Category Archives: Auditing for Fraud

Better Call Saul

As reported so often in the press these last few years, even when well-intentioned employees feel they’re doing the right thing by reporting acts of wrongdoing, their reports aren’t always well received. Numerous studies conducted by the ACFE strikingly bear this out.  And this is so much the case that any employee (public or private) who witnesses acts of wrongdoing and decides to report them is well advised to seek legal counsel before doing so.  When a whistle-blower also happens to be a CFE, the same advice applies. Every CFE should learn just when, where, and how to report fraudulent acts before blowing the whistle, if only so they can comply with the often complex procedures required to receive any available protections against retaliation.

All the U.S. states have laws to protect public sector employees from retaliation for whistle-blowing. Indeed, most of the state whistle-blowing laws were enacted specifically to actively encourage public sector employees to report fraud, waste, and abuse both in and without government agencies. Some state laws protect only public employees; others include government contractors and private-sector employees as well.  Many of the laws protecting private sector employees involve workplace safety. They were designed and enacted decades ago to protect employees from retaliation when reporting occupational safety issues. Public and private employees can use them, but they might not apply in all situations. Over the years, reporting in some other specific situations has also received protection.

Facts to keep in mind. Whistle-blowing, as it relates to fraud, is the act of reporting fraud, waste, and abuse. Reporting any act of wrongdoing is considered whistle-blowing, regardless if it’s reported by a public or private employee or to persons inside or outside of the victim organization.  Anyone can report wrongdoing, but the subsequent level of protection against retaliation an employee will receive will differ depending on whether they’re public or private, to whom they report, the manner in which they report, the type of wrongdoing they report, and the law(s) under which they report.  The ACFE tells us that a majority of unprotected whistle-blowers end up being terminated.  Among those unterminated, some are suspended, some transferred against their wishes and some are given poor performance evaluations, demoted or harassed.  To address their situation, some choose recourse to the courts.  The rub here is that to prevail, the employee will probably have to link their whistleblowing directly to the retaliation. This can be difficult for the employee experiencing any kind of current problem in the workplace because employers will claim their adverse personnel actions were based on the employees’ poor performance and not on the employees’ decision to blow the whistle. It’s especially easy for employers to assert this claim if the person who conducted the retaliation claims no knowledge of the whistle-blowing, which is very frequently the case.

Additionally, many whistle-blowers lose their cases because they didn’t comply with some technicality in the laws. Protection laws are very specific on how whistle-blowers must report the wrongdoing. Failing to comply with any aspect of the law will result in a loss of protection. Some examples:

  • Subject Matter Jurisdiction – the court must have the power to hear the kind of issue in the whistle-blower’s suit. Subject matter jurisdiction is based on the law the whistle-blower plans to use. Generally speaking, federal courts hear violations of federal laws and state courts hear violations of state laws, although this isn’t always the case. Employees can file alleged violations of their civil rights in state or federal courts under Section 1983 of Title 42 of the U.S. Code of

Federal Regulations. While rarely used in the past, today Section 1983 is part of the Civil Rights Act and the primary means of enforcing all Constitutional rights. Subject Matter Jurisdiction can help employees decide to file in federal or state court. Of course, the employer might ask to have the case moved to another court.

  • Personal Jurisdiction – the employee should make sure the court has power over the party s/he wants to sue. A court must have personal jurisdiction over the defendant to hear a case. Courts usually have personal jurisdiction over the people and organizations residing or doing business in their jurisdiction.
  • Venue – venue refers to the court that will hear the employee’s case. The proper venue is the jurisdiction in which the defendant lives or does business, where the contract was signed or carried out, or the incident took place. More than one court can have jurisdiction over the case. The employee should pick the venue most convenient for her.

As I said above, most whistle-blower laws were written and are intended to protect public-sector employees who report violations affecting public health and safety. Proving public interest is easy for public-sector employees because their work involves public protection. It’s not as easy for private-sector employees.  A goodly percentage of private-sector whistle-blowers lose their cases because the matters didn’t involve public policy.   Whistle-blowers can improve their chances of success by preparing early and reading the whistle-blowing laws of their state of jurisdiction. The case law is also important because it shows the precedent already set by the courts. The better prepared the employee is, the less likely s/he will make avoidable mistakes.  An evolving issue is the extent to which whistle-blowers must be certain of violations. Many laws already require the employee to state the specific law that was broken. Some courts require whistle-blowers to be certain of their allegations. Trends requiring certainty will make it increasingly difficult for whistle-blowers to receive protection.

As a final point.  A goodly percentage of whistle-blowers fail to achieve protection each year because of their own improper conduct. Some of these whistle-blowers misused their employers’ property; some of them stole it. Employees must ensure their conduct is above scrutiny because some courts will apply the “doctrine of unclean hands” and bar whistle-blowers from protection, if they’ve engaged in misconduct directly related to their complaints. The doctrine of unclean hands can work against employers, just as it does employees. In Virginia not too long ago, a Medicaid provider submitted documents containing incorrect claims information to the court. The whistle-blower proved the information was false and won his case on those grounds alone. Thus, it’s important for employers and employees to comport themselves with integrity.

Whistle-blowers who commit unlawful acts to advance their cases don’t do well in court, but neither do whistle-blowers who refuse to commit unlawful acts on behalf of their employers. Most state whistle-blower laws are designed to protect employees that refuse to commit unlawful acts, but it can be difficult to receive even that protection.

All this by way of saying that the laws governing whistle-blower protection are many and varied.  As fraud examiners and auditors it behooves us to be as familiar with these laws in the jurisdictions in which we practice as we reasonably can be.  But always, when confronted with such cases, always consult counsel.  As my father told me so long ago, the man or women who acts as their own attorney has a fool for a client.

Just Like Me

During a joint training seminar between our Chapter and the Virginia State Police held a number of years ago, I took the opportunity to ask the attendees (many of whom are practicing CFE’s) to name the most common fraud type they’d individually investigated in the past year. Turned out that one form or another of affinity fraud won hands down, at least here in Central Virginia.

This most common type of fraud targets specific sectors of society such as religious affiliates, the fraudster’s own relatives or acquaintances, retirees, racial groups, or professional organizations of which the fraudster is a member. Our Chapter members indicate that when a scammer ingratiates himself within a group and gains trust, an affinity fraud of some kind can almost always be expected to be the result.

Regulators and other law enforcement personnel typically attempt to identify instances of affinity fraud in order to prosecute the perpetrator and return the fraudulently obtained goods to the victims. However, affinity fraud tends to be an under reported crime since victims may be embarrassed that they so easily fell prey to the fraudster in the first place or they may remain connected to the offender because of emotional bonding and/or cultivated trust. Reluctance to report the crime also frequently stems from a misplaced belief that the fraudster is fundamentally a good guy or gal and will ultimately do the right thing and return any funds taken. In order to stop affinity fraud, regulators and law enforcement must obviously first be able to detect and identify the crime, caution potential investors, and prevent future frauds by taking appropriate legal actions against the perpetrators.

