Accountancy's own fraudbusters.

Company fraud takes many forms, from the embezzlement of millions by organised criminals to the life-long cashier dipping a hand in the petty cash box. Whichever form it may be, it’s not easy to trace. All too often it requires an exceptional individual with the mind of an accountant, the nose of a sleuth, and a cynic to boot, who trusts nobody and nothing – the forensic accountant. While it is simple to show that money, materials or equipment is missing, it is extremely difficult to prove who stole it. It is even more difficult to prosecute the perpetrators, not the least because of a lack of police resources and a company’s wish to stay out of the limelight and avoid press coverage. According to the Serious Fraud Office’s 1997-98 annual report, there were 41 frauds on investors in that period, 15 on creditors of companies, 15 on banks and other financial institutions, nine on central or local government and five involving the manipulation of financial markets – that’s just those notified. Make no mistake, fraud is on the increase and getting more and more sophisticated. An annual survey of fraud cases in the UK, published by KPMG, shows that in 1997 there were 55 cases each involving more than £100,000, with a total value of £120m. It is estimated that auditors find around 20% to 25% of all fraud, with routine accounting procedures finding a similar amount. The remaining 50% to 60% is discovered by leads, tip-offs or even by accident. Often though, a skillful fraudster will use a “bait” fraud to conceal a much larger on-going one. “Unless an auditor has been specifically instructed to look for fraud, he or she merely checks that the accounts are accurate,” says Alex Brown, head of litigation support at Lovewell Blake, a firm of chartered surveyors in Norwich. Brown is also co-author of Tolley’s Accountancy Litigation Support and governor of the Expert Witness Institute. He says that any financial director suspecting a fraud should, with maximum secrecy, immediately call in the auditors or an independent forensic accountant. Hazel de Burgh, lead principal of Buchler Phillips Lindquist Avey, forensic and investigative accountants of London, agrees. “The financial director must be diligent in discharging his duties and responsibilities in terms of risk and internal controls. If he believes that something fraudulent is happening, he must act. If a company doesn’t show itself to be jumping on fraud rather than sweeping it under the carpet, more employees could become involved and the company could find itself in dire trouble at the end of the day.” Alex Brown maintains that there is no correlation between age and incidence of fraud. “The sweet and smiling little old lady who has been in accounts for 30-odd years can turn out to be a long-term fraudster who got caught by accident when her luck ran out; just as can the three directors who spent all their time making up false sets of books and had no time to run the business.” He cites the case of a manufacturing company which had a skip in the yard where scrap was deposited. This scrap would be sold on a regular basis to a dealer. The dealer would pay in cash and the money would “sometimes” be pocketed by the yard manager who “omitted” to keep adequate records. This had been going on for a number of years. A new firm of accountants employed by the company decided to look at the company’s scrap disposal policy. The fraud was discovered. There is also the case of the secretary who obtained money for her boss on a fairly regular basis. From time to time, needing some extra cash herself, she ordered larger amounts of money on the petty cash dockets signed by the boss. An extra £10 here and £50 there. Even a couple of hundred if the amount on the petty cash slip would wear it. Only when a diligent accountant checked did the fraud come to light. In these days of high technology, what better way of defrauding a company than to bug or sabotage the computer system for personal gain? De Burgh was called in by a company to investigate what looked like a case of sophisticated computer fraud. The company computer was writing and sending out cheques for large sums of money to people who should not have received them. Fortunately, forensic accountants go in with kid gloves; this time it wasn’t a fraud that was being perpetrated but a simple case of a faulty computer. “In this instance we were needed to prove it was the computer (at fault) not individuals, but as fraud gets more sophisticated, the computer is used to the advantage of the fraudster,” says de Burgh. Ian White, senior manager of forensic services at accountants Kidsons Impey, says it is vital to bring in an outsider. “When a fraud is discovered by a senior manager, management judgements can easily be clouded by an emotional reaction to the crime. Forensic accountants can help by bringing their experience to bear in the investigation,” he says. “There are three common elements in all fraud cases,” says Brown: “intent to commit a fraudulent act; disguise – efforts to conceal the fraudulent act by improper actions and/or misrepresentations; and carelessness on the part of the victim who may have made the fraudster’s actions easier through lack of control or supervision. For the financial director it is imperative that controls are put in place and rigidly observed. Simple examples are: Never allow the individual who passes invoices for payment to be responsible for drawing and signing cheques to suppliers. According to Alex Brown, this is an obvious mistake but still occurs, with an almost inevitable result that some of those individuals fall prey to temptation and steal from their employers. Never allow an expenses re-imbursement without production of receipts on the spot. Allowing employees to produce paperwork later gives a wrong impression and is asking for trouble. Do not let the routine nature of monthly accounting controls diminish or blunt their effectiveness. For example, read rather than glance at the payroll report before signing the monthly cheque. Make a point of scrutinising the files for new employees. Do not allow computer specialists to work unsupervised – especially if they have been brought in as “consultants” to overcome problems of staff shortage or the millennium bug. Do not forget the classic warning sign of the employee who is so diligent that he or she has no time to take a holiday. The real