Skip to main content

The Immaculate Deception

The MD&A section of financial reports can contain linguistic clues to fraud. How do they get in there?

The Immaculate Deception
  • Researchers have shown that the Management Discussion and Analysis section of financial reports can contain word patterns suggestive of fraud.
  • Given that many internal managers and outside auditors contribute to the MD&A, researchers tried to understand how fraud cues can show up in final versions.
  • In an experiment, study participants who were asked to write an MD&A, based on a guidance memo from an executive attempting to hide fraudulent activity, unknowingly used these cues. They also did not suspect executive wrongdoing.

Note: Have you ever felt pressured to participate in a highly unethical activity (such as fraud ) with others in your job and refused? If so, Smith School of Business researchers, in collaboration with a University of Illinois researcher, invite you to complete a 30-minute online survey about your experience. Your answers will be kept confidential, and they could help prevent future group fraud. You may also win a draw for a $100 donation to the charity of your choice.

If you think accounting is simply a game of numbers and not words, you’d be mistaken. As researchers and regulators have recently learned, there are clues to nefarious dealings in the narrative section of financial reports. The focus has been on the Management Discussion and Analysis (MD&A) statement, which offers the executive team’s take on the firm’s performance. Like dusting for fingerprints, regulators can use algorithms to analyze the MD&A for word patterns suggestive of deception or fraud.

There’s just one puzzling issue: given that the MD&A is generally written and re-written by many people and reviewed by an outside auditor — people presumably not aware of potential fraud — how do deceptive cues show up in the published version?

That’s the puzzle that a Queen’s University research team tried to solve. Pamela Murphy (retired) and Lynnette Purda, both of Smith School of Business, and David Skillicorn of the School of Computing ask two questions: Do different kinds of cues get transmitted from executives through otherwise unsuspecting employees who help draft a financial report? If so, do these innocent employees pick up on the cues and suspect executive wrongdoing?

What Murphy, Purda, and Skillicorn found should shake the confidence of industry insiders who say it’s impossible for “weasel words” to be overlooked by all the executives and auditors working on these high-profile documents.

Digesting Fraud Cues

For the first part of their study, the Queen’s team confirmed via interviews and research that the writing and reviewing of the MD&A is indeed a group effort. It usually involves individuals in finance, accounting, and investor relations, with senior management, legal counsel, communications, audit committee, and an outside auditor all closely reviewing the document.

The researchers then conducted an experiment involving 81 university students who were enrolled in an advanced financial statement analysis or auditing class. The participants were asked to write the MD&A for a real company whose chief financial officer had been cited by the U.S. Securities and Exchange Commission for committing fraud. The study participants were given one of two versions of an instruction memo from the CFO. In one, the memo contained phrases and statements taken directly from the actual report which was identified by the SEC to be fraudulent. In a manipulated version, they added to this memo 22 negative words shown to be associated with fraud. The researchers then examined the MD&As generated by the study participants to see if any contained the fraudulent cues embedded in the CFO memo.

After writing the MD&A, participants, who were unaware that the memos contained fraud cues, were asked whether they believed the details in the CFO’s notes.

More Negative Words, Fewer Positive Words

The results? Murphy, Purda, and Skillicorn found that certain word groups, specifically words relating to discrepancy, uncertainty, and negativity, were transmitted from the CFO memo to the MD&As. Alongside the increase in negative words was a related decrease in positive words. “Interestingly, the negative tone came across but not the exact words,” says Murphy. “They were digesting the CFO memo but they were writing it differently.”

The study participants also proved to be oblivious to the linguistic indicators of fraud. Not only did they include these markers in their own MD&As, they did not suspect executive wrong doing.

As the researchers report, “Our results suggest that a CEO or CFO who knowingly commits fraudulent financial reporting can also be part of the process of writing MD&A that predicts the fraud, but with no one else in the organization suspicious of the fraud.”

Murphy, Purda, and Skillicorn say their study provides the first insights into how linguistic cues can be transmitted through the financial reporting process, with implications for those who write MD&A and those who rely on them.

“Auditors aren’t very good at finding fraud. That’s not their main job. People think they’re trained to spot fraud but they really aren’t”

The study results, however, may not be enough to convince those in the auditing community who doubt that auditors, of all people, could overlook fraud cues in any MD&A under their review. Murphy, who has done considerable research and teaching in the field, believes they’re kidding themselves. “Auditors aren’t very good at finding fraud,” she says. “That’s not their main job. People think they’re trained to spot fraud but they really aren’t.”

She adds, “When people who do this for a living and who have spent their whole career being involved with MD&A, for them to think this is absolutely not possible is a little scary. Because it is possible and it has happened.”

Regulators don’t need convincing. The SEC has developed fraud detection software, dubbed Robocop, that automatically creates a risk score for firms within 24 hours after their electronic filings. The score is based on a variety of data including textual analysis of MD&A statements.

Meanwhile, researchers continue to refine their approaches to analyzing text for fraud cues. Purda and Skillicorn, for example, created an algorithm based on data mining techniques that analyzes fraudulent financial statements in search of suspicious words or phrases.

Murphy hopes that, in the coming years, auditors include such tools in their year-end audits to identify potentially troubling statements. “These programs,” says Murphy, “can be incredibly useful.”

Alan Morantz