2 June 2010
EY summary of the COSO study:
“Fraudulent Financial Reporting:
1998-2007 — An Analysis of U.S.
Public Companies”
Introduction1
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) sponsored
a study, Fraudulent Financial Reporting: 1998-2007 (“2010 study”) to update the findings
discussed in their 1999 study, Fraudulent Financial Reporting: 1987-1997 (“1999 study”).
The 2010 study provides an analysis of alleged fraudulent financial reporting by registrants of
the US Securities and Exchange Commission (“SEC”) disclosed by the SEC in an Accounting
and Auditing Enforcement Release (“AAER”) issued during the period 1998-2007. The
researchers studied the nature of the fraud, including the size, technique and length, as well
as the individuals involved and the suspected motivations behind committing the frauds. The
2010 study goes on to compare the results of the companies involved in frauds (“fraud
companies”) to similar companies that did not have frauds (“no fraud companies”).
Ernst & Young
Assurance | Tax | Transactions | Advisory
© 2010 Ernst & Young LLP.
All Rights Reserved.
Ernst & Young refers to a global organization of member firms of
Ernst & Young Global Limited, each of which is a separate legal entity.
Ernst & Young LLP is a client-serving member firm located in the US.
This publication has been carefully prepared but it necessarily contains
information in summary form and is therefore intended for general
guidance only; it is not intended to be a substitute for detailed research
or the exercise of professional judgment. The information presented in
this publication should not be construed as legal, tax, accounting, or any
other professional advice or service. Ernst & Young LLP can accept no
responsibility for loss occasioned to any person acting or refraining from
action as a result of any material in this publication. You should consult
with Ernst & Young LLP or other professional advisors familiar with your
particular factual situation for advice concerning specific audit, tax or other
matters before making any decision.
Related publications produced by our
US Professional Practice Group, are available free
on AccountingLink at ey.com/us/accountinglink
The 2010 study identified 347 companies allegedly involved in fraudulent financial reporting
from 1998-2007, an increase from 294 cases identified in the 1999 study. From 19982007, the total alleged cumulative misstatement or misappropriation of assets was
approximately $120 billion. This is a significant increase when compared to $25 million
reported in COSO’s 1999 study. The median fraud was $12.05 million in the 2010 study
versus $4.1 million in the 1999 study. The significant dollar increase is driven primarily by
the large financial statement frauds in the early 2000s, including Enron and WorldCom. Most
of the companies with alleged fraud preceded the Sarbanes-Oxley Act of 2002. Because
there is a significant time lag between the occurrence of an alleged fraudulent financial
reporting and the issuance of an AAER related to that fraud instance, most of the underlying
instances of fraudulent financial reporting described in the AAERs examined in this study
occurred before the passage of the Sarbanes-Oxley Act of 2002 (SOX), with 61 of the 347
fraud companies examined in this study having issued alleged fraudulent financial
statements involving periods subsequent to 2002, and only a small number of those
companies were subject to the provisions of Section 404 of SOX. More time needs to pass
before any conclusions can be drawn regarding the effect of the SOX 404 legislation and its
effect as a deterrent to fraudulent financial reporting.
1
EY has obtained permission from COSO to distribute this summary internally
EY summary of the COSO study: “Fraudulent Financial Reporting:
1998-2007 — An Analysis of U.S. Public Companies”
Nature of companies involved
Fraud affects companies of all sizes and industries and crosses geographic boundaries. The
companies with alleged fraud ranged from startup companies to companies with approximately
$400 billion in assets or in excess of $100 billion in revenues. The median assets and revenues
were approximately $100 million as compared to approximately $15 million in the 1999 study.
The industries with the highest incidence of fraud were computer hardware and software (20%)
and other manufacturing (20%). These findings are consistent with COSOs 1999 study. Refer
to the table below for additional information. Similar to the 1999 study, most of the alleged
frauds were committed either at or under the direction of company headquarters. Most of the
companies were located in California (19%) and New York (10%).
Table 1 — Primary industries of sample fraud companies2
Primary industries
25
20
20
20
15
11
10
9
9
7
7
6
6
5
3
1
1
0
Percentage of fraud companies
Alleged motivation for the fraud
In certain AAERs, the SEC described the alleged motivation behind the frauds, while in others
it did not. As the SEC did not consistently describe the alleged motivations and multiple
motivations were often noted, the 2010 COSO study does not include statistics. However,
the most commonly cited motivations include the need to:
►
Meet earnings expectations (both internal and external)
►
Conceal deteriorating financial condition
►
Increase stock price
►
Strengthen financial performance
►
Increase financial results in order to maximize management compensation
►
Cover up misappropriated assets
2
Table 3 in the Fraudulent Financial Reporting: 1998-2007, an Analysis of U.S. Public Companies
2
EY summary of the COSO study: “Fraudulent Financial Reporting:
1998-2007 — An Analysis of U.S. Public Companies”
Consistent with COSOs 1999 study, a number of the companies with alleged fraud were
financially stressed and close to break-even prior to the fraud occurring.
