forensic audit
advertisement
FORENSIC AUDIT (PENGAUDITAN FORENSIK) TAKLIMAT KEPADA JURUAUDIT DALAM 27 JUN 2008 OLEH: SAADATUL NAFISAH BT BASHIR AHMAD JABATAN AUDIT NEGARA Definition of Forensic Auditing Define as the application of auditing skills to situations that have legal consequences. Is the investigation of fraud or presumptive fraud with the view to gathering evidence that could be presented in a court of law. The auditor need to investigate cases of suspected fraud so as: To prove the suspicious To identify the persons involved Support the findings by evidence To present the evidence in an acceptable format In any subsequent disciplinary or criminal proceedings 2 Definition of Forensic Auditor Someone who can look behind the facade-not accept the records at their face value Someone who has a suspicious mind that the documents he or she is looking at may not be what they purport to be and Someone who has the expertise to go out and conduct very detailed interviews of individuals to develop the truth, especially if some are presumed to be lying. 3 Approach Accounting Internal and External Forensic Accounting Auditing Planning Risk Assessment Internal controls Audit Evidence Reporting Accounting Litigation Matters and Investigations Fraud Prevention and Deterrence Detection Investigation Remediation U.S. Dept. of Justice, Education and Training in Fraud and Forensic Accounting: A Guide for Educational Institutions, Stakeholder Organizations, Faculty and Students, Draft Copy, December 23, 2005. 4 Forensic Auditing Areas Investigative Auditing Litigation Support Forensic: Latin for “forum,” referring to a public place or court. Black’s Law Dictionary: Forensic, belonging to the courts of justice. 5 Forensic Auditing Knowledge Base LAW Investigative auditing Accounting Criminology Forensic Auditor 6 Why Growth in Forensic Auditing Increase in fraud. Less loyalty to organization. Employee mobility. Change in societal values. 1. 2. 3. 4. a. b. c. 5. 6. 7. 8. 9. 10. Break-up of family unit. Less religious. Less ethics. Computers replacing accounting functions. External accountants are looking for new jobs. Higher insurance premiums for auditing. Auditors became sales people. Grade inflation/coursework deflation. Enron/WorldCom/Xerox. AICPA issued SAS No. 99. 7 Forensic Auditing Factors Time: Forensic auditor focuses on the past, although it may do so in order to look forward (e.g., damages, valuations). Purpose: Forensic auditing is performed for a specific legal forum or in anticipation of appearing before a legal forum. Peremptory: Forensic auditors may be employed in a wide variety of risk management engagements within business enterprises as a matter of right, without the necessity of allegations (e.g., proactive). ---------------------------------------------- With a single clue a forensic auditor can solve a fraudulent mystery. 8 One Small Clue A former Scotland Yard scientist tried to create the world’s biggest fraud by authenticating $2.5 trillion worth of fake U.S. Treasury bonds. When two men tried to pass off $25 million worth of the bonds in Toronto in 2001, a Mountie noticed the bonds bore the word “dollar” rather “dollars.” Police later raided a London bank vault and discovered that the bonds had been printed with an ink jet printer that had not been invented when the bonds were allegedly produced. Zip codes were used even though they were not introduced until 1963. 9 Differences Between Auditing/Forensic Investigation Auditing 1. Recurring 2. Express an opinion 3. Follow GAAS and SAS 99 4. Materiality important 5. Sampling activity analysis 6. Use professional skepticism 7. Audit program Forensic Investigation 1. Non-recurring 2. Resolve an allegation or deterrence review 3. Follow consulting standards 4. Materiality not important 5. Detailed financial 6. Establish scienter 7. No set of rules 10 Financial Audit v. Forensic Audit The typical financial audit is a sampling activity that doesn’t look at every transaction and can therefore be exploited by someone who knows how to rig the books. Forensic accounting focuses on a specific aspect of the books and examines every digit. While the average accountant is trying to make everything add up, a forensic accountant is performing a detailed financial analysis to find out why everything doesn’t or shouldn’t add up. It’s a far more time-consuming enterprise and can be significantly more expensive than regular auditing work. Jake Poinier, “ Fraud Finder,” Future Magazine, Fall 2004, 11 Ernst & Young Study (2005) 82% of total losses can be attributed to staff. 33% of the most serious frauds were committed by the organization’s own management. Most with company more than 5 years (25% more than 10 years). Theft of cash and purchasing schemes (i.e., employee kickbacks) constituted the majority of frauds. Reasons: Poor internal controls and finance directors had a limited knowledge of internal 12 controls. Ernst & Young 2002 Survey • More than 20 percent of the respondents were aware of fraud in their workplace. • Nearly 80 percent would be willing to turn in a colleague thought to be committing a fraudulent act. • Employers lose a staggering 20 percent of every dollar earned to some type of workplace fraud. • More frequently committed frauds are theft of office items, claiming extra hours worked, inflating expense accounts, and taking kickbacks from suppliers. • Women are more likely than men to report fraudulent activities. • Older employees were more likely to report fraudulent activities than younger employees. 