This document provides an overview of forensic auditing and accounting. It discusses the definition of fraud and key issues that drove fraud in the 21st century. It also covers red flags of fraud, common fraud schemes, and the role of internal controls and audits in detecting and preventing fraud. The document outlines investigative techniques for fraud cases and case management best practices. It provides information on different types of forensic audits and compares auditing to forensic auditing.

1. ReCh
Management Centre
Forensic Auditing &
Accounting

2. Contents
The international business environment..........................................................6
Introduction ................................................................................................6
http://www.youtube.com/watch?v=ZUiSGe2LCfk .....................................6
http://www.youtube.com/watch?v=DipTXplOQhg.....................................6
What is Fraud ............................................................................................6
Key issues which drove the frauds of the 21st Century .............................7
Bad Cellular .............................................................................................11
The organisational planning framework ..................................................11
The role of effective financial reporting ....................................................13
The role of chief legal officer or general council ......................................15
The role of effective financial auditor .......................................................18
The role of prudent financial investors.....................................................19
Overview of “Creative Accounting” Techniques and the Red-Flags of Fraud20
Facts about Fraud ...................................................................................20
The Fraud Triangle ..................................................................................21
The Red Flags for Fraud .........................................................................21
Factors Contributing to Fraud ..................................................................22
How is Fraud Discovered? ......................................................................22
What is a Red Flag? ................................................................................22
Why are Red Flags important?................................................................22
The Importance of Red Flags for Fraud ..................................................22
The Types of Red Flags for Fraud ..........................................................23
General Red Flags ..................................................................................23
Opportunity Red Flags.............................................................................23
Employee Red Flags ...............................................................................24
Management Red Flags ..........................................................................25
2

3. Changes in Behaviour “Red Flags” .........................................................26
Red Flags in Cash/Accounts Receivable ................................................26
Red Flags in Payroll.................................................................................27
Red Flags in Purchasing/Inventory .........................................................27
Lifestyle Fraud .........................................................................................28
Common Types of Fraud ........................................................................30
Fraud perpetrated for the benefit of shareholders...................................30
Fraud perpetrated through the development of false Financial Statements 31
Fraud perpetrated through the misuse of corporate resources...............31
Fraud perpetrated through third party intervention ..................................32
Fraud perpetrated through false revenue recognition .............................32
Fraud perpetrated through the use of acquisitions..................................32
Fraud perpetrated through derivatives -reason unknown .......................33
Fraud perpetrated through the absence of proper accounting records ..34
Fraud perpetrated through override of existing controls and for the benefit of the individual 38
Other Fraud Danger Signals ...................................................................41
Next Steps ...............................................................................................41
Evaluating Red Flags ..............................................................................42
Reporting Fraud.......................................................................................46
Conclusion ...............................................................................................46
Internal Accounting and Operational Controls and Fraud .............................47
Nature and theory of Internal control structure ........................................47
Internal Controls ......................................................................................49
Limitations of Internal Controls ................................................................51
Balancing risk and Internal Controls........................................................51
Internal Operational Controls...................................................................51
Internal Accounting controls ....................................................................55
3

4. Components of Fraud Rationalisation .....................................................58
Controls and the deterrence of fraud.......................................................58
Controls and the detection of fraud .........................................................58
Controls and the investigation of fraud ..........................................................59
The back economy – awareness and profiles.........................................61
Money laundering component and the proceeds of crime ......................63
Money laundering ....................................................................................63
Governance and Business Risk overview...............................................64
Fraud Theory ...........................................................................................64
Limitations of traditional audit techniques................................................66
Strategic Fraud Prevention Plan .............................................................68
Audits..............................................................................................................70
Role of public perception v practical reality .............................................70
Reactive and proactive forensic audits....................................................75
Auditing and forensic auditing compared and contrasted .......................75
Forensic Computer Investigation.............................................................77
Financial statement fraud ........................................................................77
Fraud Schemes .......................................................................................78
Fraud Characteristics ..............................................................................78
Financial Statement Fraud Harm ............................................................78
Corporate Governance mitigating fraud ..................................................79
Earnings Manipulations and Management..............................................80
Investigations and Expert Witness Testimony ..............................................80
Introduction ..............................................................................................80
Purpose of the Fraud Response Plan .....................................................80
Action following detection – Stage 1........................................................81
Action following detection – Stage 2........................................................81
4

5. Initial Enquiries.........................................................................................82
Managers duty of care .............................................................................82
The Fraud Interview.................................................................................82
Use and protection of evidence ...............................................................84
Appointment of a case manager .............................................................84
Police Involvement ..................................................................................85
Company Fraud Register ........................................................................85
Fraud Response Plan review ..................................................................85
Practical fraud case management case tips ...........................................86
Dealing with lawyers and handling court situations in SFO Trials...........87
Conclusion - Time for a standard for corporate governance...................91
Case Study .....................................................................................................92
Differences in control procedures in a manual and a computer environment93
Internal Accounting and Operational Controls in functional areas................93
Sales Controls .........................................................................................93
Purchase Controls ...................................................................................94
Bank Controls ..........................................................................................94
Appendix – Definitions & Resources .............................................................95
Resources ...............................................................................................95
Definitions Related to Fraud ....................................................................95
5

6. The international business environment
Introduction
Chris McKittrick - Forensic Accounting
http://www.youtube.com/watch?v=ZUiSGe2LCfk
What is Forensic Accounting? Brief History of Forensic Accounting
http://www.youtube.com/watch?v=DipTXplOQhg
What is Fraud
Occupational Fraud is defined as:
“The use of one’s occupation for personal enrichment, through the deliberate misuse or
misapplication of the employing organisation’s resources or assets.” Fraud encompasses
an array of irregularities and illegal acts characterized by intentional deception.
ISA240 , The international accounting standard on Auditing, defines fraud as: “ An International act by
one or more individuals among management, those charged with corporate governance, employees or
third parties, involving the use of deception to obtain unjust or illegal advantage”, while it defines errors: “
An unintentional misstatement in the financial statements including the omission of an amount of
disclosure”.
The five elements of fraud are:
• A representation about a material fact, which is false,
• And made intentionally, knowingly, or recklessly,
6

7. • Which is believed,
• And acted upon by the victim,
• To the victim’s damage.
Fraud, like other crime, can best be explained by three factors:
1) A supply of motivated offenders;
2) The availability of suitable targets;
3) The absence of capable guardians or a control system to “mind the store.”
There are four elements that must be present for a person or employee to commit fraud:
• Opportunity
• Low chance of getting caught
• Rationalization in the fraudsters mind, and
• Justification that results from the rationalization.
Key issues which drove the frauds of the 21st Century
Why didn’t you see it? There was fraud and you missed it. Conducting a “should of” after a
fraud happens may show that red flags were present. If you had only recognized the
warning signs, then that loss may not have occurred or been substantially reduced. Based
on a recent survey by the Association of Certified Fraud Examiners (ACFE), occupational
fraud substantially increases organizational costs. It is a myth that fraud is a big scheme
that should have been uncovered sooner and easy to detect. Fraud starts small and just
gets bigger and bigger, until something becomes noticeably different or unusual.
According to a report from BDO Stoy Hayward companies’ trusted internal management
and the people they do business with every day are behind hundreds of millions of pounds
worth of losses every year. Management are robbing you bind says Simon Bevan.
The combination of spiralling debts and desperate employees spells real danger for
business warns Bevan.
Fraud damages the economy. It is not victimless, but it is indiscriminate, hitting both rich
and poor. Fraud is not just about share support operations: it has an impact on individuals
and on the economy as a whole. Fraud involves no violence, and leaves no tangible
visible scars, but it can be devastating in its effects. It is said that 16 people committed
suicide as a result of losses incurred over the Barlow Clowes fraud. It is undoubtedly
costly. The Head of the City of London Fraud Squad recently looked at the historical
picture and discovered that the economic cost of fraud to the UK economy was
~in 1985 was estimated at £1 Billion
~by 1994 had reached £4 Billion
7

8. While, the most recent comprehensive study, the third report of the Fraud Advisory Panel,
put the annual economic cost at £14 billion per year; and the authors believed that even
this was an underestimate. This equates to some £230 per head of population
There is also a strong likelihood that a significant amount of commercial fraud is never
reported by companies for fear of gaining a bad reputation. Anecdotally, I have learned
that at least one major insurance company "routinely" receives claims against fraud
insurance policies exceeding £50million, but that these are never reported to the police or
elsewhere.
I believe that we must be seen to tackle fraud effectively, for economic, social,
international and moral reasons.
Economic justification for eliminating Fraud
I have already mentioned cost, both to individuals and the economy as a whole. There is
also another economic aspect. Fraud corrodes confidence: it has a negative economic
effect. It undermines confidence and the standing of our financial services industry and our
global reputation as a place where clean business can be done. If investors lose
confidence in our ability to police our markets, they may take their business elsewhere.
The fact is that a successful economy requires a healthy and well-regulated marketplace
to retain and increase investment. Tackling fraud effectively is important for the reputation
of UK markets.
Social justification for eliminating Fraud
There is a social dimension as well. Social equality requires that we bear down on white
collar crime as effectively as on benefit fraud. Since 1997, the number of Benefits Agency
investigations resulting in successful prosecutions or cautions and penalties as an
alternative to prosecution has risen from 11,700 to 26,958, and over a similar period the
level of fraud and error in Income Support and Job Seekers’ Allowance has reduced by
£180million, or roughly 18%. This work is now undertaken by Job Centre Plus. We need to
match this approach in white collar crime. Tackling fraud effectively demonstrates an
even-handed approach to justice: dealing with white collar criminals as well as those
responsible for the bulk of crime.
International justification for eliminating Fraud
And there is an international aspect. Government wants developing countries to prosper
and free themselves from fraud and corruption – but our own house has to be in order or
we have no legitimacy to tell others to sort themselves out as a condition of aid.
We are determined to play our part in the worldwide effort to tackle international terrorism
and drug trafficking. Fraud, money laundering and the use of the proceeds of crime to
finance further crime are inextricably linked.
Moral justification for eliminating Fraud
Finally, there is an issue about the distribution of the resources of the state – where public
money is siphoned off through fraud; that means less money to go to the pensioner,
disabled person or low-income family who really need it.
8

9. In summary, tackling fraud effectively fits in to our wider economic, social and international
agenda.
Mechanisms for dealing with Fraud
In this country we have developed a sophisticated set of mechanisms for regulating the
markets and tackling City and company fraud. Principal among these, in the regulated
sector, is the Financial Services Authority with a wide range of powers of investigation,
and an impressively creative series of sanctions available to it, ranging from withdrawal of
authorisation through to fine, public censure, injunctions, restitution, prohibition orders and
banning orders. The DTI, in its policing of the company sector, has available to it the
nuclear weapon of applying for the winding up of a company, and the ability to bring
disqualification proceedings. The revenue departments are able to exact harsh financial
penalties for revenue fraud.
No-one should doubt the effectiveness of these sanctions, or the impact on individuals.
The disqualification proceedings in Barings were heavily fought at a cost of hundreds of
thousands of pounds. In the City, the loss of one’s reputation, and the inability to secure
similar employment, are devastating consequences of being caught out.
But I do believe that there is a range of cases where these sanctions are not by
themselves sufficient, and the public rightly expects:
1. That wrong-doing is marked by a conviction in the criminal courts;
2. A penalty of the kind that might be applied to any other individual guilty of
criminal behaviour. In some cases, prison will be appropriate. The courts are fully
conscious of the devastating blow of conviction and imprisonment for a
professional man. But where individuals abuse their privilege and trusted position
in order to carry out a fraud, relying in fact upon their previously impeccable
character to mask their wrong-doing, prison will often be appropriate. Equally,
courts have chosen to mark the fact that certain frauds, such as insurance
frauds, deserve imprisonment because they are difficult to discover and involve
detailed and carefully planned dishonesty, and that therefore a sentence of
imprisonment is required as a deterrent. The courts also draw a distinction
between cases of honest businesses falling into difficulties, causing a director or
controller to resort in desperation to fraud, with a situation in which a scheme
was from the start a fraudulent enterprise and substantial sums of money and
property were obtained. In such circumstances, quite severe sentences are
passed.
So there are cases where it is clear from the start that a response by a criminal
investigation and prosecution agency is required.
As some of you will know the SFO was established in 1988 as a result of a
recommendation in the Roskill report for the creation of a unified fraud investigations and
prosecution agency which would be responsible for serious and complex fraud cases
The Criminal Justice Act 1987 created the SFO. The distinctive feature was that powers of
investigation and prosecution were given to the Director of the SFO.
9

10. The SFO has not always had a fair press, so let me state unequivocally: the record of the
SFO is impressive and it has more than proved its worth.
In its 14 years of operation, the SFO has prosecuted more than 237 cases involving 516
defendants. 366 (71%) were convicted. In the period under Rosalind Wright, 69 cases
have been prosecuted involving 134 defendants. 115 (86%) were convicted. There are no
recidivists in SFO cases: convicted defendants do not reoffend. It is well known that SFO
prosecutions have a deterrent effect. Yet the SFO is delivering these lengthy and highly
complex cases on small resources – an average of 2½ staff per case.
Why is the work of the SFO important?
The money involved in these cases is in excess of £2.5 billion
A successful SFO deters fraud as well as prosecutes it and helps to maintain confidence
in the probity of business and financial services in the UK.
Other countries model themselves on the SFO approach.
There are a number of features of SFO work that are distinctive
Multi-disciplinary investigations:
Police Officers seconded on a case related basis
SFO accountancy/financial investigation team’s role is crucial. They analyse financial
information, including statutory accounts, management accounts, and cash flows. They
also manage outside accountants, supervise searches of offices and homes and most
important of all trace the money. The team involves former fraud squad officers, and
others who have gained special financial expertise in their former occupations, but let me
say a special word about forensic accountants.
In the SFO, forensic accountants play a vital role in supporting investigations both
internally and as external appointees. They provide a perspective that other investigators
do not have and are often chosen for their specific experience of the sector which is being
investigated (i.e. insurance on Independent). Forensic accountants also bring not just
numeracy but an inquiring minds (not just what happened but why). They enable the SFO
to focus investigations on issues that are important to a successful investigation rather
than issues which appear curious to an outsider.
Often it is the thoroughness of the work undertaken by forensic accountants which tips the
balance in cases. It is now rare for their work to be challenged because of the painstaking
and methodical approach that they take. Yet they are often the most compelling of
witnesses because they are able to distil the facts down to their lowest sensible level and,
when aided by suitable graphics, are able to show the "whole" picture in clear and simple
terms. They are often used in this respect to tie the case together by showing the
movement of money and documents which makes sense of the other factual evidence
which shows why people do what they are doing.
The SFO uses a considerable number of forensic accountants and many external firms at
any one time. This experience aids both them and the SFO. They get excellent experience
and an appreciation of the criminal process and the SFO gets a cadre of persons who
understand what it wants when it does get involved in cases.
10

11. Another key component of the team is the forensic computer and IT experts, who
decipher, explore, and recover computer material
Finally, of course there are the lawyers: the SFO case controller (Lawyer) responsible for
the direction of the investigation and then throughout the prosecution, supported by
assistant case controllers and investigation lawyers
And Counsel appointed to prosecute in the Crown Court who is generally involved early in
the life of the case
Bad Cellular
It turns out it was all just a case of cellular static:
The Arthur Anderson partner was on his cell phone when he said "Ship the Enron
documents to the Feds."
But his secretary heard "Rip the Enron documents to shreds."
The rest is history - how clear is YOUR cellular?!
The organisational planning framework
Planning Stage
Early in the initial planning stages of the audit, the auditor should identify and assess any
fraud risks factors that could be associated with the specific organization, its environment,
its employees, and type of audit. Auditors should also become familiar with and assess
the fraud risk factors generally applicable to all audits and upper management. Next, the
auditor designs an audit program that reflects the risk assessment by developing steps to
address any risk factors identified as being material or significant to the audit scope,
subject matter, or objectives. The team should discuss among themselves and with the
supervisor how and where the audited organization might be susceptible to fraud.
Additional Planning steps
Prior to beginning the field work phase, either at the entrance conference or another time,
the auditor should identify the appropriate management officials and ask them what fraud
or other criminal activity they are aware of within their organization. The auditor could also
inquire as to what fraud risks the organization’s management has identified and what
actions they have taken. Instead of discussing the fraud risks for each audit separately,
the auditor could choose to discuss these issues with the organization’s management
during the audit organization’s annual planning process.
11

12. Execution Phase
The fraud risk assessment process does not end with the development of the audit
program. During the execution phase, the auditor should remain alert to potential fraud
indicators. Auditors may also decide that, depending on the audit scope, they should
make inquiries of other personnel at the audited organization. These inquiries could
include what fraud risks could exist and whether the employee has any knowledge or
suspicions of fraud. An auditor should not ask every employee or manager these
questions; however, based on information or a response to another question from an
employee or manager, the auditor could decide that such follow-up questions are
appropriate. When an auditor finds fraud indicators during the audit, they should address
the indicators by performing additional audit steps or expanding transaction testing. The
auditor should revise the audit program accordingly, document the fraud indicators found,
and the additional work performed to address them.
Discussions on potential fraud
When an auditor identifies indications of potential fraud, the auditor should discuss the
indicators and possibilities of the occurrence of fraud with their supervisor. Auditors may
also consult with other auditors, supervisors, or managers who have more experience or
knowledge relating to the identified potential fraud scheme or indicators. Additionally,
auditors may discuss their concerns and findings with investigators, agency counsel, and
other agency staff responsible for fraud prevention or detection programs or activities.
Any advice received should be documented in the audit project documentation. Prior to
discussing with or notifying a DoD or other Federal government official, except for those
mentioned above, of a potential fraud, the auditor should confirm with the appropriate
investigative organization that doing so will not compromise an investigation. An auditor
should never discuss potential fraud related to a contractor’s activities with contractor
personnel unless they have obtained approval to do so from the lead criminal investigative
organization. A best practice would be to obtain written approval from a manager within
the lead criminal investigative organization versus verbally from the investigator.
Documentation
Auditors should document the entire process in the audit project documentation files, to
include:
 the fraud risk assessment process,
 any fraud risks factors originally identified,
 how the fraud risk factors were reflected in the audit program,
 any fraud risk factors or potential indicators identified during the audit,
 how the audit program was expanded to address the risk factors,
 any discussions with other parties on whether to make a referral; and
 any fraud referral steps considered or taken.
Auditors should continuously maintain a high level of fraud awareness and appropriately
assess fraud risk during the planning and execution of the audit in order to uncover
potential fraudulent acts and protect the Government's interests.
12

13. The role of effective financial reporting
Oversight Systems Corporate Fraud Survey Finds
Sarbanes-Oxley Effective in Identifying Financial Statement Fraud
Released on = November 1, 2005, 12:07 pm
The survey results (available as a free download at www.oversightsystems.com/survey)
indicate that 65 percent of respondents feel SOX has been “somewhat effective” or “very
effective” in identifying incidences of financial-statement fraud. Only 19 percent of those
surveyed found SOX to be ineffective or serve to prevent fraud identification.
“This report is full of positive news but foreshadows a real need for continued vigilance
among executives toward intuitional fraud,” said Patrick Taylor, CEO of Oversight
Systems. “SOX legislation and the intense focus on corporate scandals have helped battle
this type of white-collar crime, but professionals seem to be worried that the C-suite might
quickly lose interest in policing corporate fraud.”
Although respondents agree that SOX serves to identify fraudulent activity, they do not
feel the recent cultural change among U.S. business leaders toward institutional integrity
and fraud prevention in the wake of account scandals will stick. Only 17 percent feel there
will be a shift among business leaders to institutional integrity and fraud prevention for the
foreseeable future. The remainder of respondents possess a more stark outlook, reporting
that interest in such actions will fade in the next five years (39 percent); that vigilance has
already begun to fade (32 percent); or that there has been no change among business
leaders (12 percent).
“The pendulum of corporate culture and attitudes toward integrity swings back and forth,”
said Dana Hermanson, Dinos Eminent Scholar Chair of Private Enterprise at Kennesaw
State University. Hermanson is also an advisor to Oversight Systems and co-author of the
COSO-sponsored research report Fraudulent Financial Reporting: 1987-1997. An
analysis of U.S. Public Companies. “We could see very little corporate fraud in the next
seven or eight years, but then another boom-and-bust economic period could ignite
another wave of financial scandals, which would lead to further accounting and
governance reforms.”
The State of Institutional Fraud
While corporate vigilance toward fraud prevention has increased at least temporarily, fraud
examiners said fraud is a bigger problem today than in the bubble market of 2000. Two-
thirds of respondents (67 percent) said institutional fraud is more prevalent today than five
years ago. Only seven percent think fraud is less prevalent, while the remaining 26
percent of respondents feel there has been no change in the amount of fraud.
Participants were asked to select the three forms of institutional fraud that present the
greatest risk to companies. Respondents identified conflicts of interest (63 percent),
fraudulent financial statements (57 percent) and billing schemes (31 percent) as most
threatening. Examples of fraud that garnered at least 20 percent support were expense
13

14. and reimbursement schemes (29 percent), bribery/economic extortion (25 percent) and
inventory and non-cash asset misuse (20 percent)
“The risk of financial statement fraud is real and not going away,” Hermanson
said.“However, the perception of increased fraud may stem from Sarbanes-Oxley’s
effectiveness in uncovering weaknesses in internal controls and the potential for fraud.
SOX compliance gives auditors and executives a better position to evaluate a company’s
financial reporting system. Instead of only inspecting the outcome, financial reports, SOX
forces companies to understand the financial reporting process as well. And like the
manufacturing quality movement of the past, SOX pushes companies toward monitoring
each step in the process to drive out errors and weaknesses.”
Stopping Institutional Fraud
When asked to identify the measure most effective in preventing or deterrent institutional
fraud, 41 percent of professional fraud examiners identified the need for a strong tone from
the top of the organization. Visible prosecution was the next most popular response
garnering 22 percent support, followed by internal controls and technology-enabled
monitoring, each receiving support from 17 percent. Manual quarterly audits and
government regulation received only minimal support, earning two and one percent,
respectively.
However, when asked what single change would result in the greatest reduction of
domestic institutional fraud, opinions were more mixed. An employer pressing charges
against employees who commit fraud garnered the most support with 39 percent. The
trend of prosecution continued with 32 percent of respondents identifying convictions and
hefty sentencing as the next most popular response. Moreover, an additional seven
percent would like stiffer laws to increase corporate transparency.
“Stiff penalties and thorough prosecution send a strong message to employees. First,
employees are less likely to go along with rogue executives who orchestrate financial
reporting schemes. Second, a company’s prosecution of fraudulent employees
establishes the corporate attitude that fraud will not be tolerated,” Hermanson said.
The Role and Views of Fraud Examiners
Survey participants report that SOX has altered the role of fraud examiners. Nearly all
participants (95 percent) explain that their duties have changed with the implementation of
SOX legislation, with 47 percent reporting that fraud examiners play a major role in the
management of corporate integrity. Additionally, nearly one-third (29 percent) of
respondents felt their work in fraud detection has become secondary to SOX compliance.
In recent years it seems white-collar crime has been a staple of the evening news. Enron,
WorldCom and Martha are just a few of the high-profile names with which Americans have
become all too familiar. When asked, the majority of professional fraud experts felt these
well-known defendants should have been found guilty of the charges against them. The
percentage of respondents who thought the following executives are guilty of the charges
against them is listed below:
• John Rigas, Adelphia Communications – 95 percent
14

