Fraud

Fraud

1.0 Introduction

A fraud is an intentional deception made for personal gain or to damage another individual. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and is also a civil law violation. Many hoaxes are fraudulent, although those not made for personal gain are not technically frauds. Defrauding people of money is presumably the most common type of fraud, but there have also been many fraudulent "discoveries" in art, archaeology, and science. Most people consider the act of lying to be fraudulent, but in a legal sense lying is only one small element of actual fraud. There must be a deliberate misrepresentation of the product's condition and actual monetary damages must occur.

Fraud can be committed through many methods, including mail, wire, phone, and the internet (computer crime and internet fraud). The difficulty of checking identity and legitimacy online, and the ease with which hackers can divert browsers to dishonest sites and steal credit card details, the international dimensions of the web and ease with which users can hide their location, all contribute to making internet fraud the fastest growing area of fraud. Many fraud cases involve complicated financial transactions conducted by 'white collar criminals', business professionals with specialized knowledge and criminal intent. An unscrupulous investment broker may present clients with an opportunity to purchase shares in precious metal repositories, for example. His status as a professional investor gives him credibility, which can lead to a justified believability among potential clients. Those who believe the opportunity to be legitimate contribute substantial amounts of cash and receive authentic-looking bonds in return. If the investment broker knew that no such repositories existed and still received payments for worthless bonds, then victims may sue him for fraud.

Fraud is not easily proven in a court of law. Laws concerning fraud may vary from place to place, but in general several different conditions must be met. One of the most important things to prove is a deliberatemisrepresentation of the facts. Some employees of a large company may sell a product or offer a service without personal knowledge of a deception. The account representative who sold a fraudulent insurance policy on behalf of an unscrupulous employer may not have known the policy was bogus at the time of the sale. In order to prove fraud, the accuser must demonstrate that the accused had prior knowledge and voluntarily misrepresented the facts.

2.0 Types of fraud

Recognizing how fraud can occur within a business and the relative risk posed by the different types of fraud is an important first step in building an appropriate control environment. The common types of fraud are:

2.1False Accounting:

a number of the most dramatic corporate failures over the years have been characterized by false accounting:

* The main aim of false accounting is to present the results and affairs of the organization in a better light than the reality.

* This is often done by overstating assets or understating liabilities to reflect a financially stronger company; the reasons for doing this are varied and include obtaining financing, supporting the share price, and attracting customers and investors.

* Frequently, there are commercial pressures to report an unrealistic level of earnings, which can take precedence over controls designed to prevent fraud occurring.

2.2Asset misappropriation:

Any business asset can be stolen by employees or third parties, or by employees and third parties acting in collusion.

Examples of common employee and management fraud include:

* Direct theft of cash or realizable assets, such as stock or intellectual property, such as price or customer lists

* Making false expense claims

* Payroll fraud - diverting payments or creating fictitious employees

Examples of collusion between employees and third parties include:

* Receiving kickbacks or commission from a supplier

* Intimidation from third parties to disclose information or process inappropriate transactions.

* Related party transactions - employee or officer has an undisclosed financial interest in a transaction.

2.3Computer Fraud:

There is no such thing as ‘computer fraud' per se. Rather, a computer can be the object, subject or tool of a fraud. As technology evolves, so we see new ways of perpetrating fraud through computers. Such frauds have included:

* Diverting funds from one bank account to another, having gained unauthorised access to the bank, perhaps by hacking

* Holding out to be a legitimate business on the internet and obtaining payment for goods that are not delivered or a lower specification than that advertised.

* Manipulating the share price of a company by publicizing invalid news items or claims on bulletin boards.

* Initiating a distributed denial of service attack on a website in order to make use of vulnerabilities in the system to gain access to records and information.

* Stealing intellectual property by unauthorized access to a computer system.

Each of these frauds could have been carried out without the use of computers. What computers, and the internet in particular, have provided is access by unconnected parties, where previously an insider would need to have been involved. Computers also allow processing of large amounts of data to be performed quickly, enabling the cracking of passwords.

