Corporate fraud: Just how prevalent is it?

On October 22, 2001, Enron acknowledged an inquiry by the Securities and Exchange Commission (SEC) concerning possible conflicts of interest in various partnerships. Things went downhill very quickly: On December 2nd, Enron declared bankruptcy, and one month later, a criminal investigation into its accounting practices began. Former executives Kenneth Lay and Jeffrey Skilling were eventually convicted of conspiracy to commit securities and wire fraud. The verdict put the blame for the demise of what was once the nation's seventh-largest company squarely on its top two executives.

But who was supposed to be keeping an eye on Enron’s books throughout this period? Arthur Andersen (AA). In addition to Enron, AA was the auditor of record for roughly one-fifth of all large publicly-traded firms at the time. To the surprise of no one, its own demise was swift: details of its questionable accounting practices for Enron (and soon after, telecom giant Worldcom) were revealed and in August of 2002, AA collapsed.

Naturally, an extreme cloud of suspicion would surround former AA clients. What might they getting away with? Auditing firms who took  on these clients had strong incentives to uncover any fraud being committed—and these incentives were shared by many, including bystanders, the media and investors worldwide. All told, this period in business history provided an ideal scenario for us to analyze the prevalence of corporate fraud. In this article I will share our key findings.

Also read: Corporate Governance: Will the real independent directors please stand up?

Our Research

Established legal practice requires the presence of three elements to label an act of misconduct fraud: misrepresentation, materiality and intent. We used eight fraud measures, including Messod Beneish’s probability-of-manipulation score (ProbM Score) and P.M. Dechow’s fraud score (F Score). Other measures included:

Auditor-exposed financial misrepresentation. To detect this we started with the Securities and Exchange Commission’s dataset of class actions suits. To ensure comprehensiveness, the DMZ dataset focuses on large firms (those with over US$750 million in assets) so that a potential payoff from a suit would be sufficiently attractive to mobilize monitoring by legal actors.

Financial misrepresentation that led to enforcement by the SEC. Since 1982, the SEC has issued Accounting and Auditing Enforcement Releases (AAERs) during or at the conclusion of an investigation against a company, an auditor or an officer for alleged accounting or auditing misconduct.

Restatements of financial results. To obtain this information we started from the most widely employed data on restatements: the Audit Analytics database. We then use the Audit Analytics classification to separate clerical errors from intentional implementation of misstatements.

SEC securities fraud cases. While all these cases arise from some material misstatements or omissions in providing material information, they also include non-auditing-related misrepresentations.

The data for our research were monthly and spanned from 1997 (four years pre-Enron) to 2005 (four years post-Enron.) The experiment included 353 AA clients in the pre-period who survived at least one year in the post-period, and 2,404 non-AA client firms. We defined a company as having AA as an auditor if AA had signed a financial report anytime in the calendar year 2001, irrespective of the firm’s fiscal year. All companies without AA as auditor during this period were ‘non-AA clients’. We considered that a fraud was revealed during the detection period if the fraud started before the watershed date of November 30, 2001, and came to light between the watershed date and the end of 2003 (the detection period).

The number of detected fraud events we found depended on the measure: We found 168 restatements, 63 SCACs, 59 AAERs and 21 cases of auditor-detected fraud. Despite the different measures and varied definitions of fraud, there was a clear result that applied then and we believe applies now: A substantial amount of corporate fraud goes undetected. With detection likelihood between 29 and 52 per cent, there was indeed an iceberg of undetected fraud that ranged between 48 and 71 per cent of total fraud.

When we pooled four of our measures, the estimated detection likelihood was 0.38. Thus, we could say with 95 per cent confidence that between 51 and 70 per cent of all fraud goes undetected.

When we pooled together two of the other fraud measures, the result was similar: the estimated detection likelihood was 0.33. Thus, only one-third of corporate fraud is detected, and the total amount of corporate fraud is actually three times the amount corporate fraud that is observed.

Other key findings included the following:

• Auditor-detected securities frauds hovered around 1% of firms studied, with a peak of 1.1% in 2000–2001;
• AAER investigations averaged 2.6%, with a peak of 3.5% in 2000–2001 and a trough of 2.0% in 1998–99;
• Accounting violations measured by non-clerical restatements averaged 13.5% during the entire sample period, with a peak of 18.3% in 2002–2003 and a trough of 7.2% in 1998–1999T; and
• The broader SCAC securities fraud averaged 3.4%, with a peak of 4.8% in 2000–2001 and a trough of 2.3% in 2004–2005.

We found that in any year averaged across the business cycle, 2.5 per cent of large corporations were committing severe financial misreporting that auditors could detect. Auditor-detected securities fraud is a subcategory of SCAC alleged securities fraud; thus, this low frequency was not surprising.

