Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Risk Management and Multiline CommentaryFree Risk Management and Multiline Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Corporate AviationCorporate Aviation
Collapse Corporate Fraud PreventionCorporate Fraud Prevention
Fraud in Major Contract Projects (January 2011)
Five-Step Approach to Fraud Detection: #1 Know the Exposures (December 2009)
Five-Step Approach to Fraud Detection: #2 Know the Symptoms of Occurrence (April 2010)
Five-Step Approach to Fraud Detection: #3 Be Alert to Symptoms (June 2010)
Five-Step Approach to Fraud Detection: #4 Build Audit Programs/Detective Processes To Look for Symptoms (July 2010)
Uncovering Business Fraud: Look Beyond Pronouncements and Acts (March 2009)
Corporate Fraud: Acceptable Limits (January 2009)
Seek the Symptoms of Fraud (September 2008)
Risk Management for Company-Paid Purchase Cards (June 2008)
Reducing the Opportunity To Commit Fraud (March 2008)
Importance of a Strong Fraud Policy (January 2008)
Building Processes To Detect Fraud (September 2007)
High-Integrity Management and Fraud Prevention: The Wrong Way (July 2007)
Creating a Culture Hostile to Fraud (April 2007)
Expand Cyber and Privacy Risk and InsuranceCyber and Privacy Risk and Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Expand Enterprise Risk ManagementEnterprise Risk Management
Expand Internal ControlsInternal Controls
Expand NanotechnologyNanotechnology
Expand Political RiskPolitical Risk
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Claims, Caselaw, LegalClaims, Caselaw, Legal
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Five-Step Approach to Fraud Detection: #3 Be Alert to Symptoms

June 2010

The "Five-Step Approach to Fraud Detection" is a strategy I use to detect fraud in any area and a template I provide to company executives and managers when helping them establish control systems design to detect frauds in their day-to-day operations. This is the third in a series of articles in which I will demonstrate how to apply this strategy to your own environment.

by Scott Langlinais
Langlinais Fraud and Audit Advisory Services

Here is the Five-Step Approach:

  1. Know the Exposures
  2. Know the Symptoms of Occurrence
  3. Be Alert for Symptoms and Behavior Indicators
  4. Build Audit Programs/Detective Processes To Look for Symptoms
  5. Follow Through on All Symptoms Observed

Step one halts most people because if they have no idea what can go wrong in their area, the rest of the strategy collapses. This continues a series of articles in which I will walk through some very common and dangerous frauds that affect all organizations, regardless of industry, to help you understand how to apply the strategy to create an environment hostile to fraud.

Risk: Collusion

Suppose an employee or vendor offers your employees a kickback to enlist their participation in embezzlement? In this article, I want to focus on the concept of collusion—involvement by two or more perpetrators in a fraud. This risk intimidates auditors, finance and accounting managers, and risk professionals; their opinion in collusion enables a circumvention of controls established to prevent a particular fraud, thus rendering collusive frauds difficult to detect.

In one particular embezzlement, for example, the husband was a trucker for the company, his wife an accountant. Warehouse and inventory operations were properly segregated from accounting, but the two were able to violate the company's controls when the husband stole goods from the truck because the wife was able to book false sales, then subsequently write them off as uncollectible to cover the inventory shortages.

If multiple people can thus circumvent a control structure, how are we as managers and officers supposed to prevent such a fraud? The answer is by committing yourself to seeking the symptoms of the fraud.

Whether I am performing a tactical review of an area or discussing fraud-prevention strategy with executives, I always begin with a "What Can Go Wrong" list, in which I brainstorm potential perpetrators and fraud acts. Considering the risk of certain collusive frauds, here are a few good examples of what can go wrong.

A supervisor approaches several hourly student laborers: if the students record extra overtime on their timesheets that they did not work, the supervisor will approve those hours and not alert anyone. She'll do this as long as the students split the extra overtime money with her. Fourteen people (including the supervisor) become involved in stealing over $250,000.
Two operations employees of a construction company determine a method for overbilling indirect costs (such as rent, insurance) to their customers on multimillion dollar projects. Those two employees are able to siphon the extra billings into their personal bank accounts while allowing their company to collect on the legitimate charges. The company's chief financial officer (CFO) detects the fraud by his company's employees; however, he agrees to join in the fraud for a cut of the proceeds. The total amount of the overbillings is $36 million.
The procurement director agrees to share with a vendor the prices their competitors are bidding for the business. After the vendor wins the business from their low bid, they agree to provide a kickback to the procurement director.
Three employees of a pipeline company, including an accounting clerk, a terminal operator, and a terminal supervisor, conspire with two employees of a trucking vendor to steal 1.5 million gallons of fuel. They sold the fuel to unsuspecting fuel service station owners. The accounting clerk destroyed bills of lading and fabricated the numbers on the location's fuel variance report provided to headquarters.

Typically, my What Can Go Wrong documents for a particular area will list at least two or three dozen frauds stated in a single sentence or two. In the cases such as those above, we are dealing with multiple perpetrators, so list them all.

Symptom Identification

This is how we avoid the problem of collusion, by listing symptoms of the frauds regardless of the number of people participating. Symptoms are what these frauds would look like in the books and records. Here is a short list derived from the frauds listed above—you are likely to come up with many more.

Student employees are absent from the workplace during overtime hours.
Departmental labor expenses are over budget.
Overtime hours are strange, odd, or curious (30 hours of overtime posted during Thanksgiving week when offices were closed, or a full-time student recording 80-hour workweeks).
Indirect charges on a construction project exceed a reasonable percentage (e.g., >25 percent) of total billings.
Indirect charges are unsupported by adequate documentation, or the documentation appears to have been altered.
The bid winner/lowest bid is almost always the last bid received by Procurement, and the bid is almost always pennies lower than the second lowest bid.
Bid losers declined the procurement director's offers of favored status in exchange for some form of kickback.
Unexplained or "miscellaneous" losses in a particular division are higher than normal.
Service station owners complain their competitors are receiving below-market pricing on fuel.
Bills of lading are missing from the supporting documentation.

You will notice that I did not list a single control weakness. I did not say that duties were not properly segregated here, a signature was missing there. A control weakness is not a symptom of fraud. Just because a control is present does not mean a fraud is not occurring. Conversely, just because a control is absent does not mean a fraud is occurring. Just because someone smokes does not mean they have lung cancer, and just because they do not smoke does not mean their lungs are clear. A doctor must look for the symptoms.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Advertisements
    
 
© 2000-2012 International Risk Management Institute, Inc. (IRMI). All rights reserved.