- The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
- In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
- Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain - Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Khawlah Abdulaziz Alswailem says
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
In my opinion, management’s assertions are not only important to accountants, in fact, it is important to any user of company’s information. If the company doesn’t give the assertions or controls any attention, then we as internal or external users can’t rely on its information. In addition, I believe that assertions are extremely important to investors, auditors, and management. Investors must have right to correct and accurate data about the financials of the company. They interested in growth and management of the organization they have invested in, so assertions will provide a clear picture of how their investments have been used. From the auditor perspective, assertions are important since they use the dimensions of management’s assertions in their audit process. For example, a financial auditor needs to audit that a company’s inventory exists which refers to the existence dimension.
Parneet Toor says
Khawlah,
I agree with your post as per my understanding Management Assertion is not only crucial to accountants, but in fact, there are various parties interested such as:
Shareholders are interested to know the profitability of the organization.
Investors and lenders interested to analyze financial statement position to know about the safety of their investment.
Creditors are interested in financial statement to know either the organization is enable to pay the amount of short term liabilities whenever due.
Management interested to analyze the financial statements to know short term and long term solvency position, profitability, liquidity position and return on investment from the business.
Government is interested to analyze the financial position in determining the amount of tax liability.
Khawlah Abdulaziz Alswailem says
Thanks for your reply, Parneet. In fact, management assertions are claims regarding the condition of the business organization in terms of its operations, financial results, and compliance with laws and regulations, so many parties in the organization need the assertion concept.
Andres Galarza says
Apologies if I didn’t see it, but another group I’d specifically call out is employees of the organization!
Per the WorldCom example we discussed in class, tens of thousands of employees were ultimately laid off due to false assertions from management. I’m sure the vast majority of these employees were operating under the false assumption that everything at their organization was stable and were unprepared to look for new jobs.
M. Sarush Faruqi says
Andres,
Good point about the employees being affected by inaccurate assertions. If management provides inaccurate assertions, it will affect shareholders and their desire to hold on to the shares they have in the company. If stock prices drop and reputable damage occurs, employees are first to suffer in order for the company to regain their losses. Employees will certainly be blind sided especially if everyone thinks the company is doing well.
Candace Nelson says
I agree with you both, Andres and Sarush – the majority of employees (with the exception of the perpetrators and perhaps those who should have known what was going on) are also innocent victims of the types of egregious frauds we have witnessed during the last two decades. To take it a step further, when large numbers of employees in a particular region become unemployed, there is also a negative impact on the economy since their expendable income has decreased. The ripple effect is that local businesses then suffer as well. It is an endless spiral…
Jing Jiang says
Khawlah, I agree with your opinion that assertion concept is also important to any information users, such as auditors, investors and etc. Assertions firstly make me think of financial statements. It’s true that many audit and investments processes will base on company’s financial statements. So a reliable and accuracy assertion will be significant important to decision makers. Andres provide a good example about WordCom, which further support that the accuracy of a assertion is important. An assertion will impact many people including all users of the information, and it could cause large losses if it exist inaccurate information.
Mengting Li says
I agree with what you are saying about assertion concept is important to any information users. The Management Assertion is identified as a clear or implicit expression by the management of the recognition, measurement, presentation of the elements of the financial statements. Assertion as the basis for determining the specific audit objectives, the specific audit objectives of the different reporting items are derived from the management’s approval. Therefore, the assertion is definitely important to auditors and investors and other kinds of information users.
Khawlah Abdulaziz Alswailem says
2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
As a review, we discussed five main dimensions of management assertion which are Occurrence / Existence (timing), Completeness, Accuracy / Valuation, Rights (Ownership), and Summarization / Presentation. In my point of view, all the dimensions are important at some point. If any of them is missing, the auditor’s opinion won’t be reliable.
If I would choose, I would say the most critical in reviewing and giving an accurate picture is the accuracy of the data reviewed. The main purpose of the work performed by the auditor is obtaining reasonable assurance that the financial statements are correct. If inaccurate data was reviewed the entire picture of the audit would be in question.
Finally, the industry and business type play a significant role in determining the risk related to each dimension.
Parneet Toor says
Purchase-to-Pay
Potential fraud risks include (a) an employee initiating purchase orders (P.O.) for goods and services that are diverted for personal use and (b) an employee setting up a “phantom” vendor account, through which fraudulent invoices are processed and payments are made to the employee.
In these situations, fraud tests can detect if the same individual both enters and approves a P.O. or if an individual enters or approves multiple “split” P.O.’s, just under an authorized limit. Other evidence that can be discovered includes whether the delivery address for goods or services is the same as an employee’s, whether the goods being purchased are typically consumer items, or whether the vendor master file information (address, bank account, etc.) is the same as that of an employee
Xiaomin Dong says
I totally agree with you Khawlah. We must be sure of the accuracy of all data before asserting anything; because If the amounts of transactions are incorrected, the other dimensions will be affect as well.
Jing Jiang says
I agree with you,Khawlah. Every dimension is important no matter it is the occurrence/existence, completeness, accuracy/valuation, rights or summarization /presentation, I also agree that the accuracy would be the most important, because it will cause different results on audit report, strategy selections and many other important decisions. In different transactions, balance records, and any presentations or disclosures, they are all required the accuracy.
Edward Gudusky says
While I agree that accuracy is important, I wouldn’t necessarily say it is the most important overall, for that I would argue for occurrence or existence. Without a recorded occurrence, how could accuracy even matter? If this was a question of which would be most important when it comes to preventing fraud, then yes I would agree that accuracy is most important.