13 Business Fraud Survey (2003) 1. Nearly 15 percent reported management misappropriation as the greatest fraud risk to their organization. 2. Sixty percent of the respondent reported their department’s fraud risk analysis process as being reactive in nature. 3. The majority of respondents (72 percent) reported that their organization did not have fraud detection and deterrence programs in place. 4. The majority of respondents (68 percent) reported that they never felt pressured to compromise the adherence to their organization’s standard of ethical conduct. 5. The majority of the respondents reported their organization’s external auditors as being ineffective in preventing and detecting fraud. 6. The majority of the respondents believed that more budgets should be devoted to fraud-related activities and training in department. 14 How Fraud Occurs Source: KPMG Fraud Study 15 Types of Fraud Source: KPMG Fraud Study 16 Certain Fraud is Increasing Source: KPMG Fraud Study 17 Occupational Fraud Re Industry Median Loss ($) Banking/ Financial Services 14.3% 258,000 Government/ Public Administration 11.5% 82,000 Manufacturing 9.7% 413,000 HealthCare 8.6% 160,000 Insurance 7.5% 100,000 Retail 7.2% 80,000 Education 7.0% 100,000 Service (General) 5.8% 163,000 Service (Professional, etc.) 5.6% 300,000 Construction 3.4% 500,000 Utilities 3.3% 124,000 Oil/ Gas 3.1% 154,000 Real Estate 2.9% 200,000 Wholesale trade 2.9% 1,000,000 18 COSO’s Most Common Fraud Methods 1. 2. 3. 4. 5. 6. 7. Overstatement of earnings. Fictitious earnings Understatement of expenses. Overstatement of assets. Understatement of allowances for accounts receivables. Overstatements of the value of inventories by not writing down the value of obsolete goods. Overstatement of property values and creation of fictitious assets. 19 COSO’s Major Motives for Fraud 1. 2. 3. 4. Cover up assets misappropriated for personal gain. Increase the stock price to increase the benefits of insider traders and to receive higher cash proceeds when issuing new securities. Obtain national stock exchange listing status or maintain minimum exchange listing requirements to avoid delisting. Avoiding a pretax loss and bolstering other financial results. 20 White-collar criminals have these characteristics: Likely to be married. Member of a church. Educated beyond high school. No arrest record. Age range from teens to over 60. Socially conforming. Employment tenure from 1 to 20 years. Acts alone 70% of the time. Source: Jack Robertson, Fraud Examination for Managers and Auditors (1997). 21 Other Characteristics of Occupational Fraudsters: Egotistical Inquisitive Risk taker Rule breaker Hard Worker Under stress Greedy Disgruntled or a complainer Big spender Overwhelming desire for personal gain Close relationship with vendors / suppliers Pressured to perform Financial need 22 How Fraud Is Detected 2006 2004 1. Tips 34.2% 39.6% 2. By accident 25.4% 21.3% 3. Internal audit 20.2% 23.8% 4. Internal controls 19.2% 18.4% 5. External audits 12.0% 10.9% 3.8% 0.9% Source: 2006/ 2004 Wells Reports, ACFE. 6. Notification by police 23 Sources of Tips 1. Employees 64.1% 2. Anonymous 18.1% 3. Customers 10.7% 4. Vendors 7.1% Source: 2006 Wells Report, ACFE. 24 Fraud Pyramid Don’t think you’re the only ones Who bend it, break it, stretch it some. We learn from you. Girls lie, too Terri Clark 25 Fraud Pyramid Motive Excessive spending to keep up appearances of wealth. Other, outside business financial strains. An illicit romantic relationship. Alcohol, drug or gambling abuse problems. Opportunity Lack of internal controls. Perception of detection = proactive preventative measure. Rationalization (reduces offender’s inhibitions) “Borrowing” money temporarily. Justifying the theft out of a sense of being underpaid. (“I was only taking what was mine.”) Depersonalizing the victim of the theft. (I wasn’t stealing from my boss; I was stealing from the company.”) 26 Anti-Fraud Strategy The company’s stance on fraud and other breaches of the ethical code. What will be done and by whom in the case that frauds or other breaches are suspected. The key initiatives which the company proposes; Who will lead these initiatives. Clear deadlines and measures for monitoring effectiveness of implementation. Source: David Davies, Fraud Watch, Watch, 2nd Edition., London, ABG Professional Information, 2000, p. 77. 27 Several Strategies 1. Establishment of responsible corporate governance, a vigilant board of directors and audit committees, diligent management, and adequate and effective internal audit functions. 2. Utilization of an alert, skeptical external audit function, responsible legal counsel, adequate and effective internal control structure, and external regulatory procedures. 3. Implementation of appropriate corporate strategies for correction of the committed financial statement fraud, elimination of the probability of its future occurrences, and restoration of confidence in the financial reporting process. 