The poster boy for affinity fraud is, of course, Bernard Madoff.   The Madoff tragedy is considered an affinity fraud because the vast majority of his clientele shared Madoff’s religion, Judaism. Over the years, Madoff’s list of victims grew to include prominent persons in the finance, retail and entertainment industries. This particular affinity fraud was unprecedented because it was perpetrated by Madoff over several decades, and his customers were defrauded of approximately twenty billion dollars. It can be debated whether the poor economy, lack of investor education, or ready access to diverse persons over the internet has led to an increase in affinity fraud but there can be no doubt that the internet makes it increasingly easy for fraudsters to pose as members of any community they target. And, it’s clear that affinity frauds have dramatically increased in recent years. In fact, affinity fraud has been identified by the ACFE as one of the top five investment schemes each year since 1998.

Affinity frauds assume different forms, e.g. information phishing expeditions, investment scams, or charity cons. However, most affinity frauds have a common element and entail a pyramid-type of Ponzi scheme. In these types of frauds, the offender uses new funds from fresh victims as payment to initial investors. This creates the illusion that the scam is profitable and additional victims would be wise to immediately invest. These types of scams inevitably collapse when it either becomes clear to investors or to law enforcement that the fraudster is not legitimate or that there are no more financial backers for the fraud. Although most fraud examiners may be familiar with the Madoff scandal, there are other large scale affinity frauds perpetrated across the United States almost on a daily basis that continue to shape how regulators and other law enforcement approach these frauds.

Perpetrators of affinity frauds work hard, sometime over whole years, to make their scams appealing to their targeted victims. Once the offenders have targeted a community or group, they seek out respected community leaders to vouch for them to potential investors. By having an esteemed figurehead who appears to be knowledgeable about the investment and endorses it, the offender creates legitimacy for the con. Additionally, others in the community are less likely to ask questions about a venture or investment if a community leader recommends or endorses the fraudster. In the Madoff case, Madoff himself was an esteemed member of the community. As a former chair of the National Association of Securities Dealers (NASD) and owner of a company ranked sixth largest market maker on the National Association of Securities Dealers Automated Quotations (NASDAQ), Madoff’s reputation in the financial services industry was impeccable and people were eager to invest with him.

The ACFE indicates that projection bias is yet another reason why affinity fraudsters are able to continually perpetrate these types of crimes. Psychological projection is a concept introduced by Sigmund Freud to explain the unconscious transference of a person’s own characteristics onto another person. The victims in affinity fraud cases project their own morals onto the fraudsters, presuming that the criminals are honest and trustworthy. However, the similarities are almost certainly the reason why the fraudster targeted the victims in the first place. In some cases when victims are interviewed after the fact, they indicate to law enforcement that they trusted the fraudster as if they were a family member because they believed that they shared the same value system.

Success of affinity fraud stems from the higher degree of trust and reliance associated with many of the groups targeted for such conduct. Because of the victim’s trust in the offender, the targeted persons are less likely to fully investigate the investment scheme presented to them. The underlying rationale of affinity fraud is that victims tend to be more trusting, and, thus, more likely to invest with individuals they have a connection with – family, religious, ethnic, social, or professional. Affinity frauds are often difficult to detect because of the tight-knit nature common to some groups targeted for these schemes. Victims of these frauds are less likely to inform appropriate law enforcement of their problems and the frauds tend to continue until an investor or outsider to the target group finally starts to ask questions.

Because victims in affinity frauds are less likely to question or go outside of the group for assistance, information or tips regarding the fraud may not ever reach regulators or law enforcement. In religious cases, there is often an unwritten rule that what happens in church stays there, with disputes handled by the church elders or the minister. Once the victims place their trust in the fraudster, they are less likely to believe they have been defrauded and also unlikely to investigate the con. Regulators and other law enforcement personnel can also learn from prior failures in identifying or stopping affinity frauds. Because the Madoff fraud is one of the largest frauds in history, many studies have been conducted to determine how this fraud could have been stopped sooner. In hindsight, there were numerous red flags that indicated Madoff’s activity was fraudulent; however, appropriate actions were not taken to halt the scheme. The United States Securities and Exchange Commission (SEC) received several complaints against Madoff as early as 1992, including several official complaints filed by Harry Markopolos, a former securities industry professional and fraud investigator. Every step of the way, Madoff appeared to use his charm and manipulative ways to explain away his dealings to the SEC inspection teams. The complaints were not properly investigated and subsequent to Madoff’s arrest, the SEC was the target of a great deal of criticism. The regulators obviously did not apply appropriate professional skepticism while doing their jobs and relied on Madoff’s reputation and representations rather than evidence to the contrary. In the wake of this scandal, regulatory reforms were deemed a priority by the SEC and other similar agencies.

Education is needed for the investing public and the regulators and law enforcement personnel alike to ensure that they all have the proper knowledge and tools to be able to understand, detect, stop, and prevent these types of frauds. This is where CFEs and forensic accountants are uniquely qualified to offer their communities much needed assistance. Affinity frauds are not easily anticipated by the victims. Madoff whistleblower Markopolos asserted that “nobody thinks one of their own is going to cheat them”.  Affinity frauds will not be curtailed unless the public, we, the auditing and fraud examination communities, and regulators and other law enforcement personnel are all involved.

Getting Out of Your Own Way

One of the most frequently requested topics for ACFE lead instruction concerns the art of fraud interviewing, one of the most complex and crucial disciplines of the many comprising the fraud examination process. And at the heart of the interviewing process lies communication. As we all know, communication is the process of effectively sending and receiving information, thoughts, and feelings. First and foremost, an effective interviewer is an effective communicator and being an effective communicator depends on building rapport. According to the ACFE, if you don’t establish rapport with a subject at the outset of the fraud interview, the possibilities of your spotting anything are very low. Rapport is the establishment of a connection between two individuals that is based on some level of trust and a belief in a relationship that is mutually beneficial to both parties.

The interviewer who thinks s/he will find a cooperative subject without making a connection with that individual is in for a disappointment. Rapport is determined by our attitude toward the subject. Just as we as interviewers use our powers of perception to “read” the subject, the subject reads us as well. If s/he senses condemnation, superiority, hostility, or deceit, you can expect little but superficial cooperation from any interaction. Besides, above all else, as the experts tell us, we are professionals. As professionals, personal judgments have no place in an interview setting. Our job is to gather information empirically, objectively, and without prejudice towards our subjects. Why do we identify with and speak more freely to some people? We are naturally drawn to those with whom we share similar characteristics and identities. Techniques and tools are important, but only to the extent that they complement our attitude toward the interview process. So, effective communication is not what we do – it’s who we are.

And along with rapport, the analysis of the quality of the interaction between both interview participants is critical to the communication process. An interview is a structured session, ideally between one interviewer and one subject, during which the interviewer seeks to obtain information from a subject about a particular matter. And just as we signal each other with voice pitch and body language patterns when we’re sad, angry, delighted, or bored, we also display distinct patterns when trying to deceive each other. Fortunately for those of us who interview others as part of our profession, if we learn to recognize these patterns, our jobs are made much simpler. Of course there is no single behavior pattern one can point to and say “Aha! This person is being deceptive!” What the professional can point to is change in behavior. Should a subject begin showing signs of stress as our questions angle in a certain direction, for example, we know we have hit an area of sensitivity that probably requires further exploration. If you interview people regularly, you probably already know that it is more likely for a subject to omit part of the story than actually lie to you. Omission is a much more innocuous form of deceit and causes less anxiety than fabricating a falsehood. So even more importantly than recognizing behavior associated with lying, the interviewer must fine tune her skills to also spot concealment patterns.

