Instructor's Manual for PRINCIPLES OF FRAUD EXAMINATION CHAPTER ONE – INTRODUCTION LECTURE OUTLINE I. Fraud Examination vs. Auditing A. Fraud Examination is the discipline of resolving allegations of fraud. B. An audit is a general examination of financial data for the purpose of expressing an opinion on the financial statements. TEACHING TIP The table entitled "Auditing vs. Fraud Examination" may be used to provide an overview to summarize the differences between Fraud Examination and Auditing. C. Fraud Examination Methodology – logical steps are taken to narrow the focus from the general to the specific. Beginning with a hypothesis, additional evidence is used to amend and refine the hypothesis as the fraud examination progresses. TEACHING TIP The graphic entitled "Evidence-Gathering Order in Fraud Examinations" may be used to provide an understanding of the steps taken to focus a fraud examination. D. Predication – the totality of circumstances that would lead a reasonable, professionally-trained, and prudent individual to believe a fraud has occurred, is occurring, and/or will occur. There must be proper predication in order to initiate a fraud examination (e.g., a tip or complaint from a third party). II. Fraud Theory Approach A. Analyze available data B. Create a hypothesis (using a "worst-case" scenario) C. Test the hypothesis (involves developing a "what if" scenario) D. Refine and amend the hypothesis NOTE: The goal is not to "pin" the crime on a particular individual but to determine "if" a crime was committed and "how." Tools used in fraud examinations: Skill in the examination of the financial statements, books and records, and supporting documents, as well as knowledge of the legal ramifications of evidence and how to maintain the chain of custody over documents Skill in interviewing witnesses with the purpose of obtaining relevant information from those with knowledge of it Observation (i.e., observe behavior, displays of wealth, or specific offenses) Internal frauds – committed by the people who work for the organization (also known as occupational fraud and abuse) Occupational Fraud and Abuse – "The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets." Common elements of fraudulent activity: it is clandestine, it violates the employee's fiduciary duties to the organization, it is committed for the purpose of direct or indirect financial benefit to the employee, and it costs the employing organization assets, revenues, or reserves. "Employee" – any person who receives regular and periodic compensation for his or her labor. Fraud – any crime for gain that uses deception as its principal mode of operation A. The four elements of fraud include: a material false statement, knowledge that the statement was false when it was spoken, reliance on the false statement by the victim, and damages resulting from the victim's reliance on the false statement. B. The four elements of larceny (stealing) are: there was a taking or carrying away; of the money or property of another; without the consent of the owner, and with the intent to deprive the owner of its use or possession. Conversion – is "an unauthorized assumption and exercise of the right of ownership over goods or personal chattels belonging to another, to the alteration of their condition or the exclusion of the owner's rights." Embezzle – " willfully to take, or convert to one's own use, another's money or property of which the wrongdoer acquired possession lawfully, by reason of some office or employment or position of trust." Breach of fiduciary duty entails: the existence of a fiduciary relationship between the plaintiff and the defendant; the defendant (fiduciary) breached his duty to the plaintiff; and the breach resulted in either harm to the plaintiff or benefit to the fiduciary. NOTE: Fraud always entails some form of deception. (Occupational) Abuse – This category consists of a variety of petty crimes and other counterproductive behavior that have become common and even silently condoned in the workplace. It includes, for example, using company equipment for personal use, arriving at work late or leaving early, or using employee discounts to purchase goods for friends and relatives. Research in Occupational Fraud and Abuse Edwin H. Sutherland coined the term "white collar crime" developed the "theory of differential association" crime is learned techniques to commit the crime attitudes, drives, rationalizations, and motives of the criminal mind this learning usually occurs within intimate personal groups Donald R. Cressey studied embezzlers ("trust violators") developed the hypothesis known as the "fraud triangle" a perceived non-shareable financial need – Circumstances that might lead to embezzlement: violation of ascribed obligations problems resulting from personal failure business reversals physical isolation status gaining employer-employee relations perceived opportunity – Two components to commit a trust violation: general information – the knowledge that the employee's position of trust could be violated technical skill – the abilities necessary to commit the violation rationalization – Embezzlers generally rationalize their crimes by viewing them as: non-criminal justified part of a general irresponsibility for which they were not completely accountable Dr. W. Steve Albrecht – developed the "Fraud Scale" situational pressures perceived opportunities 3. personal integrity
