FraudandForensicAccounting

InaDigitalEnvironment
WhitePaperfor
TheInstitutefor
FraudPrevention
ConanC.Albrecht
MarriottSchoolofManagement
BrighamYoungUniversity
conan@warp.byu.edu
FraudandForensicAccounting
InaDigitalEnvironment
ABSTRACT
Thispaperdiscussesfouraspectsofcomputeraidedfrauddetection thatareof
primaryinteresttofraudinvestigatorsandforensicaccountants:dataminingtechniques
forthedetectionofinternalfraud,ratioanalysisfor thedetectionoffinancialstatement
fraud,theissuessurroundingexternalinformationsources,andcomputerforensicsduring
fraudinvestigations. Itprovidesaninformativebackgroundandthendetailsthecurrent
statusofresearchineacharea.Itdescribeswhatiscurrentlyunknown,anditproposes
futureresearchtopics.
Keywords:Fraud,ComputerForensics,ProactiveFraudDetection,DigitalAccounting
1 INTRODUCTION
Themoderndigitalenvironmentoffersnewopportunitiesforbothperpetrators
andinvestigatorsoffraud.Inmanyways,ithaschangedthewayfraudexaminers
conductinvestigations,themethodsinternalauditorsusetoplanandcompletework,and
theapproachesexternalauditors taketoassessriskandperformaudits.Whilesome
methods,suchasonlineworkingpapers,aremerely computerizedversionsoftraditional
tasks,others,suchasriskanalysisbasedonneuralnetworks, arerevolutionizingthefield.
Manyauditorsandresearchersfindthemselvesworkingamidaneverchanging
workplace,withcomputerbasedmethodsleadingthecharge.
Perhapsthemostdifficultaspecttocomputerbasedtechniquesistheapplication
ofasingletermtoawidevarietyofmethodslikedigitalanalysis,electronicevidence
collection,datamining,andcomputerforensics. Indeed,computerbasedfrauddetection
involvesaplethoraofdifferenttechnologies,methodologies,andgoals.Sometechniques
requireastrongbackgroundincomputerscienceorstatistics,whileothersrequire
understandingofdataminingtechniquesandquerylanguages.
In theauthorsexperience,discussionsaboutcomputerbasedfrauddetection
techniquesinmostaccountingcirclesarerevolvearound theuseof BenfordsLawto
discoverfalseinvoicesorotherfraudulentamountsincorporatedatabases. Analysisof
dataagainstBenfordsdistributionisuseful,butitisonlyoneofmanycomputerbased
frauddetectiontechniquesthatshouldbeusedbyprofessionalsandresearchedby
academics.
Thispaperreviewsthedifferentaspectsofcomputeraidedfrauddetection.In
particular,itdescribeseachtopicalarea,itsresearchtodate,andneededresearchforboth
professionalsandacademics.
1.1 TypesofFraudDetection
Frauditselfcomprisesalargevarietyofactivitiesandincludesbribery,political
corruption,businessandemployeefraud,consumertheft,network hacking,bankruptcy
anddivorcefraud,andidentitytheft.Businessfraudoftencalledoccupationalfraud
isusuallymostinterestingtoaccountingprofessionalsandfacultyandistheprimary
subjectofthispaper(ACFE,2008). Withintheareaofbusinessfraud,manyfindit
helpfultoseparatebetweeninternalandexternalfraud(Albrecht,et.al.,2008). Internal
businessfraudinvolvesschemesagainstacompany(i.e.tostealmoneyfroma
company).Internalfraudincludesschemeslikeemployeeembezzlementandkickback
relationships.Internalfraudisusuallyfoundbyinternalauditorsordedicatedfraud
detectionteamsthrough hotlines,dataminingefforts,andinternalaudits.
Externalbusinessfraud,orfinancialstatementfraud,involvesschemesonbehalf
ofacompany.Thisismostoftendonebymisrepresentationof thefinancialstatementsto
improvecompanyimageandmisleadstockholdersandotherinterestedparties.Common
externalschemesinvolverevenueandinventoryoverstatements,liability
understatements,inadequatedisclosurefraud,andothermanipulationstothefinancial
statementsandcompanyrecords(Wells,2002).
Theactoffraudinvestigationiscomprisedofseveralactivities,includinginitial
discovery,publicrecordsearch,interviewsofvarioustypes,documentrecoveryand
search,legalprosecution,andcomputerforensics.Thetypicalfraudinvestigatoris
heavilyinvolvedwithmanyoftheseactivities,butheorshegenerallyworkswithlegal
counselorinformationsecurityprofessionalsformorespecializedtasks.
Evenwithintherelativelynarrowfieldofcomputerbasedfrauddetection,
significantdifferencesintaskperformanceandknowledgerequirementsexist.For
example,computerforensicsrequiresknowledgeofdiskcloning,operatingsystems,file
andgraphicsformats,andscriptingforautomation.Incontrast,datatheftpreventionand
investigationrequiresknowledgeofdatabases,security,intrusiondetection,hacking
principles,andencryption.
1.2 PaperScope
Thispaperfocusesonfourcentralthemesthatrunthroughthetopicsdescribed
above.Theseareoutlinedasfollows:
1. Dataminingforfraud:Techniquesandmethodologiesfordiscovering
fraudincorporatedatabases.
2. Financialstatementfraud: Ratioanalysisandothermethodsoffinding
financialstatementmanipulation.
3. Externalinformationsources:Informationaboutperpetratorfinancesand
otherdata,usuallyfoundinwebsites.
4. Computerforensics:Investigatingbysiftingthroughcomputerharddrives
andotherinformationdevices.
Thispaperdoesnotcoveranumberofperipheraltopicsthatmightbetermed
computeraidedfrauddetection.ITauditinginvolvesthereviewoftechnicalsystems,
suchasERPapplicationsanddatabases,forrisksandcontrolweaknesses.Computer
aidedauditriskassessmentistheprocessofusingexpertsystems,neural networks,or
othercomputerbasedprogramstoassessvariousauditandinherentrisksduringthe
planningphasesofaudits.ITcontrolandsecurityplanninginvolvesrequirements
definitiononpermissionsandsecurityinacorporatesystems.Evidencecollection
techniquesareusefulinlargefraudcasestheirassociatedsoftwarehouseslargesetsof
documents,data,andotherinformationinfraudinvestigations.Finally,deepforensics
topicssuchasencryptioncrackingandintrusiondetectionarebettersuitedtocomputer
sciencejournals. Theaforementionedtopicsarebeyondthescopeofthispaperandare
notincluded.
1.3 StructureofthePaper
Thispaperprovidesasectionforeachofthefourtopicsnotedabove.Because
thesetopicsareminipapersin theirownright,thesectionsaresplitintothreeareas:a
detailedintroductionanddescriptionofthetopic,aliteraturereviewandcurrentstatus,
andasummaryofareasstillunknownandresearchpossibilities.
