Red flags of fraud

Joseph Chianese
Ian Haimoff
John McSwain
Melissa Wiseman
Agenda

Introduction and Background

Common red flags and symptoms

Role of the internal auditor - leading practices

Conclusion

Questions & answers

Some resources to consider

1 Copyright 2012 Deloitte Development LLC. All rights reserved.

Introduction & background
 Fraud: Defined

Any illegal acts characterized by deceit, concealment, or violation of

trust. These acts are not dependent upon the application of threat of
violence or of physical force. Frauds are perpetuated by individuals and
organizations to obtain money, property, or services; to avoid payment or
loss of services; or to secure personal or business advantage.
Source: The Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing
--www.theiia.org

Deception brought about by misrepresentation of material facts, or

silence when good faith requires expression, resulting in material
damage to one who relies on it and has the right to rely on it.
I.R.S. Fraud Handbook (http://www.irs.gov/irm/part25/irm_25-001-001.html#d0e122)

3 Copyright 2012 Deloitte Development LLC. All rights reserved.

Fraud Basics: Types of fraud

Misappropriation of
Assets

Fraud

Fraudulent
Financial Reporting

Disclosure Corrupt Business

Practices

4 Copyright 2012 Deloitte Development LLC. All rights reserved.

Why does fraud occur?

The Fraud Triangle helps encapsulate the events or conditions that influence the
commission of a fraud.
Incentives and pressures:
Management or employees
have an incentive or are under
pressure, real or perceived, Where could the fraud occur?
which may provide a reason to
commit the fraud. What would the fraud look like?
Opportunity: Circumstances What type of fraud is the area
exist that provide an opportunity susceptible to?
for fraud to be perpetrated.
What are the effects on the books
Attitudes and rationalizations: and records?
Those involved in the fraud
are able to rationalize committing When could the fraud occur?
a fraudulent act.

5 Copyright 2012 Deloitte Development LLC. All rights reserved.

Moral People Lie
If you dont acknowledge that fraud
happens, you are not going to find it.
General Spheres that investigators work in

Informational interviews
Third parties
Former employees
Informants
Interviewing Witnesses
Admission seeking
Public records
Media
E-mail
Audit Other Analyze computer images
Research Surveillance
Phone records
Document analysis
Analytical reviews
Trending
Assessment of controls
7 Copyright 2012 Deloitte Development LLC. All rights reserved.
Valuable soft skills

Think like a fraudster

Pay attention to the details
Use information gathering techniques
Communicate and build rapport
All segments of an audit are connected
Use an unpredictable and flexible audit approach
Facilitate a control self assessment
Perform and understand data analytics

8 Copyright 2012 Deloitte Development LLC. All rights reserved.

Common red flags and
symptoms
Categories of fraud symptoms

Behavioral symptoms
Lifestyle symptoms
Accounting anomalies
Internal control symptoms
Analytical anomalies
Tips and complaints

Source: Internal Auditor Magazine, October 1996, Employee Fraud by W. Steve Albrecht
www.theiia.org

10 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Behavioral red flags & symptoms:
Common characteristics
On the surface:
Long-time employee
Can you tell who is
In a position of trust who appears to be
extremely dedicated
In Debt?
Hard-working employee who never takes
vacations
Stealing?
Has unexplained cash or other wealth

Incompetent?
Beneath the surface:
Lifestyle (house, cars, boats) beyond Corrupt?
known income sources
Drug, gambling, alcohol or other vice
Desperate?
addiction
Behavior indicating displeasure or
dissatisfaction with the organization
Secretiveness towards accounting
documents or policies

11 Copyright 2012 Deloitte Development LLC. All rights reserved.

Behavioral red flags of perpetrators
Living beyond means 35.6%
Financial difficulties 27.1%
Unusually close association with vendor/customer 19.2%
Control issues, unwillingness to share duties 18.2%
Wheeler-dealer attitude 14.8%
Divorce/family problems 14.8%
Irritability, suspiciousness or defensiveness 12.6%
Addiction Problems 8.4%
Past employment-related problems 8.1%
Complained about inadequate pay 7.9%
Refusal to take vacations 6.5%
Excessive pressure from within organization 6.5%
Past legal problems 5.3%
Complained about lack of authority 4.8%
Excessive family/peer pressure for success 4.7%
Instability in life circumstances 4.1%
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0%

Source: ACFEs Report to the Nation on Occupational Fraud and Abuse 2012
12 Copyright 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags: Accounts
receivable/cash receipts
Customer complaints
Unexplained change in uncollectable accounts and aging
Customer statements are not sent or are not sent timely
Timing differences between collections and posting to
accounts
Staff not taking vacations
Credits to a customer account followed by an identical debit
Changes to customer accounts or new customers with
unusual names/addresses
Shipping to customers without proper credit approval
Unusual ship to address is different from company
address
13 Copyright 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags : Accounts
receivable/cash receipts, continued
Inventory discrepancies
Unusual collection agency activity (low recovery/high
utilization)
Changes in sales (increase or decrease) not consistent with
changes in cash receipts
Unusual number of reverse transactions/voids
Unusual number of pricing overrides
Unusual number of credit overrides
Credit level increases not consistent with sales volume

