Won't get fooled again, but they'll try

With a nod to Pete Townshend and The Who, many auditors have expressed their determination to not get fooled again after being deceived by creative fraudsters. One of the underlying questions in many of the cases I've profiled is: "What did the auditors do?" And over the years I've seen cases that run the gamut — from those in which an auditor failed to heed some obvious warning signs of fraud to cases in which anyone would be hard-pressed to criticize the auditor's efforts.

Included in the latter category are some very interesting cases in which fraudsters took some rather extensive actions to fool the auditors. Those efforts are the focus of this column more so than the nature of the fraud schemes. I'll use two recent cases to illustrate the lengths that crooks will go to trick auditors into issuing clean opinions on fraudulent financial statements.

KIT Digital

The first case involves KIT Digital, a company that most people have likely never heard of. The company provided software and services designed to help video content providers make their content accessible on the Internet and on Internet-enabled television. KIT Digital won't easily be mistaken for Enron, Olympus or any of the other large and well-publicized financial reporting fraud cases; the monetary impact of the KIT Digital fraud was much smaller. However, it provides one of the best lessons in terms of steps taken by fraudsters to fool auditors. (See the September 2015 complaint against KIT's former CEO and CFO.)

From 2008 to 2012, KIT engaged in a wide-ranging series of financial reporting fraud schemes. (The company declared bankruptcy in April 2013.) Although the fraudulent activity began in 2008, things really got interesting in the summer of 2010. On June 30 of that year, KIT delivered a proposal and draft purchase order to a client. These documents, which the client signed and returned on July 2, outlined a $1.5 million software sale to be deployed between August 2010 and April 2011, with payments over a 24-month period.

There was a problem, however. KIT soon realized it wanted to recognize the revenue in its June 30, 2010, financial statements, but the terms of the sale left a clear trail that would result in disallowance of the revenue for financial reporting purposes based on both the lack of delivery of any product or service by June 30 as well as the extended payment plan.

So, in mid-July KIT convinced its client to agree to a new purchase order that eliminated any reference to the phased software deployment (Trick No. 1) and sign a letter indicating that it would pay KIT in four quarterly installments by May 31, 2011 (Trick No. 2).

Perfect, right? Except for that "delivery by June 30" part. In August 2010 KIT sent an email to the client complaining of a "swarm of auditors" who were requesting confirmation that the software license was delivered in June. Those pesky auditors! To help convince the client that this would be okay, KIT told them "no signatures needed" since all they would have to do is "respond with ‘Yes' " to an email confirmation. A few days later, the client complied by confirming to the auditors that the software was delivered on June 22, 2010 (Trick No. 3).

Things were going well for the fraudsters until April 2011, when their auditors informed them that the client had recently indicated in another audit confirmation that the software still hadn't been delivered. KIT responded in May 2011 by directing the auditors to the client's website, noting that the service had been live since June 2010 and that what they were viewing on the website was only possible through the delivery of the software. In fact, the video service they were looking at on the client's website was actually running on old software that KIT's product was supposed to replace (Trick No. 4).

The final hurdle for the fraudsters was the client's pending final payment, which was due in May 2011. In reality, since no software had yet been delivered, the client hadn't paid anything to KIT. This wasn't a problem for these creative crooks. In June 2011 KIT prepared a $1.5 million "loan" agreement between the client and a British Virgin Islands (BVI) entity. In this scheme, the BVI entity would send the funds directly to KIT via an escrow agent located in Dubai. The client wasn't required to "repay" the loan until KIT delivered the software, so they went along with the plan.

On Aug. 4, 2011, the escrow agent delivered the $1.5 million to KIT, and KIT recorded it as a payment against the receivable due from the client without ever disclosing to the auditors the true nature of this payment or the existence of the loan agreement (Trick No. 5). And KIT was never able to deliver a properly developed version of the software to the client.

But there's more. KIT also had problems collecting receivables from other clients. (The complaint doesn't specify whether these sales were legitimate, but given the preceding tale, I have my doubts.) So in late 2011 KIT hatched a round-tripping plan to make it look as though it was collecting these receivables. In a round-tripping scheme a company uses its own money to make it appear that a customer has paid them for something. (For more on round-tripping, see my column in the May/June 2015 issue of Fraud Magazine.)

In mid-December 2011 KIT wired $8 million to an escrow agent in Cyprus. KIT was acquiring another company, Sezmi Corp, at the time. In early January 2012, KIT announced that it had acquired Sezmi for $11 million in KIT stock, assumption of liabilities and cash of (you'll never guess) — $8 million. The $8 million cash consideration was included in the acquisition agreement KIT provided to the auditors. What it didn't show to the auditors was a separate letter agreement whereby Sezmi agreed that the $8 million was earmarked for KIT's "post-acquisition integration costs" so that Sezmi had no claim to these funds (Trick No. 6).

This created an off-book slush fund for KIT, all accounted for on KIT's financial statements as goodwill attributable to the Sezmi acquisition. Most of the $8 million came right back to KIT improperly recorded as payments against unpaid accounts receivable from customers.

