Fraud and Errors

L EA R N I NG OBJ E C T
After studying this chapter, you should be able to:
1. Explain the threats faced by modern information systems.
2. Define fraud and descri be both the different types of fraud and the auditor's
responsibility to detect fraud.
3. Discuss who perpetrates fraud and why it occurs, includ ing the pressures,
opportuniticz., and rationalizationz that arc prcz.cnt in moz.t fraudz..

4. Define computer fraud and discuss the different computer fraud

classi'fications.
5. Explain how to prevent and detect computer fraud and abuse.

1
AIS Threats
The four cypes of AJ S lhreacs a company faces are su mmarized in Table 8-1 and are now
discussed.

NATURAL AND POLITICAL DISASTERS

Natural and pol itical disasters-such as fires, floods, earthquakes, h urricanes, tornadoes,
blizzards, wars, and allacks by terrorists-can destroy an information system and cause man
y companies to fail. For example:
i Terrori t ll.rmeks on the World Tr11lle Cenrer in New York Ciry and OH the Feder11lBuild
ing in OkJaboma City destroyed or disru pted aJI the systems in those buildings.
• A flood in Olicago destroyed or damaged 400 data processing centers. A flood in Des
Moines, Iowa, buried the city'scomputer system.<> under eight feet of water.Hurricanes and
earthquakes have destroyed n umerouscomputer systems and severed communication Lines.
Other systems were damaged by falling debris, water from rupcured sprinkler systems, and
dust.
• A very val id concern for everyone is what is going to happen when cyber-anacks are
militarized ; that is, lhe transition from disruptive to destructive attacks.For more on
this, see Focus 8-1.

TABLE 8-1 Threats to Accounting Information Systems

Threats
Naturaland political disasters
Software errors and equip-
ment malfunctions
Unintentional acts
Intentionalacts
Examples
Fire or excessive heat
Floods, earthquakes, landslides, hurricanes, tornadoes, blizzards,
snowstorms, and freezing rain
War and attacks by terrorists
Hardware or software failure
Software errors or bugs
Operating system crashes
Power outages and
fluctuations
Undetected data transm ission errors
Accidents caused by human carelessness, failure to follow es ablished
procedures, and poorly trained or supervised personnel
Innocent errors or omissions
Lost, erroneous, destroyed,or misplaced data
Loi:iic errors
Systems that do not meet company needs or cannot handle ntended tasks
Sabotage
Misrepresentat on, false use,or unauthorized disclosure of data
Misappropriation of assets
Financial statement fraud
Corruption
Computer fraud-attacks, social engineering, malware,etc.

2
SOFTWARE ERRORS AND EQUIPMENT MALFUNCTIONS
Sottware errors, operating system crashes, hardware failures, power outages and I Juctuations ,
and u ndetected data transmission errors constitute a second type of threat. A federal study es
ti mated yearly economic losses due to software bugs at almost $60 billion. More than 60% of
companies studied had significant software errors. Examples of errors include:
• More than SO m illion people in the Northeast were left wilhout power when an
industrial control system in part of the grid failed. Some areas were powerless for four
days, and damages from the outage ran close to $10 billion.
• At Facebook , an automated system for verifyi ng configuration value errors
backfired, causing every single client to try to fix accurate data it perceived as invalid.
Since the fix involved queryi ng a cluster of databases, that cluster was qu ickly
overwhelmed by
hundreds of thousands of queries a second. The resultant crash took !he Facebook
system offline for two-and-a-hal f hours.
• As a result of tax system bugs, California failed to collect $635 million in business taxes.
• A bug in Burger King's software resu lted in a $4,334.33 debit card charge for four
hamburgers. The cashier accidentally keyed in the $4.33 charge twice, resulting in the
overcharge.

3
UNINTENTIONAL ERRORS
A lhird type of threat, u nintentional acts such as accidents or innocent errors and omissions, is
the greatest risk 10 in formation systems and causes the greatest dollar losses. The
Computing Technology Industry Association estimates that human errors cause 80% of
security prob lems. Forrester Research estimates that employees u nintentionally create
legal, regulatory, or financial risks in 25% of their outbound e-mails. Chapter I 0 discusses
many of the controls and procedures used to eliminate or mini mize both human errors and
fraud.In addition, Chap ters 14 through 18discuss how to m inimize human errors and fraud
in !he main busi ness pro cesses in organizations.
Unintentional acts are caused by human carelessness, failure to follow established proce
dures, and poorly trai ned or supervised personnel. Users Jose or misplace data and acciden
tally erase or alter files, data, and programs. Computer operators and users enter the wrong
input or erroneous input, use the wrong version of a program or the wrong data files, or mis
place data files. Systems analysts develop systems !hat do not meet company needs, !hat leave
them vulnerable to attack, or !hat are incapable of handli ng their intended tasks. Programmers
make logic errors. Examples of unintentional acts include the following:
• A data entry clerk at Mizuho Securities mistakenly keyed in a sale for 610,000 shares
of J-Com for I yen instead of the sale of I share for 610,000 yen.The error cost the
com pany $250 million.

• A programmer made a one-line-of-code error that priced all goods at Zappos, an online
retailer, at $49.95-even though some of the items it sells are worth thousands of
dollars. The change went i nto effect at midnight, and by the time it was detected at 6:00
A.M ., the company had J ost $1.6 million on goods sold far below cost.
• A bank programmer mistakenly calcu lated interest for each monlh usi ng 31 days.
Before the mistake was discovered, more than $100,000 in excess interest was paid.
• When employees at !he University of Washington Medicine moved data from one
server to another, human error exposed the personal information of nearly 1 million
patients. The error was discovered when a patient found his data after googling hi mself.
• UPS lost a box of computer tapes containi ng sensitive information on 3.9 million
Citigroup customers.
• Jefferson County, West Virginia, released a new on line search cool !hat exposed the
personal information of 1.6 million people.
• McAfee, the an1ivirus software vendor, mistakenly identified svchosr.exe, a crucial
part of !he Wi ndows operating system, as a malicious program in one of its updates.
Hun dreds of lhousands of PCs worldwide had 10 be manually rebooted-a process
that took 30 minutes per machi ne. A third of !he hospitals in Rhode Island were shut
down by the error. One company reported !hat the error cost them $2.5 million.

4
INTENTIONAL ACTS
A fourth threat is an intentional act such as a computer crime, a fraud, or sabotage, which is
deliberate destruction or harm to a system. Information systems are increasingly vulnerable to
attacks. Examples of intentional acts include the following:
• In a recent three-year period, the nu mber of networks that were compromised rose
700%. Experts believe the actual number of incidents is six times higher than reported
because companies tend not to report security breaches. Symantec estimates that hackers
attack computers more than 8.6 mi llion ti mes per day. One computer-security company
reported that in the cases they handled that were perpetrated by Chinese hackers, 94%
of the targeted companies didn't realize that their systems had been compromised until
someone else told them. The median nu mber of days between when an intrusion started
and when it was detected was 416.
• The Sobig virus wreaked havoc on millions of computers, including shutting down trai n
systems for up to six hours.
• In Australia, a disgruntled employee hacked into a sewage system 46 times over two
months. Pu mps failed, and a quarter of a million gallons of raw sewage poured into
nearby streams, flooding a hotel and park.
• A programmer was able to download OpenTable's database due to an improperly de
signed cookie (data a website stores on your computer to identify the site so you do
not have to log on each time you visit the site).
• A hacker stole 1.5 million credit and debit card numbers from Global Payments,
result ing in an $84 million loss and a 90% drop in profits in the quarter following
disclosure.
• The activist hacker group called Anonymous played Santa Claus one Christmas,
indi cating they were "granti ng wishes to people who are less fortunate than
most."They were inundated with requests for iPads, iPhones, pizzas, and hundreds
of other thi ngs. They hacked into banks and sent more than $I million worth of
virtual credit cards to people.
Cyber thieves have stolen more than $I trillion worth of intellectual property from busi
nesses worldwide. General Alexander, former director of the National Security Agency, called
cyber theft "the greatest transfer of wealth in history."When the top cyber cop at the FBI was
asked how the Un ited States was doing in its attempt to keep computer hackers from stealing
data from corporate networks, he said, "We're not wi nni ng."
Chapters I 0 through 13 discuss the controls necessary to prevent or at least minimize the
four types of threats just discussed. The remainder of this chapter discusses a very important
type of intentional act:fraud.

