, The Institute
of Internal Auditors, Altamonte Springs, FL.
Schadewitz, H.J. and Blevins, D.R. (1996), “COSO
and CFEs. How the treadway commission
affects certified fraud examiners”, The White
Paper, May/June, p. 35.
Schilder, A. (1996), “Research opportunities in
auditing in the European Union”, Accounting
Horizons, Vol. 10, December, p. 88.
Schmedel, S.R. and Berton, L. (1992), “Arthur
Andersen copes with effects of tax scandal:
tensions rise at accounting firms from actions
by consulting unit”, Wall Street Journal,
August 6.
Schmitt, R.B. and Berton, L. (1994), “Deloitte to
pay $312 million to settle US claims related to
S&L failure”, Wall Street Journal, March 15,
p. A6.
Schroeder, M. (1993), “Babysitting the world’s
emerging bourses”, Business Week, November
1, p. 112.
Schulz, J.D. (1994), “Teamsters file racketeering
lawsuit against midwest motor express”,
Traffic World, Vol. 237, February 7.
Schulz, J.D. (1995), “Midwest Motor Express wins
in RICO case”, Traffic World, Vol. 243, July 31,
p. 34.
Schvimmer, A. (1993), “Maxwells charged with
asset skimming”, Pension and Investments,
Vol. 21, July 26, p. 4.
Seamons, Q.F. (1993), “SEC loses in trial against
auditor Price Waterhouse”, National Public
Accountant, Vol. 38, March, pp. 16-17.
Seidman, J.S. (1939), “A case study of employee
frauds”, Proceedings of the Fifty-seventh
Annual Meeting of the American Institute of
Accountants.
Shannon, H. (1995), “Criminal statistics”, Ameri-
can Banker, Vol. 160, June 1, p. 8.
Shapiro, S. (1994), “Crime and fraud in a new
league”, Business Insurance, Vol. 28, Decem-
ber 26, p. 39.
Simon, S. (1997), “Ex-chemical trader sentenced to
3 years”, American Banker, April 7, p. 3.
Sims, C. (1991), “US joins whistle-blower suing
Rockwell”, New York Times, April 29, p. 3.
Singleton Green, B. (1994), “What are auditors
meant to be doing?”, Accountancy, Vol. 113,
February, p. 92.
Singleton Green, B. (1995), “If it’s not plausible,
don’t accept it”, Accountancy, Vol. 116,
August, p. 24.
Sittenfeld, I. (1996), “Federal sentencing guide-
lines”, Internal Auditor, April, pp. 56-62.
Smith, E.R. (1995), “A positive approach to dealing
with embezzlement”, The White Paper,
August/September, pp. 17-18.
Smith, G.N. (1995), “Spare the rod”, Financial
World, Vol. 164, December 5, p. 10.
Smith, M.L. and Crumbley, L. (1991), Trap Doors
and Trojan Horses, Thomas Herdin & Daugh-
ter, Sun Lakes, AZ.
Software Toolworks. (1992), “Auditors granted
summary judgment in securities case”, Jour-
nal of Accountancy, Vol. 174, September, p. 21.
Sommer, A.A. (1975), “Accountants: a flexible
standard”, Litigation, Winter, pp. 35-9.
Sommer, A.A. (1993), “POB annual report stresses
liability crises”, Journal of Accountancy,
Vol. 175, February, pp. 21-2.
Souter, G. (1992), “BCCI to seek billions from
auditors”, Business Insurance, Vol. 26, Novem-
ber 2, pp. 23-4.
Stenger, M. (1997), quoted in Patrick Crow’s “Back
to Nigeria”, The Oil and Gas Journal, June 1,
p. 21.
Stewart, C. (1959), “The nature and prevention of
fraud”, The Journal of Accountancy, p. 41.
Stodghill, R. (1995), “A mea culpa – and a come-
back?”, Business Week, July 3, p. 3.
Surety Association of America (1954), Safeguards
Against Employee Dishonesty in Business,
Surety Association of America, New York, NY.
Sutherland, E.H. (1940), “White-collar Criminal-
ity”, American Sociological Review, Vol. 5,
February, pp. 1-17.