ACFE experts tell us that each party to a fraud interview may assume that they understand what the other person is conveying. However, the way we communicate and gather information is based in part on which of our senses is dominant. The three dominant senses, sight, hearing, and touch influence our perceptions and expressions more than most realize. A sight dominant subject may “see” what you are saying and tell you he wants to “clear” things up. An auditory dominant person may “hear” what your point is and respond that it “sounds” good to him. A touch dominant person may have a “grasp” of what you are trying to convey, but “feel uncomfortable” about discussing it further.

By analyzing a subject’s use of words, an interviewer can identify his or her dominant sense and choose her words to match. This helps strengthen the rapport between interviewer and subject, increasing the chances of a good flow of information. Essential, of course, to analyzing and identifying a subject’s dominant senses are good listening skills. Effective communication requires empathetic listening by the interviewer. Empathetic listening and analysis of the subject’s verbal and nonverbal communication allows us to both hear and see what the other person is attempting to communicate. It is the information that is not provided and that is concealed, that is most critical to our professional efforts.

By developing your listening abilities, practicing them with others with whom you communicate every day, the vast array and inexhaustible variations of the human vocabulary are bound to strike you. The most effective way to communicate is with clear, concise sentences that create no questions. However, the words we choose to use, and the way that we say them, are limited only by what is important to us. A subject, reluctant or cooperative, will speak volumes with what they say, and even more significantly, what they don’t say. Analysis of the latter often reveals more than the information the subject actually relates. For instance, the omission of personal pronouns could mean unwillingness on the part of the subject to identify himself with the action.

One final note of caution. If you ask the experts about the biggest impediment to an effective interview, they will probably give you a surprising answer. Most experienced interviewers will tell you that often the greatest impediment to a successful interview is the interviewer. Most interviewers use all of their energies observing and evaluating the subject’s responses without realizing how their own actions and attitudes can contaminate an interview. In fact, it is virtually impossible to conduct an interview without contaminating it to some extent. Every word used, the phrasing of a question, tone, body language, attire, the setting – all send signals to the subject. The effective interviewer, however, has learned to contaminate as little as possible. By retaining an objective demeanor, by asking questions which reveal little about what s/he already knows, by choosing a private setting and interviewing one subject at a time, s/he keeps the integrity of the interview intact to the best of her ability.

Another Sold Out Event!

Our Chapter wants to extend its formal thanks to our partners, national ACFE and the Virginia State Police, but especially to our event attendees who made this year’s May training event a resounding, sold-out success! As the rave attendee evaluations revealed, How to Testify, was one of our best received sessions ever!

Our presenter, Hugo Holland, CFE, JDD, brought his vast courtroom experience as a prosecutor and nationally recognized litigator to bear in communicating every aspect of a complex practice area in a down-to-earth comprehensible manner with no sacrifice of vital detail.

As Hugo made clear, there are two basic kinds of testimony. The first is lay testimony (sometimes called factual testimony), where witnesses testify about what they have experienced firsthand and their factual observations. The second kind is expert testimony, where a person who, by reason of education, training, skill, or experience, is qualified to render an expert opinion regarding certain issues at hand. Typically, a fraud examiner who worked on a case will be capable of providing both lay, and potentially, expert testimony based on observations made during the investigation.

Certified Fraud Examiners (CFEs) and forensic accountants serve two primary roles as experts in forensic matters: expert consultants and expert witnesses. The fraud investigator must always be prepared to serve as an expert witness in court and learning how best to do so is critical for the training of the rounded professional. The expert consultant is an independent fraud examiner/accounting contractor who provides expert opinions in a wide array of cases, such as those relating to fraud investigations, divorces, mergers and acquisitions, employee-employer disputes, insurance disputes, and so on. In a fraud case, the CFE could identify and document all fraudulent transactions. This in turn could lead to reaching a plea bargain with a guilty employee. Therefore, the CFE helps solve a problem before any expert trial testimony is needed.

In addition, CFEs and forensic accountants are called upon to provide expert consultation services involving testimony in such areas as:

• Fraud investigations and management.
• Business valuation calculations.
• Economic damage calculations.
• Lost profits and wages.
• Disability income analysis.
• Economic analyses and valuations in matrimonial (prenuptial, postnuptial, and divorce) accounting.
• Adequacy of life insurance.
• Analysis of contract proposals.

Hugo emphasized that the most important considerations at trial for experts are credibility, demeanor, understandability, and accuracy. Credibility is not something that can be controlled in and of itself but is a result of the factors that are under the control of the expert witness. Hugo expounded in greater detail on these and other general guidelines:

• The answering of questions in plain language. Judges, juries, arbitrators, and others tend to believe expert testimony more when they truly understand what the expert says. It is best, therefore, to reduce complicated, technical arguments to plain language.

• The answering of only what is asked. Expert witnesses should not volunteer more than what is asked even when not volunteering more testimony could suggest that the expert’s testimony is giving the wrong impression. It is up to employing counsel to clear up any misimpressions through follow-up questions. That is, it is up to counsel to “rehabilitate” his or her expert witness who appears to have been impeached. That said, however, experienced expert witnesses sometimes volunteer information to protect their testimony from being twisted. Experience is needed to know when and how to do this and Hugo supplied it. Our presenter emphasized repeatedly that the best thing for an inexperienced expert witness to do is to work with experienced employing attorneys who know how to rehabilitate witnesses.

• The maintenance of a steady demeanor. It is important for the expert witness to maintain a steady, smooth demeanor regardless of which questions are asked and which side’s attorney asks them. It is especially undesirable to do something such as assume defensive body language when being questioned by the opposing side.

• Attendees learned how to be friendly and smile at appropriate times. Judges and juries are just people, and it helps to appear as relaxed but professional.

• To remain silent when there is an objection by one of the attorneys. Continue speaking only when instructed to do so.

• Attendees learned how best to state the facts. The expert witness should tell the truth plainly and simply. Attendees learned how the expert’s testimony should not become more complicated or strained when it appears to be harmful to the client the expert represents. The expert witness should not try to answer questions to which s/he does not know the answer but should simply say that s/he does not know or does not have enough information to form an opinion.

• Attendees learned to control the pace. The opposing attorney can sometimes attempt to crush a witness by rapid fire questions. The expert witness should avoid firing back answers at the same pace. This can avoid giving the appearance that s/he is arguing with the examining attorney. It also helps prevent her from being rushed and overwhelmed to the point of making mistakes.

• Most importantly, Hugo imparted invaluable techniques to survive cross examination. Attendees learned how to testify effectively on both direct and cross examination, basic courtroom procedures, and tricks for general survival on the witness stand. Attendees were told how to improve their techniques on how to offer testimony about damages and restitution while learning to know when to draw the line between aggressive testimony and improper advocacy. All our attendees walked away with more effective report writing and presentation skills as well as benefiting from a solid exploration of the different types of evidence and related legal remedies.

Again, thanks to all, attendees and partners, for making our May 2019 training event such a resounding success!

