Using audit tools to detect fraud

According to a survey conducted by the Association of Certified Fraud Examiners , it is estimated that organisations lose seven percent of their annual revenues to occupational fraud and abuse.  Additionally, fraud examiners indicate that fraud incidents have increased since the start of the global financial crisis (GFC) and fraud levels are expected to continue to rise in the next 12 months . 

These incidents are brought about by the increased financial pressure on individuals and by the increased opportunity for fraud due to the reduction of workforce and internal control measures. 

In addition, organisations are faced with the challenges of dealing with the increasing volumes of electronic data, the growing complexity of systems and processes and continued evolution of fraud schemes.

While fraud management in organisations is a challenging task, recent fraud incidents highlight the need for a more robust fraud risk management program to combat fraud threats within an organisation.  Currently, most organisations use manual procedures as the primary method of uncovering fraud.  However, powerful data interrogation tools are available to supplement and increase the precision and effectiveness of traditional fraud detection procedures. 

These tools allow for the possibility of continuous transaction monitoring by automating data queries that can be consistently run at prescribed periods.  These queries also allow for the analysis of data without damaging the integrity of live data.  These tools allow for an increased scope of fraud review by being able to test up to 100% of the transactions and being able to efficiently correlate data from various sources and various file types.

To maximise the use of these tools, some organisations leverage the expertise of professional service firms who not only have been using these tools in performing Computer Assisted Audit Techniques (CAATs) but are also versed in performing fraud risks and controls review.

The following are samples of fraud incidents and sample procedures to discover fraud using a data interrogation tool:

Fraud incidents  Sample potential data interrogation procedures

Fraudulent sales
  • search for duplicate sales invoices
  • matching electronic sales records and shipping records
  • matching credit notes to sales invoices
  • matching shipping address to known customer address
  • matching shipping address to employee address
  • developing statistics, such as sales returns per customer, credit notes per customer, and price exceptions (discounts) per customer
Fictitious vendors
  • search for potential duplicate vendor masterfile records by testing duplicates in the vendor names, addresses and contact details
  • matching vendor addresses to employee addresses
  • matching vendor contact numbers to employee contact numbers
  • matching vendor bank details to employee bank details
  • extracting vendors with missing information (ie. ABN, addresses, contact details)
Fraudulent payments
  • search for duplicate vendor invoices, duplicate payments
  • match invoices to purchase order details
  • match invoices to goods receipt details
  • extract disbursements payable to cash
  • match disbursements payable to employees and investigate unusual items
  • extract gaps and duplicates in cheque numbers
  • use Benford's law to detect unusual payment patterns
Corruption/conflict of interest
  • summarise inventory purchases per supplier per inventory item and investigate concentration of purchases
  • summarise expense per employee and investigate unusual charges
Payroll fraud
  • search for duplicate employees and TFN
  • search for invalid TFN
  • search for terminated employees in the payroll register
  • search for duplicate employee records
Fraudulent reporting
  • search for unbalanced journal entries
  • search for gaps and duplicate journal entries
  • search for unusual journal entries using Benford's law and search for round dollar entries
  • search for journal entries created or posted by unauthorised individuals
  • search for journal entries posted on a weekend

 

Case Study
In August of this year, Clive Peeters reportedly lost nearly $20 million because of an alleged fraud committed by its payroll manager.   The incident was said to be discovered by an accountant who noticed a variation between two company ledgers amounting to $2 million.  Later investigations indicated that the alleged fraud was committed by exploiting a weakness in the online transaction software that allowed the user to redirect payments to the employee’s account.

In the above situation, data interrogation tools can assist by reconciling and matching data from various ledgers and various systems.  These initial reconciliations can then be automated by developing scripts within the tool that can be run on a monthly basis or at desired intervals.

During the investigation, examiners can also obtain relevant data from the online transaction software and, using the tool, extract all transactions where funds were transferred to the employee’s account.  In addition, the tool can match the BSB and account number information in the online transaction software to a list of valid supplier BSB and account numbers maintained in the vendor/supplier master file.  A script can also be developed for this test to enable its automation.

Fraud risk management can be a daunting task.  Fortunately, data interrogation tools and experts in professional service firms can be a powerful ally against fraud.

For more information on data interrogation tools, contact your regular Grant Thornton adviser or the author of this article.


Author: Jonathan Marquez, September 2009

Want advice or more information on this topic?
Click here to contact the author

Alternatively, phone Jonathan Marquez directly
T +61 2 8297 2400
Contact Us Envelope

Contact us

To find out more information about Grant Thornton or provide feedback to us, click here to contact us

© 2009 Grant Thornton Australia Ltd – All rights reserved