4. Financial statement fraud occurs when one or a combination of these strategies are relaxed due to self-interest, lack of due diligence, pressure, over-reliance, or lack of dedication. 28 Source: Crumbley, Razaee, Ziegenfuss, U.S. Master Auditing Guide, Chicago, CCH, pp. COSO CUBE (5 components of internal controls) 29 The COSO Model Control environment – management’s attitude toward controls, or the “tone at the top.” Risk assessment – management’s assessment of the factors that could prevent the organization from meeting its objectives. Control activities – specific policies and procedures that provide a reasonable assurance that the organization will meet its objectives. The control activities should address the risks identified by management in its risk assessment. Information and communication – system that allows management to evaluate progress toward meeting the organization’s objectives. Monitoring – continuous monitoring of the internal control process with appropriate modification made as deemed necessary. www.erm.cosous.org 30 COSO New Cube: Enterprise Risk Management Source: erm.coso.org. See Apostolou and Crumbley, “ Sarbanes-Oxley Fall-out Leads to Auditing Standards No. 2: Importance of Internal Controls,” The Value Examiner, November/December 2004, pp. 55-60. 31 Management Control Philosophy Fraudulent Financial Reporting more likely to occur if Firm has a poor management control philosophy. Weak control structures. Strong motive for engaging in financial statement fraud. Poor management philosophy: Large numbers of related party transactions. Continuing presence of the firm’s founder. Absence of a long-term institutional investor. Source: Paul Dunn “Aspect of Management Control Philosophy that contributes to fraudulent Financial Reporting,” Reporting,” Journal of Forensic 32 CONTROL ACTIVITIES Segregation of Accounting Duties Effective segregation of accounting duties is achieved when the following functions are separated: Authorization—approving transactions and decisions. Recording—Preparing source documents; maintaining journals, ledgers, or other files; preparing reconciliations; and preparing performance reports. Custody—Handling cash, maintaining an inventory storeroom, receiving incoming customer checks, writing checks on the organization’s bank account. If any two of the preceding functions are the responsibility of one person, then problems can arise. 33 CONTROL ACTIVITIES • • • • CUSTODIAL FUNCTIONS Handling cash Handling inventories, tools, or fixed assets Writing checks Receiving checks in mail • • • • • RECORDING FUNCTIONS Preparing source documents Maintaining journals, ledgers, or other files Preparing reconciliations Preparing performance reports AUTHORIZATION FUNCTIONS Authorization of transactions 34 Risk Assessment Benefits A major step in a forensic audit is to conduct a risk assessment, which entails a comprehensive review and analysis of program operations in order to determine where risks exists and what those risks are. Any operation developed during the risk assessment process provides the foundation or basis upon which management can determine the nature and type of corrective actions needed. A risk assessment helps an auditor to target high-risk areas where the greatest vulnerabilities exist and develop recommendations to strength internal controls Source: B.l. Derby, “Data Mining for Improper Payments,” Journal of Government Management, Winter 2003, Vol.52, No. 4, pp. 10-13. 35 Fraud Risk-Assessment Process 1. Organize the assessment – integrate into organization’s existing business cycle or establish a separate cycle. 2. Determine areas to assess – conduct at company wide, business-unit, and significant-account levels. 3. Identify potential schemes and scenarios – typically affecting the industry or locations. Fraudulent financial reporting. Misappropriation of assets. Expenditures and liabilities for an improper purpose (cash kickbacks and corruption). Organization commits a fraud against employees or third parties. Tax fraud. Financial misconduct by senior management. 36 Fraud Risk-Assessment Process 4. Assess likelihood of fraud Remote Reasonably possible Probable 5. Assess significance of risk Inconsequential More than inconsequential Material 6. Link antifraud controls – identify the control activities for fraud risks that are both more than likely to occur and more than inconsequential in amount. 7. Apply assessment results to the audit plan – consider and document the results of the fraud assessment when developing the audit plan. 37 GAP Analysis Actual Internal Controls Organization’s Stated Internal Controls Best Practice Internal Controls 38 Types of Fraud Unlike errors, fraud is intentional and most often involves deliberate concealment of facts by management, employees, or third parties Fraudulent Financial Reporting: does not follow GAAP (e.g., recording fictitious sales) Misappropriation of Assets: embezzling receipts, stealing assets, or causing an entity to pay for goods or services that have not been received. Often accomplished by false or misleading records or documents, possibly created by circumventing internal controls. 