Sunday, July 15, 2012

Update to Peregrine Fraud - Add the Numbers

I just realized that if you add and subtract the right numbers on the Peregrine Bank Statement, you do not get the ending balance as reported on the bank statement. In addition, the balance on the bank statement does not equal the balance on the confirmation statement.


If you properly add the amounts on the  bank statement
Beginning Balance on 3/1/2011 218,182,954.80
Deposits 520,296.16
Deductions 52,700.00
Ending Balance on 3/31/2011 218,650,550.96
Amount  reported on Bank Confirmation
218,650,550.96
Amount reported on Phony Bank Statement
218,850,650.08





Please see the bank statement and confirmation statement on: http://davehancox.blogspot.com/2012/07/peregrine-financial-group-inc.html

This is really a problem for the auditing profession.

You've got to be able to add the numbers right at least!


Peregrine – Auditors Fail to Find $200 Million Fraud


The Peregrine Financial Group Inc. fraud is still emerging, but once again, we see auditors being duped because they failed to follow the basic procedures of the auditing profession and exercise an appropriate level of professional skepticism.

The CEO and sole owner of Peregrine Financial Group, Russell Wasendorf, Sr., attempted to commit suicide and left a note detailing the fraud that was committed over a 20 year period of time. It’s alleged that more than $200 million in customer funds are missing.

The Note Confirming the Fraud

 Here is part of the suicide note (I’ve highlighted important concepts in red):
“I have committed fraud. For this I feel constant and intense guilt. I am very remorseful that my greatest transgressions have been to my fellow man. Through a scheme of using false bank statements I have been able to embezzle millions of dollars from customer accounts at Peregrine Financial Group, Inc.
“The forgeries started nearly twenty years ago and have gone undetected until now. I was able to conceal my crime of forgery by being the sole individual with access to the US Bank accounts held by PFG. No one else in the company ever saw an actual US Bank statement. The bank statements were always delivered directly to me when they arrived in the mail. I made counterfeit statements within a few hours of receiving the actual statement and gave the forgeries to the accounting department.
“... I had no access to additional capital and I was forced into a difficult decision: Should I go out of business or cheat? I guess my ego was too big to admit failure. So I cheated, I falsified the very core of the financial documents of PFG, the Bank Statements.
“At first I had to make forgeries of both the Firstar Bank Statement and the Harris Bank Statements. When I choose [sic] to close the Harris Account I only had to falsify the Firstar statement. I also made forgeries of official letters and correspondence from the bank, as well as transaction confirmation statements.
“Using a combination of Photo Shop, Excel, scanners, and both laser and ink jet printers I was able to make very convincing forgeries of nearing every document that came from the Bank. I could create forgeries very quickly so no one suspected that my forgeries were not the real thing that had just arrived in the mail.
“With careful concealment and blunt authority I was able to hide my fraud from others at PFG. PFG grew out of a one man shop, a business I started in the basement of my home. As I added people to my company everyone knew I was the guy in charge. If anyone questioned my authority I would simply point out that I was the sole shareholder.
“I established rules and procedures as each new situation arose. I ordered that US Bank statement were to be delivered directly to me unopened, to make sure no one was able to examine an actual US Bank Statement. I was also the only person with online access to PFG’s account using US Bank’s online portal. On US Bank side, I told representatives at the bank that I was the only person they should interface with at PFG.
“When it became a common practice for Certified Auditors and the Field Auditors of the Regulators to mail Balance Confirmation Forms to Banks and other entities holding customer funds I opened a post office box. The box was originally in the name of Firstar Bank but was eventually changed to US Bank....
“When online banking became prevalent I learned how to falsify online Bank Statements and the Regulators accepted them without questions.”[1]

Improper Bank Confirmation

During a financial audit, auditors verify bank balances by sending confirmation forms directly to the banks. In this case, the auditors made a fundamental mistake. They allowed Mr. Wasendorf to give them the bank address to send the confirmation form. This was a false address. It was P.O. Box which Mr. Wasendorf controlled, he said in his statement.[2]

As we’ve learned from many frauds in the past, auditors must be sure they do not allow management to control any part of the audit process. Time and again, we have seen management, in the interest of helping the auditors, work to deceive them.

