7 Keys to Fraud Prevention, Detection and Reporting
Cdic 2009 fraud audit pairat 4
1. Combating Fraud :
Putting in Place an Effective Audit System to
Detect and Prevent Fraud
The 9th - Cyber Defense Initiative Conference 2009 - (CDIC 2009)
10th-11th November 2009 Queen Sirikit National Convention Center
By
Pairat Srivilairit, CIA, CISA, CBA, CCSA, CFSA, CISSP, CFE
Tuesday, 10 November 2009 15:15-16:00 hrs
1
2. About Speaker
Mr Pairat Srivilairit received a bachelor of engineering from Chulalongkorn
University and a MBA from Thammasat University. He is a certified internal
auditor (CIA), certified information systems auditor (CISA), certified bank
auditor (CBA), holder of certification in control self-assessment (CCSA), certified financial service
auditor (CFSA), certified information systems security professional (CISSP), and a certified fraud
examiner (CFE).
He is chairman of the Bank and Financial Institution Internal Auditors Club (BFIA) and past director
of ISACA Bangkok chapter. He is also a member of The Institute of Internal Auditors (IIA), The
Association of Certified Fraud Examiners (ACFE), The Information Systems Audit and Control
Association (ISACA), The International Information Systems Security Certification Consortium
(ISC)² and The Institute of Internal Auditors of Thailand (IIAT).
He is a known lecturer on operational auditing and information system auditing courses at IIAT and
ISACA Bangkok Chapter. He is also a special lecturer of the IIA’s Internal Auditing Education
Partnership Program (IAEP) at Chulalongkorn University, and represented IIAT speaking to
students at several universities to disseminate the internal auditing profession.
Mr Pairat Srivilairit is associated with finance and banking industry for over 18 years with rich
experiences in the area of management consulting, planning, research, investment,
operation and audit. He is now with TISCO Bank Public Company Limited as head of
internal audit and secretary to the audit committee.
2
3. Outline
Combating Fraud: Putting in Place an Effective Audit
System to Detect and Prevent Fraud
(45 min)
Key Indicators of Fraud
Types of Fraud in Activities Reviewed
Prevention Aids by Internal Auditors
Detection and Investigation Techniques
Summary
3
6. Occupational Fraud
“The use of one’s occupation for personal enrichment
through the deliberate misuse or misapplication of the
employing organization’s resources or assets.”
All occupational fraud have 4 things in common
– Clandestine
– Violate the perpetrator’s fiduciary duties to the victim
organization
– Committed for direct or indirect financial benefit to the
perpetrator, and
– Cost the employer assets, revenue or reserves
6
7. How Fraud is Committed
Three categories of occupational frauds :
Asset Misappropriations
Involve theft or misuse of organization’s assets i.e.
skimming revenues, stealing inventory and payroll fraud.
Corruption
Wrongfully use influence to gain personal benefit contrary
to duty to employer or the rights of another i.e. accepting
kickbacks, conflicts of interest.
Fraudulent Statements
Falsification of organization’s financial statements i.e.
overstating revenues and understating liabilities or
expenses.
7
8. How Fraud is Committed
Asset misappropriations were most common but low
loss. Fraudulent statements were least common with
highest loss.
Breakdown of All Occupational Fraud Schemes — Median Loss
8
9. Bank Most Common Fraud
Greatest percentage (15%) of fraud occurred in banking
and financial services sector.
9
10. How Fraud is Detected
It takes 24 months on average to catch employee fraud
Initial Detection of Occupational Frauds 4
10
11. Key Indicators of Fraud
Tips / Complaints
Missing / Alteration of documents
Duplicate / Unreasonable expenses or reimbursements
Failure of certain employees to take vacations
Failure to follow up on past-due receivables
Unusual write-offs of receivables
Employees on the payroll not sign up for benefits
Excessive purchase of products or services
Common phone numbers / addresses of payees or
customers
11
12. Key Indicators of Fraud
(Continued)
Cash shortages / overages
Stale items on bank reconciliations
Unexplained adjustments / Journal entries
Unusual financial statement relationships i.e.
– Increased revenue vs. decreased receivable
– Increased revenue vs. decreased inventory purchase
– Increased inventory vs. decreased purchase or A/P
Significant increases or decreases in account balances
Significant changes in liquidity, leverage,
profitability or turnover ratios
12
13. Limiting Fraud Losses
Surprise audit and job rotation are still overlooked by many organizations.
13
14. Limiting Fraud Losses
Surprise audit, job rotation, and anonymous reporting showed the greatest impact on fraud
losses.
14
15. Bank Case Symptoms
Supervisory override, unusually large transactions or
with no apparent business purpose
Journal voucher contain only one signature, containing
incorrect information, fund transfer between different
customers' accounts
Deposit slip with missing information, depositor names
incomplete or not match with passbook or acct name.
Frequent, large deposit/withdrawal in Executive account
Deposits and withdrawals on same account on same day
or in a short period of time
Bank checks used to transfer between accounts /
checks with altered date.
15
16. Symptoms ... More
Purported customer signature on withdrawal voucher and
checks
Large negative balances in slush accts or customer accts
Deposit slip of customer funds between accts of different
customers
Deposits of customer check where cash was received
back
CDs closed prematurely with proceeds put into low
interest account, sometimes with penalty
Customer not presented when account was opened,
closed or transacted
Mailing of customer statement to Executive address
16
17. Bank Fraud Trend
Fraud financial cost may be three or more times the
value of loss amount
Fraud is not static. It evolves with each new measures
implemented
New opportunities for employee fraud are emerging
Criminals thwart rules-based systems
“Silo” mentality weakens fraud detection
Top management are moving toward an enterprise
focus on anti-fraud systems
Regulatory expectations are increasing
Solutions require commitment, investment, and talent
17
18. Insider Threat
“Deliberate misuse by those who are authorized to use
computer and networks.”
Insiders include employees, contractors, consultants,
temporary helper, personnel from third-party business
partner, etc.
18
19. Facts about Insider Misuses
Most were not technically sophisticated or complex
Most were thought out and planned in advance
Most were motivated by financial gain
Most perpetrators of banking and finance incidents
– Not hold technical position
– Never engage in technical attack or hacking
– Not necessarily perceived as problem employees
Executed at workplace during normal business hours
Detected by various channels and methods.
