title of course - fraudconference.com · |often referred to as the red flags of fraud |fraud...

FA, Inc.

ACFE CONFERENCE

© Fraud Auditing, Inc. Slide 2

FA, Inc.

GOOD MORNING

DO YOU HAVE SHELL CORPORATIONS IN YOUR ACCOUNTS PAYABLE FILE?

IF SO, HOW MUCH MONEY HAVE YOU LOST DUE TO FRAUD?


FA, Inc.

IS THIS PERSON IN YOUR ACCOUNTS PAYABLE FILE?

Next, the shell corporation audit approach


FA, Inc.

PART I:UNDERSTANDING THE INHERENT SCHEME APPROACH

PART II: UNDERSTANDING THE FRAUD AUDIT

PART III: SOPHISICATION OF CONCEALMENT STRATEGIES

PART IV: DATA MINING TECHINQUES TO LOCATE SHELL CORPORATIONS

PART V: FRAUD AUDIT PROCEDURES TO IDENTIFY SHELL CORPORATIONS


FA, Inc.

WHAT IS A SHELL CORPORATION ?

Entity structure which is used for an illegal purpose

Typical characteristicsLegally created

No physical presence

Employ no one and produce nothing

Exists in name only

Internal employee to organized crime


FA, Inc.

SHELL CORPORATION:PERMUTATIONS

Created by perpetratorName only

Legally createdStand alone

Embedded with other legal entities

Assumed by perpetratorExists in Accounts Payable, changes information

Does not exist in accounts payable, causes vendor to be added to the file

Occasional takeover of vendor identity

Theft of vendor check, false endorsement


FA, Inc.

FRAUD RISK STRUCTURE

How a fraud is perpetrated and concealed in an account balance,

class of transactions, or in the assertions

Identified Fraud Risk

Inherent Scheme

Fraud Scenario

Generic description of a fraud risk; Comprised of an entity and action

How the inherent scheme occurs within your business system


FA, Inc.

INHERENT SCHEME STRUCTURE

All inherent schemes have two aspectsEntity structure

Fraudulent action

Fraud audit starts with the entity structure

Entity structure links to the fraudulent actionFalse billing

Pass thru billing

Overbilling


FA, Inc.

INHERENT FRAUD PRINCIPLES

Each business system has a finite and predictable list of inherent fraud schemes

Each inherent fraud scheme has a finite and predictable list of fraud permutations

Each inherent fraud scheme permutation creates a finite and predictable list of fraud scenarios

The number of fraud scenarios facing a business system can be computed with mathematical precision


FA, Inc.

INHERENT FRAUD SCHEMES EXAMPLE: DISBURSEMENT

Shell corporationsFalse billing: No Goods or Services

Pass-through billing: Received Goods

Real corporationsOverbilling: Vendor Complicit

Disguised purchase: Vendor Not Complicit

Check theft: Vendor Not Involved

THE PREDICTABLE PHASE


FA, Inc.

FRAUD SCENARIO: HOW DOES FRAUD OCCUR IN YOUR COMPANY?

Start with the inherent schemeUnderstand the organization’s business processComplete the permutation analysisJudgment on the drill-down process

Goal: to describe how the inherent fraud scheme occurs within your company


FA, Inc.

BUILDING THE FRAUD SCENARIO: CONSIDERATIONS

Permutation analysisEntity

Opportunity

Transaction

Extent of drill-downBusiness processClass of transactions

Account- or person-specific


FA, Inc.

FRAUD OPPORTUNITY: PERMUTATIONS

No internal controlVia internal controls: job opportunity

Direct accessIndirect accessOther access

Internal control inhibitorsNon-performance internal controlSystem override featureLogical collusionManagement override


FA, Inc.

TRANSACTIONSPERMUTATIONS

Dependent on your business systems

Tends to focus on codes within business application, i.e.:

Payment via check

Payment via ACH

Payment via wire


FA, Inc.

HOW THE AUDITOR BUILDS A SCENARIO

Customize Inherent Scheme

Merge: Business process and permutation analysis


FA, Inc.




FA, Inc.

WHAT IS THE FRAUD AUDIT?

Application of audit procedures to a population of business transactions to increase the likelihood of locating and recognizing fraud scenarios

Uses all of your audit skills


FA, Inc.