5
• A typical organization loses 5% of its an nual revenue 10 fraud, with yearly global
fraud losses of more than $3.7 trillion.
• The median loss for all 2,410 cases in the ACFE study was $I 50,000, with 23.2%
having losses of $I million or more.
• More than 83% were asset misappropriation frauds with a median Joss of $125,000.
The most frequent misappropriation schemes were billin g and check tampering.
• Less than 10% were financial statement fraud, with a much higher $975,000 median loss.
• More than 35% were corruption frauds, with a median Joss of $200,000. Corruption was
much more frequent in larger organizations dian in smaller ones.
• A fraudster 's level of authority was strongly correlated with the size of the fraud. Owner/
executive frauds took longer 10 detect and were more than four times as costly as
manager perpetrated frauds and more than 11 times as costly as employee frauds.
• Small businesses, with fewer and less effective internal controls, were more vulnerable
to fraud thanlarge ones, n addition;they were impacted much more by the fraud
losses due to their limited resources.
• Frauds are more likely to be detected by an anonymous tip than by audits or any other means.
The most common ways to receive tips nrc by phone hotlincs, email, or nn onlinc form.
• More than 75% of the frauds occurred in accounti ng, operations, sales, upper
manage ment, customer service, purchasing, and finance.
• In almost 41% of the frauds studied, the company did not report fraud 10 the police,
most frequently because they feared bad publicity.
• The most prom inent organ izational weakness in the cases studied was a Jack of
internal controls, followed by overridin g internal controls.

Introduction to Fraud
Fraud is gaining an unfair advantage over another person. Legally, for an act 10 be fraudulent
there must be:
1. A.false sratemem, represemation, or disclosure.
2. A materialfact, which is something that induces a person to act.
3. An intent to deceive.
4. A justifiable reliance; that is, the person relies on the m isrepresentation to take an action.
S. An injury or loss suffered by the victim.
Annual economic losses resulting from fraudulent activity each year are staggering. It is
rare for a week to go by without the national or local press reporti ng another fraud of some
kind. These frauds range from a mu ltimi llion-dollar fraud that captures the anention of the
na tion to an employee defrauding a local company out of a small sum of money.
The Association of Certified Fraud Examiners (ACFE) conducts periodic comprehensive
fraud studies and releases its findings. Report to the Nation on Occupational Fraud and Abuse
2016 Global Fraud Study indicates that:

6
 • A typical organization loses 5% of its annual revenue to fraud, with yearly global
fraud losses of more than $3.7 trillion.
• The median loss for all 2,410 cases in the ACFE study was $150,000, with 23.2%
having losses of $Imillion or more.
• More than 83% were asset misappropriation frauds with a median Joss of $125,000.
The most frequent misappropriation schemes were billing and check tampering.
• Less than 10% were financial statement fraud, with a much higher $975,000 median loss.
• More than 35% were corruption frauds, with a median Joss of $200,000. Corruption was
much more frequent in larger organizations dian in smaller ones.
• A fraudster 's level of authority was strongly correlated with the size of the fraud. Owner/
executive frauds took longer to detect and were more than four times as costly as
manager perpetraced frauds and more than 11 times as costly as employee frauds.
• Small businesses, with fewer and less effective internal controls, were more
vulnerable to fraud thanlarge ones, n addition;they were impacted much more
by the fraud losses due co their limited resources.
• Frauds are more likely co be detected by an anonymous tip than by audits or any other means.
The most common ways to receive tips nrc by phone hotlincs, email, or nn onlinc form.
• More than 75% of the frauds occurred in accounti ng, operations, sales, upper
manage ment, customer service, purchasing, and finance.
• In almost 4 1 % of the frauds studied, the company did not report fraud to the police,
most frequently because they feared bad publicity.
• The most prom inent organ izational weakness in the cases studied was a Jack of
internal controls, followed by overridin g internal controls.
• The implementation of controls to prevent fraud resu lted in lower fraud losses and
qu icker fraud detection. The most frequently implemented anti-fraud controls were exter
nal financial statement audits, a written code of conduct, and financial statement certifi
cation by management.
• The perpetrator tried co conceal the fraud in 94.5% of the cases, most frequently by
creat ing or altering physical docu ments.
• In 79% of the fraud cases smdied , perpetrators displayed behav ioral warning signs, or
red flags, such as livi ng beyond their means, financial difficulties, unusually close as
sociation with a vendor or customer, and recent divorce or family problems that created
a perceived financial need in the perpetrator' s m ind.
• Most occupational fraudsters are first-time offenders; they had never been charged or
convicted of fraud.
• The more individuals involved in a fraud, the higher the losses.

Most fraud perpetrators are knowledgeab le insiders with the requisite access, skills,
and resources. Because employees understand a company 's system and its weaknesses,
they are

better able to comm it and conceal a fraud. The controls used to protect corporate assets make
it more difficult for an outsider co steal from a company. Fraud perpetrators are often referred
co as white-collar criminals.

7
 There are a great many different types of frauds. We briefly define and give examples
of some of those and then provide a more extended d iscussion of some of the most
important ones to businesses.
Corruption is dishonest conduct by those in power and it often involves actions that are
i llegitimate, immoral, or incompatible with ethical standards. There are many types of
corrup tion; examples include bribery and bid rigging.
Investment fraud is misrepresenting or leaving om facts in order to promote an
invest ment that prom ises fantastic profits with little or no risk. There are many types of
investment fraud; examples include Ponzi schemes and securities fraud.
Two types of frauds that are important to businesses are misappropriation of assets (some
times called employee fraud) and fraudu lent financial reporting (sometimes called manage
ment fraud). These two types of fraud are now discussed in greater depth.

MISAPPROPRIATION OF ASSETS
Misappropriation of assets is the theft of company assets by employees. Examples include
the following:
• Albert Milano, a manager at Reader's Digest responsible for processing bills, embezzled
$I million over a five-year period. He forged a superior's signature on invoices for ser
vices never performed, submitted them to accounts payable, forged the endorsement on
the check, and deposited it in his account. Milano used the stolen funds to buy an expen
sive home, five cars, and a boat.
• A bank vice president approved $I billion in bad loans in exchange for $585,000 in kick
backs. The loans cost the bank $800 million and helped trigger its collapse.
• A manager at a f'lorida newspaper went to work for a competitor after he was fired. The
first employer soon realized its reporters were being scooped. An investigation revealed
the manager still had an active account and password and regularly browsed its computer
files for information on exclusive stories.
• In a recent survey of 3,500 adults, half said they would take company property when
they left and were more likely to steal e-data than assets. More than 25% said they
would take customer data, includi ng contact information. Many employees did not
believe tak
ing company data is equivalent to stealing.