2 DATAMININGFORFRAUD
In2002,GeneMorsefoundaround$500milliondebittoaPP&Eaccountat
WorldCom.Hediscoveredtheanomalythroughsearchesinacustomdatawarehousehe
haddevelopedintheEssbasemultidimensionaldatabase.WorldComwouldnotgive
Morseaccesstofullfinancial systems,sohecreatedhisownwarehouseandusedbasic
dataminingtechniquestosearchit.UsingasmallscriptandMicrosoftAccess,Morse
followedtheaccountthroughthefinancialreportingsystemandultimatelydiscovereda
$1.7billionentryof capitalizedlinecostsin2001(Lamoreaux,2007).
TheWorldComfrauddiscovery isoneexampleof usingcomputertechnologyto
searchfullpopulationsofdataforanomalies,trends,andfraud.Traditionalauditinguses
techniqueslikediscovery,stratified,orrandomsamplingtodeterminewhethera
populationcontainserrors(AlbrechtandAlbrecht,2002).Thisapproachworkswell
whenauditorsaresearchingforanomaliesunintentionalerrorsusuallycausedby
weaknessesincontrolsbecauseanomaliesoccuratregularintervalsthroughoutthedata
set.Incontrast,fraudintentionalerrorscausedbyintelligenthumanbeingscanoccur
inonlyafewtransactions.Whileasampleofapopulationcontaininganomaliesshould
berepresentative,asampleofapopulationcontainingfraudmaynotberepresentative.
Assumingafraudisrecordedinonlyafewtransactions,asamplingrateof5percent
resultsina95percentriskthefraudwillnotbesampledandwillbemissed. Fraud
detectionmethodsshouldusefullpopulationswheneverpossible,andsincefull
populationscanbevoluminous,theyalmostalwaysrequirecomputersanddatamining
techniques.
2.1.1 Methodology
Oneoftheassumptionsthatunderlietraditionalauditingmethodsisthepresence
ofanintelligenthumanbeing.Whenanauditorchecksitemsinasample,heorsheis
abletoapplyhumanreasonandcommonsensetotransactions.Fraudinvestigations
oftenstartwiththeauditorconductingaroutineaudittask,lookingatatransaction,and
saying,thatdoesntmakesense. Thisapproachcanbeseenasaninductiveapproach
theauditorinvestigatesfurtherwhenanomaliesarefound.
Dataminingroutinesrunbycomputerdonothavethisinnatesenseof
normality.Queriesandscriptsdoexactlywhattheyareprogrammedtodo.Theydonot
digdeeperunlesstheuserspecificallyprogramsthemtodoso.Toaccommodate this
limitation,thefraudhypothesistestingapproachhasbeenproposed(Albrecht,et.al.,
2000).Thisapproachhasalsobeenlabeledthedeductiveorproactiveapproachtofraud
detectionitinvolvesthefollowingsixstepapproach:
1. Auditorsgainasolidunderstandingofthebusinessprocesses,controls,
andenvironment.Thisunderstandingallowsthemtoproactivelypredict
thefraudsthatmightbeoccurring.
2. Theteambrainstormsthepossiblefraudsthatcouldexistinthe
environmenttheyareauditing.Thismightresultin50potentialschemes.
3. Oncepotentialschemesareidentified,theteamoutlinesthewaysthese
schemeswouldshowupindata.Theseindicators,orredflags,arethe
primaryindicatorsthatthefraudmaybeoccurring.
4. Foreachindicator,theteamsearchescorporatedatabasesusingqueries,
scripts,anddataminingtechniques.Anyanomaloustransactionsare
pulledforfurtherinvestigation.Thiscouldbeseenasasample(albeit
notinthetraditionalsense)thatshouldbelookedatmoreclosely.
5. Auditorsanalyzethequeryresultstodeterminepossibleexplanationsfor
theanomalies,whichcouldbefraud,weakcontrols,orotherreasons.
6. Theteamfollowsuponthoseindicatorsthatmaybecausedbyfraud.
Thesefurtherinvestigationsemployadditionalqueriesortraditional
meanstodeterminethetruecauseoftheanomalies.
Thehypothesistestingapproachhasbeenusedsuccessfullyinseveralcase
studies,includingliquorsales(LoftusandVermeer,2003), universityenvironments
(DailyTarHeel,2007),andhealthcareinIndia(Albrecht,2008).
2.1.2 ContinuousAuditing
Oncecomputerqueriesandscriptsarewritten,continuousauditingispossible.
Ratherthantestingonhistoricaldata(thenormalauditprocess),testscanbeprogrammed
intolivecorporatesystemstoprovidecontinuousmonitoringoftransactions. Continuous
monitoringusinginformationtechnologyhasbeensuccessfullyusedatanumberof
companies(Hermanson,2006).Forafullliteraturereview,seethepaperbyRezaee,et.
al.(2002)which proposesageneralizedapproachtoaudittestingandanalysis.The
methodissimilartothehypothesistestingapproach desecribedearlier.
2.2 CommonTechniques
Thetechniquesusedtoperformdataminingforfraudrangefromsimple
statisticalaveragestocomplexneuralnetworksandclusteranalyses.Thissection
presentssomeofthemorecommontechniquesfoundinliterature.
2.2.1 DigitalAnalysis
In 2000,MarkNigrinipublishedanimportantbookcalledDigitalAnalysis
UsingBenfordsLaw(Nigrini,2000). Although BenfordsLawisnowacenturyold
andwasdiscussedinfraudliterature(Hill,1995BustaandWeinberg,1998Nigrini,
1999)priortothebook,Nigrinisworkintroducedthetechniquetothelargeaudienceof
auditors.
BenfordsLawworksbecausenatureproducesmoresmallthingsthanlarge
things. Therearemoreinsectsthanlargemammals,moresmallhousesthanlargeones,
andmoresmalllakesthanlargebodiesofwater. Similarly,businessesproducemore
transactionswithsmallamountsthanwithlargeamounts.BenfordsLawpredictsthat
amountswillstartwiththedigit1moreoftenthan thedigit9,anditevenprovidesa
mathematicalformuladescribingthelawandpercentages.Thedigit1shouldshowup
about30percentofthetime,whilethedigit9shouldoccurlessthan5percentofthe
time.
Digitalanalysisisattractivebecauseitisdeeplynonintuitiveandintriguing,
simpleenoughtobedescribed(ifnotfullyexplained)eventothosewithoutanyformal
traininginmath(ChoandGaines,2007).Itcanberunondatawithlittleregardto
context.Forexample,whendatafrom acertainvendorareroutinelyoutsidetheexpected
percentages,furtherinvestigationisalmostalwayswarranted.
