Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Risk Management and Multiline CommentaryFree Risk Management and Multiline Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Corporate AviationCorporate Aviation
Collapse Corporate Fraud PreventionCorporate Fraud Prevention
Fraud in Major Contract Projects (January 2011)
Five-Step Approach to Fraud Detection: #1 Know the Exposures (December 2009)
Five-Step Approach to Fraud Detection: #2 Know the Symptoms of Occurrence (April 2010)
Five-Step Approach to Fraud Detection: #3 Be Alert to Symptoms (June 2010)
Five-Step Approach to Fraud Detection: #4 Build Audit Programs/Detective Processes To Look for Symptoms (July 2010)
Uncovering Business Fraud: Look Beyond Pronouncements and Acts (March 2009)
Corporate Fraud: Acceptable Limits (January 2009)
Seek the Symptoms of Fraud (September 2008)
Risk Management for Company-Paid Purchase Cards (June 2008)
Reducing the Opportunity To Commit Fraud (March 2008)
Importance of a Strong Fraud Policy (January 2008)
Building Processes To Detect Fraud (September 2007)
High-Integrity Management and Fraud Prevention: The Wrong Way (July 2007)
Creating a Culture Hostile to Fraud (April 2007)
Expand Cyber and Privacy Risk and InsuranceCyber and Privacy Risk and Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Expand Enterprise Risk ManagementEnterprise Risk Management
Expand Internal ControlsInternal Controls
Expand NanotechnologyNanotechnology
Expand Political RiskPolitical Risk
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Claims, Caselaw, LegalClaims, Caselaw, Legal
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Five-Step Approach to Fraud Detection: #4 Build Audit Programs/Detective Processes To Look for Symptoms

July 2010

The "Five-Step Approach to Fraud Detection" is a strategy I use to detect fraud in any area, and a template I provide to company executives and managers when helping them establish control systems design to detect frauds in their day-to-day operations. In this article, we will discuss building detective processes in audit programs and processes to discover symptoms of fraud.

by Scott Langlinais
Langlinais Fraud and Audit Advisory Services

Here is the Five-Step Approach:

  1. Know the Exposures
  2. Know the Symptoms of Occurrence
  3. Be Alert for Symptoms and Behavior Indicators
  4. Build Audit Programs/Detective Processes To Look for Symptoms
  5. Follow Through on All Symptoms Observed

In my previous articles of this series, I have discussed the importance of understanding fraud exposures and symptoms of occurrence, not just for auditors, but also for finance and accounting managers seeking to prevent unnecessary losses in their areas of operation. Once you understand the risks, then it is time to look for those symptoms.

Most auditors do not include fraud detection steps in their audit programs, either because they have been taught it is not the auditor’s job to find fraud, or because their programs are so loaded with tests of controls that they feel it would be too time-consuming to add procedures to look for double endorsements on the backs of checks, or use data mining to locate the one bank account with 17 electronic paycheck transfers into it every 2 weeks.

For auditors to find fraud, it is essential to include symptom detection in their audit programs. Symptoms are not control weaknesses: just because a check lacks a proper signature does not mean the check is fraudulent. On the other hand, every fraudulent disbursement or expense report I have seen in my career had an approval signature on it. So audit programs which ask the auditor to seek approval signatures are woefully inadequate in their ability to direct an auditor towards fraud.

If you manage an operational or finance/accounting unit, then you can structure an environment hostile to fraud by designing processes to detect fraud symptoms. Managers generally understand how to establish preventative controls: approval signatures for checks over a certain amount, requiring original receipts on expense reports, three-way matching approved purchase orders to invoices to packing slips. But managers often overlook processes to detect frauds after the perpetrator has run the gauntlet of front-end controls. It is like a rancher who builds a fence around his livestock but has no way to catch the thief who has jumped the barrier.

For those auditors and managers who believe their budgets cannot handle extra detective procedures, I would advise them to scan their normal procedures, determine which have generally been ineffective, and replace those with more effective detection procedures.

Following are some audit tests/detective processes designed to catch the symptoms discussed in the previous article.

Show up at odd hours to a department that is reporting high overtime or payroll expenses coming in over budget; observe whether people are present performing work and compare that to the hours they report.

Review time reports for trends of steady, upward increases in overtime, particularly where there is no corresponding increase in output or sales.

On construction projects that contain a right to audit clause in the contract, visit the vendor site and review documentation for all indirect expenses which exceed a reasonable percentage of total billings.

Perform a bid analysis of recent vendor bid requests, listing out the date the bid was received, goods/services descriptions, and price per unit. Group the vendors by bid request, and look for patterns in the bidding which would indicate one vendor received information the others did not.

Talk with bid losers and ask them if their contact at your company offered any unusual terms for favored status.

In locations suffering odd unexplained or "miscellaneous" losses, perform an inventory count of portable/high demand items and reconcile with system balances.

Secretly install cameras at locations in which your company is experiencing unexplained inventory losses. Review for direct evidence of theft. At a minimum, ensure that every shipment out over a period of time is supported by proper documentation and that upper management is aware of the shipments.

Of course, the descriptions of some of these tests are too general to properly implement, but they should provide you with an idea about how to construct detective audit tests or procedures within your own environment.

Good luck in discovering symptoms of fraud!

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Advertisements
    
 
© 2000-2012 International Risk Management Institute, Inc. (IRMI). All rights reserved.