2.4Insurance Fraud:

Insurance fraud covers a number of areas and varies widely in its natu

re; it includes, but is not limited to:

* Overstated claims.

* False claims - losses that never occurred.

* Multiple claims.

* Obtaining cover on favorable terms on the basis of false information.

* Destruction of assets to claim on insurance.

* Deliberately under-insuring to reduce premium.

2.5Intellectual property fraud:

Intellectual property includes items such as patents, design rights and customer lists, and is just as much a business asset as plant and machinery or stock. Like any other asset, intellectual property is, therefore, susceptible to theft by staff and third parties, although it is not always apparent that intellectual property rights are being misappropriated or infringed.

Employee and management fraud could include direct theft of intellectual property, for example by departing employees using critical business information to set up in competition or through the sale of price lists or customer lists by existing employees.

Theft or infringement by third parties could include:

* Deliberate under-reporting of royalties by a party selling or manufacturing the product under licence.

* Knowingly developing competing products and infringing design rights that have already been registered and protected by the creator.

* Passing off fake products as the genuine article, e.g. branded luxury goods, perfumes, CDs and computer software.

2.6Corruption:

Generally, bribery and corruption are off-book frauds that occur in the form of:

* Kickbacks or commission.

* Bid rigging.

* Gifts or gratuities.

2.7Money Laundering:

Though not a fraud itself, money laundering is closely linked with fraud, as it is the mechanism by which the proceeds of crime are distributed. Examples of such linkage could include:

* Obtaining bank loans against assets derived from criminal activities.

* Issuing company cheques to third parties and those parties issuing cheques to an individual

2.8Investment Scheme Fraud:

Investment scheme fraud can also be thought of as third-party asset misappropriation. It involves taking money from customers on the promise of spectacular returns but using the cash for one's own purposes.

3.0 History of fraud

Fraud usually implies deceit or bad faith, as opposed to good faith, integrity and honesty. Fraud was characterized in legal terms and moral terms; commercial and financial crises were linked to transactions that violate law and ethics, and the detection of fraud was accordingly incumbent upon the State.

Throughout history, fraud has been intimately related to trade in goods, for example smuggling to avoid customs duties or concealment of the true origin of a product and to profit, there is no gain that can induce good men to act badly.

Fraud has always been at the heart of the creditor or debtor relationship, Fraudulent financial reporting (FFR) arises because the top managers reporting accounting numbers intentionally misrepresent underlying economic conditions to advance their own economic interest. The auditing profession over the years has developed its own set of tools to unravel such misrepresentations and to ensure that financial statements are in accordance with generally accepted accounting principles. However, when major fraudulent events have escaped detection by auditors, these standards have often been supplemented with additional rules by the SEC and by the U.S. Congress (Baker et al., 2006). In addition, accounting practitioners and researchers have formulated various decision models to aid in the detection of fraud.

Various studies have shown the use of these decision models, and expert systems, for fraud detection and the study of internal controls (Lenard and Alam, 2004; Lenard, 2003; Bell and Carcello, 2000). There are also a number of closely related studies that use decision models to predict bankruptcy, or financial stress. Notable studies are by Beaver (2005). The model for detecting financial stress are important in the development of fraud detection models for two reasons. First, bankruptcy is sometimes a result when companies commit fraud. Second, companies that have filed for bankruptcy protection are more likely to be prosecuted for fraud since the temptation to commit fraud is higher at a financially troubled firm (Johnson, 2008). In recent years, studies by Persons (1995) and Lenard and Alam (2004) described models that were developed specifically to detect fraud.

The triangle of fraud has changed little over the years. Fraud has long been associated with a practice (smuggling), a domain of economic activity (merchandise) and the violation of that domain, and a player empowered to fight against it (the fraud squad). Contemporary players in fraud include investors defrauded by financial professionals (brokers or bankers), the State defrauded by its citizens, and, often, firms defrauded by their employees or officers. Major contemporary financial frauds in the latter category were perpetrated by Nick Leeson ($1.4bn), Victor Gomez (Chemical Bank, $70m), Toshihide Iguchi (Daiwa Bank, $1.1bn) and Roberto Calvi (Banco Ambrosiano). Financial flows, regulatory watchdogs and sophisticated information systems have simply updated the classical triangle of smuggling, merchandise and fraud squads.

