Upload
haliem
View
214
Download
0
Embed Size (px)
Citation preview
FA, Inc.
ACFE CONFERENCE
© Fraud Auditing, Inc. Slide 2
FA, Inc.
GOOD MORNING
DO YOU HAVE SHELL CORPORATIONS IN YOUR ACCOUNTS PAYABLE FILE?
IF SO, HOW MUCH MONEY HAVE YOU LOST DUE TO FRAUD?
© Fraud Auditing, Inc. Slide 3
FA, Inc.
IS THIS PERSON IN YOUR ACCOUNTS PAYABLE FILE?
Next, the shell corporation audit approach
© Fraud Auditing, Inc. Slide 4
FA, Inc.
PART I:UNDERSTANDING THE INHERENT SCHEME APPROACH
PART II: UNDERSTANDING THE FRAUD AUDIT
PART III: SOPHISICATION OF CONCEALMENT STRATEGIES
PART IV: DATA MINING TECHINQUES TO LOCATE SHELL CORPORATIONS
PART V: FRAUD AUDIT PROCEDURES TO IDENTIFY SHELL CORPORATIONS
© Fraud Auditing, Inc. Slide 5
FA, Inc.
WHAT IS A SHELL CORPORATION ?
Entity structure which is used for an illegal purpose
Typical characteristicsLegally created
No physical presence
Employ no one and produce nothing
Exists in name only
Internal employee to organized crime
© Fraud Auditing, Inc. Slide 6
FA, Inc.
SHELL CORPORATION:PERMUTATIONS
Created by perpetratorName only
Legally createdStand alone
Embedded with other legal entities
Assumed by perpetratorExists in Accounts Payable, changes information
Does not exist in accounts payable, causes vendor to be added to the file
Occasional takeover of vendor identity
Theft of vendor check, false endorsement
© Fraud Auditing, Inc. Slide 7
FA, Inc.
FRAUD RISK STRUCTURE
How a fraud is perpetrated and concealed in an account balance,
class of transactions, or in the assertions
Identified Fraud Risk
Inherent Scheme
Fraud Scenario
Generic description of a fraud risk; Comprised of an entity and action
How the inherent scheme occurs within your business system
© Fraud Auditing, Inc. Slide 8
FA, Inc.
INHERENT SCHEME STRUCTURE
All inherent schemes have two aspectsEntity structure
Fraudulent action
Fraud audit starts with the entity structure
Entity structure links to the fraudulent actionFalse billing
Pass thru billing
Overbilling
© Fraud Auditing, Inc. Slide 9
FA, Inc.
INHERENT FRAUD PRINCIPLES
Each business system has a finite and predictable list of inherent fraud schemes
Each inherent fraud scheme has a finite and predictable list of fraud permutations
Each inherent fraud scheme permutation creates a finite and predictable list of fraud scenarios
The number of fraud scenarios facing a business system can be computed with mathematical precision
© Fraud Auditing, Inc. Slide 10
FA, Inc.
INHERENT FRAUD SCHEMES EXAMPLE: DISBURSEMENT
Shell corporationsFalse billing: No Goods or Services
Pass-through billing: Received Goods
Real corporationsOverbilling: Vendor Complicit
Disguised purchase: Vendor Not Complicit
Check theft: Vendor Not Involved
THE PREDICTABLE PHASE
© Fraud Auditing, Inc. Slide 11
FA, Inc.
FRAUD SCENARIO: HOW DOES FRAUD OCCUR IN YOUR COMPANY?
Start with the inherent schemeUnderstand the organization’s business processComplete the permutation analysisJudgment on the drill-down process
Goal: to describe how the inherent fraud scheme occurs within your company
© Fraud Auditing, Inc. Slide 12
FA, Inc.
BUILDING THE FRAUD SCENARIO: CONSIDERATIONS
Permutation analysisEntity
Opportunity
Transaction
Extent of drill-downBusiness processClass of transactions
Account- or person-specific
© Fraud Auditing, Inc. Slide 13
FA, Inc.
FRAUD OPPORTUNITY: PERMUTATIONS
No internal controlVia internal controls: job opportunity
Direct accessIndirect accessOther access
Internal control inhibitorsNon-performance internal controlSystem override featureLogical collusionManagement override
© Fraud Auditing, Inc. Slide 14
FA, Inc.