Mengting Li says
I agree with you, I believe that every dimension is important because of the lack of any of them, is not complete management assertions. Also, I agree accuracy data and information is the most important part. Even though a little bit different might lead to a different answer and result.
Parneet Toor says
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Each dimension of Management Assertion plays crucial role in the preparation of financial statements. Auditors rely upon a variety of assertions regarding the business. The auditors test the validity of these assertions by conducting a number of audit tests. As per my understanding, I believe ‘Occurrence and Existence’ is most important Management Assertion because the assertion of Occurrence, means that all the transactions in the accounting records actually occurred. No transactions are made up or are duplicates. For example, if the client records its Utility bill on the day it’s received and then records it again a few days later, that’s a mistake: The duplication overstates accounts payable and the utility expense.
The assertion of existence, make sure that the assets, liabilities and shareholders’ equity balances appear on a company’s financial statements actually exist in the real world as stated in the Financial statements. For example, any statement of inventory included in the financial statement carries the implicit assertion that such inventory exists, as stated, at the end of the accounting period.
While performing audit, auditors may ask for evidence to support the bill amount, Inventory purchase orders, accounts payable record for specific transaction, and related bank statements to make sure actually transaction occurred this is how assertion of ‘Occurrence and Existence’ is verified.
Michelangelo C. Collura says
This gets to the heart of cases like the Enron one we discussed before. If a firm is making up its numbers, the best auditor on Earth cannot hope to resolve the problems with the firm and attend to management needs. Tying in to the notion of occurrence, one must assume that the firm is operating in good faith. Otherwise, the job of dertmining what is real and what isn’t would waste billable hours and not actually help to resolve the matter.
Parneet Toor says
Which portion / step of the Procure to pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
I think the whole process of ‘procure to pay’ is vulnerable to theft, fraud or failure, since it is automated system, and applications are more prone to attacks also easy to manipulate, if employee have a knowledge of coding. I believe potential risk of theft is at the step where employee initiate purchase orders (P.O) for goods and services that can be directed for personal use and an employee can set up fictitious vendor account, through which fraudulent invoices are processed, and payments can be made to their personal accounts.
Parneet Toor says
Source for above post: http://ww2.cfo.com/accounting-tax/2013/11/top-five-areas-monitor-employee-fraud/
Candace Nelson says
Hi Parneet,
I find your response interesting in that you identified the automated portion of the P2P process as being the most vulnerable to fraud. I was actually thinking the opposite – that the presence of system controls (assuming that they have been activated and were properly configured) would reduce the likelihood of fraud or failure.
My initial thought was that the step in the procurement process that is the most susceptible to fraud occurs when vendors are being selected. To support this theory, I referenced the 2016 Report to the Nation on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners (ACFE). Here are some of the things I learned:
– Purchasing schemes are generally characterized as corruption and include conflicts of interest, bribery (bid rigging and kickbacks) and illegal gratuities.
– Corruption was a particularly high risk in purchasing (68.9% of cases), and it was one of the two most common schemes in all participating regions.
– Corruption was more prevalent in larger organizations and the median loss was determined to be $200K.
– Corruption schemes usually involved an override of existing controls and were most common when an insider colluded with a vendor with whom they were closely associated.
http://www.acfe.com/rttn2016.aspx
Andres Galarza says
Candace,
I hadn’t considered this point of view. However, now that I’ve read your comment it makes me think about a previous job I held contracting for the Department of Defense. I admit that I knew very little about the actual contracts/sourcing side of my job (wasn’t my daily focus) but I got the sense that the selection of prime contractors, sub-contractors and the preference points given to specific types of individuals/business owners must have been both tightly controlled and fraught with peril for fraud.
Candace Nelson says
Hi Andres,
My last job was also with Department of Defense contractors, but I wasn’t an auditor there so I did not get to see that portion of the business. However, I worked for a retailer prior to that. Before I joined the company (and right when they established a formal internal audit function) it was discovered that one of the top executives (who was also the CEO’s “former’ best friend…) received more than $25M in kickbacks. My former boss – who was the VP of Audit – used to joke that this man made him look good.
Whenever situations like this occur, I always as myself “where were the auditors?” In this case, there weren’t any yet (this was right around the inception of SOX). That speaks volumes. We’ll never know if the auditors would have detected the fraud, but it would have been more disastrous if that type of fraud was going on right under the internal auditor’s noses.
Here is an interesting quote from one of the attorneys: “…… had a great job that paid him millions of dollars, but this honest living was apparently not enough to satisfy his greed.” He was ultimately sentenced to 8 years in prison.
https://www.nytimes.com/2014/08/21/nyregion/former-aropostale-executive-gets-8-years-for-receiving-kickbacks.html?_r=0
Michelangelo C. Collura says
Interesting point about the dollar value with the larger firms. The $200K figure would cripple a small business, but when a company’s revenue is in the billions, a few hundred thousand can be easily misplaced or forgotten. If company valuations are artificially inflated and funds are taken from those inflated numbers, it is also lost in the overall picture of a successful company. This would be sustainable unless a firm is audited and the numbers are found to be inaccurate.
On a slightly different note, here’s an interesting example of fraud leveraged against – and perhaps with the help of – the federal government when oversight is quite difficult. How do audits work when the operations are in a war zone? Evidently, they don’t.
https://www.usatoday.com/story/news/nation/2015/11/02/pentagon-afghanistan-gas-station-boondoggle/75037032/
Khawlah Abdulaziz Alswailem says
Hi Parneet,
I believe that automated systems have a significant role in reducing the Likelihood of fraud and failer, especially when appropriate controls are effectively implemented. Here I found a helpful tool in a P2P professional’s risk mitigation which is continuous controls monitoring (CCM) approach. This approach defined as a set of technologies to reduce business losses through continuous monitoring and reducing the cost of audits through continuous auditing of the controls in financial and other transactional applications. CCM tests an existing control to determine whether it is operating correctly.
