FRAUD MAGAZINE JAN/FEB 2009 ARTICLE: MODELING THE PROCESS OF FRAUD MODELING A FRAUD EXAMINATION
THE HOW, WHEN, AND WHAT TO PROBE Here’s a step-by-step blueprint – a review for CFEs and a primer for students – to evaluate possible fraud. This system helps you answer such questions as: Does a fraud exist? How many perpetrators are involved? Is the evidence convincing? Is the case worth pursuing or should I quit? By Dimiter Petrov Dinev, Ph.D., CFE When in the history of fighting crime has a concept grown as fast or risen to such prominence as fraud detection? In less than two decades, the system of fraud detection has become a global phenomenon. And the professionals who practice it are viewed as highly respected crime fighters. (See the sidebar, “The Brains Behind the Science,” on page XX.) Building on the broad base of theory and practice developed by esteemed criminologists, I’ve formulated a model called Dinev’s Compass for Fraud Detection® (see Exhibit 1 on page XX) to assist fraud examiners and students of the profession to better understand the process of fraud detection. For some, this will be a review and others, a basic primer. The model contains the elements that comprise a fraud examination and helps the fraud examiner make informed decisions at each step when he or she is faced with: •
understanding the types and schemes of fraud with their typical indicators and fraud exposures in the organization;
1
•
reviewing and analyzing the available evidence; and
•
deciding if to continue with an investigation and to take preventive measures; or canceling the process.
Exhibit 1: Dinev’s Compass for Fraud Detection®
The eight points on the compass are: 1. the fraud environment; 2. the types of fraud; 3. the execution of the fraud; 4. discovery; 5. preliminary evidence evaluation; 6. evidence collection; 7. accomplice identification; and 8. undiscovered fraud. 2
POINT 1: THE FRAUD ENVIRONMENT
We assess conditions that could lead to fraud in a business enterprise. Foremost, we must be alert to any patterns of unusual or illogical business practices because fraud is often difficult to spot and there are so many indicators of it. Certain red flags call for immediate scrutiny. Among them are: •
a sudden increase in expenditures;
•
missing or altered documents;
•
unexplained salary changes;
•
unusual wire transfers;
•
the nonsegregation of key employees’ duties (such as one person performing both check writing and bank statement reconciliation without any oversight);
•
the lack of audits or unannounced reviews of procedures and controls by independent parties; and
•
changes in the lifestyle or behavior of employees.
POINT 2: THE TYPES OF FRAUD
The trained fraud examiner identifies a type of fraud that could exist and determines if the fraud was committed in the past, is being committed at the present time, or might be committed in the future. The most common fraud perpetrated on a business is misappropriation of assets but, of course, there are many others. The fraud examiner looks for the various ways an employee could steal by embezzling or skimming the assets, taking bribes or illegal gifts for inappropriate actions, misstating financial statements and concealing the theft in the organization’s accounting 3
records, or by any one of the seemingly endless list of billing, check writing, and payroll schemes.
POINT 3: THE EXECUTION OF THE FRAUD
Every fraudster carries out four steps. Preparation and planning He or she identifies the organization’s internal control weaknesses and ponders if accomplices are necessary. Timing and concealment The fraud perpetrator must choose the right time to commit the fraud and the ways to hide it. The means and tools for concealment change over time depending not only on the available opportunities but also the fraudster’s skills and position in the managerial hierarchy of the organization. Document manipulation The fraudster falsifies or destroys original source documents and creates replacements such as invoices from fake companies. Profiting The fraudster, directly or indirectly, converts the funds or assets and uses the stolen money for personal benefit.