TRANSACTIONSPERMUTATIONS
Dependent on your business systems
Tends to focus on codes within business application, i.e.:
Payment via check
Payment via ACH
Payment via wire
© Fraud Auditing, Inc. Slide 15
FA, Inc.
HOW THE AUDITOR BUILDS A SCENARIO
Customize Inherent Scheme
Merge: Business process and permutation analysis
© Fraud Auditing, Inc. Slide 16
FA, Inc.
PART I:UNDERSTANDING THE INHERENT SCHEME APPROACH
PART II: UNDERSTANDING THE FRAUD AUDIT
© Fraud Auditing, Inc. Slide 17
FA, Inc.
WHAT IS THE FRAUD AUDIT?
Application of audit procedures to a population of business transactions to increase the likelihood of locating and recognizing fraud scenarios
Uses all of your audit skills
© Fraud Auditing, Inc. Slide 18
FA, Inc.
FRAUD AUDITING PREMISE
Must:Link to the fraud scenario
Based on decision tree analysis
Conclusion based
Each fraud scenario must have a unique:Sampling strategy
Specific audit procedure
Evidence considerations
© Fraud Auditing, Inc. Slide 19
FA, Inc.
METHODOLOGY:THE FRAUD AUDITOR
Identification
Assessment
Response
Conclusion
© Fraud Auditing, Inc. Slide 20
FA, Inc.
STEP 1: IDENTIFICATION
Build the fraud scenario consistent with the fraud risk structure
Identify all permutations
Do not exclude fraud scenario because of perceived internal controls
Warning: High-level risk identification will result in audit program not being on point with the fraud scenario
© Fraud Auditing, Inc. Slide 21
FA, Inc.
STEP 2: ASSESSMENT
Control assessment, fraud scenario should not occur
Data assessment, fraud scenario did not occur within the scope period
Remember, the world’s best audit program cannot detect fraud scenarios unless the sample includes one or more fraudulent transactions
© Fraud Auditing, Inc. Slide 22
FA, Inc.
STEP 3: RESPONSE
Focus on the authenticity of the representation made by:
Document, control, or person
Focus on the entity structure firstLegal structure
Physical structure
Business capacity
Next, entity structure analysis will determine the action component of the fraud scenario
© Fraud Auditing, Inc. Slide 23
FA, Inc.
STEP 4: FRAUD CONCLUSION
© Fraud Auditing, Inc. Slide 24
FA, Inc.
FRAUD RESPONSE FRAUD AUDIT APPROACH: LOOKING AT TRANSACTIONS THAT MEET THE DATA PROFILE
Data Mining
Fraud Audit Procedure
© Fraud Auditing, Inc. Slide 25
FA, Inc.
PART I:UNDERSTANDING THE INHERENT SCHEME APPROACH
PART II: UNDERSTANDING THE FRAUD AUDIT
PART III: SOPHISICATION OF CONCEALMENT STRATEGIES
Next section is important
© Fraud Auditing, Inc. Slide 26
FA, Inc.
HOW DOES THE PERPETRATOR CONCEAL FRAUD?
Each scenario has typical concealment strategies; but how the strategy is implemented varies
Strategies used to hide the truthFalse documents
False representationsFalse approvals
Control inhibitorsControl avoidance
Blocking the flow of informationBelow the control “radar”
© Fraud Auditing, Inc. Slide 27
FA, Inc.
FRAUD SOPHISTICATION CHARTDETECTION OF FRAUD
FRAUD DETECTION BAR
© Fraud Auditing, Inc. Slide 28
FA, Inc.
FRAUD RED FLAGS
Condition(s) that:Can be observed through the audit process
Link to the fraud concealment strategy
Associated with:Types of events
Data
Documents
Controls
Behaviors
Patterns and frequency
Correlated to person or entity
© Fraud Auditing, Inc. Slide 29
FA, Inc.
RED FLAG PREMISE
•Red flags cause an increased sensitivity to fraud propensity•Not all red flags hold the same weight as to the fraud propensity•Weight of the red flag(s) correlate to the predictability of fraud occurrence
© Fraud Auditing, Inc. Slide 30
FA, Inc.
AWARENESS OF THE RED FLAGS OF FRAUD
© Fraud Auditing, Inc. Slide 31
FA, Inc.
