1. Fraud Prevention, Detection and
Investigation in the Payday Advance
Industry
D. Michael Costello, CPA•ABV,
CFE
2008 CFSA Annual Meeting and Conference
Las Vegas, Nevada
March 6, 2008

2. Overview
 What are fraud and embezzlement?
 How do fraud and embezzlement happen in the
payday advance industry?
 What steps can be taken to prevent fraud and
embezzlement in our business?
 How is fraud detected?
 How do we investigate fraud?

3. Who is committing fraud?
Other Employees
Outsiders <$100,000
Managers <1 Year $100,000–$1 million
Managers 1+ Years >$1 million

4. Fraud Prevention Policies at Major
Companies
2004
Yes
No
2002
0% 20% 40% 60% 80% 100%

5. Fraud and Embezzlement Defined
 Fraud: a misrepresentation or false statement
knowingly made to a victim who relies on it and
incurs detriment or harm as its result to the
benefit of the perpetrator
 Embezzlement: ―the fraudulent appropriation of
property by one lawfully entrusted with its
possession‖ (Black’s Law Dictionary)

6. The Nature of Fraud
 Schemes are always hidden or concealed—
absence of fraud can never be absolutely proven
 Courts (juries) are the final arbiter of whether or
not a fraud has occurred
 Certified Fraud Examiners can only conclude
that there is an appearance of fraud

7. Categories
 Means of concealment
– Lack of documents
– Creation of fake documents
 Basic classes of fraud
– Internal
– External
 Relation to accounting
– On-book
– Off-book

8. External Fraud
 Committed by people outside the business, or by
the business itself against a third party
– Bank fraud
– Investor/securities fraud
– Health care fraud
– Defense contracting fraud
– Bankruptcy fraud

9. Internal Fraud
 Committed against an entity by its own
employees, officers, or directors
– Embezzlement
– Theft of petty cash
– Misappropriation of inventory
– Payroll fraud
– Expense account schemes

10. On-book Fraud
 Money is diverted from regular accounts, or the
books are manipulated
 The books and records provide evidence

11. Off-book Fraud
 Diverted money or assets never reach the
financial statements
 Very hard to discover/prove
 When evidence does turn up, intent is
convincingly established

12. Fraud in the Payday Industry—
Case Study
 A remote location of a chain had a lack of oversight and
of internal controls
 Manager’s authority:
– sign checks
– make computer entries
– make deposits
– keep customer records
– prepare and sign payroll checks
– receive and reconcile bank statements
 What’s wrong with this picture?

13. Concentration of Duties
 When one person has certain combinations of
responsibilities, he can cover his own tracks
 The manager had been there several years—
ownership, to its cost, trusted him
 Manager pocketed cash while entering the
payments as being made
 Thus, bank and customer records differed—but
no one reconciled them

14. Other Lapses of Oversight
 Bookkeeper never questioned checks being
cashed instead of deposited, commission
advances not being repaid, bad checks from the
manager not followed up on—was too busy
dealing with many locations
 Management dismissed the branch’s poor
performance as ―to be expected for a small
town‖

15. Endgame
 New bookkeeper quickly noticed something was
wrong
 But by the time management had it checked out,
all the records had been destroyed

16. Other ―War Stories‖
 Employee ―Hotline‖ used to detect fraud
 Performance of ―Fraud Risk Assessment‖
procedures
 Investigation of ―trusted‖ bookkeeper

17. Fraud Prevention
 TEEAM
– Timely
– Effective
– Efficient
– Accurate
– Mobile

18. Timely
 Especially in a cash-intensive business like
check advance, timely data is critical
 Be ahead of the situation—err on the side of
overprotection
 Analyze data daily to find anomalies, and act on
them immediately
– Problems are caught quickly
– The tone discourages illegal activity

19. Effective and Efficient
 Use information that is relevant and correlated
with the problem
– Daily deposit totals are a critical variable
– Count of checks held v. internal or industry norms
can be useful
 If data’s not relevant, don’t bother with it—
you’ll just waste time you could use on
something more important

20. Accurate
 The data used must properly reflect what it
appears to
 Test the accuracy of counts regularly (e. g. by
physically counting held checks)

21. Mobile
 Managers should visit stores regularly
 Each should have just a few stores, and should
know and closely observe those stores

