Financial fraud from missing data may be more common than we think
New research suggests that how auditors see errors caused by missing financial information may be hiding the most preferred type of financial fraud
Although 2021 is not even half-way through, the year has already provided us with several high-profile corporate fraud stories to follow, many with the typical analysis of how auditors failed to spot the fraud when they had the chance. The headlines these stories generate can obscure the fact that most corporate fraud happens not in giant cases but in countless small events that occur across companies of all sizes. Time and again, an auditor finds something that is incorrect and must then decide if that error was a simple mistake or an intent to commit fraud. In this situation, auditing standards say that there is only one key difference between an unintended error and fraud: the intent of the person whose actions led to the mistake.
Of course, knowing a manager’s intent can be a challenging task, and all auditors will tell you that not all mistakes are created equal. Indeed, auditing tends to find two classes of errors: errors caused where someone records incorrect information and errors caused when someone leaves out correct information. Interestingly, new research from Erin L. Hamilton and Jason L. Smith shows that both managers and auditors share quite different views of these two types of errors.
The authors start their paper by noting that of the top five accounting fraud types, four require a specific action to take place:
(1) recording fictitious revenues
(2) recording revenues prematurely
(3) overvaluing existing assets or capitalizing expenses, and
(4) recording fictitious assets or assets not owned.
Number five on the list is different because in this case, fraud is committed by not doing something, e.g., leaving out an expense or liability from financial records. The authors find this last category interesting because there is a broad literature in psychology that has found that most people prefer to harm through inaction versus action. There are many reasons for this phenomenon. Someone may feel better about not acting, for example, if a crime leaves everything the same in the outside world. Another reason to prefer harm by inaction is that acting might provoke third-party scrutiny and condemnation. Knowing this general human preference — which runs counter to the majority of the recognized fraud listed types above — the authors wanted to understand if (a) corporate managers also prefer to commit fraud by inaction (in this case, leaving out key data) and (b) if auditors react differently to this type of error versus the discovery of an explicit misstatement.
To answer their questions, the authors conducted three studies. In the first one, 58 experienced financial managers were told about a fictional company, Blaze Jewelers, that was in danger of missing its annual revenue target by about $1M. They were also told about two possible strategies the company controller was considering to “fix” the year-end results. One strategy involved omitting a major transaction from the financial statements, and one involved recording a major transaction inappropriately. In part two of this study, the managers were told the controller had made up his mind and wanted a VP to manipulate the information given to the company accountants. The 58 participants were then asked to choose one of the two fraud strategies for the VP to execute.
In a second study, 108 auditors were recruited (with an average of 6.80 years of audit experience). The auditors got the same background on Blaze and were then told that a significant error had been discovered in the company’s year-end data. The auditors then spoke with the accounting clerk who had recorded the error to evaluate if the misstatement was intentional. The clerk told one group of auditors that the cause of the error was incorrect information given by the VP. The clerk told the second auditor group that the source of the error was information kept hidden from him by the VP. Notably, the omitted transaction was always an expense sum, while the misrecorded transaction was always a revenue sum.
A third study with a different group of 107 auditors saw the same information as the group in Study 2, but the types of errors varied, e.g., some omitted transactions were revenues, and some misrecorded transactions were expenses. This third study’s purpose, note the authors, was to “unbundle” the type of misstatement from the nature of the financial information.
Through their studies, the authors found that, consistent with the general human tendency, managers prefer to commit fraud by leaving out the expense transaction over misrecording the revenue transaction. Furthermore, the authors found: “When fraud can be achieved by manipulating information within a supporting document, managers choose to omit relevant information from the document rather than misrepresent information.”
It turned out that the managers were on to something because the auditors were much more likely to “judge a misstatement as less likely to be intentional and are less likely to take further action (e.g., collect additional evidence) when the misstatement involves omission (i.e., an omitted transaction or information omitted from a supporting document) compared to a more active form of manipulation.” In other words, managers prefer to commit fraud by hiding information from accountants, and auditors are less likely to think of these omissions as fraud should the missing data come to light.
Broadly speaking, then, auditors tend not to think of omissions as signs of fraudulent intent on the part of business managers. This conclusion, note the researchers, suggests that “the frequency with which fraud is perpetrated via omission may be greater than previously thought, but it may go undiagnosed due to auditors’ tendency to view omissions as unintentional errors.” This effect was especially evident when revenue figures were misstated, in which case the auditors were much more likely to consider the possibility of fraud from wrongly recorded information over information left unreported.
Overall, the studies in this paper found that business managers chose fraud strategies that are less likely to be detected but also ones that “minimize the perceived intentionality of the misstatement, if it is detected.” Furthermore, because auditors are less suspicious of omissions, it is likely that “some frauds may go undiagnosed, not because client managers have effectively concealed their fraudulent misstatements, but because they have effectively concealed their fraudulent intentions.”
Based on their findings, the authors suggest that “auditors should give greater consideration to misstatements characterized by omission and avoid dismissing them prematurely as unintentional errors.” Moreover, “the commonly held belief that fraud is perpetrated more frequently through active forms of manipulation (e.g., recording fictitious or premature revenues, capitalizing expenses, altering documentation) may be overstated.” Indeed, contrary to this belief, “managers in our study were significantly more likely to perpetrate fraud via omission as opposed to a more active form of commission.”
In closing, the authors note that future research is needed to “better understand the ways in which managers perpetrate fraud in an effort to make the resulting misstatements appear less intentional.” Also, because studies 2 and 3 assumed that the auditors already detected the misstatement, this particular paper sheds no light on how likely such detection would be in real life. With that said, the implications of this fascinating set of studies are worth careful consideration by accountants and auditors, of course, as they suggest that the incidence of accounting fraud may be much higher than previously discovered.
The Research
Hamilton, Erin L. and Smith, Jason L. Error or Fraud? The Effect of Omissions on Management’s Fraud Strategies and Auditors’ Evaluations of Identified Misstatements. The Accounting Review (2021) 96 (1): 225–249. https://doi.org/10.2308/tar-2017-0355