Accounting Fraud on the Rise
In November, PwC published a new report entitled The Global Economic Crime Survey: Economic Crime in a Downturn. Of 3,000 senior executives survey across 54 countries, 62% reported their organizations suffered a decline in revenues in the past year, and 40% reported the risk of economic crime has risen due to the recession. Given this 60-40 split, they expected organizations with increasing revenues would be immune to the increase in economic crime. However, this was not the case. To this end, economic crime remains a pervasive risk in today’s business environment where increasing pressures to perform, increased opportunities to commit fraud, and people’s attitude are skewed by survival instinct and personal motivation.
Spreadsheets & Fraud – The Perfect Storm?
One of the key findings from the survey is the sharp rise in accounting fraud, which contributed 38% of reported cases, which PwC claims is linked to the economic downturn. If we then link this trend with the ubiquity of spreadsheets used in financial and management reporting, we have the “perfect storm” conditions for fraud to occur. Spreadsheets, PC databases and other types of end-user computing applications (EUCs) are used to support many key financial and operational processes, including (but not limited to) journal entries, account reconciliations, tracking and executing trades, revenue recognition, 401k contributions, executive compensation, actuarial processes, underwriting, budgeting, forecasting, and consolidation. Organizations are at risk and exposed when these mission critical spreadsheets are unmonitored and lack the proper IT controls such as change control, versioning, security and access control, segregation of duties, testing and validation, etc.
Is Your Organization at Risk?
So how do you know if your organization is at risk of spreadsheet accounting fraud? Clearly an assessment is needed which typically requires (at a minimum) performing an inventory and risk assessment of a sampling of key spreadsheets. This process can take several weeks or months to complete via manual means, but it can be accelerated by using Spreadsheet Management & Control software, domain expertise, and best practices from Prodiance. To read more about spreadsheets and fraud, I encourage readers to download my latest white paper entitled Fraud Detection & Prevention for Mission Critical Spreadsheets. For more details from the 2009 PwC Global Economic Crime Survey, you may download the full report here.
Your comments and thoughts?
In 2006, a leading US energy provider performed an audit of spreadsheets and end-user computing applications and recognized the need to establish tighter IT controls. Many key spreadsheets used within finance and accounting operations were used in financial, regulatory and management reporting, and were considered in-scope for SOX 404 compliance. At the time, SOX testing for spreadsheets was a manual process evaluating access controls and security, documentation, change management and formula and link verification.
Prodiance ESM provided pervasive monitoring (24×7x365) of all changes to critical spreadsheets and automated change control through cell level audit trails and versioning. Prodiance Spreadsheet Compare was utilized by business analysts to compare changes between spreadsheet versions in a side-by-side fashion to help speed review and approval cycles. Prodiance Spreadsheet IQ provided automated spreadsheet diagnostics to help internal auditors accelerate spreadsheet error checking and the evaluation of links.
In a recent 
Eric Perry