August 1999

AUDITING

COMPUTER-ASSISTED TECHNIQUES FOR FRAUD DETECTION

By David Coderre

Computer technology gives auditors a new set of techniques for examining the automated

business environment. In fact, the detection of fraud is a perfect application for computer-assisted
audit tools and techniques (CAATTs).

As early as 1982 CAATTs was a powerful audit tool for detecting financial errors. In recent years,
analytical techniques have become not only more powerful but also more widely used by
auditors. But it is only in the last 10 years that the use of computer-assisted tools and auditing
techniques has become standard practice. Audit software permits auditors to obtain a quick
overview of the business operations and drill down into the details of specific areas of interest.
The audit program can also be extended to perform a 100% verification of certain transactions
and a recalculation of important ratios and figures.

Audit software can highlight those individual transactions that contain characteristics often
associated with fraudulent activity. With audit software, millions of files can be examined, previous
years' data can be used to identify anomalies, and comparisons can be made between different
locations. Also, computer-based data analysis tools can prove invaluable when addressing
suspected fraud situations.

The techniques and types of data interrogations in modern audit software are almost unlimited.
For example, audit software has many commands that support the auditor's requirement to
review transactions for fraud such as the existence of duplicate transactions, missing
transactions, and anomalies. Some examples of these commands include--

* comparing employee addresses with vendor addresses to identify employees that are also
vendors;

* searching for duplicate check numbers to find photocopies of company checks;

* searching for vendors with post office boxes for addresses;

* analyzing the sequence of all transactions to identify missing checks or invoices;

* identifying vendors with more than one vendor code or more than one mailing address;
* finding several vendors with the same mailing address; and

* sorting payments by amount to identify transactions that fall just under financial control on
contract limits.

Audit software can be used to interrogate a company's data files and identify data patterns
associated with fraud. Patterns such as negative entries in inventory received fields, voided
transactions followed by "No Sale," or a high percentage of returned items may indicate
fraudulent activity. Auditors can use these data patterns to develop a "fraud profile" early in their
review of operations. The patterns can function as auditor-specified criteria; and transactions
fitting the fraud profile can trigger auditor reviews. Systems can even be built to monitor
transactions on an ongoing basis. Continuous monitoring is a proactive approach to the early
detection of fraud.

Computerized techniques and interactive software can help auditors focus their efforts on the
areas of greatest risk. Auditors can choose to exclude low risk transactions from their review and
to focus on those transactions that contain a higher probability of fraud.

Audit software also provides auditors with the ability to extract information from several files, with
different database management systems, in order to search for underlying patterns or
relationships among data. For example, reviewing data from the accounts payable and the
contracting databases may reveal a concentration of contracts with one vendor all initiated by the
same contracting officer, leading to concerns about possible kickbacks.

Today's audit software makes "what if" analysis easy to formulate and perform. Auditors can form
an initial hypothesis, test that hypothesis, and revise it as necessary based on the results of
interactive analyses.

Computerized techniques can assist the auditor in identifying symptoms early in the life of a
fraud. This will serve to reduce the negative impact of many frauds--before millions of dollars are
lost or goodwill is destroyed. Automated routines that monitor key symptoms and track trends can
be a major deterrent of fraud, preventing some fraudulent activities and identifying fraud almost
as soon as it occurs.

Fraud Detection Using Digital Analysis

A growing area of fraud prevention and detection involves the examination of patterns in data.
The rationale is that unexpected patterns can be symptoms of fraud. A simple example of the
application of this technique is a search for duplicate transactions, such as identical invoice or
vendor numbers for the same amount.

The existence of duplicates would be an unexpected pattern in the data and indicate possible
fraud.

Another simple digital analysis technique is to search for invoices with even dollar amounts, such
as $200.00 or $5,000.00. The existence of particular even amounts may be a symptom of fraud
and should be examined.

Case Study: Even Amounts

Travel expenses had always been a concern for the auditors of X Company since it was an area
where the controls were weak. Employees had a maximum per diem rate when traveling but had
to submit receipts to cover the actual expenses. Maximums were also established for meals:
breakfast $10.00, lunch $20.00, dinner $30.00, and hotel lodging $100.00. The auditors
configured the audit software to identify meal expenses that were multiples of $10.00. These
transactions were compared to receipts to ensure that the amounts expensed were appropriate. A
detailed review determined that many travelers were charging the maximum rates for meals even
though their receipts did not justify the amounts.

Ratio Analysis

Another useful fraud detection technique is the calculation of data analysis ratios for key numeric
fields. Like financial ratios that give indications of the financial health of a company, data analysis
ratios report on the fraud health by identifying possible symptoms of fraud. Three commonly
employed ratios are--

* the ratio of the highest value to the lowest value (max/min);

* the ratio of the highest value to the second highest value (max/max2); and

* the ratio of the current year to the previous year.

For example, auditors concerned about prices customers were being charged for products could
calculate the ratio of the maximum sales price to the minimum sales price for each product. If the
ratio is close to 1.0, they can be sure that there is little variance between the highest and lowest
prices charged to customers. However, if the ratio is large this could indicate that a customer was
being charged too much or too little for the product.

In Exhibit 1, there is a large difference between the minimum and maximum prices of Product 1
(ratio of 1.85); whereas there is a small variance in the prices of Product 2 (ratio of 1.01). The
auditor may wish to examine the transactions for the customers charged $235 and $127 for
Product 1 to ensure the proper pricing was used.

The ratio of the maximum value to the second highest value can also highlight possible frauds. In
Exhibit 2, the large ratio for purchases made by XYZ Corp. could indicate an anomaly in the data.

