This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Clamping Down on Potential Revenue Recognition Fraud

Published on: Jul 09, 2018

The additional professional judgment required by the new revenue recognition standard could expose companies to an increased level of fraud given the inherent opportunity for bias created by a principles-based framework.

The new standard moves companies away from a rules-based framework to a more principles-based approach as it relates to the way they report financial information. In some cases, that could increase exposure to fraud or noncompliance during the transitional period, as well as the first few years after adoption.

However, while the introduction of additional judgments and estimates may provide greater opportunity for fraud, the additional disclosures required by the standard theoretically would make it more difficult for the fraudsters to cover their tracks when justifying certain financial reporting practices.

A Look at the New Standard

In May of 2014, the Financial Accounting Standards Board and the International Accounting Standards Board concluded a joint project which resulted in an update to the standard that deals with when and how revenue is recognized. Public companies were required to implement the new revenue recognition standard into their annual reporting beginning December 15, 2017. Non-public companies, including non-profit organizations, have an extra year to do the same.

The new standard includes a core principle, which states that an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services.

The new revenue recognition standard can be summarized in the following five steps.

The standard also calls for increased disclosures, affording companies the opportunity to provide financial statements users with comprehensive information about the nature, amount, timing, and uncertainty of revenue and cash flows arising from contracts with customers. Additionally, the new standard requires a company to provide quantitative and qualitative information about assets recognized from the costs to obtain or fulfill a contract with a customer.

Detecting Fraud Risk

Clamping Down on Potential Revenue Recognition Fraud - CFO Journal. - WSJ For years, revenue recognition fraud has been a focus of U.S. regulators, due in large part to revenue being a primary category that affects an entity’s financial position and results of operations. In addition, there may be an incentive for management to inflate revenue given bonus payouts are often determined by these metrics. The manipulation of revenue could result in a misstatement of an entity’s EBITDA* and other profitability ratios, which investors and the public rely on when making investment decisions. Reliance on fraudulent information could eventually misstate the share price.

A study by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) of 347 financial statement fraud cases found that improper revenue recognition schemes accounted for 61 percent of fraudulent financial reporting occurrences investigated by the SEC. Common instances of revenue recognition schemes include:Clamping Down on Potential Revenue Recognition Fraud - CFO Journal. - WSJ

  • Improper cut-offs: Holding the books open beyond the end of an accounting period to record end-of-period sales or “stealing sales” from later periods;
  • Bill and hold arrangements: Certain sales agreements that allow goods to be sold but not shipped to a customer and are “held” in a company or a third party’s warehouse;
  • Sham related-party transactions: Recording intercompany transactions as external sales, and sales of assets from one related party to another;
  • Fictitious sales: Shipment of product to a non-existent customer, sales recorded based solely on purchase orders, sales recorded for canceled, or duplicate orders;
  • Round tripping: Sale of product with an agreement to repurchase, recording transactions that occur between two companies for which there is no economic benefit to either company;
  • Channel stuffing: Offering distributors or other third parties short-term discounts incentivizing them to overbuy, inducing customers to order more goods than they normally would through offers of discounts and other incentives;
  • Side agreements: Agreements created outside of the normal and proper recording channels); and
  • Early delivery of product/recognizing revenue prior to “earning” or “realizing” the value: Engaging in soft sales, recognizing full amount of revenue on contracts where services are due, recognizing full amount of revenue on fees collected up front instead of deferring or amortizing.

Clamping Down on Potential Revenue Recognition Fraud - CFO Journal. - WSJ According to the COSO study, the two most common schemes identified were related to fictitious sales or revenue and timing issues, which together accounted for 83 percent of the revenue recognition schemes investigated by the SEC. The reporting of fictitious revenue or recognizing revenue at an improper time may affect more than one financial element, statement, and/or period.

While companies have been anticipating and preparing for the new revenue recognition standard, fraud risks may not become evident until companies review the details of how the guidance will apply to their transactions.

Steps to Address Fraud Risks

There are some actions companies should consider as a proactive approach to managing fraud risks. One consideration is to form an internal triad defense team consisting of legal/compliance, finance, and internal audit who can collaborate and coordinate efforts to address fraud prevention and detection. Further, companies may want to consider a governance structure with roles and responsibilities clearly defined as to who will be responsible for overseeing the initial implementation and ongoing financial reporting requirements.

It is also important that relevant personnel be educated on the new revenue recognition standard, associated fraud risks, and the control framework for assessing and mitigating these risks. In the event a historical issue is uncovered during the standard’s implementation phase, personnel need to know how to escalate the issue within the company. This could result in an investigation, remediation, or restatement.

Clamping Down on Potential Revenue Recognition Fraud - CFO Journal. - WSJ According to the COSO study, the two most common schemes identified were related to fictitious sales or revenue and timing issues, which together accounted for 83 percent of the revenue recognition schemes investigated by the SEC. The reporting of fictitious revenue or recognizing revenue at an improper time may affect more than one financial element, statement, and/or period.

While companies have been anticipating and preparing for the new revenue recognition standard, fraud risks may not become evident until companies review the details of how the guidance will apply to their transactions.

Steps to Address Fraud Risks

There are some actions companies should consider as a proactive approach to managing fraud risks. One consideration is to form an internal triad defense team consisting of legal/compliance, finance, and internal audit who can collaborate and coordinate efforts to address fraud prevention and detection. Further, companies may want to consider a governance structure with roles and responsibilities clearly defined as to who will be responsible for overseeing the initial implementation and ongoing financial reporting requirements.

It is also important that relevant personnel be educated on the new revenue recognition standard, associated fraud risks, and the control framework for assessing and mitigating these risks. In the event a historical issue is uncovered during the standard’s implementation phase, personnel need to know how to escalate the issue within the company. This could result in an investigation, remediation, or restatement.

Clamping Down on Potential Revenue Recognition Fraud - CFO Journal. - WSJ Also, a mechanism for employees or third parties to report suspected or actual misconduct or violations of a company’s policies on a confidential basis and without fear of retaliation should be in place. Most frauds are identified through hotlines or tips. In the instance a fraud occurs, a company should have policies and procedures in place to perform timely and effective investigations. An investigations manual detailing how investigations are to be conducted, documented, reported, and remediated can be beneficial in supporting consistency in this process.

Questions for Management to Consider

The legal/compliance, finance, and internal audit functions often are able to support fraud prevention and management efforts, and this cross-functional view can help companies make decisions about whether they have the infrastructure in place to effectively manage fraud risks.

Some questions for management to consider include:Clamping Down on Potential Revenue Recognition Fraud - CFO Journal. - WSJ

  • Are there existing personnel with the requisite skillsets and bandwidth to identify potential fraud risks and proactively monitor and advance data analytics?
  • Does the company have the necessary technological capabilities to identify potential control exceptions or data outliers?
  • If exceptions or outliers are identified, is there a protocol in place for these to be escalated and addressed?
  • What types of reporting requirements will result from such findings? Who are the stakeholders who should be involved? How will any issues be remediated?

It’s natural for many companies to feel they have an existing control infrastructure that will allow them to manage these risks proactively, but as often is the case, revenue recognition can be fertile area for fraud based on the incentive, opportunity, and rationale that may be present when applying the standard.

Article originally published in the Deloitte portal of the Wall Street Journal’s website.

— Produced by Anthony Campanelli, partner, and Nicholas Florio, principal, both with Deloitte Risk and Financial Advisory, Deloitte & Touche LLP.

*Earnings before interest, taxes, depreciation, and amortization

 

 

 

 

 

Webcast Image

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.