Lack of Professional Skepticism

 According to the Wall Street Journal:

In early 2011, NFA [National Futures Association - the regulator] officials reached out to U.S. Bank, a unit of U.S. Bancorp, seeking to confirm that Peregrine's customer account figures matched the bank's own account, according to a person familiar with the investigation. The regulator received a response from the bank showing that the client-fund account held less than $10 million—far below what it was supposed to contain.
A few days later, the NFA received a fax purporting to be from U.S. Bank that showed that the account was whole, with more than $200 million, the person says. In fact, this person says, investigators now believe the fax came from a number controlled by Mr. Wasendorf.[3]
Now many people might think that the second document was sufficient to support the $200 million account. But, there are two problems, first, auditors have a professional obligation to be skeptical about all transactions. Second, they have a professional obligation to follow-up on any potential “red flags” they observe.
In fairness to the regulators, the alleged fraud was exposed:
“…after the National Futures Association, Peregrine's front-line regulator, dispatched an audit team in recent weeks to Cedar Falls to review the firm's books and pressure the executive to sign on to a new, online system for verifying accounts. The system, called Confirmation.com, likely would have rendered the fraud unsustainable.
Mr. Wasendorf resisted signing the necessary form for several days, prompting the NFA to threaten stronger action against Peregrine, according to a person familiar with regulators' investigation. Mr. Wasendorf relented and signed on Sunday, the person said.[4]

The Lessons for the Auditors

 Finding fraud requires a level of skill that calls for the auditor to understand how frauds have occurred in the past and to be willing to challenge management. Too often, auditors do not spend the time learning about past frauds. I’ve even heard auditors say, “I doubt it is happening here.”

Here are some lessons from this fraud. Recognize:
1.    Any document can be altered with the technology available to us today.
2.    Management has an incentive to get a “good” audit result. A “bad” audit result can create future difficulties for the management team.
3.    Auditors should independently obtain confirmation from third parties. Do not use the audited organization’s mail stream and do not let management assist in any part of the process.
4.    If third party documents are available (such as bank statements) get them directly from the source.
5.    Many people depend on the auditor or regulator to find the fraud that may be occurring and to stop it before significant harm occurs to innocent parties.
Fraud happens. Auditors have got to get better at finding it. Keep in mind Mr. Wasendorf’s statement: Using a combination of Photo Shop, Excel, scanners, and both laser and ink jet printers I was able to make very convincing forgeries of nearing every document that came from the Bank. I could create forgeries very quickly so no one suspected that my forgeries were not the real thing that had just arrived in the mail.
 Here are two of the documents Mr. Wasendorf altered:

The Phony Bank Statement:


The Phony Bank Confirmation:



Sunday, July 8, 2012

Update

I have a consulting assignment that keeps me very busy. I will be posting again on the auditing profession as soon as time permits.

Thanks for your continuing interest.

Tuesday, June 5, 2012

MF Global Managers Didn’t Listen



In many of the past frauds I've studied, it seems managers fail to learn from history. Even when they are forewarned, managers sometimes can't see the emerging problems that must be addressed if they are to be successful.

At MF Global, there was past history, forewarnings and still managers brought down a firm that had roots going back to the 1700s.

In February 2008, an MF Global trader, Evan Dooley, took a risky position in wheat futures and lost the firm $141 million.

In response to this matter, MF Global agreed it needed to improve its risk management, supervision and compliance programs. In August of 2008, MF Global established a Chief Risk Officer position to develop and implement risk policies.

In the spring of 2010, the Risk Department identified emerging risk areas and notified the Board of Directors. A follow-up report in October 2010 continued to alert the Board of gaps in MF Global’s risk policies.