RED FLAG APPROACH
Trigger red flagEvent is significant enough to cause the use of a fraud audit procedure
Awareness red flagTotality of the awareness red flags cause the use of a fraud audit procedure
© Fraud Auditing, Inc. Slide 32
FA, Inc.
LOW SOPHISTICATION OF CONCEALMENT
Direct matches of fraud entity structure to another known entity structure
Entity identifying information links to known identifying information of perpetrator
Sample selection relies on data mining approach
Sample size ranges from zero to a large number
© Fraud Auditing, Inc. Slide 33
FA, Inc.
MEDIUM SOPHISTICATION OF CONCEALMENT
Direct matching routines are less effective
Filtering techniques to reduce the number of entities
Some aspect of the perpetrators’ known identifying information
Sample selection relies on data interpretation and scenario-specific data mining routines
Sample size tends to be judgmental
© Fraud Auditing, Inc. Slide 34
FA, Inc.
HIGH SOPHISTICATION OF CONCEALMENT
Direct matches seldom occur
Fraudulent activity may be linked to multiple entities or small dollar transactions
Entity activity has no relationship with perpetrators’ known identifying information
Sample selection relies on data interpretation skills versus direct matching
© Fraud Auditing, Inc. Slide 35
FA, Inc.
ILLUSTRATION SOPHISTICATIONBANK ACCOUNT NUMBERS
Low Sophistication
Medium Sophistication
High Sophistication
Match to routing and account number
Correlate to bank routing number
No correlation
© Fraud Auditing, Inc. Slide 36
FA, Inc.
PART I:UNDERSTANDING THE INHERENT SCHEME APPROACH
PART II: UNDERSTANDING THE FRAUD AUDIT
PART III: SOPHISICATION OF CONCEALMENT STRATEGIES
PART IV: DATA MINING TECHINQUES TO LOCATE SHELL CORPORATIONS
© Fraud Auditing, Inc. Slide 37
FA, Inc.
WHAT IS FRAUD DATA ANALYSIS?
The process of extracting and interpreting information to identify patterns and frequencies that are indicative of a fraud scenario
Search for transactions that are consistent with a fraud data profile for a specific fraud scenario
© Fraud Auditing, Inc. Slide 38
FA, Inc.
WHAT IS A FRAUD DATA PROFILE?Purpose is to describe the characteristics or attributes commonly associated with a specific fraud scenario
Often referred to as the red flags of fraud
Fraud characteristics is data
Indicators are typically associated with a fraud scenario, although not definitive of fraud
Identify data that causes an entity or transaction to be selected for audit
© Fraud Auditing, Inc. Slide 39
FA, Inc.
OUR GUIDELINESDATA CONSIDERATIONS
Data that tends to conceal identify:
Common name
No physical addressData that controls access to the information
No telephone number
No contact informationData designed to limit visibility (transparency)of transaction
Below a thresholdAvoid specific matching—i.e., open PO’s
© Fraud Auditing, Inc. Slide 40
FA, Inc.
SEARCHING FOR SHELL CORP THRU MASTER FILE DATA
Master file dataName
Address
Telephone number
Bank account number
Create date
© Fraud Auditing, Inc. Slide 41
FA, Inc.
VENDOR IDENTIFICATION INFORMATION
Missing, duplicate, or matching on vendor identifying information
Non-Descriptive Names: Search for names with “X” number of consonants
Matching Addresses: Search on numeric strings
Missing or Duplicate Telephone Number
Bank Account Numbers: Matching on account or routing number
© Fraud Auditing, Inc. Slide 42
FA, Inc.
VENDOR NAME PATTERNS
Names that are non-descriptive
Names that are or include initials
No Inc, LLC, Ltd, etc. in vendor name
Name in vendor file multiple times
Look alike vendor
Temporary vendor
© Fraud Auditing, Inc. Slide 43
FA, Inc.
ADDRESS PATTERNS
No physical address
PO Box address
Address match to employee or customer address
Address match to mailbox services
Duplicate address
© Fraud Auditing, Inc. Slide 44
FA, Inc.
ADDRESS PATTERNS
Zip code analysis consistent with zip code of perpetrator
Address not consistent with telephone number
Address contains room or floor number
Duplicate street or PO Box number
Multiple vendors at the same address
Caution: vendor address in the master file is not always the vendor physical address
© Fraud Auditing, Inc. Slide 45
FA, Inc.