15. • Jeffrey K. Skilling, Enron – 95 percent
• Kenneth L. Lay, Enron – 96 percent
• Richard Scrushy, HealthSouth – 93 percent
• Martha Stewart, Martha Stewart Living Omnimedia – 72 percent
• L. Dennis Kozlowski, Tyco International – 96 percent
• Bernard J. Ebbers, WorldCom – 97 percent
Identity Theft Update
Identity theft is one of the more prevalent forms of fraud known by the average American.
A February 2005 Federal Trade Commission report states that for the year 2004, the
commission received more than 635,000 reports of consumer fraud and identity theft, with
identity theft accounting for 246,570 of the complaints (39 percent).
The 2005 Oversight Systems Report on Corporate Fraud reveals that 22 percent of
respondents think the justice system must get tougher on the identification and
prosecution of identity thieves. Additionally, 19 percent believe that the federal government
needs to pass national identity-theft-protection legislation and another 19 percent feel
regulators and consumers must work together to manage consumer information.
Some respondents believe that individuals are the first and most important line of defence.
Taking ownership of one’s own personal information was identified by 16 percent of
respondents as the best way to reduce identity theft.
About the 2005 Oversight Systems Report on Corporate Fraud
A total of 208 certified fraud examiners participated in this survey, conducted at the
Association of Certified Fraud Examiners’ (ACFE) 16th Annual Fraud Conference and
Exhibition. Dedicated to reducing business fraud world-wide, the more than 34,000
members ACFE make up the world's premier provider of anti-fraud training and education.
Survey participants include anti-fraud professionals such as internal auditors, independent
auditors, law enforcement officials, investigators and management consultants. This study
follows the August release of the 2005 Oversight Systems Financial Executive Report on
Risk Management, which found that CEOs are placing a greater emphasis on risk
management, although many companies are struggling to implement the necessary
changes. Also recently released was the 2005 Oversight Systems Financial Executive
Report on Sarbanes-Oxley, which found that nearly half of financial executives feel the
biggest issue related to compliance is the need to maintain the morale of the employees
responsible for compliance. All these research studies can be downloaded for free by
visiting www.oversightsystems.com/survey.
The role of chief legal officer or general council
Since the Sarbanes-Oxley Act of 2002 (SOA) was signed into law, the halls of executive
suites of public companies have seen tremendous activity as CEOs and CFOs address
their corporate accountability and financial reporting oversight responsibilities. They now
15

16. realize that such efforts are more than just good business practice, as they have always
been, but also are matters that carry severe penalties under the law. Likewise, audit
committee responsibilities have expanded such that membership has become an
invitation to delve into a company's affairs at an unprecedented level of depth, subject to
the scrutiny of the external auditors as well as investors. This "new era of corporate
accountability and responsibility" means that the checks and balances of the system of
internal controls are now clearly in the purview of corporate management, including the
company's chief legal officer or general counsel (GC).
This shift has raised the bar for many GCs to a higher level of visibility and accountability.
For many companies, internal control over financial reporting, especially the related anti-
fraud controls, were previously the responsibility of the controller, middle management
functions and various process owners, and subject to review and testing by internal audit.
The focus has often been limited to third-party fraud. Now that the game has been
expanded to fraudulent financial reporting, it requires a referee. Documentation
requirements, particularly policies and procedures regarding the anti-fraud program and
the internal reporting and escalation of internal control deficiencies, could potentially now
fall to the GC to define.
In order to meet the challenges of this significant role in corporate governance, GCs need
access to resources and tools that will enable them to make informed decisions when
establishing corporate policies and, more importantly, when dealing with situations where
there has been a breakdown in internal controls and the possibility of fraud exists. Without
proper anti-fraud controls, incidents of fraud can impact a company's financial
performance, permanently damage its reputation and result in shareholder lawsuits. All of
these circumstances refocus the company resources away from their primary purpose -
the operations of the organization for the benefit of the shareholders.
An anti-fraud program and controls are those controls related to the timely prevention,
deterrence and detection of fraud. They are the controls that are intended to mitigate the
risk of fraudulent actions that could have an impact on financial reporting. Examples
include:
 Fraudulent financial reporting. Inappropriate earnings management or
"cooking the books" - e.g., improper revenue recognition, intentional
overstatement of assets, understatement of liabilities, etc.;
 Misappropriation of assets. Embezzlement and theft that could materially
affect the financial statements;
 Expenditures and liabilities incurred for improper or illegal purposes. Bribery
and influence payments that can result in reputation loss; and
 Fraudulently obtained revenue and assets and/or avoidance of costs and
expenses. Scams and tax fraud that can result in reputation loss.
In Auditing Standard No. 2, the Public Company Accounting Oversight Board (PCAOB)
clarifies that the focus on fraud, from a financial reporting context, is directed to matters
that could result in a material misstatement of the financial statements. It is within this
context that management has the responsibility to prevent, deter and detect fraud. The
PCAOB also takes the position that deficiencies in the anti-fraud program and controls are
at least a significant deficiency in internal control over financial reporting. Furthermore,
SOA and the revised NYSE and NASDAQ listing requirements, as well as PCAOB
Auditing Standard No. 2, place greater responsibility on audit committees to provide
oversight with respect to financial reporting and internal control over financial reporting.
This oversight extends to reporting, documentation, investigation, enforcement and
remediation related to fraud.
16

17. The GC's role in this oversight function can be a comprehensive one, starting with
reviewing the reporting process and assessing the risks and potential damages should
fraud occur within the company, establishing documentation retention policies, articulating
escalation policies and processes, and determining when and how investigations should
be conducted (including when it is appropriate to engage outside counsel and or other
specialists). In addition, the GC should monitor existing policies and procedures for
compliance and effectiveness, and determine the appropriate enhancements to meet the
company's anti-fraud control objectives.
A key element of any effective anti-fraud program is an anonymous, risk-free means for
employees, customers and vendors to communicate any complaints regarding accounting
matters, improper conduct of company personnel, management override of internal
controls, or any other matters that represent a potential liability to the company (in
accordance with SOA Section 301). Typically, this is implemented via a "hotline," and the
GC plays a central role in managing the recording, evaluating, investigating, resolution and
reporting of these complaints. It is critical to maintain a complete record of all actions
relating to hotline complaints, from initial receipt through factual findings, and
recommendations for corrective actions, if any.
A common task for GCs in meeting their anti-fraud responsibilities is to engage outside
auditors, counsel, fraud specialists or other experts to assist in the investigation of
allegations and in the analysis of the results. An investigation may be delegated either
within the company or to outside service providers, subject to any necessary confidentiality
measures. These activities are consistent with the Amendments to the Federal Sentencing
Guidelines (the "Guidelines"), effective November 1, 2004.
Maintaining a complaint hotline is part of the "effective compliance and ethics program"
required under the Guidelines, which calls for the entity to "É promote an organizational
culture that encourages ethical conduct and a commitment to compliance with the law."
Similarly, a GC can reasonably expect to have some involvement in other ethics- and
compliance-related activities such as:
 formulating, communicating and enforcing the entity's anti-fraud policy;
 developing or reviewing the content of anti-fraud training materials that are
disseminated throughout the entity;
 monitoring and acting upon reported incidents of fraud and ensuring
adequate documentation of the entity's actions is maintained; and
 periodically reviewing the entity's anti-fraud policies and procedures to assess
their effectiveness and to modify them as necessary to provide continued
effectiveness.
In formulating the entity's anti-fraud policy, the GC can provide input as to how a policy
can be effective from the entity's perspective and still comply with various laws and
regulations, including privacy, human rights and required disclosures. Ideally, policy
should be developed as the result of discussions among and between the audit
committee, board of directors and individuals with operational responsibility for discrete
operating units or processes (e.g., purchasing, payroll, human resources, etc.). As policy
is developed, it must be "rolled out" to the entire organization in a manner that
communicates management's commitment to preventing and detecting fraud and other
criminal behaviour. To this end, a message from the GC (or a personal appearance at an
anti-fraud training meeting) is a powerful reinforcement to an entity's employees, driving
home the notion that the policy is being taken seriously at the highest levels of the
organization. Furthermore, a program of incentives should be considered for compliance
with the policy, and there should be disciplinary measures meted out for violations.
17

18. Once an anti-fraud policy is implemented, the next logical challenge is enforcement of the
policy in the case of detected instances of fraud. This is a complex area, frequently
requiring that the GC authorize the initiation of an internal investigation to determine the
facts and then decide an appropriate course of action (criminal or civil prosecution,
termination, restitution, filing an insurance claim, etc.). Oftentimes, the GC may be ill
equipped to manage such a process due to time, budgetary or other resource constraints.
At the very least, the GC should consider retaining outside counsel and/or other specialists
(fraud examiners, forensic accountants and investigators) to assist in conducting a
thorough and independent investigation of the matter.
These outside professionals are best suited to assist the entity in fact-finding, analyses
and technical activities (e.g., copying computer hard drives, performing massive e-mail
searches, reviewing books and records, etc.) that will enable the GC (and outside counsel)
to investigate a suspected fraud thoroughly and bring it to a conclusion.
As an entity matures, so must its anti-fraud policy. Over time, employees may develop
their own procedures for doing things, some of which may defeat the intent of anti-fraud
controls. A dynamic policy is therefore one which can be altered in response to changes in
the entity's circumstances and still remain effective. Periodically, the entity's management
should assess the risk of fraud or criminal activity occurring and whether the existing anti-
fraud policy is sufficiently effective to mitigate that risk. Where it is determined to be
necessary, existing policies and procedures should be enhanced to address areas of
increased risk. As noted above, the GC should review new or proposed policies for
compliance with applicable laws.
In conclusion, the role of the GC in developing an anti-fraud policy as part of an entity's
system of internal controls is both diverse and dynamic. The various professional
pronouncements and regulatory and legal requirements to which organizations are now
subject require input from a variety of sources, both internal and external. Developing
policies, communications and training, and monitoring hotlines as well as conducting
investigations may become more a part of a GC's role. As GCs find themselves
increasingly involved in these areas, it is important to remember that very few
organizations address all of them independently and without outside assistance.
The role of effective financial auditor
Responsibility for preventing and detecting fraud rests with management entities. Although
the auditor is not and cannot be held responsible for preventing fraud and errors, in your
work, he can have a positive role in preventing fraud and errors by deterring their
occurrence.
The auditor should plan and perform the audit with an attitude of professional scepticism,
recognizing that condition or events may be found that indicate that fraud or error may
exist.
Based on the audit risk assessment, auditor should develop programs to audit procedures
by which to obtain reasonable assurance that the financial statements in their entirety, all
significant errors and fraud have been identified. It is expected that the auditor to
implement procedures that will lead to the discovery of errors or fraud without significant
impact on the financial statements cannot be held responsible for undetected such
irregularities.
The auditor should communicate with the management of his client. He should ask the
management information concerning any significant fraud or error has been detected in
18

19. order to detect key problems that could lead to certain activities, the implementation of
audit procedures more than usual However the auditor faces the risk inevitable that some
significant errors to be detected, even if the audit is planned and done properly
The role of prudent financial investors
$4m investment fraudster sentenced to 4 years
Michael Summers has today been sentenced at Bristol Crown Court to four years' imprisonment for
deceiving clients out of US $4.3 million in a fraudulent high-yield investment scheme.
Background
Michael John Summers (born 20/06/52)) of Ledbury, Hertfordshire pleaded guilty on 2 February 2006 to
thirty three counts of obtaining a money transfer by deception. The charges relate to his masterminding
a high yield investment scheme that saw more than eighteen investors in the UK lose millions of dollars.
Sentencing was adjourned until after the trial of two individuals who it was alleged had assisted
Summers in the deception. They were acquitted earlier this month.
Summers was the prime mover in the fraud. He created a bogus scheme which he called Secure
Investment Programme Agreements. During the operation of the scheme between 1997 and 2004,
investors deposited a total of over £11 million with Summers. They were promised staggering rates of
return; 60% in less than a year was not uncommon. Some investors did receive some return on their
investment but this was nothing more than money paid into the scheme by later investors. This practice
is commonly known as a “Ponzi scheme”.
The first victim was an elderly woman who resided in a retirement home in Torquay and had granted
power of attorney to the home's owner. The attorney and his accountant met with Summers and agreed
to invest £1.745m, with Summers. This sum had until then been securely invested with a reputable
financial company. Much of this money he spent on his own lifestyle before legal action initiated by the
public trustee on behalf of the elderly investor resulted in an order freezing the account into which the
money had been paid.
Investors were told that their money was being invested in bank trading programmes dealing with
medium term notes. These notes it was claimed could be traded generating very great profits. Investors
were told that such programmes were secretive and normally only available to a select few within the
financial world. The need for the investors to be discreet meant that they were dissuaded from taking
normal prudent financial advice. However none of the money paid by investors was ever used to
purchase any form of investment. Some of it went to pay earlier investors, giving the illusion that profits
were being made. The remainder went to fund Summers' lifestyle. He used part of the money to acquire
a collection of vintage Jaguar cars.
Following the investment by the elderly woman the principle source of new investors were clients
introduced by the two acquitted defendants. Written records were kept of investments and to remind
Summers when investors were due part payments of the interest due. Such part payments were an
invaluable part of the fraud. Investors who had paid over $100,000 felt reassured when after a few
months they received a $20,000 “interest payment”. Indeed some were persuaded to roll over future
interest payments into further investments and others invested even more money into the scheme.
19

20. Inevitably there came a time when investors did not receive the money to which they believed they were
entitled. Disgruntled investors were fobbed off with a range of excuses. Blame would be passed to the
banks, to the authorities who had frozen the elderly woman's money. Even the repercussions of 9/11
were used to explain delay in payments.
Proceedings
In 2002 Devon and Cornwall Constabulary investigated an unconnected suspected theft at the
aforementioned retirement home. This led their enquiries to the crooked scheme promoted by
Summers and to its subsequent referral to the Serious Fraud Office. An SFO investigation commenced,
with the continued involvement of the police, in August that year.
Michael Summers was charged in February 2004, as were two suspected co-conspirators. Summers,
the principal conspirator, pleaded guilty on 2 February 2006 to thirty three counts of obtaining a money
transfer by deception contrary to section 15A of the Theft Act 1968. Mary Mills and Bruce Mead, the
alleged co-conspirators, were tried at Bristol Crown Court on twenty seven counts and were acquitted
by jury on 7 April 2006.
Summers has been sentenced to four years' imprisonment on each of the thirty three counts, each
sentence to run concurrently. A confiscation hearing is to take place on a date in August to be agreed.
In considering sentence on Summers, HHJ Darwall Smith said that though he had taken into account
the pleas of guilty which had saved time and public money he also had in mind the evidence of victims
who had mortgaged houses or lost their life savings to invest in Summers' scheme and that the
persistence and arrogance in continuing to commit further offences whilst on bail was an aggravating
factor.
The judge commended DC Glen Bird of the Devon and Cornwall Constabulary and Gary Burtonwood
of the Serious Fraud Office for “working very hard to bring an exceptionally complex case to court”.
Overview of “Creative Accounting” Techniques and the Red-Flags of
Fraud
Facts about Fraud
According to the ACFE Report to the Nation on Occupational Fraud and Abuse, U.S.
businesses will lose an estimated $652 billion in 2006 due to fraud. The average
organization loses 5 percent of revenue to fraud and abuse. In addition, based on the
ACFE’s survey of more than 1,100 occupational fraud cases, approximately 24 percent of
these cases resulted in losses of $1 million or more.
Collusion: This ranges from employees describing goods as damaged so they can
benefit, to employees colluding to falsify accounting evidence so that they can deceive
external bodies such as auditors, shareholders or banks.
20

21. Customer Fraud: A customer pays with stolen cheques or credit cards. A more
sophisticated fraudster may make and pay for a number of small purchases to build up a
credit rating and then place a large order they do not intend to pay for.
Phantom Employee: The fraudster fails to notify the payroll department when an
employee leaves the firm, or notifies the payroll department of a fictitious employee and
then arranges for the salary to be paid into their bank account or that of an accomplice.
Supplier Fraud: Most commonly and employee crates a fictitious supplier with a similar
name to an existing supplier, and then arranges for the payment of its invoices.
The Fraud Triangle
The classic model for fraudsters continues to be Other People’s Money: A Study in the
Social Psychology
of Embezzlement. The Fraud Triangle is a term, which is used to describe and explain the
nature of fraud.
“I want something I don’t have the money for”
While the specific components of each fraud may differ, the fraud triangle may be defined
as this:
Opportunity is an open door for solving a non-shareable problem in secret by violating a
trust.
Opportunity is generally provided through weaknesses in the internal controls. Some
examples include inadequate or no:
•Supervision and review
•Separation of duties
•Management approval
•System controls
The opportunity to commit and conceal the fraud is the only element over which the local
government has significant control.
Pressure may be anything from unrealistic deadlines and performance goals to personal
vices such as gambling or drugs.
The Red Flags for Fraud
Rationalization is a crucial component of most frauds because most people need to
reconcile their behaviour with the commonly accepted notions of decency and trust. Some
examples include:
21

22. •“I really need this money and I’ll put it back when I get my pay cheque”
•“I’d rather have the company on my back than the IRS”
•“I just can’t afford to lose everything – my home, car, everything”
Factors Contributing to Fraud
Factors contributing to fraud include the following:
Poor internal controls
Management override of internal controls
Collusion between employees
Collusion between employees and third parties
How is Fraud Discovered?
Occupational fraud can be detected through a number of different methods. The ACFE’s
2006 Survey disclosed that 34.2 percent of frauds were detected through tips, 25.4
percent by accident, and 20.2 percent through internal audits.
What is a Red Flag?
A red flag is a set of circumstances that are unusual in nature or vary from the normal
activity. It is a signal that something is out of the ordinary and may need to be investigated
further. Remember that red flags do not indicate guilt or innocence but merely provide
possible warning signs of fraud.
Why are Red Flags important?
The American Institute of Certified Public Accountants has issued a Statement on Auditing
Standards (SAS) No. 99 - Consideration of Fraud in a Financial Statement Audit - that
highlights the importance of fraud detection. This statement requires the auditor to
specifically assess the risk of material misstatement due to fraud and it provides auditors
with operational guidance on considering fraud when conducting a financial statement
audit. SAS 99’s approach is also valuable for other types of audits.
Being able to recognize red flags is necessary not only for public accountants but also for
any auditor working in the public sector where the potential for fraud to occur exists
The Importance of Red Flags for Fraud
Studies of fraud cases consistently show that red flags were present, but were either not
recognized or were recognized but not acted upon by anyone. Once a red flag has been
noted, someone should take action to investigate the situation and determine if a fraud as
been committed. Sometimes an error is just an error. Red flags should lead to some kind
of appropriate action, however, sometimes an error is just an error and no fraud has
occurred. You need to be able to recognize the difference and remember that
22

23. responsibility for follow-up investigation of a red flag should be placed in the hands of a
measured and responsible person.
The Types of Red Flags for Fraud
Now that we have discussed what red flags and fraud are, it is time to talk about the types
of red flags and fraud that, unfortunately, are common in the workplace today.
General Red Flags
What are the red flags that are common to most types of fraudulent activity? Red flags that
are common to most types of fraudulent activity can be categorized as employee and
management red flags. Before we give you examples of employee and management red
flags, it is important to understand more about employee and organizational profiles of
fraud perpetrators. According to the 2006 ACFE survey of more than 1,100 occupational
fraud cases, perpetrators have the following characteristics:
Opportunity Red Flags
 Nobody counts inventory or checks deviations from specifications, so losses are
not known.
 People are given authority, but their work is not reviewed.
 Too much trust and responsibility placed in one employee - improper separation
of duties.
 The petty cash box is left unattended.
 Laptops and digital cameras are left out in the open in unlocked offices.
 Employees that are caught get fired, but aren’t prosecuted.
 Supervisors set a bad example by taking supplies home, borrowing equipment for
personal use, padding their expense reimbursements, not paying for personal
long distance phone calls, not recording leave.
 Monthly financial reports are not reviewed by managers.
 There is no internal audit function.
 There is a perception that it would never be detected.
 Lack of detail in the nominal ledger
23

24. During the course of my internal audit review I found that many expenses had been debited to ‘expense
dump’ accounts. For example, Staff bonuses and lunches were being debited to marketing, and were
by-passing the PAYE system.
Fraud Perpetrator Profile:
The majority of occupational fraud cases (41.2 percent) are committed by employees.
However, the median loss for fraud committed by managers was $218,000, which is
almost three times greater than the loss resulting from an employee scheme.
Approximately 61 percent of the fraud cases were committed by men. The median loss
resulting from fraud by males was $250,000, which is more than twice the median loss
attributable to women.
Most fraud perpetrators (87.9 percent) have never been charged or convicted of a crime.
This supports previous research which has found that those who commit occupational
fraud are not career criminals.
Nearly 40 percent of all fraud cases are committed by two or more individuals. The median
loss in these cases is $485,000, which is almost five times greater than the median loss in
fraud cases involving one person.
The median loss attributable to fraud by older employees is greater than that of their
younger counterparts. The median loss by employees over the age of 60 was $713,000.
However, for employees 25 or younger, the median loss was $25,000.
Organizational Profile:
Most costly abuses occur within organizations with less than 100 employees.
Government and Not-for-Profit organizations have experienced the lowest median losses.
Management ignores irregularities.
High turnover with low morale.
Staff lacks training.
Employee Red Flags
 Employee lifestyle changes: expensive cars, jewellery, homes, clothes
 Significant personal debt and credit problems
 Behavioural changes: these may be an indication of drugs, alcohol, gambling, or
just fear of losing the job
 High employee turnover, especially in those areas which are more vulnerable to
fraud
24