Amazingly, KIT committed other frauds, including more schemes involving auditor deception. But half a dozen tricks is enough for one case, so let's turn our attention to another: a fraud with lessons that extend beyond auditor deception.

OCZ Technology Group

OCZ Technology Group has at least two things in common with KIT Digital — both cooked their books, and both are now bankrupt. In OCZ's case, its former CEO, Ryan Petersen, orchestrated almost all the fraud. He concealed some of the fraud not only from the auditors but from OCZ's finance department. (See the October 2015 SEC complaint.)

Petersen aimed the first part of the scheme at improving OCZ's top line revenues and its gross margins — both key figures in valuing the company for a possible sale. He accomplished this by providing customers with substantial discounts disguised as marketing expenses.

The accounting rules are pretty clear on this issue: If a payment made to a customer is to qualify as an expense rather than as a reduction (discount) in revenue, it must result from a transaction through which the company receives an identifiable benefit from a customer that's separate from a sale transaction (i.e. the company could've obtained the service from another party) and fair value of the benefit can be estimated. Either way, there's no effect on net income. But by shifting a sales discount to an operating expense, both sales and gross profit are inflated.

And that's exactly what CEO Petersen did. In one email to a vice president, he stated "we must find a way to report nasty high margins" and in another he asked "… what other creative margin enhancements can we make?" Petersen introduced a "customer based program" (CBP), which amounted to nothing more than a sales discount with a name that might help to trick an auditor. These credits posted to customer accounts were purportedly for marketing programs; but the customer never provided any marketing services (or anything else of value) to OCZ.

In one case, after Petersen agreed with a customer on a price of $52 per unit, he requested that the purchase order state $60 with the $8 difference coming back to the customer as a CBP. Petersen even scolded OCZ employees who (accurately) referred to customer discounts as "rebates" ("… you can never say that word ever!" according to an email he sent) or anything else that the accounting rules would require to be treated as revenue reductions rather than operating expenses.

To conceal the nature of these CBPs from the auditors, Petersen told employees that they must express these discounts in round-dollar amounts (even though the company often negotiated them as more precise percentages of sales transactions) and to alter the dates on CBPs so they wouldn't coincide exactly with a sales transaction.

Like a lengthy dinner, this case didn't stop with a single course. For the second course, Petersen engaged in "channel stuffing" OCZ's largest customer: shipping more products than the customer wanted or could ever reasonably sell. Channel stuffing isn't inherently fraudulent. However, if the substance of the transaction fails to meet the accounting criteria for revenue recognition and the entity records the revenue anyway, fraudulent financial reporting results. And that's what happened in the OCZ case.

In addition to providing the customer with substantial CBPs, Petersen made subsequent adjustments to the prices of previously sold goods to convince the customer to take on even more product, knowing that OCZ likely wouldn't be able to collect on these new sales based on the rate at which the customer was selling the products.

The customer noted in an email to Petersen that it had agreed to "payment after sellout," which suggested a consignment arrangement — yet another characteristic that would preclude revenue recognition. The customer sent numerous additional messages complaining of having too much OCZ inventory in stock.

For the third and final course, Petersen concealed product returns (from a different customer) after he failed in his efforts to convince the customer not to return the products. This Chinese customer returned $1 million worth of products to an OCZ warehouse located in Taiwan. Petersen initially instructed an employee not to process the return. Later, Petersen arranged for a truck to pick up the products from the Taiwan warehouse so the inventory would appear to still be in the customer's possession.

In an even bigger example, Petersen hid a distributor's $3.5 million return even from the OCZ finance department. Petersen authorized the return but arranged for the inventory to be stored in a warehouse controlled by the freight company that picked it up. Petersen then told his finance department that he'd rejected the customer's request to return the product.

Perfect fraud recipe

Fraudsters can significantly challenge auditors when they go to such astonishing lengths to conceal their crimes. However, even more alarming are individuals who seemingly have nothing to gain but nevertheless sometimes cooperate with fraudsters. For example, investigators apparently didn't find any indications that the KIT customer who provided such valuable assistance in deceiving the auditor received any special reward for its efforts. Likewise, the OCZ employees who followed the CEO's directions appeared to have known — or so it seems from the evidence presented in the complaint — that what they were doing was wrong.

Combine crooked ringleaders intent on concealing their crimes with customers and employees who — whether they're aware of it or not — provide assistance, and the result is a perfect recipe for hiding fraud from auditors.

I'm always looking for recent cases and news involving alleged financial reporting fraud around the globe. Email me your links, news or information on public reports of alleged fraud.

Regent Emeritus Gerry Zack, CFE, CPA, CIA, is a managing director in the Global Forensics practice of BDO Consulting, at which he provides fraud risk advisory and investigation services. He's an ACFE faculty member and was also the 2015 chair of the ACFE Board of Regents. His email address is: gzack@bdo.com.