Fraudsters, All Too Human

Our certified Chapter members often get questions from clients and employers related to why a fraudster who’s victimized them did what he or she did. Examiners with the most experience in the process of interviewing those later convicted of fraud comment again and again about the usefulness to their overall investigation of a basic understanding of the fraudster’s basic mind set. Such knowledge can aid the examiner in narrowing down the preliminary pool of suspects, and, most importantly, assist in gaining an admission in a subsequent admissions seeking interview. ACFE experts regard fraud (and the process of interviewing) primarily as human constructs, and especially within the content of the interview process, to be able to tie in the pressure that the individual might have been under (as they perceived it) to the interview process; to understand that individual with regard to their rationalization as they were able to affect it, significantly increases the possibility of getting the compliance and cooperation that the examiner wants from the interviewee.

During your investigation, it’s important to remember that people do things for a reason. The fraud examiner might not understand the reasons a fraudster commits his or her crime, but the motivations certainly make sense to the perpetrator. For example, a perpetrator might commit fraud because her life has spiraled out of control, although it might not be out of control under a objective, reasonable person’s definition. But in the perpetrator’s view, her life has become so problematic that fraud is the only way she can see to restore balance. And during the fraud examination, if the examiner can get the suspected perpetrator to talk about the lack of control in her life, the examiner can often use this information to compel the fraudster to admit guilt and provide valuable insight into ways that similar frauds might be prevented in the future.

As a continuation of this line of thought, the examiner should consider possible human motives when examining evidence. Motive is the power that prompts a person to act. Motive, however, should not be confused with intent, which refers to the state of mind of the accused when performing the act. Motive, unlike intent, is not an essential element of crime, and criminal law generally treats a person’s motive as irrelevant in determining guilt or innocence. Even so, motive is relevant for other purposes. It can help identify the perpetrator; it will often guide the examiner to the proper rationalization; it further incriminates the accused, and it can be helpful in ensuring successful prosecution.

The examiner should search relevant documents to determine a possible motive. For example, if a fraud examiner has evidence in the form of a paycheck written to a ghost employee, she might suspect a payroll employee who recently complained about not receiving a raise in the past two years. Although such information doesn’t mean that the payroll employee committed fraud, the possible motive can guide the examiner.

ACFE experts also agree that interviewers should seek to understand the possible motives of the various suspects they encounter during an examination. To do this, interviewers should suspend their own value system. This will better position the interviewer to persuade the suspect(s) to reveal information providing insight into what might have pressured or motivated them and how they might have rationalized their actions. In an interview situation, the examiner should not suggest reasons for the crime. Instead, the examiner should let the individual share his motivations, even if the suspect reveals her motivations in an indirect manner. So when conducting an interview with a suspect, the interviewer should begin by asking questions about the standard procedures and the actual practice of the operations at issue. This is necessary to gain an understanding of the way the relevant process is intended to work as opposed to how it actually works. Additionally, asking such basic questions early in the interview will help the interviewer observe the interviewee’s normal behavior so that the interviewer can notice any changes in the subject’s mannerisms and word choice.

Always remember that there are times when rational people behave irrationally. This is important in the interview process because it will help humanize the misconduct. As indicated above, unless the perpetrator has a mental or emotional disorder, it is acceptable to expect that the perpetrator committed the fraud for a reason. Situational fraudsters (those who rationalize their right to an illegal enrichment and perpetrate fraud when the opportunity arises) do not tend to view themselves as criminals. In contrast to deviant fraudsters, who are more proactive than situational fraudsters and who are always on the alert for opportunities to commit fraud, situational fraudsters rationalize their crimes. Situational fraudsters feel that they need to commit fraud to regain control over their lives. Thus, an interviewer will be more likely to obtain a confession from a situational fraudster if she can genuinely communicate that she understands how anyone under similar circumstances might commit such a crime. Genuineness, however, is key. If the fraudster in any way detects that the interviewer is presenting a trap, he generally will not make any admission of wrongdoing.

So, in your examinations, never lose sight of the human element; that by definition, fraud involves human deception for personal gain. Why do people deceive to get what they want, or in some cases, what they need? Most humans commit deceptive acts to protect themselves from various consequences of the truth. Avoiding punishment is the most common reason for deception, but there are other reasons, including to protect another person, to win the admiration or respect of others, to avoid embarrassment, enjoy the thrill of accomplishment and to avoid hard work to achieve goals. When people feel that their self-security is threatened, they might resort to deception to preserve their image. Further, people can become so engaged in managing how others perceive them that they become unable to separate the truth from fiction in their own minds.

The ability to sympathetically cast oneself into the human situation of others is one of the most valuable skills that a fraud examiner can have in our efforts to determine the truth.

Matching SOCS

I was chatting with the soon-to-be-retired information systems director of a major Richmond insurance company several nights ago at the gym. Our friendship goes back many years to when we were both audit directors for the Virginia State Auditor of Public Accounts. My friend was commenting, among other things, on the confusing flood of regulatory changes that’s swept over his industry in recent years relating to Service Organization Controls (SOC) reports. Since SOC reports can be important tools for fraud examiners, I thought they might be an interesting topic for a post.

Briefly, SOC reports are a group of internal control assurance reports, performed by independent reviewers, of IT organizations providing a range of computer based operational services, usually to multiple client corporations. The core idea of a SOC report is to have one or a series of reviews conducted of the internal controls related to financial reporting of the service organization and to then make versions of these reports available to the independent auditors of all the service organization’s user clients; in this way the service organization doesn’t have to be separately and repeatedly audited by the auditors of each of its separate clients, thereby avoiding much duplication of effort and expense on all sides.

In 2009 the International Auditing and Assurance Standards Board (IAASB) issued a new International Standard on Assurance Engagements: ‘ISAE 3402 Assurance Reports on Controls in a Service Organization’. The AICPA followed shortly thereafter with a revision of its own Statement on Auditing Standards (SAS) No. 70, guidance around the performance of third party service organization reports, releasing Statement on Standards for Attestation Engagement (SSAE) 16, ‘Reporting on Controls in a Service Organization’. So how does the SOC process work?

My friend’s insurance company (let’s call it Richmond Mutual) outsources (along with a number of companion companies) its claims processing functions to Fiscal Agent, Ltd. Richmond Mutual is the user organization and Fiscal Agent, Ltd is the service organization. To ensure that all the claims are processed and adequate internal controls are in place and functioning at the service organization, Richmond Mutual could appoint an independent CPA or service auditor to examine and report on the service organization’s controls. In the case of Richmond Mutual, however, the service organization itself, Fiscal Agent, Ltd, obtains the SOC report by appointing an independent service auditor to perform the audit and provide it with a SOC 1 report. A SOC 1 report provides assurance on the business processes that support internal controls over financial reporting and is, consequently, of interest to fraud examiners as, for example, an element to consider in structuring the fraud risk assessment. This report can then be shared with user organizations like Richmond Mutual and with their auditors as deemed necessary. The AICPA also provides for two other SOC reports: SOC 2 and SOC 3. The SOC 2 and SOC 3 reports are used for reporting on controls other than the internal controls over financial reporting. One of the key differences between SOC 2 and SOC 3 reports is that a SOC 3 is a general use report to be provided to anyone while SOC 2 reports are only for those users specifically specified in the report; in other words, the distribution is limited.