4.0 The effects of fraud

Fraud has a negative impact on individuals, organizations, and communities. It can divide families and small communities and also has ramifications for society as a whole.

Of course fraud has negative effects for Jordan society and people live there and maybe that will effect on people who want visit Jordan as tourism, they will think Jordan is not safety place for their money or their security, and there is no one will come to invest in Jordan, that's mean fraud effect negatively on Jordan economy.

Some of the effects to individuals of becoming a victim of fraud include, but are not limited to:

Physical

: Health problems caused by stress

Psychological

: Suicide; depression

Financial

: Debt; bankruptcy

Social

: Feeling of being ostracized in the wider community; disintegration of the family unit through divorce or estrangement. This may be particularly relevant for cases where fraudulent products or services are unwittingly sold to friends and family (e.g. pyramid schemes, investments).

It is important to note that fraud can also adversely affect the relatives of alleged perpetrators.

The effects of fraud can be particularly devastating for “vulnerable” victims such as the elderly, the socially isolated, and the disabled. It is amongst these groups that the emotional and financial impact can be the greatest.

For some, the betrayal of trust can be the same or worse than the actual loss itself.

The impact of fraud can be equally great for corporate victims, particularly small to medium- sized businesses which may be unable to recover from the financial and/or reputational damage caused. The physical, psychological, financial and social effects of fraud can be the same for business owners as individual victims.

Even large multi-national organizations feel the impact of fraud through the increased costs of doing business.

One of the wider ramifications of fraud is that it can undermine public confidence in legitimate businesses or industry sectors, particularly those that sell products or services known to be targeted by fraudsters, such as timeshare properties, lotteries, and internet shopping websites.

There is likely to be an optimum level of fraud, where it becomes too risky for people to engage in certain activities. For example internet fraud may make people too afraid to shop online, or timeshare frauds may make people apprehensive about purchasing legitimate timeshare properties.

Fraud can also have a knock-on effect. For example, credit card fraud affects, not only the individual victim, but also the bank that issued the card, the shop in which the card was used, and other consumers through higher fees etc.

5.0 Computer Fraud:

The term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device. Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.).

6.0 Managing the Risk of Fraud:

No organization or administrative process is free of risk. It is management's responsibility to identify and control the risks which the organization faces. Risk may be defined as the chance of an unwelcome outcome and may cover a wide range depending upon the nature of the organization's business. It concentrates on the management of fraud risks which in some respects require specific types of control measures. It is the deliberate nature of fraud which makes it more difficult to detect or stop. While some aspects of managing fraud risks are specific many of the controls designed to address fraud risks will have a wider application and will therefore form part of a general approach to risk management and financial management (Treasury, 1997).

Risk:

Risk, in the context of managing fraud risk, is the weakness or introduction an organization has towards fraud and irregularity. It combines the probability of fraud occurring and the corresponding impact measured in monetary terms. It is desirable to minimize risk both by reducing the probability of fraud occurring and by reducing the size of any consequential losses. Preventative controls and the creation of the right type of corporate culture will tend to reduce the likelihood of fraud occurring while detective controls and effective contingency planning can reduce the size of any losses (Treasury, 1997).

Risk Managements:

Managing the risk of fraud is the same in principle as managing any other business risk. It is best approached systematically both at the organizational level, for example, by using fraud policy statements and personnel policies, and at the operational level. When considering fraud risks in specific operations there are a number of steps which should be taken:

1.Identify risk areas: Establish the areas most vulnerable to the fraud risk. Patterns of loss and areas of potential loss should be identified so that vulnerable areas can be pin-pointed. It may be useful to survey the staff involved in operating the system to establish all the risks of which they are aware.

2.Assess scale of the risk: Identify and assess what measures are already in place to prevent fraud - determine the level of residual risk.