14 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Symptoms and red flags: Accounts
payable/cash disbursements
Actual costs over budget
Original documents are not available for inspection
Missing documentation
Changes to vendor master file are not approved
Payment not properly authorized or typical controls are overridden
Vendor names appear to be unusual
Vendors with multiple addresses or addresses that change frequently
Common name, address, bank account number between vendor and
employee master files
Vendor address is a P. O. box
Frequent changes to vendor master file
Unexplained fluctuations in payments to vendors

15 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Symptoms and red flags: Accounts
payable/cash disbursements, continued
Changes in employee habits and lifestyle
Invoices are hand delivered
Check sequences, anomalies, or gaps
Endorsement anomalies
Strange or unusual payees
Lack of physical security protocol over check stock and signature
stamps or plates
Bank reconciliations with long-term outstanding checks
Differences between the payee per the check register and the cancelled
check
Cancelled checks cannot be located
Vendors not being paid timely or being paid sooner than other vendors

16 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Symptoms and red flags: Purchasing

Frequency of purchases and amount of vendor spend sharply increase

(particularly with new vendors)
Vendor used consistently in the past suddenly is no longer used
Vague descriptions provided on invoices (e.g., materials purchased or
services rendered)
Unusual number of purchases below approval threshold level
purchases broken into smaller pieces
One payment applies discount, another pays full invoice (invoices
amounts with 2% difference, etc.)
Volume of purchases not supported by a rational need
P-Cards - Unusually high spend activity at the end of the year
P-Cards - Weekend purchases and holiday purchases
P-Cards - Purchases from vendors not in the normal course of business
(jewelry stores, casinos, furniture stores, gentlemens clubs, etc.)

17 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Symptoms and red flags: Purchasing,
continued
Excessive sole source justifications
Unusual restrictions or time limits to exclude or reduce competition
Prequalification procedures that restrict robust competition
Vague bid specifications
Specifications developed by a vendor who then submits a bid
One party represents a number of potential bidders
Unknown or unusual vendors
Acceptance of late or incomplete bids
Permitting changes after receipt of bids
Bids submitted in editable electronic formats
Selecting vendors with records of poor performance history.
Qualified vendors stop submitting bids.

18 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Symptoms and red flags: Revenues

Sales trends out of line with industry

Sales exactly meet budget or analysts expectations
Bonuses tied to sales
Excessive returns after period end
Side agreements identified in confirmations
Recurring negative cash flows from operations
Sales on tax return differs from sales reported in financial statements.
Missing documentation
Commissions not paid to sales rep. when otherwise would be expected
Unusual increase in the number of days sales in receivables
Customer invoice shows extended payment terms or unusual return
allowances
Credit limits exceeded

19 Copyright 2012 Deloitte Development LLC. All rights reserved.

Potential Symptoms and red flags: Corporate
corruption
Operating in countries or industries notorious for fraud or
corruption
Expenses over budget
Excessive consulting fees
Unauthorized payments for goods and services
Complaints from suppliers regarding bidding or
relationships
Fluctuations in vendor volumes

20 Copyright 2012 Deloitte Development LLC. All rights reserved.

Leading practices
Proactive fraud risk management strategies:
Investigations
Some purposes:
Determine if laws, regulations or company policy have been violated
Quantify any losses and identify parties involved
Determine financial and regulatory reporting impacts
Provide support to recover funds from perpetrator or insurance
Provide factual basis for employee/business partner discipline/
termination/prosecution
Learn fraud schemes in use and aid risk assessment updates
Identify vulnerabilities in business processes and controls and develop
recommendations for improvements
Demonstrate to regulators/shareholders due care by management
Deter future frauds by showing action is taken
Restore companys credibility and authority
Remove uncertainty and help rebuild market capitalization
22 Copyright 2012 Deloitte Development LLC. All rights reserved.
Proactive fraud risk management strategies:
Fraud risk assessment & investigations
2 1 1. Intentionally recording
7 sales prematurely
2. Bribery/corruption
3
3. Creating fictitious sales
4. Fraudulent claims by retail
customers
6
8 5 5. Intentional overcharges by
4 vendors
6. Intentional overstatement of
assets used to secure
finance
7. Unauthorized trades in
Significance

financial markets
8. Unsupportable product
performance statements
10 9. False employee expense
report claims
9
10. Employee embezzlements

