Cynthia Cooper exposed the 3.8 billion dollar WorldCom fraud

In June 2002, Cynthia Cooper led WorldCom's small internal audit team to a discovery that wrecked one of America's biggest companies. Her staff traced 3.8 billion US dollars of ordinary costs that managers had hidden on the balance sheet. At the time it was the largest accounting fraud in US history.

Who is Cynthia Cooper?

Cynthia Cooper is an American accountant who ran internal audit at WorldCom, once one of the largest telecom firms on earth. She grew up in Clinton, Mississippi, and trained as an auditor before she joined the company. In 2002 she was 43. Her job was to check that the books were honest.

Her background was a good fit for the task. She earned an accounting degree from Mississippi State University and a master's in accountancy from the University of Alabama. Before WorldCom she worked at the big audit firms PricewaterhouseCoopers and Deloitte. She held the main professional badges in her field, including the certified public accountant and certified fraud examiner credentials. None of that made the next few months easy.

What did Cooper find at WorldCom?

Cooper found that WorldCom had hidden billions in everyday costs. The company took normal running expenses and logged them as long-term investments instead. That move pushed the costs off the profit and loss account and onto the balance sheet. On paper, profits looked healthy. In truth, the firm was bleeding money.

The trick centred on what WorldCom called line costs. These were the fees it paid other carriers to route calls across their networks. Such fees are a daily cost of doing business, so they belong in the expenses column. Instead, senior managers booked large chunks of them as capital spending, the way a firm records a new building or a fleet of trucks. That let the cost sit on the balance sheet and trickle into the accounts slowly, year by year.

The audit team later counted 49 entries labelled "prepaid capacity" that did this, stretching back to early 2001. Each one was timed to land after the quarter's books had closed. The goal was simple: hit the profit targets that Wall Street expected, quarter after quarter, even when the real numbers fell short.

The audit that ran at night

Cooper's team did not set out to catch a fraud this big. The thread started in the wireless division, where they noticed corporate accounting reversing entries they had flagged. When they asked questions, the accountants involved acted as if they had no idea what the auditors meant. That wall of silence told Cooper something was wrong.

So the team went around it. The corporate controller had limited their access to the accounting system, which made a straight search impossible. One of her auditors, Gene Morse, built his own software tool to pull and trace journal entries the official screens would not show. Cooper and her audit director, Glyn Smith, ran much of the work late in the evening, after most staff had gone home, so no one would notice how far they were digging.

Night after night the pattern came into focus. Huge sums of line costs had been moved into asset accounts with no paperwork to back them up. The numbers were spread across many accounts in small pieces to avoid catching the eye. When the team laid the entries side by side, the picture was hard to argue with.

The fraud was protected by permissions

One part of this story gets far less attention than Cooper's courage. It may be the part that matters most today. WorldCom's fraud was hidden in the books, and it was also hidden behind a login. The controller had narrowed the internal audit team's access to the accounting system. The entries that mattered never appeared on the screens Cooper's people could open. The cover-up was a permissions setting as much as a set of false numbers. That is why Gene Morse built his own software to pull the journal entries and trace them. He wrote it to get around the access limits management had placed in his way. Plenty of firms still treat their reporting hotline and their data-access rules as two separate topics. WorldCom is the case that ties them together.

That setup is more troubling now, given how much detection has changed. The kind of query Morse coded by hand is now a standard product feature. Continuous-monitoring tools and fraud-detection models scan every journal entry automatically. But they all run on data that someone inside the company controls. A finance chief who can shrink an auditor's access can shrink a model's data just as easily. Doing it draws far less notice than sidelining a person. So the deeper lesson of WorldCom sits underneath the courage. Detection is an infrastructure problem. Whoever controls the data decides what any watchdog, human or machine, can even look at. Cooper had one advantage the next auditor may lack. The systems in 2002 were still simple enough for one person to reroute by hand. The one who comes after her may be locked out of the data before she can even start.

Scott Sullivan tried to buy time

The man at the centre was the chief financial officer, Scott Sullivan. He was a star of the finance world, young and well paid, and he had signed off on the entries. When Cooper pressed him, he did not deny them. He offered an accounting rationale and asked her to hold off until the next quarter, when he said he would sort it out.