39 Steps Toward Forensic Audit Traditional audit [forensic techniques & fraud prevention program]. If suspect fraud, bring in-house forensic talent into the audit. If no in-house talent or fraud complex, engage an outside forensic accountant (e.g., Cr.FA, CFFA, or CFD). As audit moves toward forensic investigation, auditor must comply with litigation services standards (consulting). 40 Types of Forensic Engagements Determine if fraud is occurring. Support criminal or civil action against dishonest individuals. Form a basis for terminating a dishonest employee. Support an insurance claim. Support defense of an accused employee. Determine whether assets or income were hidden by a party to a legal proceeding (such as a bankruptcy or divorce). Identify internal controls to prevent it from happening again. Source: D.R. Carmichael, et. al, Fraud Detection, 5th, Fort Worth: Practitioners Publishing, 2002, p. 2 – 4. 41 Two Major Types of Fraud Investigations Reactive: Some reason to suspect fraud, or occurs after a significant loss. Proactive: First, preventive approach as a result of normal operations (e.g., review of internal controls or identify areas of fraud exposure). There is no reason to suspect fraud. Second, to detect indiciate of fraud. Source: H.R. Davia, “ Fraud Specific Auditing,” Journal of Forensic Accounting, Vol. 111, 2002, pp. 111-120 42 Proactive vs. Reactive Approaches Proactive approaches include Effective internal controls, Financial and operational audits, Intelligence gathering, Logging of exceptions, and Reviewing variances. Reactive detection techniques include Investigating complaints and allegations, Intuition, and Suspicion. 43 Proactive Is Best When the IRS began requiring banks to issue Form 1099s reporting interest, the reported interest income increased by $8 billion (even though for 3 years the IRS did not have computer matching capacity). When the IRS began to require taxpayers to list a social security number for dependents, the next year the number of reported dependents dropped by seven million. More than 11,000 of these taxpayers claimed seven or more dependents in 1986, but they claimed none in 1987. When the IRS began to require taxpayers to list a name, address, and social security number for babysitters, two years later 2.6 million babysitters disappeared. 44 Is Agency Proactive? Fraud hotline (reduce fraud losses by 50% re Wells 2002 Report). Suggestion boxes. Make everyone take vacations. People at top must set ethical tone. Widely known code of conduct. Check those employee references. Reconcile all bank statements. Count the cash twice in the same day. Unannounced inventory counts. Fraud risk assessment (CFD). 45 Some Hints Need to really understand the business unit. What they really do. Have a mandatory vacation policy. Rotation of assignments. Have a written/signed ethics policy. Do things differently each time you audit a unit. Do not tell client what you are doing. Hard to find fraud in the books. Look/listen. Look for life style changes. Do not rely on internal controls to deter fraud. Auditors must have control of the confirmation process. Careful of related parties. Careful of “trusted” employees. 46 Fraud Deterrence Review Analysis of selected records and operating statistics. Identify operating and control weaknesses. Proactively identify the control structure in place to help prevent fraud and operate efficiently. Not an audit; does not express an opinion as to financial statements. May not find all fraud especially where two or more people secretively agree to purposely deceive with false statements or by falsifying documents. [Always get a comprehensive, signed engagement letter defining objectives.] 47 Fraud Detection Process Discuss facts and objectives with client/attorney (e.g., conflict of interests). Evaluation whether to accept the engagement. Prepare a work program. Develop time and fee schedule. Obtain approval of work program, staff assignments, and fee estimates. Obtain an engagement letter. Identify fraud exposures and symptoms. Evaluate evidence obtained and determine if more Evidence is needed. Search for and evaluate additional evidence. Discuss preliminary findings with client/attorney. Draft a final report. Review the report and work papers. Resolve professional disputes. Clear review points and open items. Communicate report or findings. Help attorney prepare court case/testify. Perform follow-up procedure. File work papers/report. 48 Fraud Hypothesis Testing Approach Here a forensic accountant attempts to pro-actively detect fraud that is still undiscovered by formulating and testing null hypotheses. This proactive technique requires an forensic investigator to: 1. Identify the frauds that may exist in a particular situation. 2.Formulate null hypotheses stating that the frauds do not exist. 3.Identify the red flags that each of the frauds would create. 4.Design customized queries to search for the specific red flags or combination of red flags. C.C. Albercht, W.S. Albercht, and J.G. Dunn, “Conducting a Pro-Active Fraud Audit: A Case Study,” Journal of Forensic Accounting, Vol. 11, 2000, pp. 203-218 49 Measures Helpful in Preventing Fraud 1. 2. 3. 4. 5. 6. 7. 8. 9. Strong Internal Controls (3.66) Willingness of companies to prosecute (3.44) Regular fraud audit (3.40) Fraud training for auditors (3.33) Anonymous fraud reporting mechanisms (3.27) Background checks of new employees (3.25) Established fraud policies (3.12) Ethical training for employees (2.96) Workplace surveillance (2.89) Source: 2004 Wells Report 50 Seven Investigative Techniques 1. 