Executive Fraud Blog

A Guide to Forensic Accounting Investigation by Thomas W. Golden, Steven L. Skalak, Mona M. Clayton

Today's demanding marketplace expects auditors to take responsibility for fraud detection, and this expectation is buoyed by such legislation as the Sarbanes-Oxley Act and the Auditing Standard (SAS99), which requires increased performance on the part of the auditor to find material financial statement fraud.
Written by three of the best forensic accountants and auditors, Thomas W. Golden, Steven L. Skalak, and Mona M. Clayton, The Auditor's Guide to Forensic Accounting Investigation explores exactly what assurances auditors should provide and suggests alternatives to giving the capital markets more of what they are requiring-greater assurances that the financial statements they rely upon for investment decisions are free of material error, including fraud. It reveals the surprising complexity of fraud deterrence, detection, and investigation, and offers a step-by-step approach to understanding that complexity.

From basic techniques to intricate tests and technologies, The Auditor's Guide to Forensic Accounting Investigation is a rich, multifaceted, and fascinating answer to the need for wiser, savvier, better-trained financial statement and internal auditors who are thoroughly familiar with fraud detection techniques and the intricate, demanding work of forensic accounting specialists.

When are Photocopies Acceptable in Fraud Cases?
In all cases the court must establish that the original document existed and that the copy is genuine. In the following situations the evidence is permissible:

1. Original no longer exists but it was of no intent or fault of the partying attempting to introduce the evidence.

2. Original has not been provided by the other party or the document is outside the juridiction of the subpoena.

3. Original has already been filed and is currently in the custody of a public office.

4. Original document is too large for an appropriate examination in court and a summary copy would be more acceptable for the courts needs.

Process of Proactive Detection of Fraud

1. Build the Proper Team
Regardless to the total size of the team, there should be at least three specific experts. The first is a domain expert that has an inside perspective of the industry and the business. The second is a technology specialist that is familiar with the system being used by the company. Lastly there needs to be someone familiar with fraud and the symptoms involved with it.

2. Team Must Develop an Understanding of the Business
Similar to any audit plan, a fraud investigation must be customized to the particular company being observed. All business are different thus they clearly have differing areas of potential fraud. After identifying the different functional business areas the team should walk through, talk with employees, observe procedures, review documentation, and other learning the business procedures.

3. Perform a Risk Assessment
Based on the understanding gained about the different areas of business the team should then evaluate those high risk conditions. By understanding the common risks they are able to identify those symptoms that would appear in a fraud scheme in that area. In this step it is important to continually brainstorm about how employees could potentially commit fraud given the current control system.

4. Clearly Define the Targeted Fraud Symptoms & Search for Them
In order to proactively detect these risks it is important to identify those symptoms that would most likely reveal a case of fraud. To read more about the identifying risks please see the article Fraud Symptoms. While searching for the symptoms it is important to collect company data and compile a list of suspicious looking transactions.

5. Investigate High Risk Symptoms
The most efficient way to investigate these symptoms is the use of computer analysis. By looking into only those risks that can not be explained by further analysis the team is able to save time and resources. The identification of abnormalities at this stage will require much scrutiny during investigation and will be an high risk area when performing the annual audit.

Fraud Symptom Categories

1. Internal Control Problems - material weakness
The first thing to remember when looking at internal controls is the fraud triangle. Without all three elements of opportunity, pressure and rationalization it is less likely that fraud will occur. By creating controls that prevent these elements or detect them in a timely manner after occurance managers can effectively monitor compliance.

Specific internal control issues stem from the organizations structure. Examples of symptoms of control deficiencies include a lack of the following: segregation of duties, independent verification, proper authorization, physical safeguards, overriding the system in place, and proper documentation.

2. Analytical Irregularities
These symptoms are unusual relationships of current financial statement ratios are compared to prior years. The analytical tests identify those transactions that are extreme cases and fall outside of the normal distribution of values. Common examples include: shortages of inventory, the use of too many credits to accounts receivable, or the existence of new vendors.

3. Accounting Abnormalities
The symptoms of accounting issues involve problems with faulty journal entries, nonexistent or fraudulent source documents, and incorrect ledger balances. Journal entries that are tampered with by smart fraudsters tend to be the expense accounts. In order to balance the accounting equation they must expense an amount equal to what they stole. Source documents can have all sorts of problems because many times they are vendor invoices that can be manipulated by those with direct access. It is important to retain all original copies and to verify with customers/vendors through the use of confirmations. Lastly, ledger problems come about when there is a mismatch of ledger balances not equaling the master file or each individual ledger balance not reconciling. Either way it is a sign of an incomplete fraud scheme.

4. Extravagant Lifestyle &/or Unusual Behavior
Lifestyle changes are often the easiest of all symptoms to detect. Although looking at bank records, investment records, and tax return information are difficult to access; property records, UCC filings, and other records are easy to check to determine whether there are assets that have been purchased or liens that have been removed. Unusual behavior is seen through an individual's recognizable behavior pattern to attempt to cope with the stress. Their guilt leads to fear, fear leads to stress, and stress leads to behavior changes.

5. Tips and Complaints
These are considered to be symptoms instead of evidence because often times they turn out to be unjustified. Despite their failure they can be extremely helpful when those in the best position to detect fraud step forward.

-coworkers, managers, and other employees are usually in the best position to detect fraud in the theft act stage
-company accountants and even coworkers are probably in the best position to detect fraud in concealment
-coworkers, friends, and managers are also in a better position to detect fraud in conversion

Since this is the case, it is important that companies maintain a whistleblower protection program or keep open a anonymous fraud hotline. Detection and communication offer the best protection from fraud.

1. Surveillance
This method is legal if they do not invade a person's reasonable expectation of privacy. It is better to consult legal council and/or the HR department in order to predict the likely events.
Surveillance can be done either stationary/fixed point or moving/trailing. When using both methods it is important to keep a detailed record of all the activities (date, position, time, etc). Trailing has great rewards but has the danger of being caught leading to a higher failure rate. Electronic surveillance may be done by law enforcement using wire-tapping and video cameras.

2. Covert/Undercover Operations
These operations can be time consuming and costly so should only be used when: Large scale collusive fraud, other methods fail, solid predication, secretive in nature, and it complies with the laws of the organization. When an appropriate amount of information is collected it is necessary to inform the authorities.

3. Invigilation
Detailed records should be maintained before, during, after an intense examination period. During the examination there is a very strict adherence to controls. By comparing the results of the examination period to results before and after investigators are able to identify any unusual patterns that arise during the periods when observation is not intensely obvious. The duration of the examination should be at least 14 days and subject to management’s approval.

4. Obtain Physical Evidence
Best place to look for this type of evidence is a suspects computer. Things such as databases, emails, word documents that are stored on their computer require obtaining the legal rights to seize their PC. By checking the documents that are physically present in the suspects office there is a likelihood that you will find a starting point for the investigation.