Likelihood
Sample fraud & corruption risk heat map only. Ratings will vary by company.
23 Copyright 2012 Deloitte Development LLC. All rights reserved.
Proactive fraud risk management strategies:
Advance preparation/ process in place
Allegation system

Allegation triage

Case investigation
Protocols, e.g., privacy/data protection/interviewing methods
Resources, e.g., location/language/financial/computer forensics

Case management

Reporting

Resolution

The worst time to plan for a crisis? When you are in one.
24 Copyright 2012 Deloitte Development LLC. All rights reserved.
Conclusion

Death, taxes, fraud

Companies would be wise to prepare
Understand, prioritize and manage your company's fraud risks
Have a detailed program to prevent, deter, detect, and respond to fraud
Proactive tools and data analytics may help you identify
frauds earlier
People will lie to you
If you suspect a problem, demand an explanation
Do not be intimidated into ignoring what you know to be questionable
activity
If something does not make sense to you, it will
make less sense to law enforcement

25 Copyright 2012 Deloitte Development LLC. All rights reserved.
Questions
Resources
IIA Resources

Managing the Business Risk of Fraud A Practical Guide (July 2008)

Includes performance metrics
How do your organizations practices compare to those recommended?
Free download at
www.theiia.org/guidance/additional-resources/managing-the-business-risk-of-
fraud/

Practice Guide Internal Auditing and Fraud (Dec 2009)

Includes a fraud investigations framework and a fraud risk assessment
template

Global Technology Audit Guide (GTAG) Fraud Prevention and

Detection in an Automated World (Dec 2009)

Knowledge Alert Emerging Trends in Fraud Risks (Jan 2010)

28 Copyright 2012 Deloitte Development LLC. All rights reserved.
ACFE Resources

2012 ACFE Report to the Nations on Occupation Fraud and Abuse

Includes fraud prevention checklist
Free download at www.acfe.com

ACFE fraud prevention check-up

Free download at ww.acfe.com/documents/fraud_prev_checkup_ia.pdf

29 Copyright 2012 Deloitte Development LLC. All rights reserved.

IPPF Practice Guide Fraud Prevention and
Detection in an Automated World
Selected Topics Include
Analytical techniques for
fraud detection
Typical types of fraud tests
Analyzing full data
populations
Fraud prevention and
detection program
strategies
Analyzing data using
internal and external data
sources

30 Copyright 2012 Deloitte Development LLC. All rights reserved.

IPPF Practice Guide
Internal Auditing and Fraud
Selected topics Include
Fraud awareness
Typical roles and
responsibilities for fraud
Fraud risk assessment
Fraud prevention and
detection
Fraud investigation Internal
Audits role

31 Copyright 2012 Deloitte Development LLC. All rights reserved.

Deloitte Forensic Center resources

Book: Corporate Resiliency: Managing the

Growing Risk of Fraud and Corruption
(Wiley, 2009)

Monthly For Thoughts topical e-newsletter

Videos on a variety of fraud and

corruption subjects

More information at www.deloitte.com/

forensiccenter

32 Copyright 2012 Deloitte Development LLC. All rights reserved.

Visit the Deloitte Forensic Center

www.deloitte.com/forensiccenter

33 Copyright 2012 Deloitte Development LLC. All rights reserved.

Contact information

John McSwain
Director
Deloitte Financial Advisory Services LLP
+1 214 840 1715
jmcswain@deloitte.com

34 Copyright 2012 Deloitte Development LLC. All rights reserved.

Disclaimer
These materials and the information contained herein are provided by Deloitte Financial Advisory
Services LLP (Deloitte FAS) and are intended to provide general information on a particular subject or
subjects and are not an exhaustive treatment of such subject(s).

Accordingly, the information in these materials is not intended to constitute accounting, tax, legal,
investment, consulting, or other professional advice or services. The information is not intended to be
relied upon as the sole basis for any decision which may affect you or your business. Before making any
decision or taking any action that might affect your personal finances or business, you should consult a
qualified professional adviser.

These materials and the information contained therein are provided as is, and Deloitte FAS makes no
express or implied representations or warranties regarding these materials or the information contained
therein. Without limiting the foregoing, Deloitte FAS does not warrant that the materials or information
contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte
FAS expressly disclaims all implied warranties, including, without limitation, warranties of merchantability,
title, fitness for a particular purpose, non-infringement, compatibility, security, and accuracy.

Your use of these materials and information contained therein is at your own risk, and you assume full
responsibility and risk of loss resulting from the use thereof. Deloitte FAS will not be liable for any special,
indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an
action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use
of these materials or the information contained therein.

If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to
apply.
35 Copyright 2012 Deloitte Development LLC. All rights reserved.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of
member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed
description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about
for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest
clients under the rules and regulations of public accounting.

Copyright 2012 Deloitte Development LLC. All rights reserved.

Member of Deloitte Touche Tohmatsu Limited