PFIA02S/202/0/2015

PROGRAMME IN FORENSIC AND INVESTIGATIVE AUDITING

MODULE 2: FRAUD DETECTION – PFIA02S

TUTORIAL LETTER 202/2015: KEY TO ASSIGNMENT 02/2015

Dear student

In this tutorial letter we provide you with the key to Assignment 02 for 2015. We
strongly advise you to take the time to compare your assignment to the solutions
provided in this tutorial letter. This is a valuable learning experience to find out
where and why you have lost marks.

Comparing your answers to the solutions should also form part of your final
preparation for the examination. If you are not satisfied with the marks you have
obtained for a certain question, please make sure that you understand why and
where your answer was incorrect and/or inadequate. Then go back to the study-
guide and make sure that your knowledge and understanding of the study material is
on the expected level for passing the examination.

Yours faithfully

Lecturers: PFIA02S

1
 PFIA02S/202/0/2015

QUESTION 1 12 marks

1.1 1
1.2 2
1.3 2
1.4 4
1.5 1
1.6 1

(2 marks each,
total = 12)

QUESTION 2 20 marks

 FILTERING
Indicate isolated and suspicious transactions by selecting or filtering out
records based on certain criteria.

For example:

Extract all the transactions between Mixit and CC to reveal the huge volume
of transactions and large payments made.
Extract payments made which is linked to one goods received note.

 SORTING AND INDEXING

Sorting of data to discover unique characteristics or anomalies in data.

For example:
Sort payments made by date to identify multiple payments made to one
supplier (CC).
Sort payments made according to supplier to identify CC as an unusual
business name for further investigation.
GRN's sequentially and discover payments made in less than 30 days after
date of statement.
Extract payee or vendor names starting with blanks or unusual characters.

 STATISTICS
Obtain information about numeric values to discover unusual values.

For example:
Calculate the number of items purchased from CC. This can be an indication
that a supplier may receive unjust preferential treatment.
Calculate the prices of purchased items over an extended period. The inflation
of prices (110% markup) will be revealed and can be investigated by
comparing it to market prices.

2
 PFIA02S/202/0/2015

 DUPLICATE
Extract transactions with the same transaction values or payments occurring
more than once.

For example:
Extract payments made to CC occurring more than once.

 GAPS
Arranges records in a desired order to ensure that it is in proper sequence
and complete.

For example:

Gaps can be used to identify missing received notes for the fictitious
purchases.

 AGING
Calculates the number of days between two dates and provide information of
the timing of key events critical for validity and appropriateness.

For example:
Normal payment policy may be to pay suppliers 30 days after statement,
aging will reveal if payments to CC were treated differently from other
suppliers.

 CONFIRMATION LETTER
Send letters to customers and claimholders to confirm information contained
in the corporate information system.

For example:
Send a confirmation letter to CC to confirm the company’s detail such as the
director’s ID numbers and compare with ID numbers of employees of the CC.

 EXPRESSIONS/CALCULATIONS
Perform calculations, compares data and show relationships between
different financial data.

For example:
Indicate more goods purchased than sold. Inventory level very low
Fictitious receipts and GRN – no goods actually received.

3
 PFIA02S/202/0/2015

Calculate the prices of the items purchased from CC and compare it with the
market prices.

 ANALYTICAL REVIEW
Detect inventory fraud by highlighting trends such as disproportionate
increases in cost of goods relative to sales resulting from the fictitious GRN's
processed.

(MARKERS NOTE: 2 Marks for the description of the technique and 2 marks
for a realistic example.)

(20 marks)

QUESTION 3 20 marks

3.1 Offences committed

a) Cover quoting
b) Cover quoting
c) Ghost employees
d) Procurement fraud
e) Bribery and kickback (corruption)
f) Accounts payable fraud
g) Money laundering
h) Telecommunications fraud
i) Medical and insurance fraud.
j) Kickback fraud. (10x1 marks = 10)

(1 mark each,
total = 10)

3.2 Matters that a forensic auditor may testify on in bail proceedings

CPA Sections 58-71: Bail

The forensic auditor may be required to play a role in bail proceedings, such as
testifying with regard to evidence relating to:
1. the seriousness of the offence,
2. the possibility of intimidation of witnesses or
3. the likelihood that the accused will not attend the trial.
4. the conditions under which bail may be refused,
5. conditions that may be imposed by the court, etc. (5x2 marks = 10)
(Study guide page 7)
(10
marks)