SOC reports are valuable to their many users for a whole host of obvious reasons but Fraud Examiners and other assurance professionals need to keep in mind some common misconceptions about them (some shared, I found, by my IT friend). SOC reports are not assurances. IASSB and AICPA guidelines specify that SOC reports are to be of limited distribution, to be used by the service organization, user organization and user auditors only and thus should never be used for any other service organization purpose; never, for example, as marketing or advertising tools to assure potential clients of service organization quality.

SOC 1 reports are used only for reporting on service organization internal controls over financial reporting; in cases where a user or a service organization wants to assess such areas as data privacy or confidentiality, they need to arrange for the performance of a SOC 2 and/or SOC 3 report.

It’s also a common mistake to assume that the SOC report is sufficient verification of internal controls and that no controls on the user organization side need to be assessed by the auditors; the guidelines are clear that while verifying controls at the service organization, controls at the user organization should also be verified. Since service the organization provides considerable information as background for the service auditor’s review, service organizations are often under the mistaken impression that the accuracy of this background information will not be evaluated by the SOC reviewer. The guidelines specify that SOC auditors should carefully verify the quality and accuracy of the information provided by the service organization under the “information provided by the service organization” section of their audit program.

In summary, the purpose of SOC 1 reports is to provide assurance on the processes that support internal controls over financial reporting. Fraud examiners and other users should take the time to understand the varied purpose(s) of the three types of SOC reports so they can use them intelligently. These reports can be extremely useful to fraud examiners assessing the fraud enterprise risk prevention programs of user organizations to understand the controls that impact financial operations and related IT controls, especially in multiple-service provider scenarios.

Risk-Centric Fraud Prevention

A number of our certified Chapter members, currently practicing both independently and as corporate staff, report being asked to proactively assist in the establishment of first time internal fraud prevention programs by clients and employers. That this development is something new is borne out by recent articles in the trade press but, on a moment’s reflection, shouldn’t be surprising since CFEs are so uniquely qualified for the particular task.

At a time when an increasingly volatile stock environment, increased cases of cyber fraud, the pressure of globalization and a multitude of increased regulatory requirements are of major concern to all managements, risk assessment and fraud prevention really have to play an important role in ensuring that corporations are not exposed to unexpected and poorly controlled risks. Internal fraud prevention related activities need to be revisited with a focus not just on all these new business paradigms but also on stakeholders’ expectations, transparency, and accountability.

It just makes sense then that today’s environment also calls for greater collaboration and strong relationships between all types of assurance professionals with their clients at all levels to ensure an internal anti-fraud structure is in place (if one doesn’t presently exist) that facilitates a healthy, secure and transparent operating environment.

To facilitate the establishment of a risk-centric approach, today’s fraud prevention functions (new or presently existing) must continually revisit their methodologies, processes, and practices. CFEs can provide experienced insight and real-time value to their client organization by expanding their consulting efforts to facilitate a risk-centric approach, helping to establish the foundation for a more sophisticated and nimble tone at the top, and by focusing on increased collaboration and strategic engagement.

Fraud prevention efforts have been dominated for some time now by a control focused approach that is often reactive and regressive in actual practice in the face of today’s swiftly changing realities. Anti-fraud professionals today need to widen their proactive scope to address the growing governance threats and risk management needs of increasingly global organizations. This requires them to adopt a revised risk-centric approach that involves:

–Taking fraud prevention and business ethics from a compliance perspective to a cultural mind-set. Accurately assessing these risks requires more than just checking to see whether rules are being followed; practitioners must also try to ensure that the spirit of these rules is incorporated into activities at every level.

–Determining key business and fraud risks rather than casting a wide net over numerous risks, many of which may be remote or obscure; the concept of critical business process identification drawn from disaster recovery and continuous operations planning is especially relevant here.

–Identifying emerging risk issues and trends, such as changes in the regulatory environment (which are often wholly reactive), and bringing them to the attention of key stakeholders.

–Estimating the significance of each fraud risk and assessing its probability of occurrence based on a deeper understanding of the present sense conveyed by constantly shifting data and as sometimes pinpointed by sophisticated statistical analysis.

–Identifying programs and controls designed to more sensitively detect and address risk and by concurrent testing of their effectiveness in real-time.

–Coordinating with the other critical risk and control related business processes, such as compliance, risk management, fiscal control, and legal, to ensure that fraud risks are identified, controlled and managed appropriately.

To provide real strategic value to the organization, new and existing fraud prevention practitioners need to help develop risk-based action plans that respond to their present state of risk assessment awareness and which focus on stakeholder expectations. Internal anti-fraud plans should incorporate risk identification and prioritization, as well as analysis and quantification of risk factors particularly in the new business ventures and strategies so characteristic of today’s volatile environment. Such planning should also reflect an understanding of shared risks among various projects and initiatives, and feature continuous monitoring of business activities and key performance indicators.

In the present cyber-threat laden environment the internal fraud prevention business process has to move from being just another routine and disconnected function to being a fulcrum of organizational governance and risk, working in concert with management, the board, and external auditors. Top management can establish the fraud prevention function’s role by:

–Allowing senior fraud examiners and investigators exposure to security information presently associated with key management and governance committees;
–Championing the importance of ethical conduct, fraud identification and fraud prevention consistently.
–Taking immediate and proactive action on fraud examination and investigative findings regardless of whatever level of the organization suspected perpetrators are identified.
–Holding senior executives accountable for identified instances of fraud, waste and abuse in business processes over which they exercise management oversight.
–Supporting the management of the fraud prevention function when its findings and recommendations to improve security prove politically unpopular.
–Defining fraud prevention’s role and management’s expectations.
–Providing appropriate funding, talent and authority to the function.

The ACFE has long indicated that a strong tone at the top from senior management about the importance of a internal fraud prevention function goes a long way toward promoting the engagement of managers throughout the client organization.

For staff assigned to an internal fraud prevention plan to proactively review important business strategies successfully for fraud vulnerability, examiners need to collaborate with management. In addition to providing assurance on compliance initiatives, examiners should develop a forward-looking approach to their assessment planning in which they cooperate and coordinate with related risk and control functions, focus on critical business risks and exposures, and determine the relevance and effectiveness of gathered executive responses to help an organization manage fraud risk proactively. To be forward-looking, fraud prevention professionals need to be fully integrated into the strategic planning process so that they can clearly identify which fraud related risks the organization will be undertaking. They also must be involved with the business in evaluating problems that come to light to determine whether they are the result of control weaknesses that could also emerge in other parts of the organization.

To identify and analyze rapidly emerging risks, direct resources toward areas of greatest risk, and conduct targeted, real-time investigations in response to specific, predicated risks, examiners must leverage technology, learn new skills, and work with management to understand and clarify their evolving expanded role.

To assess the new emerging risks effectively, fraud prevention professionals must develop a deeper understanding of the client business and of the processes that make competitors in the client’s industry successful. An effective fraud prevention activity that can deal with contemporary business risks and meet the ever-increasing demands of management and stakeholders requires a solid staffing strategy. As CFEs we must help spread the word that our client organizations need to invest in skilled resources, methods, training, career paths, and technical infrastructure to deal with increasing cyber-related business risks related to fraud, their internal controls, and government imposed regulations. When staffing a fraud prevention function, top management should:

–Establish a program for selecting and developing the fraud prevention team.
–Identify the skills and expertise required for an effective anti-fraud business process; the ACFE’s guidance and training programs are an invaluable resource to any organization contemplating a new fraud prevention function or looking to strengthen an existing one.
–Assess existing resources to identify staffing gaps.
–Identify and create key performance indicators for deploying fraud prevention and investigatory resources.
–Co-source or outsource internal fraud prevention activities, based on an assessment of current resources, budget, and strategic and tactical requirements.