2. 3. 4. 5. 6. 7. Public document review and background investigation (non-financial documents). Interviews of knowledgeable persons. Confidential sources. Laboratory analysis of physical and electronic evidence. Physical and electronic surveillance. Undercover operations. Analysis of financial transactions. Source: R.A. Nossen, The Detection, Investigation and Prosecution of Financial Crimes, Thoth Books, 1993. 51 Investigative Techniques Public Document Review Real and personal property records. Corporate and partnership records. Civil and criminal records. Stock trading activities. Check vendors. Laboratory Analysis Analyzing fingerprints. Forged signatures. Fictitious or altered documents. Mirror imaging or copying hard drives/company servers. Use clear cellophane bags for paper documents. 52 When Fraud Is Discovered 1. 2. 3. 4. Notify management or the board when the incidence of significant fraud has been established to a reasonable certainty. If the results of a fraud investigation indicate that previously undiscovered fraud materially adversely affected previous financial statements, for one or more years, the internal auditor should inform appropriate management and the audit committee of the board of directors of the discovery. A written report should include all findings, conclusions, recommendations, and corrective actions taken. A draft of the written report should be submitted to legal counsel for review, especially where the internal auditor chooses to invoke client privilege. 53 Using Technology to Gather Evidence Drill-down functionality Electronic imaging Benford’s law Digital Analysis Tests and Statistics (DATAS) Data warehousing/mining Inductive vs. deductive method 54 Data Analysis vs.Data Mining Software ACL, IDEA, and SAS are data analysis (DA) software used to ensure the integrity of data, to program continuous monitoring, and to detect fraudulent transactions. DA requires a program to be set up and run against the data. The program is written by auditors (i. e., humans) who may be prejudice in the routines that are executed. Data Mining finds patterns and subtle relationships in data. Wiz Rule (from WizSoft, Inc.) and IBM’s Intelligent Miner are data mining software. 55 Using Data Mining Match employee addresses against vendor addresses. Sort vendor list by size to determine the most highly paid suppliers. Review the structure of vendor names. Uncover indications of ghost employees (e.g., N.O. Police dept.). Fraudulent expense reports (even amounts, $6). Repeated withdrawals of even amounts from petty cash. 56 Computer Forensics “I need you to step away from your computer please,” Lee Altschuler said. Morgan Fay’s chief financial officer glanced up from her computer screen. She regarded the man standing at her office doorway for a moment. “Excuse me?” Cindy Shalott asked. “We’d like you to please conclude your business for the day.” Lee Altschuler said. “I’d appreciate it if you could complete whatever you’re doing as quickly as you can. Please leave your computer in the way that it is now. Don’t turn it off.” The chief financial officer swung her desk chair around. “Just move away from your computer please,” Altschuler repeated. “Who are you?” Cindy Shalott asked. 57 Types of Misappropriations Embezzlement Cash and check schemes Larceny of cash Skimming Swapping checks for cash Check tampering Kiting Credit card refund and cancellation schemes Accounts receivable fraud Lapping Fictitious receivables Borrowing against accounts receivable Inventory fraud Stealing inventory Short shipments with full prices Fictitious disbursements Doctored sales figures Sham payments Price manipulations: land flipping, pump and dump, and cyber-smearing Money laundering Bid rigging 58 Preventive Measures Segregation of duties, mandatory vacations, and rotation of duties help prevent cash larceny. Review and analyze each journal entry to the cash account. Two windows at drive-through restaurants. Signs: Free meal if no receipt. Blank checks and the automatic check signing machine should be kept in a safe place from employees. Pre-numbered checks should be logged and restricted to one responsible employee. Require two signatures on cashier checks. 59 Some Employee Schemes (contd …) Kiting: building up balances in bank accounts based upon floating checks drawn against similar accounts in other banks. Wire transferring makes kiting easier. Auditing Suggestions Look for frequent deposits and checks in the same amount. Large deposits on Fridays. Short time lag between deposits/withdrawals. Bank reconciliation audit [cut-off bank statement]. 60 Some Employee Schemes (contd …) Cut-off Bank Statement Shorter period of time (10-20 days). Bank statement sent directly to fraud auditors. Compare the cancelled checks, etc. with the cutoff bank statement. Helpful for finding kiting and lapping. 61 Lapping Lapping Recording of payment on a customer’s account some time after receipt of payment. Later covered with receipt from another customer (robbing Peter to pay Paul). Lapping is more successful where one employee has both custody of cash and record keeping responsibility. 