Financial statement fraud impacts any person or organization that has a financial interest in the success or failure of a company. A manipulation of the company’s reported earnings or assets can affect a bank that extends credit to the company, a shareholder who invests money in the company, and those organizations that enter into contracts or agreements with the company.

The manipulation of financial statements also affects employees. It has the power to put employees out of work once the fraud is exposed or collapses. It also has the power to enrich employees – mostly those involved in the fraud, but potentially those who are not. Good financial results (actual or fabricated) can be linked to promotions, raises, enhanced benefit packages, bonuses, and the value of stock option awards.

Recently I wrote about an internal investigation I did for a company which received a whistleblower complaint, sent to executives, the board of directors, and the Securities and Exchange Commission. Upon receiving notification that allegations of fraud were being made by a former employee, management immediately started evaluating the claims. The board of directors began planning for an independent investigation.

This was the right thing to do, particularly as the SEC’s whistleblower program gives a 120 day window of time for companies to react to internal allegations of securities fraud. If someone reports allegations to a company, 120 days pass, and then the informant goes to the SEC, the SEC will consider the person making the report to be a whistleblower eligible for a bounty.

In July, critics attacked Groupon (GRPN) and it use of a made-up accounting measure management called Adjusted CSOI. I suggested that the company made up the measure to exclude many of the company’s expenses to make the company look more successful.

There was more to the story, however, as the Grumpy Old Accountants revealed Generally Accepted Accounting Principles (GAAP) violations in reporting revenue. Essentially, Groupon was recording more than twice the amount of revenue it should have been reporting under GAAP. The Grumpies explained:

The big buzz this week is an article in Rolling Stone regarding the SEC’s policy of destroying documents related to Matters Under Investigation (MUIs) which do not result in any agency action being taken.

At first blush, it may appear to be some sort of cover up, and that’s exactly what Rolling Stone writer Matt Taibbi wants you to think. Under further scrutiny, however, it appears that nothing improper is being done. All smoke, and no fire.

Where can employees, outside consultants, and board members look for evidence of override of internal controls? This isn’t a simple list of numbers or documents that must be checked off. Instead, looking for improper override of controls requires looking for red flags that point to something being amiss.

It’s clear that there is a time and place for management to occasionally override a control. Everything in business is not routine, and there are times when special situations require special treatment. It would be silly to prohibit management from ever overriding the policies and procedures that are in place. There has to be guidance in place to direct employees when they may consider overriding controls.

However, it’s important to recognize that the override of controls should be the exception rather than the rule. Employees should be able to circumvent the system only on an infrequent basis, and these instances must be actively monitored to determine if the override process is being abused.

Some companies think they are protected against employee fraud because they have strong internal controls. Often, that’s the case. Good controls mean the rules are followed and the money is properly accounted for.

Sometimes, however, good controls are meaningless. What about the controls over the controls? All the rules and designated procedures in the world are meaningless if management has the ability to override them at will. When these overrides go unchecked, the company is often no better off than if they didn’t have any controls in place.

Indeed, the risk that management will override controls established to prevent fraud and ensure accurate financial statements is great. It is a constant risk as executives are in a position to manipulate numbers and direct employees to aid the manipulation. They can easily fabricate transactions or modify numbers to craft the financial statements to report whatever their hearts desire.

The Dodd-Frank Wall Street Reform and Consumer Protection Act, enacted on July 21, 2010, established a whistleblower incentive program requiring the Securities and Exchange commission to provide monetary awards to whistleblowers who come forward with information about the violation of federal securities laws, including violations of the Foreign Corrupt Practices Act (FCPA). The Act also prohibits employers from retaliating against those who provide information about securities violations.

The reward for providing information that leads to a successful enforcement action by the SEC which results in monetary sanctions over $1,000,000 can be 10% to 30% of the penalty paid.

In cases of corporate fraud, including embezzlement, financial statement fraud, earnings management, bribery, and the like, it’s easy to blame the auditors. After all, they have very deep pockets, often with large malpractice policies.

Even though the task of auditors is usually well-defined and agreed-to by shareholders, management, and the board of directors, it doesn’t seem to matter to them that the financial statement auditors aren’t responsible to find fraud during their audits. People quickly forget that the auditors disclaim responsibility for finding fraud multiple times before, during, and after the audits, and that management is ultimately responsible for preventing and detecting fraud in their own companies.

Last week Navistar sued their former auditors, Deloitte & Touche, for fraud, fraudulent concealment, breach of contract, and malpractice.  The lawyers say Deloitte lied about its competency in performing audits, and the company ultimately restated its financial statements for 2002 through 2005.  Whose fault is it that Navistar overstated its pre-tax income by $137 during those years? According to them, Deloitte.

In February, I wrote about China MediaExpress Holdings Inc. (NASDAQ:CCME) and several fraud allegations that had surfaced via researchers at Muddy Waters and Citron Research. After looking at the allegations and the support (or lack thereof), my conclusion was that there was something wrong at the company. I wrote that even if some of the allegations were false or exaggerated, there were just too many unanswered questions and too many red flags of fraud.

I was attacked here by supporters of CCME. No bit of logic or common sense could sway the fans. Their arguments did not hold water. The main arguments were that I hadn’t done any due diligence on CCME (I had only looked at the work of several others), that auditors from Deloitte Touche Tohmatsu had verified the numbers (At least someone out there knows how unreliable audits are when it comes to fraud, though.), that due diligence was performed by Global Hunter Securities, and that Hank Greenberg’s Starr Investments put many millions into CCME. Surely all of these things meant that the company and its reported revenues and profits were legitimate?