Cooper refused to wait. Sullivan's manner, by her own account, swung between hostile and smooth. He hinted that promotions for her staff might stall and that her reporting line could change. The message was clear enough. Yet she kept going, and she has been honest since about how frightening it was.

---

"There were times when I was scared, when my hands were shaking and my heart was pounding."
Cynthia Cooper, ACFE Fraud Magazine (2008)

---

She has traced that steel to a single piece of advice. Her mother had told her as a child never to let anyone push her around. "Don't ever allow yourself to be intimidated," Cooper recalled her saying. In a tower full of executives who outranked her, that line held.

The disclosure in June 2002

Cooper took the findings over Sullivan's head. On 20 June 2002, she and Glyn Smith presented to WorldCom's audit committee in Washington, walking the board through the fake entries quarter by quarter. The committee acted fast. By 24 June it told Sullivan and the controller, David Myers, to resign or be fired. Sullivan was fired; Myers quit.

On 25 June 2002, WorldCom told the public. It admitted it had overstated its profit by 3.8 billion US dollars and briefed federal regulators the same day. The Securities and Exchange Commission sued at once, calling it a massive accounting fraud. Its complaint laid out the split: about 3 billion US dollars of false profit in 2001, plus another 797 million in the first quarter of 2002 alone. The figure only grew from there. Later reviews found WorldCom had overstated its assets by about 11 billion US dollars. On 21 July 2002, the company filed for bankruptcy, the biggest the country had ever seen.

How WorldCom's collapse rewrote the rules

WorldCom's fall changed the law for every public company in America. It landed just months after the Enron scandal, and the pair convinced Congress that the rules on company accounts were too weak. The result was a sweeping reform that made bosses personally answer for the numbers they signed.

The human cost came first. Nearly 30,000 people lost their jobs as the company shrank. Investors and pension funds lost billions. The founder and chief executive, Bernard Ebbers, was convicted of fraud and sentenced to 25 years in prison. He was released on health grounds in late 2019 and died weeks later. Sullivan cut a deal, testified against Ebbers, and served a shorter term.

The external auditor, Arthur Andersen, had already collapsed over its work for Enron, so WorldCom showed that outside checks could fail too. To pay back wronged investors, the SEC set up a fund that eventually returned 750 million US dollars. And in July 2002, Congress passed the Sarbanes-Oxley Act. It forced chief executives and finance chiefs to certify their accounts in person, strengthened internal controls, and gave auditors more independence. Much of the modern compliance world traces back to that one law.

Time Person of the Year and what came next

At the end of 2002, Time magazine put Cooper on its cover. It named her a Person of the Year along with two other women who had spoken up that year. Each had warned a powerful institution from the inside, and each had been brushed off before the warning proved right.

Cooper did not cash in on the fame. She stayed with the rescued company, which became MCI, for more than two years and helped it climb out of bankruptcy. Verizon bought what was left in 2006. She later started her own firm and wrote a memoir about the whole ordeal, called Extraordinary Circumstances. She gave its profits to ethics programmes in schools and universities. These days she lectures students and auditors on how to spot fraud and how to hold firm when a boss leans on you.

Her advice to those auditors is plain and hard to forget. "Listen to your instinct," she has said. "If something doesn't feel or seem quite right, it might not be."

What stands out about WorldCom is who finally stopped it. The fraud slipped past Wall Street analysts, past a famous outside audit firm, and past a board that trusted its own stars. It was caught by an in-house auditor whose access the controller had tried to limit, working after dark with a tool her own colleague had to build. The people paid to guard a company's books are sometimes the last ones management wants looking. Other scandals surfaced only by chance. Hewlett-Packard's board did not learn its own chief executive had filed false expense reports until an outside lawyer's letter arrived, far too late for an internal channel to help. Cooper's case is a reminder that giving them a safe way to report, rather than a reason to stay quiet, is what catches the next 11 billion US dollar hole before it swallows the firm. That is exactly what a confidential reporting channel is for.