Theprimary limitationtoBenfordsLawisbusinessdatadonotalwaysfollow
naturalpatterns thereexistalargenumberofreasonsthattransactionsmaynotmatch
BenfordsLaw.Explanationslikerecurringfixedexpenses,unusualbusinesscycles,and
assignedamountsareoftenfound.Theauthorhastaughtdigitalanalysistothousandsof
professionalauditorsintenyearsofaskingparticipantsabouttheirsuccesswithdigital
analysis,onlythreeindividualshavereportedfindingfraudwithBenfordsLaw(others
havereportedthatdigitalanalysiscouldhavebeenusedtofindalreadydiscoveredfrauds,
buthindsightisnotprediction). Insomeways,theauditfieldmayhaveoverestimated
theusefulnessofdigitalanalysis.Butdespiteitslimitations,BenfordsLawremainsone
ofthemostpopulardataminingtechniquesforfraud.
2.2.2 OutlierDetection
Oneoftheprimarymethodsofdetectingfraudisdiscoveringdatavaluesthatare
outsidethenormalcourseofbusiness.Forexample,akickbackschememightbethe
reasonpurchasesfromonevendoraretwiceashighassimilarpurchasesfromanother
vendor.
Thesimplestmethodofoutlierdetectionisthestatisticalzscorecalculation.This
formula,givenas(valuemean)/standarddeviation,providesasimpleandcompact
methodofmeasuringoutliers.Thenumeratorshiftseachpointtoazerobasedscale,and
thedenominatoradjuststhedistributiontoastandarddeviationofone.Oncethedataare
transformedintothisstandardizedscale,generalizedstatementscanbemade.Inthe
authorsexperience,outlierscoresof5,8,oreven12areoftenfoundinrealworlddata.
Attimesthesemaybetheresultofnonnormaldistributions,buteveninthosecases,the
scoreprovidesanindicatortopotentialproblems.
Moreadvancedtechniqueshavebeenusedin specializedareas.Forexample,
creditcardfraudcanbediscoveredbyidentifyingtransactionsthroughbothunsupervised
andsupervisedlearning.BoltonandHand(2001)usedbehavioraloutlierdetectionwith
unsupervisedlearningtodetectabnormalspendingbehavioraswellasincreased
frequencyofuse.Othershaveusedregressionmodels,DiscreteGaussianExponential,
depthbasedtechniques,distancebasedtechniques,andanumberofothertechniquesto
identifyoutliers. TheseresearchstreamscanbefoundinAgyemang,et.al.(2005)and
Kou,et.al.(2004).
2.2.3 Trending
Inaddition tocomparingsameperiodnumbersfromdifferentvendors,
employees,orcustomers,fraudcanbediscoveredbycomparingnumbersovertime.
Becausealmostallperpetratorsaregreedy(Albrecht,2008),fraudincreases
exponentiallyovertime.Auditorscaneasilyspotanincreasingtrendonalinechart
computersarenotneededifonlyoneitemisbeingaudited(oneemployee,onevendor,
etc.).Theneedforautomationisduringtheinitialphaseofafraudinvestigation.If
auditorsdonotknowwhichitemisincreasing,theymustlookthroughthousandsof
graphstodeterminewhichitemrequiresadditionalinvestigation.Trendingmethods
allowthecomputertodeterminewhichtrendsareincreasingsotheauditorcanfocuson
thoseitems.
Oneofthemostbasicmethodsofdetermininganincreasingtrendislinear
regression.Oncethecomputerfitsalinetothedata, theslopeandgoodnessoffit
provideasimplemeasureoftrend.NonlinearregressionandBoxJenkinsanalysis
providemoreadvancedmethodsofmeasuringtrend. StatisticalpackageslikeSASand
SPSSprovidefulltrendingmodulesfortheinterestedauditor.
2.3 AdvancedStatisticalTechniques
Workhasbeendoneinstatisticalandcomputersciencefieldonadvanced
methodsforfrauddetection.ThesemethodsincludeBayesianNetworks,genetic
algorithms,statetransitionanalysis,rulematching,andclusteranalysis.SeeAgyemang,
et.al.(2005)andKou,et.al.(2004)foradetailedreviewoftheseandothermethods.
Thereadershouldnote,though,thatmostoftheseadvancedtechnicalmethodologiesare
notgenerallyusedintypicalbusinesssystems(suchaspayroll,sales,purchasing
databases).Theyaremostoftenusedinhighlyspecializedareaslikecreditcardfraud,
healthcareclaims,andvoterfraud.
2.4 Applications
Whileacademicoutletsgenerallypublishmethodologiesandtechniques,
professionalpublicationshighlightthecommonfraudorienteddataminingplatforms
(Nigrini,1999CoglitoreandMatson,2007 Lehman,2008 SecurityProcedure.com,
2008).ThemostpopularapplicationsaregeneralpurposeauditprogramslikeACLand
IDEA.Specializedfrauddetectionsoftwareismakinganentryintothemarket,with
fraudmodulereleasesfrombothACLandIDEA,fraudcomponentsinSASandSPSS,
andadedicatedfrauddetectionprograminPicalo.
2.5 FutureResearch
Inthepasttenyears,researchershavepublishedmanymethodsandtechniques
forfrauddetection.However,thesetechniquesareeithernotdevelopedsufficiently or
tootechnicalforthetypicalauditor.Researchontechniquesisneededintwoareas.
First,thefieldneedsabetterunderstandingofwhatsimpletechniquesforoutlier
detection,trending,linkanalysis,andfulltextanalysisareusefulforfrauddetection.To
date,onlyBenfordsLawhasseenwideuse,andwhileitisinteresting,itseffectiveness
foractuallyfindingfraudisnotwellprovenespeciallyondiscoveringfraudsthathave
nototherwisebeendiscoveredwithothertechniques.Second,alargebodyofadvanced
statisticalandcomputerscienceliteratureisavailable.Applicationofthesetechniquesto
thefraudareahasbeendoneinafewpapers,butsignificantworkstill remains. The
literatureprovideslittleclarityonwhichtechnologiescanbeusedtodiscoverfraud.
Bothempiricalandcasestudyresearchisneededtodeterminehowthesetechniquescan
besuccessfullyimplemented.
Beyondthetechniquesthemselves,auditorshavelittletrainingincomputer
programming,querylanguages,andstatistics.Inaddition,theydonothavesufficient
timetoperformthesealgorithmsintypicalaudits.Detectletsareonemethodofencasing
theknowledge,routine,andalgorithmintoawizardlikeinterface(Albrecht,2008).
Theymaybeabletosolveboththetrainingandtimeproblem.Developmentofdetectlets
oranothersolutionisneededbeforetheauditfieldcanrealizesuccesswiththese
advancedtechniques.Thisisaprimaryareathatinformationsystemsandtechnically
savvyaccountingresearcherscanaddvaluableknowledgetotheauditfield.
Itisoftensaidthatthepreparationofdataismoredifficultthantheanalysisofit.
