Skip to Content
Corporate Fraud Prevention

Five-Step Approach to Fraud Detection: #2 Know the Symptoms of Occurrence

Scott Langlinais | April 1, 2010

On This Page
Fraud written on a credit card

The Five-Step Approach to Fraud Detection is a strategy I use to detect fraud in any area, and a template I provide to company executives and managers when helping them establish control systems designed to detect frauds in their day-to-day operations. This is the second in a series of articles in which I will demonstrate how you can apply this strategy to your own environment.

Here is the Five-Step Approach.

  1. Know the Exposures
  2. Know the Symptoms of Occurrence
  3. Be Alert for Symptoms and Behavior Indicators
  4. Build Audit Programs/Detective Processes To Look for Symptoms
  5. Follow through on All Symptoms Observed

Step one halts most people because if you have no idea what can go wrong in your area, the rest of the strategy collapses. This continues a series of articles in which I will walk through some very common and dangerous frauds that affect all organizations, regardless of industry, to help you understand how to apply the strategy to create an environment hostile toward fraud.

Risk: Revenue Manipulation

By this we mean when executives and managers manipulate revenues around a period end to craft an earnings figure that is more in line with either stakeholder expectations or their compensation stipulations. Whether I am performing a tactical review of an area or discussing fraud-prevention strategy with executives, I always begin with a "What Can Go Wrong" list, in which I list potential perpetrators and fraud acts. Considering the risk of executives managing earnings relative to revenues, here are a few good examples of what can go wrong.

  • The executive team directs Finance and Accounting to recognize revenues on contracts that were not completed and signed as of a period end. After the deals are signed, they are back-dated to the previous reporting period.
  • To hit their revenue target for the quarter, an account manager on an ongoing project makes a covert agreement with the customer: the manager will provide a favor or free services if the customer accepts the invoice 3 months early. The manager tells the customer not to pay the invoice until ready but fails to tell their Accounting Department about the arrangement. Therefore, Accounting recognizes the revenues when they see the invoice sent, which is in the wrong reporting period, and fails to account for the cost of the favor or free services the manager is providing.
  • Executives fail to close enough deals to make their projections. However, they record the sales in the current quarter anyway because they believe the deals will close in the first couple of weeks of the following quarter. They direct the shipping department to load the items on a truck, send the truck off site, and instruct the driver to wait a few days before delivering the products to the customer, so they can "prove" they shipped the goods and recognized the revenues in the same period.
  • An executive directs that legitimate sales be held in backlog (a "rainy day fund") until they are needed in a future quarter.

Typically, my What Can Go Wrong documents for a particular area will list at least two or three dozen frauds stated in a single sentence or two. It is important to list both the perpetrator and the fraud act when you create your own exposure lists. Resist the urge to eliminate the perpetrator; their inclusion in your list brings the fraud to life and gives your list a sense of action.

Earnings management frauds such as these are perpetrated by high-level folks, and can result in millions of dollars in fines by the Securities and Exchange Commission (SEC) and severe market damage. MicroStrategy's executives learned this in 2000 when the SEC brought civil charges against the company's executives for improper revenue recognition. The top three executives were ordered to pay a total of $11 million in fines and penalties to the SEC, while the company's stock price plummeted from $260 per share to $86 in a single day of trading and continued to decline thereafter. 1

Too often we focus on the easy targets—the clerk in the corner rather than the company's rainmakers. But your most dangerous frauds will be those perpetrated by executives, so be sure to include them as potential perpetrators.

Symptom Identification

The next step in the process is to list the symptoms, or what these frauds would look like in the books and records. Here is a short list derived from the frauds listed above—you are likely to come up with many more.

  • There is a flurry of deals booked on the last day of a reporting period, particularly in the evening.
  • A contract has been physically altered, and appears to be back-dated.
  • Some sales are reversed or voided, or a significant amount of products are returned, in the first few days after a period end, or just after the auditors leave.
  • A disproportionate number of delinquent/uncollectible invoices to customers relative to the total population of delinquencies are from invoices which bear a date such as March 31, or June 30—just before a period end.
  • An email exchange exists between a customer and one of your account managers which covertly alters the terms of the contract.
  • The revenue recognition period differs from the period in which the contract was signed.
  • A shipment straddling a period end takes an unreasonable amount of time to reach the customer.

You will notice that I did not list a single control weakness. A control weakness is not a symptom of fraud. Just because a control is present does not mean a fraud is not occurring. Conversely, just because a control is absent does not mean a fraud is occurring. Likewise, just because someone smokes does not mean they have lung cancer, and just because they do not smoke does not mean their lungs are clear. A doctor must look for the symptoms, as should we.

Build Audit Programs/Detective Processes to Look for Symptoms

This is the last step I will discuss in the five-step approach to fraud detection; the other two are self-explanatory. If you perform audits, your step here is to include symptom detection in your audit programs. Auditors: look for symptoms of fraud! Quit looking for approval signatures and thinking your work is done; every fraudulent disbursement or expense report I have seen in my career had an approval signature on it. This does not mean someone approved the frauds, it just means the approver failed to pay attention, did not take their authority seriously, did not have time to properly review the item, or did not understand (or care about) what they should have been looking for.

If you manage an operational or finance/accounting unit, then design processes to detect symptoms. Managers generally understand how to establish preventative controls: approval signatures for checks over a certain amount, requiring original receipts on expense reports, three-way matching approved purchase orders to invoices to packing slips. But managers are not so good at establishing processes to detect frauds after the perpetrator has run the gauntlet of front-end controls. It is like a rancher who builds a fence around his livestock but has no way to catch the thief who has jumped the barrier.

Following are some audit tests/detective processes designed to catch the symptoms listed above. In each of these cases, you will need to ensure proper documentation exists around the sale, including a contract dated in the same period as the revenue recognition. Also—this is an important procedure—confirm the sale and terms with the customer, by phone, not by boilerplate letter or email.

  • Using system queries or data analysis software such as Idea®, stratify sales by date, and look for a spike in sales just before a period end. Working backwards from the period-end date, select large sales for testing.
  • Extract large or round sum sales that were voided or reversed just after a period end, and test those transactions.
  • Analyze invoices which are very delinquent (i.e., over 90 days), and determine whether a disproportionate number (and amount) of those invoices were originally issued just before a period end.
  • Analyze product returns and reasons for the returns, and determine whether a disproportionate number (and amount) of those products were shipped just before a period end.
  • Consider an email search of account managers whose deals demonstrate a high percentage of reversal, delinquency, or any of the other symptoms listed above. Seek side deals with customers documented in the email.

Of course, the descriptions of these tests are too general to properly implement, but they should provide you with an idea about how to construct detective procedures within your own environment. Good luck in discovering symptoms of earnings management!

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.


1 Securities and Exchange Commission, "SEC Brings Civil Charges Against MicroStrategy and Three Executive Officers for Accounting Violations," press release, December 14, 2000.