Companies use CCM and CTM automated tools in three ways as follows:
-Several companies utilize a supplier portal to ensure that all suppliers are fully validated and screened before they entered in the master files.
-Many companies perform a retroactive audit to uncover duplicate and erroneous payments along with possible supplier fraudulent activity.
-Companies use their fraud prevention application on an ongoing basis after invoices are entered, but before the disbursements are generated – almost in a CTM environment.
Source: https://goo.gl/fh2Bng
Parneet Toor says
Have you ever:
– Been victim of Fraud– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain
While working I was never been victim of Fraud neither been pressured to commit, but I have seen fraud occurring in small /mid-size companies. Especially, during quarterly preparation of financial statements where companies were increasing their assets in the balance sheets, in order to fulfill the quarterly requirement of net worth to get lines of credit from the wholesale banks. In some instances company owners want to show more expenses to save on taxes.
Jing Jiang says
Good example. I have heard about these actions to meet the quarterly or yearly requirement too. I was never been a victim of fraud and been pressured to commit, but I knew there were some big frauds in financial world, such as Stanford scandal. The event mislead thousands of investors suffering multi-billion losses by selling the mendacious Certificates of Deposits (CDs). Through cooperation with its auditor company, Stanford Group created a illusion that company was operating well and those CDs were great investment choice which would make higher returns.
Parneet Toor says
Jing Jiang,
You have given good example of Stanford scandal. Recently, Wells fargo Bank was in news for opening fictitious bank accounts by their employee in order to fulfill the monthly target is also a instance of fraud.
Binju Gaire says
Great point, Parneet. There are several instances of such fraud occurrence. Companies tend to alter their financial statement in order to demonstrate themselves as profitable. Enron became one of the biggest example of such incident which is still talked about.
Mengting Li says
I agree with you, Parneet. every country has a strict accounting system and norms to define the accounting behavior, to ensure the smooth operation of the market economy. But humans are very fond of breaking the rules, no matter how rigorous laws and rules will be loopholes, loopholes will bring benefits, interests will make people have the impulse to destroy the order.
Xiaomin Dong says
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
In my opinion, assertions are not only important to accountants, but also important to auditors. According to Statement of Accountant Standard, “assertions about existence or occurrence deal with whether assets or liabilities of the entity exist at a given date and whether recorded transactions have occurred during a given period.” And then, auditors should support the assertions from the books and the ledger gather evidence that a transaction has occurred because the accounting system “captured” the transaction by recording it. Therefore, assertions are also important to auditors.
Qiyu Chen says
I agree with you. Assertions mean that ‘ a confident and forceful statement of fact or
belief’. In Auditing, it also means ‘what management claims’. Auditors should judge whether the management assertions of company conform to standard so that auditors should know about assertions well and understand well. That is why assertions is important to auditors.
Xiaomin Dong says
2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
In class, we discussed the dimensions of management assertions of occurrence, existence, timing, completeness, accuracy, valuation, rights, and summarization. In my point of view, the accuracy is the most important dimension. Accuracy in the management assertions means that the transactions have been recorded with correct amounts and recorded in the appropriate accounts. If the amounts of transactions are incorrected, the other dimensions will be affect as well.
M. Sarush Faruqi says
Xiaomin,
I agree with you that accuracy is certainly an important aspect of management assertions. If inaccurate claims are made to auditors about the company financials, auditors can still test the claims but not necessarily be able to provide an accurate assessment of the health of the company. If transactions are recorded correctly, a proper assessment can be done and accurate information can relayed to shareholders.
Binju Gaire says
I agree with you, Xiaomin. Accuracy is the important dimension, Accuracy implies that all the information available to applicable parties are correct and verified by the upper management. Inaccurate information can lead to false reporting that can damage the firm’s reliability.
Qiyu Chen says
I think occurrence and existence are most important. Occurrence recorded transactions that actually occurred during the period exist and evidence the assets, liabilities and equity balances exist at a given date. Auditors should use Occurrence and existence to make a judgement. They give auditors the evidence to support auditors’ judgement. For the accuracy, it is important dimension, but not the most important. because if there is no existence and occurrence, the accuracy will be meaningless.
Xiaomin Dong says
3. Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain
I have not personally been a victim of fraud; however, it is really often that international students encountered fraud. Most of the international students are studying abroad without their parents, then some people use this to defraud. For example, they found some ways to get a student’s personal information and the contacts of his/her parents, and then pretend to be this student. They contact to their parents and said their daughter/son had an accident, and need money for surgery, please transferring money to this account.
Andres Galarza says
Wow this is terrible. My wife and brother in law are both originally from Latin America and were international students for both their undergraduate and postgraduate studies (including medical school and beyond for my brother in law). I don’t believe they ever encountered this, but I can easily imagine how effective that form of fraud might be within the international student community.
Did Temple do anything to educate its international students about this type of fraud, Xiaomin?
Edward Gudusky says
Xiaomin,
Like Andres, I am also curious if Temple alerts or at least brings this possible risk to the attention of international students during orientation. I’m not sure if this has happened at Temple as I have never heard of it here at Temple, but this type of fraud could damage the student, their family and also the University. Being an american citizen by birth, this type of fraud would not be one of the first to come to mind for me.
Jing Jiang says
Your post reminds me of the fraud I have suffered.
