Back to Fraud Information Articles
© July 2004
Association of Certified Fraud Examiners
Beating Fraud Through Internal Auditing
Red Flags and Sources of Information For Internal Audit
By
George
Mullins,
CFE,
MBA,
CIFI
Presented at the ACFE's 15th Annual Fraud Conference
Las Vegas, NV; July, 2004
S
tudies show that most fraud against businesses originates from within. In this presentation, you'll learn some of the red
flags that may indicate potential financial and ethical problems within an organization and sources of information that the
internal auditor can use to proactively detect these vulnerabilities.
Introduction
The discussion will center on the methods and systems of records available to the public and by subscription to learn if a
person is at risk for compromise or fraud due to a change in their needs. While Internal Controls can be very tight and
stringent, they can still be compromised by a determined individual with a rationalized, real, or imagined need. The SarbanesOxley Act, as well as the public and legal environment, will exact a stiff price from a company and responsible managers and
employees for violating their responsibilities and the public trust. Our topic will focus on two parts of the Fraud Triangle with
the primary focus on identifying the Needs or Pressure and secondarily on the Rationalization of the act to commit fraud
against the company. The third part of the triangle, Opportunity, will not be addressed.
Word of Caution
The investigative tools and methods discussed in this presentation should be discussed with the appropriate legal counsel
before implementation. There are several sections of the Fair Credit Reporting Act (FCRA) involving third-party information and
its use in adverse employee actions that will be included in this discussion.
There is not time in this discussion, nor am I qualified to competently discuss these details of the FCRA. For this reason I am
recommending that you discuss the pertinent portions of this presentation with the appropriate counsel before implementation.
A link to the FCRA is at the end of this presentation under websites for Sources of Information.
Areas for Potential Use/Application of these Methods
 Internal audit for a proactive approach to identifying potential engagements and a reactive approach to identify the
scope of potential problem areas as to who may be involved, how much may be at risk, and for how long the situation
may have occurred.
 Audit committees for compliance with Sarbanes-Oxley Act regulations.
 Mergers and acquisitions for due diligence.
 Corporate counsel for due diligence and litigation support.
 Human resources for a more thorough due diligence and background of selected potential and current senior
management and sensitive level employees.
Compliance with Sarbanes-Oxley Act
The Sarbanes-Oxley Act (SOA) addresses both internal controls and the people who implement and manage them. While a
person may start out with a clean slate or background, things may occur during their employment that may put them at risk to
violate the trust put in them by their position, company, and peers. Typically they will not discuss this change in need with
anyone, but there typically will be a paper trail to follow if the appropriate records are obtained and reviewed in a systematic
and prescribed manner.
Potential Red Flags to Watch For
The changes that follow will not be subtle changes, but will typically be big swings from one extreme to another that are not
readily explainable, but can negatively affect cash flow.
 Lifestyle changes:
+ Divorce
+
College
+
Medical
+
Gambling
+
Inheritance
 Personal changes:
+ Bankruptcy
+
DUI
+
Civil/Criminal Cases; State/Federal jurisdictions
+
Uninsured losses
+
Establish business
+
Second home
+
New home
+
Remodel home
 Outward signs of lifestyle changes:
+ Car
+
Clothing
+
Jewelry
+
Vacation
+
Investments
+
Hobbies
+
Gambling
+
New toys
How to Detect These Red Flags
 Management
 Company newsletters
 Co-workers
 Former employees
 Vendors
 HR and ethics hotlines
 Newspaper and Internet
 Clipping service
 Courthouse
 Other public records sources
How to Prove These Red Flags
PUBLIC RECORD INFORMATION
Changes in lifestyle and personal, family changes can be determined through newspaper, Internet, local, state and federal
public records, and data base research firms. Many public records are now available over the Internet at no or nominal cost.
There are many records available over the Internet and this should be utilized at every opportunity to maximize efficiencies. To
make sure of the authenticity of the information, it is preferable to follow up and obtain a hard copy of the records from the
original source, the courthouse, to insure there are no mistakes on the Internet records.
Information from public records identifies a specific person with a specific record for a specific action or activity. Public records
will provide the following:
 Civil suits show people involved, the complaint, time line, attorneys involved, witnesses, addresses, monies claimed,
depositions, and disposition. Divorces will additionally show agreements, property dispositions, child support payments,
and visitations.
 Criminal cases show people involved, charges, bonds and who signed the bond and collateral used, time line, attorneys
involved, witnesses, DOB, SSN, and disposition.
 Traffic records show description of vehicle, violation, address, DOB, SSN, driver's license number, time line, and
disposition.