22. Operating Procedures
 Communicate to employees by way of a manual
 Routine ―surprise‖ audits of centers
 Weekly management audits of center results
 Monthly full audits
– Review held checks
– Sample-test petty cash
– Verify that appropriate reports are being used
– Report to audit committee, senior managers, and (for serious issues) to the
full board of directors
– Follow up immediately
 Twice/year collections audits
 Employee ―Hotlines‖

23. Internal Control
 Main Categories
– Financial Reporting
– Safeguarding of Assets
 Five Components
– Control Environment
– Risk Assessment
– Information/Communication
– Control Activities
– Monitoring

24. Control Environment
 ―Tone at the top‖
 Integrity/ethics
 Commitment to competence
 Role of board and audit committee
 Philosophy and operating style
 Organization structure
 Assigning authority and responsibility
 HR policies and procedures

25. Risk Assessment
 Operating environment
 Information systems
 Growth of products/customers/employees
 New technology
 New accounting pronouncements

26. Information and Communication
 Refers to all of the operations performed on
transactions and conditions to maintain
accountability for assets, liabilities, and equity

27. Control Activities
 Performance reviews
 Independent checks
 Segregation of duties
 Access and authorization controls

28. Monitoring
 Assessment of the quality of internal control
over time
 May be ongoing activities, discrete evaluations,
or a mix

29. Opportunity to Commit Fraud
 Assets susceptible to misappropriation
 Lack of internal control

30. Symptoms of Misappropriation
 Accounting—Suspicious  Analytical—Unusual
items in the records relationships/events
– Manipulated source – Odd time or place
documents – Participants who wouldn’t
– Journal entries that are normally be involved
somehow not normal – Odd policies/procedures/
– Disagreement between practices
records and physical – Excessive (or deficient)
counts (or other records) frequency

31. Fraud Detection Interviews
 Conduct with all employees—not a sign of a
specific suspicion of a person
 Establish rapport and get basic facts first
 Then move on to the fraud-related questions

32. Questions to ask:
 Do you understand the purpose of this
interview?
– Again, note this is not an accusation
 Do you think fraud is a problem for business in
general?
 Do you think this company has a problem with
fraud?
 If employees or managers are stealing from the
company, why do you think they would do it?

33. More Questions
 If you knew another employee was stealing from
the company, what would you do?
 Do you know anyone that might be stealing or
taking unfair advantage of the company?
 Suppose someone who worked at the company
decided to steal or commit fraud. How could he
or she do it and get away with it?

34. Even More Questions
 In your opinion, who is beyond suspicion when
it comes to committing fraud at this company?
 Did you ever think about stealing from the
company even though you didn’t go through
with it?
 Is there any information you wish to furnish
regarding possible fraud in this company?

35. Investigation of Probable Fraud
 Undercover police work
 Physical/electronic surveillance
 Informants
 Lab analysis
 Interviews
 Public records checks
– County recorder’s office
– Subscription database
 Checks of other databases
 Analytical procedures

36. The Forensic Accountant (CFE)
 After a hypothesis or allegation has been made,
the forensic accountant seeks to support or refute
it
 Goals:
– Independent confirmation
– Presentation of conclusive evidence
– Determine motive, co-conspirators
– Trace funds to their final location

37. Methods of Investigation
 Documents and Records of the Victim
– How the scheme was devised
– What areas were compromised/corrupted
 Witness Interviews
– How it was carried out
– Why it was done
 Public and Business Sources
– Can provide a variety of data

38. Financial Analysis for Fraud Detection
 Horizontal analysis—trends in like items over time
 Vertical analysis—relations between items of the same
set financial statements
 Actual v. Budget
 Compare to competitors or trade-group data
 Double-entry analysis
 Review G/L, journal entries
 Review contracts, agreements

39. ―To Do‖ List
 Implement a ―Fraud Risk Management‖ program
covering Prevention, Detection and Response
 Where are you at risk for fraud?
 Consider internal and external opportunities
 Develop a written Plan of Ethics and Code of Business
Conduct that is communicated ―from the top‖

40. ―To Do‖ List
 Basic things to implement –
– Segregate financial and accounting duties
– Duplicate sensitive tasks, such as requiring two
signatures on checks over a certain amount
– Require employees to take annual vacations
– Reconcile all bank accounts

41. ―To Do‖ List
 Basic things to implement –
– Use passwords and IDs on computer files
– Restrict unauthorized access to offices and computer
– Train supervisors and managers to spot fraud, and
– Perform internal and external audits that include
fraud prevention measures