Year 17 – 2004 – Part 2 – Construction

From time to time I was lucky enough to get to do some consulting work.  These were usually fairly large audits, involving a number of external experts.  As the “data guy” I was often given very little time to perform the required analysis.  On such audit was a review of the costs for a major construction project.  The audit team did not have all of the necessary expertise and had hired experts in project management, construction, and data analysis (me).  It was interesting to work with experts from outside of audit and in an area that I did not have a lot of expertise (construction).

The audit was requested by senior management.  Management was concerned because they knew that the manager responsible for a major, multi-phased, construction project would have a great deal of influence over the contractors.  It was early in the construction project and millions of dollars worth of contracts were still up for grabs.  Management felt that this put the project manager in a position where he could request “favors” from the contractors in exchange for the promise of future contracts.  They also knew that the company did not have a lot of experience in managing construction projects.  For these reasons they requested that audit perform a multi-phased review of the project – starting with the controls over the project management office.

It was not a surprise to anyone when the auditors determined that the project manager had arranged for one of the contractors to do work on his house, and bill the cost to the company.  But, the audit director was curious about how the auditors had found the fraud so quickly.  They had only been at the construction site for three days, and had already uncovered more problems than any other audit team had found in audits lasting months or longer.

Continue reading Year 17 – 2004 – Part 2 – Construction

Year 17 – 2004 – Part 1 – Direct Deposit

This was the year that I re-published my second book “Fraud Detection: A Revealing Look at Fraud (2004).  This dealt with obtaining, verifying and analyzing the data to support fraud prevention, detection and investigation.  However, it was also relevant to regular internal audit analyses.

I thought I would do something a little different this week – so here is a fraud analysis story.  It is based on an actual fraud analysis that I performed.  In telling this story over the years, I have had a number of people tell me that their company had experienced a similar type of fraud.  Which raises the question: “Why do companies so often ignore basic controls like separation of duties?”

Direct Deposit – Bill was not happy when he returned from the quarterly management meeting and Tom wondered why.  Bill explained a fraud that had been discovered – but not by internal audit.

“It went like this,” said Bill, “you know how we employ a lot of casual workers – people who may show up for anywhere from 1 day to 6 months.  Well it seems that an 8-month investigation in the payroll area has determined that the person in charge of keeping the attendance records has been committing fraud.”

“Wait a second’, exclaimed Tom, “we haven’t been conducting an investigation”.

Bill shook his head, “that is part of the reason why I am so upset.  First there was a fraud, and second we weren’t even notified – contrary to what the corporate fraud policy states, I might add.”

The supervisor of the payroll section noticed a weakness in the system.  Even though the casual workers were not around for long, everyone was paid by direct deposit.  This procedure was put into place when a fraud involving payroll checks was discovered a few years back.  The weakness was two-fold – first, the payroll supervisor was responsible for the sign-in sheet.  Every time a casual employee reported to work, they signed in and recorded their hours.  The second weakness was the fact that the same supervisor was responsible for the entry and update of the basic employee data, including the direct deposit number.  Seems that, upon learning that a casual employee was not planning on returning to work, the supervisor would continue to record their attendance, but would change the direct deposit number to a bank account that he controlled.

“Nice scheme”, responded Tom.  “I presume he kept his extra earning down to a minimum amount.”

“Sure,” said Bill.  “He never kept anyone on for more than 20-30 hours, but with so many casuals, he was clearing an extra week’s pay every week.”

The scheme was discovered when a casual worker received his income tax statement and compared it to his paychecks.  He called to talk to the supervisor, who just happened to be off sick that week.  A new employee, eager to impress her boss, researched the problem while the supervisor was off and discovered the fraud.

Now Tom was confused.  “It sounds pretty straightforward to me.  Why did it take eight months to investigate the fraud?”

Bill explained, “She called the police and they pulled all of the attendance sheets and copies of the bank statements.  Then they did a manual review – looking for the same direct deposit number turning up for more than one employee.  Seems that our payroll supervisor was not working alone, his girlfriend also had several checks deposited to her account.”

“Still – eight months?” cried Tom.

Bill laughed, “You’re right.  Since this was a white-collar crime, they only worked on it when there was a lull in other police work.  As a result, we lost even more money, and the payroll supervisor found out about the investigation and had time to make a run for it.”

“Well I guess we lost another one,” lamented Tom as he headed for the door.