62 Warning Signs of Lapping • Increase in complaints. • Excessive billing errors. • Delays in posting customer payments. • Trend of decreasing accounts receivable payments. • Accounts receivable details do not agree with the general ledger. 63 Lapping (cont.) Audit Steps Independently verifying customers who do not pay. Reviewing write-offs. Reviewing customers’ complaints. Compare the checks on a sample of deposit slips to the details of the customers’ credits that are listed on the day’s posting to the customer’s account receivables. Closely monitor aging accounts. 64 Inventory Inventory Fraud Stealing inventory/supplies for personal use or for sale at flea markets/garage sales. Kickback schemes (vendor/supplier and an employee). Sale of unreported inventory at inflated prices. Audit Steps for Inventory Fraud Use renumbered inventory tags matched to count sheets; use count procedures for work-in-progress items; separate duties between purchasing and logging receipts of shipments Check for same vendors. Prices higher than other vendors. Purchasing agent does not take vacation. Only photocopies of invoices are available. Aging of inventory. Inventory turnover 65 Source Documents Fraud Symptoms Photocopies of missing documents. Counterfeit/false documents. Excessive voids/credits. Second endorsements. Duplicate payments. Large numbers of reconciling items. Older items on bank reconciliations. Ghost employees. Lost register tapes. Number of round numbers. Too many beginning 9’s. 66 Journal Entries Fraud Symptoms Out-of-balance. Lacking supporting documents. Unexplained adjustments. Unusual/numerous entries at end of period. Written entries in computer environment. Number of round numbers. Too many beginning 9’s. 67 Ledger Fraud Symptoms Underlying assets disagree. Subsidiary ledger different than general ledger. 68 Payroll Payroll Schemes Ghost Employee: A person on the payroll who does not work for that company. False Workers’ Compensation claims: Fake injury to collect disability payments. Commission schemes: Falsify amount of sales or the commission rate. Falsify hours and salary: Exaggerate the time one works or adjusts own salary. 69 Some Employee Schemes (contd …) Fictitious Disbursements Multiple payments to same payee. Multiple payees for the same product or service. Inflated invoices. Shell companies and/or fictitious persons. Bogus claims (e.g., health care fraud and insurance claims). Overstate refunds or bogus refunds at cash register. Many fictitious expense schemes (e.g., meals, mileage, sharing taxi, claiming business expenses never taken). Duplicate reimbursements. Overpayment of wages. 70 Some Employee Schemes (contd …) Other Fraud Schemes Stealing inventory/scrap. Stealing property. Theft of proprietary assets. Personal use of assets. Shoplifting. False down grading of products. A land flip involves a situation where a company decides to purchase land for a project. A person or group will find the land and buy it under a front name or company. The fraudster then increases the price of the land before selling it to the company. Money laundering is the use of techniques to take money that comes from one source, hide that source, and make the funds available in another setting so that the funds can be used without incurring legal restrictions or penalties. 71 Forensic Auditing Steps Count the Petty Cash Twice in a Day Investigate Suppliers (Vendors) Investigate Customers’ Complaints Examine Endorsements on Canceled Checks Add Up the Accounts Receivable Subsidiary Audit General Journal Entries Match Payroll to Life and Medical Insurance Deductions Source: Jack C. Robertson, Fraud Examination for Managers and Auditors, Austin, TX: Viesca Books, 2000, pp. 213-216. 72 Forensic Auditing Steps (contd …) Match Payroll to Social Security Numbers Match Payroll with Addresses Retrieve Customer’s Checks Use Marked Coins and Currency Measure Deposit Lag Time Document Examination Inquiry, Ask Questions Covert Surveillance Source: Jack C. Robertson, Fraud Examination for Managers and Auditors, Austin, TX: Viesca Books, 2000, pp. 213-216. 73 Some Contract/ Procurement Frauds 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Bribes and kickbacks. Bid rigging. Defective pricing. Phantom vendors [www.picalo.org]. Product substitution. Conflict of interests. False claims. Cost mischarging. Contract specification failures. Duplicate, false, or inflated invoices. Split purchases. Unnecessary purchases. Defective delivery. 74 Types of Bid Rigging 1. 2. 3. 4. 5. 6. Collective bidding. Exclusive bidders. Change order requests. Manipulation of bids. Leaking bid information. Unbalanced bidding. 75 Some Bribery Red Flags Lack of standard invoices. Requests for fund to be routed to a foreign bank. Requests for checks made payable to “cash” or to “the bearer.” Commission substantially higher than going rate. Requests for a large line of credit from a customer. Insistence by a government official that a certain third-party agent or supplier be used. Lack of staff or facilities to actually perform the service. Request by a local agent for a rate increase in the middle of negotiations. Suggested need to utilize more than one local agent. Source: M. T. Biegelman and J. T. Bartow, Executive Roadmap to Fraud Prevention and Internal Controls, John Wiley, 2006, pp. 325-326. 