19
20. Misuse of Applications
Applications Legitimate Use Misuse
Client/Server Message exchange Unusual exchange to degrade
performance
Connectivity to server Exceedingly connection (DOS)
Execution of tasks Execute privileged procedure
Mail Clients Send and receive e-mails Illegal content / remote attack /
private use / overload network
Browsers / Browse Internet / play files View illegal content
Multimedia View cached file and Display other users’ viewed files
player history and accesses
Programming Develop program Create malware
Tools Display memory segment Access memory segment with
sensitive information
General- Read / write Access temp file for sensitive
purpose information / modify temp file to
Applications change program flow
Input strings Buffer overflow
20
21. Universal of
Internal Computer Fraud
Data Capture
Billing Schemes Errors
Spyware &&
Forged Corruption && Ghost Spyware Duplicate Over
Forged Corruption Ghost Key loggers Duplicate Over Payment to
Endorsement Price initiation Vendor Key loggers Payment to
Endorsement Price initiation Vendor Payments Payments Erroneous
Payments Payments Erroneous
Accomplice Quid Pro Quo && Return Early Missing or Bad Employees
Accomplice Quid Pro Quo Return Employees
Vendor
Vendor Barter Schemes && Voids
Barter Schemes Voids Fund Transfer Early
Payments
Missing or Bad & Vendors
Information & Vendors
Payments Information
Personal Passing of Payment of Invoices Unauthorized
Personal Duplicate Information
Purchase Passing of Payment of Invoices
for Non-existing Suppliers
Unauthorized
Transfer of Funds
Duplicate Information
Purchase for Non-existing Suppliers Transfer of Funds
Program Altering Schemes
Manipulation of Data Input Computer
Computer Changing Program Setting Improper
Changing Program Setting Improper
Data
Data Falsification of
Falsification of Data
Data
Fraud
Fraud
and Data Ownership
and Data Ownership Parameter
Parameter
Integrity Stock Record Suppression Use of Malware Alteration of Program
Integrity Stock Record Suppression
Attack to Cover Theft Use of Malware Alteration of Program
Attack to Cover Theft (e.g. Trojans) and Data File
of Stocks (e.g. Trojans) and Data File
of Stocks
Information Privacy Risk
Loss of Employee
Payroll Schemes Loss of Transmission of
Transmission of Employee
Intellectual Confidential Data Downloading
Check Tampering
Intellectual Confidential Data Downloading
Ghost False Property (i.e. TCP/IP) Hacker Tools
Ghost False Property (i.e. TCP/IP) Hacker Tools Forged Endorsement
Employee Communication Through For ID Theft Forged Endorsement Skimming
Employee Communication Through For ID Theft Skimming
Fraud Employee Purpose
Fraud Employee Purpose Forged Checks Write-off of
Worker’s Falsified Posting Forged Checks Write-off of
Worker’s Falsified Peer-to-peer Posting Employee
Compensation Wages Peer-to-peer Confidential Employee Money Due
Compensation Wages Filing Sharing Confidential Downloads Alter Payee Money Due
Scheme Filing Sharing Company Downloads Alter Payee to Company
Scheme Company && Nefarious
Nefarious to Company
Information
Information Applications
Applications
09/10/12 21 21
22. Types of Application Controls
Access Controls Data Origination / Input Controls
Check Integrity Check whether sources Check ifif data
Authorization
Authorization
Check Integrity
of Data entered Check whether sources Check data
Identification && of Data entered from staff direct input, is within
Identification Into Business from staff direct input, is within
Authentication Accountability Audit Into Business remote by business partner, specified
Authentication Accountability Audit Application remote by business partner, specified
Application or through web-enabled parameter
or through web-enabled parameter
application
Physical Devices (i.e. biometric application
Physical Devices (i.e. biometric
scan, metal locks, hidden path, Ensure accuracy, completeness and Ensure accuracy with optimum
scan, metal locks, hidden path, Ensure accuracy, completeness and Ensure accuracy with optimum
digital signatures, encryption, timeliness of data during conversion computerized validation
digital signatures, encryption, timeliness of data during conversion computerized validation
social barriers, human and automated from original sources into computer and editing,
social barriers, human and automated from original sources into computer and editing,
monitoring systems etc.), data or entry to computer application
monitoring systems etc.), data or entry to computer application
either manual, online input or batch. Error handling procedure
either manual, online input or batch. Error handling procedure
Permit or deny use of an object facilitate timely
Permit or deny use of an object facilitate timely
and accurate resubmission
and accurate resubmission
of all corrected data
of all corrected data
Application
Application
Controls
Controls
Data Processing
Output Control
Ensure accuracy, completeness
Ensure accuracy, completeness
and timeliness of data during Ensure data is accurately Ensure integrity of output and the correct
and timeliness of data during Ensure data is accurately Ensure integrity of output and the correct
either Batch or real-time processed through and timely distribution of output produced
either Batch or real-time processed through and timely distribution of output produced
processing by application. the application either in hardcopy, files to be used as input
processing by application. the application either in hardcopy, files to be used as input
for other system, or information
No data is added, lost or altered during processing for other system, or information
No data is added, lost or altered during processing available for online viewing
available for online viewing
09/10/12 22 22