POINT 4: DISCOVERY
Someone detects the potential fraud indicator. The individual who most often warns about the unusual patterns or indicators is a co-worker, a manager, an internal auditor, an independent auditor, a consultant performing a due diligence engagement, or a bank 4
officer. The fraud examiner’s close inspection of the indicators increases the probability of a successful investigation. Proofs, sanctions, and legal prosecution will then follow. The ACFE’s “2008 Report to the Nation on Occupational Fraud and Abuse,” states that fraud discoveries were attributed to: tips (46.2 percent), accidental discovery (20.0 percent), internal audit (19.4 percent), internal controls (23.3 percent), external audit (9.1 percent), and police notifications (3.2 percent). Tipsters use anonymous telephone calls, letters, or e-mails to report fraud indicators. However, many individuals are reluctant to reveal their identities because they’re concerned for the safety of themselves and their families. Thus, many companies offer anonymous reporting hotlines that operate 24/7. An organization’s supervisors and managers are usually the first to be informed of fraud indicators. However, for fear of reprisals, they might not investigate further when the indicator involves supervisors and/or top managers in which possible colluding accomplices attempt to conceal the fraudulent activities. Organizations can solve this problem with adequate policies that protect whistle-blowers. External auditors, complying with the Sarbanes-Oxley Act, with the Statement on Auditing Standard No. 99 “Consideration of Fraud in a Financial Statement Audit,” and with International Standard on Auditing No. 240 “The Auditor’s Responsibility to Consider Fraud in an Audit of Financial Statements” are obliged to identify and report fraud indicators to authorized parties.
5
POINT 5: PRELIMINARY EVALUATION
At this stage, a fraud examiner analyzes available evidence and identifies the type of fraud or other irregularities that might have occurred and also determines the damages to the organization. This analysis pinpoints when the fraud began and if it’s ongoing. The fraud examiner has two obvious options after thoroughly investigating the initial evidence. One option is to suspend the process because the fraud examiner hasn’t found any irregularities. This decision is common because: 1) the authorized recipients of the fraud indicators’ report conclude that the evidence didn’t support the likelihood that a fraud existed; 2) the decision makers couldn’t find any fraud indicators and schemes; or 3) the organization and its top management wanted to protect its public image. The second option is to continue the process to determine if there’s enough further evidence to prove that fraud has occurred.
POINT 6: EVIDENCE COLLECTION AND EXPERT INVOLVEMENT
The continuing process requires engaging the proper experts: CFEs, internal or external auditors, law enforcement officers, and others. If an organization’s officials want to launch a professional approach to solving fraud and recover damages they should hire CFEs. CFEs’ and attorneys’ skills, direct and circumstantial evidence, testimonial evidence, and expert opinions are among factors that will substantially affect the final outcome of the legal process.
6
At this stage, the fraud examiner develops a hypothesis for the case. Selecting methods for fraud detection depends on both the specific indicators and the type of scheme involved. Decision makers should also consider the legal requirements for privacy, confidentiality, trade secrets, and, of course, the advice of legal counsel. For example, in an employee embezzlement case, the fraud examiner determines the attributes of the fraud, by asking who, what, when, where, and how, as well as with whom. Also, the fraud examination must disclose all the elements to meet the legal definition of fraud such as the fraud perpetrator, the intent, the fraudulent activities, the victim, and the amount of losses or damages to the organization. Fraud examiners should apply traditional methods combined with modern investigative methods and technologies such as specialized audit software, and Internet search engines for obtaining, collecting, and analyzing evidence. Fraud examiners must always comply with the principles and requirements of protecting the veracity of evidence gathered during the fraud examination. Obtaining, collecting, transferring, maintaining, and storing the evidence must be reliable and accepted by the courts. The evidence to be assembled includes original or certified copies of the source documents, interviews, and vendor and employee data. But in cases of bribery or kickbacks, documentary evidence often is impossible to obtain because individuals commit their crimes in secret. POINT 7: ACCOMPLICE IDENTIFICATION
The fraud examiner searches for evidence of accomplices that reveal any ring or collusion. 7
POINT 8: UNDISCOVERED FRAUD
There are no guarantees that a fraud will be recognized and detected. In some instances, a fraud exists, but no one has reported any indicator and there aren’t any tips or complaints. Of course, these are dangerous cases for any organization. The fraudster has worked hard to devise the scheme and presumes it won’t be discovered. He might destroy important records or refuse to cooperate and might act in collusion with other employees, his supervisors, or third parties outside the organization, which would make fraud detection unlikely. Therefore, companies should employ proactive methods for fraud detection when possible and cost effective.