25.  Refusal to take vacation or sick leave
 Lack of segregation of duties in the vulnerable area
Management Red Flags
 Reluctance to provide information to auditors
 Managers engage in frequent disputes with auditors
 Management decisions are dominated by an individual or small group
 Managers display significant disrespect for regulatory bodies
 There is a weak internal control environment
 Accounting personnel are lax or inexperienced in their duties
 Decentralization without adequate monitoring
 Excessive number of checking accounts
 Frequent changes in banking accounts
 Frequent changes in external auditors
 Company assets sold under market value
 Significant downsizing in a healthy market
 Continuous rollover of loans
 Excessive number of year end transactions
 High employee turnover rate
In company, there were frequent changes of senior staff based on claims that they were stealing. It
transpired that the MD himself was the perpetrator and when senior staff got too close to the plot they
were sacked.
 Unexpected overdrafts or declines in cash balances
 Refusal by company or division to use serial numbered documents (receipts)
 Compensation program that is out of proportion
 Any financial transaction that doesn’t make sense - either common or business
 Service Contracts result in no product
 Photocopied or missing documents
25

26.  Let your secretary, accounting tech, audit/budget tech, records tech,
administrative assistant do everything.
 Give away your passwords and approval access codes or store them on the
desktop.
 Never look at or verify your monthly financial reports.
 Criticize and disregard institutional policies and procedures
 Management involved in day to day accounting
I was asked to do the accounting in a family company that had seemed to loose a lot of money, where
one of the owners was responsible for the accounting, and was living a lavish lifestyle in comparison to
the other owners and had now been forced out by the other two family members. I found that the
reason for his lavish lifestyle was the fact there were two sets of books; He had been invoicing out of
two companies, the main one and a ghost company where he alone was collecting the cash.
Changes in Behaviour “Red Flags”
The following behaviour changes can be “Red Flags” for Embezzlement:
 Borrowing money from co-workers
 Creditors or collectors appearing at the workplace
 Gambling beyond the ability to stand the loss
 Excessive drinking or other personal habits
 Easily annoyed at reasonable questioning
 Providing unreasonable responses to questions
 Refusing vacations or promotions for fear of detection
 Bragging about significant new purchases
 Carrying unusually large sums of money
 Rewriting records under the guise of neatness in presentation
Red Flags in Cash/Accounts Receivable
 Since cash is the asset most often misappropriated, local government officials
and auditors should pay close attention to any of these warning signs.
 Excessive number of voids, discounts and returns
26

27.  Unauthorized bank accounts
 Sudden activity in a dormant banking accounts
 Taxpayer complaints that they are receiving non-payment notices
 Discrepancies between bank deposits and posting
 Abnormal number of expense items, supplies, or reimbursement to the employee
 Presence of employee checks in the petty cash for the employee in charge of
petty cash
 Excessive or unjustified cash transactions
 Large number of write-offs of accounts
 Bank accounts not reconciled on a timely basis
Red Flags in Payroll
Red flags that show up in payroll are generally worthy of looking into. Although payroll is
usually an automated function, it is a vulnerable area, especially if collusion is involved.
 Inconsistent overtime hours for a cost centre
 Overtime charged during a slack period
 Overtime charged for employees who normally would not have overtime wages
 Budget variations for payroll by cost centre
 Employees with duplicate Social Security numbers, names, and addresses
 Employees with few or no payroll deductions
Red Flags in Purchasing/Inventory
 Increasing number of complaints about products or service
 Increase in purchasing inventory but no increase in sales
 Abnormal inventory shrinkage
 Lack of physical security over assets/inventory
 Charges without shipping documents
 Payments to vendors who aren’t on an approved vendor list
 High volume of purchases from new vendors
 Purchases that bypass the normal procedures
27

28.  Vendors without physical addresses
 Vendor addresses matching employee addresses
 Excess inventory and inventory that is slow to turnover
 Purchasing agents that pick up vendor payments rather than have it mailed
 Internal Control Weaknesses – lack of: segregation of duties, physical
safeguards, independent checks, proper authorizations, proper documents and
records, overriding of existing controls.
 Analytical Anomalies – unexplained inventory shortages,
Analytical review that Petrol costs did not correlate with the number of vehicles in stock in a car rental
company. After further substantive testing, it was revealed that the company was re-cycling petrol bills
via false petty cash claims.
 Deviations from specifications, increased scrap, excess waste (above industry
standards) purchases in excess of needs.
 Vendor address same as employee address
In a recent assignment I noticed that the gross profit levels were not in line with the budget. After
investigating the production records I noticed that production wastage was low whereas the finished
goods wastage was circa 10%. Further investigation revealed that stock was sent FOC to companies
on the instruction of the MD.
 Too many voided transactions and returns,
 Unusual cash shortages.

Lifestyle Fraud
Lifestyle Fraud is often committed by trusted employees whom management know well,
so it is important to be on the look out for employee lifestyle issues that may be “red flags”
indicating a fraud risk.
• Some embezzlers are secretive. They don’t want to be caught and will “stash” stolen
funds and be extremely careful with their spending. Other “aspiring” embezzlers want to
use, enjoy, share, and show off their fraudulently gained money. Explanations of “new
found” wealth may include:
28

29. “My husband/wife just got a great promotion.”
“I have a few little investments that have been doing really, REALLY well.”
“Great Aunt Ethel passed away and I was totally surprised – she left us quite a nice little
nest egg.”
“I finally decided to get rid of some property that’s been in the family for years.”
Fact: In many cases of fraud, perpetrators openly live beyond their means.
Lifestyle Problem Fraud deals with addictions. Someone who is dependent on drugs,
alcohol, gambling or other addictions typically experience a slow tightening noose of
financial pressures. Desperation fuels monetary needs and, therefore, the need arises to
“borrow” funds to ease the financial dilemma. Employees with addiction problems may be
tough to spot. Many people with addictions can function at fairly high or normal levels of
behaviour during work hours. Presented are a few patterns to look for:
• Absenteeism
• Regular ill health or “shaky” appearance
• Easily making and breaking promises and commitments
• Series of creative “explanations”
• High level of self absorption
• Inconsistent or illogical behaviour
• Forgetfulness or memory loss
• Family problems
• Evidence of deceit (small or large)
Financial Pressures are faced by everyone at some period of time. For a number of
reasons, perhaps beyond their control, employees may find themselves in financially
stressful situations due to a variety of factors. These may include:
• Medical bills
• Family responsibilities
• A spouse losing a job
• Divorce
• Debt requirements
• Maintaining a current lifestyle
• College tuition fees
29

30. • Gambling debts
• Illicit affairs
• High life style
Obviously not everyone who faces undue pressure commits fraud, but the higher the
stress level, the more distracted and desperate an employee may become. Fact:
Researchers conclude that the most common reason employees commit fraud has to do
with motivation – the more dissatisfied the employee, the more likely he or she will engage
in criminal behaviour.
Common Types of Fraud
Fraud perpetrated through absence of proper documentation
•Pilfering stamps
•Stealing of any kind (e.g., cash, petty cash, supplies, equipment, stock, tools, data,
records, etc.)
•Forgery (not just cheque forgery, e.g. forging department head signatures on
purchase orders)
Fraud perpetrated for the benefit of shareholders
Enron was one of the first amongst energy companies to begin trading through the
Internet, offering a free service that attracted a vast amount of customers. But while Enron
boasted about the value of products that it bought and sold online around $880 billion in
just two years, the company remained silent about whether these trading operations were
actually making any money.
It is believed that Enron began to use sophisticated accounting techniques to keep its
share price high, raise investment against its own assets and stock and maintain the
impression of a highly successful company. These techniques are referred to as
aggressive earnings management techniques.
Enron also set up independent partnerships whereby it could also legally remove losses
from its books if it passed these “assets” to these partnerships. Equally, investment money
flowing into Enron from new partnerships ended up on the books as profits, even though it
was linked to specific ventures that were not yet up and running. It now appears that
Enron used many manipulative accounting practices especially in transactions with
Special Purpose Entities (SPE) to decrease losses, enlarge profits, and keep debt away
from its financial statements in order to enhance its credit rating and protect its credibility in
the market.
The main reason behind these practices was to accomplish favourable financial statement
results, not to achieve economic objectives or transfer risk. These partnerships would
have been considered legal if reported according to present accounting rules or what is
30

31. known as “applicable accounting rules”. One of these partnership deals was to distribute
Blockbuster videos by broadband connections. The plan fell through, but Enron had
posted $110 million venture capital cash as profit.
Fraud perpetrated through the development of false Financial Statements
The Fraud Section obtained an FCPA guilty plea from a former executive of an international subsidiary
of Willbros Group, Inc., a provider of engineering and other services to the oil and gas industry, who
admitted that he arranged for payment of approximately $1.5 million in cash in Nigeria. This payment
was part of at least $6 million in corrupt payments promised to Nigerian officials to obtain and retain gas
pipeline construction business in Nigeria. The defendant also admitted that he participated in a
conspiracy involving the submission of fictitious invoices to fund corrupt payments to Nigerian officials,
as well as a conspiracy to pay at least $300,000 to Ecuadoran officials to obtain a gas pipeline
rehabilitation project in Ecuador.
Three former senior executives of General Re Corporation and a former senior executive of AIG were
indicted on conspiracy, securities fraud, and other charges stemming from a scheme to manipulate
AIG’s financial statements through, among other things, false statements in reports filed with the SEC.
The Fraud Section and the USAO for the Eastern District of Virginia executed an agreement with AIG in
which the company accepted responsibility for its actions, resolved its criminal liability, and agreed to
pay$25 million in penalties and to cooperate with the continuing criminal investigation
After doing a stock check of vehicles, the main Asset I discovered a large discrepancy between the
assets values and numbers in the balance sheet and the physical count. Sales invoices were being
suppressed to reduce VAT, and money being banked into another company as receipts from insurance
claims or elsewhere.
Fraud perpetrated through the misuse of corporate resources
• Use of the Company’s assets for private use (Tools, rooms, and computers and
software)
• Rental of facilities
Statistics relating to lost productivity due to employee cyber-loafing are well known, but employee
misuse of Corporate IT generally, such as sending and receiving personal e-mails and using computer
applications for personal purposes, is equally important.
31

32. The potential for corporate and company liability stemming from employee misuse of Corporate IT and
at the very least, adverse publicity, is a serious issue. In one recent example in the Banking sector, one
senior executive misused Corporate IT to access web sites relating to services offered in a foreign
jurisdiction where such services were legal. The resulting bad publicity was arguably as damaging for
the company’s reputation as a direct financial loss such as internal fraud.
There are many cases of people installing office software on home PC’s without prior agreement from
the Company.
http://www.youtube.com/watch?v=WFtcP0wZDUw
Fraud perpetrated through third party intervention
•Increasing vendor invoices through collusion
•Billing for services not rendered and collecting the cash
Fraud perpetrated through false revenue recognition
These sales frauds may also involve collusion between the salespeople and the customer,
or the customer may be another victim. In each of these frauds, however, the ultimate
victim is always the trading entity that employs the manager or the salesperson.
Eric Milne's article, "Damned If You Do or Damned If You Don't?" (Credit Management in Australia,
December 2005, pages 20-21), provides us with an example of one sales fraud. Eric's topic was
focused on phoenix operators. However, as an unintended bonus, this article also provides us with an
insight on how sales fraud is perpetrated.
Eric's story shows how credit managers are often encouraged by management and sales managers to
open new accounts. However, like Eric, they are not always given all the details of the new trading
terms. In Eric's situation, the directors of this new business account had operated another business,
which was in liquidation, and had left Eric's business with a large debt. Subsequently, this new business
also went into liquidation and Eric's business was left with another debt, to the same directors.
In this case, a sales fraud was perpetrated by the national sales manager, and possibly the managing
director, against the entity that employed them. They had negotiated a new trading relationship where
the complete terms were not openly known to other employees, such as Eric, who had a right to know
before the new account was authorized.
The motive for their actions was that these managers would have benefited personally from the
increased sales from the new account. Eric certainly didn't benefit, but was in fact, penalized by the
extra work required to clean up the mess created by others.
Fraud perpetrated through the use of acquisitions
32

33. The theft of assets takes many forms, from employees simply walking away with laptops
and other valuable and moveable assets, to collusion with suppliers to ship “Phantom”
goods. The creation of the Fraud Resistant Company® depends heavily on the ability of
the company to ensure it uses its invested capital for the acquisition of assets that add to
shareholder profitability. In this section your will explore:
Frauds in Capital Spending – Misrepresenting DCF Models
Leasing Frauds – The Lease – Buy Syndrome
Red Flags of Capital Spending Fraud Collusion with Suppliers
Manipulation of Depreciation Covenants
The capitalization of Operating Expenses
Accounting for fictional Assets
Solutions
Fixed Asset Management systems as a key defence tool
The Red Flags of Owned-Asset Fraud
Ratio Analysis as a Fraud Detection tool
Fraud perpetrated through derivatives -reason unknown
Kerviel, 31, a junior trader at France's second biggest bank Société Générale, is in hiding after he cost
his employers €4.9bn in the biggest-ever trading fraud by a single person. His staggering scheme of
fictitious customer accounts caused five times the damage of rogue trader Nick Leeson who sparked
the collapse of Barings bank in 1995. The French bank says family problems and mental fragility led its
rogue trader to squander €4.9bn in succession of illegal deals
Phil Stockworld (Reporter)Wed Mar172010
JPMorgan, UBS and Deutsche Bank Charged with Derivatives Fraud
33

34. Courtesy of JESSE’S CAFÉ AMÉRICAIN
More like international crime families sending out enticing emails trying to lure and trick the
unsuspecting than serious financial institutions. This is banking?
Notice that these were operating out of their London units, similar to the AIG derivative scandal that
helped to worsen the US financial crisis. The FSA is apparently working hard now to enforce its rules
and bring these banks to heel. Contrast that with the SEC in the States which seems reluctant to do
anything regarding enforcement, and even when a judge puts them to the task, are able to administer
only the mildest of financial chastisement to be passed on to the shareholders.
There is speculation that the US government cannot reform these banks because it is deeply involved in
financial transactions of a questionable nature with them itself, ranging from enormous individual
campaign contributions to market manipulation in various financial instruments in support of government
policy which is otherwise failing badly. The opacity of markets and government bodies like the ESF
makes this difficult to assess, but the outrageous size of positions amongst some of the banks, together
with the occasional slip in the redacted transcripts is the smoke that indicates more heat beneath the
surface than we might imagine.
The US Treasury Secretary himself is recently implicated in an outrageous accounting fraud perpetrated
by Lehman Brothers with the apparent complicit silence of the NY Fed which he was leading at the
time.
And yet the Congress seems to be able to do little or nothing, it is so controlled by the monied interests.
The Senate has the temerity to propose giving Consumer Protection to this very Fed as it is revealed to
be complicit in bank fraud of epic proportions, and a track record of fighting and delaying consumer
reforms and sensible regulation of OTC derivatives for years. The Republicans are unashamed of their
venality, and the Democrats are seemingly leaderless.
The banks must be restrained, the financial system reformed, and balance restored to the economy
before there can be any sustained recovery.
Fraud perpetrated through the absence of proper accounting records
Internal auditors must train themselves to recognize fraud symptoms and pursue the truth.
Fraud is seldom witnessed firsthand. It's a crime that is often shrouded in ambiguity, and
it's sometimes difficult even to determine whether or not a crime has actually been
committed. Only the symptoms of fraud, the red flags or indicators, exist to alert
management of wrongdoing. Unfortunately, many such fraud symptoms go unnoticed;
and, in some cases, signals that are recognized are not vigorously pursued.
Internal auditors must learn to recognize employee fraud indicators and discover whether
the symptoms are the result of actual fraud or if they represent other factors. In situations
where employee fraud has occurred, internal auditors must be prepared to persist and
pursue until a confession or other convincing evidence is obtained.
Fraud Indicators
34

35. Most indications of employee fraud fall into one of six categories: (1) accounting
anomalies, (2) internal control symptoms, (3) analytical anomalies, (4) lifestyle symptoms,
(5) behavioural symptoms, and (6) tips and complaints.
Accounting Anomalies
When perpetrators embezzle from their employers, accounting records -- such as
documents, journal entries, ledgers, or financial statements -- are often altered, forged, or
missing. For example, an employee fraud that involves setting up a dummy company
would involve submission of false invoices from the dummy company to the perpetrator's
employer. The employer would then send other documents, such as cheeks, to the
dummy supplier.
A fraud that involved an employee's overstatement of travel expenses might involve
submission of some document, perhaps a fictitious hotel bill, to the employer. The
employer would then give the employee a cheek, another document, for an amount larger
than the employee was entitled to receive.
Other employee frauds are concealed through fictitious journal entries. For example, a
perpetrator might embezzle cash and attempt to conceal the theft by creating a journal
entry increasing an expense. In such a case, there would probably be an invoice from a
fictitious vendor, or support for the entry would be missing.
In some cases, employee frauds are discovered through detective controls in the form of
accounting exception reports that identify anomalies. For example, banks often use
reports that detail large and unusual items and activity, suspected kiting incidents, and
strange activity in employees' bank accounts. Common accounting symptoms might
include missing documents; stale items on reconciliations; excessive voids or credits;
common names or addresses of payees or customers; increased past due accounts;
increased reconciling items; alterations on documents; duplicate payments; second
endorsement on checks; document sequences that don't make sense; questionable
handwriting or printing on documents; photocopied documents; unusual items on reports;
journal entries without documentary support; unexplained adjustments made to
receivables, payables, revenues, or expenses; journal entries that don't balance; journal
entries made by individuals who would not normally make such entries; entries made at or
near the end of accounting periods; ledgers that don't balance; master or control account
balances that don't equal the sum of the individual customer or vendor balances;
significant changes in financial statements; or unusual items on tracking reports.
An example of the kinds of accounting symptoms that accompany fraud is provided in the
case study, "The Certificate of Deposit (CD) Fraud." In that case, the following accounting
or documentary symptoms were present:
35

36. 1. Exception reports identified fraudulent transactions that had no apparent business
purpose, that involved unusually large amounts, and that exhibited unusual, atypical, and
otherwise questionable patterns of supervisor overrides. This symptom occurred at least
221 times during the fraud.
2. Journal vouchers contained only one signature or incorrect information and/or reflected
transfers between different customers' accounts. This symptom occurred at least 22 times
during the fraud.
3. Deposit slips, completed by John, contained missing information, incomplete customer
names, or a mismatch between the name of the depositor and the name on the passbook
and/or the account name in the bank's records. This symptom occurred at least 56 times
during the fraud.
4. Deposits and withdrawals exceeding $1,000 appeared in John's personal passbook
account. This symptom occurred at least 90 times during the fraud.
5. Withdrawal vouchers completed by John lacked customer names or signatures and/or
contained incomplete or inaccurate information. This symptom occurred at least 35 times
during the fraud.
6. Deposits and withdrawals from the same account were made on the same day or within
a short period of time and appeared on exception reports. This symptom occurred at least
76 times during the fraud.
7. Bank checks reflected transfers between different customers' accounts or checks with
altered dates. This symptom occurred at least 11 times during the fraud.
8. Withdrawal vouchers and cheeks contained purported customer signatures that, on
inspection, were readily distinguishable from the customer's signature and were actually
signed by John. This symptom occurred at least 73 times during the fraud.
9. Withdrawal vouchers completed by John showed a different name from the account
name. This symptom occurred at least 54 times during the fraud.
Internal Control Symptoms
36

37. Fraud occurs when pressure, opportunity, and rationalization come together. Most people
have pressures. Everyone rationalizes. When internal controls are absent or overridden,
everyone also has an opportunity to commit fraud.
Internal control is comprised of the control environment, the accounting system, and
control procedures. Common control fraud symptoms include a poor control environment,
lack of segregation of duties, lack of physical safeguards, lack of independent checks, lack
of proper authorizations, lack of proper documents and records, the overriding of existing
controls, and an inadequate accounting system.
Many studies have shown that the most common element of employee frauds is the
overriding of existing internal controls. In "The Proof Operator Fraud" case study, for
example, there were glaring internal control weaknesses, including the following:
1. All deposits and transfers of funds were to go through tellers. Yet, proof employees
were making transfers for bank officers and for themselves directly through proof. Most
people in the bank were aware of this practice; but because it was being done at the
president's request, they didn't think it was wrong.
2. All documents were to be accessible to external auditors. Yet Jane kept a locked
cabinet next to her desk, to which only she had the key. A customer whose statement had
been altered by Jane complained, but he was told that he would have to wait until Jane
returned from vacation because the documentation relating to his account was in Jane's
locked cabinet.
3. All employees and officers of the bank were required to take an uninterrupted two-week
vacation. At Jane's request, management allowed this control to be broken. Based on her
memos, which explained that "proof would get behind if she took a two-week vacation,"
Jane was allowed to take her vacation one day at a time. In addition, no one was allowed
to perform Jane's most sensitive duties while she was away.
4. General ledger tickets were supposed to be signed by two people, including one
individual other than the person who completed the ticket. In order to override this control,
Jane had her employees pre-sign ten or 12 general ledger tickets, so she would not have
to "bother" them when they were busy.
5. Opening and closing procedures were supposed to be in place to protect the bank, but
many employees had all the keys necessary to enter the bank at will.
37