Researchisneededintothebesttools,techniques,andmethodologiesthatauditorscan
usetopreparedataforanalysisfromsourcebusinessdatabases. Cutoffpoints,missing
values,abnormaltrends,andotherdifficultiesariseduringpreparation.Oneexciting
prospectistheautomaticconversionofdatabasesfromoneschematoanother(currently
beingworkedonindatabasecircles).Ifprogramscouldautomaticallyinterpretdatabase
columntypesandrelationships,theycouldtransformthedatabasefromanycompany
intoastandardschema.Algorithmswrittentothestandardschemacouldthenberunon
thestandardschemawithoutworryingaboutdifferencesbetweencompaniesand
locations. Thisconversioncouldbethebasisforanofftheshelf,frauddetection
solution.
Finally,manyauditorssimplydonotknowhowtoincorporatedatamininginto
theirwork. SoftwarecompanieslikeACLandIDEAprovideworkbooksthatcanbe
usedincourses,buttheseworkbookshavefewexamplesofdirectfrauddetection
especiallywithadvancedtechniques. Methodologieslikethehypothesistestingapproach
areafirststepin providingmethodologyresearch,butsignificantadditionalresearch
bothempiricalandfieldareneededtovalidateandextendtheexistingmethodologies.
Thesemethodologiescanthenbetaughtinuniversitycoursestofutureauditors.
3 FINANCIALSTATEMENTFRAUD
StatementonAuditingStandards(SAS)No.99,ConsiderationofFraudina
FinancialStatementAudit(AICPA2002),requiresauditorstoassesstheriskthatfraud
maymateriallymisstatefinancialstatements.DespiteSAS99beinganimportant
requirementtowardsincreasedfrauddetection,asurveybyMarczewskiandAkers
(2005)revealedthatCPAsdontanticipatethatSAS99willsubstantiallyincreaseaudit
effectiveness.AnotherstudyfoundthatwhileSAS99increasedauditorresponsibility,
mostauditorshaddifficultyidentifyingfraudanditsrisks(BeasleyandJenkins2003).
Notwithstandingthesedifficulties,failuretodetectfraudulentfinancialreporting
notonlyplacestheauditfirmatrisk,butalsoexposestheauditprofessiontoincreased
publicandgovernmentalcriticism.Cecchini,etal.(2006)presentevidencethatresearch
aidingauditorsinassessingtheriskofmaterialmisstatementduringtheplanningphase
ofanauditcanhelpreduceinstancesoffraudulentreporting.
3.1 RatioAnalysis
Traditionalmethodsforthedetectionoffinancialstatementfraud,suchasvertical
andhorizontalanalysis,tiplines,analysisofrelationshipsbetweenmanagementand
others,comparisonswithindustry,andanalyticalsymptoms,arewelldocumentedin
textbooks(Albrecht,et.al.,2009). Morerecently,researchhasfocusedonratioanalysis
forthedetectionoffinancialstatementfraud.
Ratioanalysisinvolvescalculatingbothtraditionalandnontraditionalfinancial
ratios,suchasaccrualstoassets,assetquality,assetturnover,dayssalesinreceivables,
deferredchargestoassets,depreciation,grossmargin,increaseinintangibles,inventory
growth,leverage,operatingperformancemargin,percentuncollectibles,salesgrowth,
SGEexpense,andworkingcapitalturnover.Sinceratiosstandardizefirmsforsizeand
otherfactors,onewouldexpectfirmswithinanindustrytofollowsimilartrends.
Earlystudiesusestatisticaltechniqueslikeprobitandlogisticregression,while
laterstudieshavebranchedouttoneuralnetworks,classificationschemes,andrule
ensembles.Studiesthatusebothinternalandexternaldatahaveprovenmoresuccessful,
butthegoalofmostoftheresearchistouseonlyexternallyavailabledataforanalysis
(limitingtheresearchtodataavailabletomoststakeholders). Areviewofmanyofthese
studiesfollows.
Inanexploratorystudy,Loebbecke,etal.(1989)refinedanearliermodeldevelopedby
LoebbeckeandWillingham(1988)using77fraudcasesandtestedthemappingsof
variousredflagstocreateclassificationsinthreemainareas:conditions,motivation,and
attitude.Theyfoundatleastonefactorfromeachareapresentin86percentofthefraud
cases.
Hansen,etal.(1996)developedageneralizedqualitativeresponsemodeltoanalyze
managementfraudusingthesetofcasesdevelopedfrominternalsourcesbyLoebbeke,et
al.(1989).Themodelwasinitiallytestedassumingsymmetricmisclassificationcosts
betweentwoclassesoffirms(fraudulentandnonfraudulent).Usingover20cross
validationtrialsoffivepercentholdoutcases,anoverall89.5percentpredictiveaccuracy
wasrealizedbutaccuracyinpredictingfraudwasonly62.8percent.Asecondmodel
adjustedforasymmetriccoststoreflectthegreaterimportanceofpredictingfraud.While
theoverallaccuracydroppedto85.3percenttheaccuracyinpredictingfraudulent
companiesincreasedto88.6percent.Thecorrespondingreductioninpredictionaccuracy
fornonfraudulentfirmswasfrom95.5percentto84.5percent.
GreenandChoi(1997)usedaneuralnetworktoclassifyalargesetoffraudulentand
nonfraudulentdata.Theresearchersusedfiveratios(allowancefordoubtfulaccounts/net
sales,allowancefordoubtfulaccounts/accountsreceivable,netsales/accountsreceivable,
grossmargin/netsales,andaccountsreceivable/totalassets)andthreeaccountvariables
(netsales,accountsreceivable,allowancefordoubtfulaccounts)toidentifyrisk.The
selectionofthesevariablesbiasedtheirresultstowardcertaintypesofrevenuefraudsbut
theirmethodshowedpotentialforneuralnetworksasfraudinvestigativeanddetection
tools.
Eining,etal.(1997)examinedhowthefollowingthreetypesofdecisionaidshelped
auditorsfindfraud:checklists,logisticregressionmodels,andexpertsystems.Theexpert
systemusedaredflagapproachtoidentifyhighriskareasandprovedtobethemost
effectiveofthethree.
SummersandSweeney(1998)investigatedtherelationshipbetweeninsidertrading
andfraudulentcompanies. Usinglogisticregression,aninitialmodelwasdeveloped
basedsolelyonfirmspecificfinancialdata.Overallpredictionaccuracywiththismodel
was60percent,with68percentaccuracyachievedinpredictingfraudulentcompanies.A
secondmodelthatincorporatedbothfirmspecificfinancialdataandinsidertrading
factorswasabletoimproveoverallclassificationaccuracyto67percent,with72percent
accuracyinpredictingfraudulentcompanies.
Beneish(1999)developedaprobitmodelandconsideredseveralquantitativefinancial
variablesforfrauddetection.Fiveoftheeightvariablesinvolvedyeartoyearvariations.