As identified in the Report of the Trustee’s Investigation and Recommendations:
Similar concerns surfaced in internal audit reviews. A Corporate Governance internal audit issued in May 2010 identified MF Global’s risk policies as not congruent with the changes to its broker-dealer business. Among the specific gaps identified by Internal Audit was liquidity risk reporting. Similarly, an Internal Audit report on Market and Credit Risk Management in October 2010 identified “High Risk” areas arising from the lack of controls over risk reporting. The report also reiterated that market risk policies had not been updated to reflect the current operating environment. The report attributed the failures to remediate gaps to staffing and budget constraints. Thereafter, during 2011, Internal Audit expressed concern that the absence of reliable liquidity reporting tools and dependence on Ms. O’Brien’s [an assistant treasurer] comprehensive knowledge of liquidity issues might represent a “key man risk,” because the processes supporting the composition of the liquidity forecast were not documented and were mainly based on Ms. O’Brien’s expertise and experience.
Despite the Risk Department and the Internal Audit Department raising the red flags that should have caused management to stop and listen, managers continued to pursue a flawed strategy.

The result is a shortfall in segregated property available to return to customers. It currently amounts to $900 million in domestic accounts and $700 million related to trading by customers on foreign exchanges – or $1.6 billion according to the Trustee in the liquidation of MF Global!

The Trustee believes that claims for breach of fiduciary duty and negligence, may be asserted against Jon Corzine [CEO], Henri Steenkamp [CFO], and Edith O’Brien [Assistant Treasurer].

Getting managers to listen is a challenge – not listening though may result in future prison terms for some managers if subsequent investigations establish criminality.

You can read the Trustee's report at: http://dm.epiq11.com/MFG/Project



Monday, April 2, 2012

Do Auditors Present Useful Information?


On March 30, 2012, Groupon, Inc. filed the following statement with the Securities and Exchange Commission concerning its internal controls over financial reporting:

  • We did not maintain financial close process and procedures that were adequately designed, documented and executed to support the accurate and timely reporting of our financial results. As a result, we made a number of manual post-close adjustments necessary in order to prepare the financial statements included in this Form 10-K.
  • We did not maintain effective controls to provide reasonable assurance that accounts were complete and accurate and agreed to detailed support, and that account reconciliations were properly performed, reviewed and approved. While these activities should be performed in the ordinary course of our preparing our financial statements, we instead needed to undertake significant efforts to complete reconciliations and investigate items identified in those reconciliations during the course of our financial statement audit.
  • We did not have adequate policies and procedures in place to ensure the timely, effective review of estimates, assumptions and related reconciliations and analyses, including those related to customer refund reserves. As noted previously, our original estimate disclosed on February 8 of the reserve for customer refunds proved to be inadequate after we performed additional analysis.


Ernst and Young, Groupon's auditor, has consistently issued a clean audit opinion on the financial statements of Groupon – a company that recently went public. This company though, has struggled with properly recognizing revenue each year.

According to SEC filings, the Company has restated its previously issued Consolidated Statements of Operations for the years ended December 31, 2008, 2009 and 2010 to correct for an error in its presentation of revenue. The Company restated its reporting of revenues from Groupons to be net of the amounts related to merchant fees. Historically, the Company has reported the gross amounts billed to its subscribers as revenue.

The following tables summarize the corrections on each of the affected financial statement line items for each period presented (in thousands).



As Previously Reported Restatement Adjustment As Restated
For the year ended December 31, 2008                
Revenue   94     (89 )   5
Cost of revenue   89     (1 )   88
Marketing   163         163
Selling, general and administrative   1,474     (88 )   1,386
                 
For the year ended December 31, 2009                
Revenue   30,471     (15,931 )   14,540
Cost of revenue   19,542     (14,826 )   4,716
Marketing   4,548     505     5,053
Selling, general and administrative   7,458     (1,610 )   5,848
                 
For the year ended December 31, 2010                
Revenue   713,365   $ (400,424 )   312,941
Cost of revenue   433,411     (390,515 )   42,896
Marketing   263,202     27,367     290,569
Selling, general and administrative   233,913     (37,276 )   196,637












Is it appropriate for Ernst and Young to be issuing a clean opinion[1] on the financial statements with the caveats that Groupon management has publicly disclosed? 