4
 PFIA02S/202/0/2015

QUESTION 4 18 marks

4.1 Four relationships that indicate abusive earnings management

In a study by Magrath and Weld, six relationships were identified that investors and
auditors should consider as early warning signs of abusive earnings management:
• cash flows that are not correlated with earnings
• receivables that are not correlated with revenues
• allowances for uncollectible accounts that are not correlated with receivables
• reserves that are not correlated with balance sheet items
• acquisitions with no apparent business purpose
• earnings that consistently and precisely meet analysts' expectations

(Study guide page 61)

(6
mar
ks)

4.2 Four methods used to detect hacking activities

What methods are used to detect hacking activities? Since the only record of a
hacker’s
activities is the sequence of commands that is used when compromising the system,
analysts of computer intrusion data predominantly use sequence analysis
techniques.
As with other kinds of fraud, both supervised and unsupervised methods are used.

o Analysts of computer intrusion data predominantly use sequence analysis

techniques.
o Supervised methods have the same drawback described in other contexts,
namely that they only work on intrusion patterns which have already occurred
(or partial matches to these).
o Many organisations employ computer experts to try to hack into their own
systems in order to detect the weaknesses in their own systems.
o Unsupervised methods mean that computers are programmed to detect
hacking.
(4*1,5 marks = 6)

(Study guide page 85)

(6
mar
ks)

5
 PFIA02S/202/0/2015

4.3 Four uses of fraud detection software

 For credit card users, for example, fraud detection software essentially
matches personal identification data on the pending transactions with the
record of your history of transactions.
 Data mining is the art of analysing large amounts of data in a manner that
detects obscure facts, trends or inconsistencies completely and efficiently
through the use of "intelligent" computer applications.
 One of the most elaborate money laundering detection systems is the US
Financial Crimes Enforcement Network AI system (FAIS), described in
Senator et al (1995) and Goldberg and Senator (1998). This allows users to
follow trails of linked transactions. It is built around a ‘blackboard’ architecture,
in which program modules can read and write to a central database containing
details of transactions, subjects, and accounts.
 Telecommunications networks generate vast quantities of data, sometimes of
the order of several gigabytes per day, so that data mining techniques are of
particular importance.
(4 x 1,5 marks = 6)

(Study guide page 86)

(6
mar
ks)

QUESTION 5 15 marks

Discuss sections 81,82,83,84,86 of the PFMA.

Outline of each section:

81: Financial misconduct by officials in departments and constitutional

institutions.

82: Financial misconduct by treasury officials.

83: Financial misconduct by accounting authorities and officials of public.

84: All matters of the investigation should be heard or presented.

86: Accounting officer or authority – if guilty of an offence – fine or

imprisonment.

(3 marks for each

section, total = 15)

6
 PFIA02S/202/0/2015

Discuss sections 81,82,83,84,86 of the PFMA Act

81: FM by officials in departments and constitutional institution. AO fails to

comply with requirements or permits unauthorised expenses or official with
power conducts FM (3).

82: FM by treasury officials commits FM if fails to perform a certain duty (3).

83: FM by accounting authorities and officials of public entities – FM if fails to

comply wit requirements, irregular expenditure. If accounting people is a
board – everyone liable. Fails to commit duty. FM ground for dismissal or
suspension (3).

84: All matters of the investigation should be heard or presented (3).

86: Accounting officer or authority – if quilty of offence – fine or imprisonment not

exceeding 5 years – or any other person. (3)

QUESTION 6 15 marks

6.1 Five criteria for successful whistle blowing

• Should cash rewards be offered and how substantial should they be or should
the obligation to report fraud anyway be promoted?
• Should whistleblowers receive public recognition? This might motivate certain
people but might scare others off and could also send a warning to fraudsters.
• Should private recognition be considered? This should be strongly considered
so that the whistleblower at least receives some thanks for taking risks for the
benefit of the company.
• What can be done to protect the system from abuse? A balance has to be
struck between encouraging reporting of fraud on the one hand and receiving
too many false alarms on the other hand.
• What measures should be implemented to protect whistleblowers from
intimidation? Intimidation is a very important weapon used by fraudsters to
discourage anybody from whistleblowing.
• There should not be a long delay when the information received will lead to a
prosecution. Matters should be handled swiftly to ensure that the whistleblower
is not subjected to a long period of stress from fear of being discovered by the
7
 PFIA02S/202/0/2015