It happened when the first year I came to Temple. I used an instant messaging software which was popular in my country to contact with my families and friends. After I came to the U.S about one week, my account was stolen, The thief or hacker pretended to be me to sent message to my parents asking for money.
Fortunately, my parents were not being deceived, but they almost believe it if they didn’t confirm the message by calling me after they received the message.
Qiyu Chen says
It happened frequently, but in term of business fraud. Fraud Triangle is a good tool to explain fraud. “The Fraud triangle is a framework designed to explain the reasoning behind a worker’s decision to commit workplace fraud. The three stages, categorised by the effect on the individual, can be summarised as pressure, opportunity and rationalisation. Broken down, they are:
Step 1 – the pressure on the individual – is the motivation behind the crime and can be either personal financial pressure, such as debt problems, or workplace debt problems, such as a shortfall in revenue. The pressure is seen by the individual as unsolvable by orthodox, legal, sanctioned routes and unshareable with others who may be able to offer assistance. A common example of a perceived unshareable financial problem is gambling debt. Maintenance of a lifestyle is another common example.
Step 2 – the opportunity to commit fraud – is the means by which the individual will defraud the organisation. In this stage the worker sees a clear course of action by which they can abuse their position to solve the perceived unshareable financial problem in a way that – again, perceived by them – is unlikely to be discovered. In many cases the ability to solve the problem in secret is key to the perception of a viable opportunity.
Step 3 – the ability rationalise the crime – is the final stage in the fraud triangle. This is a cognitive stage and requires the fraudster to be able to justify the crime in a way that is acceptable to his or her internal moral compass. Most fraudsters are first-time criminals and do not see themselves as criminals, but rather a victim of circumstance. Rationalisations are often based on external factors, such as a need to take care of a family, or a dishonest employer which is seen to minimise or mitigate the harm done by the crime.”
https://www.hrzone.com/hr-glossary/what-is-the-fraud-triangle
Qiyu Chen says
I have been victim of Fraud. I was unlucky for a long period. I walked on the street with unhappy face. A guy looks like wizard talked to me and said that I was unlucky for long time and she can help solve this problem. and then she ask me to bring the egg from my home to her house and she made the white egg become black just in frond of me. I was surprised what she did and ask her to help. She ask me to give her $500 then I gave her. She was doing something like religious rites in front of me and I found she put something like power into a bottle of water and water turn into different colors. That is why I found that is a Fraud. I called police and police said that i give her money willingly so that he can not help me, so I think this might be a morally problem.
Mengting Li says
Your example reminds me that I I have experienced similar fraud. I often receive similar emails or text messages are mentions about my parents’ insurance report or their medical report. I never open this kind of email because I subconsciously think they are fraud. But I also double check them by calling my parents at first. It’s hard to protect ourselves information because now personal information is a kind of asset, they have value. Therefore, some no conscience business will sell your personal information for money. It reminds me how important and hard to protect our personal information.
Xiaomin Dong says
4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
As far as I am concerned, the most vulnerable to theft fraud or failure step would be the last step payment processing. In the payment processing, if the vendor is not trustworthy, the customer‘s personal information might be exploited.
Candace Nelson says
Hi Xiaomin,
Fraud risk is definitely prevalent when invoices are being processed. However, it is important to understand who the customer is and the type of information that is at risk.
Procurement is the process whereby a company purchases goods or services from a vendor. For instance, if they are a manufacturing company, they will purchase raw materials that will be used to produce a product that will ultimately be sold to a customer. I often use the term vendor and customer interchangeably, but they are really two different sets of third parties, as follows:
– In the Procure to Pay process – the company purchases goods from a vendor.
– In the Order to Cash process – the company sells goods to a customer.
So, back to your example – it is unlikely that a vendor would have access to a customer’s information. However, the vendor would have access to the company’s information, including check routing and account numbers, which the vendor could utilize to make fraudulent payments or transfers. If the company was not reconciling their checking account timely, or failed to activate certain features that prevent risky electronic transactions, this fraud could go undetected.
There are many other types of invoice schemes. A vendor could submit duplicate invoices in the hopes that the company does not have controls to detect this. They could submit an invoice for goods that they never provided, or they could inflate their price. The remit to information on the invoice could be wrong, and the funds could be directed to the vendors personal account.
I hope you find this information to be helpful – I have a certification in fraud examination and I am fascinated by the topic so I am interested in helping you to learn what I know.
Sincerely,
Candace
Khawlah Abdulaziz Alswailem says
Thank you, Candace. I really enjoyed reading your explanation.
Additional to your points, I like to mention the “kickback scheme” which is one of the most common frauds when involving the procurement process. This basically works when an employee has a relationship with a supplier/vendor and use this relationship to their advantage but negatively impacts the company.
The most common form of kickback involves a vendor submitting a fraudulent or inflated invoice (often for goods or services which were not needed, of inferior quality, or both), with an employee of the victim company assisting in securing payment. For his or her assistance in securing payment, the individual receives some sort of payment (cash, goods, services) or favor (the hiring of a relative, employment,
https://en.wikipedia.org/wiki/Kickback_(bribery)
Candace Nelson says
Very good point Khawlah!
Jing Jiang says
Good explanation, Candace. Your post makes me understand better on the concept of p2p and order to cash, I know more about invoice scheme as well. Thank you.
Qiyu Chen says
I think PO monitoring should be the most important. The reason is that if there are some problem in source determination and vendor selection. Po monitoring can find the problems and still can solve the problems
Yijiang Li says
You caught the point because personal information reveal could be risky for any payment process. However, this is procurement to pay process, I consider procurement process is also risky because procurement is not only to satisfy the requirement of our own company, but also involved in the relationship with different suppliers. Dealing with the relationship with business partners is not always easy.