3.Allocate responsibility for risk: Identify who has responsibility for the management of each risk

4.Identify need for revised controls: Evaluate adequacy of existing controls and establish what further controls or changes to existing controls are required to reduce or eliminate the risk

5.Implement the revised controls

6.Monitor implementation of controls: Monitor to assess effectiveness. This could be achieved by a number of means including internal audit reviews of system controls and spot checks by managers to ensure that controls (such as supervisory controls or reconciliations) are in operation.

7.Evaluate the effectiveness of controls: Assess whether the risk of fraud is lessened as a result of the implementation of revised controls.

7.0 Fraud Investigation:

Treasury 1997 defined that the investigation of fraud is a specialist subject and should not be undertaken by people without the necessary skills and training. Safeguarding public funds is important and therefore steps should be taken to prevent further losses and to ensure recovery of funds where losses have already occurred. It is also important to secure evidence of the fraud which will enable a successful prosecution. In some circumstances it may be appropriate to suspend individuals during the investigation and to prevent them from destroying or tampering with the evidence.

8.0 Credit Card Fraud:

Credit card fraud has been a world-wide problem for years. The effect of this fraud hits not only the victims, but also the credit card companies and merchants. This type of fraud are successful by implementing various schemes. To prevent credit card fraud, credit card companies and merchants have put into place various programs. Physical features of the cards have become more elaborate to eliminate counterfeit cards. Prevention programs such as the card verification code (CVC), advanced authorization and card activation procedures have helped to decrease the effects of fraud. Merchants are also implementing programs to help deter credit card fraud. However, more steps need to be taken to prevent credit card fraud.

9.0 The Victims of Fraud:

Victims of fraud can be individuals, organizations, and society as a whole. Individual victims of fraud come from all walks of life, and are usually (someone just like you or me). Some individuals become victims just by living their lives, such as the victims of ID fraud. Other groups of individuals become victims because of a particular characteristic or vulnerability they share. For example, property or investment scams targeting new immigrant communities, or holiday investment scams targeting people seeking to invest in property abroad. Some individuals do not realize they have become a victim of fraud, thus making the true extent of fraud difficult to determine (such as, charity collection fraud).

Some people refuse to believe they have been a victim of a cheat or fraud. Victims may indicate that they are happy to wait for a return on their investment or that they were simply dealing with a ‘bad apple' but the scheme itself works. Self-delusion is difficult to tackle. Rarely, victims may unknowingly become victims themselves. For example a victim of a pyramid scheme fraud may have recruited family members or friends into the scheme.

10.0 How it happens?

Like many other types of financial fraud, the web of offenders in securities fraud can include stockbrokers, promoters, traders, accountants, and lawyers. Professionals like these working together can defraud stockholders out of billions of dollars. Although the idea of boiler room schemes pushing worthless penny stocks upon unsuspecting victims comprises part of the problem, the SEC and federal courts have imposed both civil and criminal sanctions upon such diverse groups ranging from organized crime rings2 to high school students. The four most prevalent types of securities crime include “churning”, insider trading fraud, outsider training, and “pump and dump” fraud. Churning refers to the buying and selling of stock in order to generate commissions for the stockbroker at the expense of client's profits. While the original statutes made it illegal for employees to directly benefit from market-sensitive information, the definition of insider trading has been expanded to disallow sharing privileged information to a third party who might buy shares in the company.

Outsider trading evolved from insider trading laws. The United States Supreme Court first recognized a form of outsider trading in the 1997 case United States. The court in that case applied what they called the “misappropriation theory.” The misappropriation theory, “subjects individuals who trade on material, non-public information to prosecution, regardless of whether they worked for the company whose stock was being traded or otherwise owed the corporation's shareholders a fiduciary duty.” While originally involving a strict interpretation of the Securities Exchange Act, decisions from cases before in the early eighties limited the criminal liability of outside traders to only those instances in which the outsider should have known that the information resulted from a breach in the first place (Roane, 2000).

One of the most common Internet scams is in fact, one of the oldest investment schemes of all time: the “pump-and dump” scam. Historically pump-and-dump schemes are run out of makeshift offices staffed with fast talking telemarketers that convince innocent investors to buy debatable stock. The high pressure sales tactics generate enough demand to push up the share price of stock. This phase of the scheme is known as, the “pump”. The “dump” occurs when the price of the stock reaches a specific objective and the operation that was originally encouraging investors to buy, sells its shares for a significant profit. The sell-off will also lower demand and consequently the share price, leaving unsuspecting investors with a loss.