38. 6. An effective internal audit function was supposed to be in place. For a period of two
years, however, no internal audit reports were issued. Even when the reports were issued,
internal auditors did not check employee accounts or perform critical control tests, such as
surprise openings of the bank's incoming and outgoing cash letters to and from the
Federal Reserve.
7. Incoming and outgoing cash letters were supposed to be microfilmed immediately. This
compensating control was violated in three ways. First, letters were not usually filmed
immediately. Second, for a time, letters were not filmed at all. Third, Jane regularly
removed items from the cash letters before they were filmed.
8. Employees' accounts were not regularly reviewed by internal auditing or management.
On the rare occasions when the accounts were reviewed, numerous deposits to, and
checks drawn on, Jane's account that exceeded her annual salary were not questioned.
9. Loans were supposed to be made to employees only if the employees met all lending
requirements, as if they were normal customers. At one point, the bank made a $170,000
mortgage loan to Jane-the largest mortgage loan made by the bank to anyone-without any
explanation as to how the loan would be repaid or how she could afford such a house.
10. Employees in proof and bookkeeping were not supposed to handle their own
statements directly. Yet, employees regularly pulled out their own checks and deposit slips
before the statements were mailed.
11. Managers were supposed to be reviewing key daily documents, such as the daily
statement of condition, the significant items and major fluctuation report, and the overdraft
report. Either managers didn't review these reports or they didn't pay close attention to
them when they did review them. There were daily fluctuations in the statement of
conditions of more than $3 million. The significant items and major fluctuation report
revealed huge deposits to, and checks drawn on, Jane's account. In addition, Jane
appeared on the overdraft report 97 times during the first four years she was employed.
Fraud perpetrated through override of existing controls and for the benefit
of the individual
•Falsifying timesheets for a higher amount of pay
•Lapping collections on customers’ accounts (definition is last page
of the
handout)
•Cheque Kiting (definition is on last page of the handout)
•Pocketing payments on customers’ accounts, issuing receipts on self-designed
receipt books
•Not depositing all cash receipts (deposits are not “intact”)
•Creating fictitious employees and collecting the pay cheques (impersonation)
38

39. A company I worked at used to employ people on piecework. During the preparation of Management
accounts, I noticed that as the sales went down, there was no significant fall in the production wages. I
discovered that wages were being paid to people that had left.
•Failing to end personnel assignments for terminated employees and collecting the
pay cheques
• Suppressing debit notes from customers
At the start of my career I was involved in credit control for a large company. The accounts had not
been reconciled for some time. As I was reconciling one of the larger accounts, I noticed that the
discrepancy between our ledger and the customers was due to a large volume of debit notes that we
had no record off.
We got copies of them and found that they related to pricing discrepancies. We had no knowledge of
any pricing irregularities. It was later found that the sales representative had the debit notes in his draw
and had indeed contracted to sell at the lower price, so increasing his sales and his commissions but
reducing our Gross Profit and in some cases selling at a Gross Loss.
•Paying for personal expenses with business funds
• Seizing checks payable to vendors
•Recording fictitious transactions on the books to cover up theft
A few years ago I was told of a fraud. Fictitious invoices from suppliers were being posted to
suspense/expense accounts; the supplier accounts were then cleared by payments and set off against
cash receipts. The Fraud went concealed for two years because the relevant accounts did not show up
on the Sage accounting system. The Sage TB did not show nominal accounts where the balance was
zero.
•Unreimbursed personal calls
•Personal purchases on the procurement card
•Inappropriate charges to a travel or account payable voucher
•Theft of inventory items
39

40. My management accounts for the Company and analytical review revealed a difference between the
gross profit margin and the costing information. My management report to the board of Directors
highlighted this and the risk of fraud by staff as well as actions that were needed to confirm that this was
indeed the case and were necessary to address the issue.
At the time, stock counts were performed at the month end but there was no gross profit analysis
undertaken on a day-to-day basis. There was no stock system and there were no random counts of
stock or formal method of agreeing the stock system to the physical stock. Although stock was kept in a
locked room, there were times when it was accessible to other members of staff.
The managing director implemented the recommendations of the management report:
1. To use the stock module of the company’s accounting programme.
2. To perform random stock counts, agreeing the physical stock to the data on the company’s
stock system.
3. To prepare a daily gross profit report based on sales, comparing this to the gross profit on
the management accounts.
4. To restrict further the access to the stock room.
I revealed that there was fraud and that two engineers were stealing the stock from the stock room and
taking it out via the back of the building. These engineers were required to resign. Following their
resignation, the gross profit analysis agreed to the gross profit margin on the management accounts
and the firm once again became profitable.
•Theft of cash from deposits
•Falsifying time card with time not worked
•Conflicts of Interest
•Nepotism
•Breach of Duty
•Favouritism
40

41. Other Fraud Danger Signals
•No supporting documentation for adjusting entries
•Incomplete or untimely bank reconciliations
•Increased customer complaints
•Write-offs of inventory or cash shortages with no attempt to determine the cause
Company Policy must require all cash shortages and other discrepancies to be signed off by a
departmental head
•Unrealistic performance expectations
•Rumours of conflicts of interest
Two consultants who openly argued with each other in a company, and showed a complete resentment
for each other surprised everyone. They handed their notices in together and set up in competition to
the Company.
•Using duplicate invoices to pay vendors
•Frequent use of sole-source procurement contracts
•Frequent use of journals
•Lots of deleted transactions
•Duplicate invoices
•Missing delivery note books (indicative of sales of stock for cash)
•Inactive customer accounts
A member of staff had problems with his computer. While the in-house office manager was fixing his
PC, she discovered that he had been raising personal invoices to a customer who had been inactive.
Next Steps
Being aware of red flags is only step one and is usually not enough for the local
government. Once a red flag is identified, you must take action to determine its
effect. Evaluating the red flag may be accomplished by financial analysis,
observation or by any other technique that tests an apparent weakness. Once the
analysis is complete it’s time to move on to correct the situation.
41

42. Evaluating Red Flags
What is the effect on the business at hand? Sometimes red flags that have no
financial impact may not require a change in procedure. Remember though, that a
red flag is a warning that something is or could be wrong. If you discover fraud,
then an investigation is usually the next step. If it is just an error, then
steps should be taken to correct the error and a procedure or follow up should be
initiated to prevent it from occurring again. Financial analysis has several
applications when red flags are present. The most common is to determine what
effect it has on the conduct of the local government. For example, what is the
potential as well as the historical loss as the result of the red flag? What is the cost
to prevent a potential loss from occurring and what will it cost to recoup the
identified loss?
Use of Computers and red flags
COMPUTER-ASSISTED TECHNIQUES FOR FRAUD DETECTION
Computer technology gives auditors a new set of techniques for examining the
automated business environment. In fact, the detection of fraud is a perfect
application for computer-assisted audit tools and techniques (CAATTs).
As early as 1982 CAATTs was a powerful audit tool for detecting financial errors.
In recent years, analytical techniques have become not only more powerful but
also more widely used by auditors. But it is only in the last 10 years that the use of
computer-assisted tools and auditing techniques has become standard practice.
Audit software permits auditors to obtain a quick overview of the business
operations and drill down into the details of specific areas of interest. The audit
program can also be extended to perform a 100% verification of certain
transactions and a recalculation of important ratios and figures.
Audit software can highlight those individual transactions or red flags that contain
characteristics often associated with fraudulent activity. With audit software,
millions of files can be examined, previous years' data can be used to identify
anomalies, and comparisons can be made between different locations. Also,
computer-based data analysis tools can prove invaluable when addressing
suspected fraud situations.
The techniques and types of data interrogations in modern audit software are
almost unlimited. For example, audit software has many commands that support
the auditor's requirement to review transactions for fraud such as the existence of
duplicate transactions, missing transactions, and anomalies. Some examples of
these routines/reports that will highlight red flags include--
42

43. * comparing employee addresses with vendor addresses to identify employees that
are also vendors;
* searching for duplicate check numbers to find photocopies of company checks;
* searching for vendors with post office boxes for addresses;
* analyzing the sequence of all transactions to identify missing checks or invoices;
* identifying vendors with more than one vendor code or more than one mailing
address;
* finding several vendors with the same mailing address; and
* sorting payments by amount to identify transactions that fall just under financial
control on contract limits.
*Patterns such as negative entries in inventory received fields
*voided transactions followed by "No Sale,"
*or a high percentage of returned items
*Taxpayer complaints
*A listing that compares actual vs. budgeted expenditures for employee
reimbursements of expenses to determine unusual patterns
*Duplicate or non existent Social Security numbers for employees or vendors
*Unusual patterns of overtime payments
Audit software can be used to interrogate a company's data files and identify data
patterns associated with fraud. may indicate fraudulent activity. Auditors can use
these data patterns to develop a "fraud profile" early in their review of operations.
The patterns can function as auditor-specified criteria; and transactions fitting the
fraud profile can trigger auditor reviews. Systems can even be built to monitor
transactions on an ongoing basis. Continuous monitoring is a proactive approach
to the early detection of fraud.
Computerized techniques and interactive software can help auditors focus their
efforts on the areas of greatest risk. Auditors can choose to exclude low risk
transactions from their review and to focus on those transactions that contain a
higher probability of fraud.
43

44. Audit software also provides auditors with the ability to extract information from
several files, with different database management systems, in order to search for
underlying patterns or relationships among data. For example, reviewing data
from the accounts payable and the contracting databases may reveal a
concentration of contracts with one vendor all initiated by the same contracting
officer, leading to concerns about possible kickbacks.
Today's audit software makes "what if" analysis easy to formulate and perform.
Auditors can form an initial hypothesis, test that hypothesis, and revise it as
necessary based on the results of interactive analyses.
Computerized techniques can assist the auditor in identifying symptoms early in
the life of a fraud. This will serve to reduce the negative impact of many frauds--
before millions of dollars are lost or goodwill is destroyed. Automated routines
that monitor key symptoms and track trends can be a major deterrent of fraud,
preventing some fraudulent activities and identifying fraud almost as soon as it
occurs.
Fraud Detection Using Digital Analysis
A growing area of fraud prevention and detection involves the examination of
patterns in data. The rationale is that unexpected patterns can be symptoms of
fraud. A simple example of the application of this technique is a search for
duplicate transactions, such as identical invoice or vendor numbers for the same
amount.
The existence of duplicates would be an unexpected pattern in the data and
indicate possible fraud.
Another simple digital analysis technique is to search for invoices with even
sterling/dollar amounts, such as 200.00 or 5,000.00. The existence of particular
even amounts may be a symptom of fraud and should be examined.
Case Study: Even Amounts
Travel expenses had always been a concern for the auditors of X Company since it was an area where
the controls were weak. Employees had a maximum per diem rate when travelling but had to submit
receipts to cover the actual expenses. Maximums were also established for meals: breakfast $10.00,
lunch $20.00, dinner $30.00, and hotel lodging $100.00. The auditors configured the audit software to
identify meal expenses that were multiples of $10.00. These transactions were compared to receipts to
ensure that the amounts expensed were appropriate. A detailed review determined that many travellers
were charging the maximum rates for meals even though their receipts did not justify the amounts.
44

45. Case Study: Doctored Bills
The auditors reviewed the patient billing system at Company Y to determine if the appropriate charges
were being assessed by health care providers. An initial analysis of the data was performed to calculate
the ratio of the highest and lowest charges for each procedure. A judgment was made those procedures
with a max/min ratio of greater than 1.30 be noted and subjected to additional review.
For a particular quarter, three procedures had ratios higher than 1.30, the highest being 1.42. A filter
was used to identify the records related to the three procedures in question, and additional analysis was
performed. This quickly determined that one doctor was charging significantly more than the other
doctors for the same procedures. A comparison of charges from the billing system with payments in the
accounts receivable system revealed that the doctor was skimming off the patient payments. The
amount recorded in the receivable system was in line with the usual billing amount for the procedures.
The doctor was unable to justify the higher prices or explain the difference in the billing and the
receivable systems.
The third ratio compares data from different years, departments or operating areas, and the like. For
example, the ratio of last year's purchases to current year's purchases for each supplier can point to
symptoms of fraud such as kickbacks in the contracting section. If the total purchases from a supplier
have gone from $100,000 to $400,000--a ratio of 4.0--further analysis may be in order.
Case Study: Contracting Kickbacks
Jonathan, one of the contracting officers, had devised a great win/win kickback scheme. The auditors
decided to use digital analysis as part of their review of the contracting section. One of the analyses
calculated the total contract amount by supplier for each of the past two years. A ratio of current year to
previous year was calculated and the minimum, maximum, average, and highest and lowest five ratios
were displayed. While the average was close to 1.0, the highest and lowest five values showed that
some companies had significant decreases in business, while others had experienced significant
increases in business.
The auditors reviewed the details of all companies that had a ratio of less than 0.7 or more than 1.30.
Totals were calculated by a contracting officer. For companies with an increase in business, the results
revealed that Jonathan had raised many of the contracts. In comparison, Jonathan had raised no
contracts with the companies that had seen a decrease in business. The auditors learned of Jonathan’s
kickback scheme when they interviewed salesmen from the companies that had ratios less than 0.7.
Interviews with salesmen from the firms that had increased sales by 1.30 or more added credence to
the fraud accusations. Both groups of salesmen said that they were told they would only get business if
they paid Jonathan a kickback.
Case Study: Signing Authority
The auditors for Z Company were investigating possible fraud in the contracting section, where
thousands of contracts were raised every month. They used Benford's Law to examine the first two
digits of the contract amount. The results of their analysis revealed that the digits 49 were in the data
more often than expected.
45

46. Classifying on the contracting officer for all contracts with 49 as the first two digits determined that the
contracting manager was raising contracts for $49,000$49,999 to avoid contracting regulations.
Contracts under $50,000 could be sole-sourced; contracts greater than $50,000 had to be submitted to
the bidding process. He was raising contracts just under the financial limit and directing them to a
company owned by his wife. *
Use of Direct Observation to detect red flags
Direct observation is the method of choice to determine the effect a red flag has on
an organization. For example, if analysis of overtime for an area suggests that one
person is falsifying time cards, observing the person’s start and stop times is
important. Observation is also useful when employee lifestyle changes are noted,
or to get an understanding of how an area works. Does the employee in fact drive
a new Jaguar on a salary that clearly wouldn’t support it? Whether it is fraud or an
error, action should be taken to prevent the act from occurring again.
Reporting Fraud
In today’s environment, it is essential that local governments have policies and
procedures in place for reporting irregularities and/or suspected fraud. These
policies and procedures need to be clearly communicated to all employees and
reviewed periodically to ensure that they still make sense. In addition to having
policies and procedures in place, employees should be able to communicate red
flags with the appropriate personnel without being concerned for their jobs or
some type of retaliation. If possible, some type of anonymous form should be
developed for employees to fill out. Just remember, the
ACFE’s 2006 Survey disclosed that approximately 34.2 percent of frauds were
detected through tips.
Conclusion
Red flags are warnings that something could be or is wrong. Auditors, employees,
and management need to be aware of red flags in order to monitor the situation
and then take corrective action as needed. Employees who notice that red flags are
ignored may mistakenly believe that it is okay to game the system or that they
won’t get caught. A little fraud soon becomes a large one if left to grow.
46

47. Internal Accounting and Operational Controls and Fraud
Nature and theory of Internal control structure
Common Factors
There are internal control weaknesses that are common elements of fraud or
embezzlement and we must make necessary revisions to internal controls:
Lack of board approved policies - for areas such as lending, investing, borrowing, and
operating expenses;
Lack of segregation of duties - concentrating the control over all phases of a transaction in
one dominant controlling manager, often a single person operation;
Lack of mandatory vacation policy - embezzlements usually require the
embezzler's ongoing attention; therefore, policies that require managers and
employees to take at least one and preferably two weeks' vacation (not a day
here and there) reduce the risk of embezzlements;
Failure to maintain adequate audit trails - audit trails enables the tracing of any given item
through the credit union's books;
47

48. Incomplete or inadequate audits or verifications - audits (required at least annually) and
verifications (required at least every two years) must be performed in a timely manner,
under controlled conditions, and independent of credit union management and staff;
Inactive supervisory committees - the committee is the most important single element in
the internal control structure;
Repeated record keeping problems - inaccurate or incomplete records are often used to
hide fraud;
Manipulated bank reconcilements - hides problems from casual review;
Failure to review standard computer reports;
Fictitious loan or share accounts;
Cost of funds far exceeding average stated dividend rates;
Yield on loans far less than stated loan rate in credit unions with low delinquency;
Yield on investments well below the coupon rates; and
Excessive and unexplained operating expense ratios.
Alternative Testing Procedures
Fraud and embezzlement schemes are not solely a problem of larger credit unions. In fact,
the very size of small credit unions creates opportunities for a weak internal control
structure and fraud. Officials of smaller credit unions must work within their organizations
to develop methods that will safeguard their members' accounts and reduce the
opportunity for fraud. Suggested reviews and alternative testing methods that the
supervisory committee members or someone independent of the credit union staff should
perform include:
Review of the negative shares report;
Review of un-posted items report;
Review of maintenance reports showing loan due date changes - unwarranted changes to
loan due dates may disguise a fictitious loan or loans not receiving regular payments;
Review of reports showing loans by interest rate - reveals unusually low loan rates;
Review of general ledger suspense accounts - generally used to temporarily "store" a
transaction until all necessary information is available, but can also be used to hide an
unauthorized transaction; and
Review of the reconciliation of cash receipts to cash deposits - daily receipts should be
promptly deposited in amounts readily traceable to the bank deposits.
48

49. Conclusion
Internal audit officials are responsible for implementing a system of sound internal controls
and for ensuring that the controls are regularly followed by management and staff.
Although fraud may be uncovered, the annual audit and regulatory examination are not
intended to detect fraud.
The purpose of internal controls is not to entrap employees; rather, good internal controls
provide a working environment in which good employees are not tempted to do something
they would not ordinarily do.
The controls are often monitored by the internal auditing department. Companies that
initiate and consistently follow basic internal controls are less likely to experience fraud and
embezzlement than those whose internal controls are weak.
Internal Controls
Types of Controls Internal controls may be:
• Preventive - designed to keep errors or irregularities from occurring
• Detective - designed to detect errors or irregularities that have already occurred.
• Corrective - designed to correct errors or irregularities that have been detected.
Who is Responsible for Internal Control?
The organization’s leadership is ultimately responsible. Everyone in an organization plays
some role in effecting control. All personnel should be responsible to communicate
problems in operations, deviations from established standards, and violations of policy or
law. Auditors contribute to the effectiveness of controls, but they are not responsible to
establish or maintain them.
Five Components of an Integrated System of Internal Controls
An effective system of internal controls requires: All 5 components working together ––
Control Environment– Risk Assessment– Control Activities– Information &
Communication– Monitoring Everyone in the organization playing an active role.
Internal Controls are Everyone’s Business!
Control Environment
•Ethical tone established by management; foundation for all other components; “tone at
the top” (soft controls) Factors include:
• Integrity & Ethical Values–must be clearly communicated, in writing and by example.
49

50. •Commitment to Competence• Management Philosophy & Operating Style•
Organizational Structure
•Human Resource Policies & Procedures–practices related to hiring, training, evaluation,
promoting, compensating, etc.
How do you Evaluate Soft Controls? Subjective - the only valid measure of their
effectiveness may be employees’ perceptions. Most modern internal control evaluation
practices have a strong element of self-assessment,
Risk Assessment
• Mechanism to identify, analyze and manage risks faced by the institution.
• Internal Factors-new personnel, new computer systems/processes, low morale.
• After risks have been identified, they must be analyzed -assess the likelihood of the risk
occurring; estimate the impact of a risk if it does occur; consider how to manage the risk. •
We cannot anticipate every potential risk
Control Activities
Policies (what should be done) and procedures (how it should be done) designed to help
ensure that objectives are achieved.
(Hard controls)Types of control activities: Transaction Approvals, Authorizations,
Verifications Reconciliations Performance reviews, benchmarking, trend analysis.
Physical controls -restrict access to equipment, conduct inventories, secure/count cash,
etc. Segregation of Duties- different people should be responsible for:– authorizing
transactions– recording transactions (accounting)– handling the related assets (custody)–
monitoring transactions (reconciling, verifying).
Information Systems (Soft Controls)–general controls and application controls.
Segregation of duties within IT environment.
Backup and recovery policies & procedures Program development & documentation
controls Hardware / access controls (i.e. passwords) Virus detection software Firewalls
Activities Application controls: Input controls (authorization, validation, error notification –
i.e. field checks, limit checks, sequence checks) Processing controls – batch totals, audit
trails Output controls – listing of master file changes, error listings
Information & Communication
To be able to provide data that accurate, detailed, understandable and in usable form to
the right people in time to allow appropriate action.
Up & down the organization – clear messages from the top regarding philosophy,
objectives and policies, and a means for personnel to communicate upstream.• Across the
organization – individuals and departments sharing information across organizational
lines.
50

51. Monitoring
Assessing the quality of performance over time and making any necessary modifications.
Activities include: Management review of financial reports for propriety and trends..Self
assessments, internal audits, external reviews to report and correct deficiencies
Limitations of Internal Controls
Judgement-decisions are made by humans, often under pressure and time constraints,
based on information at hand.
Breakdowns-Employees may not understand instructions or may simply make mistakes.
Errors may result from new systems and processes.
Management Override - high level personnel may be able to override prescribed policies
and procedures.
Collusion - two or more individuals, working together, may be able to circumvent controls.
Cost vs. Benefit - The risk of failure and the potential effects must be weighed against the
cost of establishing controls.
Balancing risk and Internal Controls
Not having an effective balance may cause:
“Too little” means Excessive Risks
Loss of Assets, Donors, Grants & Contracts, State funding- Poor Business Decisions-
Non compliance with laws & regulations- Increased Regulations- Public Scandals
“Too much” means business may be hampered because of Excessive Controls
Increased Bureaucracy- Increased Complexity- Increased Cycle Time- Increase in Non-
Value Added Activities- Reduced Productivity
Internal Operational Controls
A Definition
In accounting and organizational theory, Internal control is defined as a process effected
by an organization's structure, work and authority flows, people and management
information systems, designed to help the organization accomplish specific goals or
objectives. It is a means by which an organization's resources are directed, monitored,
and measured. It plays an important role in preventing and detecting fraud and protecting
the organization's resources, both physical (e.g., machinery and property) and intangible
(e.g., reputation or intellectual property such as trademarks). At the organizational level,
internal control objectives relate to the reliability of financial reporting, timely feedback on
the achievement of operational or strategic goals, and compliance with laws and
regulations. At the specific transaction level, internal control refers to the actions taken to
51