fraudster. The fraudster should also be aware of the fact that prosecution is
imminent when evidence is discovered.
• The whistleblowing system should be well advertised. Persons wanting to
make use of the system should not be put in the position of having to spend a
lot of time and effort on discovering how to go about whistleblowing and risk
being identified before they can report on the fraud.
• The system should maintain momentum and be continuously monitored by
management to ensure that members of staff are encouraged to use the system
and that cases are followed through to their final consequence.
• The system should be available to all staff.
• The system should be independent of the daily management of the company.
This will ensure that employees will not be deterred by the fear of reporting on
their own line management.
• Anonymity must be assured by using codes or another means of identification.
• Protection against recriminations must be guaranteed.
• The informant must receive feedback in order to ensure credibility of the
process.
• Potential users must feel that the information provided WILL be assessed,
regardless of the accused’s position in the entity.
(Any 8 x 1 mark = 8)

(Study guide page 101)

(8
mar
ks)

6.2 General elements of a criminal offence

Discussion of the following elements as described in Snyman

 Legality p 39
 Act or Conduct p 51
 Compliance with the definition of proscription p 64
 Unlawfulness p 92
 Culpability p 143

(7 marks)

8
 PFIA02S/202/0/2015

Mark plan summary

• Legality p 39
An accused may not be found guilty of a crime and sentenced unless the type of
conduct with which he is charged
(a) Has been recognised by the law as a crime
(b) In clear terms
(c) Before the conduct took place
(d) Without the court having to stretch the meaning of the words
(e) After conviction the imposition of punishment also complies with these
principles.

• Act or Conduct p 51
By “conduct” is meant an act or an omission.
The requirement of an act or conduct incorporates the principle that mere
thoughts or even decisions are not punishable. Before there can be any question
of criminal liability, thoughts must be converted into action.
Conduct only leads to liability if it is voluntary meaning a person must use their
will or intellect.
The act must be a human act, in other words the subject of the act must be a
human being.
An omission is the failure to act. For example, the law imposed a duty on X but
X failed to do so.

• Compliance with Definition of the elements of a crime (proscription)

p 64

Once it is clear that there was an act, the conduct should comply with all the
elements of a crime.

It is the concise description of the type of conduct (crime) proscribed by law and
the circumstances in which it must take place in order to constitute a crime.

Conduct must comply with the definitional elements which is to describe the
conduct and the circumstances in which it took place, for example the type of
conduct, the way in which it is performed, the person performing the conduct, the
person or object in respect of which the conduct must be performed, the place
where the conduct took place, the time, etc.

• Unlawfulness p 92

“Unlawful” means, of course, “contrary to law”, but by “law” in this context is

mean not merely the rule contained in the definitional elements of the crime, but

9
 PFIA02S/202/0/2015

the totality of the rules of law including rules that allows someone to sometimes
commit an act.
In practice there are a number of well-known situations where the law tolerates
an act. These situations are known as grounds of justification.
An example of well-known grounds of justification is private defence. This
means that the conduct protects a value or interest which in the eyes of the law
is more important than the value or interest which the conduct infringes.

If conduct corresponds with the definitional elements, the conduct may be

described as “provisionally unlawful”. This means that justification has to be
proved in court in order for a person to be found not liable.

• Culpability p 143
The culpability requirement means that there must be grounds upon which a
person may be blamed for unlawful conduct in the eyes of the law.
The culpability requirement comprises two components namely criminal capacity
and intention or negligence.
 Criminal capacity means that at the time of the conduct that a person must
have had certain mental abilities. This means that the person should be
able to distinguish between right and wrong. Examples of persons lacking
criminal capacity is the mentally ill, children or persons with intoxication
and emotional distress due to provocation.
 The second sub requirement is that X’s act must be either intentional or
negligent.
Intention means that a person know or foresee that the conduct is unlawful
but still proceed.
Intention always has a positive character and the test thereof is subjective,
meaning that the court must consider the person’s real knowledge and
visualization of the facts of the law.
Negligence means that the person did not know or foresee but should have
known or foresee that the conduct is unlawful.

Negligence always has a negative character and the test thereof is

objective, meaning that the court must measure a person’s conduct against
an objective standard, which is to see what a reasonable person in the
same circumstances would have done.

---x---
UNISA 2015

10