76 Red Flags for Phantom Vendors Invoices for unspecified consulting or other poorly defined services. Unfamiliar vendors. Vendors that have only a post-office-box address. Vendors with company names consisting only of initials. Many such companies are legitimate, but crooks commonly use this naming convention. Rapidly increasing purchases from one vendor. Vendor billings more than once a month. Vendor addresses that match employee addresses. Large billings broken into multiple smaller invoices, each of which is for an amount that will not attract attention. Source: J. T. Wells, “Billing Schemes Part I: Shell Companies That Don’t Deliver,” Journal of Accountancy, July, 2002. 77 Preventing Procurement Fraud 1. 2. 3. 4. 5. 6. Create an Approved Vendor List. Separate job responsibilities. Look for clues. Establish a hot-line for whistle-blowers. Do the parking-lot test. Get insurance. Baseline, “Six Steps to Prevent Procurement Fraud,” Fraud,” June 6, 2006, 78 Some Lying Signs Covering mouth with hand. Rubbing nose. Frequent blinking. Biting lip. Moving or tapping foot. Crossing arms. Leaning forward. Handling objects (e.g., pencil, pen). Avoiding eye contact or averting eyes. Clearing the throat. Closing and opening coat. Picking at lint on clothing. Playing with collar. Moving away. Shrug gestures. Slow response. Higher pitch. Long answer. Gap between words becomes longer. NonNon-words such as uh. Source: “Lying 101: There May Be Nonverbal Indicators of Lying,” 79 Deception Indicators Dryness of mouth 2. Restlessness A. Frequent changes in position B. Tapping of feet C. Fidgeting D. Gripping arms of the chair E. Elbows held close to the body F. Running hands through the hair G. Chewing of fingernails, pencils, or other objects 3. Excessive sweating 4. Pulsation of the carotid artery 5. Pallor, flushing, or change in complexion, color 6. Excessive swallowing 7. Avoiding direct gaze 8. Appearance of being disturbed and/or very tense 9. Audible turbulence in the stomach. Don Rabon, Interviewing and Interrogation, Durham: Carolina Academic Press, 1992, p.139. 1. 80 Some Forensic Accounting Tools Chain of Custody. Questioned Documents. Continuous Monitoring Timeline Analysis. Tracing Schedule. Link Analysis. Invigilation. Genogram. Proof of Cash. Entity Charts. Full - and False – Inclusion Tools. 81 Chain of Custody Just as in the movies or on a television show such as CSI, forensic accountants must safeguard evidence through a financial chain of evidence. There must be a way to show that the evidence has not been tampered with or damaged. If documents are seized, the forensic accountant should put his or her initials and date of the seizure on the back of each document. Or put the document in a transparent envelope and write a description on the envelope. Store the original and work only with a copy. 82 Enforcement Manual Enforcement Manual History and Custody of Documents U.S. Department Department of Labor Pension and Welfare Benefits Administration Date _______________________________ _______________________________ Case Number________________________ Case Name __________________________ 22. How were the documents obtained? By consent (note any significant comments of the principal or third third party witness and any unusual circumstances which occurred)? By legal process (describe). 2. What is the relationship between the documents and the person submitting submitting them? 22. Were manual transcripts or facsimile copies made of any of the documents either in whole or in part?. ______ Yes ______No If Yes, list documents copies. Manner of reproduction 22. Have all copies been compared with the original documents documents and identified? _____Yes _____No If No, why not? 22. Were the original documents described herein under your control or supervision at all times prior to their return to the principal, third party witness, or representative? _____Yes _____No If No, set forth circumstances of any transfer in control. control. 22. Did the principal, third party witness, or a representative request access to the documents during your custody? ___ Yes ___ No If Yes, who requested access and what action was taken? Signature ___________________ Title ________________________ 83 Questioned Documents Invoices and other documents may be fake or altered when Font sizes or types are not consistent No address is shown for the vendor or customer; this situation is especially suspicious if a vendor has not identified an address to which a check can be sent. The document has no identifying numbers such as invoice number, purchase order number, or customer number. All invoice numbers – on invoices from vendors – are numbered sequentially, with no numbers skipped. No tax is shown for taxable items. No shipping or freight cost is shown for items that would have been shipped at the purchaser’s expense. Little or no detail is provided on the invoice or document. 