23. Example of Detection System
General
Ledger
XBRL Business
XBRL Business
Report Engine
Report Engine
Business
Report XSLT
Branch
Branch Spreadsheet
Loan Application
Dataset
Web Application
Main Office
Main Office Web Browser
Web Browser Server Server
XML XML
document document
Branch
Branch XML
SYSLOG Key Fraud Signature
Misuse detection
Rules data & metadata
IDS Engine
Firewall and
Router Log Event Correlation
Database
09/10/12 23 23
24. Other Analytical Tools
Use of Benford's Law as fraud detection tool
Theoretic
al Line Fraudulent
Frequencies (percent)
Transactions
09/10/12 24 24
25. Managing Insider Threat
Strong authentication / biometric technologies
Role-based access granted on a need-to-have basis
Rotate job function / event log reading
Place server and sensitive equipment in secured area
Restrict physical access / lock / alarm test
Wear badge / background check
Default password / unused port / log-off on absence
Encrypt sensitive data stored on user hard drives
Store sensitive document in secured space
Never issue password over unsecured channels
25
26. Aware of Warning Signs
Rogue access point / wireless / remote
Disgruntled employee
A user accesses database or area of network they
have never accessed before
Download spike
26
27. Fraud Prevention Checklist
Good internal control
Employee fraud awareness training / hotline
Analytical review / surprise fraud audits
Review company contracts
Perception of detection / management oversight
Proactive fraud policy and program / prosecution
Mandatory vacations / periodic job rotation
Screen job applicants
Information security review / limit access / audit trail
Management climate / employee support program
27
28. Summary
Auditor's roles in combating fraud
Promote culture of honesty and high ethics
Assess and mitigate the risk of fraud
Ensure control adequacy and effectiveness
Use data mining and statistical analysis tools
Analyze financial statements reports
Being alert on predication of fraud
Ensure investigations are properly conducted
Ensure proper follow-up actions are taken
Develop your anti-fraud knowledge and skills
28
29. About the ACFE
The Association of Certified Fraud Examiners
Start 1988
Provide anti-fraud training and education
Over 50,000 members in 125 countries
Administrate the Certified Fraud Examiner (CFE)
designation- a certification program for fraud practitioners
recognized by U.S. Department of Defense and FBI
More than 20,000 CFE’s worldwide (5 Thais)
$55 Membership Fee
More information about ACFE
http://www.acfe.com
29
30. About CFE Exam
Covers 4 areas
– Criminology & Ethics
– Financial Transactions
– Fraud Investigation
– Legal Elements of Fraud
4 Exam sections of 125 questions each (75%)
Administered via computer / must complete each
section in one sitting (2.6 hr)
Complete all and return to ACFE in 30 days
Must pass Qualifying Points System (40/50)
$250 Application Fee
30
31. Q&A
Pairat Srivilairit
CIA, CCSA, CFSA, CISA, CISSP, CBA, CFE
Internal Audit Department
TISCO Bank Public Company Limited
Mobile : +668 1903 1457
Office : +66 2633 7821
Email : pairat@tisco.co.th
31
TOPIC: Combating Fraud: Putting in Place an Effective Audit System to Detect and Prevent Fraud Ø Key indicators of fraud Ø Types of fraud associated with the activities reviewed Ø Prevention aids by internal auditors Ø Techniques for enabling the detection and investigation of fraudulent activities
Most White Collar Crime Results from a Simple Exploitation of an Obvious Weakness - Not a Clear or Ingenious Plan Objective of Internal Controls: Make the Risk of Being Caught So High a Thief Decides the Risk Exceeds the Gain Help Workers Avoid Making Bad Choices by Replacing the “I Will Not” With “I Can Not” กองปราบปรามบุกจับสมุหบัญชีธนาคารอาคารสงเคราะห์ยักยอกเงินกว่า 310 ล้านบาท ตะลึงเจอเงินสดในบ้าน 15 ล้าน เงินในบัญชี 400- 500 ล้านบาท เผยแอบโอนเงินเข้าบัญชีในตัวเองวันละ 700,000 บาทนานปีครึ่ง นายขรรค์ ประจวบเหมาะ กรรมการผู้จัดการธนาคารอาคารสงเคราะห์ ( ธอส .) เปิดเผยเมื่อเวลา 13.00 น . วันที่ 1 พฤษภาคมว่า ตนได้ให้แจ้งความดำเนินคดีเอาผิดข้อหาฉ้อโกงกับนายสมเกียรติ ปัญญาวรกุลเดช อายุ 33 ปี ผู้ช่วยผู้จัดการธอส . สาขาเซ็นต์หลุยส์ 3 โดยจะแถลงข่าวในเวลา 14.00 น . วันเดียวกัน ทั้งนี้ นายสมเกียริตได้ยักยอกเงิน ในส่วนของดอกเบี้ยจ่ายเป็นจำนวน 310 ล้านบาท กระทำมาเป็นเวลาปีครึ่ง เจ้าหน้าที่ตำรวจ จับกุมตัวได้ที่บ้านพัก พร้อมเงินสด 15 ล้านบาท และสมุดบัญชีเงินฝาก 400-500 ล้านบาท สอบปากคำเบื้องต้น ฉ้อโกงด้วยการโอนดอกเบี้ยวันละ 7 แสนบาท เนื่องจากนายสมเกียรติ ทำหน้าที่สมุหบัญชี สามารถที่จะโอนเงินได้ตามหน้าที่ ทั้งนี้ นายสมเกียรติ ได้รับรางวัลเป็นพนักงานดีเด่นของ ธอส . และเป็นที่ไว้วางใจของลูกค้าในสาขาดังกล่าวอย่างมาก ผู้สื่อข่าวรายงานว่า การยักยอกทรัพย์ดังกล่าวสร้างความตกตะลึงให้แก่นายขรรค์และผู้บริหารระดับสูงอย่างมากโดยเฉพาะนายสมเกียรติได้รับรางวัลพนักงานดีเด่นทำให้ไม่มีใครสงสัยในพฤติกรรมในช่วงแรก ยักยอก 400 ล้าน : ตำรวจกองปราบปราม ควบคุมตัว นายสมเกียรติ ปัญญาวรกุลเดช อายุ 33 ปี ผู้ช่วยผู้จัดการ ธอส . สาขาเซ็นต์หลุยส์ 3 หลังยักยอกเงินธนาคารไปกว่า 400 ล้านบาท โดยนำเงินไปซื้อบ้าน รถยนต์และเล่นการพนัน เมื่อวันที่ 1 พฤษภาคม ยักยอกเงินแบงค์ 400 ล . จนมุมคารถหนีไปเขมร ถลุงซื้อบ้าน - พนันบอล เมื่อวันที่ 1 พฤษภาคม นายขรรค์ ประจวบเหมาะ กรรมการผู้จัดการ ธนาคารอาคารสงเคราะห์ ( ธอส .) เปิดเผยว่า นายสมเกียรติ ปัญญาวรกุลเดช อายุ 33 ปี ผู้ช่วยผู้จัดการ ธอส . สาขาเซ็นต์หลุยส์ 3 ได้ยักยอกเงินในส่วนของดอกเบี้ยจ่ายไปหลายร้อยล้านบาท ซึ่งกระทำการต่อเนื่องมาเป็นเวลาปีกว่าโดย ธอส . เข้าแจ้งความดำเนินคดีข้อหาฉ้อโกงที่กองปราบปรามเรียบร้อยแล้ว ต่อมา เจ้าหน้าที่ตำรวจกองปราบปราม นำกำลังเข้าจับกุม นายสมเกียรติ ได้ที่บริเวณถนนสายนครราชสีมา - บุรีรัมย์ พร้อมของกลางรถยนต์บีเอ็มดับเบิลยู ป้ายแดงและเงินสด 15 ล้านบาท ขณะเตรียมเดินทางหลบหนีไปยังประเทศเพื่อนบ้านแถบ จ . ศรีสะเกษ หลังก่อเหตุยักยอกเงินของ ธอส . มูลค่ากว่า 400 ล้านบาท ซึ่งทางธนาคารตรวจสอบพบข้อมูลผิดปกติเกี่ยวกับการเคลื่อนไหวทางการเงินของ นายสมเกียรติ ที่มีการโอนเงินเข้า - ออก ผ่านบัญชีธนาคารต่างๆจำนวนมากและจากการตรวจสอบพบว่า ผู้ต้องหาใช้วิธีโอนเงินจากบัญชีดอกเบี้ย ที่ทางธนาคารฯ เตรียมไว้สำหรับจ่ายดอกเบี้ยให้กับลูกค้า ไปเข้าบัญชีตัวเองที่เปิดไว้ตามกับธนาคารต่างๆ โดยทำการยักยอกวันละ 30 รายการๆ ละ 3 หมื่นบาท ทำมานานกว่า 1 ปี โดยฉวยโอกาสหลังปิดบัญชีลูกค้าในแต่ละวัน เพราะรู้รหัสที่จะเข้าไปใช้ในการโอนเงิน จากการสอบสวน ผู้ต้องหาให้การรับสารภาพ ว่า ทำความผิดจริงและทำเพียงลำพัง เงินที่ยักยอกนำไปซื้อบ้านหรูในโครงการเดอะแลนด์มาร์ค เรสซิเดนซ์ ทาวน์โฮม ระดับไฮฮเอ็น มูลค่ากว่า 30 ล้านบาท ซื้อรถยนต์หรูและแคชเชียร์เช็ค มูลค่ากว่า 300 ล้านบาท พร้อมยอมรับว่าติดหนี้การพนันฟุตบอล ซึ่งเล่นได้เสียวันละกว่า 1 แสนบาท โดยเข้าทำงานในธนาคารแห่งนี้เมื่อปี 2542 และไม่เคยมีประวัติการทุจริต สาเหตุที่ทำมาอย่างต่อเนื่อง เพราะทำง่ายและไม่เคยถูกตรวจสอบ เบื้องต้นถูกตั้งข้อหาลักทรัพย์ที่เป็นของนายจ้าง หรืออยู่ในความครอบครองของนายจ้างตามกฎหมายอาญา มาตรา 335 ( 11 ) ระวางโทษจำคุกตั้งแต่ 1-5 ปีและปรับตั้งแต่ 2 พัน -1 หมื่นบาท ก่อนควบคุมตัวผู้ต้องหาไปค้นบ้านพักในโครงการดังกล่าวเพื่อหาหลักฐานประกอบสำนวนคดี ผู้สื่อข่าวรายงานว่า ที่ผ่านมา นายสมเกียรติ ทำหน้าที่สมุห์บัญชีจนได้รับรางวัลเป็นพนักงานดีเด่นของ ธอส . และเป็นที่ไว้วางใจของลูกค้าในสาขาดังกล่าวเป็นอย่างมาก นายขรรค์ ให้สัมภาษณ์อีกครั้งว่า ปัญหาพนักงาน ธอส . ทุจริตยักยอกเงิน 400 ล้านบาทและดำเนินการมาหลายปีติดต่อกัน จึงเตรียมเรียกประชุมผู้จัดการสาขาทั่วประเทศ เพื่อประเมินถึงช่องโหว่ของกฎระเบียบที่กำหนดไว้สำหรับพนักงานที่ทำงานอยู่กับการดูแลเงินของธนาคาร ไม่ให้มีปัญหาดังกล่าวเกิดขึ้นอีกในอนาคตและยืนยันว่า เงินที่พนักงานยักยอกไปนั้น เป็นเงินจากบัญชีดอกเบี้ยจ่ายของธนาคาร ซึ่งไม่ใช่เงินจากบัญชีของลูกค้า เพื่อไม่ให้ลูกค้าตื่นตระหนกจากปัญหาดังกล่าว ซึ่งจะหาแนวทางป้องกันปัญหาให้รัดกุมมากขึ้น
This study covers 508 cases of occupational fraud totaling over $761 million in losses. All information was provided by the Certified Fraud Examiners (CFEs) who investigated these cases. • Organizations suffer tremendous costs as a result of occupational fraud and abuse. Participants in this study, anti-fraud specialists with a median 16 years’ experience in the fraud examination field, estimate that the typical U.S. organization loses 6% of its annual revenues to fraud. Applied to the US Gross Domestic Product for 2003, this translates to approximately $660 billion in total losses. • Our data strongly supports Sarbanes-Oxley’s requirement for audit committees to establish confidential reporting mechanisms. Occupational frauds in our study were much more likely to be detected by a tip than through other means such as internal audits, external audits, and internal controls. Among frauds committed by owners and executives, which tend to be the most costly, over half of all cases were identified by a tip. • Confidential reporting mechanisms reduce fraud losses significantly. The median loss among organizations that had anonymous reporting mechanisms was $56,500. In organizations that did not have established reporting procedures, the median loss was more than twice as high. • While Sarbanes-Oxley only requires publicly traded companies to establish confidential reporting mechanisms for employees, our data strongly suggests that these programs should also embrace third-party sources such as customers and vendors. Among cases that were detected by a tip, 60% of the tips came from employees, 20% of the tips came from customers, 16% came from vendors, and 13% came from anonymous sources. Companies that have implemented basic employee hotlines to ensure Sarbanes-Oxley compliance could detect significantly more frauds by making their hotlines available to third parties as well. • More effective internal controls are needed to detect fraud. Internal controls ranked fourth – behind By Accident – in terms of the number of frauds detected in our study. Furthermore, the frauds that were detected by internal controls tended to be relatively small, with a median loss of $40,000, which was by far the lowest of any detection method. More effective types of internal controls are needed to detect fraud, especially larger frauds that may involve senior personnel overriding or circumventing traditional internal controls. • Small businesses suffer disproportionately large losses due to occupational fraud and abuse. The median cost experienced by small businesses in our study was $98,000. This was higher than the median loss experienced by all but the very largest organizations. Small businesses are less likely to be able to survive such losses and should better protect themselves from fraud. • The loss caused by occupational fraud is directly related to the position of the perpetrator. Frauds committed by owners and executives caused a median loss of $900,000, which was six times higher than the losses caused by managers, and 14 times higher than the losses caused by employees. Despite this fact, organizations were less likely to take legal action against owners and executives who had committed fraud than they were against employees and managers. This may remove a useful deterrent and unnecessarily expose such organizations to additional high-dollar frauds. • Most occupational fraudsters are first time offenders. Only 12% of the fraudsters in our study had a previous conviction for a fraud-related offense. Criminal background checks can help organizations make informed hiring decisions, but they will not weed out all fraudsters because most frauds are committed by apparently honest employees. • The most cost-effective way to deal with fraud is to prevent it. According to our study, once an organization has been defrauded it is unlikely to recover its losses. The median recovery among victim organizations in our study was only 20% of the original loss. Almost 40% of victims recovered nothing at all.