Richard C. Hollinger The Hollinger-Clark Study found that employees steal primarily as a result of workplace conditions, and concluded that the true costs of employee theft are vastly understated Five Hypotheses of Employee Theft external economic pressures contemporary employees are not as honest and hardworking as those in past generations every employee could be tempted to steal from his employer job dissatisfaction broadly shared formal and informal structure of organizations Employee Deviance – Hollinger and Clark identified two categories of employee deviant behavior: acts by employees against property, and violations of the norms affecting productivity Income and Theft – There is a statistical relationship between employees' concern over their financial situation and the level of theft. Age and Theft – There is a direct correlation between (younger) age and (higher) level of theft. Position and Theft – The research of Hollinger and Clark indicated that thefts were highest for those with greater access to the things of value in the company. Job Satisfaction and Deviance – Employees who are dissatisfied with their jobs are more likely to engage in counterproductive or illegal behavior in order to right the perceived "inequity." Organizational Controls and Deviance – Formal organizational controls do not provide a strong deterrent effect on employee theft. Employee Perception of Control – Increasing the perception of detection provides a significant deterrent to employee theft. Uniform Occupational Fraud Classification System (also known as the Fraud Tree) – There are three categories of occupational fraud: Asset misappropriations – involves the theft or misuse of an organization's assets. Corruption – involves an act done with the intent to give some advantage inconsistent with official duty and the rights of others. Fraudulent statements – involves the intentional misreporting of financial information about a company to mislead the users of the financial statements. Instructor's Manual for PRINCIPLES OF FRAUD EXAMINATION CHAPTER TWO – SKIMMING LECTURE OUTLINE Skimming – An "off-book" fraud scheme that is manifested by the theft of cash from a victim entity before it is entered into the accounting records. Various types of sales skimming schemes include: Sales Skimming 1. This entails: a a sale of goods or services to a customer, an employee collects the customer's payment at the point of sale, and the employee makes no record of the transaction Concealment issues – It is possible that the illegal conduct may be detected by: a. a customer, b. a manager, c. a fellow employee, or d. a surveillance camera B. Cash Register Manipulation 1. This might entail: a. ringing a "no sale" or other non-cash transaction, or rigging the cash register so that sales are not printed on the register tapes 2. Concealment issues – too many "no sale" or other non-cash transactions on the register tape might be a red flag if the transactions on a register are pre-numbered, a break in the sequence would raise questions After-Hours Sales 1. This would entail: conducting sales during non-business hours, and b. not ringing up the sale on the register, or c. removing the register tape and replacing it with a new one 2. Concealment issues – a. the same as A.2. some of the "newer technology" cash registers have a memory function for daily totals Skimming by Off-Site Employees 1. This involves employees not reporting sales: a. who work at remote locations, or b. who have a high level of autonomy in their jobs 2. Concealment issues – For the property rental industry: physical inspection of properties would detect unreported sales (i.e., rentals). Undercover surveillance or investigation could uncover this type of scheme. Poor Collection Procedures This problem is characterized by failing to properly record the receipt of payments. Concealment issue – This type of scheme tends to cause certain accounts receivable to be overstated. Understated Sales This type of fraud entails recording the transaction, but for a lesser amount than was actually collected from the customer. Concealment issue – If this type of scheme is perpetrated at the register, it may be detected by the customer. Check for Currency Substitutions This scheme involves substituting unrecorded checks for cash received. Concealment issue – Segregation of duties and effective oversight would severely diminish the opportunity for this type of fraud. Theft in the Mailroom – Incoming Checks This form of skimming occurs when employees, who open the daily mail, take the incoming checks and do not record