FRAUD AUDITING PREMISE

Must:Link to the fraud scenario

Based on decision tree analysis

Conclusion based

Each fraud scenario must have a unique:Sampling strategy

Specific audit procedure

Evidence considerations


FA, Inc.

METHODOLOGY:THE FRAUD AUDITOR

Identification

Assessment

Response

Conclusion


FA, Inc.

STEP 1: IDENTIFICATION

Build the fraud scenario consistent with the fraud risk structure

Identify all permutations

Do not exclude fraud scenario because of perceived internal controls

Warning: High-level risk identification will result in audit program not being on point with the fraud scenario


FA, Inc.

STEP 2: ASSESSMENT

Control assessment, fraud scenario should not occur

Data assessment, fraud scenario did not occur within the scope period

Remember, the world’s best audit program cannot detect fraud scenarios unless the sample includes one or more fraudulent transactions


FA, Inc.

STEP 3: RESPONSE

Focus on the authenticity of the representation made by:

Document, control, or person

Focus on the entity structure firstLegal structure

Physical structure

Business capacity

Next, entity structure analysis will determine the action component of the fraud scenario


FA, Inc.

STEP 4: FRAUD CONCLUSION


FA, Inc.

FRAUD RESPONSE FRAUD AUDIT APPROACH: LOOKING AT TRANSACTIONS THAT MEET THE DATA PROFILE

Data Mining

Fraud Audit Procedure


FA, Inc.




Next section is important


FA, Inc.

HOW DOES THE PERPETRATOR CONCEAL FRAUD?

Each scenario has typical concealment strategies; but how the strategy is implemented varies

Strategies used to hide the truthFalse documents

False representationsFalse approvals

Control inhibitorsControl avoidance

Blocking the flow of informationBelow the control “radar”


FA, Inc.

FRAUD SOPHISTICATION CHARTDETECTION OF FRAUD

FRAUD DETECTION BAR


FA, Inc.

FRAUD RED FLAGS

Condition(s) that:Can be observed through the audit process

Link to the fraud concealment strategy

Associated with:Types of events

Data

Documents

Controls

Behaviors

Patterns and frequency

Correlated to person or entity


FA, Inc.

RED FLAG PREMISE

•Red flags cause an increased sensitivity to fraud propensity•Not all red flags hold the same weight as to the fraud propensity•Weight of the red flag(s) correlate to the predictability of fraud occurrence


FA, Inc.

AWARENESS OF THE RED FLAGS OF FRAUD


FA, Inc.

RED FLAG APPROACH

Trigger red flagEvent is significant enough to cause the use of a fraud audit procedure

Awareness red flagTotality of the awareness red flags cause the use of a fraud audit procedure


FA, Inc.

LOW SOPHISTICATION OF CONCEALMENT

Direct matches of fraud entity structure to another known entity structure

Entity identifying information links to known identifying information of perpetrator

Sample selection relies on data mining approach

Sample size ranges from zero to a large number


FA, Inc.

MEDIUM SOPHISTICATION OF CONCEALMENT

Direct matching routines are less effective

Filtering techniques to reduce the number of entities

Some aspect of the perpetrators’ known identifying information

Sample selection relies on data interpretation and scenario-specific data mining routines

Sample size tends to be judgmental


FA, Inc.

HIGH SOPHISTICATION OF CONCEALMENT

Direct matches seldom occur

Fraudulent activity may be linked to multiple entities or small dollar transactions

Entity activity has no relationship with perpetrators’ known identifying information

Sample selection relies on data interpretation skills versus direct matching


FA, Inc.

ILLUSTRATION SOPHISTICATIONBANK ACCOUNT NUMBERS

Low Sophistication

Medium Sophistication

High Sophistication

Match to routing and account number

Correlate to bank routing number

No correlation


FA, Inc.






FA, Inc.

WHAT IS FRAUD DATA ANALYSIS?

The process of extracting and interpreting information to identify patterns and frequencies that are indicative of a fraud scenario

Search for transactions that are consistent with a fraud data profile for a specific fraud scenario


FA, Inc.

