Year 29 – 2016 – Fraud

 Hidden Costs

The true cost of fraud is more than the total of the financial losses.  Stockholder confidence, employee morale and other intangible factors must be added to the monetary losses.  Most managers agree with this assessment; however management often encourages fraud by placing unrealistic goals on employees, or by disregarding the rules themselves.  Auditors must be aware of the pressures placed upon employees that may lead them to commit fraudulent activities.  In addition, the controls, to be effective, must apply to all employees and must be uniformly enforced.  Performance goals and objective should be attainable and adequately reviewed and monitored.

ACL, and other software, are powerful and flexible and can be used to run analyses to detect and even deter fraud.  However, no tool is more powerful than it users.  Auditors and fraud investigators, trained in the use of auditor software, innovative in their approach to the combating of fraud can make a difference.  The cost of fraud demands that we devote time, energy and resources to the battle.

Money Laundering Scheme

Regulations around anti-money laundering have increase, but it still happens.  Some of the larger schemes include the following:

Back in 2012, HSBC forfeited £1.2 billion for having inadequate money laundering controls. This followed a report published by the US Senate which alleged, amongst other things, that HSBC had:

  • supplied banking services and American dollars to some banks in Saudi Arabia in spite of their connections to terrorist financing
  • dodged restrictions created to prevent transactions involving Iran, North Korea and other countries subject to international sanctions
  • HSBC US didn’t treat its Mexican counterpart as high risk even though it has a problem with drug trafficking and money laundering.

In 2010 Wachovia paid federal authorities a total of £123.7 million for willingly failing to establish an adequate AML programme and subsequently allowing, from 2004 to 2007, the transfer of an estimated £292.5 billion into dollar accounts from money exchangers in Mexico that the bank did business with. This included nearly £10 million that went through correspondent banking accounts at Wachovia to buy aeroplanes to be used in the drugs trade – more than 20,000 kg of cocaine was seized from these planes.

Audit example:

Bill was suddenly a top salesman for the XYZ Insurance Company, selling more policies in a single month than had ever been achieved by a salesman in the company’s 20 year history.  In addition, few claims were being made against the policies he generated.  He easily met his targets and received the maximum bonuses, plus incentives such as trips and merchandise.  Until the story broke in the national newspaper, management had no idea that Bill’s policyholders were using the insurance company to launder ‘dirty’ money.

The requirement for companies conducting illegal activities to launder their illegal gains has generated many different schemes.  An increasingly used method to launder money is one where the money earned from criminal activity is used to purchase insurance policies with a ‘cash out’ clause.  Such a policy may pay the holder up to 80% of the policy value if cashed out within one year.  The purchase of millions of dollars in insurance policies and the subsequent cashing out of these policies can covert 80% of the dirty money into ‘clean’ money – a good return for the criminal element, and a good deal for the insurance agent, and even profitable for the insurance company.  However, the negative publicity that may be incurred might outweigh the cash benefits to the insurance company.

The audit director of another insurance company read the newspaper headlines with concern – was this happening at his company?  The next day he initiated an audit of all insurance policies to look specifically for this problem.  He met with the team leader, and explained what had happened at XYZ Insurance.  The team leader had also read the newspaper article and thought that this would be a perfect application for the new CAATTs software he had purchased recently.  He explained that the AGE command could be used to examine the length of time between the opening and closing of a policy.

The team obtained access to the policy file, and used the Age() function to calculated the time between the policy start and closing dates.  Further, by combining the results of the AGE() function with the CLASSIFY command, they were able to determine the number of policies, total length in years and the average policy life (in years) by salesman.

This quickly highlighted possible anomalies in sales practices, and assisted the team leader in checking for potential money laundering activities – whether knowingly abetted by the salesperson, or unknowingly.

The auditors reviewed the insurance claims raised by Paul, and found that many of them were made in the name of only a few individuals.  One person had opened 32 different policies, all of which had been canceled within two weeks.  Paul admitted that he was helping to launder money, and was fired.  Since the company had been proactive in finding the fraud, it was able to correct the problem and keep the incident out of the media, and avoided the adverse publicity.  The audit director smiled as he remembered what his first audit director had told him ‘Your job is to keep the company off the front page of the newspaper’.  This time, that was exactly what he had done.