Candace Nelson says
In response to the first portion of question 3, have I ever been a victim of fraud, I have been a victim of fraud on a personal level. I have experienced fraudulent use of my credit and store charge cards on a few occasions. Most recently, I received an email from a department store stating that my email address had been changed on my account. I initially doubted the authenticity of the email, so I called the number on the back of the card. It was a legitimate email, and by the time I called the store an “imposter” had purchased a $150 item. The worst part of this situation was the fact that I had just paid my account using my checking account, which the fraudster had access to since they hacked my account. Hence, not only did I have to inactivate my store charge card, I also chose to preemptively close my checking account so as to prevent a bad situation from getting worse. Oh, and I was travelling for business and was 3000 miles away from home when this occurred.
The worse thing I could have done was to ignore the email, which I almost did. However, having been trained in fraud prevention, I utilized another method of communication – by calling a number other than the one provided in the email – in the event someone was mere phishing.
Andres Galarza says
Candace,
Good points again. That moment you describe where you could have ignored an email is only going to become more and more prevalent. I received a snail mail letter that I suspected to be fraudulent and it required some digging to establish that was indeed a real issue that needed to be dealt with. However, I went so far as to submit their domain to Verisign’s fraud department only for them to confirm that it was legitimate, but that the website was out of date, etc.
It’s an annoying but necessary amount of work to put in now.
M. Sarush Faruqi says
Candace,
You did the right thing by investigating the email instead of ignoring it. When these types of emails are sent to us, we become suspicious if this is a legit message or not. I ran into a similar situation a couple months ago where I received a call from my bank verifying my purchase of a TV. I did not make the purchase but more than a thousand dollars had been taken out of my account for the purchase of a TV. I’ll admit that I did not have a chip card at the time which could have played a factor in the fraudster getting access to my card strip and duplicating it. I would’ve never known this happened in such a short time period had I not gotten the call. I’ve since gotten a chip card but it’s very important to follow through on suspicious calls/emails.
Binju Gaire says
Thank you for sharing your incident. Situations like yours can occur to anyone. It was very prompt and smart of you to react to the email and take necessary actions. We tend to avoid emails from department stores thinking it is one of the marketing emails. It is very important to carefully sort our inbox and closely monitor the emails we receive that concern our finances.
Edward Gudusky says
Great example Candace. This has happened to a few people I know. The key action you took, that others should make a note of, is that you called the number on the back of your card and not the number included in the email. In this case the email sent tot you was actually valid, but they aren’t always. There are some very convincing phishing attempt emails going around where the numbers listed are fake and the URL’s redirect to fraudulent websites.
This also reminds me of phishing emails being sent out here at Temple. Some emails have been sent where they seem to come from Temple Computer Services and ask that the recipient reply with the username and password or else their account will be deactivated. Even though Temple (and most places) will never ask you for your password let alone to send it via email, you would be surprised at the number of people who fall for that.
Candace Nelson says
In response to question 1, The concept of assertions is important to anyone who relies on financial information reported by an enterprise, primarily its shareholders (or investors, depending on the nature of the business). However, as has been demonstrated by the multitude of businesses collapses (e.g. Enron, Bernard L. Madoff Investment Securities LLC), the consequences are far reaching. Not only did investors lose their money, employees lost their jobs and the benefits they had accrued over the years, the economy suffered as a result of the enormous losses sustained, confidence in the markets, regulators and auditors was shattered, and in the aforementioned cases, the ultimate price was paid:
– Ken Lay, who was the CEO and Chairman of Enron Corporation died three months before he was sentenced, after being found guilty of 10 counts of securities fraud. It has been speculated that the heart attack that caused Ken’s death was brought on by the stress of the trial.
– Bernie Madoff’s son, Mark Madoff committed suicide by hanging on the second anniversary of his father’s notorious arrest.
– There are numerous accounts of other Bernie Madoff victims who committed suicide over the loss of their hard earned investments.
A sad but true testimony to the notion that crime doesn’t pay…
M. Sarush Faruqi says
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
From our discussions in class, I feel that the concept of Assertions is important to many parties including auditors. Auditors rely on the assertions made by management and must carry out specific tests to analyze the claims made. If the data is inaccurate, auditors will not be able to give accurate recommendations on improving the control structure of the company. In addition, assertions are also important for shareholders as important financial decisions (investing, selling, and reporting) are made based on what management claims. If management does not provide accurate assertions and shareholders find out about this later in the audit process, the company as a whole will suffer as stock prices may drop due to rapid selling. The employees of a company are also an important party where assertions play a big role. Most employees expect to work for honest and ethical companies. They expect management to provide accurate claims especially if the employees have shares in the company. If the assertions provided are not accurate, not only will the company lose money but the employees will lose as well and potentially their jobs if the company decides to make cuts to recoup losses. Auditors use assertions to conduct tests but the impact they have can affect a slew of people.
Andres Galarza says
Have you ever:
– Been victim of Fraud?
I’ve had my credit card used to fraudulently purchase items at a bookstore, and of all places it was in Barcelona, Spain. I’d traveled to Spain on a number of occasion because my family is from there. As others here have said, the biggest weapon we have to combat fraud is awareness. I’m a bit of a personal finance geek, and among the things that I’ve found surprising is how little people routinely check their checking and credit card statements. I can account for every penny that has been spent on with a financial account going back for years. My bank offers a handy service that allows me to closely monitor my checking account. I get that it’s a pain to monitor, but the sooner you can act on something fishy, the easier (in the long run) it will be to resolve the situation. In my case, I was able to identify the fraud within a day of its occurrence, and was able to resolve the situation with my credit card company.