WHAT IS A FRAUD DATA PROFILE?Purpose is to describe the characteristics or attributes commonly associated with a specific fraud scenario

Often referred to as the red flags of fraud

Fraud characteristics is data

Indicators are typically associated with a fraud scenario, although not definitive of fraud

Identify data that causes an entity or transaction to be selected for audit


FA, Inc.

OUR GUIDELINESDATA CONSIDERATIONS

Data that tends to conceal identify:

Common name

No physical addressData that controls access to the information

No telephone number

No contact informationData designed to limit visibility (transparency)of transaction

Below a thresholdAvoid specific matching—i.e., open PO’s


FA, Inc.

SEARCHING FOR SHELL CORP THRU MASTER FILE DATA

Master file dataName

Address

Telephone number

Bank account number

Create date


FA, Inc.

VENDOR IDENTIFICATION INFORMATION

Missing, duplicate, or matching on vendor identifying information

Non-Descriptive Names: Search for names with “X” number of consonants

Matching Addresses: Search on numeric strings

Missing or Duplicate Telephone Number

Bank Account Numbers: Matching on account or routing number


FA, Inc.

VENDOR NAME PATTERNS

Names that are non-descriptive

Names that are or include initials

No Inc, LLC, Ltd, etc. in vendor name

Name in vendor file multiple times

Look alike vendor

Temporary vendor


FA, Inc.

ADDRESS PATTERNS

No physical address

PO Box address

Address match to employee or customer address

Address match to mailbox services

Duplicate address


FA, Inc.

ADDRESS PATTERNS

Zip code analysis consistent with zip code of perpetrator

Address not consistent with telephone number

Address contains room or floor number

Duplicate street or PO Box number

Multiple vendors at the same address

Caution: vendor address in the master file is not always the vendor physical address


FA, Inc.

TELEPHONE PATTERNS

No telephone number

Duplicate telephone

Area code is not consistent with address

First three numbers consistent with cell telephone number exchanges

Telephone number matched to employee data base


FA, Inc.

BANK ACCOUNT PATTERNS

Missing bank account number

Match to other bank account number

Match to routing number

No match


FA, Inc.

SEARCHING FOR THE FRAUDULENT ACTION

Control number, date, and amount for:Purchase order

Vendor invoice

Disbursement

Receiving


FA, Inc.

SEARCHING FOR THE FRAUDULENT ACTION

Pattern and frequency

Circumvention strategies

Changes

Inconsistent

Trends

Mistakes

High degree of sophistication


FA, Inc.

ILLUSTRATION:MAPPING DATA ON VENDOR INDENTITY

Telephone Number

False company

Pass through company

Overbilling

False company

Pass through company

Overbilling

Favoritism

Missing Telephone NumberYesYesNo

Duplicate Telephone Number

NoYesNoYes


FA, Inc.

ILLUSTRATION:DATA MAPPING ON ACTION

Vendor Invoice Number

Missing

Duplicate

Sequential

Non-sequential

Interval

Random

Date

Special symbol included in number

Search Results:

Payment without invoice

Refund or overbill

False or pass thru vendor





False billing thru real vendor


FA, Inc.

WHAT IS A: FALSE BILLING ACTION

Billed for goods or services not provided

Entity structure is either shell corporation or a real corporation

Who is receiving the economic benefit drives the data mining

Internal Employee

Company

Key: Loss calculation is invoice amount


FA, Inc.

OUR EXPERINCEFALSE BILLING ACTION

DATA MINING TENDENCIESPattern and frequency of invoice numbers and amounts

Pattern and frequency of invoice amounts below control threshold

Lack of purchase order or use of dormant purchase order

Speed of payment greater than normal

Address within a radius of the corporate address

Tends to be service-based categories


FA, Inc.

OUR EXPERINCEFALSE BILLING ACTION

Aggregate vendor spending levels, bottom third of spending levels

Frequency is less than 52 records per year

Maximum invoice amount below key approval levels

Minimum invoice amount above $1,000

Average invoice amount within a consistent pattern

Focus on need for money, life-style issues

Focus on need for money, income supplementation


FA, Inc.

What Is a: Pass Thru Fraud Action

Billed for goods or services that are received

Entity structure is a shell corporation

Opportunity analysis drives the data miningInternal employee creates

Sales person at real supplier creates and colludes with internal employee

Cost-plus type contract, customer employee directs the contractor to use a specific vendor

Key: Loss calculation is based on fraud margin

Data mining approach varies by opportunity permutations


FA, Inc.