8
 The most significant contributing factor in most misappropriations is !he absence of inter
nal controls and/or !he fail ure to enforce existing internal controls. A typical misappropriation
has the following important elements or characteristics. The perpetrator:
• Gains the trust or con fidence of the entity being defrauded.
• Uses trickery. cun ning. or false or misleading information to commit fraud.
• Conceals !he fraud by falsifying records or olher information.
• Rarely terminates the fraud voluntar ily.
• Sees how easy it is to get extra money; need or greed impels the person to
conti nue. Some frauds are sel f-perpetuating; if perpetrators stop, their actions are
discovered.
• Spends the ill-gouen gains. Rarely does the perpetrator save or invest the money. Some
perpetrators come to depend on the "extra" income, and others adopt a lifestyle that
requires even greater amounts of money. For these reasons, there are no small
frauds only large ones that are detected early.
• Gets greedy and takes ever-larger amounts of money at intervals that are more
frequent, exposing !he perpetrator to greater scrutiny and increasing the chances the
fraud is discovered.The sheer magn itude of some frauds leads to their detection. For
example, the accountant at an auto repair shop, a lifelong friend of the shop's owner,
embezzled ever
larger sums of money over a seven-year period. In the last year of the fraud, the embezzler
took more than $200,000. Facing bankrnptcy, !he owner eventually laid off the
accountant and had his wife take over the bookkeeping. When !he company immediately
began doing helter,the wife hired a fraud expert whoinvestigated and uncovered the
fraud.

• Grows careless or overconfident as time passes. If the size of the fraud does not
lead to its discovery, the perpetrator eventually makes a mistake that does lead to
the discovery.

9
FRAUDULENT FINANCIAL REPORTING
The Nat ional Com m ission on Fraudu lent Financia l Reporti ng (the Tread way Com m
ission) defined fraudulent financial reporting as in tentional or reckless conduct,
whether by act or om ission, that resul ts in materially misleading financial statements.
Management falsifies financial statements to deceive i nvestors and credi tors, increase a
company's stock price, meet cash flow needs, or hide company losses and problems. The
Treadway Com m ission srndied 450 l awsui ts against auditors and fou nd undetected
fraud 10 be a factor in half of them.
Through the years, many highly publicized financial statement frauds have occurred. In
each case, misrepresented financial statements led co huge financia l losses and a number of
bankruptcies. The most frequent "cook the books" schemes involve fictitiously inflating
reve nues, holding the books open (recognizing revenues before they are earned), closing the
books early (delaying current expenses to a later period}, overstating inventories or fixed
assets, and concealing losses and liabilities.
The Tread way Comm ission recommended four actions co reduce fraudulent
financial reporting:
1. Establish an organ izational environment that contribmes co the integrity of the financial
reporting process.
2. Identify and understand the factors that lead co fraudu lent financial reporting.
3. Assess the risk of fraudu lent financial reporting within the company.
4. Design and i mplement internal controls 10 provide reasonable assurance of prevent
ing fraudulent financial reporti ng.'
The ACFE found that an asset m isappropriation is I 7 times more likely than fraudu lent
financial reporting but that the amounts involved are much smaller.As a result, auditors and
management are more concerned with fraudulent financial reporting even though they are
more likely co encounter misappropriations. The following section discusses an auditors' re
sponsibility for detecting material fraud.

10
SAS NO. 99 (AU-C SECTION 240): THE AUDITOR'S RESPONSIBILITY
TO DETECT FRAUD
Statement on Auditing Standards (SAS) No. 99, Co11siderario11 of Fraud in a Financial
State ment Audit, became effective in December 2002. SAS No. 99 requires auditors to:
• Understand fraud . Because auditors cannot effectively audit something they do not
u n derstand, they must understand fraud and how and why it is com mitted.
• Discuss the risks of materialfrau dulent misstatements. While plann ing the audit,
team members discuss among themselves how and where the company's financial
statements are susceptible 10 fraud.
• Obtain information .The audit team gathers evidence by looking for fraud risk
factors; testi ng company records; and asking management, the audit committee of the
board of directors, and others whether they know of past or current fraud. Because
many frauds involve revenue recognition, special care is exercised in exam ining
revenue accounts.
• Identif y, assess, a11d respond to risks.The evidence is used to identify, assess, and re
spond to fraud risks by varying the namre, timing, and extent of audit procedures and
by evaluatin g carefully the risk of management overriding internal controls.
• Evaluate the results of their audit tests. Auditors must evaluate whether identified mis
statements indicate the presence of fraud and determine its impact on the financial state
ments and the audit.

• Document and comm1micatefindings. Auditors must document and communicate !

heir findings 10 management and the audit committee.
• Incorporate a teclznology focus. SAS No.99 recognizes the impact technology has on
fraud risks and provides commentary and examples recognizi ng !his impact. It also
notes the oppornmities auditors have 10 use technology to design fraud-auditing
procedures.
Through die yeru-s there have been improvements co and reorganizations of auditing stan
dards. The fraud standards are now referred to as AU-C Section 240.

• Document and comm1micatefindings. Auditors must document and communicate !

heir findings 10 management and the audit committee.
• Incorporate a teclznology focus. SAS No.99 recognizes the impact technology has on
fraud risks and provides commentary and examples recognizi ng !his impact. It also
notes the oppornmities auditors have 10 use technology to design fraud-auditing
procedures.
Through die yeru-s there have been improvements to and reorganizations of auditing stan
dards. The fraud standards are now referred to as AU-C Section 240.

11
Who Perpetrates Fraud and Why
When researchers compared the psychological and demograph ic characteristics of white
collar criminals, violent criminals, and the public, they found significant differences between
violent and white-collar criminals. They found few differences between white-collar criminals
and the public. Their conclu sion: Many fraud perpetrators look just like you and me.
Some fraud perpetrators are disgruntled and unhappy with their jobs and seek
revenge against employers. Others are dedicated , hard-worki ng, and trnsted employees.
Most have no previous crim inal record; they were honest, valued, and respected
members of their commu nity. In other words, they were good people who did bad things.
Computer fraud perpetrators are typically younger and possess more computer experience
and skills. Some are motivated by curiosity, a quest for knowledge, the desire co learn how
things work, and the challenge of beating the system. Some view their actions as a game
rather than as dishonest behavior. Others commit computer fraud togain stature in the hacking
community.
A large and growing number of computer fraud perpetrators are more predatory in
nature and seek co tum thei r actions into money. These fraud perpetrators are more like
the blue collar criminals that look to prey on ochers by robbing them. The difference is
that they use a computer instead of a gun.
Many first-time fraud perpetrators that are not caught, or that are caught bm not pros
ecuted, move from being "unintentional" fraudsters to "serial" fraudsters.
Malicious software is a big busi ness and a huge profit engine for the crimi nal under
grou nd, especially for digitally savvy hackers in Eastern Europe. They break into
financial accou nts and steal money. They sell data to spammers, organized crime,
hackers, and the intelligence commun ity. They market malware, such as virus-producing
software, to others. Some work with organized crime. A recently convicted hacker was
paid $150 for every 1,000 computers he infected with his adware and earned hundreds of
thousands of dollars a year.
Cyber-cri minals are a top FBI priority because they have moved from isolated and uncoor
dinated attacks co organized fraud schemes targeted at specific individuals and businesses.
They use online payment companies to launder their ill-gotten gains. To hide their money,
they take advantage of the Jack of coordination between international law enforcement
organizations.