Thestudyconsidereddifferinglevelsofrelativeerrorcost.With40:1asymmetriccosts,
56percentofthemanipulatorswerecorrectlyidentifiedinaholdoutsample.Results
showedthattheDaysReceivableIndexandtheSalesGrowthIndexweremosteffective
inseparatingthemanipulatorsfromthenonmanipulators.Mostoftheratiosusedinour
researchwereadaptedfromthisstudy.
BellandCarcello(2000)constructedalogisticregressionmodeltopredictthe
likelihoodoffraudulentfinancialreporting.Thisanalysisreliedonriskfactorsidentified
asweakinternalcontrolenvironment,rapidcompanygrowth,inadequateorinconsistent
relativeprofitability,managementplacingundueemphasisonmeetingearnings
projections,managementlyingtotheauditorsorbeingoverlyevasive,theownership
status(publicvs.private)oftheentity,andaninteractiontermbetweenaweakcontrol
environmentandanaggressivemanagementattitudetowardfinancialreporting.The
modelwastestedonthesamesampleof77fraudengagementsand305nonfraud
engagementsusedbyHansen,etal.(1996).Fraudwaspredictedwith81percent
accuracy,andnonfraudwasdetectedwith86percentaccuracy.Themodelscoredbetter
thanauditingprofessionalsinthedetectionoffraudandperformedaswellasaudit
professionalsinpredictingnonfraudoutcomes.
Morerecently,researchhasfocusedonratioanalysiswithmoreadvanced
statisticalandcomputersciencemethodsorwithmoreratios.GroveandCook(2004)
testtheviabilityofnewratiosasredflags.Foradetailedreviewofstatisticaltechniques
usedtoanalyzeratios,seePhua,et.al.(2005)andKirkos,et.al.(2007).
3.2 FutureResearch
Comparingfinancialratiosbetweencompanies,industries,andgeneratedmodels
stillrequiresmuchresearch.Todate,themostsuccessfultechniques(usingexternaldata
andholdoutsthroughtheentirelearningprocess)haveachievedonly70percentsuccess.
Since50percentsuccesscanbeachievedwithrandomguessing,moreresearchisneeded
toimprovethemodels.
Severalpotentialareasofimprovementshouldbenoted.First,traditional
financialratios(likeassetturnoveranddayssalesinreceivables)havebeenusedto
differentiatefraudfromnonfraudfirms.Researchintothedevelopmentofnewfraud
specificratiosmightprovideinsightintoformulasthataremoresuccessfulatdetecting
fraud.
Second,mostresearchhascomparedknownfraudfirmsagainstasimilarfirm.
Whatdefinessimilar?Shouldthepairedfirmbeselectedbasedonsimilarrevenues,
profits,assets,orliabilities?Canindustrymodelsbecreatedthatbetterapproximatethe
industry(andcreateabetterpairedfirm)?
Third,thecorrecttimeframeofcomparisonneedsresearch.Isitsufficientto
analyzedatafor5years,ordolongerorshortertermsmakesense? Shouldyearlyor
quarterlyreportsbeused?Thedeterminationofwheretheanomaliesarefoundin
externaldatahasseenconsiderableresearch,butitisstill notwellunderstood.
Fourth,mostresearchonratioanalysisdoesnotapproximatetherealworld.Most
researchmakesonetoonecomparisons,essentiallyassumingthat50percentoffirmsare
fraudulent. Inreality,fraudulentfirmsareprobablylessthanafewpercentofthetotal
numberoffirmsthatreportfinancial statements.Thisdifferencebecomesimportantin
learningalgorithms.Also,thecostsassociatedwithType1andType2errorsmustbe
factoredintomany algorithms.Thecostofmissinganexistingfraudisgenerally
regardedasmuchhigherthanrejectingapotentialclientbecauseitmightbefraudulent
(but,inreality,wasnot),yetmostresearchsimplyassumesa50/50cost.
Finally,whileratioanalysisisthecurrentfocus,entirelydifferentstreamsmay
providebetterresults.Exploratoryresearchintonewmethodsofcombiningpublicly
availablecompanyinformationcouldproveeffective.Intheend,researchmayshowthat
financialstatementsaresimplytoosummarizedforeffectivedataminingforfraud.
However,financialprofessionals,shareholders,andindeed,theentireauditprofession
wouldbeforeverchangedifcomputerbasedresearchproducedareliableandrepeatable
methodofdiscoveringfraudinfinancialstatements.
4 EXTERNALINFORMATIONSOURCES
Inrecentyears,astorehouseofpubliclyavailabledatahasbecomeavailableon
theInternet.Priortothe1990s,investigatorswantingpublicinformationhadtosearch
through recordsatcourthouses,libraries,universities,andpublicrecordsoffices.Many
times,theserecordswereinpaperform,andevenwhentheywereelectronic,thetask
wasdauntingtomostinvestigators.Indeed,searchingeachcountrycourthouseinTexas
meanttravelingthroughthestatetovisitatleast254locations!
CompanieslikeLexisNexishavelongcollectednewsarticles,legaldocuments,
andotherinformation.However,the1990ssawanexplosionofinformationcollecting
bycompanieslikeChoicePoint,Accurint,andLexisNexis.Whiletheinformationhad
alwaysbeenpublic,bringingittogetherintooneplacerepresentedaleapforwardinits
accessibilityitbroughtexternalinformationsearchingintothecomputerorientedfraud
detectionarea.
Searchingforexternalinformation onpeopleandcompaniesbecomesimportant
inatleasttwoareas.First,investigationsthathaveidentifiedkeyindividualscansearch
publicrecordsforinformationonthoseindividuals.Theseindividualsarenormally
identifiedthroughinternaldataminingefforts,anonymoustips,orothermethods.
Second,regulationslikeSarbanesOxleyrequirethatauditorspaycloseattentiontotop
levelmanagement.Externalinformationcanbeusefulindeterminingintoplevel
managementarespendingexcessivelyorotherwiseengaginginactivitiesthatcause
concern.
4.1 AvailableInformation
Fewacademicpapersexistontheavailabilityofexternalinformation.Because
theinformationispublishedbyprivatecompaniesthatcollectthepublicinformationinto
onlinedatabases,professionaloutletsgenerallycarryinformationonproductandcontent
availability(Frost,2004 Cameron,2001). Booksandtextbooksalsoprovidelinksto
websiteswithinformation(Tyberski,2004Albrecht,et.al.,2009).
Thefollowingisasamplingoftheavailableinformationforinvestigatorsonthese
websites.Seetheabovereferencesforafulltreatmentofthesubject.
Incorporationrecords
Propertyandotherassetrecords
Civillawsuits
Criminalrecords
Taxliens
Civiljudgmentrecords
Bankruptcyfilings
Homevalues,loans,neighborcontactinformation
Newsarticles,currentevents
TheinformationstorehouseslikeChoicePointarenottheonlysourceofonline
information.Mapping,satellitephotos,birdseyeviews,andentirestreetviewsare
availablefromGoogleandMicrosoft.DeepwebsearchengineslikeCompletePlanetand
DeepDyveprovideonestopsearchingforsitesthatnormallyrequirelogins(andarethus
notincludedintraditionalsearchengines). Other,specializedservicesexistformost
informationneeds.