Probate records show land purchases, sales, mortgages, foreclosures, state and federal tax liens, some military
discharges, personal papers, UCC, and mechanics liens.
 County tax assessor records show who owns property and their address, property and improvements values, dates, and
deed books and plat maps.
 County inspection records show building, remodeling, other improvements permits, general costs, and items of work to
be done.
Bankruptcy records show type of bankruptcy, addresses, DOB, SSN, others involved, property involved, creditors,
payment history, claimed assets, and creditors.
 The bankruptcy trustee may also have information they may share based on reason for request.
 The HHS-OIG shows lists of individuals and businesses that are excluded from participating in Medicare, Medicaid, and
all Federal health care programs.
 The GSA-OIG shows broad reasons for and list of individuals and businesses that are excluded throughout the U.S.
Government (unless otherwise noted) from receiving federal contracts or certain subcontracts and from certain types of
federal financial and non financial assistance and benefits.
 The GAO-OIG has an excellent guide for sources of information for investigators.
Subscriber Sources of Public Information
Check with the administrative department of the courts for the specific state you are interested in to determine if they have a
vendor to post the courts public record information over the Internet.
The information shown on the Internet is limited and brief. Its value is covering a great deal of information and large
geographic area from a single location. It saves a lot of time and human resources by focusing only on the courthouses that
house the information needed for the inquiry.
Based on limited research there are at least three states with full or partial criminal and civil records on the Internet through
third-party providers. These states are Alabama, Colorado, and Louisiana.
The federal criminal, civil, and bankruptcy records are also on the Internet.
There are some counties/states that have some of their probate records (property deeds and mortgages) on the Internet.
These sites are noted at the end of this presentation.
Subscriber Sources of Information
Some of the database research vendors are:
 Accurint
 Carfax
 ChoicePoint
 Dun and Bradstreet
 Lexis-Nexis
 Merlin
Database research vendors' fees are dependent on the type and depth of reports and services ordered. There are also some
reports which may be ordered that require search requests by mail and in person. The costs range from $.25 to $65 or more
depending on the state and type and number of records needed and if the contact needs to be in person.
The type of information covered includes: names, addresses, telephone numbers, dates at particular addresses, DOB, SSN,
businesses, corporations and officers, vehicle, plane and boat registrations, professional licenses, public records, associates
and names associated with a SSN, and professional disciplinary actions. Some also offer a linking/mapping service with
information contained in their various reports to assist in determining organizational or associates charts.
Public Sources of Information
All states and many counties and cities have websites that offer, at a minimum, contact e-mail addresses, names, and
telephone numbers. Most states will be able to verify corporations and UCC's (financing statements for certain types of loans)
on their Secretary of State website.
Other examples of public sources of information sites are verification of professional licenses and disciplinary action, which is
public record. Examples are doctors, chiropractors, and accountants.
Another site would be The Better Business Bureau for the area(s) you are interested in.
Piles of Paper and Tons of Information - What is its Importance?
The examples above show the potential financial costs and a person's need for cash (theirs or your company's). The sources of
information discussed can help provide details, time frames and scope of costs, as well as a person's need for money. If the
need is in excess of their salary, bonus and/or other known sources of income/revenue, the question becomes where is the
extra income coming or going to coming from?
Examples would be:
 Moving from a neighborhood with an average income of $100,000 to one with a $300,000 average income with no
known promotion or substantial bonus in the past few years.
 A civil suit and judgment involving an accident in which the person or a family member did not have insurance and they
were responsible for the judgment and the house or other assets were forfeited.
 Bankruptcy over a bad side business start-up or credit cards or uninsured medical costs.
 Starting up a new business either as a side business or for a family member, friend, or as a business partner.
If there are no readily accessible explanations, a potentially prudent course could be an engagement involving the person's
areas of responsibility. If improprieties are uncovered you may match the known impropriety with the person's identified
financial needs that were identified in the initial research.
If their needs greatly exceed the discovered impropriety, consideration may be made to expand the engagement to a longer
period of time, previous areas of responsibility or to areas where the person has lesser responsibility, but some control.
This discussion covers additional tools to conduct proactive and reactive engagements to assist the internal auditor in
determining the adequacy of controls and the personnel who manage and implement them.
Websites for Sources of Information
Please e-mail me at gwmullin@yahoo.com to have this list e-mailed to you with hot links to these sites. This list is updated
constantly and new sites may have been added since April 2004.