52. achieve a specific objective (e.g., how to ensure the organization's payments to third
parties are for valid services rendered.) Internal control procedures reduce process
variation, leading to more predictable outcomes. Internal control is a key element of the
Foreign Corrupt Practices Act (FCPA) of 1977 and the Sarbanes-Oxley Act of 2002, which
required improvements in internal control in United States public corporations. Internal
controls within business entities are called also business controls.
Internal controls have existed from ancient times. In Hellenistic Egypt there was a dual
administration, with one set of bureaucrats charged with collecting taxes and another with
supervising them.
Specific Controls
Management should consider implementing a variety of specific measures to mitigate or
limit operational risks, such as authentication and encryption techniques to ensure the
authenticity of the payer and payee as well as prevent unauthorized access to information
in transit; and edit checks and automated balancing to verify the integrity of the information
relative to the payment order and funds transfer transaction. Additional controls include the
use of certified tamper resistant equipment, logical access controls to verify transactions,
verification of account balances, and the logging of all transactions and attempts to make
a transaction.
Additional internal control measures that management should employ to mitigate
wholesale payment system risk include:
Supervisory
 The procedures for dealing with new suppliers must require them to be screened
thoroughly. The procedures should call for suppliers to provide you with a landline
number and check that you can contact them on that number.
 Payment data verification;
 Clear error processing and problem resolution procedures; and
 Confidential and tamper resistant mailing procedures for sensitive material.
 The operational controls for funds transfer operations require clearly defined
procedures establishing a control environment which provides for the
authorization and authentication of transactions. Financial institutions should
establish effective operational controls that identify and document:
 The original payment instructions from the corporate or individual customer to the
financial institution and other pertinent information (e.g., account officer, branch
manager, terminal entry identity, automated interface identification);
 Every transfer point of data for each step of the manual process (e.g., account
officer, message receipt, authentication, data entry, and payment release); and
 Every transfer point of data for each step of an automated process (e.g., SWIFT
and Telex, message preparation, data entry, and payment release).
52

53.  Basic internal controls should be in effect to maintain overall integrity for any
funds transfer operation. However, depending on the complexity and volume of
operations, certain steps may not be applicable for some institutions.
Recommended control objectives for a wholesale funds transfer system include:
 Verifying the accuracy and completeness of the outgoing instruction;
 Protecting original instructions from loss or alteration;
 Authenticating the identity and authority of the sender;
 Ensuring collected balances are available and held for the outgoing payments;
 Ensuring the original unaltered outgoing instruction is entered into the internal
accounting system;
Safety and security
 Maintaining a physically secure environment, with alarm systems, safes, software
tools and CCTV.
 Financial institutions should have funds transfer policies and procedures
addressing both the processing of funds transfer messages and the related
standards for creating and maintaining source documents. Policies and
procedures should include documentation describing all interfaces between the
funds transfer application and other back office and customer-related banking
processes, and should address the controls relating to crediting, debiting, and
reconciling customer and institution account balances. Policies and procedures
should also document institution specific compliance requirements to address
federal and state regulations including OFAC verification procedures.
 Physical and electronic access to sensitive areas and procedures must be
restricted. “One key each”
 Always encrypt data on your computer network
 Take care of pares thrown out; shred anything sensitive
 Ensure your computer system is sound, by using firewall , strong alpha numeric
passwords ( avoiding real words) changed regularly and up to date virus software
 Have a clearly defined fraud response plan so that you can react effectively
should fraudulent activity take place
Divide and Conquer
 Wherever practical, duties must be segregated so that no one person is
responsible for both approving expenditure and authorising payment.
53

54.  Dual custody of assets;
People
 Employees must take their vacation entitlement and the work of employees on
vacation must be covered by others.
 All employees' expense claims must be authorised by their immediate managers
before payment.
 New employees must be screened and their references must be checked.
Performance should be regularly appraised and appropriate training given.
 All staff should have formal job descriptions that clearly indicate their
responsibilities and are updated regularly. Organisational structure should be
clear and unambiguous.
 Sickness absence must be monitored and controlled.
 Train employees to avoid phishing
 Set strict staff guidelines about what information they can give to strangers
Management
 Managers must set an example to staff by implementing controls, checking
security and querying decisions and procedures.
Audit
A Company’s internal auditors should conduct periodic independent reviews of the funds
transfer operation, including all pertinent internal policies and procedures. An external
audit can supplement or replace internal audit procedures.
Examiners should perform an evaluation of the Company's audit function to determine
whether audit activities related to operations are comprehensive and effective. Examiners
also should review the auditor's opinion of the adequacy of accounting records and
internal controls for funds transfer operations. The review of audit procedures should focus
on:
The scope and frequency of the internal funds transfer audit program;
54

55. The effectiveness of audit procedures in determining any control/operating problems
disclosed since the previous examination and what corrective measures management has
taken;
Audit work papers to ensure they document adherence to prescribed audit procedures;
IT audit coverage of new system enhancements and development projects; and
External audit findings and recommendations.
Information Security
A Company’s information security program should include an effective risk assessment
methodology that includes an evaluation of risks relating to performing high-risk activities
such as funds transfer and other payment-related activities. Management should use risk
assessments based on a periodic review of high-risk activities to develop effective
standards for adequate separation of duties, physical security, and logical access controls
based on the concept of “least possible privilege.”.
Management should establish logical access controls on the funds transfer application that
assign appropriate access levels to staff members working in the wire room or funds
transfer operation. Inappropriate access levels provide the opportunity to create and
transmit unauthorized funds transfer messages. The risk is greater without adequate
separation of duties. Management should ensure no employees have access to more
than one assigned user code unless the code is under dual control. Management should
configure message verification rights to ensure adequate separation of duties between
employees initiating and employees verifying and sending funds transfer messages.
Third-Party Management
Some Companies rely on third party service providers and other financial institutions for
wholesale payment system products and services either to enhance the services
performed in-house or to offer wholesale payment services that are otherwise not cost
effective.
Financial institutions should have adequate due diligence processes, appropriate contract
provisions, and service provider monitoring procedures to ensure they conduct wholesale
payment operations appropriately. Effective monitoring should include the review of select
wholesale payment transactions to ensure they are accurate, reliable, and timely. The
integrity and accuracy of wholesale payment transactions depend on the use of proper
control procedures throughout all phases of processing, including outsourced functions.
Regardless of whether the financial institution’s control procedures are manual or
automated, internal controls should address the areas of transaction initiation, data entry,
computer processing, and distribution of output reports. Financial institutions should also
maintain effective control over service provider access to customer and financial institution
information. Contractual provisions should define the terms of acceptable access and
potential liabilities in the event of fraud or processing errors.
Internal Accounting controls
These are Policies that establish guidelines and procedures related to keeping books and
records that in reasonable detail accurately and fairly reflect the Company's transactions
55

56. and dispositions of assets. The Company shall maintain a system of internal accounting
controls to ensure reliability and adequacy of its books and records and proper recording
of all transactions including dispositions of assets.
Policy:
Authorization: The only transactions to be entered into by the Company are those which
are executed in accordance with management's specific approval (as set forth in the
following paragraph) or established, formalized policies and procedures.
Approval: No transaction will be recorded in the accounts of the Company unless it is
within the scope of written policies and procedures or is specifically and formally approved
by an appropriate and designated Employee. Such approval requires the determination
that the transaction (i) has been authorized in accordance with this Corporate Policy and
(ii) is supported by documentary evidence to verify the validity of the transaction.
In particular
There should be a formal system for the authorisation of orders, invoices and payments
Credit notes over a threshold amount must be explained to and authorised by a senior
independent manager before issue.
Inventory write-downs must be investigated before authorisation by an independent
manager.
Accounting: All transactions entered into by the Company will be recorded in the
accounts of the Company in accordance with normal, standard procedures. Each entry will
be coded into an account which accurately and fairly reflects the true nature of the
transaction.
In particular
Key balance sheet accounts must be reconciled monthly and the reconciliation reviewed
regularly by senior managers.
Fixed assets must be tagged and checked periodically - this can often be combined with
the regular testing of electrical and lifting equipment.
Ensure that no goods or assets leave a site without a despatch note or other
documentation.
The accuracy of the information should be checked using bank reconciliation, invoice
calculation checks and physical stock counts.
Reporting: All transactions that have been accounted for in accordance with this
Corporate Policy will be accumulated and processed in a manner which will permit timely
preparation of financial statements, reports and data for purposes of internal, public and
regulatory reporting. Such statements, reports and data must be understandable and
56

57. prepared in a form sufficient to reflect fully, accurately and fairly the results of transactions
entered into by the Company and to permit proper accountability for assets.
Responsibility: The implementation and maintenance of internal accounting controls,
procedures and records that are adequate in all respects to satisfy the requirements of this
Corporate Policy will be the primary responsibility of the Chief Financial Officer.
Auditing: Compliance with the provisions and requirements of this Corporate Policy will
be tested and evaluated by the Company's Director-Audit Services in connection with the
ongoing internal audit program. All control failures regarding this Corporate Policy will be
reported to management so that deficiencies can be corrected and assurance of
compliance with the terms of this Corporate Policy maintained.
Procedure: The Company will continuously evaluate its internal accounting controls,
procedures and records to ensure compliance with the requirements of this Corporate
Policy. Such evaluation will be documented in a form suitable for inspection by outside
parties, such as regulatory authorities, if the need arises.
The Company will take action to remedy any deficiency in internal accounting controls,
procedures and records to ensure continuing compliance with the requirements of this
Corporate Policy.
The audit services staff, in coordination with the Company's Director-Audit Services, will
ascertain that its audit scope, procedures and programs are adequate (i) for the purpose
of testing and evaluating internal accounting controls, procedures and records and (ii) for
complete reporting of deficiencies in internal accounting controls, procedures and records.
On or before the year end of each year, the Chief Financial Officer and the Company's
Director-Audit Services will prepare a written summary applicable to the preceding fiscal
year which sets forth financial management's evaluation of the Company's internal
accounting controls, procedures and records. Such a summary will consider financial
management's overall evaluation and results of audits performed during the year, internal
and external. For deficiencies noted in the evaluation, remedial action in progress or
contemplated will be set forth in the summary. The summary will be addressed to the
Audit Committee of the Board of Directors.
The Company's Director-Audit Services will, on an annual basis, report to the Audit
Committee of the Board of Directors on the adequacy of internal accounting controls,
procedures and records.
57

58. Components of Fraud Rationalisation
Some excuse or validation for actions, such as: I’m just borrowing the money and will pay
it back; it’s only temporary until I get over this financial difficulty.
I need it more than they do, and they will never miss it.
Everybody else is doing it.
No one will get hurt.
It’s for a good purpose.
I deserve it because I’ve been treated unfairly –the organization owes me.
Controls and the deterrence of fraud
Until there is a healthy culture and strong management in all branches and departments of
an organisation, attempts to deter fraud will not be very successful. Only when potential
fraudsters believe fraud will be detected and when whistle-blowers believe they will be
protected will there be an effective deterrence of fraud.
Controls and the detection of fraud
The conditions under which fraud thrives have been listed. These included an unhealthy
corporate culture, domineering management, management abusing or overriding internal
controls, low staff morale and weak management. Collectively they reflect the culture of
the organisation. The most effective ways of detecting fraud have been found to be:
1. Internal controls. Eliminate Opportunities for Fraud –Implement a strong system
of internal controls and monitoring, Check employee references, conduct
background checks, Second endorsements on cheques, Train employees in
fraud awareness
2. Internal audit. Use surveillance techniques when appropriate, Proactively audit for
fraud
3. Management review.
4. Whistle-blowers. Use a hotline Create an expectation of punishment
5. Change of management. Create a culture of honesty-Set a good example and do
not tolerate dishonest or unethical behaviour in others. Have a written code of
ethics and make sure everyone is aware of it, .Create a positive work
environment.
6. Anonymous tip-offs. Provide employee assistance programs
7. Outside information. Alert vendors and contractors to company policies
8. Security of passwords.
9. External audit.
58

59. 10. Accident.
11. Access/exit controls.
This list emphasises the importance of having strong management and a healthy
corporate culture to detect and therefore deter fraud. Physical controls such as passwords
and access/exit controls come at the bottom of the list in detecting fraud but have a big
deterrent effect on potential fraudsters and are very important in reducing fraud.
Controls and the investigation of fraud
Putting white collar crime in perspective
The world's financial capital leaks money like a fishnet. When the flow of cash is not measured in lorry-
loads but in electronic trillions, you don't need a disguise; an inside job is much easier.
Three such men pleaded guilty last week to a form of bank robbery. The so-called Natwest Three were
accused of defrauding their employer of some $7m while working with a client called Enron.
One view is that the guilty plea marks a welcome end to a rather shameful episode in British financial
history: the complicity of employees of one of our biggest banks in a record-breaking corporate collapse.
Another view is that the Three pleaded guilty only because the consequence if their defence failed
before a jury was so horrific: 30 years behind bars in the US instead of three served nearer home.
Lawyers, hospital consultants join the black economy as recession bites,
MPs to say
Middle class professionals such as lawyers and hospital consultants are among millions working in the
“black market” as the recession bites, MPs are set to warn next week.
By Christopher Hope, Whitehall Editor
Last Updated: 10:13PM GMT 05 Dec 2008
Hospital consultants, barristers and footballers have allegedly joined gardeners and hairdressers in the
£6.1billion a year "hidden" economy - but chances of them being prosecuted are virtually nil, a report will
show.
Evasion can range from casual moonlighting and cash in hand work to claiming welfare benefits
fraudulently, tax evasion and organised crime.
59

60. Two million people - just over one in 20 of the adult population - are estimated to be involved in evasion.
Most of them are small time offenders such as gardeners and hairdressers, but a significant minority are
white collar professionals.
MPs on the Public Accounts Committee, which is publishing its findings officially on Tuesday, are likely
to highlight the case of a number of barristers who are being investigated by HMRC but have not yet
been found to have been guilty of wrongdoing.
Inspectors are also examining the tax records of medical consultants who have allegedly not been
declaring thousands of pounds they earn as private income, on top of their jobs at NHS hospitals.
Pressed earlier this year by MPs to name them, HMRC declined. Labour Ian Davidson MP said it was
"unfair".
He said: "If one of my constituents was caught stealing £5 from a post office, they would undoubtedly be
prosecuted and there would be consequences of publicity."
He added: "It does seem a trifle unfair, does it not?"
The HM Revenue and Customs spends £41million a year trying to track down the tax dodgers. HMRC
has even set up specialist investigators to investigate groups like television entertainers. Other
inspectors are employed to check luxury yacht registers with local harbour masters to see if the owners
are paying their fair share of tax.
The amount of cash channelled through the hidden economy is also set to rise.
A National Audit Office report earlier this year found that it had increased by 13 per cent in real terms
over three years to £145 million by 2006/7.
Earlier this year the Government agreed to pay an informant £100,000 for data on individuals' bank
accounts in low-tax Liechtenstein, a deal which HMRC suggested would recoup £100million in tax.
Dave Hartnett, permanent secretary for tax at HMRC, told the MPs that the Liechstenstein source was
"a rich source of information". He said: "We are ploughing that field right now. There are many others."
Just two out of every thousand which are detected are prosecuted, compared to 60 out of 1,000 for
benefit fraud cases at the Department for Work and Pensions.
Edward Leigh, the chairman of the committee, criticised HMRC for its low prosecution rate earlier this
year.
He said: “Two per thousand is very low, is it not? This is a tiny chance of being prosecuted if you are in
the hidden economy. These are people deliberately evading paying tax.”
Mr Hartnett admitted that the investigation rate was "disappointing", with cases costing an average of
£30,000 to investigate, to claw back just £11,000 of tax.
The MPs are likely to call for more publicity for successful HMRC investigations - one advertising
campaign last year resulted in an additional 8,000 people paying back £38 million.
60

61. A £6million campaign against people with offshore bank accounts resulted in 45,000 people coming
forward to pay back £400 million in additional tax.
Matthew Elliott, Chief Executive of the TaxPayers' Alliance, said the tax system had to be simplified
because it was "so complex and full of loopholes that it leaks like a sieve".
He said: "If someone has the choice between paying £500,000 in tax or spending £100,000 on an
extremely clever lawyer or accountant, it's obvious which option they will take.
"Successive governments have fiddled with the system, adding credits, exemptions and extra bands. A
simpler system would allow us to save money and remove any incentive or opportunity to dodge the
rules."
A spokesman for HMRC said: “The majority of taxpayers abide by their tax responsibilities, there is no
evidence to suggest that the current economic climate will change that.
“We will continue to make tax cheats pay for their tax evasion by collecting a financial penalty on top of
all the tax they have evaded. In the most serious of cases we will investigate with a view to criminal
prosecution.”
The back economy – awareness and profiles
by Ritu Raj Kalra
India's Black Economy
Estimates by eminent economists reveal that India's parallel economy has risen from a mere 3 percent
of the GDP in the mid 50s to around 50 percent today. The dimensions of this growth of corruption and
generation of a black income in India are indeed, mind-boggling.
The components of the parallel economy are numerous. Tax-evasion, Smuggling, Bribe-Taking,
Foreign-currency racketeering are just some of the more prominently visible and talked about forms.
The root causes for a thriving parallel economy in India are many. For that to be understood in the right
perspective, one needs to take a look back at the times gone by.
In India, Corruption has not always been perceived to be a severe problem that could have had a
negative impact on development and social ethos. There were (and are) many who believed that
corruption enhanced the efficiency and acted as a lubricating agent in Governmental departments
which were not only over-staffed but employed poorly paid people. It even has a redistributive role...with
those having liquid cash transferring it to those with modest means. Some have even gone to the extent
of saying, that corruption is a stage of natural development!
However none of this is true. The Indian economy is today witnessing a serious crisis. Unemployment,
Financial Scams, Political Chaos, Sick Companies are the result of this unchecked phenomenon that
has mushroomed under successive Congress Governments and has already done more harm than
centuries of Muslim or Christian domination.
61

62. Over the years this has happened as a result of nexus among the beneficiaries: Politicians,
Businessmen, Bureaucrats and Criminals, who have entered into an unholy alliance to help one
another. All kinds of mafia activities are being carried on without any hindrances. Murdering models and
mauling workers is pass. In Bihar two collectors of the IAS cadre were killed in broad-daylight but the
killers could not be brought to book because there have been important links in the above-mentioned
nexus. Laloo Prasad Yadav occupying a Cabinet post despite his shameful past is yet another proof.
The Vohra Report came and created some ripples but is now in the dustbin.
In, "The Black Economy In India" (Penguin India, 1999), economist Arun Kumar mentions how the
country has lost $ 150 billion in gold imports and another $ 100 billion in capital flight since
Independence. And of how pilferage of electricity in Delhi has resulted in a booming Rs. 1,250 crore
industry for inverters. This is not all. According to some other estimates the hoarding of Indian Tax
Payers money by scandalous politicians and corrupt officers and businessmen in Swiss Banks are at an
astonishing $ 1 trillion!
What does this then indicate, if one may ask? Is it not a clear case of erosion of value-systems in
Indians due to the dual impact of Liberalization and Westernisation?
It is time we all try and find a solution. People should declare not to vote for any candidate who does not
promise in writing to make a law declaring that all such money and property illegally kept overseas be
declared as national property and that it should be brought back in India. Foreign Banks will be
compelled as their rules govern that they can hold money which is personal property and not national.
So where is the problem? It is the Government who will not do this because it is they who would suffer
the most. In such a scenario it is only public pressure on the Government from every corner of the
county to make such a law.
The benefits of all these are tremendous. Once the huge parallel money comes back to India the entire
foreign debt can be replaced and the remaining money can be invested, the interest of which will be
more than the annual budget of the Central Government!
This Public opinion has to be spearheaded by the post-Independence wasted Intellectual class. Do we
not know what Chanakya said, "India has lost more not on account of the crookedness of the wicked,
but the ignorance of wise"?. An honest intellectual is one whose spirit and freedom cannot be put off by
threats. Nor torture alters his conviction. His goals are clear and he is prepared to sacrifice. To sacrifice
is an opportunity not a compulsion.
This honest Indian intellectual should bear in mind what a poor image we today enjoy as a nation in the
international community. Success in IT cannot offset our poor standards of value-adherence, a lack of
national character and a stagnant place in global trade.
As a matter of fact, the Hong-Kong based political & Economic Risk Consultancy Ltd., has rated India
the second most corrupt country in Asia, with a corruption index grade of 8.9 on a scale of 10 just
behind Indonesia. India stands 90th rank as the most corrupted country in the world out of a total list of
145.
Since Independence has India really awoken, forget shining? Or will Sonia Gandhi, Manmohan
Government, now help us achieve just that? Indians do not learn from their past to improve and they
don't care for their future of tomorrow. Unless they show boldness and national character, India shall
remain a dark economy and unhealthy democracy.
62

63. Money laundering component and the proceeds of crime
Money laundering now includes possessing, or in any way dealing with, or concealing, the
proceeds of any crime. It has a very wide definition, details of which are contained in the
Act. For the purposes of this guidance, it also involves similar activities relating to terrorist
funds, which include funds that are likely to be used for terrorism, as well as the proceeds
of terrorism.
Money laundering
Someone is engaged in money laundering under the Act where they: Conceal, disguise,
convert, transfer or remove (from the United Kingdom) criminal property; Enter into or
become concerned in an arrangement which they know or suspect facilitates (by whatever
means) the acquisition, retention, use or control of criminal property by or on behalf of
another person; or Acquire, use or have possession of criminal property And they know or
suspect that the property in question constitutes or represents a benefit from criminal
conduct.
Property is criminal property if it: Constitutes a person’s benefit in whole or in part
(including pecuniary and proprietary benefit) from criminal conduct; or Represents such a
benefit directly or indirectly, in whole or in part; and The alleged offender knows or
suspects that it constitutes or represents such a benefit.
Criminal conduct is conduct which constitutes an offence in any part of the United
Kingdom or would constitute an offence in any part of the United Kingdom if it occurred
there. For the avoidance of doubt criminal property includes (but is by no means limited
to): the proceeds of tax evasion; a benefit obtained through bribery and corruption
(including both the receipt of a bribe and the income received from a contract obtained
through bribery or the promise of a bribe); benefits obtained, or income received, through
the operation of a criminal cartel; and benefits (in the form of saved costs) arising from a
failure to comply with a regulatory requirement, where that failure is a criminal offence.
It should be noted that there are thousands of criminal offences in the United Kingdom
which, if committed, are likely to result in a person benefiting from an offence and, if he
has the necessary knowledge or suspicion, thereby committing one of the money
laundering offences. Both the money laundering offences and criminal property are very
widely defined.
An element of intent is required before many criminal offences can be committed. For
example, theft can only be committed where the offender is dishonest and has an intent to
permanently deprive. Where no offence has been committed, no money laundering can
arise. In some cases, where the monetary proceeds of a suspected theft or tax fraud are
small, it may be that the perpetrators were acting in error, or in the mistaken impression
that they had permission to act as they did. However, in cases where there are reasonable
grounds to suspect that an offence has been committed, a report must be made.
63