Sutton, M.H. (1997a), cited in “SEC leaders discuss
the value of independence”, Journal of
Accountancy, Vol. 183, February.
Sutton, M.H. (1997b), “Auditor independence: the
challenge of fact and appearance”, Accounting
Horizons, Vol. 11, March, p. 86.
Tagliabue, J. (1995), “Italian prosecutors seek
fraud trial”, New York Times, December 8,
p. D6.
Tagliabue, J. (1995), “Gemina inquiry might hurt
planned Fiat-Ferruzzi deal”, New York Times,
October 9, p. D2.
[ 69 ]
 Rocco R. Vanasco
Fraud auditing
Managerial Auditing Journal
13/1 [1998] 4–71
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
[ 70 ]
Tate, C.F. (1996), “The truth about audits”, Associ-
ation Management, Vol. 48, September, p. 32.
Taylor, J. (1996), “Montedison of Italy is accused
by SEC of hiding millions of dollars in
bribes”, The Wall Street Journal, November
22, p. A4.
Thomas, P. (1989), “Auditors say Lincoln S&L
sham deals were approved by Arthur Young &
Co”, Wall Street Journal, November 15, p. A2.
Thomas, P. (1990), “The US acts to learn of Keating
millions for restitution months after S&L
failed”, Wall Street Journal, August 10, p. A12.
Thomas, P. (1990a), “RTC discloses insolvent
savings and loans’ losses in period”, Wall
Street Journal, August 10, p. A12.
Thomas, W.C. (1979), “Materiality guidance”, The
Journal of Accountancy, February.
Thompson, C.M. (1991), “Fraud: the challenge
facing internal auditors”, The Internal Audi-
tor, June, p. 69.
Thompson, C.M. (1992), “Fighting fraud”, Internal
Auditor, August, pp. 18-23.
Thompson, C.M. (1992), “Auditee interference and
deception”, Internal Auditor, June, p. 73.
Thompson, C.M. (1992), “Fraud”, Internal Auditor,
August, p. 19.
Thompson, C.M. (1993a), “Financial reporting
fraud”, Internal Auditor, December, p. 66.
Thompson, C.M. (1993b), “Fraud findings”, Inter-
nal Auditor, February, p. 61.
Thompson, C.M. (1993c), “Fraud in the executive
suite”, Internal Auditor, Vol. 50, October, p. 68.
Thompson, C.M. (1993d), “Bad news bearers”,
Internal Auditor, June, p. 64.
Thompson, C.M. (1995), “What did we learn in
1994?”, Internal Auditor, February, p. 53.
Thornhill, W.T. (1985), “A riskier tomorrow”, The
Internal Auditor, April, pp. 28-31.
Thornhill, W.T. (1995), Forensic Accounting. How to
Investigate Financial Fraud, Irwin, Burr
Ridge, IL, 1995.
Thornhill, W.T. (1996), “Fraud: input tampering”,
Internal Auditing, Vol. 12, Summer, p. 48.
Thueson, B.C. (1997), “The land of opportunity”,
The White Paper, Vol. 2, January-February,
p. 35.
Treadway Commission (1987), Report of the
National Commission on Fraudulent Report-
ing.
Tucker, J.J. (1988), An Early Contribution of Ken-
neth W. Stringer. Development and Dissemina-
tion of the Audit Risk Model, Rutgers Univer-
sity, New Brunswick, NJ; National Commis-
sion on Fraudulent Reporting, 1987, Washing-
ton, DC.
US Department of Justice (1977), The Investigation
of White Collar Crime, Government Printing
Office, April, Washington, DC.
Van Nostrand, G. and Luizzo, A.J. (1996), “The
hidden cost of downsizing”, The White Paper,
Vol. 10, September/October, p. 23.
Vanasco, R.R. (1992), “FCPA: the American antib-
ribery legislation”, Managerial Auditing
Journal, Vol. 7, pp. 24-30.
Vinten, G. (1994), Whistleblowing – Subversion or
Corporate Citizenship, Paul Chapman Pub-
lishing, London.
von Schweitzer, H. (1990), “Professional myopia”,
Internal Auditor, June, p. 42.
Wall Street Journal (1974), “Equity funding chief
ordered false figures, ex-officer testifies”,
November, p. 4.