Year 28 – 2015 – Fraud Risk Management Guidance

COSO had released an update to COSO-ERM which included Principle #8 (“The organization considers the potential for fraud in assessing risks to the achievement of objectives.”) related to fraud risk.  David Cotton (Cotton and Company LLP) put together a team of experts to develop guidance on how the audit profession and management could address the requirements of principle #8 and I was fortunate enough to be invited to be part of the team.   In particular, I was co-chair, along with Vincent Walden (EY), of the sub-group on data analytics which was responsible for developing guidance of the use of analytics to assess risk of fraud and to prevent and detect fraud.  I was an interesting and informative task that gave me the opportunity to work with many talented people.  The final guidance “Fraud Risk Management Guide” was published by COSO in 2016.

The executive summary can be viewed at

The following represents some of my thoughts on the area and served as input to the final guidance document.

Fraud Guidance – Data Analytics input

Data analysis is a powerful tool for assessing fraud risk and for fraud prevention and detection.  But according to an EY 2014 Global Fraud survey: 42% of companies with revenues from $100M – $1B are working with data sets under 10K records; and 71% of companies with more than $1B in sales are working with data sets of 1M records or fewer.  These companies may be missing important fraud prevention and detection opportunities by not mining larger data sets to more robustly monitor business activities.

Data analysis addresses all aspects of the fraud triangle:

  • if people know you are looking, they are less likely to commit fraud
  • Prevent fraud – verify that the key controls are in place and working properly
  • Detect instances of fraud earlier – could catch the first transaction (ACFE 2014 – reported a 50% reduction in duration and a 60% reduction in losses when proactive data analytics were used)
  • Focus the investigation – you know where to look and what to look at
  • Determine losses – reactive; proactive: identify all similar transactions – perhaps at other locations (e.g. payroll fraud)
  • Support the prosecution of people committing fraud – identify the evidence, fully cost the fraud, tell the story

The use analytics supplements the identification and assessment of fraud risk; allows for the monitoring and assessment of controls in areas of highest fraud risk; and supports the detection and investigation of possible fraud.

Fraud Risk Assessment

The ACFE Report to the Nations 2016 stated that proactive fraud analytics can reduce the duration and the loss due to fraud by more than 50%.  In areas of highest fraud risk – analytics can be used to search for control weaknesses and anomalies that could be indicators of fraud.  The Statement on Auditing Standards (SAS) #99 defines various risk factors for assessing the risk of fraudulent financial reporting and other fraudulent acts.   It also encourages you to devise appropriate data analysis strategies for each risk factor.

For example if you are in a competitive Industry, rapidly changing technology can lead to inventory becoming obsolete.  This creates a risk that the inventory may be not be appropriately re-evaluated which would lead to an overstatement on the financial report.  The data analysis to identify and assess this risk factor could include checking the date and results of last inventory evaluation and assessing inventory turnover figures.  If your company has attractive/easily transportable items in inventory, then you are at risk of theft.  Analytical tests could include verifying the effectiveness of the inventory controls by looking at trends in reorder quantity versus use in production or sales and identifying write-off and the use of management overrides to adjust inventory levels.

Fraud Monitoring

In areas of highest fraud risk you should develop a fraud monitoring plan.  The monitoring plan identifies the Why, What, Where and What’s Next of the analysis that will be performed.  For example, if there was a fraud risk that attractive items in inventory could be declared not repairable and written-off as scrap and taken home by employee, we would expect that there would be a separation of duties such that the same person could not be able to declare and item as not repairable and also write-off the item.  Data analysis would be to identify all employees who declared items as not repairable and those who declared items as a write-off.  We would not expect to find the same person on both lists – if we did, we would follow-up to see if their actions were applied to the same item.

Fraud Investigation

When fraud is suspected you need to enhance the fraud monitoring plan and develop a more detailed fraud investigation plan.  The following elements should be documented:

  • Define objectives of investigation. Detail why are you performing the analysis
  • Define the indicators of fraud. Describe what the symptoms of fraud would look like in the data.
  • Identify the required data sources. Working with IT and the business process owner – determine the appropriate source of the required data.
  • Obtain and safeguard the required data. Determine which fields are required – single year or several; one business unit or more; the best methods for obtaining the data; file formats; transfer mechanisms; and how you will safeguard the data.
  • Test the integrity and completeness of the data. Determine the extent to which you can rely on ten data and how you will assess the integrity and completeness of the data.
  • Analysis techniques. Describe the tests to be performed, the expected results and the follow up analyses.