4.2 PrivacyIssues
Oneareathathasseenconsiderableresearchistheprivacyissuesraisedbythese
newwebsites.Thenewinformationwebsitesarenotprovidinganyinformationthathad
notbeenpreviouslyavailable.However,bybothbringingtheinformationtogetherinto
oneplaceandbydigitizingpaperrecords,theinformationissignificantlymoreavailable
to thepublic.Inaddition,techniqueslikelinkanalysisandcorrelationscanbedoneon
therecords,effectivelycreatinginformationthatwasnotpreviouslyavailable.Many
worryaboutthesignificantlossofprivacythathasoccurredinrecentdecades(Black,
2002Paletta,2005Lovett, 1955). Complicatingmattersisthefactthatdifferentstates
disagreeabouttheonlineaccesstocourtrecords,makinglegislationdifficult(Swartz,
2004).
Forexample,whenGooglereleasedstreetviewatoolwhichprovidespictoral
viewsofmoststreetsintheUSAtheUSmilitaryaskedittoremoveallpictureswithin
afewmilesofitsbases(TechnologyExpert,2008).Websiteslike
GoogleSightseeing.com(notaffiliatedwithGoogle)publishthemostinteresting,popular,
andsometimesembarrassingandintrusivepicturestakenbyGooglecameras. In2008,
Googlelaunchedasatellitecapableoftakingpicturesatresolutionspreviouslyunknown
toprivateentities(Jones,2008). Finally,GoogleDocs,Gmail,andothercloudbased
servicesgiveincreasingamountsofdatatoasinglecompany. Whilethispaperisnot
proposingaconspiracytheory ortryingtodiscouragetheuseofGoogleservices,the
companyservesasanexampleof thepotentialprivacyconcernsthatisoccurringwithin
privatecompaniesandgovernments. Bothacademicresearchersandprofessionalsare
concernedwiththelossofprivacynewtechnologiesbring(Stafford,2005Samborn,
2002).
Highlightingtherisksofcompilingtoomuchinformationintooneplaceisthe
highlypublicizedChoicePointbreach.In2005,hackersgrabbeddataon163,000
individualsfromChoicePointsdatabases(Swartz,2007Freeman,2006).Whilethe
ChoicePointhackingwasextremelyserious,itiscertainlynottheonlysignificantbreach
successfulhackingattemptsarereportedweekly inthepopularmedia.
4.3 FutureResearch
Littleacademicresearchhasbeendoneonexternalinformationgathering.Most
neededismethodologiesforsearching,compiling,andusingthesedatainfraud
investigations.Mostsourcesonlylisttheavailablesourcesmorestructuredwaysof
workingwiththesedataareneeded.Thesemethodologiescanbeincludedintextbooks
anduniversitycourses.
Therehasbeensomeworkdoneonprivacyissues,especiallybythelawfield.
However,moreresearchisneededonhowtoregulatedataproviders,howtokeep
informationsafe,andwherethelinesofprivacyshouldbedrawn. Asthesewebsites
continuetheirmovetointernationaldata,differencesincountrypoliciesandcultureswill
becomeimportantresearchtopics.
5 COMPUTERFORENSICS
Today,almosteveryfinancialfraudincorporatestheuseofacomputer,whether
thefraudisfalsifyinginvoicesorelectronicmoneylaundering(Smith,2005).Inthecase
offinancialstatementfraud,entriesprobablyexistaselectronicjournalentries,login
recordsfoundinlogfiles,andelectroniccorrespondencebetweeninvolvedindividuals.
Inrecentyears,auditorsfindthemselvesincreasinglyinvolvedinevidencecollection
throughcomputerforensics.
Asitpertainstofrauddetection,computerforensicsistheprocessofimagingdata
forsafekeepingandthensearchingclonedcopiesforevidence(Gavish,2007Dixon,
2005). Perhapsthemostcommon exampleisseizingthecomputerof asuspectfor
analysis. Ingainingaccesstoorauditingthedataonadigitaldevice,computerforensics
canalsoinvolvewhitehat(legal)hacking,passwordandencryptioncracking,key
logging,digital surveillance,andintrusiondetection.
Arguablythemostcommonformofelectronicevidenceisemailcorrespondence.
Whenanindividual sendsanemail,acopyisnormallykeptinatleastfourplaces:onhis
orherworkstation,onthesendingmailserver,onthereceivingmailserver,andonthe
recipientscomputer.Computerforensicsonanylocationshouldprovidethefulltextof
theemail,includinganyattachments.
5.1 ToolsoftheTrade
Aswithexternaldatasources,mostofthewritteninformationaboutcomputer
forensicsiscontainedintextbooksandprofessionaloutlets.Thetwoleadingproducts,
EnCaseandFTK(describedbelow),arematuresoftwaresuites.Bothsoftware
companiesprovidecomprehensivetrainingonforensicsoftwareandtechniques.
Academicoutletsaregenerallyreservedforencryptioncrackingalgorithms,
steganography,hacking,operatingsystemweaknesses,andprotocols.Whiletheseideas
maybeusefulinsomeforensicaudits,theyarebeyondthescopeofthispaper.Theycan
befoundincomputerscience,mathematics,andstatisticalliterature.
5.1.1 ForensicSuites
ThetwoleadingsoftwarepackagesareEnCasebyGuidanceSoftwareandthe
ForensicToolkit(FTK)byAccessData(Kuchta,2001).Thesesuitesprovideshorter
learningcurvesthanprevioussinglepurposeutilitiesandbringagreaternumberof
professionalstothefieldmorequickly.Bothpackagesprovidetaskorientedprocesses
forsecuringandcloningtheharddrive,calculatingmd5 or shachecksums,searchingfor
graphics,andkeywordsearch.
Inrecentyears,Linuxbasedtoolshavebecomepopularasfreealternativestothe
traditionalsuites.Helix,thePenguinSleuth,andSecurityToolsDistributionareLinux
distributionsthatrundirectlyfrom CD,providingcleanenvironmentsforsearchinga
computerwithouttheneedforcloning(Causey,2005).Thesetoolsbootasuspect
computerdirectlytoLinuxandmounttheuserharddrivesinreadonlymode,essentially
bypassingmostpasswordsandsecurityprotections.WhileLinuxbasedtoolsaremore
difficulttouseanddonothavethesameprecedentincourtasEnCaseandFTK,they
havebecomepopularwithsomeauditors.
Morespecializedtoolsusuallygearedtoasinglepurposelikepassword
crackingorfileundeletingareavailable(Kuchta,2001).Thesetoolsmakeupthe
toolkitofaforensicinvestigator.Mostauditorsonlyneedtounderstandthegeneral
categoriestoeffectivelyworkwithdedicatedforensicpersonnel.