64. It may be that criminal intent is suspected where, for example, there is a pattern of suspect
behaviour, or where the act giving rise to the proceeds is clearly criminal, such as acts
involving drug trafficking, paedophilia or terrorism.
Governance and Business Risk overview
Governance, Risk, and Compliance or "GRC" is an increasingly recognized term that
reflects a new way in which organizations can adopt an integrated approach to these three
areas. However, this term is often positioned as a single business activity, when in fact; it
includes multiple overlapping and related activities within an organization, e.g. internal
audit, compliance programs like SOX, enterprise risk management (ERM), operational
risk, incident management, etc.
Governance is the responsibility of senior executive management and focuses on creating
organizational transparency by defining the mechanisms an organization uses to ensure
that its constituents follow established processes and policies. A proper governance
strategy implements systems to monitor and record current business activity, takes steps
to ensure compliance with agreed policies, and provides for corrective action in cases
where the rules have been ignored or misconstrued.
Risk Management is the process, by which an organization sets the risk appetite, identifies
potential risks and prioritizes the tolerance for risk based on the organization’s business
objectives. Risk Management leverages internal controls to manage and mitigate risk
throughout the organization.
Compliance is the process that records and monitors the policies, procedures and controls
needed to enable compliance with legislative or industry mandates as well as internal
policies.
Within the GRC realm, it is very important to realize that if the first one (Governance) is not
in place, the second two (Risk Management and Compliance) become irreverent and
probably cannot be meaningfully achieved. Working on the same logic, if second one
(Risk Management) is not in place then achieving Compliance becomes irreverent and
probably cannot be meaningfully achieved. This is the reason the acronym is designed as
GRC and not other combinations. Governance, Risk, and Compliance are highly related
but distinct activities that solve different problems for different sets of constituents of an
organization.
Fraud Theory
Control fraud theory was developed in the savings and loan debacle. It explained that the person
controlling the S&L (typically the CEO) posed a unique risk because he could use it as a weapon.
The theory synthesized criminology (Wheeler and Rothman 1982), economics (Akerlof 1970),
accounting, law, finance, and political science. It explained how a CEO optimized “his” S&L as a
weapon to loot creditors and shareholders. The weapon of choice was accounting fraud. The company
is the perpetrator and a victim. Control frauds are optimal looters because the CEO has four unique
advantages. He uses his ability to hire and fire to suborn internal and external controls and make them
allies. Control frauds consistently get “clean” opinions for financial statements that show record
profitability when the company is insolvent and unprofitable. CEOs choose top-tier auditors. Their
reputation helps deceive creditors and shareholders.
64

65. Only the CEO can optimize the company for fraud. He has it invest in assets that have no clear market
value. Professionals evaluate such assets-allowing the CEO to hire ones who will inflate values. Rapid
growth (as in a Ponzi scheme) extends the fraud and increases the “take.” S&Ls optimized accounting
fraud by loaning to un-creditworthy and criminal borrowers (who promised to pay the highest rates and
fees because they did not intend to repay, but the promise sufficed for the auditors to permit booking the
profits). The CEO extends the fraud through “sales” of the troubled assets to “straws” that transmute
losses into profits. Accounting fraud produced guaranteed record profits-and losses.
CEOs have the unique ability to convert company assets into personal funds through normal corporate
mechanisms. Accounting fraud causes stock prices to rise. The CEO sells shares and profits. The
successful CEO receives raises, bonuses, perks, and options and gains in status and reputation.
Audacious CEOs use political contributions to influence the external environment to aid fraud by fending
off the regulators. Charitable contributions aid the firm's legitimacy and the CEO's status. S&L CEOs
were able to loot the assets of large, rapidly growing organizations for many years. They used
accounting fraud to mimic legitimate firms, and the markets did not spot the fraud. The steps that
maximized their accounting profits maximized their losses, which dwarfed all other forms of property
crimes combined.
While agreeing that the S&L served as both a “weapon” and a “shield,” control fraud theory cast doubt
on those metaphors. Weapons and shields are visible; fraud is deceitful. The better metaphors would be
camouflage, or a virus. Control fraud theorists rejected the economists' metaphor, “gambling for
resurrection” (honest but unlucky risk takers). Gambling cannot explain why control fraud was invariably
present at the typical large failure. There were over 1,000 felony convictions of senior S&L insiders.
Accounting fraud made control fraud a sure thing-not a gamble. Control fraud theory predicts the pattern
of record profits and catastrophic failure and the business pattern of deliberately making bad loans. Both
patterns are inconsistent with honest gambling.
The identification of the S&L “high fliers” as control frauds and understanding that they were Ponzi
schemes relying on accounting fraud led to effective regulatory strategies against the wave of S&L
frauds. The Federal Home Loan Bank Board reregulated the industry, curbing growth (a Ponzi
scheme's Achilles heel) while the control frauds were still reporting record profits and were praised by
top economists.
The second use of control fraud theory was to analyze the structures that produced criminogenic
environments that led to waves of control fraud. Deregulation and de-supervision of the S&L industry,
combined with the industry's mass insolvency, optimized accounting fraud and made “systems
capacity” limitations critical. The mass insolvency maximized “reactive” control fraud, and the
deregulation, de-supervision, and mass insolvency maximized entry into the industry by “opportunistic”
control frauds.
Fraud waves can cause financial bubbles to hyper inflate (e.g., Texas real estate during the debacle)
and cause regional or systemic injury (e.g., during Russia's “shock therapy,” the failures of “the
Washington consensus,” and the U.S. high-tech bubble). Control frauds cause indirect losses by
65

66. corrupting politicians and professionals and betraying trust. When control fraud becomes endemic, it
can lock nations in long-term poverty.
Control fraud theory poses a fundamental challenge to the core models of finance and economics. The
efficient markets (and contracts) hypothesis requires that markets be able to identify and exclude control
frauds, and the dominant law and economics model asserts that they do so effectively and quickly. This
claim is largely premised on the view that no top-tier audit firm would give a clean opinion to a control
fraud. Control frauds have consistently falsified this claim. Deposit insurance was not the key to S&L
control fraud. Control frauds deceive “creditors at risk.” High reported profits allow them to grow rapidly
by borrowing and issuing stock.
To date, most of the work in control fraud discusses looting by the CEO. However, it also exists in
government when the head of state uses the government to defraud. It can be used to defraud
customers (e.g., “lemons” scams, in which quality or quantity is misrepresented, or cartels) and the
public (e.g., tax fraud or a toxic waste firm that gains a cost advantage by dumping in the stream).
These forms of control fraud create real profits and, absent effective enforcement, create a dynamic that
causes fraud to spread. Systems capacity problems can lead to endemic control fraud in an industry.
As a result of the Sarbanes-Oxley Act and other reforms, a variety of structures
and procedures were put into place to try to prevent or detect fraud. A number of
these reforms involve auditors and the audit profession, in the implicit assumption
that auditors have an important role to play in preventing and detecting corporate
fraud. But a recent Grant Thornton survey (here) shows that many CFOs still do
not feel constrained by their auditors’ oversight, notwithstanding the reform
measures.
Limitations of traditional audit techniques
Mind the Gap!
According to the survey, 62% of the 221 CFOs surveyed believe it would be possible to intentionally
misstate their financial statements to their auditors. As one commentator in the November 15, 2007
CFO.com article (here) commenting on the survey put it, these numbers are "alarming," given that
"CFOs – if they’ve a mind to –are in a unique position, having the necessary information, intelligence
and access to trick auditors in ways that are hard to decipher."
Indeed, it is disconcerting that nearly two-thirds of CFOs feel they could fool their auditors on
intentionally falsified financial statements. Clearly, if such a large percentage of CFOs feel they could,
some of them might, and a few of them will. This intimation of the possibility of undetected fraud should
66

67. be disconcerting to investors, analysts, and others (including D & O underwriters) who rely on auditors’
assurance that the financial statements are free from "material misstatement."
The disappointment and even anger that investors and others feel when they find they have been
misled by falsified financial statements often encompasses a sense of frustration that the auditors failed
to detect the fraud. Accordingly, auditors are often named as co-defendants in securities fraud lawsuits,
based on a failure to detect the fraud and the auditors’ statements that there are no material
misstatements in the financial statements.
But a further Grant Thornton survey finding underscores the theoretical limitations of audit fraud
detection. 83 percent of the surveyed CFOs said they did not feel that it was even possible for auditors
to detect corporate fraud in all cases. This survey finding embodies the same sentiment expressed in
the November 2006 statement of the heads of the six leading accounting firms entitled "Global Capital
Markets and the Global Economy: A Vision From the CEOs of the International Audit Networks" (here).
The accounting industry leaders noted that "there are limits to what auditors can reasonably uncover,
given the limits inherent in today’s audits." They go on to note that while there are audit techniques
whose principal goals are to "ascertain whether fraud has occurred," these techniques are "not
foolproof, nor can they be expected to be."
The problem for everyone, both auditors and those who rely in their audits, is that there is, in the words
of the industry leaders’ statement, an "expectations gap." According to the accounting leaders, the gap
arises because "many investors, policy makers, and the media believe that the auditor’s main function is
to detect all fraud, and thus, where it materializes and auditors have failed to find it, the auditors are
presumed to be at fault." The accounting leaders go on to assert that:
Given the inherent limitations of any outside party to discover the presence of fraud, the restrictions
governing the methods auditors are allowed to use, and the cost constraints of the audit itself, this
presumption is not aligned with the current auditing standards.
The accounting leaders’ frustration is palpable; they apparently recognize, as do the CFOs that
responded to the Grant Thornton survey, that management bent on misrepresenting their company’s
financial condition can conceal the misrepresentations from the auditors. But the reason there is
nonetheless an expectations gap is that investors and others do rely, as they must, on company’s
audited financial statements. Merely naming the problem as an expectations gap, or citing the
limitations of current auditing standards, does not address the problem, which is that investors and
others rely on the audited financial statements in ways the auditors apparently wish they wouldn’t or
believe they shouldn’t. It almost seems as if the auditors’ message to those who would rely on financial
statements is – don’t (or, at least, not so much).
Given the CFOs’ and the accounting leaders’ recognition of the limitations of audit fraud detection, it
may be well argued that audited financial statements in fact should not be relied upon. But what
alternative do investors have? The investors necessarily place some value on the fact that professionals
independent of management have examined the financial statements.
It is nevertheless a significant concern that nearly two-thirds of CFOs believe they can fool their auditors.
And apparently the auditors agree with the general proposition as well. This ought to make anyone who
needs must rely on audited financial statements very uneasy.
An auditor cannot obtain an absolute assurance that material misstatements in the
financial statements will be detected. There is unavoidable risk involved that some
material financial misstatements may not be detected even auditing has been
67

68. completed using proper planning and as per the prescribed auditing standards. The
Auditor can only obtain a reasonable assurance that the material misstatements in
the financial statements will be detected.
The risk of not detecting a fraud is much higher that the risk of not detecting a
material misstatement resulting from an error as frauds are much deeper rooted
and well covered. Normal auditing procedures which are effective in discovering
error are usually not effective enough for detecting frauds.
Management fraud is much more difficult to detect and the auditor may simply not
detect it at all. The opinions of the Auditors are base on what is present before him
and subsequent discovery of fraud or a material misstatement in the financial
statements does not indicate any failure on part of the auditor to obtain reasonable
assurance or absence of professional competence or failure to comply with
auditing standards.
When planning and conduction audit, the auditor must make inquiries of
management, obtain a written assurance that the management has prepared the
financial statements with due care considering the fact that the internal control and
accounting and procedure put in place by the management takes care of such risks.
The management’s assessment of the risk that there may be material
misstatements in the financial statements as a result of fraud. The Auditor must
make enquiries if the management is aware of any known fraud that had affected
the internal control system that the entity is investigating into
Audit risk is the risk that the auditor gives an inappropriate audit opinion when the
financial statements are materially mismatched. Such misstatements can result
from either fraud or error. There are three types of audit risks – inherent risk,
control risk and detection risk.
Strategic Fraud Prevention Plan
A fraud prevention strategy starts with a work environment intolerable to
fraudulent behaviour.
Fraud comes in all sizes ranging from billion dollar cases of corporate fraud to
thousand dollar cases of employee embezzlement to employees overcharging their
expense reports. Therefore, an effective fraud prevention strategy must be multi-
dimensional, considering senior management, employees, and even outside parties
such as customers and vendors. An effective fraud prevention strategy must also
be adaptable to the ever-changing fraud schemes as internal controls and
technology change the operating environments of most companies. So how does a
company develop a fraud prevention strategy without spending millions of dollars
and scrutinizing all of its transactions? One technique is to break the problem into
smaller pieces. Let’s consider 1) the work environment; 2) control systems; and 3)
fraud-specific procedures.
68

69. Work Environment
An effective fraud prevention strategy begins with creating a work environment
that defines and reinforces anti-fraud behaviour. This includes how the company
treats its customers, employees and suppliers. No matter how many internal
control systems or anti-fraud procedures are used, there needs to be the proper
“tone at the top” that demands to “always do the right thing no matter what the
cost to the company.”Without a strong anti-fraud culture, opportunity and
rationalization will appear to those individuals with enough pressure to commit the
fraudulent act. A key element to an anti-fraud work environment is a clearly
written fraud policy. This policy should describe the corporate commitment to the
fair treatment of all employees, customers, and suppliers. Any variances from
company policy need to be handled according to the written fraud policy. Any
variances, no matter the size, will limit the effectiveness of the company policy
allowing the rationalization of future fraud activity.
The whistle blower system is also an effective tool for the work environment.
According to the “2006 Report to the Nation on Occupational Fraud and Abuse”
of the Association of Certified Fraud Examiners (ACFE), 34.2%of the initial
reports of occupational abuse resulted from tips. These tips came from employees,
customers and vendors. An effective whistle blower system allows key individuals
to report fraud without the threat of retribution. It is also important to have a
history of prosecuting fraudulent activity. Too often, employees caught
committing frauds against the company are terminated without the negative,
embarrassing consequences of being prosecuted for their crime. Faced with only
termination, the employee often commits the act again at their next employer
Control Systems
Control systems include the internal control systems of the company. These
control systems are front lines in the fight against fraud. An adequate system of
internal controls reduces the number of opportunities available to those individuals
with pressure and rationalization.
The importance of internal control systems is evident by Section 404 of Sarbanes-
Oxley. This law requires not only the establishment of a system of internal
controls but also is concerned with how management assesses these controls.
Currently, public companies are spending significant resources, both people and
money, in compliance with this law. ACFE’s “2006 Report to the Nation”
illustrates the importance of control systems with 20.2% of initial reports resulting
from internal audits and 19.2% resulting from internal controls.
Fraud-Specific Procedures
The core of the fraud prevention strategy is the use of fraud-specific procedures.
These procedures are specifically designed to detect fraud, in contrast to the
control activities of the internal control systems which are generally applied to
69

70. achieve the control objectives. Whereas control objectives are designed to reduce
the opportunities for fraud, the fraud-specific procedures are designed to test for
the presence of fraudulent activity.
These procedures are analogous to a medical exam. Even though an individual
may live a healthy lifestyle, with proper eating and exercise habits, regular medical
exams are still recommended. During these medical exams, the doctor is looking
for the presence of disease or other medical conditions that if detected early, can
be effectively treated. Similarly, the use of fraud-specific procedures looks for the
presence of fraud-related activities. These procedures should be performed
randomly throughout the year by testing a variety of areas of potential fraud,
including areas such as ghost employees, fictitious vendors, kiting, and inventory
shrinkage. The application of these procedures offers two benefits. The first
benefit is the possible discovery of a fraud in progress. This is a direct benefit
resulting in a reduction of the possible financial damage from the fraudulent
activity. The other is the indirect benefit of reducing the opportunity to commit
fraud. With the presence of these random, fraud-specific procedures, anyone
contemplating a fraud needs to consider the potential their fraudulent activity will
be identified. This unknown may be enough to convince an individual that
opportunity does not exist; therefore the fraudulent activity cannot be successful
Conclusion
Fraud is committed by individuals motivated by pressure, opportunity, and
rationalization, working in an ever-changing environment. In order to be effective,
a fraud prevention strategy needs to be multi-dimensional. The strategy starts with
a work environment intolerable to fraudulent behaviour. This work environment is
supported by robust control systems which are monitored and revised to address
current environmental conditions. In addition, these control systems are
supplemented by fraud-specific procedures, designed to identify existing
fraudulent activity.
Audits
Role of public perception v practical reality
Larry Cohen and Marcus Felson, in their routine activities theory of crime,
propose that when a motivated criminal meets a suitable target, coupled with an
absence of capable guardians, a crime will be more likely to occur.
Public Perception Is Reality
Right or wrong, the CPA, ACCA, ACA is still perceived as a valid line of defence
against fraud, material and immaterial, and therefore needs to detect as much fraud
as possible. Ultimately, the only way to avoid being accused of malpractice is not
70

71. to engage in malpractice. But by being aware, being proactive and utilizing
technology, CPAs can be prepared to defend against or totally mitigate these types
of claims.
Using Technology to Mitigate Fraud Malpractice Claims By Richard B. Lanza, CPA-CITP, CFE,
PMP
One of the top audit-related malpractice concerns cited today is failure to prevent fraud. This was the
focus in the widely publicized WorldCom and Enron cases, and in 35 percent of all audit claims reported
to the AICPA’s Professional Liability Insurance program in 2004 (the most recent year available).
Unfortunately, malpractice complaints involving fraud are not solely confined to audited financial
statements, and need not be materially significant to wind up being damaging to CPAs. CPAs need to
be vigilant regardless of the level of engagement, as fraud is at least equally an issue in review,
compilation and bookkeeping engagements. Governments and non-profit organizations, in particular,
tend to treat immaterial fraudulent embarrassments as seriously as they do material financial
misstatements.
Fortunately for CPAs, there is a wide range of software tools available to help automate the process of
fraud detection. A good starting point is www.auditsoftware.net, a site that maintains a comprehensive
list of audit software options.
Not So Immaterial
According to the Association of Certified Fraud Examiners’ (ACFE) 2006 study, the median size of an
asset misappropriation fraud is $150,000—small enough to be considered immaterial for financial
statement audits, and very hard to catch using manual methods, yet still presenting a potential public-
relations nightmare for your client. What is most alarming is that, per the study, asset
misappropriations/corruption occurs 92 percent of the time, while financial statement fraud occurs only 8
percent of the time. Therefore, while nefarious journal entries to commit fraud can occur, they are not
the biggest issue for a CPA looking to detect fraud. Rather, more focus should be placed on what
occurs most: the simple act of taking money from the till. Detecting this type of fraud is easier said than
done, as the smaller the fraud is in size, the harder to detect using conventional methods.
When in doubt, do not assume that the engagement is low risk, or the issues too minor, or your role in
any potential controversy too distant for your firm to escape being implicated in a malpractice claim. The
sooner the CPA detects and reports fraud, the more likely their liability will be reduced or eliminated.
Defining ’Reasonably Competent’
For the past several decades, the case of Bancroft v. Indemnity Insurance Co. (1962) has stood as the
defining precedent in tax and accounting malpractice. The plaintiff in that case received bad advice, and
the court ruled that “Accountants and auditors have the duty to exercise that degree of care, skill and
competence that would be exercised by reasonably competent members of their profession under the
circumstance.” There is a separate requirement under traditional contract law that amounts to the same
thing. Anyone performing a contract is obliged to do so diligently and competently, by the standard of a
reasonable person. The basic legal expectation has not changed. But what has changed is what a
reasonable, competent professional would actually do. The state of the art in auditing has advanced
since 1962. Both internal and external auditors need to take note.
71

72. Technological Advancements in Accounting Systems
Advancement first took place in the procedures performed in the engagements. After a study completed
by COSO found that, in fully 80 percent of financial statement frauds, the auditor did not gather sufficient
evidence to detect the fraud, professional standards needed to be updated. A good starting point was to
first allow the word “fraud” to replace the word “irregularities” in standards. Then, from a procedural
perspective, the standard of expectation for what should be done in an engagement increased to help a
CPA detect fraud.
Other advancements occurred in the use of technology, given that almost all organizations today use
computer-based accounting systems. Almost all company records are now computerized, so the
auditors’ procedures need to follow suit.
Auditing Standards Catch Up
Increased audit procedures and the ubiquitous nature of computerized records led to the creation of
several professional standards. The original Statement on Standards for Accounting and Review
Services (SSARS No. 1) was issued by the Accounting and Review Services Committee of the AICPA
in 1978. SSARS No. 10, which took effect Dec. 15, 2004, clarified the CPA’s requirement to report fraud
in review or compilation engagements. It spells out specific analytical and inquiry techniques that are
required in a financial statement review, as well as the requirement to obtain a written representation
from management to include their knowledge (or lack of knowledge) of fraud. Nor is SSARS 10 the end.
Additional guidance has come in quick succession, in the form of SSARS 12, 13 and 14, all effective
Dec. 15, 2005. These extend SSARS requirements to compilation engagements and pro forma
statement preparation. They also spell out when and how CPAs must inform management of evidence
of fraud.
SAS 99, issued in 2002, updated expectations for how an auditor deals with the possibility of fraud.
Among other things, it required brainstorming sessions around fraud, improved risk-assessment
planning, increased management inquiries around fraud matters, unexpected audit procedures to
mitigate identified risks and improved documentation of the work performed. SAS 99 also specifically
listed computer-aided audit techniques (CAATs) as a way to analyze electronic data in the detection
process.
SAS 94, issued in 2000, clarified that the auditor needs to understand the manual and automated
procedures an entity uses to prepare its financial statements and related disclosures. Auditors are
expected to deal with electronic data as required.
The AICPA followed up SAS 94 and SAS 99 with a practice alert in 2003 (PITF 2003-02) that further
clarified the data analysis question by specifically listing journal entry tests using CAATs. Chuck Landes,
of the AICPA, explained why: “Data analysis tools are coming off the shelf and into the audit. This is
most prevalent in auditing journal entries.”
Evolution of Software Auditing Tools
72