Total amount of the fraud
The AAERs did not disclosure the dollar amount of the alleged fraud in all instances. In
addition, there were some significant frauds committed in the early 2000s (e.g. Enron,
WorldCom and others) that skewed the results. Accordingly, the categories and dollar
amounts below are best estimates and should be viewed as such.
Table 2 — Dollar amount of misstatement by fraud type3
# of fraud
companies with
information
Mean cumulative
misstatement
Median cumulative
misstatement
(in millions)
(in millions)
44
$226.74
$7.9
132
$455.04
$10.3
Expense
26
$91.44
$19.8
Pre-tax income
20
$958.98
$21.5
Net income
36
$525.21
$10.2
Misappropriation of assets
15
$16.30
$4.0
Misstatement type
Asset
Revenue or gain
Common financial statement fraud techniques
The most common financial statement fraud techniques continue to be improper revenue
recognition (61%) and overstating assets (51%). The primary means of creating fraudulent
revenue was by creating fictitious revenue transactions or by recording revenues
prematurely. Companies overstated assets by overvaluing existing assets (e.g., inventory
and accounts receivable) and inappropriately capitalizing expenses.
Table 3 — Common financial statement fraud techniques4
Methods used to misstate financial statements
% of the 347 fraud companies
using fraud method
Improper revenue recognition
61%
Overstatement of assets
51%
Understatement of expenses/liabilities
31%
Misappropriation of assets
14%
Inappropriate disclosure
1%
Other miscellaneous techniques
20%
Disguised through use of related party transactions
18%
Insider trading also cited
24%
3
Table 7 in the Fraudulent Financial Reporting: 1998-2007, an Analysis of U.S. Public Companies
4
Table 9 in the Fraudulent Financial Reporting: 1998-2007, an Analysis of U.S. Public Companies
3
EY summary of the COSO study: “Fraudulent Financial Reporting:
1998-2007 — An Analysis of U.S. Public Companies”
Issues related to the external auditor
Approximately 79% of the Big Six/Four audit firms audited the companies that had fraud in
the last year of the fraud period.
Twenty-six percent of the companies engaged in fraudulent financial reporting changed
auditors between the last clean financial statements and the last fraudulent financial
statements. Of these, 60% of the companies changed auditors during the fraud period and
the remaining companies changed auditors in the period preceding the first period of
fraudulent financial reporting.
In the AAERs, the SEC named the external auditor in 22% of the cases. Although the national
firms audited 85% of the companies with fraud, they were only named in the AAER 40% of
the time.
Table 4 — Frequency of audit firms names in enforcement actions5,6
Number of
Auditors
national firms
name in AAER
named
SEC alleged audit from violations
Number of
non-national
firms named
Anti-fraud statutes
32
11
21
Non-fraud statues including Rule 102(e)
51
22
29
Total
83
33
50
Types of Auditor Opinions
Although virtually all of the companies with fraud received an unqualified opinion on the last
set of fraudulently misstated financial statements, over half of the opinions included
additional explanatory language.
Effect of Section 404 of the Sarbanes-Oxley Act
There was only a small percentage of companies with fraud that had fraud periods extending
into 2004 or later. Accordingly, there is little statistical data that can be inferred on the effect
of the SOX 404 legislation as a deterrent to fraud and/or on the auditor’s ability to detect
weaknesses in internal control that could lead to a future material misstatement due to fraud.
Conclusion
Financial statement fraud continues to happen and the number and dollar amount of the
individual frauds has increased substantially since the 1999 study.
Fraud happens. Fraud affects companies of all sizes and industries and crosses geographic
boundaries. We need to remain mindful of the fraud triangle and consider where within the
organization incentives, pressures or the opportunity to override controls might present
greater risk. When the opportunity or incentive presents itself, even honest management
can rationalize committing a fraud when the environment imposes sufficient pressure on
them. The greater the incentive or pressure, the more likely an individual will be able to
rationalize the acceptability of committing a fraud. When the opportunity to override internal
controls is combined with incentives to meet accounting objectives, senior management may
engage in fraudulent financial reporting and otherwise effective internal controls cannot be
relied upon to prevent, detect or deter fraudulent financial reporting.
5
6
Table 24 in the Fraudulent Financial Reporting: 1998-2007, an Analysis of U.S. Public Companies
There were 78 fraud cases in which the SEC named an individual at an audit firm or the audit form
itself in the AAER. For 5 of the 78 cases, the SEC named individuals at 2 different audit firms or 2
different audit firms.
4
EY summary of the COSO study: “Fraudulent Financial Reporting:
1998-2007 — An Analysis of U.S. Public Companies”
We need to continually exercise professional skepticism when performing our fraud risk
assessment and while executing our audit procedures. This means approaching each audit
procedure you perform with an ongoing questioning mind that accepts the possibility that a
material misstatement due to fraud may occur in any company, at any time, and may be
perpetrated by anyone. Each of us must recognize that fraud can occur regardless of our
past experience with the company and our beliefs about management’s honesty and
integrity. We need to perform a critical assessment of audit evidence with that mindset and
can never be satisfied with less than persuasive evidence because of a belief that
management is honest.
The complete 2010 study can be found at www.coso.org.
5