Forensicinvestigatorsgenerallylookforinformationinthefollowingareas:
Officesuitefilesincomputerdirectories
Graphicsindirectoriesandinthebrowsercache
Email,instantmessaginglogs,andothercomputerbasedcommunications.
Cellphonetextmessagelogsandcallrecords.
Memoryanddiskcaches
Deletedspaceonharddrives
OtherdigitaldeviceslikeUSBflashdrives
5.2 Methodologies
Beyondthetrainingprovidedbysoftwarecompanies,someacademicshave
researchedmethodologiesandtechniquesforcomputerforensics.Inparticular,Waldrup,
et.al.(2004)proposedageneralizedfivestepprocessforadefensibleforensic
accountingprocess. Theystatetheirprocessisdefensibleincourtandrobustfroma
technicalstandpoint.
Smith(2005)researchedtherelationshipbetweentheuseofdigitaldataby
auditorsandcomputerforensicspecialists.Byfocusingontherolesofthetwo
individuals,Smithinvestigatedhowcollectingdigitalevidencecanbenefitfraudoriented
audits.
Linkanalysisisamethodologythatanalyzeslinksbetweendatafoundindata
mining,fromexternalsources,andduringforensicinvestigations. Someresearchersare
investigatinghowlinkanalysiscanbeeffectivelyusedtocorrelatecomplexevidencein
forensicaccountingcases(Kovalerchuk,et.al.2007).
5.3 FutureResearch
Whilesignificantresearchhasbeendoneonindividualforensictechniquesinthe
computerscienceandmathematicsfields,additionalresearchisneededtoapplythese
techniquestotheforensicaccountingfield.Mostauditorsdonothavethebackground
neededtounderstandhowtoapplyrigorousforensicalgorithmsiftechniquesarenot
includedinEnCaseorFTK,theyarenotgenerallyavailabletothefield.Academicswith
thisknowledgecouldbringadditionaltechniquestotheaccountingfield.
Ascanbeseeninthemethodologysectionabove,onlypreliminaryworkhasbeen
doneincreatingrobust,researchedmethodologiesforforensicauditors.Theproposed
methodologiesneedtobevalidatedandtested,andnewmethodologiesshouldbe
proposed.
Theproliferationofdatacapabledevicespresentsnewopportunitiesforthe
applicationofforensicsresearch.Deviceslikecellphones,iPodsandotherMP3players,
digital cameras,PDAs,USBkey fobs,externalharddrives,andevenwritinginstruments
withembeddedstoragearepotentialforensicsearchpoints.Forexample,therelatively
largeharddriveintodaysiPodsdespitetheirinnocuousandubiquitousnaturehas
surelybeenusedtostealdataorsensitiveinformationfromcompaniesandindividuals.
Asthistrendcontinues,regulation,privacy,andprotectionwillbecomeincreasingly
importantissues.Inaddition,theincreasingavailabilityofcloud(internet)storageand
backuppresentsnewopportunitiesforforensicauditors.
Finally,forensicauditingisarelativelynewfield.Researchintohowforensics
shouldbeincludedinaccountingcurriculawouldbeuseful.Fewteachersknowwhich
topicsshouldbetaughttoaccountingstudentsandwhichshouldbelefttoinformation
systemsorcomputerscienceclassrooms.Indeed,ifdedicatedfraudcoursesareonlynow
enteringthecurriculumofuniversityprograms,computerforensicsforaccounting
majorsifresearchshowsthatsuchathingshouldbedoneisrelativelyunknown.
6 CONCLUSION
Computeraidedfrauddetectionisanew,excitingfieldforaccounting
researchers.Topicslikedataminingtechniques,ratioanalysisforthedetectionof
financialstatementfraud,issuessurroundingexternalinformationsources,andcomputer
forensicsbringopportunitiesforrobustresearchandforcollaborationbetween
accountingfacultyandinformationsystems,legal,computerscience,mathematics,and
otherresearchers.
Currently,theresearchisspreadacrossawidevarietyofjournals,fromauditing
toinformationsystemstoinvestigativeoutlets.Thegoalofthispaperistointroduce
whatisknownabouteachtopicandproposeneededareasofstudyitisnotmeanttobea
comprehensiveliteraturereviewoneachtopic,butitreferencesotherreviewswhere
possible.
7 REFERENCES
ACFE(2008).2008ReporttotheNation.TheAssociationof CertifiedFraudExaminers.
Agyemang,M.,Barker,K.,&Alhajj,R.(2006).Acomprehensivesurveyofnumericand
symbolicoutlierminingtechniques.IntelligentDataAnalysis,10,521538.
AICPA(2002).SASNo.99:ConsiderationofFraudinaFinancialStatementAudit
Summary.
Albrecht,C.C.,Albrecht,W.S.,&Dunn,J.G.(2000).ConductingaProActiveFraud
Audit:ACaseStudy.JournalofForensicAccounting,II,203218.
Albrecht,C.C.(2008).Detectlets:ANewApproachtoFraudDetection.InEuropean
AcademyofManagementatLjubljana,Slovenia.
Albrecht,W.S.,&Albrecht,C.C.(2002).RootOutFinancialDeception.Journalof
Accountancy,3033.
Albrecht,W.S.,Albrecht,C.,&Albrecht,C.C.(2008).CurrentTrendsinFraudandits
Detection.InformationSecurityJournal:AGlobalPerspective,17(1).
Albrecht,W.S.,Albrecht,C.C.,Albrecht,C.O.,&Zimbelman,M.(2009).Fraud
Examination(3).SouthWesternCengageLearning.
Beasley,M.S.,&Jenkins,J.G.(2003).TheRelationof InformationTechnologyand
FinancialStatementFraud.JournalofForensicAccounting,4,217232.
Bell,T.B.,&Carcello,J.V.(2000).ResearchNotes,Adecisionaidforassessingthe
likelihoodoffraudulentfinancialreporting.Auditing:AJournalof Theoryand
Practice,19(1),169175.
Benish,M.(1999).TheDetectionofEarningsManipulation.FinancialAnalystsJournal,
55,2436.
Black,J.(2002).PublicRecordsinPublicViewOnline?.BusinessWeekOnline.
Bolton,R.J.,&Hand,D.J.(2001).Unsupervisedprofilingmethodforfrauddetection.
InConferenceofCreditScoringandCreditControlVII,Edinburgh,UK.
Busta,B.(1998).RandyWeinberg.UsingBenford'slawandneuralnetworksasareview
procedure,13(6),356366.
Cameron,P.(2001). YouCan'tHidefromAccurint.LawTechnologyNews,8(9).
Causey,B.(2005).HowToRespondToAttacks.CertificationMagazine.