In the year 2001, the Malaysian Institute of Accountants (MIA) issued the Malaysia Approved Standards on Auditing AI 240 “Fraud and Error” to provide a general guideline for auditors. This standard provides examples or events, which indicate increased risk of fraud. However, there is no specific guideline given on what constitutes the most significant fraud risk indicator (red flag). As such auditors may assume that all the indicators are equally important, thus, limiting the predictive usefulness of the system. Knowledge of the most important warning signs should help auditors do a better job in assessing fraud risk and this could contribute towards the ongoing improvement of auditing standards which guide the fraud risk assessment process (Apostolou et al., 2001).

Many researchers have used SAS-based red flag systems in their research. For example Apostolou et al.(2001) those from SAS 82. Loebbecke asked respondents to describe the presence of red flag indicators and found that most of the red flags included in the survey listing had a relatively high frequency of occurrence. Similarly Apostolou et al.(2001) found that respondents rated “known history of securities law violation”, “significant compensation tied to aggressive accounting practices” and “management's failure to display appropriate attitude about internal control” as the three most important red flags. Their results also indicates that red flags relating to management characteristics, and influence over the control environment were considered more important than those relating to operating and financial stability characteristics and industry conditions. In another study. They found that respondents perceived “attitude factors” such as dishonest, hostile, aggressive and unreasonable management attitudes to be more important warning signs than “situational factors”. The findings of this study conflict with those of Abdul Majid and Tsui (2001) which revealed situational factors such as “difficult to audit transaction” and “indication of going concern” to be more important than “attitude factors”. Different economic environments may contribute to these different findings since these last two studies were conducted in US and Hong Kong, respectively.

Beasley et al.(2000) compare the company governance mechanisms of known fraud cases with “no-fraud” industry benchmarks; they found that companies who exhibited fraud had fewer audit committees, fewer independent audit committees, fewer audit committee meetings, less frequent internal audit support and fewer independent board members. Empirical evidence had also shown that the proportion of outside members on the board of directors is lower for firms experiencing financial statement fraud.

Chung and Monroe (2001) examine the effects of gender and task complexity on the accuracy of audit judgment. They found that there is a difference on judgment accuracy as result of differences in both gender and task complexity; in particular they note an interaction effect whereby females are more accurate than males when processing complex audit tasks.

11.0 What should be done about fraud?

Greater resources need to be allocated to combat fraud. This will not happen until fraud becomes a higher priority for Government. Education of public decision-makers is vital to this process.

The interface between the victim, the public and the authorities needs to be considered. Victims need to know that their victimization is being taken seriously. However, victims are often confused about how and where to report allegations of fraud and it can be difficult for them to access support, information and, in some cases, compensation. This can be compounded by the messages received from law enforcement that the crime is “outside our jurisdiction” or “it's not a crime”. Victims need to know that something will be done about the crime if they report it.

A combination of consumer education initiatives and greater enforcement could be an effective way to reduce fraud. This method has been successful for other types of crime such as drink driving:

Consumer Education

: The public needs to be encouraged to protect itself against fraud. Greater consumer education would reduce the opportunities for people to be misled by fraudsters. For example, the Australian Securities & Investments Commission enables victims to share their experiences of scams online. Initiatives could include guidance on how to recognize and avoid scams, the establishment of a one-stop-shop for fraud information and a national reporting line for fraud. Consumer education may not reach some vulnerable groups. Therefore consumer education is not the panacea and needs to be combined with greater law enforcement to be fully effective in combating fraud.

Enforcement

: Most fraudsters are aware that the chances of being detected, prosecuted and convicted are low. Even if convicted the sanctions imposed are unlikely to be severe. A greater emphasis on disruption by law enforcement, coupled with greater sanctions, is likely to be sufficient to deter many fraudsters. Some constabularies now have no fraud squad, or have merged their duties into a larger department with a wider brief, where the former expertise is diluted or lost completely; resulting in a perception by victims that fraud is not important even to law enforcement. The Unfair Commercial Practices Directive will give certain agencies wider-ranging powers to tackle deceptive trading practices which should offer some further protection to victims of fraud.