– Had evidence of, suspicions of fraud occurring?
I’m very interested to see what the long-term damage from the last ten years of data breaches will do. I’m personally invested because I know my information was breached in the Office of Personnel Management (OPM) Breach that occurred a few years ago, and I suspect my data was also spilled in the Equifax breach.
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
I’m dubious of some of the things I’ve seen in organizations that adopt a mentality of “We have $X to spend on this budget item and if we don’t spend it, we’ll lose it.” I think it’s charitable to say that it walks the razor’s edge of fraud.
Lezlie Jiles says
Hi Andres,
I agree with your last statement “I’m dubious of some of the things I’ve seen in organizations that adopt a mentality of “We have $X to spend on this budget item and if we don’t spend it, we’ll lose it.” I think it’s charitable to say that it walks the razor’s edge of fraud.”
I believe that type of thinking is definitely on the edge of fraud. The purpose of a budget is to a lot enough money to complete a project to the required satisfaction, and any additional monies not used should be returned. This thinking also opens the door for personal increases or misappropriation funding. However, this type of thinking is prevalent to all organizations.
Matthew J. Dampf says
““We have $X to spend on this budget item and if we don’t spend it, we’ll lose it.” I think it’s charitable to say that it walks the razor’s edge of fraud.”
I like your “razor’s edge” wording, as I’m not sure which side I’m on. I don’t see an issue with timeshifting some purchases further forward than they’d otherwise be, but spending money that otherwise wouldn’t have been spent at all is certainly more of a problem. There’s definitely a fine line, and I think this can be acceptable in some scenarios.
Andres Galarza says
Question: Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind?
Another take on answering this question: I believe the greatest risk exists in the steps along the Procurement Process where the tasks are handed off to another team or set of professionals.
The team whose responsibility it is to generate the requirements isn’t necessarily the team that is going to do the sourcing and vendor selection. Unless controls exist to require transparency and logging of these intra-team decisions, they are steps at which risk greatest. I think the simplest explanation is the, “not my job” attitude that is easy to adopt. In fairness, why should a team that needs a widget care about who delivers on the needed materials, etc. However, a well-governed organization has (maybe even independent) teams in place to monitor these risky points.
Yijiang Li says
I agree your method which considers this question as where the greatest risk is. As you mentioned, procurement process can cause a lot question if the team division is not clear or people’s attitude is bad. It is the risk which is involved in company itself. However, I consider the payment process is still risky, becasue personal information could not be protected well. This is the risk which is involved in customers.
Lezlie Jiles says
2. In class, we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
In class, it was identified that the most relevant management assertions were occurrence existence, completeness, accuracy/valuation, rights (ownership), summarization/presentation. These terms are used to support an organization’s statement as fact, and with that in mind, I believe they all play a small roll in fulfilling its intended purpose. Therefore, I believe that no one dimension is more important than the other. However, to address the question I would have to say existence is the most important. The reason I chose occurrence/existence is that for an item to be complete, accurate, be owned, or presented it must first exist. On the other hand, once something exists I would say completeness would be the most important factor. Completeness also follows the same premise as my above theory.
M. Sarush Faruqi says
Lezlie,
Great points. I thought accuracy was the most important but you make a good case for occurrence. To me, it seems like a lot of controls fail when there is no occurrence at all and opens the door for fraud to occur. For example, an employee may put a purchase order in for a vendor that does not exist and the payments ends up going to the employee. The transaction or entity has to exist first in order for the other assertions to be accurately reviewed,
Lezlie Jiles says
3. Have you ever:
– Been victim of Fraud?
Yes, I have been a victim of fraud while on vacation in Vegas. During my week-long vacation in Vegas, my credit card information was stolen and used to purchase $100 worth of goods in Virginia. My professional career had exposed me to several scenarios of fraud and the clever ways that some people create ideas to commit it, which is why I was on high alert (not high enough) when I went to Vegas. I typically only take enough cash with me while on vacation, but I knew that on this trip I would need more money, so I brought my credit card as well. I planned to keep my credit card in the hotel and take only cash during my daily outings. My plan worked until the day I was scheduled to leave. Our flight didn’t leave until the early evening, so we decided to shop one last time. It was during my last day in Vegas that my card information was compromised, but the card was still in my possession. Upon discovery, to the fraudulent transaction, I contact my financial institution and started the investigation process to get my money back.
Have you ever:
– Had evidence of, suspicions of fraud occurring?
Yes, I have had evidence of suspicious activities occurring while working as an assistant bank manager. We were appointed a new manager who had only been with us for about four months. One evening during our check reconciliation process an item was identified as not properly endorsed. The new manager negotiated the item in question. The proper steps would have been to reverse the check deposit and contact the presenter to endorse the check. However the next morning during my closeout reconciliation I noticed that the check in question was presented for payment opposed to being reversed. I also noticed that the check was endorsed, which was impossible because the checks were secured overnight. Needless to say, I reported the incident to another manager who further investigated the issue and identified that the new branch manager had committed fraud, therefore he was immediately terminated.
Matthew J. Dampf says
“I typically only take enough cash with me while on vacation, but I knew that on this trip I would need more money, so I brought my credit card as well.”
Lezlie, I tend to take the opposite approach – credit only while avoiding debit and cash. Credit card companies are liable for all loss due to fraud, while banks are only responsible for partial loss due to debit fraud. Of course, no third party is responsible for the theft of cash, so I tend to opt for credit when possible.
