Computer Assisted Fraud Detection

Internal Auditor, August, 2000 by David G. Coderre

With the help of electronic data analysis tools, auditors can keep a watchful eye on the information assets in their organizations.

HE DEGREE OF AUTOMAtion in the typical business environment has led to an increase in the complexity of internal control systems. Technological advances in distributed processing, worldwide networking, and remote access to corporate systems, for example, increase an organization's vulnerability to control breaches and present new challenges for the internal auditor. The impact of such technology on forensic audit practices is especially significant.

A recent study by the Association of Certified Fraud Examiners indicates that financial losses due to fraud in the United States amounted to a staggering $400 billion in 1998. As more business operations use computerized information, more fraud is committed via computer assisted means. The same technology that enables this type of fraud, however, provides auditors with more sophisticated weapons to use in their fight against it. In fact, fraud detection is an ideal application for computer assisted audit techniques (CAATs). In recent years, analytical techniques have become not only more powerful, but also more widely used by auditors for forensic investigation.

CAATs enable investigators to obtain a quick overview of business operations, develop an understanding of the relationships among various data elements, and easily drill down into the details of specific areas of interest. A systematic approach to fraud investigation that involves the identification of unusual activity with the aid of CAATs, including the use of digital analysis techniques such as Benford's Law, can help to ensure that corrupt activity within the organization does not remain undetected.

IDENTIFYING FRAUD WITH CAATS

While it does not "take one to know one" with regard to fraud investigation, auditors seeking to detect fraud will certainly need to know what it looks like. This requires auditors to recognize the tell-tale evidence of fraud and to understand how the data they obtain can be used to verify whether or not a fraudulent act has been committed. Data analysis software can assist by highlighting transactions that contain the characteristics often associated with fraudulent activity. Internal auditors can review millions of transactions, including data from previous years or multiple locations, and probe for anomalies by performing analyses of information across databases. Auditors should begin their analysis by pinpointing hot spots and then searching for patterns among the data.

LOOKING FOR SYMPTOMS Data analysis programs feature many commands that review records for fraud symptoms, such as the existence of duplicate transactions, missing transactions, and other anomalies. Examples of applications for these types of functions include:

* Comparing employee addresses with vendor addresses to identify employees who are also vendors.

* Searching for duplicate check numbers to find photocopies of company checks.

* Scanning the list of vendors to identify those with post office boxes for addresses. These records can be easily extracted from the vendor file for further follow-up to ensure they represent legitimate vendors.

* Analyzing the sequence of all transactions to identify missing checks or invoices.

* Identifying all vendor companies that have more than one vendor code or more than one mailing address. Such listings may represent "phantom" vendors, which exist for the sole purpose of stealing payments from the company.

* Finding several vendors with the same mailing address. These records also may signal phantom vendors. Investigators can narrow their search for symptoms by forming hypotheses about the data and then testing them with CAATs. For example, an auditor could reasonably assume that each employee in the organization receives only one paycheck per pay period. Using CAATs to search for duplicate records in a single pay period would quickly test the validity of the assumption by highlighting all instances where employees received more than one paycheck. If the assumption is correct, the existence of employees receiving two or more paychecks may indicate fraud. If the assumption is invalid--some employees may receive a separate check for overtime in addition to their regular pay, for instance--the auditor can then form a revised hypothesis that each employee should receive only one paycheck for regular hours per pay period. The database search would then be revised based on this new assumption.

CAATs can also help to reveal fraud symptoms that may be elusive because the evidence is spread across separate databases. For example, reviewing data from the accounts payable file may identify a trend in the expenditures to a particular vendor that seems unusual, but not necessarily indicative of fraud. Combining the accounts payable data with information from the contracting database, however, may reveal that all contracts with the vendor in question were raised by one contracting officer. This type of relationship among the data would indicate the possibility of fraudulent activity, such as kickbacks received by the officer from the vendor. Conducting a search in this manner would be impractical or even impossible with either sampling techniques or other manual methods of investigation.