Cecchini,M.,Aytug,H.,Koehler,G.,&Pathak,P.(2005).DetectingManagementFraud
inPublicCompanies.UniversityofFloridaFisherSchoolofBusiness.
Cho,W.K.T.,&Gaines,B.J.(2007).Breakingthe(Benford)Law:StatisticalFraud
DetectioninCampaignFinance.TheAmericanStatistician,61(3),218223.
Coglitore,F.J.,&Matson,D.M.(2007).TheUseofComputerAssistedAuditing
TechniquesintheAuditCourse:FurtherEvidence.JournalofForensic
Accounting,VIII,201226.
DailyTarHeel(2007).ReportonSocialSecurityNumberFraud.UniversityofNorth
CarolinaatChapelHill,April26.
Dixon,P.D.(2005).An overviewofcomputerforensics.IEEEPotentials,24(5),710.
Eining,M.M.,Jones,D.R.,&Loebbecke,J.K.(1997).RelianceonDecisionAids:An
ExaminationofAuditors'AssessmentofManagementFraud.Auditing:AJournal
ofTheoryandPractice,16(2).
Freeman,E.H.(2006).DisclosureofInformationTheft:TheChoicePointSecurity
Breach.InformationSystemsSecurity,1115.
Frost,M.(2004).FindingSkeletonsinOnlineClosets.Searcher,12(6),5460.
Gavish,A.(2007).TheHiddenCostsofComputerMisconduct.Security.
Green,B.P.,&Choi,J.H.(1997).AssessingtheRiskofManagementFraudThrough
NeuralNetowrkTechnology.Auditing:AJournalofTheoryandPractice,16(1).
Grove,H.,&Cook,T.(2004).LessonsforAuditors:QuantitativeandQualitativeRed
Flags.JournalofForensicAccounting,V,131146.
Hansen,J.,McDonald,J.,Messier,W.,&Bell,T.(1996).AGeneralizedQualitative
ResponseModelandtheAnalysisofManagementFraud.ManagementScience,
42,10221033.
Heel,D.T.(2007).ReportonSocialSecurityNumberFraud.UniversityofNorth
CarolinaatChapelHill.
Hermanson,D.R.,Moran,B.,Rossie,C.S.,&Wolfe,D.T.(2006).Continuous
MonitoringofTransactionstoReduceFraud,Misuse,andErrors.Journalof
ForensicAccounting,VII,1730.
Hill,T.P.(1995).AStatisticalDerivationoftheSignificantDigitLaw.Statistical
Science,10,354363.
Jones,M.W.(2008).DoesGoogleHaveItsGeoEyeOnYou. .Electronicdocument,
http://tech.blorge.com/Structure:%20/2008/10/10/doesgooglehaveitsgeoeye
onyou/,accessed.
Kirkos,E.,Spathis,C.,&Manolopoulos,Y.(2007).Dataminingforthedetectionof
fraudulentfinancialstatements.ExpertSystemswithApplications,23.
Kou,Y.,Lu,C.,&Sirwongwattana,S.(2004).SurveyofFraudDetectionTechniques.In
2004InternationalConferenceonNetworking,Sensing,andControl(pp.749
754).
Kovalerchuk,B.,Vityaev,E.,&Holtfreter,R.(2007).Correlation ofComplexEvidence
inForensicAccountingUsingDataMining.JournalofForensicAccounting,VIII,
5388.
Kuchta,K.J.(2001).YourComputerForensicToolkit.InformationSystemsSecurity.
Lamoreaux,M.(2007).InternalAuditorUsedComputerTooltoDetectWorldCom
Fraud.JournalofAccountancy,35.
Lehman,M.W.(2008).JointheHunt.JournalofAccountancy,4649.
Loebbecke,J.,Eining,M.,&Willingham,J.(1989).Auditors'ExperiencewithMaterial
Irregularities:Frequency,Nature,andDetectability.Auditing:AJournalof
TheoryandPractice,9,128.
Loebbecke,J.K.,&J.J.Willingham,J.(1988).ReviewofSECAccountingand
AuditingEnforcementReleases.UniversityofUtah.
Loftus,J.T.,&Vermeer,T.E.(2003).ProActiveFraudAuditing:Technology,Fraud
Auditing,andLiquor.JournalofForensicAccounting,IV,307310.
Lovett,R.W.(1955).LookingAround.HarvardBusinessReview.
Marczewski,D.,&Akers,M.(2005).CPA'sPerceptionsoftheImpactofSAS99.CPA
Journal,75,3840.
Nigrini,M.J.(1999).I'veGotYourNumber.JournalofAccountancy.
Nigrini,M.J.(2000).DigitalanalysisusingBenford'sLaw.GlobalAuditPublications.
Paletta,D.(2005).RegulatingChoicePoint:WhoseJobIsIt,Anyway?.American
Banker.
Phua,C.,Lee,V.,Smith,K.,&Gaylor,R.(2005).Acomprehensivesurveyofdata
miningbasedfrauddetectionresearch.WorkingPaper.
Procedure,S.(2008).RetrievedNovember17,2008from
http://www.securityprocedure.com/downloadpicaloopensourcealternativeacl
audit.
Rezaee,Z.,Sharbatoghlie,A.,Elam,R.,&McMickle,P.L.(2002).Continuous
Auditing:BuildingAutomatedAuditingCapability.Auditing:AJournalof
TheoryandPractice,21(1).
Samborn,H.V.(2002).NoPlaceToHide.ABAJournal.
Smith,G.S.(2000).BlackTechForensics:CollectionandControlofElectronic
Evidence.JournalofForensicAccounting,I,283290.
Smith,G.S.(2005).ComputerForensics:HelpingtoAchievetheAuditor'sFraud
Mission.JournalofForensicAccounting,VI,119=134.
Stafford,A.(2005).InformationBrokers:PrivacyInPeril.PCWorld,101104.
Summers,S.L.,&Sweeny,J.T.(1998).FraudulentlyMisstatedFinancialStatements
andInsiderTrading:AnEmpiricalAnalysis.TheAccountingReview,73(1),131
146.
Swartz,N.(2004).U.S.StatesDisagreeAboutOnlineAccesstoCourtRecords.
InformationManagementJournal,11.
TechnologyExpert(2008).Google'sStreetView"OfftheMap"atU.S.MilitaryBases.
RetrievedNovember17from http://technologyexpert.blogspot.com
/2008/03/googlestreetviewoffmapatus.html.
Tyburski,G.(2004).IntroductiontoOnlineLegal,Regulatory,andIntellectualProperty
Research.SouthWesternEducationalPub.
Waldrup,B.,Capriotti,K.,&Anderson,S.C.(2004).ForensicAccountingTechniques:
ADefensibleInvestigatoryProcessforLitigationPurposes.JournalofForensic
Accounting,V,116.
Wells,J.T.(2002).OccupationalFraud:TheAuditasDeterrent.JournalofAccountancy.