The DNA of a forensic accountant

Today, fraud is epidemic. You don't read that much about it for any number of reasons, but mostly because companies are reluctant to self-report falsifications due to the negative publicity and other adverse actions that could befall them. The major financial statement frauds we do read about do capture our attention, but they are not typical of most significant financial fraud. After all, the incidence rate for material financial statement fraud is only 2%. However, the incidence rate for significant misappropriation of assets is 35% according to the 2003 Economic Crime Survey conducted by PwC. To order your copy of the 2003 PwC Economic Crime Survey, simply click on the icon on the home page of this web site.

Every organization employs a fraudster performing his devious deeds as you are reading this article. Even in those companies where the management believes their organization to be "99 and 44/100 % pure", just like the old Ivory Soap commercials, this still means that for an organization with 1,000 employees, there are at least five of them running around trying to wreck the company. Most would agree – that's five people too many. Fortunately, there is an efficient mechanism to both detect and deter fraud which is the subject of this article… Data Mining.

The Sarbanes-Oxley Act has required public companies to implement antifraud mechanisms which will have the effect of detecting more fraud and in so doing, deter future frauds as well. However, many companies do not currently take advantage of the vast amounts of electronic data they already have stored on their servers which, statistically speaking, absolutely contain the "smoking gun" to reveal fraud that is occurring in virtually every organization in this country.

For instance, virtually all organizations, at a minimum, maintain electronic data on its financial transactions (General Ledger transactions), customer, vendor, and employee master file data. This electronic data is utilized as a means to operate its business functions. Used in a proactive sense, this data can reveal hidden frauds that otherwise may not be detected on a timely basis, if at all. In the world of forensic accounting, this practice is referred to as data mining.

Data mining is the art of analyzing large amounts of data in a manner that detects obscure facts, trends, or inconsistencies in a complete and efficient manner utilizing "intelligent" computer applications. Conducted properly, data mining can be used to proactively detect fraud before a company becomes a victim experiencing material losses making them the next headline scandal. Once data such as journal entries, employee, customer and vendors master file data, as well as check registers are obtained in electronic form, a series of procedures can be performed to identify high-risk and suspicious transactions. These initial procedures include identifying:

• Unusual journal entries such as those for large, even dollar amounts, or recurring at various quarter-ends, etc.;
• Highest paid vendors on a comparative basis;
• Vendor and employee addresses which match to a PwC developed and maintained database consisting of about 30,000 high-risk and suspect addresses, such as Mail Boxes Etc., or other such mail drops;
• Vendor address matching against employee addresses;
• Different vendors with the same address, or same address, different vendors;
• Changes in aggregate amounts paid to vendors over time;
• Payments of employees salaries and bonuses not in agreement with master file data, or to terminated employees;
• Check register "voids" and "gaps";
• Payments made under various approval limits.

In total, over 50 reports are generated from automatic routines from of the company's data on a 100% basis, not sampling. All of these routines were developed based upon our own fraud cases.

PricewaterhouseCoopers' proprietary software applications
Over the years our computer forensic group has developed sophisticated software tools to extract, interrogate and summarize for reporting and efficient review, suspicious data requiring examination. These are not "off-the-shelf" applications. Rather, we have developed them based upon the thousands of frauds and hundreds of fraudulent schemes which we have experienced in conducting our everyday investigations. They are constantly being improved and updated as new schemes become known to us or techniques improve the efficiency and accuracy of our forensic examination. These applications are Oracle based and can handle the largest of corporate files. Key attributes of these software applications are:


• Uses 100% data set for multiple years as opposed to reliance on sampling techniques;
• Brings quick focus to help narrow the investigation (by its very nature an inefficient process), thereby eliminating unnecessary procedures;
• Automatically generates over 50 reports;
• Flexible and customizable to specific company's systems and industries;
• Identifies suspicious transactions for further analysis;
• State of the art matching capability including fuzzy logic, acronym, noise word replacement and much more.
  

PricewaterhouseCoopers' experienced forensic accounting specialists
Once the reports are generated, the real work begins. A project designed to detect fraud can not be accomplished without efficient and complete extraction of relevant data and analysis by competent and experienced forensic accounting specialists to correctly interpret the results. In order to properly interpret the data, the data mining professional must work closely with the appropriate company personnel to substantiate or refute high-risk areas identified. This can often be a painstaking process requiring a great deal of patience and expertise. Intelligently identifying next steps, based upon the results of data mining and examination of the underlying evidence, is where the right professional can provide the most value.