Acquiring new skills through ACFE training can enable internally focused examiners to direct resources to those techniques that are the most effective in identifying risks to the organization. Especially important is the need to develop deep expertise in specialties such as credit, IT, finance, compliance, and cyber. In addition, investigators and examiners will have to be trained to approach their work strategically, beginning with a detailed understanding of where its owners and stakeholders view where the client business has been and where it is going.

In summary, progressive internal fraud prevention and investigation functions need to partner with their client organization’s risk management function to gain comprehensive visibility into enterprise-wide risks and to support performance of automation supported follow-on risk assessments that can help prevent fraud vulnerability issues from turning into fraud events. Such insight into the organization’s risk profile allows internal investigative professionals to deliver more strategic value by focusing their proactive fraud risk evaluation efforts on areas that represent the greatest risk to the organization as well as proactively anticipating where emerging fraud risk issues are most likely to cause problems. In addition, leveraging the activities performed by the client’s risk management function can lower fraud prevention’s overall cost of operation.

The Man in the Mirror

I readily confess I would not have won any awards for effective delegation during my early years as a fraud examiner/information systems audit professional. To my mind the buck stopped with the guy in the mirror I saw shaving every morning. I prided myself on being personally capable of performing every routine task of every assignment involved in whatever function I was managing at the time. What finally weaned me from the practice of doing it all myself was the threat of burn-out and the seemingly ever-increasing demands of a typical work week of seventy hours.

The demands of managing in an assurance environment featuring risk assessments, regulatory compliance, fraud investigations, corporate governance, and engagement quality control can be crushing for any new (or not so new) manager but especially so for those unwilling or who simply lack the skills to adequately delegate; those skills usually only come with experience.

While some new to assurance or investigative management may think delegating simply means passing off work to subordinates, the lines of delegation also can occur laterally to peers and upward to superiors. The distinction is important, because in delegating to subordinates, one of the goals is to achieve long term investigative team development. This goal comes with a shift in emphasis from managing to leading. Managing is about getting the work done, whereas leading fosters learning, growth, and a greater sense of responsibility among individual members of the your team.

According to the ACFE, the first step to successful delegation within examination work is recognizing when to let go rather than trying to do too much. For CFEs new to leadership responsibilities, a willingness to delegate can be challenging. CFEs typically advance to management positions as a result of their individual achievements and performance. This advancement fosters a sense that the person best suited to accomplish a given task is the one whose already done it satisfactorily, but that is not the way leaders should think. Even though an assurance professional has advanced to a management position based on past accomplishments, he or she needs to take a broader view of what is in the long term interest of her function group and/or organization. A conscious commitment to delegation can enable the individual manager to not only increase their personal productivity but also (and here I speak from personal experience) gain better control of their lives and, hence, prevent burnout.

An honest self-examination is a precursor to delegation. CFEs and other assurance professionals in a management position need to understand their capabilities and role(s) within the organization. One way to do this is by considering their vision for and the needs of the organization. Then, what are the assurance function’s immediate and long-term goals, including capabilities and developmental needs? Realizing that trusting others, not just one self, to do a high quality job is a personal decision and there can be many barriers to it. What is the nature of your own personal career goals and your priorities for work-life balance? A periodic, wholly candid assessment of these and similar issues can give any manager a better perspective on his or her motives in relation to delegating.

Delegating is more than just shoving work on someone who possesses the skill set to fit the task. Rather, delegating is an opportunity to cultivate members of the investigative team by increasing the number of people who are capable of taking on a bigger role, which can help strengthen the team and create a succession plan in the event of unexpected personnel turnover. How often have we all been witness to the chaos which can ensure when a key staff member leaves and no-one has been groomed to fill her place?

To the extent possible, an new staff CFE should be matched strategically with an assignment that is a bit above his or her head as a way of providing a positive learning experience. Delegating with career development in mind means managers will need to resist playing the role of lifeguard. Subordinates will struggle at times, but managers shouldn’t be too quick to act as helicopter parents and come to the rescue. Instead, managers should remain confident in the basic capabilities of their staff and allow reasonable time for learning and growth, which enables the team to gain experience and add more value to the organization.

Knowing whether a particular assignment is within an examiner’s potential capabilities and can enable him or her to grow professionally, however, is often not an easy task. As managers delegate assignments, they should consider not limiting assignments only to those areas in which an investigator has had prior experience. Also, managers need to avoid the tendency toward primarily delegating interesting or important assignments to the most favored team members; managers should groom everyone on the team not just the superstars; it’s the superstars who are, let’s face it, the most desirable targets for external recruiters. The same is true for undesirable assignments; managers also should spread those among the whole team, which can demonstrate that everyone is treated fairly. A thoughtful delegating process helps keep the assurance team challenged and motivated, thereby reducing the likelihood of losing promising but insufficiently challenged staff members.

Initial parameters need to be established to prevent misunderstandings, deficient productivity, or delays in the timely completion of examinations. All parties involved should have a clear understanding of the delegated assignment and of expectations. However, managers should refrain from giving excessively detailed instructions. Successful delegating does not mean micromanaging anyone. Instead, managers should consider focusing on discussing the objectives, scope, and outcomes of the assignment. When examiners are allowed the flexibility and freedom to perform their work, they not only learn more but also may show considerable ingenuity. Managing CFEs can foster an environment of participative management by encouraging input from subordinates toward refining the plans, expectations, and deadlines, as well as emphasize how the present investigation fits into the larger scheme. When a team member sees the whole process rather than only a part, he or she is less likely to miss a critical matter and may become more motivated to deliver a quality product.

The ACFE recommends that the CFE engagement manager should give his or her subordinates authority to operationally pursue their assignment and to make decisions as they see fit. Delegating the authority is no less important than assigning the responsibility for a task. In the absence of conferring an appropriate level of authority, the team member’s performance could be undercut. Also, examination managers should keep an open mind by welcoming new ideas, innovative suggestions, and alternative proposals from others. Nothing is more motivating for a subordinate than to realize that he or she has a significant ownership stake in the results. This is another reason why managers should delegate as much of an entire assignment, rather than a small portion, as possible. Doing so can help instill a sense of importance and self-esteem for the staff investigator no matter what the number of years of their experience.

Communication is an essential element of successful delegating, and regular updates about progress, results, and deadlines should occur weekly, or sometimes daily, depending on the staff member’s level of experience and the type of assignment. Meetings can be conducted face-to-face, by phone, or through videoconferencing and do not always have to be long to be effective.

As managers check on progress, they should be supportive rather than intrusive and avoid putting a subordinate on the defensive by being too critical. Managers also should allow for communication flexibility by encouraging more immediate contact between progress meetings in the event a matter requiring urgent attention unexpectedly develops.