While significant internal control weaknesses do not preclude a clean opinion on the financial statements, it seems to me, the auditing profession ought to get away from pro-forma opinions and offer an opinion that is more nuanced and offers the investing public greater insight into the financial activities of the company.

Ernst and Young cited the restatement in a Note to the financial statements, but never disclosed the control weaknesses management reported to the Securities and Exchange Commission.

Most people would have a hard time trying to piece together the puzzle of Groupon’s accounting practices.

Auditors need to start presenting more useful information to the public.


[1]In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of Groupon, Inc. at December 31, 2009 and 2010, and the consolidated results of its operations and its cash flows for each of the three years in the period ended December 31, 2010, in conformity with U.S. generally accepted accounting principles.

Sunday, March 11, 2012

Lack of Professional Skepticism Destroys Careers and Harms the Public


The auditing profession continues to struggle as its managers and employees make some decisions that are not appropriate or in the public interest. Too often, the interests of the company that hired the auditing firm continue to take precedence over the interests of shareholders, creditors and future investors.

According to Nicholas J. Mastracchio Jr., PhD, CPA,  an associate professor of accounting at the University at Albany, “The National Association of State Boards of Accountancy (NASBA) responded to the recent scandals by forming a task force to investigate the extent of education in protecting the public interest. The American Accounting Association (AAA) agreed to cosponsor a survey of educators on the issue of ethics education on campus. The following results were obtained:
  • 46% of the schools offered a separate course in ethics.
  • 68% of those offered the course in the school of business.
  • 18% offered the course in the accounting department.
  • 56% indicated that the course provided separate coverage for protecting the public interest.
  • Where offered, 51% stated it was a requirement for accounting majors.
  • Where offered, 45% stated it was a requirement for other business majors.
  • 90% indicated that protecting the public interest was covered in the auditing course.”

Despite these efforts, something is still going wrong too often.

In February 2012, the PCAOB levied a $2 million penalty against Ernst & Young LLP for the way it handled the audits of Medicis Pharmaceutical Corp. for three years through 2007. Medicis makes dermatological and aesthetic drugs, including acne treatment Solodyn as well as Dysport, which competes with Allergan Inc.'s Botox.

The PCAOB Chairman said, "These audit partners and Ernst & Young — the company's outside auditor for more than 20 years — failed to fulfill their bedrock responsibility, The auditor's job is to exercise professional skepticism in evaluating a public company's accounting and in conducting its audit to ensure that investors receive reliable information, which did not happen in this case."

In the settlement declaration prepared by the law firm Pomerantz, Haudek, Grossman & Gross LLP, is the following:

II. THE LITIGATION

Medicis’s Improper Accounting For Reserves

13. The Complaint alleges that Medicis’s business model was premised on its ability to stuff its wholesale channels with unneeded prescription drugs, which could be exchanged by customers once the product was near or at expiration.  This allowed the Company to manipulate its earnings – i.e., if the demand for its prescription drugs was too low for a given period, it could simply push unneeded inventory on to its wholesale customers which could be returned at a later date once the product expired – and Medicis could recognize the revenues immediately.

14. The express dictates of Statement of Financial Accounting Standards No. 48 (“SFAS 48”), however, presented a threat  to this business model, as it required Medicis to establish a reserve for all of the product stuffed in the channel that would be returned or replaced.  If anticipated returns had to be deducted immediately from revenues, there would be no benefit to be derived from channel stuffing and the Company would lose its key tool for manipulating revenues.  

15. Thus, the Company attempted an end run around SFAS 48, by exploiting an exclusion provided in footnote 3 of the provision, which states that “[e]xchanges by ultimate  customers of one item for another of the same kind, quality, and price (for example, one color or size for another) are not considered returns for purposes of this statement.” (emphasis added).  The Company’s customers, however, were not “ultimate customers.”  Indeed, Medicis’s customers were wholesalers that sold their product to retailers.  Thus, Medicis’s customer base did not support the application of footnote 3 to any of the Company’s sales.  