Wall Street Journal (1976), “IRS finds bribes
abroad may have led to tax fraud in account-
ing for funds” March 9, p. 3.
Wall Street Journal (1984), “InterFirst’s chief
resigns, profit fell in 4th period”, January 19,
p. 4.
Wall Street Journal (1992), “Inventory chicanery
tempts more firms, fools more auditors”,
December.
Wall Street Journal (1994a), “Italy’s Montedison
sues Price Waterhouse, seeking $610 million”,
April 19.
Wall Street Journal (1994b), “Former vice presi-
dent at Towers Financial pleads guilty to
fraud”, September 30, p. B4.
Wall Street Journal (1994c), “SEC lodges charges
against ex-official of a Florida insurer”,
October 14, p. B4.
Wall Street Journal (1996a), “Daiwa bank pleads
guilty to concealing $1.1 billion in losses”
February 19.
Wall Street Journal (1996b), “Stock market sur-
prises leads to new Italian market regula-
tions”, October 29.
Wall Street Journal (1996c), “Brazilian bank
accounting fraud lasted 10 years”, Wall Street
Journal, March 6.
Wallace, W.A. (1995), Auditing, South-Western
College Publishing, Cincinnati, OH.
Walker, R. (1993), “In search of relevance”, CA
Magazine, Vol. 126, February, p. 26.
Warner, A. (1994), “Scam-busters”, The Banker,
Vol. 144, May, pp. 68-70.
Welch, S.T., Holmes, S.A. and Strawser, R. (1996),
“The inhibiting effect of internal auditors in
fraud”, Internal Auditing, Vol. 12, Fall, p. 23.
Wells, J.T. (1992), “Fraud assessment question-
ing”, Internal Auditor, August, pp. 24-9.
Wells, J.T. (1992), Fraud Examination: Investiga-
tive and Audit Procedures, Greenwood Pub-
lishing Group, Westport, CT.
Wells, J.T. (1993), “Financial Frankensteins”,
Internal Auditor, Vol. 50, April, pp. 52-7.
Wells, J.T. (1994), “Message from the chairman”,
The White Paper, October/November.
Wells, J.T. (1994), “The billion dollar paper clip”,
Internal Auditor, October, pp. 32-8.
Wells, J.T. (1995), “It’s more than just accounting”,
Internal Auditor, June, p. 13.
Wells, J.T. (1997), “A medium rare scheme”, The
White Paper, January/February, p. 19.
Wells, J.T. (1997), “Message from the chairman”,
The White Paper, January/February, p. 4.
Wellsj, K. (1992), “Auditor in UK defends role in
BCCI report”, The Wall Street Journal, August
14, p. A4.
 Rocco R. Vanasco Welton, R.E. (1988), “Pandora’s box: a comparison
Fraud auditing of Federal and State RICO statutes as they
Managerial Auditing Journal affect accountants”, in A Profession in Transi-
13/1 [1998] 4–71 tion: The Ethical and Legal Responsibilities of
Accountants, (DePaul University 1988-1989
Research Symposium), pp. 65-79.
White, R.M. (1977), The Entrepreneur’s Manual.
Business Start-ups, Spin-offs, and Innovation
Management, Chilton Book Company, Radnor,
PA.
White Paper (The) (1994a), “Fraud update”,
August/September.
White Paper (The) (1994b), “Fraud update”,
October/November, p. 17.
White Paper (The) (1997), “European office opens”,
Vol. 2, January/February, p. 27.
Whittington, R.O. and Pany, K. (1995), Principles of
Auditing, Irwin, Chicago, IL.
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)
Wild, D. (1994), “Keep check on probity during
reorganization”, Public Finance, December 9,
p. 3.
Williams, J. (1993), “Concealing out corruption”,
Internal Auditor, Vol. 50, June, pp. 33-7.
Wojcik, J. (1993), “Managed care techniques also
work on company costs”, Business Insurance,
Vol. 27, May 3, p. 3.
Yang, C. (1997), “Whistle-blowers on trial”, Busi-
ness Week, March 24, p. 172.
Zelenko, L. and Urban, R. (1994), “Small investors
face pyramid collapse”, The European,
Vol. 241, December 22, p. 16.