Source for debit fraud policy: http://www.magnifymoney.com/blog/identity-theft-protection/banks-refuse-refund-fraudulent-charges21625321/
Lezlie Jiles says
Hi Matthew,
I truly understand your comment. I failed to mention that it was my debit card because I hate debt so I deal in cash whenever possible. I guess my thinking is backwards to because I am well aware of these policies as I deal with them on a day to day basis. One of my functions deals with credit card disputes. It’s still surprising to see the different scenarios concerning credit card fraud.
I guess my crazy theory of not using credit cards is a bit much. I also have this false impression that no one will steal cash from me without me knowing. LOL!
Andres Galarza says
Lezlie,
I’ve read about the strategy of using cash as a way to minimize credit card overspending. It’s not crazy! However, I agree with Matthew’s point on using credit (particularly on travel).
Jing Jiang says
Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
I think the most vulnerable portion is Invoice Processing. In this step, any entry errors or fraudulent actions in this steps will exert risks on year-end reporting. For example, the quantity and price are different in the invoice from the purchase order, the intentional or unintentional duplication of invoice entry and etc. So always checking the invoice with purchase orders and good receipts will be important to reduce the potential risks.
Matthew J. Dampf says
I’m in agreement Jing, but this risk seems manageable to mitigate, even for smaller companies, by segregating the duties of invoicing and accounts receivable. One department (or person in a small operation) should be able to detect irregularities when the numbers don’t match on both ends of the transaction.
Binju Gaire says
Great point, Matthew. The invoice processing step is certainly manageable if there are two or more people involved in the process. Proper segregation of duties or independent supervisory review in this step can avoid frauds.
Binju Gaire says
I agree with you, Jing. Invoice processing can be seen as the most vulnerable to theft, fraud or failure of some kind. I believe that there should be clear set of instructions for the invoice processing step, else, like you mentioned, intentional or unintentional duplication of invoice entry may occur leading to fraudulent activity.
Matthew J. Dampf says
1.) The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Financial assertions are important to many entities, but I’ll focus on two in particular: potential shareholders and C-level executives. Potential shareholders are using the assertions on financial statements to evaluate their potential investments in a company, and if these assertions are not accurate their investment is likely to lose value. If this is the result of intentional fraud, it can lead to legal action against management.
The lost value of shareholders leads into the second group this affects: C-level executives. Sarbanes-Oxley holds top management responsible for the assertions on their companies’ financial statements. In addition to likely being large shareholders who stand to lose a lot of personal wealth via inaccurate assertions. executives can be imprisoned as a result as well.
Yijiang Li says
As you mentioned, management assertion is a core question which Sarbanes-Oxley Acts tried to define. When fraud occurs at any time, top management should always review themselves initially. After that, we are able to investigate the responsibility of external audit company. Therefore, excellent management assertions can avoid greater problems and risks in the future.
Ariana Levinson says
Question 3:
– Have you ever been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
My answer to this question is a very tentative yes, however I will be speaking purely in hypotheticals as I have not disclosed any incidents to anyone nor wish to get anyone in trouble. Additionally, for the record, I no longer work at this job for unrelated reasons.
I was working at a company and was on-site at a client, and my manager at the time asked me not to ask any leading questions or anything of the client that could possibly cause any issues to come up, as we had a vested interest in this company passing. While not a direct request for an unethical act, it certainly made me feel uncomfortable. I definitely resented my manager at the time for putting me in such an awkward position, although I did as requested and kept my mouth shut during meetings.
Lezlie Jiles says
Ariana,
Your post was interesting, to say the least. Had you ever thought about going to upper management about the incident?
If you didn’t I would only imagine that this type of thinking was also understood at the top, which would have just fallen on death ears.
Andres Galarza says
That sucks. What a crappy situation to be put in and what a horrible manager to have to work for.
Lezlie Jiles says
1. The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertion is relevant to different job functions and people for many various reasons. Assertion is defined as the quality of being self-assured and confident without being aggressive. An example of assertiveness is someone who can express their feelings, views, beliefs, and needs directly and honestly while remaining respectful towards others. Assertiveness is an important quality for my professional atmosphere because I deal with the organization’s financial interests. I must be confident in my decision-making and reporting of all financial activities. An organization’s objectives are to make, retain and manage their profits well to reach their organizational goals. Therefore it is imperative to encompass the ability of assertion to ensure the C- level management that the organization’s financial interest is being managed extremely well. The same concept can be said for an auditor who must possess the ability to review and report their findings in a clear, confident and honest manner.
Binju Gaire says
Have you ever:
– Been victim of Fraud?
Yes, I have been a victim of fraud. One day I received an email from the bank saying my balance was low. Upon checking my activity I found out that my debit card has been used in Guatemala to purchase pizza and other items. I called the bank and they went over all the charges with me. After verifying that those purchase were not made by me, I refunded the amount and sent me a new debit card.
– Had evidence of, suspicions of fraud occurring?
Personally, I haven’t witnessed the evidence of, suspicions of fraud occurring. However, I have been aware of fraud occurring in my previous job. I was involved in a high school audit where my audit team was made aware of fraudulent activity performed by the school principal. After the completion of the audit, we noted that the principal had been taking the deposit bags from the safe. The deposit bags contained monies collected from school’s cafeteria and athletic activities.
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain
I have never been pressured to commit an act that was morally or legally questionable. However, I have seen an act that was morally or legally questionable in an organization that I was a part of. Back home (in Nepal) I was involved in a local rotaract club. The club once decided to raise funds by organizing a spelling contest among different local schools. The proceeds collected from the fund raising were not disbursed properly. The board members used the portion of the proceeds for their own benefit and hence, this raised the question on the organization’s moral act.