12.0 Case Study's:

12.1 Case Study 1:

A large accounting firm was hired to audit certain activities related to loans to individuals on the Board of Directors of a medium size, publicly traded bank (the “Bank”). During the Audit, the auditors needed to examine several computer systems used by certain Bank employees as well as by certain Board Members. GDF's digital forensic examiners were immediately dispatched and sent in to arrange for the forensic analysis of the computer systems and to search for corroborating evidence in support of the audit team's suspicions and findings. The systems GDF analysts forensically analyzed included laptop computers issued to managers in the loan origination department, desktop systems used by managers and board members. Email (Exchange) servers as well as Voicemail Systems were examined. The Auditing Committee charged certain officers of the Bank with engaging in suspect activities related to particular Bank expenses and loans that were either hidden or “lost” from the purview of the normal Bank's accounting practices. In order to stay compliant and to remedy what may have been “bad apples” in the organization, the Bank's Auditing Committee required the Board to hire an independent accounting firm to review those issues and present a formal report to the Bank.

Immediately upon being retained GDF analysts reviewed the computer systems with the banks IT department. GDF analysts were also able to utilize Computer Forensic Techniques to recover digital artifacts from the laptops and desktops of the suspect bank employees and board members. These forensic artifacts included email and documents exchanged through various free web based email accounts. GDF focused a portion of its initial examination on particular desktop and network systems used by the suspect employees. Its examiners performed computer forensic analyses on those systems while simultaneously examining data supplied directly from the Bank's IT department regarding internal network and Internet related activity of those suspect employees. Through those examinations, GDF forensically extracted digital artifacts, such as deleted email and documents and created reports of particular areas of interest based upon the issues related to the overall investigation.

After overall investigation, the Bank's Auditing Committee was in a better position to find that certain Bank employees had violated Bank policy and possibly certain federal regulations regarding actions by officers of public corporations. The Auditing Committee and forensic accountants, together with the Bank's New Board of Directors, was able to terminate some of accused employees and also to negotiate settlement agreements favorable to the Bank with those employees, including reducing certain benefits and severance packages owed to them under pre-existing employment agreements. In the end, the Bank saved an enormous amount of money and time by having the digital evidence to use in finalizing the issues related to the investigation and was able to make important deadlines with regards to certain SEC filings and regulatory mandates.

12.2 Case Study 2:

Tesco Group, one of the world's largest grocery retailers, needed a revolutionary new approach to tackle point-of sale (POS) fraud. They needed a solution that took the pain out of fraud detection and freed their Loss Prevention team to concentrate on investigation and loss retrieval. They required a system that produced information, not just data. One of their key requirements was a feedback loop to measure performance of both system and workforce. After extensive reviews and proof of concepts with multiple software vendors, Tesco chose Sysrepublic as their solution partner. The goal of the solution was to design and build a product that transformed how suspect point of sale activity is identified, tracked and eliminated. Working closely with Tesco's loss prevention managers and field staff, Sysrepublic began gathering requirements and building system prototypes. After a number of months this effort resulted in the creation of Secure, a comprehensive loss prevention solution designed specifically to meet Tesco's needs.

Once launched, the system immediately began identifying suspect incidents on a daily basis. These incidents could be easily investigated by the central team and field users. Secure successfully delivered positive results that were followed by prosecutions and changes to business process within the organization. Solution is that the secure addresses retail fraud issues via a “Plan, Do, Review” process cycle. This process allows retailers to automatically detect fraud and quickly assess the results in a structured, repeatable method. Feedback from Secure's results allows retailers to fine tune fraud detection methods where needed. A complete system, which is delivered user ready out of the box, Secure is the simplest, most efficient and cost-effective way for your company to detect, reduce and eliminate fraud.