12
THE FRAUD TRIANGLE
For most predatory fraud perpetrators , all the fraudster needs is an opportu nity and the crimi
nal m ind-set that allows him/her to commit the fraud. For most first-time fraud perpetrators,
three conditions are present when fraud occurs: a pressure, an opportunity, and a rationaliza
tion. This is referred to as the fraud triangle, and is the middle triangle in Figure 8-1.

PRESSURES A pressure is a person 's incentive or motivation for commining fraud. Three
types of pressures that lead to misappropriations are shown i n the Employee Pressure
Triangle in Figure 8- I and are summar ized i n Table 8-2.
Fi nancial pressures often motivate m isappropriation frauds by employees. Examples of
such pressures include living beyond one's means, heavy financia l losses, or high
personal debt. Often, the perpetrator feels the pressure can not be shared and believes fraud
is the best way out of a difficult situation. For example, Raymond Keller owned a grain
elevator where
he stored grain for local farmers. He made money by trading in com modities and bu il t a lav
ish house overlooking the Des Moines River. Heavy financial losses created a severe cash
shortage and high debt. He asked some farmers to wait for their money, gave others bad
checks, and sold grain that did not belong to him. Finally, the seven banks to which he
owed more than $3 million began to call their loans. When a state auditor showed up
unexpected ly, Raymond took his life rather than face the consequences of his fraud.
A second type of pressure is emotional. Many employee frauds are motivated by greed.
Some employees turn to fraud because they have strong feelings of resentment or believe they
have been treated unfairly. They may feel their pay is too low, their contributions are not ap
preciated, or the company is taking advantage of them. A California accountant, passed over
for a raise, increased h is salary by I 0%, the amount of the average raise. He defended his
actions by saying he was only taking what was rightfully his. When asked why he did not in
crease his salary by 11%, he responded that he would have been stealing I %.
Other people are motivated by the challenge of "beati ng the system"or subverting
system controls and breaking into a system. When a company boasted that its new system
was im penetrable, a team of individuals took less than 24 hours to break into the system
and leave a message that the system had been comprom ised.
Some people com m it fraud to keep pace with other family members or win a "who has
the most or best"competition. A plastic surgeon, making $800,000 a year, defrauded his
clinic of $200,000 to compete in the family "game" of financial one-upmanship.

13
 Commi F GURE 8-1
t .-- Atti tude
---..,
-
.\
Opportunity
c Triangle i::- 1'. Rationalizafion Fraud Triangle
- -!!>
./

, >::"-" Triangle

%.._ i" ----- · Fraud

"'
------+<:;, 'C0, ,?
'¥ () Triangle
,.
..
"-"'
'lY
, ,
Pressure
'
'?:> -$
, , ''
, , ''
, '',
Fin ancial JI "' Financial
...- -----...... 4'
-:? financial $'
Employee <l;: Statement ,Y
· Pressure '&
"-5.. Pressure
\ Triangle . ;.,f.f Triangle ;;;(, )
v.f - sq-;

i"
0 'li

TABLE 8-2 Pressures That Can Lead to Employee Fraud

Financial Emotional Lifestyle

Living beyond one's means Excessive greed,ego, pride, Gambling
High personal ambition habit Drug or
debt/expenses Performance not recognized alcohol
"Inadequate" salary/income Jobdissatisfactio addiction
Poor credit ratings n Fear of losing Sexual relationships
Heavy financial job Family/peer
losses Bad Need for power or control pressure
investments Overt,deliberate nonconformity
Tax avoidance Jni1hility tn 11hirlP hy nr rP.[""rt
IlnrP.Mnni1hlP rulP Challenge of beating the
'111ntM/9n11I
system Envy or resentment
against others Need to win
financial one-
upmanship competition
Coercion by bosses/top
management

14
 Other people commit fraud due to some combination of greed, ego, pride, or ambition
that causes them to believe that no matter how much they have, it is never enough. Thomas
Coughlin was a vice-chairman of Walmart and a personal friend of founder Sam Walton. Even
though his annual compensation exceeded $6 million, over a five-year period he had subordi
nates create fictitious invoices so that Walmart wou ld pay for hundreds of thousands of dollars
of person al expenses. These expenses included hunting vacations, a $2,590 pen for Coughlin's
dog, and a $I ,400 pair of alligator boots. Dennis Kozlowski and Mark Swartz, the CEO and
CFO of Tyco International, were convicted of stealing $170 million from Tyco by abusing the
company's loan program and by granti ng themselves unauthorized bonuses.
A third type of employee pressure is a person 's lifestyle.The person may need funds to
support a gambling habit or support a drug or alcohol addiction. One you ng woman embez
zled funds because her boyfriend threatened to leave her if she did not provide him the money
he needed to support his gambling and drug addictions.
Three types ot organizational pressures that motivate management to misrepresent fi
nanc ial statements are shown in the Financial Statement Pressure triangle in Figure 8- I and
summarized in Table 8-3. A prevalent financial pressure is a need to meet or exceed earn
ings expectations to keep a stock price from falling. Managers create significant pressure with
unduly aggressive earn ings forecasts or unrealistic performance standards or with incentive
programs that motivate employees to falsify financial resu lts to keep their jobs or to receive
stock options and other incentive payments. Industry conditions such as new regulatory re
quirements or significant market saturation with declining margins can motivate fraud.

15
OPPORTUNITIES As shown in the Opportun ity Triangle in Figure 8-1 , opportunity is the
condition or sirnation, including one's personal abilities, that allows a perpetrator to do three
things:
I. Commit thefraud .The theft of assets is the most common type of m
isappropriation. Most instances of fraudu lent financial reporti ng involve
overstatements of assets or rev enues, u nderstatements of liabi lities, or failures 10
disclose information.
2. Conceal thefraud. To prevent detection when assets are stolen or financ ial
statements are overstated, perpetrators must keep the accounting equation in balance
by inflati ng other assets or decreasing liabilities or equity. Conceal ment often takes
more effort and
ti me and leaves behind more evidence than the theft or misrepresentation. Taking cash
requires only a few seconds; al!ering records to hide the theft is more challeng ing
and time-consuming.
One way for an employee 10 h ide a theft of company assets is to charge the
stolen item to an expense account. The perpetrator' s exposure is limited 10 a year or
Jess, be cause expense accou nts are zeroed out at the end of each year. Perpetrators
who hide a theft in a balance sheet account must conti nue the concealment.
Another way to hide a theft of company assets is 10 use a lapping scheme. In a
lapping scheme, an employee of Company Z steals the cash or checks customer A mai ls
in to pay the money it owes to Company Z.Later, the employee uses funds from
customer B to pay off customer A's balance. Funds from customer C are used 10 pay off
customer B's balance, and so forth. Because the theft involves two asset accounts (cash
and ac counts receivable}, the cover-up must continue indefinitely unless the
money is replaced or the debt is written off the books.
An individual, for his own personal gain or on behalf of a company, can hide the theft
of cash using a check-kiting scheme. In check kiting, cash is created using the lag be
tween the time a check is deposited and the time it clears the bank. Suppose an
individual or a company opens accounts in banks A, B, and C. The perpetrator
"creates" cash by
depositing a $1,000 check from bank B in bank C and withdraw ing the fu nds. If it
takes two days for the check 10 clear bank B, he has created $1,000 for two days.
After two days, the perpetrator deposits a $I ,000 check from bank A in bank B 10
cover the created
$1,000 for two more days. At the appropr iate time, $1,000 is deposited from bank C
in bank A. The scheme continues-writi ng checks and maki ng deposits as needed 10
keep the checks from bounc ing-u ntil the person is caught or he deposits money to
cover the created and stolen cash. Electronic banking systems make kiting harder
because the time between a fraudster depositing the check in one bank and the check
being presented to the other bank for payment is shortened.
3. Convert the theft or misrepresentation to personal gain. In a misappropriation, fraud
perpetrators who do not steal cash or use the stolen assets personally must convert them
10 a spendable form. For example, employees who steal inventory or equipment sell the
items or otherwise convert them to cash. In cases of falsified financial statements, perpe
trators convert their actions to personal gain through indirect benefits; that is, they keep
thei r jobs, their stock rises, they receive pay raises and promotions, or they gain more
power and influence.

