6-1

Fraud Detection McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

6-3 The Fraud Detection Process The fraud detection process involves identifying indicators of fraud that suggest a need for further investigation. Various means of detecting fraud exist, including tips and hotlines, financial statement audits, and by accident.

6-4 Hotlines and Fraud Discovery Hotlines are very effective They must have a disclosure policy Confidentiality and anonymity They must be supplemented by an ethics code, employee training proper monitoring, advertising, and the right tone from top management

6-5 Other Means of Fraud Discovery By accident This happens frequently, especially in companies with weak controls. But it might happen too late for a small company to survive. By external auditors. SAS 99 requires that auditors design financial statement audits in such a way so as to have a reasonable chance of detecting misstatements in the financial reports. But not all fraud leads to misstatements. Still, external auditors must consider fraud risk and should use the fraud triangle. External auditors must report frauds to the appropriate level of management.

6-6 Other Means of Fraud Discovery By internal auditors Internal auditors should report directly to the board of directors By inspectors general By security departments

6-7 Fraud Issues Often fraud and waste or errors are indistinguishable from one another There is a tradeoff between prevention, detection, and correction Detection produces false positives and false negatives False positives indicate fraud when there is none False negatives indicate no fraud where this is fraud One goal is to balance the rate of false positives versus the rate of false negatives so that Total Fraud Costs are minimized Total Fraud Costs = Prevention Costs + Detection Costs + Correction Costs + Fraud Losses

6-8 Fraud Indicators Composite indicators Are typically produced from weighted sums of individual indicators. The weighted sum is called a risk score. One example of a risk score is a FICO credit score Single-factor indicators Are also called red flags In the typical scenario, a single red flag may initiate an investigation In many cases, the reliance on fraud indicators alone is not sufficient. Random tests also may be needed, because fraudsters may manipulate fraud indicators, or the set of detectors in use might not be capable of detecting some frauds.

6-9 Data-Driven Fraud Detection Data-driven fraud detection involves the formal process of sifting through data in search of fraud indicators. Sources of data include internal control data, basic tips and hotlines, security breaches, and pattern data. Internal control data include reconciliation failures, control total failures, exception transactions, and apparent errors. Security breaches occur when an individual accesses some entity resources without first being granted a sufficient privilege to do so. Pattern data analysis, or data mining, combines different data items in complex and non-intuitive ways to signal fraud.

6-10 Steps in Building a Fraud Detection System The general approach involves 1) risk analysis and control development, 2) exploitation of expert knowledge, 3) knowledge discovery, 4) implementation. Knowledge discovery involves SEMMA: Sampling, Exploration, Modification, Modeling, and Assessment. Various common modeling techniques exist, including linear regression analysis, for example. Various special modeling techniques also exist, including social network analysis, content analysis and text analysis, and Benford analysis, for example.

6-11 Benford Analysis