Anti-fraud professionals play a significant role in financial reporting, but so do other employees and stakeholders in organizations. This leads to the question of who does what, who foots the bill for the financial reporting process and how can the process be streamlined? Chris Ekimoff, CFE, CPA, MBA took a closer look in his presentation at the 36th Annual ACFE Global Fraud Conference, “Mitigating Financial Statement Fraud Risk: Who Bears the Cost?” 

The ACFE Fraud Tree divides fraud under three different umbrellas: asset misappropriation, corruption and financial statement fraud. For his presentation, Ekimoff focused on that last umbrella, financial statement fraud, and the stakeholders in the process. He started by going back in time, all the way back to the days of Cain and Abel. 

“Centuries ago, as soon as humans were around,” said Ekimoff. “We started defrauding each other.” 

Ekimoff continued through the days when stock certificates came about, when there was a lack of financial reporting standards and then when some financial reporting requirements finally went into place. He continued on through the advent of the Ponzi scheme, the 1929 Stock Market Crash, 1987’s Black Monday, the Dotcom Bubble in 2000, the 2008 financial crisis and more. 

“In the course of human history, we've only been keeping track of things here in the U.S., using a third party for less than 100 years, which to many of us seems like a very long time,” said Ekimoff. “But in terms of how we've done business together, it's been built a lot more on interpersonal relationships and trust than it has been on the veracity of a third party.” 

Financial Reporting Participants and Fraud Risk 

Ekimoff referred to the Institute of Internal Auditors’ (IIA) Three Lines Model as a good starting point for answering this question: What is expected of an auditor? 

• Management consists of first line and second line roles: 

  • First line roles: The people who are out selling, delivering, producing and managing the tactical ideas of the business. 

  • Second line roles: Corporate management of businesses. 

• Internal audit consists of third line roles, which is an independent group apart from the operations and management:  

  • Third line roles: Make sure the organization is following policies and procedures. 

• The governing body consists of a Board of Directors and external auditor — basically stakeholders on the outside. 

Ekimoff presented a different model that he believes covers the process better. The model includes all parts of the Three Lines Model but also adds audit regulators and the market as a whole, including specific public company investors. 

With the process Ekimoff presented, there are four groups: 

1. The company. 

2. The regulators. 

3. The auditors. 

4. The investors. 

When thinking about who bears costs, Ekimoff shows that it varies, but the company and investors usually take up a majority in most cases. 

“As we all know, accidents happen. People are empowered in a way that maybe incentivizes them to perform some type of fraud. Those things are not going away,” said Ekimoff. “But in that environment, there's a lot of opportunity to consider how we are spending our time and effort to control that mix of costs between company, auditor, regulator and investor.