16
 TABLE 8-3 Pressures That Can l!..ead to Financial Statement Fraud

Management Characteristics Industry Conditions Financial

Questionable management ethics, In tense pressu re to meet or exceed
Decliningindustry
management style, and track Industry or techno logy earnings expectations
record
changes leading to declin Significant cash flow problems; unusualdifficulty
Unduly aggressive earnings
ing demand or product collecting receivables, paying payables
forecasts, performance standards, obsolescence Heavy losses, high or undiversified risk, high
accounting methods, or incentive
New regulatory dependence on debt. or unduly
programs
requirements that impair restrictive debt covenants
Significant incentive compensation
financialstability or Heavy dependence on new or unproven product
based on achieving unduly aggres
profitability lines
sive goals
Significant competition or Severe inventory obsolescence or excessive
Management actions or
mar1<et saturation, with inventory buildup
transactions with no clear business
declining margins Economic conditions (inflation, recession)
justification Oversensitivity to the
Significant tax changes or Litigation, especially management
effects of alter
adjustments vs.shareholders Impending business failure or
native accounting treatments on
bankruptcy
earnings per share
Problems with regulatory agencies
Strained relationship with past
High vulnerability to rise in interest rates
auditors
Poor or deteriorating financial position
Failure to correct errors on a timely
Unusually rapid growth or profitability compared
basis, leading to even greater
to companiesin same industry
problems
Significant estimates involving highly subjective
High management/employee
judgments or uncertainties
turnover Unusual/odd related-party
relationships

Table 8-4 lists frequen Uy mentioned opportunities. Many opportu nities are the result
of a deficient system of internal controls, such a deficiencies in proper segregation of
duties, authorization procedures, clear lines of authority, proper supervision, adequate
docu ments and records, safeguarding assets, or independent checks on performance.
Management permi ts fraud by inauention or carelessness. Management commits fraud by
overriding internal con trols or using a position of power to compel subordinates to
perpetrate it. The most prevalent opporruniry for fraud results from a company"s failure to
design and e1if orce its internal con trol system .
Companies who do not perform a background check on potential employees risk hiring a
"phan tom controller."' In one ca e, a company president stopped by the office one night, saw
a light on in the controller·s office, and went to see why he was working late. The president
was surprised to find a complete stranger at work. An investigation showed that the
controller was
nor an accountan t and had been fired from three job s over che prior eighc years.
Unable to do the accounting work, he hired someone to do his work for him at night. What
he was good at w as stealing money-he had embezzled several million dollars.
Other factors provide an opportunit y to commit and conceal fraud when the company
has unclear policies and procedures, fails to teach and stress corporate honesty, and fails to
pros ecute chose who perpetrate fraud. Examples include large, unusual, or complex
transactions; n umerou s adjusting entries at year-end ; questionable accounting practices;
pushing account ing principle. to the limit; related-party transactions; incompetent
personnel, inadequate starr ing, rapid tumover of key employees, lengthy tenure in a key
job, and lack of training.

17
 TABLE 8-4 Opportunities Permitting Employee and Financial Statement Fraud

Internal Control Factors Other Factors

Failure to enforce/monitor internal
controls Management's failure to be
involvedin the
internalcontrolsystem
Management override of
controls
Managerialcarelessness,inattention to
details
Dominant and unchallenged management
Ineffective oversight by board of directors
No effective internal auditing staff
Infrequent third-party reviews
Insuff cient separation of authorization,
custody, and record-keeping duties
Too much trust in key employees
Inadequate supervision
Unclear lines of
authority
Lack of proper authorizat on
procedures No independent checks on
performance
Inadequate documents and records
Inadequate system for safeguarding
assets No physicalor loQicalsecurity
system
No audit trails
Failure to conduct background
checks No policy of annual
vacations,rotation
of duties
large,unusual,or complex transactions
Numerous adjusting entries at year-
end Related-party transactions
Accounting dcp.:irtmcnt th;:at i'!; undcl"$t;:affcd,
overworked
Incompetent personnel
Rapid turnover of key employees
lengthy tenure in a key job
Overly complex organizationalstructure
No code of conduct, conflict-of-interest state-
ment, or definition of unacceptable
behavior
Frequent changes in auditors,legal counsel
Operating on a crisis basis
Close assoc iation with suppliers/customers
Assets highly susceptible to misappropriat on
Questionable accounting practices
Pushing accounting principles to the limit
Unclear company policies and procedures
FailinQ to teach and stress corporate honesty
Failure to prosecute dishonest employees
low employee morale and loyalty

Frauds occur when employees build mutually beneficial personal relationships with cus
tomers or suppliers, such as a purchasing agent buying goods at an inflated price in exchange
for a vendor kickback. Fraud can also occur when a crisis arises and normal con trol proce
du res are ignored. A Fortune 500 company had three multimillion-dollar frauds the year it
disregarded standard internal control procedures while trying to resolve a series of crises.

18
RATIONALIZ ATIONS A rationalization allows perpetrators to justify their illegal
behav ior. As shown in the Rationalization Triangle in Figure 8-1, this can take the form of
a just ifica tion ("I only took what they owed me"), an attitude ("The rules do not apply to
me''), or a lack of personal integrity ("Gelli ng what I want is more important than being
honest"). In other words, perpetrators rationalize that they are not being dishonest, that
honesty is not required of them, or that they value what they take more than honesty and
integrity. Some perpetra tors rationalize that they are not hurti ng a real person, but a
faceless and nameless computer system or an impersonal company that will not miss the
money. One such perpetrator stole no more than $20,000, the maxi mu m J oss the insurance
company would rei mburse.
The most frequent rationalizations include the following:
• I am only "borrowi ng'' it, and I wi ll repay my "loan."
• You would u nderstand if you knew how badly I needed it.
• What I did was not that serious.
• It was for a good cause (the Robin Hood syndrome: robbing the rich to give to the poor).
• In my very important position of trust, I am above the rules.
• Everyone else is doing it.
• No one will ever know.
• The company owes it to me; I am taking no more than is rightfully mine.
Fraud occurs when people have high pressures; an opportunity to comm it, conceal, and
convert; and the ability to rationalize away their personal integrity. Fraud is Jess likely to oc
cur when people have few pressures, Jillie opportun ity, and high personal integrity. Usually all
three elements of the fraud triangle must be present to some degree before a person comm its
fraud.

