The collapse of Equity Funding had a far-reaching influence on business practices and institutions. Although it happened over 30 years ago, the lessons from Equity Funding are still meaningful and constructive nowadays. Auditors of Equity Funding failed to collect sufficient evidence, check internal control and substantiate computer system.
The audit premise—– understanding internal control system AUS 402.41 requires the auditor to obtain an understanding of internal control relevant to the audit. The effective internal control can provide “protection against human errors and reduce errors or irregularities’ (Leung et al, 2007), as well as provide reasonable assurance to auditors for relying on internal control to audit under limit of economic fee. In order to support an opinion on the financial statement, auditors need a sufficient knowledge of internal control, which includes design of policies and procedures of internal control, and then determine whether they are in operation in assessing audit risk and making audit plans. (Leung et al, 2007).
The internal control procedures can be eroded and invalidated resting with management override and collusion. As to EFCA, a considerable amount of personnel involved in collusion. This should have been detected by auditors if they assessed the control environment of the company, including the ethics and integrity of management and employees, and checked whether segregation of duties was carried out.
Unfortunately, the auditors of EFCA poorly understood the internal control procedures in EFCA, especially its computerized accounting system (Lee and Marc, 2002). There were glaring inconsistencies and irregularities in the inter-company accounts of EFCA and its subsidiaries. The auditors should have detected the lack of internal control if they reconcile the parent’s account with subsidiary’s accounts; and the computer fraud would not be hidden long had they kept update their technological skills and observed or gone through the data running process to make sure data are reliable.
Once the internal control system isn’t fully understood, the preliminary assessment of control risk is problematic. It was unpractical for auditors to make a judgment on control risk and design an appropriate audit strategy. The wrong judgment on control system and audit strategy may be the direct reason of failure of auditing in EFCA. The auditors wrongly trusted the effectiveness of control systems and relied on management. One of example was Haskins and Sells, the auditors of EFLIC, who total relied upon print-outs and similar data produced by EFLIC’s computer (Lee et al, 2002).
In addition, the auditors also failed to test the effectiveness of the design an operation of internal control according to their judgment on control risk. The mainly test procedures base on audit evidence collection. ASA 330 requires the lower assessment of control risks, the more support the auditor should obtain. However, the auditors failed to obtain sufficient and competent evidence to support their judgment, which will be discussed in next section.
The audit basis—-audit evidence collection
ASA 500.5 (ISA 500.2) requires that auditors collect and evaluate “sufficient and competent evidential matter” in the formation of an opinion on financial statements.
In areas where auditors find suspicious or involving material issues, they should collect more audit evidence. The cash-flow figures are hard to manipulate as auditors can check it by contrasting it with bank statements. However, as there are usually so many items in under assets, it the area the auditor should focus on and collect certain evidence. Like the account receivable in EF, a “25 million’s increase in California subsidiary’s account receivable” was cooked to solve the cash shortage problem. Had the auditors reconciled financial reports with legers and original document and re-performed a variety of calculations, such as totaling the accounts receivable subsidiaries, it is not hard to discover the inconsistency between parent and subsidiary account.
External evidence is generally more reliable than internal generated evidences due to its independent source. As to Equity Funding, such evidence could have been sought from affiliated companies and independent third parties like policyholders (Dean and Wolnizer, 1978). Unfortunately, the most criticisms on auditors of EFCA are that they failed to collect sufficient and competent external evidence to support their judgment on effectiveness of control system and highly rely on management representation. The auditors tried to send out policy confirmations to a sample of policyholders, while the letter was not sent by auditors but the officers of EFCA. They then filled out the forms for the fictitious policyholders (Dean and Wolnizer, 1978). Had the auditors collect sufficient external evidence, the fraud can be detected in early stage.
Once the audit evidence is not sufficient to support the judgment on internal control and assessment on audit risks, the audit procedures and audit strategy built on those would be invalid and problematic. Consequently, the auditors would not be able to draw a correct opinion on truth and fairness of financial statements.
Biggest characteristic of EFCA fraud—–The eroded of computerized systems One of the most common forms of computer crime is data diddling. And one of the classic data diddling frauds was the Equity Funding case (M. E. Kabay, 2002). EFCA lacked the assertion of inherent risk and internal control on computerized systems. Sound controls over a computerized system should include general controls and application controls (Gay and Simnett, 2005).
In case of general controls in EFCA, as the frauds were collusive by the management and employees either actively or passively, there were almost no internal controls throughout the company. For example, segregation of duties means the separation of incompatible functions within the IT department. However in EFCA, The director had instructed a programmer to write a computer program to create fictitious policies, and then the phony policies holders were “killing off” by the programmer without producing a pattern of “deaths” that would arouse the reinsurers’ suspicions (Lee et al, 2002). In this way, the incompatible functions were combined, leading to an easier way for fraud eventually.
As to application controls, it consist of user controls and IT controls. The IT staffs should implement input controls through implementing control totals, key verification and key entry validation. EFCA obviously did not, or at best weak, implement these input controls, as the data inputted were combined with real and fictitious information. Furthermore, output controls, outputs should be proper, reasonable and only accessible to authorized users. As a computer program had been used in EFCA, auditors seem did not have enough knowledge on this highly technical and rapidly expanding subject. The specialists should be required to help the auditors generate the evidences instead of using evidences given by EFCA. Alternatively, they should decline such an engagement because they do not possess the skills necessary to adequately complete the job.
The implications for auditors are obvious. Though it is the management’s duty to enforce satisfactory internal controls, however, AUS 402.41 requires the auditor to obtain an understanding of internal control relevant to the audit. Auditors should discharge their duties reasonably with professional skills and cares, noting the doubtful points which may indicate the risk of frauds, as such, the fraud in Equity Funding would not have been last for such a long time.
Auditors’ poor understanding of internal control in EFCA and failure to obtain sufficient and competent evidence to test and support their judgment were the key reasons of fraud in EFCA in auditor side. Computerized system played a critical part in control systems. The lack of knowledge and technology skills on this system deteriorated the ability of auditors in discharging their obligations.
1. Leung, Coram and Cooper (2007) Modern Auditing & Assurance Services, 3rd Edition 2. Lee, J S. Fredrick, A. Marc, J E. 2002, [Book Chapter] The Equity Funding Papers. DOI 10.glsnp736/5028 3. Robert M. Loeffler, 1974, Trustee Report of the Trustee of Equity Funding Corporation of America Pursuant to Section 167(3) of the Bankruptcy Act (11 U.S. C. §567(3)) 4.
http://home.nycap.rr.com/dhancox/articles/equity.htm, “Equity Funding: Could it happen again” (accessed 29/09/2007) 5. G. Gay and R. Simnett, 2005, Auditing and Assurance Services in Australia, McGraw Hill 6. G W Dean, P W Wolnizer March 1978, The Securities Fraud of the Century ,The Chartered Accountant, The Chartered Accountant ,DOI 10.glsnp763/5003 7. U.S. Securities and Exchange Commission 2002, Study Pursuant to Section 108(d) of the Sarbanes-Oxley Act of 2002 on the Adoption by the United States Financial Reporting System of a Principles-Based Accounting System, DOI 10.glsnp266/2584 8. AUS210
http://esvc000777.wic023u.serverweb.com/docs/AUS_210.pdf#search=%22AUS%20210%22 (accessed 29/09/2007) 9. Ray Dirks and the Equity Funding Scandal
10. (accessed 29/09/2007)
11. The Woman CPA, July 1976, Page 11, “Equity Funding: The Profession Reacts”