them. Concealment issues – This type of fraud: would cause certain accounts receivable to be overstated, and might cause customer complaints regarding their account balances. Preventing and Detecting Sales Skimming – In order to decrease perceived opportunity and increase the perception of detection, methods to prevent and detect skimming include: maintaining a visible management presence at cash entry points installing video cameras where cash enters an organization placing cash registers in one "cluster" area so other employees are in full view investigating customer complaints and tips recording the login and log-out time of each user requiring off-site sales personnel to maintain activity logs for business-related activity Receivables skimming – This type of fraud is more difficult to conceal than sales skimming. Generally, one of the following techniques is used to conceal receivables skimming: Lapping This form of receivables skimming entails crediting one account with the money from another account. Concealment issues – certain accounts receivable balances will be overstated, and the intricacy of these schemes may require the perpetrator to keep a written record of their crime. Force Balancing This type of scheme is possible when the perpetrator has access to both the receiving and recording function of receivables. Concealment issues – this keeps the receivables from aging but creates an imbalance in the cash account the perpetrator may hide the imbalance by forcing the total on the cash account (i.e., record an entry to fraudulently increase the cash account) Stolen Statements This entails the theft or alteration of customer account statements Concealment issues – late notices or statements showing delinquent balances must be intercepted by the perpetrator, and false statements showing up-to-date balances must be produced to prevent customer complaints Fraudulent Write-Offs or Discounts Preventing the customer from discovering his or her stolen payment doesn't resolve the discrepancy in the company's accounting records. Concealment issues – In order to keep customer accounts from falling into delinquency, the perpetrator may engage in: lapping, or fraudulently "writing-off" a customer's account to: bad debts, or discounts and allowances Debiting the Wrong Account This form of fraud entails posting a debit to an existing or fictitious accounts receivable. Concealment issue – If a balance is posted to an account that will be written off as uncollectible, the skimmed funds will be written off with it. Destroying Records of the Transaction As a last resort, a perpetrator may resort to destroying the company's accounting records. Concealment issues – missing or destroyed documents may be a red flag that fraud has occurred, but without the records, it is difficult to prove that money has been stolen. Preventing and Detecting Receivables Skimming Good internal controls are key to preventing receivables skimming schemes, especially: a. segregation of duties, mandated vacations for employees, regular job rotation, and proper authorization for account adjustments. Some of the red flags for detecting the theft of receivables are: alteration of financial records an inordinately large number or size of: discounts adjustments returns write-offs overdue accounts Automated tests may be used to highlight the red flags associated with receivables fraud, such as: summary reports identifying certain types of activity by department or employee, and trend analysis on aging of customer accounts. Instructor's Manual for PRINCIPLES OF FRAUD EXAMINATION CHAPTER THREE – CASH LARCENY LECTURE OUTLINE Cash larceny involves the theft of money after it has been recorded in the books of the victim company. Most larceny schemes entail the taking of cash: At the point of sale – This is where many cash larceny schemes occur because it's where the money is and there is often much activity here that requires the handling of cash by employees. Methods used to conceal larceny at the point of sale include: Thefts from other registers This is accomplished either by: taking money from someone else's cash register, or using someone else's access code. Concealment issue – The cash shortage seems to be caused by another employee, thereby deflecting the blame for the crime. Death by a thousand cuts This scheme entails stealing small amounts of money over an extended period of time, making it look more like errors than theft. Concealment issue – Most companies track cash discrepancies by employee, thereby making this type of fraud difficult to cover up. Reversing transactions In order to reconcile the register tape with the amount of cash on hand, this fraud may utilize false voids or refunds. Concealment issue – If there are an inordinate number of voids or refunds, this may be a red flag that fraud has occurred. Altered cash counts or cash register tapes Falsifying the cash count so that the cash on hand balances to the register tape is another way to conceal larceny. Concealment issue – Separation of duties is essential to detecting this fraud. Destroying register tapes Destroying the evidence that a crime has taken place is a last ditch effort by a fraudster. Concealment issue – The destruction of records should raise immediate suspicions of fraud. Preventing and detecting cash larceny at the point of sale – A lack of internal controls accounts for the success of most cash larceny schemes. Prevention a. Enforce segregation of duties, and Ensure independent checks over the receipting and recording of incoming cash (i.e., have an independent employee verify the cash count). Detection Look for discrepancies between sales records and cash on hand. Run summary reports showing the number of: discounts, returns, adjustments, and write-offs. Review all journal entries to cash accounts. From incoming receivables – The success of this cash larceny scheme depends on the perpetrator's ability to hide the imbalances in the cash account. Generally, one of the following methods is used to conceal the fraud. Force balancing – This entails making unsupported entries in the company's records to balance the accounts with the receipts. Reversing entries – Unauthorized adjustments, such as "courtesy discounts" may be used to reverse the payment entry. Destruction of records – Although destroying the records may not prevent the detection that a fraud has been committed, it may conceal the identity of the perpetrator. Preventing and detecting cash larceny from incoming receivables – Proper segregation of duties can be an effective tool in preventing and detecting this type of fraud. From the victim organization's bank deposits Deposit lapping – Lapping entails an employee stealing the deposit from the first day and replacing it with the deposit from the next day. Deposits in transit – Stolen deposits may also be recorded as "deposits in transit" to avoid detection of the theft. Preventing and detecting cash larceny from the deposit – Good internal control procedures and common sense are the best defense against fraud. Some procedures that may help to prevent the theft of funds from deposits are: proper segregation of duties, itemizing the deposit slip, reconciling the bank copy of the deposit slip with the office copy, regularly performing a bank reconciliation, investigating any instance in which a deposit in transit takes longer than two days to clear, having some knowledge of the character of the person to whom you are entrusting the deposit, and keeping the deposit in a safe place until it is taken to the bank. Instructor's Manual for PRINCIPLES OF FRAUD EXAMINATION CHAPTER FOUR – BILLING SCHEMES LECTURE OUTLINE Billing schemes are the most common of the five major categories of fraudulent disbursement. They are characterized by the perpetrator submitting false documentation with the intention of inducing the victim organization to issue a payment for some fraudulent purpose. The three categories of billing schemes are: Shell Company Schemes Forming a Shell Company – A shell company is a fictitious entity that is formed for the sole purpose of committing fraud. Naming the company – usually a fabricated name Company address post office box perpetrator's home address, or address of a relative, friend, or accomplice. Opening a bank account in the new company's name certificate of incorporation or assumed-name certificate is needed perpetrator is listed as an authorized signer on the account Submitting False Invoices – Invoices may be created using a: professional printer personal computer, or typewriter Self-Approval of Fraudulent Invoices – Authorization for the fictitious purchase is essential. Therefore, individuals who have the authority to approve purchases are the most likely to engage in this type of scheme. "Rubber Stamp" Supervisors – If the perpetrator doesn't have the authority to approve purchases, then an inattentive or overly trusting boss is the next best thing for someone with fraudulent intentions. Reliance on False Documents – This scheme depends on the plausible, legitimate appearance of the fraudulent documents created. Collusion – Internal controls may be circumvented by corrupt employees who covertly conspire to defraud the company. Purchases of Services Rather Than Goods – A fraud that involves the purchase of services, such as consulting services, presents greater difficulty in verifying whether the services were actually rendered or not. This type of purchase causes no imbalance between the company's records and physical inventory on hand. Pass-Through Schemes – Rather than involving the sale of fictitious goods and services, pass-through schemes utilize a fictitious (shell) entity to serve as a middleman, in order to resell actual merchandise at an inflated price. Usually, the perpetrator in this type of fraud is an employee in charge of purchasing. Preventing and Detecting Shell Company Schemes – Shell company schemes are the most costly of all forms of occupational fraud. Prevention Enforce segregation of duties Maintain and