In cases of suspected fraud, the auditor must verify to source or compare with other sources.  When performing the analysis, it is important to drill down into the data – challenging the assumptions and results.

In addition to providing input in each of the chapters – from risk assessment to investigation – Vince and I provided a series of analytical tools and techniques that were presented in an index and are available online.

Year 27 – 2014 – Car Maintenance – Part 2

Part2 – the audit had entered an investigative type phase looking into probable fraud.  As a result, the team leader developed a fraud analysis plan.  The plan outlined on the Who, What, How and Why and focused on analytics to look at the symptoms of fraud in the data.  Who could take advantage of the control weaknesses; what could they manipulate or control and what would it look like in the data; how could the fraud be accomplished; and why (not the rationale, but the benefit tot he fraudster).

While the team leader was thinking about what to do next, he instructed one of the team members to review the controls over the sale of used vehicles.  Twenty cars had been sold in the last year for a total of more than $68,100.  During a manual review of the copies of the purchasing forms the auditor noticed that one person showed up as the purchasers several times.   Using the Classify command on the purchasing data, the auditor totaled the number and dollar value of sales by purchaser.  The results showed that a Mr. Ford was listed as the purchaser 18 times.  What made this a little more disturbing was the fact that the average cost of purchase was $4,156 for the other 6 purchases, but only $2,399 for the 18 purchases made by Mr. Ford.

The team leader thought that maybe the cars purchased by Mr. Ford were older models or had had more mechanical problems and therefore were not worth as much.  He asked the auditor to extract data on all repairs performed in the last year on the 20 vehicles sold in the past year and to organize the information by vehicles and by date of the repair work.  The report indicated that the cars purchased by Mr. Ford were not any older than the other cars sold.  However, it did show that they had undergone a significant amount of repair work.

The team leader thought this might explain the difference in the purchase price until the auditor pointed out that in every case the cars had undergone repair work within a week or two of being sold to Mr. Ford.  Often the cars purchased by Mr. Ford were equipped with new tires, a muffler, and a battery less than 15 days before he purchased them.  Only one of the cars sold to another purchaser had had any repair work done on it in the month prior to being sold.  Finally, a car purchased by Mr. Ford for $800 and listed as being a 1992 model, was in fact in a 1996 model worth much more.

The final analysis performed on the sale of new vehicles was a comparison of the purchase price with the book value listed by the Automobile Association.  Cars of the same make, model, year and mileage were being sold for significantly more than the purchase price paid by Mr. Ford.  However, the 6 cars sold to other purchasers had been sold at prices that were comparable to the book value.

The analyses were presented to the team leader, giving him even more to think about.  During the same time period, one of the new auditors was given responsibility for conducting a review of the controls over gasoline purchases.  She was enjoying the sunny weather one afternoon and happened to walk passed the gas pumps at lunchtime.  She watched as an employee drove up, filled the car with gas and handed over some money to the assistant manager.  This was highly usual as all gas purchases were supposed to use company credit cards.  The auditor obtained an electronic copy of the gas purchase data.  This file contained a record of the number of gallons recorded against each company credit card at the company garage.  She also obtained a copy of the credit card purchases for each company vehicle.  This file provided details on the gas purchased from non-company gas stations.  After joining the two files together, she totaled the gasoline consumption for each vehicle purchased in the last year. The total distance on the odometer was divided by the gas consumption.  This analysis showed that the cars purchased in the last year were only obtaining an average of 7 mpg.  This was not enough to prove any wrongdoing, but encouraged the team leader to permit the auditor to perform some additional analysis.

The next thing the auditor did was to search the data for duplicate transactions – more than one gas purchase on the same day for the same vehicle.  She discovered that several times in the past year company cars had filled up at the company garage and at a retail gas station on the same day.  She obtained the actual credit card receipts and found that in four cases the retail station purchases were made in cities that were hundreds of miles away from the company garage.  In one case the audit team leader had signed the credit card receipt.  When she told him about the receipt and the date, he remembered the trip.  The purchase occurred during a three-week audit of regional offices and he had been on the road the entire time, so it was not possible for the car to have been filled with gas at the company gas station.