Likewise, fraud can be prevented by eliminati ng or m in im izing one or more fraud tri
angle elements. Although companies can reduce or mini mize some pressures and rationaliza
tions, their greatest opportun ity to prevent fraud lies in reducing or m in imizing opportunity
by implementing a good system of internal controls. Contro ls are discussed in Chapters I 0
through 13.

19
Computer Fraud
Computer fraud is any fraud that requires computer technology to perpetrate it. Examples
include:
• Unauthorized theft, use, access, modification, copying, or destruction of software,
hard ware, or data.
• Theft of assets covered up by altering computer records.
• Obtaini ng information or tangible property illegally using computers.

THE RISE IN COMPUTER FRAUD

It is estimated that computer fraud costs the United States somewhere between $70 billion and
$125 billion a year and that the costs increase significantly each year. Computer systems are
particularly vu lnerable for the following reasons:
• People who break into corporate databases can steal, destroy, or alter massive amounts
of data in very little time, often leaving little evidence. One bank lost $l 0 m illion in
just a few minutes.
• Computer fraud can be much more difficult to detect than other types of fraud.
• Some organizations grant employees, customers, and suppliers access to their system.
The number and variety of these access points significantly increase the risks.
• Computer programs need to be modified illegally only once for them to operate improp
erly for as long as they are in use.
• Personal computers (PCs) are vulnerable. It is difficult to control physical access to
each PC that accesses a network, and PCs and their data can be lost, stolen, or
misplaced. Also, PC users are generally less aware of the importance of security and
control. The more legiti mate users there are, the greater the risk of an attack on the
network.
• Computer systems face a number of unique challenges: reliability, equipment failure,
de pendency on power, damage from water or fire, vul nerabi lity to electromagnetic
interfer ene an<I inrem1pr ion,an<I eavP-<<lropping.

20
 As early as 1979, Time magazi ne labeled computer fraud a "growth industry." Mose
busi nesses have been victimized by computer fraud. Recently, a spy network in China
hacked into I ,300 government and corporate compmers in I 03 countries. The nu mber of
incidents, the total dollar losses, and the sophistication of the perpetrators and the schemes
used to commit computer fraud are increasing rapidly for several reasons:
1. Not everyone agrees 011 what constitutes computer fraud . Many people do not
believe that copying software constitutes compmer fraud. Software publishers thi nk
other.vise and prosecute those who make i llegal copies. Some people do not think it
is a crime co browse someone else's computer files if they do no harm, whereas
companies whose data are browsed feel much differen!ly.
2. Many instances of computerfrau d go undetected . A few years ago, it was esti mated that
U.S. Defense Department computers were attacked more than a half mi llion ti mes per
year, "vi th tho number of inoidcntG incrca5in 50% to I 00% per year. DofcnGc Depart
ment staffers and outside consu ltants made 38,000 "friendly hacks" on their
networks to evaluate security. A lmost 70% were successful. and the Defense
Department detected only 4% of the attacks. The Pentagon, which has the U.S.
government's most advanced hacker-awareness program, detected and reported only I
in 500 break-ins. The Defense Department estimates that more than JOO foreign spy
agencies are working to gain access to U.S. government computers as well as an u
nknown nu mber of cri minal organizations.

3. A high percentage of frauds is not reported. Many companies believe the adverse
pub licity would result in copycat fraud and a loss of customer confidence, which could
cost more than the fraud itself.
4. Many networks are not secure. Dan Farmer, who wrote SATAN (a network securiry test
ing cool), tested 2,200 high-profile websites at govern ment instimtions, banks, and news
papers. Only three sites detected and contacted him.
5. Internet sites offer step-by-step instructions 011 how to perpe trate computerfraud and
abuse. For instance, an Internet search found thousands of sites telling how to conduct a
"denial of service"attack, a common form of computer abuse.
6. Law enforcement ca1111ot keep 11p with thegrowth of computerfraud . Because of Jack of
funding and skilled staff, the FBI investigates only I in 15 computer crimes.
7. Calc11lati11g losses is difficult .It is difficu lt to calcu late total losses when information
is stolen, websites are defaced, and viruses shut down entire computer systems.
This increase in compmer fraud created the need for the cyber sleu ths discussed in
Focus 8-2.

21
22
PROCESSOR FRAUD Processor fraud includes unauthorized system use, including the theft
of computer time and services. For example:
• An insurance company installed software 10 detect abnormal system activity and
found that employees were using company computers to ru n an illegal gambling
website.
• Two accountants without the appropriate access rights hacked into Cisco's stock option
system, transferred more than $6.3 million of Cisco stock 10 their brokerage accounts,
and sold the stock. They used part of the funds to support an extravagant lifestyle,
includ i ng a $52,000 Mercedes-Benz, a $44,000 diamond ring, and a $20,000 Rolex
watch.

COMPUTER INSTRUCTIONS FRAUD Computer instructions fraud includes tamperi ng

with company software, copying software illegally, usi ng software in an unauthorized man
ner, and developing software to carry out an unauthorized activity. This approach used 10 be
uncom mon because it required specialized program ming knowledge. Today, it is more
frequent be cause of the many web pages that tell users how to create them.

DATA FRAUD Illegally using, copying, browsi ng, searchi ng, or harm ing company data
consti tutes data fraud. The biggest cause of data breaches is employee negligence.
Companies now report that their losses are greater from the electronic theft of data
than from stealing physical assets. It is estimated that, on average, it costs a company $6.6
m illion, including Jost business, to recover from a data breach.
Company employees are much more likely to perpetrate data fraud than outsiders are.
A recent study shows that 59% of employees who lost or left ajob admined to stealing
con fidential company information. Almost 25% of them had access to their former
employer's
computer system. In addition, more cases are begin ning to surface of employees stealing their
employer's intellectual properties and selling them to foreign companies or governments.

23
 In !he absence of controls, it is not hard for an employee to steal data. For example, an
em ployee using a small flash drive can steal large amounts of data and remove it without being
de tected. In today's world, you can even buy wristwatches with a USB port and internal
memory.
The following are some recent examples of stolen data:
• The office manager of a Wall Street Jaw firm sold information to Friends and relatives
about prospective mergers and acquisitions found in Word files. They made several mil
lion dollars trading the securities.
• A 22-year-old Kazakh man broke into Bloomberg's network and stole account informa
tion, includ ing that of Michael Bloomberg, the mayor of New York and the founder of
the financial news company. He demanded $200,000 in exchange for not us ing or
selling the information. He was arrested in London when accepti ng the ransom.
• A software engineer tried to steal Intel 's new microprocessor plans. Because he could
view but not copy or print the plans, he photographed them screen by screen late at
night in his office.Unbeknownst to him, one of Intel's controls was to notify security
when the plans were viewed after busi ness hours. He was caught red-handed and
arrested.
• Cyber-criminals used sophisticated hacking and identity theft techniques to hack into
seven accounts at a major online brokerage firm. They sold the securities in !hose ac
counts and used the cash to pump up the price of low-priced, thinly traded companies
they already owned. Then they sold the stocks in their personal accounts for huge
gains. E-trade lost $I 8 m illion and A meritrade $4 million in simi lar pump-and-dump
schemes.
• The U.S. Department of Veterans Affairs was sued because an employee laptop
containi ng the records of 26.5 million veterans was stolen, exposing them to identity !
heft. Soon there after, a laptop wilh the records of 38,000 peopledisappeared from a
subcontractor's office.