12.3 Case Study 3:

The Chairman of the Board (“COB”) just found out that a $500,000 check cleared his bank and the bank called to advise him that he needed to activate the Company's line of credit. The COB was quite perplexed; he understood that he had adequate cash for the month. The President of the company, who was a non-owner, was out of town on a long weekend and would not be back until Wednesday. The COB (and 100% shareholder) called his attorney with significant concern in his voice, “What could have happened to the money?” he asked. The attorney called on his trusted forensic accountant (even though it was a Friday afternoon on Memorial Day Weekend).

A team of forensic accountants arrived on the scene. Together with the COB, they went through the books and records of the company, as well as the office of the President. What they uncovered initially showed that the $500,000 had been sent as a cashier's check to an attorney in another state. a meeting was convened with corporate counsel, the HR Director of the company, the forensic accountants and, upon his arrival at the office, the president. The president was escorted into the conference room and an interview was initiated by corporate counsel and the forensic accountant. For almost two hours, the inquiry moved forward very slowly with the president providing information based on what he most likely believed the attorney and the forensic accountant had already determined.

The forensic accountants continued working to document all of the background of the various transactions, including whatever invoices or other documentation had been submitted to the company, copies of the front and back of cancelled checks, as well as other documents. The file was assembled and a submission was made to the company's fidelity bond insurance carrier. After relatively extended discussions and time, the insurance carrier made restitution in the $1 million amount of the fidelity bond. All of the forensic documents were also turned over to the FBI local field agent, and an investigation was started.

The Company was subject to this debilitating and drastic fraud because internal controls were not properly in place. The Chairman of the Board had put complete faith in the president whom he had hired. The president used his position to “bully” the controller and other individuals into either approving payments on his behalf, and/or simply looking the other way. While the end of the story would appear to be a $400,000 loss to the company (the original defalcation totaled approximately $1.4 million less the $1 million in fidelity bond insurance recovery) the cost was far greater. The bank responsible employees have need for proper internal controls and the willingness on the part of top management to review transactions even for a high level COO or president are paramount in order to avoid the potential for disaster.

12.4 Case Study 4: T

oday's consumer activity depends upon plastic means credit and debit cards. Credit cards and debit cards are used to purchase products and services as well as to withdraw cash from Automated Teller Machines (ATMs). In order for a card transaction to be approved, the ATM, retailer, or food establishment must submit the request and the bank that issued the card must authorize the purchase or cash withdrawal. In addition, this approval must be provided in real-time since the customer is waiting for it. A key problem is quickly identifying suspicious or fraudulent uses so that those transactions can be rejected and the card suspended.

A card transaction is captured by such devices as a point-of-sale (POS) terminal in a store, a customer's browser communicating with a website, or an ATM. The information concerning the request must be rapidly gathered from the servicing network to which the devices are connected, sent to the issuing bank for authorization/approval and the response rapidly returned in order for the system to complete the transaction.

Thousands of business men connect hundreds of thousands of POS devices to the provider's network to service their retail counters. When a merchant's customer makes a purchase with a card, that card is read via the merchant's POS device, and the amount is entered. The purchase details are transmitted to the provider's switch, which forwards this information to the bank that issued the credit or debit card. The bank authorizes or rejects the transaction and returns a response through the provider's switch to the POS device. The transaction can be rejected for many reasons, such as exceeding a daily limit, exceeding the account's balance limit, an expired card, or a card with a credit hold.

A critical problem faced by the issuing banks is that of fraudulent transactions. This problem has, of course, exploded with the high speed nature of electronic submission of credit and debit transactions. An ATM or POS transaction may be fraudulent, for instance, if the credit card is stolen. Online purchases may be fraudulent if the credit card number, expiration date, and CID number are copied from the card. This copying can easily be done,

for example

, by a waiter taking a customer's credit card to pay for a meal or when a phone order is placed and paid for with a credit card. Identifying fraudulent transactions typically takes hours or days, and many such transactions may slip through before a hold can be put on the card. One Worse, because the information can be quickly shared with thieves in multiple countries, they can rapidly attack via multiple avenues by submitting many different types of transactions simultaneously, anticipating that the lesser (slower, etc) infrastructure that some of them may take will allow at least some of them to get through successfully.