84 A Stamp Perforation match Paper shreds demonstrating different optical properties under ambient and specialized lighting Inks of different intensities used on the same document 85 Continuous Monitoring • Correlation is well suited to environments where there are (a) a large number of audit units (departments, divisions, franchisees, or customers, etc.), (b) a series of time-stamped revenues, expenses or loss amounts, and (c) the goal of developing a formal process to compare each audit unit against a valid benchmark. • Correlation and time-series analysis are techniques that could be used by forensic accountants in a monitoring role to find evidence of intentional or unintentional errors in situations where there are many audit units. • The techniques could be used to proactively search for errors without any preconceived belief as to their existence, magnitude, or pervasiveness, or where the forensic accountant seeks to provide additional evidence showing that such errors occurred after the errors were detected using some other detection method. • If intentional errors were discovered using other methods of discovery, then the techniques could be used by the forensic accountant to show that the revenue or expenditure or loss streams of an audit unit differed significantly from a valid benchmark. 86 Continuous Monitoring • Management engages an independent outside supplier to install and manage software to continuously analyze every transaction within business applications to detect improper activities and anomalies that indicate errors, control overrides, and fraud [Oversight Systems]. • The software sorts incidents into errors, misuse, and fraud (a detective control). • Suspicious transactions can be identified and categorized for future follow-up. • Flag items such as manual income-increasing adjustments, adjustments made late in the year, large dollar amounts. • Large companies with revenues over $1 billion. • Over the course of a year monitoring each module (e.g., A/P, Sales, G/L) is designed to cost approximately the amount the company would pay for one fulltime internal auditor per module. • One company saved $2 million of external auditing fees for using C/M in the 404 area. 87 Timeline Analysis Timeline analysis (TA) may be used to show the chronology of a dispute, and certain software tools can prepare trial exhibits. Investigative analysis software can show all detail from the beginning of the event until the apprehension of the target. TA helps forensic accountants communicate the timing of case related events and summarizes the investigation. Each link of the timeline chart includes a reference to a source or a direct link to a database. An insurance fraud scheme timeline from i2 Inc is shown in the next Table: 88 Tracing Schedule A tracing schedule can be used to show the flow of funds from bank-to-bank, from bank-to-entity, from entity-to-entity, or from person-to-person. A tracing schedule is helpful in money laundering cases. 89 Link Analysis Link analysis (LA) is a subset of network analysis which shows associations between people and data. For example, a link analysis could compare the mailing addresses of company executives and the cell phone numbers that they have dialed during a given time frame. LA provides crucial relationships between many objects of different types that are not apparent from isolated pieces of data. Table below is an example of LA with respect to the primary suspect, David Hoover. 90 Table On Link Analysis 91 Invigilation Invigilation is a rather expensive investigating technique that can be used in potential fraud situations to discover the fraud and can later be used in the courtroom. Here detailed records are kept before and after the invigilation period to determine the amount of fraud. During the invigilation period strict controls are imposed (e.g., cameras) so that the fraud is virtually impossible. Or the invigilation period could be while the suspect is on vacation. 92 Invigilation Technique No controls 14 days Controls or vacation 14 days No controls 14 days $67,000 lost $0 lost $62,000 lost 93 Genogram 94 Proof of Cash The proof of cash procedure is similar to a bank reconciliation, except more detailed and extensive. This procedure can be used to verify that cash accounts on the books are in agreement with the cash transactions recorded by the bank. The Wyoming Department of Audit’s proof is shown as Table 5.2. 95 Table 5.2 96 Entity Charts Entity charts show entities and owners with the relationship between them. The charts can show how income and assets are diverted, particularly among seemingly unrelated parties and entities. Microsoft Excel drawing tools may be used to prepare entity charts. For example, an entity chart could show the creation date of off-shore bank accounts and the subsequent decrease in the target’s U.S. bank accounts. Or identification of other unrelated parties may suggest additional investigation is needed. 97 Full – and – False Inclusion Tests These tests are used to ascertain the proper universe of data under investigation, so that no appropriate data is excluded and no extraneous data is included. Full-and-false inclusion tests may be helpful for finding hidden assets. 98 Termites, Rust, and Fraud • Just as termites never sleep, fraud never sleeps. • Just like termites, fraud can destroy the foundation of an entity. ------------------------------------------------------ Like rust, fraud never sleeps. 99 The End Is Here THANK YOU FOR YOUR ATTENTION 100
