Five-Step Approach to Fraud Detection: #1 Know the Exposures

December 2009

The "Five-Step Approach to Fraud Detection" is a strategy I use to detect fraud in any area, and a template I provide to company executives and managers when helping them establish control systems design to detect fraud in their day-to-day operations. This is the first in a series of articles in which I will demonstrate how you can apply this strategy to your own environment.

by Scott Langlinais
Langlinais Fraud and Audit Advisory Services

Here is the Five-Step Approach:

Know the Exposures
Know the Symptoms of Occurrence
Be Alert for Symptoms and Behavior Indicators
Build Audit Programs/Detective Processes To Look for Symptoms
Follow Through on All Symptoms Observed

Step one halts most people because if you have no idea what can go wrong in your area, the rest of the strategy collapses. This begins a series of articles in which I will walk through some very common and dangerous frauds that affect all organizations, regardless of industry, to help you understand how to apply the strategy to create an environment hostile toward fraud.

Risk: Employees Misusing Accounts Payable Checks or Wire Transfers

Whether I am performing a tactical review of an area or discussing fraud-prevention strategy with executives, I always begin with a "What Can Go Wrong" list, in which I list potential perpetrators and fraud acts. Considering the risk of employees using company money to fund personal expenditures, here is a list of what can go wrong:

Former CFO of Patterson-UTI Energy, Inc. admits to embezzling more than $77 million from employer … Between 1998 and 2000, [the CFO] forged approximately 38 checks, totaling approximately $4,639,750.00. Each check was made payable to [the CFO] or … an entity created and controlled by [the CFO].¹

An Information Technology Director in charge of purchasing expensive network hardware established a shell company to stand between his employer and their legitimate network hardware vendor. The Director would make a legitimate purchase from the vendor, and the vendor would ship the product to the employer. However, the Director instructed the vendor to invoice his shell company, which would in turn mark-up the true cost of the hardware and invoice his employer for the higher amount. The employer thus paid $5 million extra for the products, which the Director kept and used for personal purchases.

In the latest setback for the corporate governance movement, Yale University's School of Management is quietly forcing out the prize-winning head of its International Institute for Corporate Governance … [The perpetrator] allegedly double-billed Yale for about $150,000 in business travel expenses since mid-2001.²

Top Roslyn school officials and their friends and family siphoned off more than $11 million of district money … revolved around the abuse of district credit cards originally issued to [the perpetrators who] in turn handed out the cards to family and friends until 74 cards were circulating among 13 people. Between 1997 and last year, they charged $5.9 million for personal use.³

Typically, my "What Can Go Wrong" documents for a particular area will list at least two or three dozen frauds stated in a single sentence or two. My lists typically do not elaborate the frauds to the extent you see above, but for our purposes here it was necessary for you to see some details about the frauds. For instance, I might state the first fraud above as follows: "The CFO forged checks made payable to himself or an entity controlled by him."

It is important to list both the perpetrator and the fraud act when you create your own exposure lists. Resist the urge to eliminate the perpetrator; their inclusion in your list brings the fraud to life, gives your list a sense of action.

As you can see, these are big frauds perpetrated by high-level folks. Too often we focus on the easy targets—the clerk in the corner rather than the company's rainmakers. Your most dangerous frauds will be those perpetrated by your executives, so be sure to include them as potential perpetrators.

Symptoms

The next step in the process is to list the symptoms, or what these frauds would look like in the books and records. Here is a short list derived from the frauds listed above—you are likely to come up with many more symptoms:

One vendor whose name no one recognizes received an unusual amount of funds from Accounts Payable relative to other vendors in the past quarter.
A vendor address, tax ID, or contact phone number matches that of one of the company's employees.
A canceled check is double-endorsed on the back.
The CEO's signature on a large check does not match the signature on other checks he has signed, and he has never seen the checks he supposedly signed.
There is no approved purchase order, no packing slip for received goods, and no indication of a received service for an invoice that was paid.
A manager's cost center is way over budget.
Expenses are being coded to a "miscellaneous" or "black hole" account which no one is reviewing.
An employee is submitting multiple expenses for the same amounts.
An employee is submitting photocopied receipts on their expense reports.
Several company credit cards have been issued to the same employee.
Some of the credit cards contain far more purchases than the company average.

Again, these are just a few, but you will notice that I did not list a single control weakness. A control weakness is not a symptom of fraud. Just because a control is present, does not mean a fraud is not occurring. Conversely, just because a control is absent does not mean a fraud is occurring. Just because someone smokes does not mean they have lung cancer, and just because they do not smoke does not mean their lungs are clear. A doctor must look for the symptoms.

In each of the frauds listed above, it can be assumed that some controls were present. In the first fraud, the company had a control in which the CEO signed checks above a certain amount—the CFO simply forged the signature. So if we ignored the area just because we heard proper controls existed, then we would have missed a massive fraud.

Build Audit Programs/Detective Processes To Look for Symptoms

This is the last step I will discuss in the five-step approach to fraud detection; the other two are self-explanatory. If you perform audits, your step here is to include symptom detection in your audit programs. Auditors: look for symptoms of fraud! Quit looking for approval signatures and thinking your work is done; every fraudulent disbursement or expense report I have seen in my career had an approval signature on it. This does not mean someone approved the frauds, it just means the approver failed to pay attention, did not take their authority seriously, did not have time to properly review the item, or did not understand (or care about) what they should have been looking for.

If you manage an operational or finance/accounting unit, design processes to detect symptoms. Managers generally understand how to establish preventative controls: approval signatures for checks over a certain amount, requiring original receipts on expense reports, three-way matching approved purchase orders to invoices to packing slips. What managers are not so good at are establishing processes to detect frauds after the perpetrator has run the gauntlet of front-end controls. It is like a rancher who builds a fence around his livestock but has no way to catch the thief who has jumped the barrier.

Following are some audit tests/detective processes designed to catch the symptoms listed above.

Using system queries or data analysis software such as Idea^®, periodically summarize your top 25 vendors both by the amount of money and by the number of payments they receive. Review the list, focusing on vendors whose names you do not recognize. Starting with the largest, review the supporting documentation and verify receipt of a product or service of that vendor's invoices.
Use data analysis to join a check register or vendor master file with an employee database (such as a payroll listing or headcount report). Seek vendors with the same address, tax ID, or contact phone number as an employee.
Review canceled checks for double endorsements, especially those with check requests labeled as "rush jobs, please hurry."
Review large and unusual expenditures with the approving executive, ensure the approver fully understood what they were approving, and determine whether the documentation adequately supports the expense (missing or inadequate documentation is the number one symptom of fraud).
Analyze total expenditures by cost center, particularly focusing on those with increasingly higher spending month after month. Starting with the largest, most unusual expenditure amounts, pull all supporting documentation, including the check, purchase order, invoice, and proof of receipt of a good or service. Ensure all data matches, pay attention to details on the support, and use data analysis to seek duplicate expense submissions or multiple company credit cards issued to the same employee.
Pull expense reports for your top 25 travelers over a period. Look for large and unusual expenses, particularly odd miscellaneous expenses and high airfare submissions. Confirm whether the expense was legitimate, the flight actually taken. Seek inadequate documentation, such as photocopied receipts or credit cards statements as support.
Perform the previous procedure with the top 25 spenders on your company credit card.

Of course, the descriptions of these tests are too general to properly implement, but they should provide you with an idea about how to construct detective procedures within your own environment. Good luck in finding employees who use company money for personal reasons!

See part 2 in this series, "Know the Symptoms of Occurrence."

¹U.S. Department of Justice, United States Attorney, Northern District of Texas, Press Release, April 27, 2006.

²Joann S. Lublin, Wall Street Journal, "Travel Expenses Prompt Yale to Force Out Institute Chief," January 10, 2005.

³Theresa Vargas and Eden Lankin, "Audit: Over $11 million siphoned from Roslyn schools," Newsday, March 3, 2005.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

More Risk Management Information from IRMI
Books, Manuals, Newsletters	IRMI Online	Sage/ ReferenceConnect
Practical Risk Management
The Risk Report
Construction Risk Management
Contractual Risk Transfer
Risk Financing
Exposure Survey Questionnaire
Guidelines for Insurance Specifications
How To Draft and Interpret Insurance Policies
IRMI Insurance Checklists
Claims Operations: A Practical Guide
Free Risk Management Articles in IRMI.com
25 Risk-Conquering Ideas
Risk Management
Effective Contractual Risk Transfer in Construction
Risk Management - Why and How
Insurance Continuing Education Courses from IRMI
Litigation Management (CE)
Contractual Risk Transfer in Construction (CRIS CE)