16. Furthermore, Medicis deemed unsalable, expired prescription drugs as the “same kind, quality, and price” as drugs  that were at least fifteen months from expiration.  As such, it treated its anticipated returns as “warranty exchanges,” which allowed it to reduce revenues by the much less substantial replacement costs.  Such a position was wholly untenable, especially in light of the fact that confidential witnesses attested to the fact that expired products returned by Medicis’s customers were destroyed by the Company—proof that Medicis understood they had no value, let alone value equivalent to salable products.  Yet, despite this accounting ploy, the Company consistently represented in its Class Period financial reports that “provisions for estimates for product returns . . . are established as a reduction of product sales revenues at the time such revenues are recognized,” indicating to investors that it was reserving for returns as a reduction from gross revenues—not replacement costs—in accordance with SFAS 48.  

17. The Complaint alleges that this accounting manipulation could not have occurred without the imprimatur of Medicis’s auditor, EY, which signed on to the Company’s annual financial reports as compliant with Generally Accepted Accounting Principles (“GAAP”) for each 10-K the Company filed during the Class Period.  

The PCAOB supports these allegations in its Order Making Findings and Imposing Sanctions document dated February 8, 2012:

C. Summary

7. This matter concerns Respondents' failures to properly evaluate a material component of Medicis's financial statements – its sales returns reserve.  Specifically, Respondents failed to comply with PCAOB auditing standards in evaluating Medicis's sales returns reserve estimate, including evaluating Medicis's practice of reserving for most of its estimated product returns at the cost of replacing the product ("replacement cost").  The audit evidence available to Respondents indicated that, at all relevant times, Statement of Financial Accounting Standards No. 48,  Revenue Recognition When a Right of Return Exists ("SFAS 48") applied to Medicis's product sales subject to a right of return due to expiration and required Medicis to reserve for all of those estimated returns at gross sales price.  Reserving for most of its estimated returns at replacement cost, rather than gross sales price, resulted in Medicis's reported sales returns reserve being materially understated and  its reported revenue being misstated.6/  Overall, Respondents' approach to evaluating Medicis's sales returns reserve methodology and estimate was inconsistent with their obligations to exercise professional skepticism as the Company's independent auditor [emphasis added].

The impact of these findings on people’s lives are reflected in the following sanctions from the PCAOB press release:

“In addition to the censure and fine of E&Y, the Board barred E&Y partner Jeffrey S. Anderson from associating with a PCAOB-registered accounting firm, with the right to petition to remove the bar after two years, and imposed a $50,000 civil money penalty against him. Anderson was the lead partner for the Dec. 31, 2005 and 2007 audits, and participated in the audit quality review and the consultation.

The Board barred former E&Y partner Robert H. Thibault from associating with a PCAOB-registered accounting firm, with the right to petition to remove the bar after one year, and imposed a $25,000 civil money penalty against him. Thibault was the independent review partner for the Dec. 31, 2005 and 2006 audits, and participated in the consultation in a National Office role as a member of E&Y's Professional Practice Group.

The Board censured E&Y partner Ronald Butler, Jr., and imposed a $25,000 civil money penalty against him. Butler was the second partner, supervised by Anderson, on the Dec. 31, 2005 audit, he led the Dec. 31, 2006 audit, and concurred with the consultation conclusion.

The Board also censured E&Y partner Thomas A. Christie, who was the second partner, supervised by Anderson, on the Dec. 31, 2007 audit.”

Somehow, we’ve got to do better!

Tuesday, January 3, 2012

COSO Issues Exposure Draft on Internal Control

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has issued its first update to the seminal 1992 guidance on internal control. 

I'd encourage you to review the exposure draft at:  http://www.ic.coso.org/pages/exposure-draft.aspx and to provide your comments to the Committee before the final version is issued.

COSO has retained the five components of control and has added 17 principles that support each of the components. The following chart shows the 17 principles: