Back to Fraud Information Articles
© September/October 2003
Association of Certified Fraud Examiners
Fear Not the Software
Proactively Detecting Occupational Fraud Using Computer Audit Reports
By
Richard
B. Lanza,
CPA,
PMP,
ACFE
Associate
Member
While occupational fraud takes various forms, the result is always the same: The numbers generated by fraud cannot hold up to
the unfailing logic of the accounting equation. If executives add false sales and accounts receivable to increase the company’s
revenue, profits and cash always will be out of kilter. Technology advancements have allowed this “accounting equation” to be
systemized into computer logic and applied to company data.1 Results of this logic could take the form of a simple matching of
the human resource file to the accounts payable vendor master file or it could be an advanced neural network application
focused on detecting money laundering schemes.
Whether simple or advanced, data analysis provides many benefits in the prevention, detection, and prosecution of fraud. On
one hand, entities and their fraud examiners gain insight on 100 percent of transaction data versus more limited manual
methods of selection. Also, this approach generally can be completed in less time than manual procedures because of the
automation. Entities also gain improved business intelligence because the generated reports often lead to conclusions beyond
just the occurrence of fraud.
Though advanced technology simplifies data analysis, few entities robustly use the new software tools to detect fraud. In this
article, I would like to relieve the fears of frauds examiners and encourage them to incorporate systems that, I am sure, will
become components of their routine audits and fraud examinations.
The following information and much more is contained in a longer paper I wrote, in conjunction with the Institute of Internal
Auditors (IIA) Foundation, “Proactively Detecting Occupational Fraud Using Computers.” Download the document at
www.theiia.org/ecm/iiarf.cfm?doc_id=4248. And beginning with the November/December issue of The White Paper I will write a
column on practical ways to use data analysis tools.
Overcoming the Obstacles
So what is holding back users from implementing these tools to better detect fraud? Following are the top three audit software
implementation challenges with proposed solutions for overcoming them:
“ I don’t know how to apply software to the prevention and detection of fraud.”
The new “Proactively Detecting” document matches the list of potential computer reports to every occupational fraud per the
ACFE’s uniform occupational fraud classification system. In the past, fraud examiners used basic tests (i.e., extract P.O. box
addresses, match human resource to vendor master file, etc.) but now with nearly 250 reports categorized by fraud type, you
can easily apply computerized methods to the prevention and detection of fraud. Although the computer report list is extensive,
it is far from finished. In fact, it will never be finished as long as fraudsters can dream up new schemes. Therefore, I plan to
periodically update the document.
“ I have difficulty in obtaining data.”
Getting data is one of the most difficult hurdles to overcome, especially for the “technology uninitiated.” However, all accounting
packages now easily export date whether in a digital report format or a spreadsheet. You can ask staffers from your
management information services (MIS) department for assistance in downloading data if you give them specific instructions.
Fraud examiners need to know what reports to run, which will naturally drive the data elements to request. In the next section,
I walk you through the data request process. (The “Proactively Detecting” document on the Web provides the data files to
execute the intended reports.)
“ I am not very computer literate.”
Because applications developers write many of the articles on data analysis in professional publications, it is not surprising that
they talk mostly about the benefits, features, and competitive differences of software tools. But these developers miss the point
– technology is ubiquitous; know-how is not. Lack of tools is not the problem – even Microsoft Excel, which resides on most PCs,
can double as audit software.
The software community should focus more on showing users how to choose the necessary reports for the specific frauds versus
how to code them into a software package. MIS departments or outside consultants can complete the coding but fraud
examiners need to learn how the specific reports will help them in their examinations.
How to Get Started
“ Proactively Detecting” provides a step-by-step process to analyzing data, as summarized here:
Steps One and Two: Assess Risk and Determine Areas
Any good audit software assessment begins with risk assessment. Blindly running fraud reports is like playing darts in the dark –
it is not very effective and someone usually gets hurt. Therefore, it is best to first start identifying fraud-prone areas and then
use ACFE’s uniform fraud classification to pinpoint the precise frauds that are of most concern.
Once you have selected a fraud type (i.e., Billing Schemes), flip to that section of “Proactively Detecting” and review the
associated reports. There are roughly 20 reports for every fraud type. You may want to use the “piggy-back” brainstorming
method in which you and other fraud examiners identify numerous other permutations of a selected report.