regularly update an approved vendor list Detection Identifying Shell Company Invoices lack of vendor detail on the fraudulent invoice lack of detailed description of the items billed mail drop or residential address for payment consecutively numbered invoices bills for the same or similar amounts invoices for amounts just below the company's approval limit Testing for Shell Company Schemes run summary reports to sort payments by vendor, amount, and invoice number be alert to large budget overruns look for an increase in the cost of goods sold relative to sales watch for an increase in service-related expenses investigate any unexplained increases in the quantity of goods purchased look into any physical inventory shortages monitor trends in average unit price of goods purchased confirm that vendors are legitimate oversee the types of goods and services that are purchased run reports comparing vendor addresses and employee addresses run reports showing the average turnaround time on invoices sorted by vendor Verifying Whether a Shell Company Exists look up the vendor in the phone book contact others in your industry visit the address given Identifying the Employee behind a Shell Company investigate who was involved in selecting the vendor or approving the purchase search the company's registration for who formed the company be alert for related names, addresses, phone numbers and social security numbers that may match an employee's personnel information examine endorsements, account numbers, and handwriting of suspected employees conduct surveillance of the mail drop search the office or workspace of the suspected employee (NOTE: Workplace searches should only be conducted after consulting with an attorney) Non-accomplice Vendor Schemes Pay-and-Return Schemes intentionally pay an invoice twice, then request the return of one of the checks deliberately mail the check to the wrong vendor, then request the return of the check, while processing a second check to mail to the vendor intentionally overpay the invoice, then request that the vendor return the excess purchase excess merchandise, then return the excess and pocket the refund Overbilling with a Non-accomplice Vendor's Invoices – In this type of scheme, a perpetrator either manufactures a fraudulent invoice of a known vendor, who is unaware of the crime, or re-processes a previously paid invoice. The victim organization then pays for goods or services that it does not receive. Preventing and Detecting Fraudulent Invoices from a Non-accomplice Vendor – Prevention – depends on effective purchasing function controls. Detection – look for the common red flags of non-accomplice vendor invoicing, such as: different mailing address or electronic payment information from that of the real vendor out of sequence invoice numbers duplicate invoice numbers Personal Purchases Schemes – The heart of these schemes is not the taking of the company's assets but the purchasing of them. Personal Purchases through False Invoicing – In this scheme, since the invoice is not legitimate, the perpetrator's biggest obstacle, to obtaining authorization for payment, is close inspection of the fake invoice. The Fraudster as Authorizer of Invoices – Proper internal controls should prevent anyone from being able to approve their own purchases. However, generally those with this level of authority have significant control over their subordinates. Falsifying Documents to Obtain Authorization – Because the primary control document is the purchase order, some perpetrators generate false purchase orders in order to make their purchases seem legitimate. Altering Existing Purchase Orders – Purchase orders may also be altered to increase the amount of materials being requisitioned. The excess materials are then diverted for personal use. False Purchase Requisitions – This form of fraud entails misrepresenting the nature of the purchase. Upon delivery of the merchandise, concealment may occur as a result of: poor segregation of duties enlisting the aid of employees in the receiving department changing the delivery address for the purchase Personal Purchases on Credit Cards or Other Company Accounts – Once an employee manages to obtain a company card, by whatever means, their only consideration is avoiding detection, since unlike invoicing schemes, prior approval for purchases is not required. Methods of concealment might include destroying the credit card or purchasing card statements or creating fraudulent copies on which the personal purchases are excluded. Charge Accounts – may be used for purchases from vendors with whom business is conducted on a regular basis. Opportunities for fraud include: the designated company representative authorized to sign on the account other employees who forge the signature of an authorized person instances where purchases may be verified by a phone call Returning Merchandise for Cash – In this type of scheme, the perpetrator makes a purchase and then returns the item for cash. Poor segregation of