Data can also be changed, damaged, destroyed, or defaced, especial!y by disgruntled em

ployees and hackers. Vandals broke into !he NCAA's website before basketball tournament
pair ings were announced and posted swasti kas, racial slurs, and a white-power logo.The Air
Force, CIA, and NASA have also been the victims of high-profile website attacks. A
Computer Secu rity Institute analyst described the problem as "cyberspace vandals wilh
digital spray cans."
Data can be lost as a result of negligence or carelessness. Particularly good sources of
con fidential data are the hard drives of used computers donated to charity or resold. A
professor at a major u niversity bought I 0 used computers for his computer forensics class.
Using commer cially available software, his students fou nd highly confidential data on 8
of the JO hard drives. Deleting files does not erase them. Even reformatting a hard drive
may not wipe it clean.
To erase a hard drive completely, special software must be used. When used computers are to
be disposed of, the best way to protect data is to destroy !he hard drive.

OUTPUT FRAUD Unless properl y safeguarded, displayed or printed ompu t can be stolen,
copied, or misused. A Du tch engineer showed that some mon itors emit television-like sig
nals that, with the help of some inexpens ive electronic gear, can be displayed on a television
screen. Under ideal conditions, the signals can be picked up from monitors two miles away.
One engineer set up equipment in the basement of an apartment bui lding and read a monitor

24
on the eighth floor.
Fraud perpetrators use computers to forge authentic-looki ng outputs, such as a
payche.ck. A fraud perpetrator can scan a company paycheck, use desktop publishing
software to erase the payee and amou nt, and print fictitious paychecks. Losses to check
fraud in the Un ited States total more than $20 billion a year.

25
Preventing and Detecting Fraud and Abuse
To prevent fraud, organizations must create a climate that makes fraud less likely, increases che
difficulty of committing it, improves detection methods, and reduces the amount lost if a fraud
occurs. These mea ures are summarized in Table 8-5 and discussed in Chapters 10 through 13.

TABLE s-s Summary of Ways to Prevent and Detect Fraud and Errors

Make Fraud and Errors Less Likely to Occur

• Create an organizationalculture that stressesintegrity and commitment to ethical values and competence.
• Adopt an organizational structure, management philosophy, operating style,and risk appetite that minimizes the
likelihood of f,.,.ud.
• Obtain Board of Director and C-level buy-in and support for the corporate application of security standards and require
over sight from an active, involved, and independent audit committee of the board of directors.
• Assign authority and responsibility for business objectives to specific departments andindividuals, encourage them to
use initiative to solve problems, and hold them accountable for achieving those objectives.
•Identify the events that lead to increased fraud and error risk, and take steps to prevent, avoid, share, or accept that risk.
• Develop a comprehensive set of security policies to guide the design and implementation cf specific control
procedures, and communicate them effectively to company employees.
• Ensure th&t cor'porete secur'ity M&nder'ds &r'e t1ipplied to ell new technologies befor'e they tu·e implemented.
• Continuously improve security policies and procedures as threats change and evolve.
• Automate security processes where it is possible to do so.
• Implement human resource policies for hiring, compensating, evaluating, promoting,and discharging employees
that send messages about the required level of ethical behavior and integrity.
• Develop a comprehensive set of anti-fraud policies that clear y set forth the expectation for honest and ethical behavior
and explain the consequences of dishonest and fraudulent acts.
• Effectively supervise employees, including monitoring their performance and correcting their errors.
• Provide employee support programs; this provides a place for employees to turn to when they ace pressures they
might be inclined to resolve by perpetrating a fraud.
• Maintain open communication lines with employees, customers, suppliers, and relevant external parties (banks,
regulators, tax author ties, etc.).
• Create and implement a company code of conduct to put in writing what the company expects of its employees.
• Train employees inintegr ty and ethicalconsiderations, as well as secur ty and fraud prevention measures.
• Require annual employee vacations and signed confidentiality agreements; per odically rotate duties of key employees.
• Implement formal and rigorous project development and acquisition controls, as well as change management controls.
• Increase the penalty for committing fraud by prosecuting fraud perpetrators more vigorously.

26
Increase the Difficulty of Committing Fraud
• Develop and implement a strong system of internal controls.
• Segregate the accounting functions of authorization,recording, and custody.
• Implement a proper segregation of duties between systems funct ons.
• Restrict physicaland remote access to system resources to authorized personnel.
• Require transactions and activities to be authorized by appropriate superv isory personnel. Have the system
authenticate the person,and their right to perform the transaction, before allowing the transaction to take place.
• Use properly designed documents and records to capture and process transactions.
• Safeguard all assets, .-ecords., and data.
• Require independent checks on performance, such as reconciliation of two independent sets of records, where pract cal.
1 IMplM'IMt Wi'lpuMr-ba eon1rol ovr data input. Wi'lpu! r proe ii'I§,datalora§.data traMMi ion. and
ii'lfMi'lation
output.
• Encrypt stored and transmitted data and programs to protect them from unauthorized access and use.
• When disposing of used computers,destroy the hard drive to keep criminals from mining recycled hard drives.
• Fix software vulnerabilities by installing operating system updates, as well as security and applicat on programs.

Improve Detection Methodl

• Develop and implement a fraud risk assessment program that evaluates both the likelihood and the magnitude of
fraudulent activity and assesses the processes and controls that can deter and detect the potential fraud.
• Create an audit trail so individual transactions can be traced through the system to the financial statements and
financial statement data can be traced back to individual transactions.
• Conduct periodic externaland internalaudits, as well as special network security audits; these can be especially
helpful if somet imes performed on a surprise basis.
• Install fraud detection software.
• Implement a fraud hotline.
• Motivate employees to report fraud by implementing whistleblower rewards and protections for those who come
forward_
• Employ a computer security officer. computer consultants, and forensic specialists as needed.
• Monitor system activities, including computer and network security efforts, usage and error logs, and all malicious
actions. Use intrusion detection systems to help automate the monitoring process.

Reduce Losses from Fraud and Errors

• Maintain adequate insurance.
• Develop comprehensive contingency, disaster recovery, and business continuity plans.
• Store backup copies of program and data files in a secure off-site location.
• Use software to monitor system act vity and recover from the different types of threats.

27
USING DATA ANALYTICS TO PREVENT AND DETECT FRAUD
In addition to the items i n Table 8-5, data analytics can be used co help prevent and detect
fraud and errors. The fu ndamentals of data analytics were discussed in Chapters 5 through 7.
Here. we give a brief overview of how data analytics can be used for fraud prevention and
detection.
Fraud is often detected by iden tifyi ng trends, patterns, anoma lies, and exceptions
in data that are often referred to as red flags of fraud. Auditors often test accounts
and data by ta king a sample of a popu lation and then projecti ng th is sam p le result
onto the en ti re popu lation. This is not very effective when try ing to detect fraud. Fraud
detection is much more effective when data analytics software tools are used to exami ne
an entire data population, especially when the fraud is hidden in a very large amount of
data. Using data analytics software, every transaction or item in the data can be compared
against selected criteria and any items identified as anomalies, unusua l, or unex pected
could be tagged for human examination. Thus, data analytics don 't directly detect fraud;
instead, experienced hu mans are needed co exam ine and u nderstand any suspicious
activi ties identified and co determi ne if fraud is invol ved. For example, fraud analyt
ics software at an insurance company could compare each new claim co a fraud model
that pred icts the likelihood that the claim is bogus. If the fraud probabi lity is high
enough , it is rou ted co a fraud investi gator for further investigation. Otherwise, the
claim is forwarded to the claim processing department.
To use data analytics to effectively detect and deter fraud, investigators must have a thor
ough understanding of the fraud analytics cool used and u nderstand the organization, its busi
ness, its practices and procedures, and its data. They must be able co recognize and correct any
errors in the data exami ned by the analytics cool and be aware of common fraud indicators
related to the data exami ned. Then they use their knowledge and understandi ng to create ef
fective data analytics tests, with an understanding that it is more important co find higher risk
anomalies than lower risk ones. They use their u nderstanding of the busi ness and their fraud
investigation skills co examine the data analysis results co determine if an anomaly has a rea
sonable explanation, is the resu lt of an unintentional error, or constitutes fraud. This often re
quires the investigator to examine company and transaction documentation, interview people,
and evaluate a company's policies and procedures.