One of the major goals of this Report was to classify each fraud according to the methods used by the perpetrator. This gives us a better understanding of how fraud is committed and the types of schemes that tend to produce the largest losses. Also, by breaking down occupational frauds into distinct categories, we are better able to study their common characteristics, which in turn assists in the development of better anti-fraud tools. Accordingly, every fraud in our study was classified according to the Uniform Occupational Fraud Classification System (commonly known as the Fraud Tree), which is illustrated on the preceding page. As was first stated in the 1996 Report to the Nation, all occupational frauds fall into one of three major categories: • Asset Misappropriations, which involve the theft or misuse of an organization’s assets. (Common examples include skimming revenues, stealing inventory and payroll fraud.) • Corruption, in which fraudsters wrongfully use their influence in a business transaction in order to procure some benefit for themselves or another person, contrary to their duty to their employer or the rights of another. (Common examples include accepting kickbacks, and engaging in conflicts of interest.) • Fraudulent Statements, which generally involve falsification of an organization’s financial statements. (Common examples include overstating revenues and understating liabilities or expenses.) Asset misappropriations were by far the most common of the three categories, occurring in over 90% of the cases we reviewed. However, these schemes had the lowest median loss, at $93,000. Conversely, fraudulent statements were the least commonly reported frauds (7.9%) but they had the highest median loss at $1,000,000.* *It should be noted that a number of cases involved aspects of more than one type of occupational fraud. For instance, several schemes involved both corruption and asset misappropriation. We were unable to subdivide the losses in cases where there were multiple schemes to show exactly how much of the loss was attributable to each of the component schemes. The same is true for all charts in this report showing median loss based on scheme type.
Cash Misappropriations Out of 508 cases in our study, 440 cases (87%) involved some form of cash misappropriation. According to the Fraud Tree, cash frauds fall into one of three categories: • Fraudulent Disbursements, in which the perpetrator causes his organization to disburse funds through some trick or device. Common examples include submitting false invoices or forging company checks. • Skimming, in which cash is stolen from an organization before it is recorded on the organization’s books and records • Cash Larceny, in which cash is stolen from an organization after it has been recorded on the organization’s books and records Approximately three-fourths of the cash frauds in our study involved some form of fraudulent disbursement, making this the most common category by far. Schemes that involved a fraudulent disbursement also had the highest median loss, at $125,000.
Banking and Financial Services Not surprisingly, in the banking and financial services sector, misappropriations of cash on hand were much more common than among all cases. Cash on hand schemes involve the theft of cash maintained on the premises of a victim organization. Banks have significant stores of cash on their premises, which can make them targets for this type of fraud. Cash on hand schemes tend to be relatively low-cost, with a median loss of $35,000 among the cases in our study. Corruption cases, on the other hand, tend to be much more costly; their median loss was $375,000. We reviewed 132 cases that targeted financial institutions, and one-third of those frauds involved corruption, which was a higher rate than among all cases. Conversely, other common forms of occupational fraud like false billing, skimming, non-cash theft, and check tampering were much less common in banking institutions than among all cases reported.
RELATED ARTICLE: Signals of Fraud * Alteration of documents. * Duplicate payments. * Second endorsements on checks. * Stale items on bank reconciliations. * Journal entries without supporting documentation. * Unexplained adjustments to accounts receivable, accounts payable, revenues, or expenses. * Failure of certain employees to take vacations. * Failure to follow up on past-due receivables. * Shortages in delivered goods. * Employees on the payroll who do not sign up for benefits. * Complaints by customers. * Significant increases or decreases in account balances. * Unusual financial statement relationships such as: * Increased revenues with decreased receivables. * Increased revenues with decreased purchases of inventory. * Increased inventory with decreased purchases or payables to vendors. * Unusual write-offs of receivables. * Products or services purchased in excess of needs. * Unreasonable expenses or reimbursements. * Cash shortages or overages. * Common names, telephone numbers, and addresses of payees or customers. * Missing documentation. * Excessive voids or credits. * Tips from employees. * Significant changes in liquidity, leverage, profitability, or turnover ratios.
RELATED ARTICLE: Signals of Fraud * Alteration of documents. * Duplicate payments. * Second endorsements on checks. * Stale items on bank reconciliations. * Journal entries without supporting documentation. * Unexplained adjustments to accounts receivable, accounts payable, revenues, or expenses. * Failure of certain employees to take vacations. * Failure to follow up on past-due receivables. * Shortages in delivered goods. * Employees on the payroll who do not sign up for benefits. * Complaints by customers. * Significant increases or decreases in account balances. * Unusual financial statement relationships such as: * Increased revenues with decreased receivables. * Increased revenues with decreased purchases of inventory. * Increased inventory with decreased purchases or payables to vendors. * Unusual write-offs of receivables. * Products or services purchased in excess of needs. * Unreasonable expenses or reimbursements. * Cash shortages or overages. * Common names, telephone numbers, and addresses of payees or customers. * Missing documentation. * Excessive voids or credits. * Tips from employees. * Significant changes in liquidity, leverage, profitability, or turnover ratios.