For example, you may use the report, “Extract customer sales that exceed the 12-month average sales from that customer by a
specified percentage (i.e., 200 percent)” on page 7 of the Reports section of “Proactively Detecting,” to identify fictitious sales
entries. A piggy-back report may be the same report but only if the sale was posted in the past month of the year and the
customer was newly added during the year. This refinement to the stated report increases the odds of identifying a fraud since
sales entered in the last month of the year may be done to fraudulently increase sales immediately prior to year end especially
when it relates to a new (and potentially phony) customer. Therefore, through brainstorming, fraud examiners can expand their
potential tests while also refining the selected reports to be more specific to particular entities. Do not rush the planning portion
of this assignment; use roughly 30 percent to 40 percent of the allotted project time for running these reports. This time spent
is so critical because it drives the rest of the process and the ultimate effectiveness of the resulting fraud detection tests.
Steps Three and Four: Select Software and Get Data
The list of identified reports drives the actual software to complete the exercise. Note that the report list provided in “Pr oactively
Detecting” identifies the actual test being completed in the report. The table below in this article is a summary of software tests
and proposed products to execute the reports.
Once you know your reports and your software tools, you can arrange a data request letter to obtain the actual data files for
testing. To jumpstart the process, simply tally up the data files identified in the “Proactively Detecting” document. Within each
file (i.e., Paid History file), it is generally wise to identify the specific data fields needed (i.e., vendor number, vendor name,
invoice amount, etc.). Once again, the report being executed drives the process to arrive at a final list of files and fields to
request.
With the final list, a data request letter (a sample is in “Proactively Detecting” below of the Getting Data section) should be
issued to the organization with the following key elements:









specific data fields/files needed;
format of files needed (i.e., text, comma delimited, Excel file, etc.);
record layout of the file explaining the fields in each of the provided files;
timing of the transfer (i.e., one time, monthly, etc.);
method of transfer (CD, email, floppy disk, etc.);
arrangements for verification information (see below);
a printout of the first 100 rows and match “on screen” to the data file;
computed totals for key data fields that are agreed to control totals supplied by the company’s MIS personnel; and
agreed account totals to general ledger balances.
If you are using an entity’s report writer to execute your tests, you will need to identify the required data elements (i.e., vendor
name, employee number, invoice amount, etc.) but will not need to specifically extract data because it will reside within the
system.
Step Five: Run Reports
After receiving the data file, all that is left is to execute the actual report and deliver the answer. Although “Proactively
Detecting” does not specifically explain how to run each of these tests, many of them can be completed with minimal training
(i.e., horizontal analysis in Excel). With additional training, you can process these reports or your MIS Department can run the
tests in the entity’s report writer.
Fraud examiners should not be afraid to use the numerous software tools to prevent, detect, and prove fraud. Begin with
“Proactively Detecting Occupational Fraud Using Computer Reports” and then find more than 100 free tools at
www.auditsoftware.net/community, a site that works to increase organizational benefits from the use of audit software.
You cannot be left behind as technological techniques advance. Take that first step and apply these data analysis methods in
your next fraud-fighting assignment. Come on in – the water is fine.
Rich Lanza, CPA, PMP, is an Associate member of the ACFE, and a manager of internal audit at a Fortune 200 retailer, where
he focuses mainly on using computer-assisted audit tools to improve business intelligence, increase efficiencies, and identify
bottom-line savings. He is the founder of the nonprofit Web site, www.auditsoftware.net/community and headed the Program
Management Office at the American Institute of Certified Public Accountants. He is the recent recipient of the ACFE’s Outstanding
Achievement in Commerce Award. His e-mail address is: questions@richlanza.com.
The opinions in this article are the author’s and do not necessarily represent the policies or positions of his employer.
1 Foreword by Joseph T. Wells, CFE, CPA, “Proactive Fraud Detection of Occupational Fraud Using Computer Reports,”
www.theiia.org/ecm/iiarf.cfm?doc_id=4248
Test
Description
Software Tool
Horizontal Analysis
Analyzes the increases and decreases in a given balance – normally
financial statement items–over two or more periods. This can be
completed for balance sheet, income statement, and/or
budget to actual analysis.
Excel (Microsoft)
Vertical Analysis
Examines the elements of a financial statement for a single period
whereby each balance sheet item is shown as a percentage of the
total assets and every income statement item is shown as a
percentage of the net sales.