Any significant delegated assignment should culminate with a constructive evaluation of the subordinate’s performance. Often, there is a tendency to view the simple act of delegation itself as work done. As an old colleague of mine used to say, “A task delegated is a task completed.” Even in a case where the smaller scope of a subordinate’s assignment does not merit an exit session, it is still a boost for team morale to give recognition and show gratitude for the work done.

I have never met an experienced (and successful) CFE investigation team leader who did not embrace the role and significance of delegating. However, the ability to delegate depends on trust, communication, and encouragement. When delegating, assurance managers need to accept the risk that mistakes can and will occur and remember that professionals can learn from their mistakes. Not only is valuable experience gained by the investigative team, but the manager’s time also is freed up for more critical tasks and projects. In the long run, a commitment to delegation serves to strengthen any team of investigators as well as benefit our client organization, whatever and wherever that might be.

On Motivation

The ACFE tells us that there is no simple profile for employees who commit fraud. However, some ACFE statistics are available. Its research has repeatedly shown that about 10 percent to 15 percent of employees are fundamentally dishonest and are likely to steal from their company if given the opportunity. About 66 percent of employees are likely to steal under the right circumstances, such as when under pressure, or when “everyone is doing it,” and the opportunity exists. In contrast, about 20 percent to 25 percent of employees are fundamentally honest and are unlikely to steal under any circumstances.

Furthermore, those employees who do steal from the company are unlikely to have a prior criminal record, and those with a good education, family, background, and work record can be just as likely to steal as anyone else.

On the other hand, research shows that the three elements of the standard fraud triangle, with which we’re all familiar, have proven themselves descriptive over many the years in explaining which employees may defraud our client companies.

• Pressure – Usually related to financial pressure such as large medical bills, gambling problems, drug habits, and extravagant living.

• Opportunity – Required to commit any fraud.

• Rationalization – Likely depends on the type of criminal and the criminal’s personality type or possible personality disorder.

The rationalization component of the fraud triangle suggests possible types of individuals who may commit fraud:

• The fundamentally dishonest employee without a personality disorder. This person could habitually be dishonest but does not have a personality disorder. Rationalization comes easily because the person is accustomed to dishonesty. Therefore, the rationalizations are likely to include statements such as “I need it more than they do” and “They won’t miss it.”

• The fundamentally dishonest employee with a personality disorder. Various personality disorders may contribute to the ability of the employee to rationalize fraud. Psychiatry uses the diagnosis antisocial personality disorder and the related diagnosis dissocial personality disorder. The following are characteristics that apply to persons with these types of mental disorders:

— Nonconformist behavior; tend to be misfits.
— Habitual lying and dishonesty.
— Impulsiveness.
— Irritability and aggressiveness.
— Insensitivity to harming self or others.
— Strong disregard for the needs of self and others.
— Tendency to blame others for personal faults and mistakes.
— Lack of responsibility.
— Difficulty in establishing and maintaining close relationships.
— Absence of the ability to feel emotions or the full range of normal emotions.

The deceitfulness dimension of these disorders could enable the person to hide some or all of his or her antisocial characteristics. This type of person is often able to steal without giving much conscious thought to rationalizations. The crime could simply arise out of the mental disturbance.

• Then there is the normally honest employee who steals given pressure and opportunity and rationalizes the theft. A person who does not normally steal is likely to give serious thought to rationalizing the theft. One common rationalization is that the person is only borrowing the money; often the person takes money with the intent to pay it back, and many times does in fact pay it back. The result is that the corporate till can become the employee’s personal lending institution; however, in many cases, the person is never able to pay back the ill-gotten loan. The normally honest employee is likely to steal out of a sudden financial need or because of a problem with a financially excessive lifestyle.

The ACFE advises us to consider possible motives when examining evidence related to an occupational fraud. Motive is the power that prompts a person to act. Motive, however, should not be confused with intent, which refers to the state of mind of the accused when performing the act. Motive, unlike intent, is not an essential element of crime, and criminal law generally treats a person’s motive as irrelevant in determining guilt or innocence. Even so, motive is relevant for other purposes: it can help identify the perpetrator; it will often guide the examiner to the proper rationalization; it further incriminates the accused; and it can be helpful in ensuring successful prosecution.

The examiner should search relevant documents to determine a possible motive. For example, if a fraud examiner has evidence in the form of a paycheck written to a ghost employee, s/he might suspect a payroll employee who recently complained about not having received a raise in the past two years. Although such information does not mean that the payroll employee committed fraud, the possible motive can guide the examiner.

During the process of interviewing suspects, interviewers should seek to understand the possible motives of interviewees. To do this, interviewers should suspend their own value system. This will better position the interviewer(s) to persuade suspects to reveal information providing insight into what might have pressured or motivated them and how they might have rationalized their actions.

In an interview situation, the examiner should not suggest reasons for the crime. Instead, the examiner should let the individual share his or her motivations, even if the suspect reveals those motivations in an indirect manner.

In interviewing suspects for motives:

• Leave your ego at the door.
• Talk to the suspected perpetrator as an adult.
• Do not patronize the suspect.
• Use good communication skills to develop rapport with subjects so that they will feel comfortable talking to you.
• Avoid being confrontational with the suspect. If the interviewer is confrontational, the perpetrator will be less likely to make an admission.

When conducting an interview with a suspect, the interviewer should begin by asking questions about the standard procedures and the actual practice of the operations at issue. This is necessary to gain an understanding of the way the relevant process is intended to work and how it actually works. Additionally, asking such basic questions early in the interview will help the interviewer observe the interviewee’s “normal” behavior so that the interviewer can notice any changes in the subject’s mannerisms and word choice.

Next, the interviewer might ask non-accusatory questions related to the issue at hand, such as:

• Why do you think someone would do something like this?
• What do you think should happen to a person who would do something like this?
• Of all of the people who work in this area, who could be involved?

The answers to these questions can help the interviewer understand the possible motives of various suspects, narrow the pool of suspects, or even obtain an admission. For example, a suspect who answers the question “Why do you think someone would do something like this?” with a sympathetic answer might be trying to appeal to the interviewer’s sense of compassion to reduce or minimize his or her punishment.

The more the interviewer knows about the perpetrator, the better chance s/he will have of identifying the perpetrator’s motive and rationalization. Once the perpetrator thinks that the interviewer understands her motive, she will become more likely to confess.

During the motivation identifying interview, fraud examiners must also remember that there are times when rational people behave irrationally. This is important in the interview process because it will help humanize the misconduct. Unless the perpetrator has a mental or emotional disorder, it is acceptable to expect that the perpetrator committed the fraud for a reason.

Situational fraudsters, those who rationalize their right to an illegal enrichment and perpetrate fraud when the opportunity arises, do not tend to view themselves as criminals. This is in contrast to deviant fraudsters, who are more proactive than situational fraudsters and who are always on the alert for opportunities to commit fraud. Situational fraudsters rationalize their crimes. Situational fraudsters feel that they need to commit fraud to regain control over their lives. Thus, an interviewer will be more likely to obtain a confession from a situational fraudster if s/he can genuinely communicate that s/he understands how anyone under similar-circumstances might commit such a crime. Genuineness, however, is key. If the fraudster in any way detects that the interviewer is constructing a trap, s/he generally will not make an admission of wrongdoing.