reason may be that a fraud is going on which needs daily attention to avoid detection. Putting good systems in place can not only prevent fraud but can also be used as a way of detecting it, says de Burgh – unless a department head and his immediate subordinates are in collusion. “What becomes difficult in this instance is to establish who is not involved. Very often those lower down the scale are merely pawns in the process,” she adds. She cites the following case: A senior bank official in a Middle Eastern country discovered a trunk that his predecessor had left in the bank’s vault. A note on the trunk said: “Open only in the event of my death.” His suspicions aroused, the official opened it immediately and found reams of documents that included deposit slips for enormous sums of money, to banks in Switzerland. Although he didn’t know what the documents referred to, the official was certain that a fraud of some nature had taken place. The documentation was sufficient to reconstruct events. Over the previous 13 years, several trusted individuals at the bank had defrauded the government of around £250m. For the financial director regulating his company, systems will help to prevent and detect any fraud. But he must also put himself in the position of poacher rather than gamekeeper. He must ask himself what he would do if he wanted to defraud the company. If in doubt, he should call in the accountancy sleuth to look under the carpet for him. With hundreds, possibly thousands or even millions of pounds at stake, it is also the reputation of the company that is on the line. Fraudulent employees can be tracked down. Fraudulent directors are more difficult. The digital coroner “If you’ve got an offence involving a computer, it is highly likely that the evidence of the offence will be held somewhere on that computer,” says Simon Dawson, manager in the International Fraud Response Group at PricewaterhouseCoopers, and formerly at the fraud department at the Crown Prosecution Service. So the fingerprints of a fraudster could be hidden in several places inside the system they used to commit the fraud, writes Richard Young. Given that a majority of frauds are also committed from within a company, it also means the chances of finding vital evidence to identify and prosecute the miscreant are extremely high. There are several ways that the corporate coroner can find incriminating evidence in places within computer systems: – Disk imaging Files that are simply deleted (but not overwritten) can easily be recovered using disk imaging, which takes a snapshot of all the 1s and 0s on the hard drive to rebuild the files. – The Windows swap file This is a portion of the hard drive used to deal with short-term requirements of the system. So even if a file is never saved, but a fraudster uses a PC to print out a fraudulent correspondence, for example, the file and evidence of who created it and when might still be recoverable. – Slack space These are areas on the end of the “blocks” that the hard drive uses to order information which may never be overwritten. So a new file may overwrite a portion of an incriminating file, but if the new file doesn’t fill a whole block, the remains might contain vital evidence. – Lost chains These are portions of data which the system has forgotten about and therefore won’t be overwritten – again meaning evidence can be recovered. The Internet has opened up new avenues to the fraudster, but also brings with it solutions for the forensic accountant. Dawson recalls that the Internet cache of one Japanese fraudster revealed a pattern of interests which helped form an audit trail for missing millions in Luxembourg bank accounts. Perhaps Dawson’s highest profile case was when he prosecuted the London teenager who used an aged 386 computer to hack into NASA, Lockheed Martin and the US defence system via a telephone company in Bogota, Columbia. In that case, although the crime had been detected and the assailant tracked down, prosecution was the problem. Dawson points out that under the UK’s Police and Criminal Evidence Act 1984, you’ve got to have evidence that every computer link in the chain of the fraud is working properly, including the digital telephone exchanges being used. Otherwise the defence can question the validity of the entire prosecution. In that same case, the admissibility of evidence obtained via secret US Defense Department anti-hacker programs was another difficulty: the defence might have requested the source codes to that top secret software to verify that it was reliable, which the US government was never likely to agree to. And the question of jurisdiction in Internet frauds and hacking remains a black art, since the location of servers, victims and fraudsters could be thousands of miles – and several legal systems – apart. Technology also provides an armoury of weapons to help the corporate coroner in more conventional fraud cases: – Computer-assisted fraud audits (CAFAs) These can be used by the finance function to decrease the time it takes to sift through the mountains of information that may be hiding evidence of wrongdoing. Specialised systems use fuzzy logic (which gradually learns to spot typical fraud patterns in a similar way to a human fraudbuster), neural networks and genetic algorithms, which also work in a more fluid and intuitive way than conventional computer software. – Link analysis This usually means generating a graphical representation of the relationships in a fraud – so the links between individuals, companies, bank accounts and events can be more easily understood. To the trained financial eye, suspicious dealings quickly become obvious, and the computer and human fraud detection systems concentrated on danger areas. – Automated fraud detection Prevention is better than cure, explains Dawson. “Sometimes you get suppliers double-invoicing a company, and that is quite easy to detect with the right systems,” he says. “They are also very good at spotting employees’ telephone numbers or addresses which are the same as those of suppliers.” Visa International saved $40m in the first six months of using an automated fraud detection system. Credit card companies can also use their standard database systems to look for bizarre spending habits as a clue to fraud: one company looks for a spike in the number of transactions at shoe shops, since shoes are apparently easy to sell at markets or car boot sales.