Lezlie Jiles says
4. Which portion/step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
The portion of the procurement to pay process that is most vulnerable is in the requirements and payment steps of the process. A large risk lays within the vendor selection process. If I recall, correctly we discussed a scenario early this week about a vendor that was hired and in cahoots with some of the internal employees. The situation explained how the vendor would overstate the invoice and the internal employees would receive a kickback for ensuring payment was rendered. I believe this scenario speaks directly to this question.
Edward Gudusky says
3. Have you ever:
– Been victim of Fraud?
I was a victim a fraud around when PayPal was just becoming widely used. I had set up my PayPal account with my American Express credit card and used it to purchase some items online. There was a period when I wasn’t buying or selling anything online when out of the blue I received a call from someone in Florida asking me to confirm shipping details for a laptop that I bought from him off eBay using my PayPal account. The shipping details were different than what matched what was on file for the credit card. Because he called I was able to stop the purchase and have funds reversed. I needed Amex to assign a new credit card number/card and change my PayPal/eBay user information. In the end I wasn’t responsible for anything, but it was a pain to have everything changed and it tied up my credit card from being used for a little while.
Yijiang Li says
I encountered a similar fraud like you when I do the online shopping. After I placed a order online, I got a phone call requiring me to change my billing address. However, the process was totally different from regular operation, because they wanted me to open a suspicious link from an email they sent to me. I did not take this step so I keep my money safe.
Edward Gudusky says
2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Like others have said, all dimensions can be debated as to which is most important. I personally feel that the dimensions sort of follow a logical flow, so the first part of the flow would be most important to me. This means I believe that the Occurance of a transaction is most importance. If there is no recorded occurance of a transaction, then how could the other dimensions even come to fruition? They would all seem to be made up at that point.
Yijiang Li says
2. In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Management assertions can be divided into four dimensions, including occurrence, existence, timing (cutoff), and completeness. To determine the importance level of them, we should figure out their definition initially.
Occurrence is involved in judging whether a transaction exist or not during your accounting period. Simply, it is a real transaction or fictitious record; Existence is about evidence that can prove your assets or liabilities exist at a given time; Timing is based on a proper accounting period and correct dates when a transaction occurs; Completeness is used to make sure all transactions are recorded with fact.
We can conclude occurrence is a precondition for all other dimensions, because it would be meaningless to talk about other dimensions if a transaction does not exist essentially. Therefore, determining the authenticity of a transaction should be the most important and first step within management assertions.
Michelangelo C. Collura says
The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Assertions are important to many different industries, though they may not be called that. Other terms are axioms or theories, as understood in scientific methodology. However, we might be most concerned with assertions as understood by computer programmers. In that context, it’s a Boolean expression in the code (true/false) that is assumed to always be true for a program to function. If the expression reads as false, then the program will crash or otherwise terminate. This is useful in that it allows programmers to avoid leaving notes in the code to assist future developers. These expressions allow everyone to assume the code is up to date without going through it line by line, because it would not function if this were not the case.
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain
Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
Michelangelo C. Collura says
Accidentally left the other questions in that first post.
In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
I think they tend to be equally relevant, with some being more important in given circumstances. Overall though, I’d say occurrence is most commonly the most important, because it is entirely fundamental assumption. Did this transaction actually take place? We can’t really question the accuracy, completeness or cutoff of a nonexistent transaction, nor can we classify it (or rather, if we do, we’d be wasting resources and not benefiting the firm). It is difficult to audit a firm if we are presented with fictional transactions, because our understanding of the needs and requirements will be based on erroneous data.
Michelangelo C. Collura says
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain
– I have not been, though I have had my identity confused with other names, thus affecting my credit until I resolved it.
– This fits in to the first question. I recognized inaccurate info on my credit report, referring to loans and medical bills I didn’t have. I then had to go through a lengthy process of disputes and clarifying with the Social Security Administration to get things corrected.
– I certainly had this experience. I once worked in a for-profit college. Their recruitment strategy focused on enticing consumers with online ads, references to free Apple products if contact info was provided to the school, and cold-calling such people. Most people did not actually want to attend school, or they did not have the necessary financial resources, so we pushed them to fill out FAFSA and maximize their federal and state financial aid. We were essentially getting people to sign up for classes on the government’s dime, in exchange for possibly receiving a free Apple product or of course receiving the education itself. Sales staff were incentivized with bonuses for higher recruitment numbers, though the base salary was quite low given the number of hours worked.
Michelangelo C. Collura says
Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
I would think the most vulnerable to fraud or theft would be preparation of the goods receipt, as an unethical firm could try to claim they didn’t receive the order to a supplier by fudging its numbers , thus justifying not actually paying them. This seems unlikely, but it could be that the firm is using many different suppliers for a given good/service, and they rotate to a new one every time they play this trick to avoid being caught. Regarding failure, almost any step is vulnerable, but perhaps the most vulnerable would be that with the most human influence – request for a quote. A vendor may inaccurately reflect its costs to the firm, or the firm may not accurately describe its needs due to a failure in requirements planning.
Mengting Li says
Which portion/step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
I consider during the procure pay process, payment portion is the most vulnerable to theft, fraud or failure. Firstly, when people who behind you might see your password. In general, the bank card password consists of six digits, therefore, it’s easy to remember. Secondly, The seller might ask you to pay the wrong price in the payment process. What’s more, entered a wrong pin might lead to failure.