Identifying fraud has always been an important goal for organisations across the globe.  Fraud is often difficult to detect and even more difficult to investigate. Poor internal systems allow fraud to flourish. The biggest motivation is greed. The current economic turmoil is pushing fraud detection higher on everyone’s priority list.

The impact of fraud

From employee embezzlement to intentionally misleading financial statements, occupational fraud and abuse can often have serious consequences to an organisation. The Association of Certified Fraud Examiners estimates that the typical organisation loses 7% of its annual revenues to occupational fraud.  In addition to direct dollar costs, fraud can damage a company’s reputation, contribute to a loss of public trust, decrease share price, increase in legal fines, and cause low employee moral. 

The Australian Institute of Criminology estimated that fraud costs approximately $8.5 billion each year, with only 6% of the misappropriated monies recovered.

Recently, here in Australia we’ve seen a Payroll Manager at Clive Peeters confess to a $20M dollar theft.  The high profile financial statement fraud and demise of HIH Insurance is considered to be the largest corporate collapse in Australian history, estimated at a loss of $5.3 billion. In the UK a former audit firm director, was sentenced for fraudulently claiming half a million dollars in expenses.  The Enron scandal in the US, demonstrated how quickly fraud can cause the collapse of a fortune 500 company and dissolution of a top five accounting firm.  While these are examples of high profile cases, there are many more reported and unreported. The impact of fraud is high for any organisation.  

Detecting fraud and misconduct

Fraud is often undetected nor reported to the police. It is usually dealt with internally or not investigated.

Traditionally a company relies most on its internal control activities, the internal auditor, and external auditors to detect and uncover fraud.  However, according to the 2008 Report to the Nation from the Association of Certified Fraud Examiners, over 50 percent of fraud was detected through tips or by accident. Of the fraudulent activities detected by tips, a full 31 percent came through hotline calls.  Internal control is a distant second in detecting fraud (after tip-off and accidental detection).  Hence, there is room for improvement.  


Inherent limitations of traditional audit methods

External and internal audit reviews are not designed nor intended to detect all weaknesses in control procedures, as it is not performed continuously through the period and the tests performed are on a sample basis.  Auditors typically spend one to two weeks on periodic audits to gain assurance.  The reviews are designed to check for material net errors, and whether controls are designed appropriately and operating effectively.  The reviews are not performed looking specifically for instances of fraud, but rather the potential for fraud.

Limitations of sample testing for fraud detection purposes:

• Sampling is not able to fully quantify the impact of control failures, it is only able to estimate errors within a population.
• Sampling may miss many smaller anomalies that could point to weaknesses that may be exploited later causing a material breach.
• Fraud is not representative in a sample.
• To effectively test and monitor internal controls, organisations need to look at all the transactions that roll through them and test transactions against established parameters, across applications, across systems, from dissimilar applications and data sources.  A lot of internal control systems can’t handle this.
• It is timely and costly to manually investigate even a small sample.

Occupational frauds are generally ongoing crimes and concealment involves the steps taken by the perpetrator to hide the fraud from others.  As such, auditor’s current detection methods are like trying to find a needle in a haystack.

An effective whistleblower reporting system proves valuable to detect fraud

Whistleblower reporting systems are considered better practice and have proven an effective method for detecting workplace fraud and abuse. A system that enables employees to report suspected misbehaviour or concerns allows the organisation to take corrective action immediately. Organisations that encourage a culture of open reporting benefit by being able to deter wrong doing, reduce malicious leaks, and maintain its reputation.

The following are a few areas to consider when implementing a whistleblower program:

• Utilise multiple collection vehicles (phone, mail, email) to avoid constrained communications;
• Ensure methods are in place to reduce the risk of encouraging retaliation claims;
• Utilise flexible and multifunctional scrips / forms to ensure collection of important information;
• Utilise skilled and trained personnel capable of quickly identifying true cases and acting with professional care;
• Communicate and generate awareness of the program to employees and the community.

Data mining and transactional analysis for improved fraud detection

Proactive data analytics, and the use of tools such as ACL, IDEA, ACCESS, is a proven and effective method in fighting fraud and monitoring the effectiveness of internal controls.  The Association of Certified Fraud Examiners, the Institute of Internal Auditors, and the Institute of Chartered Accountants all advocate the use of data analysis technologies. 

