Part2 – the audit had entered an investigative type phase looking into probable fraud. As a result, the team leader developed a fraud analysis plan. The plan outlined on the Who, What, How and Why and focused on analytics to look at the symptoms of fraud in the data. Who could take advantage of the control weaknesses; what could they manipulate or control and what would it look like in the data; how could the fraud be accomplished; and why (not the rationale, but the benefit tot he fraudster).
While the team leader was thinking about what to do next, he instructed one of the team members to review the controls over the sale of used vehicles. Twenty cars had been sold in the last year for a total of more than $68,100. During a manual review of the copies of the purchasing forms the auditor noticed that one person showed up as the purchasers several times. Using the Classify command on the purchasing data, the auditor totaled the number and dollar value of sales by purchaser. The results showed that a Mr. Ford was listed as the purchaser 18 times. What made this a little more disturbing was the fact that the average cost of purchase was $4,156 for the other 6 purchases, but only $2,399 for the 18 purchases made by Mr. Ford.
The team leader thought that maybe the cars purchased by Mr. Ford were older models or had had more mechanical problems and therefore were not worth as much. He asked the auditor to extract data on all repairs performed in the last year on the 20 vehicles sold in the past year and to organize the information by vehicles and by date of the repair work. The report indicated that the cars purchased by Mr. Ford were not any older than the other cars sold. However, it did show that they had undergone a significant amount of repair work.
The team leader thought this might explain the difference in the purchase price until the auditor pointed out that in every case the cars had undergone repair work within a week or two of being sold to Mr. Ford. Often the cars purchased by Mr. Ford were equipped with new tires, a muffler, and a battery less than 15 days before he purchased them. Only one of the cars sold to another purchaser had had any repair work done on it in the month prior to being sold. Finally, a car purchased by Mr. Ford for $800 and listed as being a 1992 model, was in fact in a 1996 model worth much more.
The final analysis performed on the sale of new vehicles was a comparison of the purchase price with the book value listed by the Automobile Association. Cars of the same make, model, year and mileage were being sold for significantly more than the purchase price paid by Mr. Ford. However, the 6 cars sold to other purchasers had been sold at prices that were comparable to the book value.
The analyses were presented to the team leader, giving him even more to think about. During the same time period, one of the new auditors was given responsibility for conducting a review of the controls over gasoline purchases. She was enjoying the sunny weather one afternoon and happened to walk passed the gas pumps at lunchtime. She watched as an employee drove up, filled the car with gas and handed over some money to the assistant manager. This was highly usual as all gas purchases were supposed to use company credit cards. The auditor obtained an electronic copy of the gas purchase data. This file contained a record of the number of gallons recorded against each company credit card at the company garage. She also obtained a copy of the credit card purchases for each company vehicle. This file provided details on the gas purchased from non-company gas stations. After joining the two files together, she totaled the gasoline consumption for each vehicle purchased in the last year. The total distance on the odometer was divided by the gas consumption. This analysis showed that the cars purchased in the last year were only obtaining an average of 7 mpg. This was not enough to prove any wrongdoing, but encouraged the team leader to permit the auditor to perform some additional analysis.
The next thing the auditor did was to search the data for duplicate transactions – more than one gas purchase on the same day for the same vehicle. She discovered that several times in the past year company cars had filled up at the company garage and at a retail gas station on the same day. She obtained the actual credit card receipts and found that in four cases the retail station purchases were made in cities that were hundreds of miles away from the company garage. In one case the audit team leader had signed the credit card receipt. When she told him about the receipt and the date, he remembered the trip. The purchase occurred during a three-week audit of regional offices and he had been on the road the entire time, so it was not possible for the car to have been filled with gas at the company gas station.
The audit team leader reported his suspicions to the president of the company. A concealed camera was installed to monitor the gas pumps. Further, the maintenance data was reviewed daily and a quick check was performed to determine if company cars were being repaired as stated. Within a week the camera capture evidence of the manager and his assistant filling up non-company cars. Further, the verification of the maintenance data found several instances where the repairs had not been performed as stated. The repair records showed that 4 new tires had been installed on a company car, but when the auditors check the car they found old tires. At first the manager claimed that he might have record the wrong license number – but he confessed to the entire scheme when shown the videotape of the gas purchases.
ACL Commands – FILTER, CLASSIFY, CROSSTAB,
Lessons-Learned – The use of ACL to analyze electronic data, to identify anomalies, trends and duplicates can be invaluable when performing audits. Such uses of audit software have been reported numerous times in audit magazines. However, it is important to note that the use of audit software can also be extremely useful in detecting fraud. Matching data, joining files, recalculating amounts and totals are performed easily and can identify serious exposures. When fraud is detected, the use of tools like ACL can also help the auditor to quantify the amount or extent of the losses.