This was the year that I re-published my second book “Fraud Detection: A Revealing Look at Fraud (2004). This dealt with obtaining, verifying and analyzing the data to support fraud prevention, detection and investigation. However, it was also relevant to regular internal audit analyses.
I thought I would do something a little different this week – so here is a fraud analysis story. It is based on an actual fraud analysis that I performed. In telling this story over the years, I have had a number of people tell me that their company had experienced a similar type of fraud. Which raises the question: “Why do companies so often ignore basic controls like separation of duties?”
Direct Deposit – Bill was not happy when he returned from the quarterly management meeting and Tom wondered why. Bill explained a fraud that had been discovered – but not by internal audit.
“It went like this,” said Bill, “you know how we employ a lot of casual workers – people who may show up for anywhere from 1 day to 6 months. Well it seems that an 8-month investigation in the payroll area has determined that the person in charge of keeping the attendance records has been committing fraud.”
“Wait a second’, exclaimed Tom, “we haven’t been conducting an investigation”.
Bill shook his head, “that is part of the reason why I am so upset. First there was a fraud, and second we weren’t even notified – contrary to what the corporate fraud policy states, I might add.”
The supervisor of the payroll section noticed a weakness in the system. Even though the casual workers were not around for long, everyone was paid by direct deposit. This procedure was put into place when a fraud involving payroll checks was discovered a few years back. The weakness was two-fold – first, the payroll supervisor was responsible for the sign-in sheet. Every time a casual employee reported to work, they signed in and recorded their hours. The second weakness was the fact that the same supervisor was responsible for the entry and update of the basic employee data, including the direct deposit number. Seems that, upon learning that a casual employee was not planning on returning to work, the supervisor would continue to record their attendance, but would change the direct deposit number to a bank account that he controlled.
“Nice scheme”, responded Tom. “I presume he kept his extra earning down to a minimum amount.”
“Sure,” said Bill. “He never kept anyone on for more than 20-30 hours, but with so many casuals, he was clearing an extra week’s pay every week.”
The scheme was discovered when a casual worker received his income tax statement and compared it to his paychecks. He called to talk to the supervisor, who just happened to be off sick that week. A new employee, eager to impress her boss, researched the problem while the supervisor was off and discovered the fraud.
Now Tom was confused. “It sounds pretty straightforward to me. Why did it take eight months to investigate the fraud?”
Bill explained, “She called the police and they pulled all of the attendance sheets and copies of the bank statements. Then they did a manual review – looking for the same direct deposit number turning up for more than one employee. Seems that our payroll supervisor was not working alone, his girlfriend also had several checks deposited to her account.”
“Still – eight months?” cried Tom.
Bill laughed, “You’re right. Since this was a white-collar crime, they only worked on it when there was a lull in other police work. As a result, we lost even more money, and the payroll supervisor found out about the investigation and had time to make a run for it.”
“Well I guess we lost another one,” lamented Tom as he headed for the door.
“Get back in here – were not done with this yet,” said Bill. “I want you to verify the police work – make sure they didn’t miss anything. And I want it today!”
Using data analysis, all pay transactions for the last two years were examined – looking for all instances of the same direct deposit number being used by more than one employee. While it did identify two cases where the husband and wife both worked for the company, it also identified four accounts that had been used to collect extra pay.
Bill smiled, “that is two more than the police found.”
“And it only took 45 minutes,” said Tom.
But still Bill wasn’t happy – something was nagging at him. Tom was just about to ask what the problem was when Bill shook his head and exclaimed “Boy, am I a fool”.
Tom bit his tongue and did not reply “Yes, but why do you ask?”
Instead he waited for Bill to continue. “I wasn’t happy when I heard that the police had conducted a manual investigation. I knew that matching direct deposit number to employee was much easier for a computer. But there was more to it than that – I just didn’t realize it until now.”
Tom couldn’t wait any longer, “What?” he said.
Bill just looked at him and replied, “Run the analysis for all of our payroll sections across the country. If it is happening here, I’ll bet my last dollar it happening elsewhere.”
Tom walked into Bill’s office two months later and said, “That clears up our payroll fraud case.”
“What was the final result?” inquired Bill.
“Well, we recovered close to $209,000 and are prosecuting four people – the criminal cases look promising.” replied Tom. Bill waited. “Oh ya, and we fixed the control weakness too.”
Finally, Bill was pleased; the data analysis had taken less than two days to complete, was instrumental in proving the case in court, and had been easy to do. But most of all, the direct deposit fraud had been properly and thoroughly dealt with.
ACL Commands: DUPLICATES and JOIN
Lessons Learned: 1. The police don’t always place the same priority on a fraud investigation as you might like. 2. Fixing one control weakness may create another – it is important to review all controls when making changes to procedures. 3. Data analysis is often the ideal way to find evidence of fraud. 4. Once you have found a fraud and understand the control weaknesses exploited, look for additional cases of fraud.