DRIVERS IN A FRAUD CASE
Based on the elements in Dinev’s Compass, a fraud examiner can use the flow chart in Exhibit 2 (on page XX) to determine if a fraud exists. The fraud examiner might be called in at the start of the process or at a later point (see Step G2) when the victimized company decides it needs independent professional expertise. A fraud examiner logically works through Steps A to J2 to evaluate the circumstances of the case and then confirm or deny that the sum of indicators and evidence warrants a full-blown investigation. In the process, he or she selects the necessary methods and techniques to detect different types of occupational fraud and abuse such as bribes and kickbacks, conflicts of interest, bid rigging, misappropriation of assets, financial statement fraud, academic fraud, or one of many other fraud schemes.
8
A. Someone reports the fraud indicators?
Employee, manager, auditor, owner, bank official, police Missing or altered documents, lifestyle change, ineffective investment project, unusual wire transfers, course credits without examinations being taken in the academic area, etc.
B. The indicators are identified C. The discovery method been made?
Tip, complaint, by accident, internal controls, audit
D. The report recipient
Management, internal and/or external auditors, audit committee, owners, police
E. Analysis of the evidence
Type of fraud, damages, commitment phase
Yes
F. Decision to stop the process
G1. Stop the process of fraud detection
No Engage CFE, auditor, police, law enforcement
G2. Detection process continues H. Select Methods for Fraud Detection
Deductive, inductive, technology, hypotheses
I. Collect evidence J1. Fraud likelihood
J2. Initiate Fraud Investigation – who, when, how, where, with whom, loss amount etc.
No
Yes
Exhibit 2: Fraud DETECTION PROCESS Flowchart 9
KEEPING ONE STEP AHEAD
Fraud is an ever-growing and expanding blight infecting the global economy. As its perpetrators continue to devise ingenious schemes, CFEs and other fraud fighters are charged with acquiring new and effective methods to detect and prevent fraud. I hope Dinev’s Compass and the flowchart will be useful weapons in this fight. They are intended to help seasoned, novice, and budding fraud examiners combine pieces of the fraud examination puzzle to discover the big picture of the crime and save organizations from crushing costs and the drain of corporate fraud.
The author thanks Joseph T. Wells, CFE, CPA, the founder and Chairman of the ACFE, who he said inspired him to formulate the Dinev’s Compass for Fraud Detection model, and Joseph R. Dervaes, CFE, ACFE Fellow, CIA, who reviewed this article.
Dimiter Petrov Dinev, Ph.D., CFE, is an associate professor at the University of National & World Economy in Sofia, Bulgaria. His e-mail address is: dinevddc@hotmail.com.
SIDEBAR The Brains Behind the Methods The different categories and types of fraud and abuse are diverse in the theory and practice of the fraud examination. Several professionals, such as Joseph T. Wells, CFE, CPA; W. Steve Albrecht, Ph.D., CFE, CPA; Stephen M. Rosoff, Ph.D.; Henry N. Pontell, Ph.D.; Zabihollah Rezaee, CFE, CPA, CMA, CIA, CGFM, and others, have devised 10
useful classifications. Widely used models such as the Cressey’s Fraud Triangle and Albrecht’s Scale also highlight anti-fraud principles. Well-founded and methodologically correct, these classifications and models serve as a foundation not only for further theoretical research but also for practical application in the whole process of fraud deterrence, detection, and investigation. Recommended reading includes: “Corporate Fraud Handbook: Prevention and Detection,” by Wells (available in the ACFE Bookstore at www. ACFE.com) “Fraud Examination,” third edition, by Albrecht; Conan C. Albrecht, Ph.D., Chad O. Albrecht; and Mark F. Zimbelman, Ph.D., ACFE Educator Associate, published by Thomson South-Western in 2009; “Profit Without Honor: White-Collar Crime and the Looting of America,” fourth edition, by Rosoff, Pontell, and Robert Tillman, published by Prentice Hall in 2007; and “Financial Statement Fraud: Prevention and Detection,” by Rezaee, published by Wiley and Sons in 2002.
11