duties is key to the success of this fraud. Preventing and Detecting Personal Purchases on Company Credit Cards or Purchasing Cards– Procedures to prevent and detect credit or purchasing card fraud include: conducting thorough reviews of each card statement verifying the business purpose for each expenditure requiring original document support for each expense establishing spending limits for credit card users comparing statements with employee expense vouchers for duplications monitoring expenses for unexplained increases in spending Instructor's Manual for PRINCIPLES OF FRAUD EXAMINATION Lecture Outline Chapter 5 – Check Tampering Check Tampering Schemes – a form of fraudulent disbursement in which the perpetrator physically prepares the fraudulent check. Forged maker schemes – check tampering schemes in which an employee misappropriates a check and signs another person’s name with fraudulent intent. The “maker” is the signer of the check. 1. Obtaining the check a. Employees with access to company check stock b. Employees lacking access to company check stock c. Producing counterfeit checks d. Safeguarding company check stock 2. Check payable to a. The perpetrator b. An accomplice c. “Cash” d. A vendor 3. Forging the signature a. Free-hand forgery b. Photocopied forgeries c. Automatic check-signing mechanisms 4. Miscoding fraudulent checks - typically used as a concealment method by those employees with access to the cash disbursements journal. 5. Converting the check 6. Preventing and detecting forged maker schemes a. maintain a strict set of procedures for the handling of outgoing checks rotate authorized check signers and keep track of who is approved to sign checks during a given period on a periodic basis, an organization should have authorized check signers verify their signatures on returned checks access to signature stamps should be strictly limited Forged endorsement schemes – (also known as intercepted check schemes) check tampering schemes in which an employee intercepts a company check intended for a third party and converts the check by signing the third party’s name on the endorsement line of the check. 1. Intercepting checks before delivery a. Employees involved in delivery of checks b. Poor control over signed checks c. Theft of returned checks d. Rerouting the delivery of checks 2. Converting the stolen check 3. Preventing and detecting the theft of outgoing company checks Altered payee schemes 1. Altering checks prepared by others a. Inserting a new payee b. “Tacking on” 2. Altering checks prepared by the fraudster a. Erasable ink b. Blank checks 3. Converting altered checks Preventing and detecting the alteration of company checks a. segregation of duties matching bank statement items to canceled checks Concealed check schemes – check tampering frauds in which an employee prepares a fraudulent check and submits it along with legitimate checks to an authorized maker who signs it without a proper review. Authorized maker schemes – check tampering fraud in which an employee with signature authority on a company account writes fraudulent checks for his own benefit and signs his own name as the maker. 1. Overriding controls through intimidation 2. Poor controls 3. Preventing and detecting check tampering by authorized makers Concealing Check Tampering – concealment of the fraud is the most important part of the scheme. The following are ways in which this may be accomplished: The fraudster reconciling the bank statement Re-alteration of checks Falsifying the disbursements journal Reissuing intercepted checks Bogus supporting documents Electronic Payment Tampering – an alternative to paper checks that enables a payer to transmit funds electronically over the Internet or other medium. It includes ACH payments, online bill payments, and wire transfers. Methods used to manipulate electronic payments 1. Abusing legitimate access to employer’s payment system 2. Gaining access through social engineering or password theft 3. Exploiting weaknesses in internal control or payment system Prevention and detection of electronic payment tampering 1. Internal controls a. Separation of duties; e.g., segregate duties for creating, approving, and releasing wires b. Segregating bank accounts; e.g., separate accounts for paper and electronic transactions c. Daily account monitoring and reconciliation d. Management and protection of user access and account information 2. Bank security services a. Set up ACH blocks/ACH filters b. Use positive pay for ACH c. Restrict banking software access to specific banking activities to enhance separation of duties; e.g., viewing bank statements or initiating electronic payments d. Customize banking software to incorporate dual authorization and daily or individual transaction limits e. Use bank’s multi-factor authentication tools; e.g., tokens, digital certificates, smart cards, and voice print recognition software Instructor Manual for Principles of Fraud Examination 9780470646298, 9781118922347 Joseph T. Wells
Close