A large ratio indicates that the maximum value is significantly larger than the second highest
value. Companies with max/max2 ratios of 5.0 or higher would be of interest to auditors and fraud
examiners because they represent a significant deviation from the norm. This is particularly true if
a company has a large number of transactions within a small dollar range, except for the
maximum amount. For example, a suspicious pattern would be 100 transactions, 99 of which are
between $1,000 and $2,000, with the highest at $12,000 (a max/max2 ratio of 6.0).

Case Study: Doctored Bills

The auditors reviewed the patient billing system at Company Y to determine if the appropriate
charges were being assessed by health care providers. An initial analysis of the data was
performed to calculate the ratio of the highest and lowest charges for each procedure. A judgment
was made that procedures with a max/min ratio of greater than 1.30 be noted and subjected to
additional review.

For a particular quarter, three procedures had ratios higher than 1.30, the highest being 1.42. A
filter was used to identify the records related to the three procedures in question, and additional
analysis was performed. This quickly determined that one doctor was charging significantly more
than the other doctors for the same procedures. A comparison of charges from the billing system
with payments in the accounts receivable system revealed that the doctor was skimming off the
patient payments. The amount recorded in the receivable system was in line with the usual billing
amount for the procedures. The doctor was unable to justify the higher prices or explain the
difference in the billing and the receivable systems.

The third ratio compares data from different years, departments or operating areas, and the like.
For example, the ratio of last year's purchases to current year's purchases for each supplier can
point to symptoms of fraud such as kickbacks in the contracting section. If the total purchases
from a supplier has gone from $100,000 to $400,000--a ratio of 4.0--further analysis may be in
order.

Case Study: Contracting Kickbacks

Johnathan, one of the contracting officers, had devised a great win/win kickback scheme. The
auditors decided to use digital analysis as part of their review of the contracting section. One of
the analyses calculated the total contract amount by supplier for each of the past two years. A
ratio of current year to previous year was calculated and the minimum, maximum, average, and
highest and lowest five ratios were displayed. While the average was close to 1.0, the highest
and lowest five values showed that some companies had significant decreases in business, while
others had experienced significant increases in business.

The auditors reviewed the details of all companies that had a ratio of less than 0.7 or more than
1.30. Totals were calculated by a contracting officer. For companies with an increase in business,
the results revealed that Johnathan had raised many of the contracts. In comparison, Johnathan
had raised no contracts with the companies that had seen a decrease in business. The auditors
learned of Johnathan's kickback scheme when they interviewed salesmen from the companies
that had ratios less than 0.7. Interviews with salesmen from the firms that had increased sales by
1.30 or more added credence to the fraud accusations. Both groups of salesmen said that they
were told they would only get business if they paid Johnathan a kickback.

Benford's Law

More advanced techniques take data analysis to another level, examining the actual frequency of
the digits in the data. Benford's Law, developed by Frank Benford in the 1920s, predicts the
occurrence of digits in data. Benford's Law concludes that the first digit in a large population of
transactions (10,000 plus) will most often be a 1. Less frequently will the first digit be a 2; even
less frequently a 3. Benford calculated the occurrence of each numeral appearing as the first digit
and found that it decreased inversely with its value. As seen in Exhibit 3, the first digit will be a 1
about 30% of the time, whereas 9 only has an expected frequency of about five percent as the
first digit.

Benford's Law calculates the expected frequencies (rounded to three decimal places) for first and
second digits as shown in Exhibit 3.

However, not all data will have distributions as predicted by Benford's Law. Sometimes there is
valid rationale for certain numbers occurring more frequently than expected. For example, if a
company sends a large amount of correspondence via courier, and the cost is a standard rate
($6.12) for sending a package of under one pound, then the first digit (6) or the first two digits (61)
may occur more often than predicted by Benford's Law. Guidelines for determining whether the
data will comply to Benford's Law include the following:

* There should be no set maximum or minimum,

* There should be no price break points (e.g., a $6.12 standard rate for all packages under one
pound), and
* The numbers should not be assigned (i.e., policy numbers or Social Security numbers).

Given Benford's Law, we would expect that valid, unaltered data will follow the predicted
frequencies. Data that meets the above criteria but fails to follow the expected frequencies may
include fraudulent items.

An analysis of the frequency distribution of the first or second digits can detect abnormal patterns
in the data and may identify possible fraud. An even more focused test can be used to examine
the frequency distribution of the first two digits (FTD). The formula for the expected frequencies
is:

Expected FTD Frequency = log(1+1/FTD)

Therefore, the expected frequency of 13 is log(1+1/13). The expected frequencies range from
0.041 for 10, to 0.004 for 99.

Some audit software programs can be used to determine the frequency distribution for first digits,
first two digits, and second digits.

Case Study: Signing Authority

The auditors for Z Company were investigating possible fraud in the contracting section, where
thousands of contracts were raised every month. They used Benford's Law to examine the first
two digits of the contract amount. The results of their analysis revealed that the digits 49 were in
the data more often than expected.

Classifying on the contracting officer for all contracts with 49 as the first two digits determined that
the contracting manager was raising contracts for $49,000$49,999 to avoid contracting
regulations. Contracts under $50,000 could be sole-sourced; contracts greater than $50,000 had
to be submitted to the bidding process. He was raising contracts just under the financial limit and
directing them to a company owned by his wife. *

This article is derived by David Coderre from his book Fraud Detection: Using Data Analysis
Techniques to Detect Fraud, published by Global Audit Publications (GAP). It can be purchased
for $65 from (877) 225-4277, or outside of North America from (604) 646-4241.

Editor:
Paul D. Warner, PhD, CPA
Hofstra University

Home | Contact | Subscribe | Advertise | Archives | NYSSCPA

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public
practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs.
Our goal is to provide CPAs and other accounting professionals with the information and news to enable
them to be successful accountants, managers, and executives in today's practice environments.

©2006 The CPA Journal. Legal Notices