Fraud and Fraud Detection. Gee Sunder

Чтение книги онлайн.

Читать онлайн книгу Fraud and Fraud Detection - Gee Sunder страница 6

Fraud and Fraud Detection - Gee Sunder

Скачать книгу

style="font-size:15px;">      • Gaps or duplicates of item numbers

      • Unexpected payment methods

      • Unreasonable items

      Analytical anomalies may easily occur in business systems where they are not integrated. Unlike enterprise resource planning (ERP) systems where data entered in one module populates all the related modules, many organizations have business systems that do not communicate directly with each other. Extra care has to be taken where data from one system is manually transferred to the consolidation or other systems.

      Expect a high number of analytical anomalies. One must distinguish high-risk anomalies and low-risk anomalies. Eliminate from review those that normally would occur. Therefore, one must understand the business systems, understand the business, and also understand the industry. Knowledge of these will allow you to separate the normal and expected anomalies from those that have fraud potential.

      For internal auditors, it is expected that they would have a thorough knowledge of the workings of the business. For external auditors, forensic accountants, consultants, and investigators, they must make themselves familiar with the business entity and its industry. Standard audit steps such as the following must be employed.

      • Tour the business premises to obtain an overview of the business operations.

      • Analyze financial statements, reports, and other relevant documents.

      • Review the flow of accounting data and other information within the organization.

      • Interview relevant employees from different areas and levels. Interviews with auditors, IT staff, and corporate security employees should also be included.

      • Obtain the assistance of an experienced employee to assist and to answer questions. While an internal audit employee may be a logical choice to obtain aid, care should be taken that internal audit staff does not provide direct assistance to external auditors where prohibited. The Financial Reporting Council in the United Kingdom introduced this prohibition, effective for audits of financial statement periods ending on or after June 15, 2014.7

      For detailed flow of business systems, Section 404 of the Sarbanes-Oxley Act enacted by the United States in 20028 (or its counterpart in other countries) is invaluable. In order to annually assess the effectiveness of its internal controls, management must document and evaluate controls that form part of the financial-reporting process. This report outlines in much detail the business systems. Flowcharts typically accompany the report, which would facilitate understanding the business flow. Not only should one have knowledge of the organization, but one should also be familiar with industry practices and with some of the organization’s competitors to establish a baseline or normal business practices.

      Another red flag area is tips and complaints about alleged frauds or of witnessing unusual events. Tips are investigated more vigorously than most other irregularities or anomalies. It is recognized that people are reluctant to provide tips of fraud or suspicion of fraud. They do not know for sure that the fraud is taking place. Most people shy away from squealing on people whom they associate with and know. They believe that informing on people is just plain wrong or that they are siding with management. There is also the fear of being found out that they informed and will be ostracized by other employees. There may be potential reprisals not only from the alleged perpetrator but also from the supervisor, who may not find the tip credible or may be involved in the fraud. Also many organizations do not have a whistleblowing or integrity hotline procedures in place to make it easy and anonymous for people to provide the tips. The 2012 ACFE Report to the Nations9 shows tips as the most common way fraud was initially detected in occupational fraud at 43.3 percent. This is an increase over the 2010 report of 40.2 percent. With whistleblowing legislation in place and organizations implementing tools to facilitate this process for people, the volume of tips will hopefully increase.

      Employees are in the best place to witness and detect fraud. They are the best source for information. However, it should be recognized that some tips are provided with malicious intent. The allegations may be false and the tips provided to make trouble for the alleged perpetrator. A tip should be recognized as merely a red flag or fraud symptom and require investigation like any other symptom. An open mind and professional skepticism are needed.

      Behavioral and lifestyle changes are another area where employees are best positioned to observe these anomalies. Auditors would likely have no base to compare changes to as they do not know the employee, whereas coworkers see and interact with other employees on a day-to-day basis. Lifestyle changes would be obvious to coworkers. While observed assets can be easily explained away by way of lottery winnings, inheritance, or disposition of investments, the explanation can be just as easily verified.

      Similarly, behavioral changes – whether detrimental or good – are best noticed by other staff members. Perpetrating fraud is a stressful action that involves a fear of being caught. The stress triggers unusual behaviour that should be looked into by the organization. This may be out of concern for the employee’s physical and mental health, as well as to determine whether it impairs the organization in its day-to-day operation. The employee may be dealing with personal issues that are causing changes in behavior. This proactive approach is beneficial to the employee and may reduce one of the pressures contributing to committing fraud.

      

DATA MINING VERSUS DATA ANALYSIS AND ANALYTICS

      BusinessDictionary.com defines data mining as:

      sifting through very large amounts of data for useful information. Data mining uses artificial intelligence techniques, neural networks, and advanced statistical tools (such as cluster analysis) to reveal trends, patterns, and relationships, which might otherwise have remained undetected.10

      Data mining is the searching of large amounts of computerized data to find trends, patterns, or relationships without testing a hypothesis. No specific results or outcomes are anticipated.

      BusinessDictionary.com defines data analysis as:

      the process of evaluating data using analytical and logical reasoning to examine each component of the data provided. This form of analysis is just one of the many steps that must be completed when conducting a research experiment. Data from various sources is gathered, reviewed, and then analyzed to form some sort of finding or conclusion. There are a variety of specific data analysis method, some of which include data mining, text analytics, business intelligence, and data visualizations.11

      Data mining is a subset of data analysis or analytics. Data analytics starts with a hypothesis that is to be confirmed or proven to be false. A conclusion is made based on inference from the findings.

      The definition and types of data analytics can be further refined as to exploratory data analysis (EDA), confirmatory data analysis (CDA), and qualitative data analysis (QDA).

      EDA is the initial stage where the data is explored when little is known about the data’s relationships. It is here those hypotheses are formed and new patterns of features of the data are discovered. Most EDA techniques are visual and graphical. They consist of plotting the data in various types of statistical graphs to obtain an insight to the data.

      CDA is where testing takes place and the hypotheses are proven correct or false. Results from samples are applied to the entire database. Causal or cause-and-effect relationships are verified. A cause-and-effect relationship

Скачать книгу


<p>7</p>

Financial Reporting Council, “FRC Prohibits the Use of Internal Audit Staff on the External Audit Team,” accessed July 2, 2013, www.frc.org.uk/News-and-Events/FRC-Press/Press/2013/June/FRC-prohibits-the-use-of-internal-audit-staff-on-t.aspx?goback=%2Egde_107948_member_251979920.

<p>8</p>

U.S. Securities and Exchange Commission, “Final Rule: Management’s Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports; Rel. No. 33-8238,” accessed June 30, 2013, www.sec.gov/rules/final/33-8238.htm.

<p>9</p>

“Association of Certified Fraud Examiners – 2012 Report to the Nations,” accessed June 17, 2013, www.acfe.com/rttn.aspx.

<p>10</p>

BusinessDictionary.com, “Data Mining,” accessed July 1, 2013, www.businessdictionary.com/definition/data-mining.html.

<p>11</p>

BusinessDictionary.com, “Data Analysis?,” accessed July 1, 2013, www.businessdictionary.com/definition/data-analysis.html.