 Federal Trade Commission website for the complete text on the Fair Credit Reporting Act.
http://www.ftc.gov/os/statutes/fcra.htm
 Health and Human Services, Office of Inspector General website
http://oig.hhs.gov/
 General Services Administration - Excluded Parties List (Debarred Bidders List)
http://www.gsa.gov/Portal/gsa/ep/contentView.do?contentType=GSA_BASIC&contentId=12888
 General Accounting Office website
http://www.gao.gov/
 Link to "Investigators Guide to Sources of Information OSI-97-2"
http://frwebgate.access.gpo.gov/cgi-bin/multidb.cgi
 Alabama State Judicial Information System - http://alacourt.com/
Shows summaries of civil, criminal, divorce, traffic, and child support cases from all state/county jurisdictions in
Alabama. Available through subscription, moderate cost.
 Alabama Secretary of State - http://www.sos.state.al.us/
Shows various pieces of information. Items of interest to investigators are corporations and the officers, UCC financing
statements filings, and political action committees. Free over the Internet.
 Administrative Offices of the U.S. Courts, PACER (Public Access to Court Electronic Records) http://pacer.psc.uscourts.gov/
Shows summaries of federal, civil, criminal, and bankruptcy cases for those jurisdictions who participate and are on-line.
Available through subscription, nominal cost.
 State & local government homepages - http://www.statelocalgov.net/index.cfm/state/index.cfm
Home pages for state, local government, and selected national organizations to gain access to those agencies and
groups who have information available on the web. Free and on the Internet.
 ChoicePoint - http://atxp.dbt-online.com/
Vendor database with information on name, SSN, DOB, address, property (land, car, boat, plane) business, driver's
license, court and insurance, among other pieces of information. Available through subscription; medium cost depending
on use, type, and number of requests.
 Carfax - http://www.carfaxonline.com/index.cfm?page=header
Information on car title, VIN for flood, lemon, salvage, rebuild and state where vehicles titled. Available through
subscription; medium cost depending on use and number of requests.
 Accurint - http://accurint.com/
Vendor with information on name, SSN, DOB, address, property (land, car, boat, plane) business, driver's license, court
and insurance, among other pieces of information. Available through subscription, moderate to medium cost depending
on use, type, and number of requests.
 ISO ClaimSearch, All Claims Database- https://claimsearch.iso.com/
Insurance claims search database warehouse. Membership and subscription required.
 Law Enforcement Department locator - http://search.officer.com/agencysearch/
Locate law enforcement department home pages, chiefs and address, e-mail, or phone numbers. Free on the Internet.
 State by State Criminal Records Availability - http://www.peoplesearch.com/peoplesearch/info_state.html
Information on the list is free to view, but subscription is required to obtain information from vendor.
 PeopleSearch.com, http://www.peoplesearch.com/
 State and Professional Organizations Boards for disciplinary actions. These examples are for Alabama Board of Medical
Examiners for doctors - http://www.docboard.org/AL/ and for Alabama State Board of Public Accountants http://asbpa.state.al.us/contactus.htm.
George Mullins is a senior investigator with the Organized Activity Unit, Special Investigation Unit, State Farm Mutual Automobile Insurance
Company, Birmingham, AL. This unit focuses on coordinated and organized activities between groups of individuals and business entities attempting
to defraud policyholders and the company. The Special Investigation Unit, Southern Zone is composed of 66 investigators in Alabama, Mississippi,
South Carolina, and Georgia. George has been with State Farm for 16 years. Previously he was an Inspector, Criminal Investigator, Internal Security
Division, Internal Revenue Service for 9 years covering Tennessee, Mississippi, Alabama, and Georgia.
Mr. Mullins is a Certified Fraud Examiner (CFE) through the Association of Certified Fraud Examiners, a Certified Insurance Fraud Investigator (CIFI)
through the International Association of Special Investigation Units and is an Associate in Claims (AIC) through the Insurance Institute of America.
He received his MBA from the University of Alabama, Executive MBA program in 2000 and his Bachelor's degree in Law Enforcement from the
University of Memphis.
He is on the Board of Directors for the Birmingham Chapter of Certified Fraud Examiners; Vice President of the Alabama Chapter of the International
Association of Special Investigation Units; and Vice Chairman and webmaster for the Birmingham Chapter of the American Society for Industrial
Security.
George Mullins has given numerous presentations on Sources of Information and Fraud Awareness to professional, civic, and academic audiences.
He and his wife, Cindy, have two daughters and live in Birmingham, AL. He can be reached at (205) 944-8196 or gwmullin@yahoo.com.
The Association of Certified Fraud Examiners assumes sole copyright of any article published in Fraud Magazine. Fraud
Magazine follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or
reproduced. Requests for reprinting an article in any form must be e-mailed to: FraudMagazine@ACFE.com.