“Get back in here – were not done with this yet,” said Bill.  “I want you to verify the police work – make sure they didn’t miss anything.  And I want it today!”

Using data analysis, all pay transactions for the last two years were examined – looking for all instances of the same direct deposit number being used by more than one employee.  While it did identify two cases where the husband and wife both worked for the company, it also identified four accounts that had been used to collect extra pay.

Bill smiled, “that is two more than the police found.”

“And it only took 45 minutes,” said Tom.

But still Bill wasn’t happy – something was nagging at him.  Tom was just about to ask what the problem was when Bill shook his head and exclaimed “Boy, am I a fool”.

Tom bit his tongue and did not reply “Yes, but why do you ask?”

Instead he waited for Bill to continue. “I wasn’t happy when I heard that the police had conducted a manual investigation.  I knew that matching direct deposit number to employee was much easier for a computer.  But there was more to it than that – I just didn’t realize it until now.”

Tom couldn’t wait any longer, “What?” he said.

Bill just looked at him and replied, “Run the analysis for all of our payroll sections across the country.  If it is happening here, I’ll bet my last dollar it happening elsewhere.”

Tom walked into Bill’s office two months later and said, “That clears up our payroll fraud case.”

“What was the final result?” inquired Bill.

“Well, we recovered close to $209,000 and are prosecuting four people – the criminal cases look promising.” replied Tom.  Bill waited.  “Oh ya, and we fixed the control weakness too.”

Finally, Bill was pleased; the data analysis had taken less than two days to complete, was instrumental in proving the case in court, and had been easy to do.  But most of all, the direct deposit fraud had been properly and thoroughly dealt with.


 Lessons Learned:  1. The police don’t always place the same priority on a fraud investigation as you might like.  2. Fixing one control weakness may create another – it is important to review all controls when making changes to procedures.  3. Data analysis is often the ideal way to find evidence of fraud.        4. Once you have found a fraud and understand the control weaknesses exploited, look for additional cases of fraud.

Year 16 – 2003 – Recruitment Process

People, even those that perform analytics, often think that data analysis can only be applied to financial-type audits.  I have tried to highlight other types of audits where analytics played a significant role including transportation, inventory, and hazardous materials (environmental).   In that vein, I offer you analysis that was part of an HR recruitment audit.

he organization was an international/national police force.  Like many police forces, it needed a fairly continuous flow of recruits.  The problem with this agency was that the recruitment process – which leads to a six month training program – was overly long. In fact it was 18-22 months from the time a potential recruit entered the process until they were offered begin the training program.  During this time, they were not paid, and, as a result, many suitable recruits exited the recruitment process because they found other jobs.

Working with the HR section, the auditors determined that they were 36 separate steps in the recruitment process.  Some were fair minor – like completing an application form – while other were more time consuming – like the security clearance process.  I was able to obtain the recruitment data for the past 3 years.  The data contained the start and end date for each step for each recruit.  In reviewing the recruitment data I was able to determine that the steps were done in series – not in parallel.  This meant that before a recruit could enter step “n”, step “n-1” had to be completed.  Our first recommendation was to change the process to permit steps to be done in parallel.  For example, rather than waiting for the results of the written test (which could take up to two weeks), recruits could start on the physical test phase.

Continue reading Year 16 – 2003 – Recruitment Process

Year 16 – 2003 – Accounts Receivable

It was beginning to almost become routine – get data, perform analysis, identify significant results, make recommendations and, often, transfer the analysis jobs to management for continuous monitoring.  This doesn’t mean that there were problems: obtaining the data, persuading audit teams to use analysis, and sometimes convincing management to address the control problems.  It was a challenge and it kept the job interesting.

I was also performing consulting from time to time.  This year I was asked to assist an audit team in a retail company with branches across the country.  The company was having cash flow problems and the Vice President of Finance had questions about the efficiency of the accounts receivable department. I explained that an aging of the A/R transactions in ACL would quickly identify all invoices that were past the due date by 30, 60, 90 days, or any cut-off point he chose to specify.  We performed that analysis and confirmed the Vice President’s concerns, but the team leader decided to take the analysis a step further and calculate the average time each account was past due for each branch office.  Again, this was easy to do using the break field on the AGE command. In addition, he calculated the carrying cost associated with borrowing money to finance the shortfall in revenues.

Continue reading Year 16 – 2003 – Accounts Receivable