We concluded that, during an average year over the business cycle, 10 per cent of large corporations were committing a misrepresentation, information omission, or other misconduct that could lead to an alleged securities fraud claim.

By using the AAER measure, we arrived at a similar estimate: 8% of fraud pervasiveness. This magnitude was similar to the SCAC estimate, even nthough AAERs have lower observed frequencies because their existence requires the SEC to act. Recall that the SEC failed to act on Madoff despite six substantive complaints.

Accounting violations—less severe than alleged securities fraud—were far more prevalent, with an average annual pervasiveness of 41 per cent. We do not want to conclude from this estimate that each year, 41 per cent of large corporations commit a severe misreporting. To reach this conclusion we would need some more substantive filters to eliminate inconsequential misreporting.

Nevertheless, this estimate does not bode well for the U.S. auditing system.

Also read: From alarm to alarming to panic: Byju's and its auditing lessons

The Cost of Fraud

The finding that 10 per cent of large corporations are committing fraud at any one time does not necessarily imply that the economic cost of fraud is large. To draw that conclusion, we needed to estimate the cost of these corporate frauds. As in the prior literature, we focused on the cost of fraud borne by equity holders of the firms involved, ignoring other potential losses (e.g. loss in debt value, loss of employee pensions and jobs, loss of customer prepayments, loss of taxes owed) and spillover costs borne by competitors.

KLM Financial has estimated the ‘reputational loss’ of detected fraud at 25 per cent of the equity value of the fraudulent firm. This cost, which is almost entirely due to a loss in reputation, represents the present value of the decline in expected cash flows as firms’ investors, suppliers and customers change the terms by which they interact with a fraudulent firm.

Notably, KLM’s cost estimates are for detected fraud and do not necessarily apply to undetected fraud. But even when a fraud is not yet in the public domain, the firm incurs costs for two reasons. First, the fraud is unlikely to remain a secret for customers and employees, who will seek business relationships or employment elsewhere, demand a premium to remain—or take advantage of the fraud themselves. For example, Bernie Madoff employees like Frank Di Pasquale were lavishly paid to ensure their silence. In addition, they stole money for themselves.

Second, the biggest cost is often in the cover-up. For 20 years, the Japanese company Olympus was able to hide a $730 million financial loss from 1990 with a series of bad acquisitions and accounting tricks. Those bad acquisitions alone cost $300 million.

It is hard to put a number on these costs. But if we assume that, at least in the medium term, the stock market is strong-form efficient, the abnormal low returns of companies that are likely to have committed a fraud but were never exposed can provide an estimate of these hidden costs.

In one study, researchers did this. They compared the annual buy-and-hold return of firms with a high probM score with that of firms with a low probM score. After controlling for a four-factor model, they estimated an annual 10.9 per cent difference in returns.

We took this underperformance as an estimate of the costs of undetected fraud, and were now in a position to compute the total cost of fraud. As indicated, our estimates suggested that 10 per cent of firms were committing fraud at any one time. If the detected fraud costs 10.9 per cent, the cost of an average fraud was 15.6 per cent of a firms’ market capitalization.

Thus, the cost of fraud is 1.6 per cent of a firm’s equity value per year: fraud pervasiveness (10%) multiplied by the loss of market capitalization for an average firm in case of fraud (15.6%).

In 2004, the total capitalization of the U.S. equity market was $16 trillion. Since, on average, 10 per cent of firms were engaged in fraud at the time, the annual cost was $254 billion a year. If we repeat the calculation at the end of 2021, the expected annual cost would have been $830 billion.

In closing

The sudden demise of one of the world’s most successful auditing firms allowed my colleagues and I to determine the fraction of corporate fraud that goes undetected. And the news was not good: We found that two out of three corporate frauds go undetected, implying that prior to the 2002 implementation of Sarbanes Oxley (SOX), 41per cent of large public firms were misreporting their financial accounts in a material way and 10 per cent were committing securities fraud, imposing an annual cost of $254 billion on investors.

These figures project a dismal picture of the effectiveness of financial auditing pre-SOX. Whether that federal act has succeeded in reducing the problem was beyond the scope of our research. Yet, the magnitude of the problem we identified suggests that strong action was indeed warranted. Based on our estimates, if the new regulation reduced the probability of starting a fraud by 10 per cent, its cost—estimated at $3.8 million per firm, on average—would be fully justified.

Alexander Dyck is a Professor of Finance and Economic Analysis and Policy at the University of Toronto’s Rotman School of Management, where he holds the Manulife Financial Chair in Financial Services.