OUR EXPERIENCESPASS THRU ACTION

DATA MINING TENDENCIES: INTERNAL EMPLOYEE

Pattern and frequency of invoice numbers and amounts

No specific pattern to invoice amounts

Tends to reside in supply items, less likely to be in inventory items

Service categories that correlate to business brokers


FA, Inc.

OUR EXPERIENCESPASS THRU ACTION

Aggregate vendor spend levels, middle third

No specific frequency

Invoice amount is not a critical red flag


FA, Inc.

VENDOR INVOICE

Pattern and frequency of invoice numbers and amounts

Compare Beginning Invoice Number to Ending Invoice Number

Compute Range of Numbers

Compute Date Range

Search for Sequential Pattern or Limited Range Pattern

Correlate to Creation Date


FA, Inc.

VENDOR INVOICE

Pattern of Day of Week

Pattern of Purchase Order Issue

Frequency of Amount Below Control Level


FA, Inc.



PART III: SOPHISTICATION OF CONCEALMENT STRATEGIES


PART V: FRAUD AUDIT PROCEDURES TO IDENTIFY SHELL CORPORATIONS


FA, Inc.

DESIGN OF FRAUD AUDIT PROCEDURE

Must be designed for the specific fraud

scheme

Correlation between evidence considered and fraud detection

Must consider the concealment strategies

corresponding to the specific fraud scheme

Design audit approach based on the mechanics of the fraud scheme and

concealment strategy

Fraud Audit Procedure


FA, Inc.

FRAUD AUDITING PREMISE

Must:Link to the fraud scenario

Gathers information, basis of entity and action

Based on decision tree analysis

Conclusion based

Must include:Sampling strategy

Specific fraud audit procedure

Evidence considerations


FA, Inc.

DECISION TREE FOR FRAUD AUDIT PROCEDURES

Starts with each fraud scenarioIdentify an event associated with the evidence that can be observed and measuredIdentify source of evidenceTriggering event to formulate a decisionBased on evidence

No—additional work is not necessaryYes—additional work is necessary

If yes, additional procedures to be performedIf yes, what is a suspicious transaction?


FA, Inc.

LINK TO THE FRAUD SCENARIO

False vendorDetermine the legal existence

Determine the physical existence

Determine that the vendor has the capacity to conduct the business described on the invoice

FRAUD SCENARIO FRAUD RESPONSE


FA, Inc.

DETERMINE THE LEGAL EXISTENCE: CREATED

Establish that the entity is a legal corporation

Created entityCorrelation of incorporation date to vendor creation date

Names and addresses correlate to employee, dependants or other attached names

Affiliation with trade organizations

Media information

UCC documents


FA, Inc.

DETERMINE THE LEGAL EXISTENCE: ASSUMED

Establish that the entity is a legal corporation

Assumed entityGovernment address correlates to business address

Telephone number correlates to published telephone numbers

Confirm bank accounts

Discrepancies with government identification number


FA, Inc.

DETERMINE THE PHYSICAL EXISTENCE

Pretext visit

Site visit

Internet search engines

Telephone verification

Use of private investigators perform background searches

Various public records

Interview competitors


FA, Inc.

DETERMINE THAT THE VENDOR HAS THE CAPACITY TOCONDUCT THE BUSINESS DESCRIBED ON THE INVOICE

Examine website

Product description as to:SKU #, focus on number of digits

Alpha description of product

Proof of insuranceLiability

Workers’ compensation

Shipping documents

Reference checking


FA, Inc.

Evidence to suggest the vendor is a shell corp.? SHELL CORP.

DECISION TREE FOR FRAUD AUDIT PROCEDURES


FA, Inc.

Evidence to suggest the vendor is a shell corp.?

2.5 million dollars later

SHELL CORP.

DECISION TREE FOR FRAUD AUDIT PROCEDURES: CONCLUSION


FA, Inc.

FRAUD AUDIT NOW BECOMES A FRAUD INVESTIGATION

Refute or corroborate

Located scenario: Expand audit scope


FA, Inc.

THAT’S ALL FOLKS

THANK YOU

QUESTIONS