In summary, the fraud triangle is always helpful in explaining motivations for employees to defraud their employing organization by drawing attention to pressure, opportunity, and rationalization. Pressure is typically caused by sudden financial needs arising from things such as medical bills, gambling problems, drug habits, and extravagant living. The opportunity depends on the employee’s position and the strength of the company’s internal control processes. Rationalization depends on the type of criminal. The pure sociopath may need little or no rationalization. The fundamentally dishonest employee may give some conscious thought to rationalizing crimes, but the rationalization comes easily because the person is accustomed to dishonesty. Finally, the normally honest employee generally expends the most effort in rationalizing the crime, and often this type of person will really think that s/he is only borrowing the money.

Concealment Strategies & Fraud Scenarios

I remember Joseph Wells mentioning at an ACFE conference years ago that identifying the specific asset concealment strategy selected by a fraudster was often key to the investigator’s subsequent understanding of the entire fraud scenario the fraudster had chosen to implement. What Joe meant was that a fraud scenario is the unique way the inherent fraud scheme has occurred (or can occur) at an examined entity; therefore, a fraud scenario describes how an inherent fraud risk will occur under specific circumstances. Upon identification, a specific fraud scenario, and its associated concealment strategy, become the basis for fraud risk assessment and for the examiner’s subsequent fraud examination program.

Fraud concealment involves the strategies used by the perpetrator of the fraud scenario to conceal the true intent of his or her transaction(s). Common concealment strategies include false documents, false representations, false approvals, avoiding or circumventing control levels, internal control evasion, blocking access to information, enhancing the effects of geographic distance between documents and controls, and the application of both real and perceived pressure. Wells also pointed out that an important aspect of fraud concealment pertains to the level of sophistication demonstrated by the perpetrator; the connection between concealment strategies and fraud scenarios is essential in any discussion of fraud risk structure.

As an example, consider a rights of return fraud scenario related to ordered merchandise. Most industries allow customers to return products for any number of reasons. Rights of return refers to circumstances, whether as a matter of contract or of existing practice, under which a product may be returned after its sale either in exchange for a cash refund, or for a credit applied to amounts owed or to be owed for other products, or in exchange for other products. GAAP allows companies to recognize revenue in certain cases, even though the customer may have a right of return. When customers are given a right of return, revenue may be recognized at the time of sale if the sales price is substantially fixed or determinable at the date of sale, the buyer has paid or is obligated to pay the seller, the obligation to pay is not contingent on resale of the product, the buyer’s obligation to the seller does not change in the event of theft or physical destruction or damage of the product, the buyer acquiring the product for resale is economically separate from the seller, the seller does not have significant obligations for future performance or to bring about resale of the product by the buyer, and the amount of future returns can be reasonably estimated.

Sales revenue not recognizable at the time of sale is recognized either once the return privilege has substantially expired or if the conditions have been subsequently met. Companies sometimes stray by establishing accounting policies or sales agreements that grant customers vague or liberal rights of returns, refunds, or exchanges; that fail to fix the sales price; or that make payment contingent upon resale of the product, receipt of funding from a lender, or some other future event. Payment terms that extend over a substantial portion of the period in which the customer is expected to use or market the purchased products may also create problems. These terms effectively create consignment arrangements, because, no economic risk has been transferred to the purchaser.

Frauds in connection with rights of return typically involve concealment of the existence of the right, either by contract or arising from accepted practice, and/or departure from GAAP specified conditions. Concealment usually takes one or more of the following forms:

• Use of side letters: created and maintained separate and apart from the sales contract, that provide the buyer with a right of return;

• Obligations by oral promise or some other form of understanding between seller and buyer that is honored as a customary practice but arranged covertly and hidden;

• Misrepresentations designed to mischaracterize the nature of arrangements, particularly in respect of:

–Consignment arrangements made to appear to be final sales;

–Concealment of contingencies, under which the buyer can return the products, including failure to resell the products, trial periods, and product performance conditions;

–Failure to disclose the existence, or extent, of stock rotation rights, price protection concessions, or annual returned-goods limitations;

–Arrangement of transactions, with straw counterparties, agents, related parties, or other special purpose entities in which the true nature of the arrangements is concealed or obscured, but, ultimately, the counterparty does not actually have any significant economic risk in the “sale”.

Sometimes the purchaser is complicit in the act of concealment, for example, by negotiating a side letter, and this makes detection of the fraud even more difficult. Further, such frauds often involve collusion among several individuals within an organization, such as salespersons, their supervisors, and possibly both marketing and financial managers.

It’s easy to see that once a CFE has identified one or more of these concealment strategies as operative in a given entity, the process of developing a descriptive fraud scenario, completing a related risk assessment and constructing a fraud examination program will be a relatively straight forward process. As a working example, of a senario and related concealment strategies …

Over two decades ago the SEC charged a major computer equipment manufacturer with overstating revenue in the amount of $500,000 on transactions for which products had been shipped, but for which, at the time of shipment, the company had no reasonable expectation that the customer would accept and pay for the products. The company eventually accepted back most of the product as sales returns during the following quarter.

The SEC noted that the manufacturer’s written distribution agreements generally allowed the distributor wide latitude to return product to the company for credit whenever the product was, in the distributor’s opinion, damaged, obsolete, or otherwise unable to be sold. According to the SEC, in preparing the manufacturer’s financial statements for the target year, company personnel submitted a proposed allowance for future product returns that was unreasonably low in light of the high level of returns the manufacturer had received in the first several months of the year.

The SEC determined that various officers and employees in the accounting and sales departments knew the exact amount of returns the company had received before the year end, when the company’s independent auditors finished their fieldwork on the annual audit. Had the manufacturer revised the allowance for sales returns to reflect the returns information, the SEC concluded it would have had to reduce the net revenue reported for the fiscal year. Instead, the SEC found that several of the manufacturer’s officers and employees devised schemes to prevent the auditors from discovering the true amount of the returns, including 1), keeping the auditors away from the area at the manufacturer’s headquarters where the returned goods were stored, and 2), accounting personnel altering records in the computer system to reduce the level of returns. After all the facts were assembled, the SEC took disciplinary action against several company executives.

As with side agreements, a broad base of inquiry into company practices may be one of the best assessment techniques the CFE has regarding possible concealment strategies supporting fraud scenarios involving returns and exchanges. In addition to inquiries of this kind, the ACFE recommends that CFE’s may consider using analytics like:

• Compare returns in the current period with prior periods and ask about unusual increases.

• Because companies may slow the return process to avoid reducing sales in the current period, determine whether returns are processed in timely fashion. The facts can also be double-checked by confirming with customers.

• Calculate the sales return percentage (sales returns divided by total sales) and ask about any unusual increase.

• Compare returns after a reporting period with both the return reserve and the monthly returns to determine if they appear reasonable.

• Determine whether sales commissions are paid at the time of sale or at the time of collection. Sales commissions paid at the time of sale provide incentives to inflate sales artificially to meet internal and external market pressures.

• Determine whether product returns are adjusted from sales commissions. Sales returns processed through the so-called house account may provide a hidden mechanism to inflate sales to phony customers, collect undue commissions, and return the product to the vendor without being penalized by having commissions adjusted for the returned goods.