Excel (Microsoft)
Ratios
One or more balances are compared with one or more other balances Excel (Microsoft)
such as the relation of total assets to the net sales of an
organization. Ratios can be organized into broad categories of
“Liquidity/Debt” (used to measure a company’s ability to pay its
vendors or debt obligations in a timely manner) and “Profitability”
(indicate the success of the organization in earning a net return on
sales or on an investment).
Trend Analysis
Comparing any of the analytical tests (horizontal, vertical, ratio, etc.) Excel (Microsoft)
described above over two or more periods. The use of trend analysis
is practically a given in doing any fraud work because fraud tends to
create variances over time that would go undetected if only the
single year was being analyzed.
Performance Measures
The identification of critical success factors that lead to measures can Excel (Microsoft)
be tracked over time to assess progress made in achieving specific
targets linked to an entity’s vision. For example, the following
represent a sampling of performance measures that could be used
for accounts payable processing:
• number of invoices processed;
• number of open invoices at period end; and
• average invoice dollar amount.
Stratification
Counts the number and dollar value of records of a population falling ACL
within specified intervals. Stratifications also provide a useful view
Excel (Microsoft)
into the largest, smallest, and average dollar transactions.
IDEA
Aging
Similar to stratification in that it produces aged summaries of data
based on established cutoff dates.
ACL
Excel (Microsoft)
IDEA
Digital Analysis/
Benford’s Law
Audit technology designed to find abnormal duplications of specific
digits, digit combinations, specific numbers, and round numbers in
corporate data. Since the objective is to find abnormal duplications,
Access (Microsoft)
ACL
Excel (Microsoft)
auditors need a benchmark that indicates a normal level of
IDEA
duplication. Benford’s Law gives auditors the expected frequencies of
the digits in tabulated data. The premise is that we would expect
authentic and unmanipulated data to exhibit these patterns. If a data
set does not follow these patterns, this may be a cause for auditor
concern and review.
Regression
Regression analysis calculates a dependent variable balance (i.e., net Excel (Microsoft)
sales) based on various independent variables (i.e., product
purchases, inventory levels, number of customers, etc.). Note that
this test generally provides the greatest level of precision because an
explicit expectation is formed using all relevant data is incorporated
into the model. It also provides a specific precision percentage for
each test so that the auditor can assess the reliability of the test. For
more information on regression analysis, please see the following
article:
www.auditsoftware.net/community/how/tool/tools/regexce.doc
Append/Merge
Combines two files with identical fields into a single file. An example
would be to merge two years worth of accounts payable history into
one file.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
Calculated Field/Functions Creates a calculated field (which can use a function such as ABS for
the absolute value of the field) using data within the file. For
example, the net payroll pay to an employee could be recalculated
using the gross pay field and deducting any withholding/taxes.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
Duplicates
Identifies duplicate items within a specified field in a file. For
example, this report could be used to identify duplicate billings if
invoices within the sales file.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
Extract/Filter
Extracts specified items from one file and copies them to another file, Access (Microsoft)
normally using an “if” or “where” statement. Examples include
ACL
extracting all balances over a predefined limit.
Excel (Microsoft)
IDEA
Entity’s report writer
Export
Creates a file in another software format (e.g., Excel, Word) for
testing. An example would be to export customer address
information to Word for “Mail Merging” to customer confirmation
letters.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
Gaps
Identifies gaps within a specified field in a file. For example, identify
any gaps in check sequence.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
Index/Sort
Sorts a file in ascending or descending order. An example would be
sorting a file on Social Security number to see if any blank or
“999999999” numbers exist.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer)
Join/Relate
Combines specified fields from two different files into a single file
using key fields. This function is used to create relational databases
on key fields. For example, the vendor master file could be related to
the invoice file to obtain address information for each invoice.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
Sample
Creates random or monetary unit samples from a specified
population.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Summarize
Accumulates numerical values based on a specified key field. An
example would be summarizing travel and entertainment expense
amounts by employee to identify unusually high payment amounts.
Access (Microsoft)
ACL
Excel (Microsoft)
IDEA
Entity’s report writer
The Association of Certified Fraud Examiners assumes sole copyright of any article published in Fraud Magazine. Fraud Magazine
follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced.
Requests for reprinting an article in any form must be e-mailed to: FraudMagazine@ACFE.com.