This study covers 508 cases of occupational fraud totaling over $761 million in losses. All information was provided by the Certified Fraud Examiners (CFEs) who investigated these cases. • Organizations suffer tremendous costs as a result of occupational fraud and abuse. Participants in this study, anti-fraud specialists with a median 16 years’ experience in the fraud examination field, estimate that the typical U.S. organization loses 6% of its annual revenues to fraud. Applied to the US Gross Domestic Product for 2003, this translates to approximately $660 billion in total losses. • Our data strongly supports Sarbanes-Oxley’s requirement for audit committees to establish confidential reporting mechanisms. Occupational frauds in our study were much more likely to be detected by a tip than through other means such as internal audits, external audits, and internal controls. Among frauds committed by owners and executives, which tend to be the most costly, over half of all cases were identified by a tip. • Confidential reporting mechanisms reduce fraud losses significantly. The median loss among organizations that had anonymous reporting mechanisms was $56,500. In organizations that did not have established reporting procedures, the median loss was more than twice as high. • While Sarbanes-Oxley only requires publicly traded companies to establish confidential reporting mechanisms for employees, our data strongly suggests that these programs should also embrace third-party sources such as customers and vendors. Among cases that were detected by a tip, 60% of the tips came from employees, 20% of the tips came from customers, 16% came from vendors, and 13% came from anonymous sources. Companies that have implemented basic employee hotlines to ensure Sarbanes-Oxley compliance could detect significantly more frauds by making their hotlines available to third parties as well. • More effective internal controls are needed to detect fraud. Internal controls ranked fourth – behind By Accident – in terms of the number of frauds detected in our study. Furthermore, the frauds that were detected by internal controls tended to be relatively small, with a median loss of $40,000, which was by far the lowest of any detection method. More effective types of internal controls are needed to detect fraud, especially larger frauds that may involve senior personnel overriding or circumventing traditional internal controls. • Small businesses suffer disproportionately large losses due to occupational fraud and abuse. The median cost experienced by small businesses in our study was $98,000. This was higher than the median loss experienced by all but the very largest organizations. Small businesses are less likely to be able to survive such losses and should better protect themselves from fraud. • The loss caused by occupational fraud is directly related to the position of the perpetrator. Frauds committed by owners and executives caused a median loss of $900,000, which was six times higher than the losses caused by managers, and 14 times higher than the losses caused by employees. Despite this fact, organizations were less likely to take legal action against owners and executives who had committed fraud than they were against employees and managers. This may remove a useful deterrent and unnecessarily expose such organizations to additional high-dollar frauds. • Most occupational fraudsters are first time offenders. Only 12% of the fraudsters in our study had a previous conviction for a fraud-related offense. Criminal background checks can help organizations make informed hiring decisions, but they will not weed out all fraudsters because most frauds are committed by apparently honest employees. • The most cost-effective way to deal with fraud is to prevent it. According to our study, once an organization has been defrauded it is unlikely to recover its losses. The median recovery among victim organizations in our study was only 20% of the original loss. Almost 40% of victims recovered nothing at all.
This study covers 508 cases of occupational fraud totaling over $761 million in losses. All information was provided by the Certified Fraud Examiners (CFEs) who investigated these cases. • Organizations suffer tremendous costs as a result of occupational fraud and abuse. Participants in this study, anti-fraud specialists with a median 16 years’ experience in the fraud examination field, estimate that the typical U.S. organization loses 6% of its annual revenues to fraud. Applied to the US Gross Domestic Product for 2003, this translates to approximately $660 billion in total losses. • Our data strongly supports Sarbanes-Oxley’s requirement for audit committees to establish confidential reporting mechanisms. Occupational frauds in our study were much more likely to be detected by a tip than through other means such as internal audits, external audits, and internal controls. Among frauds committed by owners and executives, which tend to be the most costly, over half of all cases were identified by a tip. • Confidential reporting mechanisms reduce fraud losses significantly. The median loss among organizations that had anonymous reporting mechanisms was $56,500. In organizations that did not have established reporting procedures, the median loss was more than twice as high. • While Sarbanes-Oxley only requires publicly traded companies to establish confidential reporting mechanisms for employees, our data strongly suggests that these programs should also embrace third-party sources such as customers and vendors. Among cases that were detected by a tip, 60% of the tips came from employees, 20% of the tips came from customers, 16% came from vendors, and 13% came from anonymous sources. Companies that have implemented basic employee hotlines to ensure Sarbanes-Oxley compliance could detect significantly more frauds by making their hotlines available to third parties as well. • More effective internal controls are needed to detect fraud. Internal controls ranked fourth – behind By Accident – in terms of the number of frauds detected in our study. Furthermore, the frauds that were detected by internal controls tended to be relatively small, with a median loss of $40,000, which was by far the lowest of any detection method. More effective types of internal controls are needed to detect fraud, especially larger frauds that may involve senior personnel overriding or circumventing traditional internal controls. • Small businesses suffer disproportionately large losses due to occupational fraud and abuse. The median cost experienced by small businesses in our study was $98,000. This was higher than the median loss experienced by all but the very largest organizations. Small businesses are less likely to be able to survive such losses and should better protect themselves from fraud. • The loss caused by occupational fraud is directly related to the position of the perpetrator. Frauds committed by owners and executives caused a median loss of $900,000, which was six times higher than the losses caused by managers, and 14 times higher than the losses caused by employees. Despite this fact, organizations were less likely to take legal action against owners and executives who had committed fraud than they were against employees and managers. This may remove a useful deterrent and unnecessarily expose such organizations to additional high-dollar frauds. • Most occupational fraudsters are first time offenders. Only 12% of the fraudsters in our study had a previous conviction for a fraud-related offense. Criminal background checks can help organizations make informed hiring decisions, but they will not weed out all fraudsters because most frauds are committed by apparently honest employees. • The most cost-effective way to deal with fraud is to prevent it. According to our study, once an organization has been defrauded it is unlikely to recover its losses. The median recovery among victim organizations in our study was only 20% of the original loss. Almost 40% of victims recovered nothing at all.