A few examples of our findings produced by successful data mining have included:

1. After reviewing the highest paid vendors of a U.S. client with operations abroad, it was determined that several particular vendors required further investigation. Effective data mining led to the discovery of a packaging supplier being paid over $4,000,000 per year and not supplying any product to the company. Upon further investigation it was revealed that the "supplier" was operating out of a small house in a modest neighborhood. The first tip resulted from a match between a former employee's address and the vendor address. This was the initial scheme which later became more sophisticated with the bogus supplier actually registering with the secretary of state to feign legitimacy.
   
2. During a recent investigation, we obtained our client's electronic general ledger transaction detail in order to determine what accounts may have been affected by the alleged fraudulent acts. During this process we utilized PwC’s developed software (G/L Tool) to assist in focusing our efforts on specific accounts, which were at the greatest risk for fraud. Alternatively, we would have had to painstaking review each of the client accounts manually, which exceeded 5,000. This proprietary PwC software allowed us to review journal entries entered by specific users/individuals, within specific dollar amounts or created during certain time frames. It then created a database which we then used to interrogate all the data on a 100%, not test basis.
   
3. A vendor was issuing invoices on a regular basis over a period of several months. These invoices ranged from $2,000 to more than $50,000. After a more thorough review by utilizing automated routines, we noted that the vendor's invoice numbers were sequential indicating that this vendor had only one customer, our client. Not surprisingly, the invoices later deemed to be fraudulent.
   
4. During a recent post-due diligence investigation, data mining uncovered payments to family members of government officials. The related government officials were integral in securing building permits for an area not designated for our client's business. These payments resulted in the company now becoming aware of FCPA violations enabling them to self-report the infractions to the Government, a wise pre-emptive decision no doubt saving the company from criminal sanctions and negative publicity.
   
5. A senior officer of a national non-profit organization was issuing invoices to his own organization using fictitious company names with addresses at various mail drop locations.

Oftentimes, the data mining process requires the forensic professional to create the database to be analyzed. For instance, an expense report system normally does not contain the requisite data to allow for data mining comparing expense reports for multiple employees over various expense reporting cycles. The database of expense reports is created using hard copy expense reports. One of these data mining exercises yielded the following information:


• Multiple employees had submitted expense reports and been "reimbursed" for the same flight tickets, when in fact only one employee had actually used the ticket.
• Some employees would submit expenses for flights not taken, and instead submitted their credit card statements showing charges for refundable tickets. Later these employees cancelled the flights and received reimbursement from not only their employer, but from the credit card company as well.
• Employees submitting the same expense twice. Once using the actual receipt, and again by submitting their credit card statement or a copy of the previously submitted receipt.
• Employees submitting receipts that were torn at the top, hiding the true nature of the expense.

While it may seem easy to spot these defalcations, it is not. The most efficient manner in which to discover these violations is to build a database and search it in its entirety utilizing pre-programmed routines prepared having the benefit of common expense reporting schemes.

Data mining has become an increasingly important task as organizations deal with the alarming high profile fraud cases that have rocked US businesses. The difficulty, oftentimes, lies not in a company's decision to use data mining as a tool to unlock hidden patterns, but in deciding who should perform the data mining and subsequent analysis.

In an effort to achieve cost savings, companies attempt to perform these procedures in-house. They encounter difficulties in training, retention of experienced investigators, as well as not having the consistency of doing this type of work on a regular basis and becoming highly skilled. Fraud audit training, while important to the development of a competent financial crimes investigator, is secondary to actual experience in performing investigations. Only through having the experience of performing many investigations are you assured that the forensic examiner is best positioned to discover deceit. Keep in mind that performing an investigation is a "black box". There are few, if any, auditable procedures enabling management or the board to assure that the correct investigative procedures were executed in a manner such that existing fraud would have been discovered. For this reason alone, it is critical to use highly trained and experienced forensic accounting professionals to perform the fraud audit procedures. By turning to and relying upon these experts, the company can achieve a great deal more from the results.





Contact Name

Ryan Murphy
PricewaterhouseCoopers
Phone: +1 (312) 298-3109
E-mail: ryan.d.murphy@us.pwc.com

Publications Search Page