TELEPHONE PATTERNS
No telephone number
Duplicate telephone
Area code is not consistent with address
First three numbers consistent with cell telephone number exchanges
Telephone number matched to employee data base
© Fraud Auditing, Inc. Slide 46
FA, Inc.
BANK ACCOUNT PATTERNS
Missing bank account number
Match to other bank account number
Match to routing number
No match
© Fraud Auditing, Inc. Slide 47
FA, Inc.
SEARCHING FOR THE FRAUDULENT ACTION
Control number, date, and amount for:Purchase order
Vendor invoice
Disbursement
Receiving
© Fraud Auditing, Inc. Slide 48
FA, Inc.
SEARCHING FOR THE FRAUDULENT ACTION
Pattern and frequency
Circumvention strategies
Changes
Inconsistent
Trends
Mistakes
High degree of sophistication
© Fraud Auditing, Inc. Slide 49
FA, Inc.
ILLUSTRATION:MAPPING DATA ON VENDOR INDENTITY
Telephone Number
False company
Pass through company
Overbilling
False company
Pass through company
Overbilling
Favoritism
Missing Telephone NumberYesYesNo
Duplicate Telephone Number
NoYesNoYes
© Fraud Auditing, Inc. Slide 50
FA, Inc.
ILLUSTRATION:DATA MAPPING ON ACTION
Vendor Invoice Number
Missing
Duplicate
Sequential
Non-sequential
Interval
Random
Date
Special symbol included in number
Search Results:
Payment without invoice
Refund or overbill
False or pass thru vendor
False or pass thru vendor
False or pass thru vendor
False or pass thru vendor
False or pass thru vendor
False billing thru real vendor
© Fraud Auditing, Inc. Slide 51
FA, Inc.
WHAT IS A: FALSE BILLING ACTION
Billed for goods or services not provided
Entity structure is either shell corporation or a real corporation
Who is receiving the economic benefit drives the data mining
Internal Employee
Company
Key: Loss calculation is invoice amount
© Fraud Auditing, Inc. Slide 52
FA, Inc.
OUR EXPERINCEFALSE BILLING ACTION
DATA MINING TENDENCIESPattern and frequency of invoice numbers and amounts
Pattern and frequency of invoice amounts below control threshold
Lack of purchase order or use of dormant purchase order
Speed of payment greater than normal
Address within a radius of the corporate address
Tends to be service-based categories
© Fraud Auditing, Inc. Slide 53
FA, Inc.
OUR EXPERINCEFALSE BILLING ACTION
Aggregate vendor spending levels, bottom third of spending levels
Frequency is less than 52 records per year
Maximum invoice amount below key approval levels
Minimum invoice amount above $1,000
Average invoice amount within a consistent pattern
Focus on need for money, life-style issues
Focus on need for money, income supplementation
© Fraud Auditing, Inc. Slide 54
FA, Inc.
What Is a: Pass Thru Fraud Action
Billed for goods or services that are received
Entity structure is a shell corporation
Opportunity analysis drives the data miningInternal employee creates
Sales person at real supplier creates and colludes with internal employee
Cost-plus type contract, customer employee directs the contractor to use a specific vendor
Key: Loss calculation is based on fraud margin
Data mining approach varies by opportunity permutations
© Fraud Auditing, Inc. Slide 55
FA, Inc.
OUR EXPERIENCESPASS THRU ACTION
DATA MINING TENDENCIES: INTERNAL EMPLOYEE
Pattern and frequency of invoice numbers and amounts
No specific pattern to invoice amounts
Tends to reside in supply items, less likely to be in inventory items
Service categories that correlate to business brokers
© Fraud Auditing, Inc. Slide 56
FA, Inc.
OUR EXPERIENCESPASS THRU ACTION
Aggregate vendor spend levels, middle third
No specific frequency
Invoice amount is not a critical red flag
© Fraud Auditing, Inc. Slide 57
FA, Inc.
VENDOR INVOICE
Pattern and frequency of invoice numbers and amounts
Compare Beginning Invoice Number to Ending Invoice Number
Compute Range of Numbers
Compute Date Range
Search for Sequential Pattern or Limited Range Pattern
Correlate to Creation Date
© Fraud Auditing, Inc. Slide 58
FA, Inc.