This study covers 508 cases of occupational fraud totaling over $761 million in losses. All information was provided by the Certified Fraud Examiners (CFEs) who investigated these cases. • Organizations suffer tremendous costs as a result of occupational fraud and abuse. Participants in this study, anti-fraud specialists with a median 16 years’ experience in the fraud examination field, estimate that the typical U.S. organization loses 6% of its annual revenues to fraud. Applied to the US Gross Domestic Product for 2003, this translates to approximately $660 billion in total losses. • Our data strongly supports Sarbanes-Oxley’s requirement for audit committees to establish confidential reporting mechanisms. Occupational frauds in our study were much more likely to be detected by a tip than through other means such as internal audits, external audits, and internal controls. Among frauds committed by owners and executives, which tend to be the most costly, over half of all cases were identified by a tip. • Confidential reporting mechanisms reduce fraud losses significantly. The median loss among organizations that had anonymous reporting mechanisms was $56,500. In organizations that did not have established reporting procedures, the median loss was more than twice as high. • While Sarbanes-Oxley only requires publicly traded companies to establish confidential reporting mechanisms for employees, our data strongly suggests that these programs should also embrace third-party sources such as customers and vendors. Among cases that were detected by a tip, 60% of the tips came from employees, 20% of the tips came from customers, 16% came from vendors, and 13% came from anonymous sources. Companies that have implemented basic employee hotlines to ensure Sarbanes-Oxley compliance could detect significantly more frauds by making their hotlines available to third parties as well. • More effective internal controls are needed to detect fraud. Internal controls ranked fourth – behind By Accident – in terms of the number of frauds detected in our study. Furthermore, the frauds that were detected by internal controls tended to be relatively small, with a median loss of $40,000, which was by far the lowest of any detection method. More effective types of internal controls are needed to detect fraud, especially larger frauds that may involve senior personnel overriding or circumventing traditional internal controls. • Small businesses suffer disproportionately large losses due to occupational fraud and abuse. The median cost experienced by small businesses in our study was $98,000. This was higher than the median loss experienced by all but the very largest organizations. Small businesses are less likely to be able to survive such losses and should better protect themselves from fraud. • The loss caused by occupational fraud is directly related to the position of the perpetrator. Frauds committed by owners and executives caused a median loss of $900,000, which was six times higher than the losses caused by managers, and 14 times higher than the losses caused by employees. Despite this fact, organizations were less likely to take legal action against owners and executives who had committed fraud than they were against employees and managers. This may remove a useful deterrent and unnecessarily expose such organizations to additional high-dollar frauds. • Most occupational fraudsters are first time offenders. Only 12% of the fraudsters in our study had a previous conviction for a fraud-related offense. Criminal background checks can help organizations make informed hiring decisions, but they will not weed out all fraudsters because most frauds are committed by apparently honest employees. • The most cost-effective way to deal with fraud is to prevent it. According to our study, once an organization has been defrauded it is unlikely to recover its losses. The median recovery among victim organizations in our study was only 20% of the original loss. Almost 40% of victims recovered nothing at all.
This study covers 508 cases of occupational fraud totaling over $761 million in losses. All information was provided by the Certified Fraud Examiners (CFEs) who investigated these cases. • Organizations suffer tremendous costs as a result of occupational fraud and abuse. Participants in this study, anti-fraud specialists with a median 16 years’ experience in the fraud examination field, estimate that the typical U.S. organization loses 6% of its annual revenues to fraud. Applied to the US Gross Domestic Product for 2003, this translates to approximately $660 billion in total losses. • Our data strongly supports Sarbanes-Oxley’s requirement for audit committees to establish confidential reporting mechanisms. Occupational frauds in our study were much more likely to be detected by a tip than through other means such as internal audits, external audits, and internal controls. Among frauds committed by owners and executives, which tend to be the most costly, over half of all cases were identified by a tip. • Confidential reporting mechanisms reduce fraud losses significantly. The median loss among organizations that had anonymous reporting mechanisms was $56,500. In organizations that did not have established reporting procedures, the median loss was more than twice as high. • While Sarbanes-Oxley only requires publicly traded companies to establish confidential reporting mechanisms for employees, our data strongly suggests that these programs should also embrace third-party sources such as customers and vendors. Among cases that were detected by a tip, 60% of the tips came from employees, 20% of the tips came from customers, 16% came from vendors, and 13% came from anonymous sources. Companies that have implemented basic employee hotlines to ensure Sarbanes-Oxley compliance could detect significantly more frauds by making their hotlines available to third parties as well. • More effective internal controls are needed to detect fraud. Internal controls ranked fourth – behind By Accident – in terms of the number of frauds detected in our study. Furthermore, the frauds that were detected by internal controls tended to be relatively small, with a median loss of $40,000, which was by far the lowest of any detection method. More effective types of internal controls are needed to detect fraud, especially larger frauds that may involve senior personnel overriding or circumventing traditional internal controls. • Small businesses suffer disproportionately large losses due to occupational fraud and abuse. The median cost experienced by small businesses in our study was $98,000. This was higher than the median loss experienced by all but the very largest organizations. Small businesses are less likely to be able to survive such losses and should better protect themselves from fraud. • The loss caused by occupational fraud is directly related to the position of the perpetrator. Frauds committed by owners and executives caused a median loss of $900,000, which was six times higher than the losses caused by managers, and 14 times higher than the losses caused by employees. Despite this fact, organizations were less likely to take legal action against owners and executives who had committed fraud than they were against employees and managers. This may remove a useful deterrent and unnecessarily expose such organizations to additional high-dollar frauds. • Most occupational fraudsters are first time offenders. Only 12% of the fraudsters in our study had a previous conviction for a fraud-related offense. Criminal background checks can help organizations make informed hiring decisions, but they will not weed out all fraudsters because most frauds are committed by apparently honest employees. • The most cost-effective way to deal with fraud is to prevent it. According to our study, once an organization has been defrauded it is unlikely to recover its losses. The median recovery among victim organizations in our study was only 20% of the original loss. Almost 40% of victims recovered nothing at all.