73. “The need for the tools became apparent when CPAs determined it was difficult to audit the entries
without an automated tool,” said Chuck Landes, vice president of professional standards and services
at the AICPA. “Again, these systems are generally transaction-focused, so no one is analyzing them for
trends and patterns that may highlight fraud. We need to remember that many of the recent headline
frauds were journal entries posted multiple times to multiple ledgers. While a manual scanning of the
register or a sample may find such an anomaly, the data analysis package has a much better chance.”
While the focus of the audit standards is mainly on financial statement fraud, it is best not to forget that
the majority of frauds are misappropriation of assets that are smaller in value. Practically speaking, the
only way to detect these “smaller” frauds cost-effectively is with computerized tools that can quickly pour
through the details and, hence, detect the proverbial “needle in the haystack.”
As referenced in the Bancroft v. Indemnity Insurance Co. case, in order for a CPA to be considered
“reasonably competent” he or she needs to adopt the same procedures that are now practiced by the
profession. For example, almost all auditors are now performing the additional procedures set forth in
SAS 99. Any auditor not complying would be seen in a juror’s eyes as one not keeping pace with the
profession. The same is true for the use of CAATs, as all larger firms are using these tools on every
audit, at least to comply with the standards of excellence set forth in PITF 2003-02 around journal entry
testing.
Unfortunately, based on research by the author on small and mid-sized CPA firms, such procedures are
not taking place in a computerized fashion, except for the occasional audit.
Steps to Mitigating Malpractice Claims
* Improved engagement management: Be clear with clients.
As the saying goes, the best guard is a good offense. The first step in protecting yourself is to talk
over the issue of fraud, their responsibilities in its detection, as well as your responsibilities, with the
client. With this new understanding, draft a more explicit engagement letter that makes the respective
duties crystal clear.
* Help your clients improve their internal controls.
The first line of protection against fraud is an organization’s own rules. The ACFE’s survey found
that a strong percentage of frauds (19.2 percent) are found by the rigorous application of internal
control. Other detection methods that should be suggested to clients include whistle-blowing hotlines
(34 percent detected through hotlines) and internal audits (20.2 percent). The management letter is a
superb medium to define and communicate any weakness in clients’ controls while also reducing the
CPA’s risk in any later lawsuits.
* Be more diligent in the engagement.
Now is the time to rethink your audit process from top to bottom, incorporating the new auditing
standards in your engagements. Here are some key requirements that should be considered,
depending on the engagement: maintain professional disbelief; avoid undue reliance on management
representations with little or no independent verification; stay aware of suspicious
information/transactions, and follow up to resolve concerns; report suspicious transactions or activity to
the business owner or board of directors; consider all available information in determining the nature
and timing of the work to be done; ensure adequate management supervision during audit fieldwork.
73

74. Other Best Practices
Remember to test for circumvention of controls using manual and automated procedures.
When controls are strong, companies unfortunately become too comfortable with them and rarely do
they think further on “what can go wrong” in an effort to break the control. As noted above, only 19.2
percent of fraud was detected by internal control, and no one wants to be right only one time in five.
Therefore, control tests should focus not only on whether the control exists and is operational, but also
on circumvention. For example, journal entry controls could be tested by selecting a sample and
ensuring that approval signatures existed on any material entries (as defined by the organization). To
test them for circumvention, multiple entries posted to the same account directly under the material
threshold could be reviewed in order to determine whether such entries were posted in unison to have a
material effect on the account yet not require associated approvals.
From an asset misappropriation perspective, it is common at clients for one person to have a non
segregation of duties around accounts payable. No segregation of duties could be an employee’s
having access to write checks, maintain accounting records and complete the monthly bank
reconciliation. This weakness is normally coupled with management’s misguided perception that this
trusted employee would never steal from the organization.
While you may include this as a management letter comment, the client may never change, given their
lack of employees. As an extra step to show enhanced due diligence, the CPA could execute a data
analysis test exporting the vendor payment information and creating a simple Pivot Table in Microsoft
Excel, with the rows being each vendor, the columns the month/year of payments, and the cells in
between the total payments made to the vendors in the associated timeframes. Such a trend report has
an excellent chance of catching the fraud, as it looks at vendor payment data in unexpected ways. Any
disproportionately increasing vendor trends could be investigated, or at least reported to management
for their review.
Utilizing Technology to Improve Audit Tests
The above journal entry and vendor payment trend tests would be difficult or impossible to complete
without the use of a data analysis program. The issues lie in the 1 percent of the transaction activity
which begs for the use of digital tools for detection. If your firm is not skilled in these tools, consult with
an expert to assist on engagements until you feel comfortable. Another approach is to simply start small
and work upward with the tools.
Using software for data analysis has many advantages apart from being the new standard to avoid
malpractice. (See the article on page 7 for more specific information on data analysis)
Today, software options range from high-end enterprise data-mining applications costing $250,000 to
implement, to easy-to-learn individual laptop tools for $200 or less. There is something out there for
everyone. This fact further heightens malpractice risk if the tools are not employed. It is too easy for a
juror in a malpractice case to see that tools as simple as Microsoft Excel could have been used to
detect the fraud, especially when the tools’ use is specifically identified in numerous audit standards
discussed above.
The most common data-analysis tools in audits today are IDEA and ACL. These cost a few thousand
dollars to purchase and implement, but they can quickly pay off in terms of data errors corrected,
duplicate payments found and embarrassing client complaints averted. They are especially powerful for
accessing strange client data formats and building scripts to repeat the same analysis every month or
every quarter.
74

75. If a few thousand dollars is too expensive for your taste, spreadsheet software remains the most
commonly used tool, and it is possible to do a lot of analysis just with Microsoft Excel. Please see
www.auditsoftware.net/excel-use.html for a free white paper on how Excel can complete almost any
audit test capable of being performed in high-end audit software tools.
Reactive and proactive forensic audits
An obvious example of forensic auditing is the investigation of a fraud or
presumptive fraud with a view to gathering evidence that could be presented in a
court of law. However, there is an increasing use of auditing skills to prevent fraud
by identifying and rectifying situations which could lead to frauds being
perpetrated (i.e. risks). It might be useful, therefore, to discuss forensic auditing as
being either ’Reactive’ or ‘Proactive ‘.
Proactive forensic auditing
Forensic auditing in this sense could be viewed from different aspects depending
on its application, some of which are discussed below:
Statutory Audit
INTOSAI auditing standards prescribe that internal controls should be studied and
evaluated in respect of safeguarding assets and resources when performing
regularity and financial audits, and in respect of assisting management in
complying with laws and regulations when performing compliance audits
Auditing and forensic auditing compared and contrasted
Forensic comes from the Latin word for public and specifically to forum. The forum was
where the ancient Romans were thought to gather to do business and settle disputes
among other things. Forensic now relates to courts of law.
It is refers to legal concerns. Crime solving is the focus. Forensic relates to the application
of knowledge to legal problems such as crimes. It is science based. To say forensic
science is to almost be redundant.
Forensic is the application of science to crime concerns. However, science does is not
related exclusively to crime.
So the two words are not interchangeable. Forensic science is science applied to legal
matters especially criminal matters.
Criminalistics is forensic science applied solving crimes. It focuses on the proper
collection, preservations and analysis of evidence. This includes the study of fingerprints
along with other body-related evidence such as blood and hair and DNA. Forensic
accountants practice criminalistics, but with the focus on computer and document-related
evidence. This includes studying old handwritings.
75

76. Forensic accountants seek to use documents to gather evidence relative to crime solving.
Forensic accountants must work with people to gain access to documents. For this and
other reasons addressed later in this lesson and future lessons, forensic accountants must
develop communications skills similar to a psychologist or psychiatrist
Forensic accountants and auditors share some goals similar to traditional accountants and
auditors. They have different roles, knowledge and skills. Forensic accountant
investigations include identification of fraud. This is different from Certified Public
Accountant (CPA) investigations that are not responsible for identifying fraud.
Forensic accounting investigations include litigation services related to a variety of
situations including the following: business purchases, valuation of divorce assets,
property damage, lost profits due to embezzlement and other illegal acts, tax evasion, and
money laundering schemes.
Table I
Differences between Auditors and Forensic Accountants
Auditor
X Error Identification
X Error Prevention
Forensic Accountants
X Fraud Identification [Forensic accountants focus on documents. The documents are
most often created and maintained within an information system on a computer.
Understanding information technology is essential for success in the process of forensic
accounting]
Traditional auditing is a process of reviewing others work to determine if they have
followed the prescribed policies, procedures and practices. The determination is based on
evidence. It is a matter of fact and not merely a matter of opinion. There are basically two
types of auditors. There are internal auditors and external auditors. Internal auditors are
employees of the organization being audited. External auditors are employees of an
auditing organization that is contracted to come in and audit for a specified time period and
purpose.
The Institute of Internal
Auditors (IIA) awards the Certificate of Internal Auditor (CIA) once an individual has
passed an exam and meets specified work experience requirements. External auditors
are typically CPAs who passed an exam and met work experience requirements as
specified by state associations of CPAs. Audits are required by financial intermediaries
and the government depending on circumstances.
Traditional auditing has a focus on error identification and prevention. Prevention is the
result of an effective internal control system. The auditor reviews the effectiveness of the
76

77. internal control system by sampling transactions and not by a complete review of all
transactions. The process can reveal errors. All errors are not considered equal.
Some are important and are referred to as material. For example, omission of a million
dollar loan that is not recorded in the accounting records might be a material error. Other
errors are not material. An example of an error that might not be material would be a math
error due to rounding that causes the reported amount to be ten dollars more or less than
the actual amount. These examples are not meant to imply that there are absolute dollar
amounts that denote the difference between material and not material (e.g., immaterial).
Materiality is the accounting way of designating the importance of a transaction or an
event. If it is material, then it is important. Audit risk is defined relative to whether material
errors will be found. This requires judgment. Auditors use statistics to determine the
probability that material errors will or will not be identified. This is a concern since only a
sample of transactions and events will be reviewed. The system of internal control is
evaluated. If the internal control system is deemed to be highly effective, then material
errors are not probable. Smaller sample sizes are used in doing the audit. If the internal
control system is deemed to be less than highly effective, then material errors are
probable. The degree of probability is a function of the reliability of the internal control
system.
Banks and other financial intermediaries often required financial statements to be audited
before they will loan money to an organization. The SEC requires publicly traded
corporations to have their financial statements audited.
Forensic Computer Investigation
To conduct a forensic computer investigation, the forensic accountant should size up
situation, log every detail, conduct an initial survey and assess the possibility of ongoing
undesirable activity. Regarding the information technology and systems, the computers
should be powered down and checked for booby traps. The forensic accountant should
duplicate the computer hard drive or other permanent storage unit first and then analyze
the hard drive.
Financial statement fraud
Financial statement fraud is intentionally violating the Financial Accounting Standards
Board’s Concept Statement number one that states that financial statements are to
provide information that is useful to decision makers.
Misrepresentations are not useful. Intentional misrepresentation constitutes fraud.
Legal recourse is available when the decision maker relies on the misrepresented
information and injury results. The injury is typically financial. Without intentional
misrepresentation it is not fraud. For example, someone could make decisions using
financial statements that do not contain intentional misrepresentations and the decision
results in loss when profit was the goal. This is poor decision making and not fraud
77

78. Fraud Schemes
Financial statement fraud schemes typically include overstatement of revenues and
assets, understatement of expenses and liabilities, asset misappropriation and
inappropriate disclosure. Inventory manipulation has been very popular and has been
somewhat curbed by income tax law requiring that the inventory method used for tax be
the same as that used for financial statements. For example when prices were rising,
corporations would use the first in first out inventory method for financial statements and
the last in first out inventory method for the tax reports. This resulted in a much higher
reported profit for financial statements than for tax reports.
Corporations would purchase extra inventory near the year end to increase the reported
cost of goods sold for tax reports and thereby decrease the actual tax due. Shortly after
the beginning of a new reporting period, the corporation would return the excess inventory
to the suppliers.
This is just one of many examples where laws were passed requiring that financial and tax
accounting methods to be identical. These requirements were legislated due to extensive
manipulations that borders on or crosses the border into fraudulent financial statement
reporting. This inventory illustration is an example of overstating assets for financial reports
and overstating expenses for tax reports. While financial examples focus on overstating
revenues and understating expenses, there are other variations on the theme of fraud.
Fraud Characteristics
Typical characteristics of financial statement fraud include misstatement or
misappropriation of assets. To keep the balance sheet balanced, the liabilities and owners’
equity usually are misstated or impacted when assets are misstated or misappropriated.
For example, when asset book values are overstated, the owners’ equity is usually
overstated. This increases the book value of owners’ equity and thereby protects the debt
to equity ratio. If the debt to equity ratio is not maintained at a certain level as prescribed
by creditors, then the creditors can step in and increase the interest rate or speed up the
repayment schedule. Both of these actions have the potential of pushing an organization
into bankruptcy and thereby jeopardizing the organization’s status as a going concern.
Financial Statement Fraud Harm
Financial statement fraud that harms individual investors, financial markets, and society
includes the loss of retirement funds, employment, community economics and economies.
Fraudulent practice of insider trading is an example. Insiders are corporate managers.
Trading refers to buying or selling of the corporation’s common and preferred stock.
Usually the stock that is purchased is authorized, but not yet issued stock.
When the manager buys the stock, it is purchased directly from the corporation and not
from current stock holders. The new stock dilutes the value of the existing outstanding
stock. Before the existing stockholders learn of the new issuance of stock, the managers
have sold the new stock at the existing market value that does not reflect the actual
decline due to dilution caused by the increase in the number of shares representing an
unchanged corporate total value.
Insiders or managers know about both good and bad news for the corporation before the
impact of the news is reflected in the financial statements. Managers use this news to buy
78

79. or sell stock for their personal economic advantage. In the year 2006, the Securities and
Exchange Commission addressed the reporting of stock option exercising. The time frame
has been shortened.
Stock options are given as both an incentive and a reward to managers. The option is an
opportunity to purchase common or preferred stock at a certain price. The option is an
opportunity to purchase common or preferred stock at a certain price. Managers would
wait for the stock price to rise and then pretend to purchase the stock days or even weeks
earlier when the stock price was lower. Since the stock was purchased directly from the
corporation and was part of the authorized but unissued stock, it was relatively easy for
the corporation to record an earlier date than the actual transaction occurred.
Recording an earlier date than the actual transaction occurred is called back dating. The
purchase would be back dated and the managers would immediately sell the stock for
personal profit. Existing stockholders experienced personal loss.
Sometimes this was a dramatic loss for the existing stockholders and thereby the
organization.
Corporate Governance mitigating fraud
Corporate governance can mitigate financial statement fraud through the process of
greater supervision of the organization. This process is also called oversight. Oversight is
so important that it is included in the title of the organization that replaced the American
Institute of Certified Public Accountants regarding the development of auditing standards.
This organization is the Public Company Accounting Oversight Board (PCAOB).
The Sarbanes Oxley Act was the legislation that mandated the establishment of the Public
Company Accounting Oversight Board. Some of the standards promulgated by the Public
Company Accounting Oversight Board include the following: Every five years, the primary
or reviewing audit partner must be changed for each client. Working papers must be
maintained for a minimum of seven years. This is partially due to documents being
shredded relative to a number of famous fraud cases. A few of these famous fraud cases
will be briefly presented later in this lesson.
The internal control system of an audited organization must be evaluated and any material
weaknesses disclosed.
Formal and official ethics standards must be adopted by each auditing organization. Major
components of these ethics standards must include clarity about the organization’s
independence from the audited organization along with how the audit process is accepted
and planned and supervised.
Other oversight groups that do not actively operate the organization include the
organization’s Board of Directors,
Increased oversight is expected by the organization’s internal auditors as supervised by
top managers such as the Chief Executive Officer and the Chief Financial Officer. It is
hoped and believed that if an organization has a strong audit committee and excellent
external audit process that fraud will be deterred. However the responsibility and blame for
fraud rests exclusively at the feet of management and not at the feet of the audit
committee or the external auditors.
79

80. Earnings Manipulations and Management
Earnings manipulations and earnings management can be somewhat difficult to identify.
The lack of clarity is part of the focus in the debate between whether accounting standards
should be principles or rules. Management discretion is allowed with accounting principles,
but would not be allowed with rules. The rules would be like laws.
Major financial frauds were committed as follows: McKesson and Robbins created
fictitious sates and inventories. Great Salad Oil Swindle used the fact that oil and water do
not mix to fraudulently over-state the quantity of oil in inventory tanks. The bottom part of
the inventory tank was water and the top was salad oil. The auditors did not test all the
way to the bottom of the tanks. Equity Funding was about fake insurance policies. Cedant
Corporation was about fake revenues.
Zzzz Best was a pyramid scheme. Sunbeam Corporation used what is called channel
stuffing where revenue recognition is accelerated inappropriately. Nortel used what is
called a big bath. Nortel had deferred recognition of expenses by recording as assets. This
inflated total assets and total owners’ equity. After several years, they wrote off the assets
and recognized a huge loss that drove the owners’ equity down. It washed away the
profits.
Worldcom also recorded assets when they should have recognized expenses. Enron is
well known for using Special Purpose Entities to hide huge losses. Enron creatively and
fraudulently recorded non-existent revenues. Qwest and Global Crossing used what are
called swap sales to inflate reported income.
th
Week 2 – Day 5 – 17 October
Investigations and Expert Witness Testimony
Introduction
A Fraud response plan is needed so that you can react effectively and quickly
should fraudulent activity take place. The plan defines authority levels,
responsibilities for action, and reporting lines in the event of a suspected fraud or
irregularity. The plan acts as a checklist of actions and a guide to follow in the
event of fraud being suspected
Purpose of the Fraud Response Plan
The plan is designed to enable a Company to:
(i) prevent further loss
(ii) establish and secure evidence necessary for criminal and/or disciplinary action
(iii) notify the Internal Auditor/Group Accountant immediately
(iv) enable the Internal Auditor/Group Accountant to contact the Director of
80

81. Finance promptly
(v) determine when and how to contact the police and establish lines of
communication
(vi) assign responsibility for investigating the incident
(vii) minimise and recover losses
(viii) review the reasons for the incident, the measures taken to prevent a
recurrence, and determine any action needed to strengthen future responses to
fraud
(ix) keep all personnel with a need to know suitably informed about the incident as
the investigation develops
(x) help promote an anti-fraud culture by making it clear to employees and others
that the Company will pursue all cases of fraud vigorously taking appropriate legal
and/or disciplinary action in all cases where that is justified
Action following detection – Stage 1
When any member of staff suspects that a fraud has occurred, he/she must notify
his/her Line Manager immediately. Speed is of the essence and this initial report
should be verbal and must be followed up within 24 hours by a written report
addressed to the Line Manager which should cover:
(i) The amount/value, if established.
(ii) The position regarding recovery.
(iii) The period over which the irregularity occurred, if known.
(iv) The date of discovery and how the suspected fraud was discovered.
(v) The type of irregularity and what led to it, i.e.:
was there a breakdown in the systems of internal control, or
is there any inherent weakness in the system of internal control which allowed it to
occur?
(vi) Whether the person responsible has been identified.
(vii) Whether any collusion with others is suspected.
(viii) Details of any actions taken to date.
(ix) Any other information or comments which might be useful.
Action following detection – Stage 2
On verbal notification of a possible fraud the Line Manager/Internal Auditor must
immediately contact the Director of Finance. It is a matter for the Line
Manager/Internal Auditor in consultation with the Director of Finance to decide
whether there is prima facie evidence of fraud in which case the police should be
notified immediately, normally by the Line Manager/Internal Auditor. On receipt
of the follow up written report, the Line Manager should forward this to the
Director of Finance.
81

82. Internal Audit also has an interest in fraud as the extent and nature of fraud within
a Division can give an indication of the soundness of that Division's systems. The
written report sent to the Director of Finance should therefore be copied to the
Internal Auditor. The rapid discovery and proper reporting of fraud can also be an
indicator of the strength of control within a Division.
The Director of Human Resources should also be informed or consulted as
necessary.
Initial Enquiries
Before completing the report above it may be necessary for line management to
undertake an initial enquiry to ascertain the facts. This enquiry should be carried
out as speedily as possible after suspicion has been aroused: prompt action is
essential. The purpose of the initial enquiry is to confirm or repudiate, as far as
possible, the suspicions that have arisen so that, if necessary, disciplinary action
including further and more detailed investigation (under internal disciplinary
procedures and/or the police) may be instigated. Internal Audit is available to
offer advice on any specific course of action which may be necessary.
Managers duty of care
Managers conducting initial enquiries must be conscious that internal disciplinary
action and /or criminal prosecution may result. If such action is later taken then
under proper procedure the member of staff concerned has a right to representation
and may have the right to remain silent. Utmost care is therefore required from the
outset in conducting enquiries and interviews.
In addition, in order to protect the Company from further loss and destruction of
evidence, it may be necessary to suspend the member of staff concerned
immediately the allegation has been made or following the submission of the
manager’s initial verbal report. Specific advice should be sought from Human
Resources before proceeding.
The Fraud Interview
1. The objectives of a formal investigation will be to establish as many facts
as possible about the case and present them in such a way that will allow
the determination of whether and how Departmental / Agency rules have
been broken, and / or whether criminal offences have occurred.
2. A member of staff has a duty to assist as an employee. A staff member has
the right to make a signed statement. He/she may take a reasonable
amount of time to peruse any statement he/she has provided before signing
it. Interviews will normally be carried out by two Investigation Officers.
82