Zeune, G.D. (1994), “How to fool auditors”, Busi-
ness Credit, Vol. 96, October, pp. 27-32.
Ziegenfuss, D.E. (1996), “State and local govern-
ment fraud survey for 1995”, Managerial
Auditing Journal, Vol. 9, November, p. 49.
[ 71 ]
 This article has been cited by:

1. Dessalegn Getie Mihret. 2014. National culture and fraud risk: exploratory evidence. Journal of Financial Reporting and
Accounting 12:2, 161-176. [Abstract] [Full Text] [PDF]
2. Kamil Omoteso and, Musa ObalolaThe Role of Auditing in the Management of Corporate Fraud 129-151. [Abstract] [Full
Text] [PDF] [PDF]
3. Joyce K. H. Nga, Evelyn W. S. Lum. 2013. An Investigation into Unethical Behavior Intentions Among Undergraduate
Students: A Malaysian Study. Journal of Academic Ethics 11, 45-71. [CrossRef]
4. George Emmanuel Iatridis. 2011. Accounting disclosures, accounting quality and conditional and unconditional conservatism.
International Review of Financial Analysis 20, 88-102. [CrossRef]
5. Katharina Chudzikowski, Gerhard Fink, Wolfgang Mayrhofer, Maaja Vadi, Krista Jaakson. 2011. The dual value of honesty
among Russians in selected former Soviet countries. Cross Cultural Management: An International Journal 18:1, 55-70.
[Abstract] [Full Text] [PDF]
6. Sunita Goel, Jagdish Gangolly, Sue R. Faerman, Ozlem Uzuner. 2010. Can Linguistic Predictors Detect Fraudulent Financial
Filings?. Journal of Emerging Technologies in Accounting 7, 25-46. [CrossRef]
7. Grant Samkin, K.A. Van Peursem, A. Balme. 2010. Threats to the New Zealand Serious Fraud Office: an institutional
perspective. Qualitative Research in Accounting & Management 7:3, 304-328. [Abstract] [Full Text] [PDF]
8. Grant Samkin, K.A. Van Peursem, A. Balme. 2010. Threats to the New Zealand Serious Fraud Office: an institutional
perspective. Qualitative Research in Accounting & Management 7:3, 304-328. [Abstract] [Full Text] [PDF]
Downloaded by MAHIDOL UNIVERSITY At 06:10 03 March 2015 (PT)

9. Philmore Alleyne, Nadini Persaud, Peter Alleyne, Dion Greenidge, Peter Sealy. 2010. Perceived effectiveness of fraud detection
audit procedures in a stock and warehousing cycle. Managerial Auditing Journal 25:6, 553-568. [Abstract] [Full Text] [PDF]
10. Michael Doumpos, Chrysovalantis Gaganis, Fotios Pasiouras. 2005. Explaining qualifications in audit reports using a support
vector machine methodology. Intelligent Systems in Accounting, Finance and Management 13:10.1002/isaf.v13:4, 197-215.
[CrossRef]
11. Gerald Vinten, Philmore Alleyne, Michael Howard. 2005. An exploratory study of auditors’ responsibility for fraud detection
in Barbados. Managerial Auditing Journal 20:3, 284-303. [Abstract] [Full Text] [PDF]
12. A. Seetharaman, M. Senthilvelmurugan, Rajan Periyanayagam. 2004. Anatomy of computer accounting frauds. Managerial
Auditing Journal 19:8, 1055-1072. [Abstract] [Full Text] [PDF]
13. Ch. Spathis, M. Doumpos, C. Zopounidis. 2002. Detecting falsified financial statements: a comparative study using
multicriteria analysis and multivariate statistical techniques. European Accounting Review 11, 509-535. [CrossRef]
14. Charalambos T. Spathis. 2002. Detecting false financial statements using published data: some evidence from Greece.
Managerial Auditing Journal 17:4, 179-191. [Abstract] [Full Text] [PDF]
15. M.H Abdolmohammadi, V.D Owhoso. 2000. Auditors’ ethical sensitivity and the assessment of the likelihood of fraud.
Managerial Finance 26:11, 21-32. [Abstract] [PDF]
16. Sunita GoelFraud Detection and Corporate Filings 315-332. [CrossRef]