Recognizing this problem, the switching-service provider decided to provide a capability to the issuing banks to flag in real-time those transactions that appeared to be suspicious, and possibly fraudulent. In this way, at the bank's option, suspicious or fraudulent transactions were identified and rejected much earlier and faster than previously possible.

The solution for fraud they make a real-time system. This real-time fraud detection system is an excellent example of real-time business intelligence (RTBI), in which events as they happen can control the operational actions of an enterprise. Consequently, real-time business intelligence is often referred to as event-driven business intelligence. A fundamental benefit of RTBI systems is that they can integrate in real-time the independent results of diverse heterogeneous systems and consequently affect the actions of an operational system.

A complex suspicious or fraudulent activity determination is made and action taken while a transaction is in the process of being gathered, routed, authorized, and returned to the origination point, or shortly thereafter, typically far sooner than otherwise achievable. The RTBI is made possible by the high-performance, heterogeneous Shadowbase bi-directional data replication engine. Shadowbase technology can replicate data between a wide variety of databases and platforms', changing the data as it is replicated to meet the needs of the target application or of the target database's schema. The Shadowbase engine is a high-performance, low-latency replication engine that can typically replicate between platforms in tens to hundreds of milliseconds. It is easily scalable to match any needed replication load and is configurable so that capabilities such as, in this case, routing transactions to the proper fraud detection server are simply added. Real-time business intelligence will provide the competitive edge to companies in the future. Shadowbase solutions are positioned to help your company achieve this edge.

12.5 Case Study 5: T

he case with much of the previous research, it is possible to examine financial statement frauds that have already occurred and analyze the red flags that existed in those cases. However, studying red flags that have been associated with financial statement fraud in hindsight may not be the same as using red flags to find financial statement fraud that has yet to be discovered.

In this case study the data demands make it impossible to study the predictive value of red-flags in detecting financial statement fraud, to test the plausibility of the fraud hypothesis approach, the researchers focused on misappropriations (asset thefts) using the operating data of a real company. They realize that having only one company makes the results less generalizable, but they did test many fraud hypotheses within that company. In particular, to perform the research, the authors were permitted unlimited access to all the operating data for one of the largest oil refineries in the world. The oil refinery provided an excellent laboratory in which to study the fraud hypothesis approach, because it involved tens of thousands of vendor and employee transactions that could involve fraud. Also, this oil refinery had two very useful and unique electronic databases which provided a data-rich environment to test. These databases contained detailed information for material acquisitions, project status, and vendor labor billings showing hours worked by individual and by team. During the period studied, the refinery had 41 vendors with transactions totaling over $1 million each, 242 vendors with transactions totaling over $100,000 each, 497 vendors with transactions totaling over $25,000 each, and 1983 vendors in total. During the period studied, there were over 47,000 invoices with vendors, as well as at least that many expense reimbursements, payroll, and other transactions with employees. In addition, because the refinery was heavily unionized and employed many second- and third-generation employees, the company believed there might be employees who knew about frauds but were reticent to come forward with information about the improprieties.

At least in this case, to be useful, red flags had to be fraud- and company-specific and had to be continuously refined until alternative explanations were eliminated. Third, while systems from companies such as PeopleSoft and SAP will probably make pro-active searching for red flags possible at the data source, in this company it was only after the data were combined and manipulated in data warehouses that meaningful analyses could be performed. These data warehouses were specific to the search results they contained, and specialized analysis routines had to be written for each warehouse.

In addition to contractor fraud at this refinery, the company is anxious to use the fraud hypothesis approach for a number of other applications. For example, they have given most employees a company credit card with which purchases for the company can be made. They believe that formalized hypothesis testing of credit card purchases could reveal significant amounts of fraud. They are also anxious to use this approach at other refinery and no refinery operations of the company. They realize that in pro-actively searching for fraud, however, they must proceed with caution. While it is impossible to generalize beyond this application and this refinery, the company believes the fraud hypothesis approach to detecting fraud is both efficient and effective and more useful than other fraud detection methods they have used.