This study covers 508 cases of occupational fraud totaling over $761 million in losses. All information was provided by the Certified Fraud Examiners (CFEs) who investigated these cases. • Organizations suffer tremendous costs as a result of occupational fraud and abuse. Participants in this study, anti-fraud specialists with a median 16 years’ experience in the fraud examination field, estimate that the typical U.S. organization loses 6% of its annual revenues to fraud. Applied to the US Gross Domestic Product for 2003, this translates to approximately $660 billion in total losses. • Our data strongly supports Sarbanes-Oxley’s requirement for audit committees to establish confidential reporting mechanisms. Occupational frauds in our study were much more likely to be detected by a tip than through other means such as internal audits, external audits, and internal controls. Among frauds committed by owners and executives, which tend to be the most costly, over half of all cases were identified by a tip. • Confidential reporting mechanisms reduce fraud losses significantly. The median loss among organizations that had anonymous reporting mechanisms was $56,500. In organizations that did not have established reporting procedures, the median loss was more than twice as high. • While Sarbanes-Oxley only requires publicly traded companies to establish confidential reporting mechanisms for employees, our data strongly suggests that these programs should also embrace third-party sources such as customers and vendors. Among cases that were detected by a tip, 60% of the tips came from employees, 20% of the tips came from customers, 16% came from vendors, and 13% came from anonymous sources. Companies that have implemented basic employee hotlines to ensure Sarbanes-Oxley compliance could detect significantly more frauds by making their hotlines available to third parties as well. • More effective internal controls are needed to detect fraud. Internal controls ranked fourth – behind By Accident – in terms of the number of frauds detected in our study. Furthermore, the frauds that were detected by internal controls tended to be relatively small, with a median loss of $40,000, which was by far the lowest of any detection method. More effective types of internal controls are needed to detect fraud, especially larger frauds that may involve senior personnel overriding or circumventing traditional internal controls. • Small businesses suffer disproportionately large losses due to occupational fraud and abuse. The median cost experienced by small businesses in our study was $98,000. This was higher than the median loss experienced by all but the very largest organizations. Small businesses are less likely to be able to survive such losses and should better protect themselves from fraud. • The loss caused by occupational fraud is directly related to the position of the perpetrator. Frauds committed by owners and executives caused a median loss of $900,000, which was six times higher than the losses caused by managers, and 14 times higher than the losses caused by employees. Despite this fact, organizations were less likely to take legal action against owners and executives who had committed fraud than they were against employees and managers. This may remove a useful deterrent and unnecessarily expose such organizations to additional high-dollar frauds. • Most occupational fraudsters are first time offenders. Only 12% of the fraudsters in our study had a previous conviction for a fraud-related offense. Criminal background checks can help organizations make informed hiring decisions, but they will not weed out all fraudsters because most frauds are committed by apparently honest employees. • The most cost-effective way to deal with fraud is to prevent it. According to our study, once an organization has been defrauded it is unlikely to recover its losses. The median recovery among victim organizations in our study was only 20% of the original loss. Almost 40% of victims recovered nothing at all.
RELATED ARTICLE: Signals of Fraud * Alteration of documents. * Duplicate payments. * Second endorsements on checks. * Stale items on bank reconciliations. * Journal entries without supporting documentation. * Unexplained adjustments to accounts receivable, accounts payable, revenues, or expenses. * Failure of certain employees to take vacations. * Failure to follow up on past-due receivables. * Shortages in delivered goods. * Employees on the payroll who do not sign up for benefits. * Complaints by customers. * Significant increases or decreases in account balances. * Unusual financial statement relationships such as: * Increased revenues with decreased receivables. * Increased revenues with decreased purchases of inventory. * Increased inventory with decreased purchases or payables to vendors. * Unusual write-offs of receivables. * Products or services purchased in excess of needs. * Unreasonable expenses or reimbursements. * Cash shortages or overages. * Common names, telephone numbers, and addresses of payees or customers. * Missing documentation. * Excessive voids or credits. * Tips from employees. * Significant changes in liquidity, leverage, profitability, or turnover ratios.
Fraud Prevention Checklist * Increase use of analytical review. * Review company contracts. * Conduct a threat analysis. * Consult a certified fraud examiner. * Create and maintain a fraud policy. * Create an employee fraud hotline. * Impose mandatory vacations. * Create periodic job rotation. * Check employee references twice. * Evaluate password system and use. * Track unsuccessful attempts to access a computer. * Encrypt data files and data transmissions. * Maintain appropriate backup of files. * Use the best virus protection. * Maintain a computer transaction log. * Scan files and diskettes for viruses. * Request an information system security review. * Perform surprise fraud audits.
TOPIC: Combating Fraud: Putting in Place an Effective Audit System to Detect and Prevent Fraud Ø Key indicators of fraud Ø Types of fraud associated with the activities reviewed Ø Prevention aids by internal auditors Ø Techniques for enabling the detection and investigation of fraudulent activities
The Naval Criminal Investigative Service (NCIS), Department of the Navy and the Office of Inspector General of the Port Authority of New York & New Jersey recently recognized the CFE credential for hiring and promotional purposes. Both recognitions are part of the Association of Certified Fraud Examiner’s (ACFE) Law Enforcement Partnership program and have plans to work toward having all current investigators achieve this valuable credential. They also join the ranks of government agencies such as the FBI, the U.S. Postal Inspection Service, the Government Accountability Office and the Department of Defense.
CFE Exam covers four areas Criminology & Ethics - The purpose of this section is to test your knowledge of criminological concepts and to evaluate your understanding of the underlying ethics of the fraud examination profession. This part includes administration of criminal justice, theories of crime causation, theories of fraud prevention, crime information sources, and ethical situations. Financial Transactions - This section tests your knowledge of the types of fraudulent financial transactions incurred in accounting records. To pass this section, you will be required to demonstrate knowledge of these concepts: basic accounting and auditing theory, fraud schemes, internal controls to deter fraud and other auditing and accounting matters. Fraud Investigation - This section includes questions in the following areas: interviewing, taking statements, obtaining information from public records, tracing illicit transactions, evaluating deception and report writing. Legal Elements of Fraud - This section ensures that you are familiar with the many legal ramifications of conducting fraud examinations, including criminal and civil law, rules of evidence, rights of the accused and accuser and expert witness matters.