Some of the benefits through the increased use of data analysis include:

• Ability to test 100% of the population
• Identifying anomalies or “red flags”
• Tangible audit findings that can be reported in actual cash value
• Ability to transition from annual cyclic audit testing to more ongoing monitoring of both transactions and controls
• Identifying areas to data cleanse for consistency
• Repeatability
• Reduction in audit risk
• Cost-effective
• Close control loopholes before abuse escalates
• Acts as a deterrent

Common data mining and analysis areas include:

• Employee and payroll
• Vendors & accounts payable
• Travel and entertainment expense reimbursements
• Sales
• Inventory
• General ledger / Journal entries

Sample tests in key areas may include:

Payroll Mining:

• Employees with no deductions
• PR activity subsequent to termination
• Employee vs. department baselines ($ & hrs)
• Department vs. company baselines ($ & hrs)
• Benford’s analysis of gross/net payroll
• Time series analysis
• Employee leave analysis
• Pay rate analysis
• Duplicate direct deposit accounts
• Short duration of hire/termination

Accounts Payable Mining

• Duplicate invoices
• Duplicate payments
• Benford’s analysis
• Employee name and acronym search
• Compare multiple vendor master files
• Identify invoices in excess of n% of vendor average
• Acceleration and time spending analysis
• Spend analysis

Expense Reporting Mining

• Patterns in travel expenses
• Unusual amount of airfare
• Review of miscellaneous expense category
• Duplicate expenses
• Multiple expense reports with same expenses

Fraud risk assessment

For business with pressing deadlines, managing cashflow and liquidity, dealing with customer backlogs and complaints, fulfilment and other business critical issues, conducting an exercise to assess fraud risk may seem to be a low priority.

In reality however, such an exercise is a critical investment to the future of the organisation providing valuable information and helping to shine some light on current problems.

Fraud risk assessments also helps identify where critical controls may be lacking or weak. This is particularly useful, where an organisation has grown over time or have had undergone reorganisation or restructuring, changes or upgrading of business systems, mergers and acquisitions, culture and procedures are disrupted.

Organisation which is diverse and geographically scattered and with different sub-cultures will also benefit greatly from a fraud risk assessment.

Benefits of fraud risk assessment include:

• Improvement programme identified
• Minimisation of future losses, both financial and reputation, to the organisation from fraud
• Improvement opportunities identified on organisation’s processes and controls as a consequent of the review
• Minimize risks of occupational fraud
• Cultural survey provides a rich insights for company management about attitude and perceptions of employees on a range of important subjects, beyond fraud risk assessment

Conclusion

Despite the serious risk that fraud presents to business, many organisations still do not have formal systems and procedures in place to prevent, detect, and respond proactively to fraud. 

Elements of an effective anti-fraud strategy program include a fraud risk assessment, code of conduct, fraud awareness training, process-specific fraud controls, investigation protocols, disclosure protocols, and board oversight. Implementing a whistleblower reporting system, conducting a fraud risk assessment and utilising advanced data analytics as part of the audit process are amongst the key steps that can be taken to deter fraud and proactively detect it. 

Case studies

Case study 1:  Retail Company benefits utilising data mining software

Within weeks of implementing new data-mining software, clothing retailer Peacocks dismissed five employees for fraudulent activities identified by the fraud detection tool and a further 15 investigations were underway based on information highlighted by the software. Employees were found to be involved in activities such as processing genuine sales for customers then voiding the transaction, taking money from the tills, and applying refunds to their own credit cards. Peacocks believe that the increased chances of detection will stop some fraud before it is even committed. Peacocks are also using the system to pinpoint process improvement and training requirements.
Source: various articles from Retail Week & CIMA Risk Management


Case study 2:  Payroll Manager steals $20 Million from Clive Peeters

A Payroll Manager admitted to bypassing internal controls and utilising a loophole in the company’s internet banking to transfer more than $20 million of company money into her own bank account.  The scheme involved falsifying payroll records, transferring cash to her bank account and using it to buy real estate.  Her fraud added up to more than the company’s pre-tax earnings in the 2008 financial year.  The Payroll Manager worked at Clive Peeters head office for three years as a senior member of the finance team and was a signatory to the company’s account.  The alarm was raised when a company accountant noticed a $2 million variation between two company ledgers.  Further investigation revealed a larger discrepancy of $20 million. In seven months the Payroll Manager purchased 43 properties and spent $166,500 on three luxury cars.  As the fraud warning signs were evident, one wonders if the company had an effective whistleblower reporting system and / or utilised ongoing transaction testing if the scheme would have been deterred or identified earlier.  Source:  various articles from Sydney Morning Herald

To learn more about fraud risk management, conducting a fraud risk assessment, utilising advanced data analytics, or to request a copy of the Moore Stephens “Implementing an Effective Whistleblower Reporting System” brochure please contact:

Shirley Liew- Director, Moore Stephens Sydney
Jaclyn Biro- Assistant Manager, Moore Stephens Sydney