83. 3. Where a member of staff has been invited for interview the Investigation
Officer will issue this Code of Practice along with the document ‘Rights at
a Fact Finding interview’ ten working days prior to the interview. All
interviews will be prefaced with a general statement explaining the
purpose of the investigation.
4. Before commencing the interview the Investigation Officers will remind
the member of staff of this Code of Practice and will also advise as
follows: -
“A Report on the findings of this investigation will be issued to Personnel
Branch. Personnel Branch are responsible for considering disciplinary
action, if appropriate, where a member of staff has contributed to a fraud
or other serious irregularity, either directly or indirectly. There are a range
of disciplinary penalties that can be exercised which are outlined in
Paragraph 2.4 of the Code of Practice.”
5. Where during the course of an interview a member of staff admits to
being involved in something which may be a criminal offence he/she will
be advised as follows: -
“We think that what you have just told us may be a criminal offence. This
information will now be referred to Personnel Branch to consider further
investigation. What you have told us may constitute serious or gross
misconduct and I have to remind you that there is a range of disciplinary
penalties that can be exercised against those involved in criminal activity,
including dismissal. This interview is now being terminated”.
Representatives at Interviews
A member of staff who is to be interviewed may, if he/she wishes, be
accompanied at the interview by a work colleague or a Trade Union Official
and the interview may be adjourned to allow for such attendance. If the
member of staff decides that he/she does not wish to have a work colleague or
Trade Union Official present this fact will be recorded and the member of
staff will be asked to sign a record at that stage.
If a member of staff who has elected not to have a work colleague or Trade
Union Official present decides in the course of the interview that he/she would
like to be accompanied or if, at any stage in the interview, it becomes apparent
that a member of staff has failed to carry out his/her duties in a proper manner
which, in itself, might call for consideration of formal disciplinary action, then
a further opportunity will be given for the member of staff to have a work
colleague or Trade Union Official present at the interview.
83

84. Role of representatives
A work colleague or Trade Union Official who accompanies a member of
staff at an interview will attend solely as the member of staff’s adviser and
may not answer for the member of staff being questioned; the member of staff
may, however, consult his/her work colleague or Trade Union Official during
the interview. The Investigation Officers will not enter into any discussion
during the interview with the member of staff’s work colleague or Trade
Union Official as to the propriety of the interview, or the conduct of it, or the
proceedings and questioning in general except to clarify the meaning of
particular individual questions if necessary.
Transcripts
A photocopy of statements made and responses to questions asked during the
interview will be provided to staff at the close of the interview. A typed copy of
the transcript will be issued to staff for signing
Use and protection of evidence
If the initial examination confirms the suspicion that a fraud has been perpetrated,
then to prevent the loss of evidence which may subsequently prove essential for
disciplinary action or prosecution, management should;
(i) take steps to ensure that all original evidence is secured as soon as possible;
(ii) be able to account for the security of the evidence at all times after it has been
secured, including keeping a record of its movement and signatures of all persons
to whom the evidence has been transferred. For this purpose all items of evidence
should be individually numbered and descriptively labelled;
(iii) not alter or amend the evidence in any way;
(iv) keep a note of when they came into possession of the evidence. This will be
useful later if proceedings take place;
(v) remember that all memoranda relating to the investigation must be disclosed to
the defence in the event of formal proceedings and so it is important to carefully
consider what information needs to be recorded. Particular care must be
taken with phrases such as “discrepancy” and “irregularity” when what is
really meant is fraud or theft.
Appointment of a case manager
Should the initial investigation indicate that there is prima facie evidence of fraud
it is critical that the Line Manager requests the Internal Auditor to oversee and
control the subsequent investigation. The request should be in writing and Terms
84

85. of Reference should also be agreed. The Internal Auditor should arrange for an
action plan to be put in place with, as far as is possible, a set timeframe and regular
reviews. The Internal Auditor has full responsibility for progressing the case and
whilst he/she can, and should, call on the assistance of various sources of help at
all stages (technical assistance, personnel, external audit, solicitors etc.) ultimate
responsibility and accountability in progressing the case should remain with that
officer (the Internal Auditor may however appoint a suitably qualified and
experienced Investigation Officer to carry out the detailed investigation work.)
The Internal Auditor should therefore have the necessary authority (i.e. the
appropriate rank and experience) to enable him/her to properly discharge these
duties. The Internal Auditor should also be independent from the matter in
question. It is the responsibility of the Internal Auditor to keep the Director of
Finance abreast of developments. In particular the Internal Auditor should report
all material developments promptly to the Director of Finance for onward
reporting to the Executive Team and Audit Committee.
Police Involvement
If the Line Manager, in consultation with the Director of Finance is satisfied that
there is prima facie evidence of fraud, then they must report the matter to the
police. Consultation with the police at an early stage is beneficial allowing the
police to examine the evidence available at that time and make decisions on
whether there is sufficient evidence to support a criminal prosecution or if a police
investigation is appropriate. Alternatively, the police may recommend that the
Company conducts further investigations and, generally, they will provide useful
advice and guidance on how the case should be taken forward.
If the police decide to investigate then it may be necessary for the Internal Auditor
to postpone further internal action and make suitable adjustments to the action
plan. However, the Internal Auditor should continue to liaise with the police at
regular intervals and report on progress made.
Company Fraud Register
The Internal Auditor should ensure that the Fraud Register, which is held by
Director of Human Resources, is updated with all the appropriate details including
the value of any loss to the Company as a result of the fraud.
Fraud Response Plan review
Following completion of the case, the Internal Auditor should prepare a summary
report on the outcome and lessons learned circulating it to all other interested
parties who must take the appropriate action to improve controls to mitigate the
scope for future recurrence of the fraud.
85

86. The report shall contain:
•A description of the incident/issues alleged including an assessment of the value
of any losses;
•The people involved and the means by which the fraud was allowed
to occur (highlighting any control and/or operating weaknesses within
the systems)
• Ascertain all possible facts relating to the alleged fraud;
•Measures needed to prevent a recurrence and a brief risk assessment as to the
viability of these;
• Future recommendations to minimise the risk of such an occurrence;
• A conclusion as to the way forward;
• Any other relevant material
Practical fraud case management case tips
i2 software assists fraud investigators in both the commercial and law enforcement
sectors. It is used by police, government and customs organizations, forensic
accountants, auditors and private investigators to tackle many different types of
fraud.
The challenge for fraud investigators is not a shortage of information but knowing
where to target their investigation and how to allocate precious time and resources.
i2 software assists fraud investigators by providing a solution that is easy to use
and delivers the power and flexibility needed for this type of work.
Understand the Information
Once information is captured and organized, fraud investigators need to clearly
understand which pieces of information are relevant and how they relate to each
other. Fraud investigators can use Analyst's Notebook to uncover hidden links in
their data and focus their investigation.
Analyst's Notebook techniques such as link analysis (shown below) can build a
picture of the people, organizations and events involved in any type of fraud
investigation. As the relationships between companies, individuals, accounts and
numerous transactions are uncovered, the working charts grow in complexity.
Investigators can then focus on individual aspects of their case, producing
simplified charts that cut to the heart of the case.
86

87. Analytical
charts help
investigators
Simplified
establish the
charts like
most
this one
significant
allow
areas of an
investigators
investigation
to focus on
and aid
particular
decision
aspects of a
makers in
case.
effectively
allocating
resources.
From the start of the investigation, investigators can record the details of all source
documents either on cards behind each chart element or through a direct link to a
database. This ensures that when the legal process begins, all documentary
evidence is organized and substantiates the charts.
These charts can be used as visual briefing aids that have proven effective in
communicating complex cases to team members, prosecutors and juries.
Timeline and Money Trail
To more closely examine the actions of fraud suspects, investigators can use
Analyst's Notebook to develop timeline charts that identify the precise sequence of
case related events.
All details from the beginning events to the apprehension of suspects are depicted
in this format. Timeline analysis helps fraud investigators effectively communicate
the timing of case-related events and can be used to summarize the investigation.
As with link charts, each event on the timeline chart includes a reference to its
source document or a direct link to a database.
Sophisticated white collar criminals often go to great lengths to hide their crimes.
Tracking down money, goods or other assets fraudulently obtained can be the
most challenging part of an investigation.
Dealing with lawyers and handling court situations in SFO Trials
The explanations below are designed to explain the procedure involved in being a
witness in court and to answer some of the most common questions a witness may
ask.
The Serious Fraud Office is committed to ensuring that the witnesses in its cases
are provided with the fullest possible information and assistance. The Director is
87

88. extremely grateful to all of you who agree to give evidence in SFO cases. Being a
witness is a vitally important public function.
As a witness in an SFO case you will have been given the name of the Case
Secretary in the SFO. Do please contact him or her if you have any queries.
If you have lost the Case Secretary's name or have any general questions
To ask, phone the SFO's Public Enquiries number or email
public.enquires@sfo.gsi.gov.uk.
Your evidence
A witness is someone who gives evidence to a court during a trial.
SFO cases are criminal cases and the person on trial is called “the Defendant”. The
name of the defendant is the name of the case:
“ Regina - v - JOHN BROWN “
Your evidence will consist of facts - things you know about or have seen or heard
or experienced. The court needs to hear from people with personal knowledge of
the facts of the case, to enable it to decide whether or not a defendant is guilty of
the offences he has been charged with.
You will probably already have been asked to write and sign a Witness Statement
for SFO investigators. You may also have provided documents or copies of your
documents that have a connection with the case (these are called your Exhibits).
Your evidence may be given verbally, in open court to the judge, jury, defendant
and lawyers; or
Your Witness Statement and Exhibits will be read to the court (without you
needing to be present).
You may already have had a letter from the Case Secretary telling you where and
when the case is going to court.
If you are unsure whether you need to go to court at all - contact the Case
Secretary.
If you have not yet signed a Written Witness statement but have been interviewed
or contacted by SFO investigators some time ago; contact the investigators. It may
be that your evidence is not needed after all.
88

89. Preparing to come to court
You may have made your witness statement some time ago and it may deal with
complicated matters. If you feel that you need to refresh your memory by seeing a
copy, please contact the Case Secretary.
It is important that you do not try to recall your evidence by talking to other
witnesses about it. If you know other witnesses already, please be careful not to
discuss the case with them. This could in certain circumstances amount to a
criminal offence
If anyone asks you, or has asked you, about your evidence, contact the case
secretary at once. In very rare cases you may be asked to give a statement, before
the trial, to the lawyers acting for the Defendant.
If you have reason to be worried about meeting the Defendant, his or her relatives,
or any other person, while you are at court, you should inform the case secretary.
If your English is not good and you would like an interpreter, contact the Case
Secretary.
If you have any disabilities or special needs, please contact the Case Secretary
If you have never been inside a court before and would like to arrange a visit
beforehand; contact the Case Secretary. Many local Crown Courts have open days
and guided tours which you are free to join.
You will be repaid your travelling expenses when you have given your evidence.
If you are travelling from abroad, discuss your needs with the Case Secretary. You
may be asked to bring all original exhibits with you to court. You will be allowed
to take these into the courtroom with you, but you will NOT be able to take your
Witness Statement with you. Do NOT bring anything else with you to court unless
asked to do so; but if you have any other documents you think might concern the
case, tell the Case Secretary.
Arrival at court
When you arrive at the Crown Court, please look at the list of cases, which will be
displayed on a Board inside the entrance hall.
The case will be listed under the name of the defendant as “R v (defendant's
name)”, with the number of the court where the trial is being heard. Alternatively,
you could ask a member of the court staff to help you.
You should wait at or near the door of the numbered court. The name of the case
will be on the wall by the door. The Case Secretary will be expecting you and will
introduce him/herself to you.
Do not go into court until you are called. Normally, witnesses are not allowed to
observe any part of the trial, until after they have finished giving their evidence.
You should not talk to other waiting witnesses about the case
89

90. Every effort will be made to avoid you having to wait at court for a long time,
before you are called to give evidence. However, delays can happen and can be
affected by a number of matters that are outside our control. Our aim is to ensure
that no witness is required to wait for more than two hours. We will do our best to
achieve this and will ensure that the case secretary at court keeps you informed of
the reasons for any delay and its likely length.
Many courts have a Witness care centre, staffed by volunteers who will help to
make your wait more pleasant.
Court procedure
When the court is ready, your name will be called by the usher and he or she will
show you where to stand.
You will be asked to confirm your full name and address. If you do not wish your
address to be given in open court, discuss your reasons before court with the Case
Secretary.
You will be asked to take an oath or affirm that the evidence you give will be true.
Christians, for example, are required to swear on the New Testament. However,
every court has arrangements in place to ensure that witnesses of different faiths
can take the oath in a form that is appropriate for them. Alternatively if you wish
you will be allowed to affirm instead of swearing an oath. If you have any
concerns about this you should let the Case Secretary or the court usher know.
Giving evidence
After you have taken the oath:
First you will be asked questions by SFO prosecuting counsel. This is called
"examination in chief". Next you will probably also be cross-examined by defence
counsel. Don't worry if you are not asked any questions by the defence - this only
means that they to do not dispute any part of your evidence. Finally you may be
re-examined by prosecuting counsel.
It is also possible that, at any time, the judge may ask you questions. He or she
should be addressed as 'Your Honour', or if he or she is a High Court Judge, as
'My Lord' or 'My Lady'. We will advise you which form of address is appropriate.
Take your time and speak clearly, so that the Judge, the jury and counsel can hear
you. If you do not fully understand a question, you should not be nervous about
saying so. Ask for it to be repeated.
Everyone involved in the trial process, including counsel and the judge are
concerned to ensure that witnesses are given the opportunity to give their evidence
fully and fairly.
90

91. If you encounter any difficulties whilst giving your evidence, for example if you
feel unwell and need to leave the court, or you need a chair or some water, you
should ask the judge.
If you wish to correct something you have said earlier, or if you believe that you
need time to refer to any documents, before you answer a question, please do not
hesitate to inform the judge.
If there is a break during your evidence (e.g. for lunch) the judge will warn you not
to talk to anyone about the case during the break. You will have to have lunch on
your own.
After giving evidence
If you would like to stay and listen to the trial after you have given your evidence,
you should ask the Case Secretary who will tell you if there is any reason why it
would not be advisable. For example, if there is any reason why you might be
recalled at a later stage of the case, you would be asked to leave court directly after
you have given your evidence.
After you have given your evidence, please be careful not to discuss the case with
any witnesses who have not yet been called.
The Case Secretary will hand you a Witness Expense Claim form. You will be
entitled to reimbursement of any travelling, any loss of earnings, or other expenses
you have incurred in coming to court. The form will explain your entitlement to
you. It would be helpful if you could obtain and keep receipts for any expenses.
You should receive payment for your claim within 14 days.
Conclusion - Time for a standard for corporate governance
Steve Priddy, ACCA's director of technical policy and research, argues that it is
widely accepted that part of the cause of the crisis has been the remuneration and
incentivisation packages for senior figures within the banking world. 'It seems that
their design has become too closely linked to short-term, relatively easy to
manipulate financial metrics,' he says. 'The traders of derivatives want to be able to
"book" profits immediately in order to have them recognised straightaway in the
employers' accounts and, thus, in the bonuses that they are awarded that year.'
ACCA has already led a debate on the use of performance bonuses, advocating
that they be related more closely to long-term financial performance and to
movements in cash flow, rather than profitability. 'This would at least give some
comfort to the owners of banking stock that rewards are not paid out until
proceeds have been banked,' explains Priddy.
91

92. He points out that chief executive pay has risen sharply in recent years. Between
1998 and 2007, the average FTSE 100 CEO salary rose 78% - with total
remuneration increasing by 287%, a rise of about 16% per annum. In the same
period, average income went up by 47% and the retail price index by 27%.
It is now time, Priddy adds, to reconsider other aspects of accepted business
practice – including elements of the Combined Code, such as the reliance on non-
executives. 'As business models become more complex - and nowhere have they
become more complex than in the investment banking world - it is claimed that a
fresh pair of eyes is vital to the health of the organisation,' explains Priddy. 'The
problem is that complexity, combined with quantum leaps in computing
technology, has made understanding the investment bank business model
incomprehensible to all but the most dedicated insider.'
Priddy continues that 'there do not appear to be enough chairmen around to chair
the boards of the world's largest listed companies'. This interpretation is the
inevitable interpretation of the relaxation of the Combined Code to allow a
chairman of a UK listed company to also be chaiman of other listed companies.
'All of which suggests we need to revisit some of the fundamentals of corporate
governance as it is experienced in Anglophone cultures,' concludes Priddy. 'A first
step in that process would be evaluating the experience in other non-Anglophone
jurisdictions. And, indeed, considering other forms of ownership and
management, such as that found at the John Lewis Partnership in the UK, or the
two-tier board model that exists in Germany.'
* The full text of Dr Steve Priddy's contribution to ACCA's debate on corporate
governance can be found on the ACCA website, at http://www.accaglobal.com/
Class work
Case Study
You have been given a variance report for the month of August 08. Prepare a
HAIR report highlighting the results of your analytical review and potential issues,
risks and actions that you would like to carry out.
Discuss the issues arising from the task
92

93. Differences in control procedures in a manual and a computer
environment
 Ability to carry out 100% checks on gross profit.
 Ability to do more checking because internal audit checks can be done
faster.
 Ability to do a TB check at any time
 Ability to do control account checks at any time
 Ability to take backups that can be stored in remote locations ( showing
last transaction number)
 Ability to prepare a Fraud dashboard
 Ability to prepare a HAIR report faster
 Look at many areas in unison ( number of journals raised, number of
credit notes raised issued, number of credit notes received) and so spot
complicated frauds easier
 Control access through access rights and the ability to see who posted
what
 Reduced staff requirement for regular duties and so making available more
staff for audit.
 Ability to do more random checks
Internal Accounting and Operational Controls in functional areas
Sales Controls
 No and value of credit notes issued
 Journals in sales
 Customers over credit limit
 No of invoices issued
 Overdue debts
 Cash received
 Have payment terms been adhered to
 Outstanding lodgements
 Last sales invoiced to certain customers
 Inspect seasonal changes
93

94.  Over and under payments
 Statements need to be sent to customers two weekly
Purchase Controls
 Duplicated payments
 No and value of credit notes received
 Disputed invoices and the dispute reasons
 Journals in purchases
 Suppliers over credit limit
 No of invoices received
 Overdue debts
 Cash paid
 Have payment terms been adhered to
 Outstanding payments
 Last purchase invoices received from suppliers (to hide fictitious invoices)
 Inspect seasonal changes
 Frequency of purchases
 Over and underpayments
Bank Controls
 O/s lodgements and payments
 Bank reconciliations (daily, weekly or monthly)
 Look at authorisation limits (Look at transfers below and above limits)
 Review m/e cash balances
 Value of cash receipts
 Look at payments without advices
 Look at LM predicted cash flow and compare to actual cash flow
 Look at the viability of transfers
 Bank take pictures of all payee’s drawing more than a certain amount.
94

95. Appendix – Definitions & Resources
Resources
ACCA - http://www.accaglobal.com/
ICAEW- http://icaew.com
AIA - www.aiaworldwide.com/
Accounting web - http://www.accountingweb.co.uk/
Sage – www.sage.co.uk
Tally - http://www.tallysolutions.com/
Definitions Related to Fraud
Cheque Kiting - In a kiting scheme, multiple bank accounts are opened and money is
“deposited” from account to account, although the money never exists. Floating makes
this possible.
Floating is the additional value of funds generated in the process of collection and arises
because the current holder of funds has been given credit for the funds before it clears the
financial institution upon which it is drawn.
Defalcation is another name for employee fraud and embezzlement.
Direct effect illegal acts are violations of laws or government regulations by the company
or its management or employees that produce direct and material effects on dollar
amounts in financial statements.
Embezzlement is a type of fraud involving employees’ or non employees’ wrongfully taking
money or property entrusted to their care, custody, and control, often accompanied by
false accounting entries and other forms of lying and cover up.
Employee Fraud is the use of fraudulent means to take money or other property from an
employer. It consists of three phrases: (1) the fraudulent act, (2) the conversion of the
money or property to the fraudster’s use and (3) the cover up.
Errors are unintentional misstatements or omissions of amounts or disclosures in financial
statements.
“Illegal Acts” (far removed) are violations of laws and regulations that are far removed from
financial statement effects (for example, violations relating to insider securities trading,
occupational health and safety, food and drug administrations, environmental protection,
and equal employment opportunity).
Incentive/pressure is a motive a person experiences and believes is non-shareable with
friends and confidants.
1. Psychotic: “habitual criminal” who steals for the sake of stealing.
2. Egocentric: Personal prestige, goal achievement.
3. Ideological: Cause is morally superior, justified in making other victims.
95

96. 4. Economic: Desperate need for money, greed, economic achievement.
Irregularities are misstatements or omissions of amounts or disclosures in financial
statements that are NOT unintentional.
Lapping is stealing one customer’s payment and crediting the customer’s account with the
payment by another customer. The second customer’s account is later credited by yet a
third customer.
Larceny is simple theft of an employer’s property that is not entrusted to an employee’s
care, custody or control.
Management Fraud is intentional misstatements or omissions of amounts or disclosures in
financial statements. Opportunity is an open door for solving the non-shareable problem in
secret by violating a trust.
1. Weak internal controls
2. Circumvention of internal controls
3. The greater the position, the greater the trust and exposure to unprotected assets.
Predication is any information that gives a fraud examiner (or another person who informs
the fraud examiner) a reason to believe a fraud occurred, may have occurred, or may be
presently occurring. The information may come from an anonymous tip, from an employee
noticing something wrong, or from an auditor noticing something suspiciously wrong.
Unimpeachable integrity is the ability to act in accordance with the highest moral and
ethical values all the time. This is practically impossible, so fraudsters will rationalize:
1. I need it more than the other person.
2. I’m borrowing and will pay it back later.
3. Everybody does it.
4. The company is big enough that it won’t miss it.
5. Nobody will get hurt.
6. I deserve it.
7. It’s for the greater good.
White Collar Crime is fraud perpetrated by people who work in offices and steal with a
pencil or a computer terminal. The contrast is violent street crime.
Forensic auditing could be defined as the application of auditing skills to situations that
have legal consequences.
http://www.asosai.org/asosai_old/journal2001/forensic_auditing.htm
Forensic accounting is the specialty practice area of accountancy that describes
engagements that result from actual or anticipated disputes or litigation. "Forensic" means
"suitable for use in a court of law", and it is to that standard and potential outcome that
forensic accountants generally have to work. Forensic accountants, also referred to as
forensic auditors or investigative auditors, often have to give expert evidence at the
eventual trial.[1] All of the larger accounting firms, as well as many medium-sized and
boutique firms, have specialist forensic accounting departments. Within these groups,
there may be further sub-specializations: some forensic accountants may, for example,
just specialize in insurance claims, personal injury claims, fraud, construction,
orroyalty audits.
http://en.wikipedia.org/wiki/Forensic_accounting
96