28
 - . - -
Not only is detecting and preventi ng fraud a difficult task, fraud is an adaptive crime as
new technologies and new information systems provide perpetrators with new ways to com
mit fraud. For example, recent research shows that Internet-based transactions are J O times
more likely IO be fraudu lem than in-score cransaccions. Accordingly, invescigators need co
con tinuously improve their analytics tests. The first time an analytics test is used, there are
often many anomalies; few of them are errors and even fewer are fraudulent transactions. An
analy sis of the anomalies and the tests used can help refine the analytics and result in fewer
non error and non-fraud anomalies in the future.
There are several important benefi ts to usi ng data analytics to prevent and detect fraud.
They can be used to:
• Test for the most frequent types of fraud schemes: financial statement, asset misappro
priation, and corruption.
• Examine data reactively or proaccively; that is, they can be used co detect fraud that has
occurred and test transactions as they occur to prevent fraud from occurring.
• Identify fraud before it becomes material; that is, there are no small frauds, only
frauds detected before they grow very large.
• Help investigators focus detection efforts on suspicious and high-risk transactions.
• Analyze numeric and non-numeric data and compare data from internal and diverse,
external sources.
• Test internal controls to determine how well they are working, thereby allowi ng
investi gators to fix internal control weaknesses.
Likewise, there are some challenges co overcome in order to use data analytics to
prevent and detect fraud. They include:
• Properly scoping out what data or accou nt is to be tested.
• Obtaini ng the proper data in a clean (min imal errors) and electronic format.
• Large numbers of false positives (anomalies that are neither errors or frauds).
• Dealing with various and complex software systems, data storage systems, and business
processes.
• Dealing with data security, processing integrity, availability, privacy, and confidentiality
concerns.
• Cost of acquiring data analytics software and train ing employees co use it effectively.
• Fraud perpeLrators do nOL wanL to be caught so they try Lo conceal their fraudulent
activi ties; the betler they conceal them, the harder the fraud is co detect.

29
 Data analytics can be used to test for all ki nds of data, including accounting,
financia l, internal communications and documents, and external benchmarki ng data.
Data analytics can be used to test documents and processes for sales and cash collections
(see Chapter 14),
pu rchasi ng and cash disbu rsement (see Chapter 15), man ufactu ring and inventory (see
Chapter 16), human resources and payroll (see Chapter 17), and financia l reports (see
Chapter 18). It can also be used to test unstructured data such as social media activity, news
releases, emails, and texts.
Data analytics is an excellent tool co use to examine big data, which are data repositories
charactenzed by some combmallon of very large data quantity. volume. velocity. d1versny.
or variety. Systems that use these repositories are often complex and contain data chat may
require data analytics software to help con nect dots between data from within and without
the data repositories in order to explain relationships, discover insights, and improve bus iness
processes and decision-making.
Many data analytics techn iques are used to detect fraud. Here are a few of the more fre
quently used:

• Outlier detection. Items omside the range of similar data can indicate fraud, such as a
purchase or sales order nu mber om of sequence. To combat fraud, some banks will
notify users of a check number significantly out of order.
• Anomaly detection using trends and patterns. Anything unexpected, out of the
ordinary, or not in line with expected trends or pallerns can indicate fraud. One way
to perpetrate cash disbursements fraud is co begin making payments to an inactive
vendor.Examining this new activity might u ncover a fraud.
• Regression analysis. This statistical method helps evaluate how strong the connection
is between two or more data items. For example, there may be a historical relationship
between shipping costs and sales. If sales were to increase dramatically without a corre
sponding increase in shipping coses, that might indicate fictitious sales.
• Semantic modeli ng. Using semantic analysis, investigators can analyze both
structured and unstructured text for hidden clues to fraudulent activity. For example,
computers can analyze reports written by those i nvolved in an automobile insurance
claim (policy hold ers, claims adjusters, insurance agents, and police) to see if there
are inconsistencies that might indicate a fraudulent claim.
Another popular data analytics techn ique to detect fraud is called Benford 's Law. It
is explained i n Focus 8-3.

30
 FOCUS 8-3 Using Benford's Law to Detect Fraud

Benford's Law is a probability distribution for the numbers. Nor are they applicable to small data sets
likeli hood of a digit in a large set of naturally or those with a stated minimum and maximum, like
occurring num bers. It states that in certa in large ATM fees or limits on withdrawal amounts. However,
sets of numbers, the number 1 will be the first the law does apply to many types of accounting data
digit 30.1% of the time. The number 2 is the first such as cash receipts and disbursements, credit card
digit 17.61% of the time. Likewise, probabil ty transactions, pur chase orders,inventory quantities,
distribution percentages can also be calcu lated and customer balances and refunds.
for digits 0 and 3 through 9. The following table When a large set of numbers is expected to follow
shows what percent of the time a specific number Benford's Law, fraudinvestigators can use the law to
be tween 0 and 9 (see first column) will appear as help detect fraud and errors. The investigator can
the first through fourth digit (shown in the next create a dis tribution of the first few digits of the
four columns). numbers and com pare it to the Benford's Law tables.
Note in each column the decreasing frequency with which Any anomalies can be investigated to seeif they
larger numbers are used. indicate fraud. Here are a few brief examples of how
Benford's Law was or could have
Number 1st Digit 2nd Digit 3nd Digit 4th Digit been used to test data for fraud:
0 11.968% 10.178% 10.018% • Benford's Law is used to test for fabricated tax
1 30.103% 11.389% 10.138% 10.014% returns since vald tax data usually follows
2 17.609% 10.882% 10.097% 10.010% Benford's Law, whereas fraudulent returns do not.
3 12.494% 10.433% 10.057% 10.006% • A research study showed that Greece may
4 9.691% 10.031% 10.018% 10.002% have manipulated economic data to qualify to join
5 7.918% 9.668% 9.979% 9.998% the European Union
6 6.695% 9.337% 9.940% 9.994% • The unrealistic returns paid in the Bernie Madoff
7 5.799% 9.035% 9.902% 9.990% Ponzi schemes were significantly different than
8 5.115% 8.757% 9.864% 9.986% what would have been expected using the Benford
9 4.576% 8.500% 9.827% 9.982% proba bility distribution.Applying the Benford
probabilties to the
This makes sense logically. In most natura lly scam would likely have uncovered anomalies
occur ring numbering and counting systems, the leading to the detecting of the fraud.
numerical se quence begins with a 1 and then Problem 8.10 refers you to a Journal of
increases, making lower numbers more frequent than Accountancy article where Benford's Law is
larger ones. explained in greater detail and where you are shown
The law is usually not applicable when numbers how use Excel to perform a Benford's Law test.
are assigned, such as telephone numbers and Social
Security

30