VENDOR INVOICE
Pattern of Day of Week
Pattern of Purchase Order Issue
Frequency of Amount Below Control Level
© Fraud Auditing, Inc. Slide 59
FA, Inc.
PART I:UNDERSTANDING THE INHERENT SCHEME APPROACH
PART II: UNDERSTANDING THE FRAUD AUDIT
PART III: SOPHISTICATION OF CONCEALMENT STRATEGIES
PART IV: DATA MINING TECHINQUES TO LOCATE SHELL CORPORATIONS
PART V: FRAUD AUDIT PROCEDURES TO IDENTIFY SHELL CORPORATIONS
© Fraud Auditing, Inc. Slide 60
FA, Inc.
DESIGN OF FRAUD AUDIT PROCEDURE
Must be designed for the specific fraud
scheme
Correlation between evidence considered and fraud detection
Must consider the concealment strategies
corresponding to the specific fraud scheme
Design audit approach based on the mechanics of the fraud scheme and
concealment strategy
Fraud Audit Procedure
© Fraud Auditing, Inc. Slide 61
FA, Inc.
FRAUD AUDITING PREMISE
Must:Link to the fraud scenario
Gathers information, basis of entity and action
Based on decision tree analysis
Conclusion based
Must include:Sampling strategy
Specific fraud audit procedure
Evidence considerations
© Fraud Auditing, Inc. Slide 62
FA, Inc.
DECISION TREE FOR FRAUD AUDIT PROCEDURES
Starts with each fraud scenarioIdentify an event associated with the evidence that can be observed and measuredIdentify source of evidenceTriggering event to formulate a decisionBased on evidence
No—additional work is not necessaryYes—additional work is necessary
If yes, additional procedures to be performedIf yes, what is a suspicious transaction?
© Fraud Auditing, Inc. Slide 63
FA, Inc.
LINK TO THE FRAUD SCENARIO
False vendorDetermine the legal existence
Determine the physical existence
Determine that the vendor has the capacity to conduct the business described on the invoice
FRAUD SCENARIO FRAUD RESPONSE
© Fraud Auditing, Inc. Slide 64
FA, Inc.
DETERMINE THE LEGAL EXISTENCE: CREATED
Establish that the entity is a legal corporation
Created entityCorrelation of incorporation date to vendor creation date
Names and addresses correlate to employee, dependants or other attached names
Affiliation with trade organizations
Media information
UCC documents
© Fraud Auditing, Inc. Slide 65
FA, Inc.
DETERMINE THE LEGAL EXISTENCE: ASSUMED
Establish that the entity is a legal corporation
Assumed entityGovernment address correlates to business address
Telephone number correlates to published telephone numbers
Confirm bank accounts
Discrepancies with government identification number
© Fraud Auditing, Inc. Slide 66
FA, Inc.
DETERMINE THE PHYSICAL EXISTENCE
Pretext visit
Site visit
Internet search engines
Telephone verification
Use of private investigators perform background searches
Various public records
Interview competitors
© Fraud Auditing, Inc. Slide 67
FA, Inc.
DETERMINE THAT THE VENDOR HAS THE CAPACITY TOCONDUCT THE BUSINESS DESCRIBED ON THE INVOICE
Examine website
Product description as to:SKU #, focus on number of digits
Alpha description of product
Proof of insuranceLiability
Workers’ compensation
Shipping documents
Reference checking
© Fraud Auditing, Inc. Slide 68
FA, Inc.
Evidence to suggest the vendor is a shell corp.? SHELL CORP.
DECISION TREE FOR FRAUD AUDIT PROCEDURES
© Fraud Auditing, Inc. Slide 69
FA, Inc.
Evidence to suggest the vendor is a shell corp.?
2.5 million dollars later
SHELL CORP.
DECISION TREE FOR FRAUD AUDIT PROCEDURES: CONCLUSION
© Fraud Auditing, Inc. Slide 70
FA, Inc.
FRAUD AUDIT NOW BECOMES A FRAUD INVESTIGATION
Refute or corroborate
Located scenario: Expand audit scope
© Fraud Auditing, Inc. Slide 71
FA, Inc.
THAT’S ALL FOLKS
THANK YOU
QUESTIONS