The audit team leader reported his suspicions to the president of the company.  A concealed camera was installed to monitor the gas pumps.  Further, the maintenance data was reviewed daily and a quick check was performed to determine if company cars were being repaired as stated.  Within a week the camera capture evidence of the manager and his assistant filling up non-company cars.  Further, the verification of the maintenance data found several instances where the repairs had not been performed as stated.  The repair records showed that 4 new tires had been installed on a company car, but when the auditors check the car they found old tires.  At first the manager claimed that he might have record the wrong license number – but he confessed to the entire scheme when shown the videotape of the gas purchases.


Lessons-Learned – The use of ACL to analyze electronic data, to identify anomalies, trends and duplicates can be invaluable when performing audits.  Such uses of audit software have been reported numerous times in audit magazines.  However, it is important to note that the use of audit software can also be extremely useful in detecting fraud.  Matching data, joining files, recalculating amounts and totals are performed easily and can identify serious exposures.  When fraud is detected, the use of tools like ACL can also help the auditor to quantify the amount or extent of the losses.

Year 27 – 2014 – Car Maintenance – Part 1

The company I worked had a fleet of cars that we maintained, and when beyond a certain age, were sold.  The analysis below describes an audit that looked at the controls around both of these processes.

The new manager of the company garage had only been in charge for a year and was already well respected and well liked.  He and his assistant provided quick and efficient maintenance service for all the company cars.  The garage also contained a gas pump and was considered a ‘Full Service’ station.  Unfortunately, the manager definition of full service went far beyond what the company’s management would have liked.

The garage manager was permitted to perform work on employee’s vehicles, as long as the employees were charged the full cost of the parts used for the work performed.  The company allowed employees to purchase automobile parts for their personal cars at the company rates that were reduced considerably when compared to the retail value of the parts.  The employee would purchase the parts and the company was invoiced at the discounted rate.  The employees would then submit their payment and invoice to the parts manager who would remit the money to the company; and the company would pay the vendor.  However, the manager was ‘correcting’ invoices and making it look like the parts had been used for company cars.  He would keep the money and the company would pay the bill.

The manager was also responsible for the disposal of used vehicles no longer considered economical to maintain.  The manager managed to sell many of the used vehicles to a friend at 65% of the book value.  The friend then sold the vehicle for the book value and split the profits with the manager.  The process called for sealed bids to be submitted by persons wishing to buy the vehicles.  However, the manager would show prospective bidders a car in much worse shape than the one actually being sold; or would invent stories of accidents or mechanical troubles the car had been through.  As a result, the bids from other buyers were usually even lower than the friend’s bid.

Vehicles, which were to be sold, were equipped with new tires, mufflers and other parts just prior to being sold to the manger’s friend.  This significantly increased the value of the vehicle being sold to the point that sometimes the new parts were worth more than the car.

Finally, the manager would fill up employees’ cars at the gas pump and charge the gas to a company car.  The company maintained a fleet of cars for use by employees.  A credit card was kept in the glove compartment of each card to be used when employees ‘purchased’ gas or had repair work done on the vehicle at the company garage.  However, several employees, who were friends of the service manager, were bringing their personal cars into the company service garage for maintenance and even filling up their tanks with gasoline.  The cost of the gas was charged against the car’s credit card.  The service manager then charged the employees half the actual cost of the gas ‘purchased’.  The employees benefited from only having to pay half of the cost and the manager kept all the cash he received.

The auditors were performing the yearly review of the garage operations.  They were totally unaware of the frauds being committed by the manager and his assistant.  This did not, however, stop them from finding out what was happening.

The first analysis performed by the auditors was to total the repair work by vehicle.  They were quite surprised by the total dollar value of the repairs performed on the company cars.  A refinement to the analysis separated the vehicles by year of purchase.  The manager had been so busy with his scheme that even newly purchased cars were showing repair work.  The auditor was particularly suspicious when invoices were paid for parts on cars that were still under the original warranty.  The analysis revealed that some cars less than one year old had undergone as much repair work in the last year as cars much older.  The auditors calculated the total repairs by type of repair to determine the 5 most costly repairs performed.  Next the auditors then totaled, by vehicle, the number and amount of repairs, by type of repair – tire, muffler, alternator, tune up and battery, for all cars less than one year old.  They found that three cars that were less than one year old had a more than usual amount of repair work.  One had four new mufflers installed and another had 12 new tires.

Because of this startlingly finding, the team lead decided to expand the scope of the audit and perform more testing on the repair work and examine the controls over the sale of used cars.  Next week we will see the results of their expanded analysis.