DENNIS ODA / DODA@STARBULLETIN.COM
Patrick Oki, a certified public accountant, certified fraud examiner and partner at the Honolulu office of accounting firm Grant Thornton, looked over records in the file room Wednesday with Taylor McCarthy, left, and Trisha Kaneshiro, a CPA and CFE. Although much of the work is done using a computer, a lot of old-fashioned work is still necessary in going through mounds of files or following a paper trail. CLICK FOR LARGE
Business fraud a growing problem
Certified examiners are cracking down on the wrongdoing that costs organizations in the U.S. about $638 billion a year
Editor's note: Patrick Oki is an assurance partner in the Honolulu office of national accounting firm Grant Thornton LLP. He is a certified public accountant and certified fraud examiner.
IT WAS A Wednesday afternoon.
I received a frantic call from the owner of a large retail business that had been selling clothing in Honolulu for more than 20 years. The owner had caught an employee stealing money.
While gathering information for the company's tax filings, the owner had reviewed the company's bank statements and noticed several canceled checks written out to "cash" for the past several months. The owner immediately questioned his accounting manager, who nervously gave him vague answers and ultimately admitted to "borrowing" money from the company.
Shocked that his longtime and trusted employee would commit such an act, the owner called me to determine the financial loss and help implement anti-fraud controls. It is an all too frequent type of call.
Fraud, as defined by the U.S. Supreme Court, is "a misrepresentation of a material fact the perpetrator knew was false and made with the intention that the misrepresentation be relied on and that the victim did rely on and as a result, incurred a loss."
Based on a report released in 2006, the Association of Certified Fraud Examiners estimated that U.S. organizations lose an estimated 5 percent of their annual revenues to fraud. Using the estimated 2006 U.S. Gross Domestic Product of $13.037 trillion, this percentage indicates a staggering loss of around $638 billion, despite increased emphasis on anti-fraud controls and recent legislation to combat fraud. Fraud investigation is a growing and unique field in the world of accounting, and certified fraud examiners are being called upon more and more often to investigate wrongdoings.
Fraud examination is a methodology to resolve fraud allegations from inception to disposition. The fraud examination process centers on the fraud theory approach, which has four sequential steps: 1) analyzing the available data, 2) developing a fraud theory, 3) revising it as necessary, and 4) confirming it. A fraud examination involves obtaining and dissecting evidence, taking statements, re-creating transactions and timelines, determining possible perpetrators, writing reports, testifying to findings, and assisting in the detection and prevention of fraud.
Reprinted from "Occupational Fraud and Abuse" by Joseph T. Wells, Obsidian Publishing Co., 1997, courtesy of Grant Thornton LLP.
Evidence is gained through interviews, document examination and observations. The specific procedures applied in a given fraud examination will depend on a number of factors: type of fraud committed, type and extent of documentation available, extent of cooperation obtained from the suspects and witnesses, and client's needs (identifying the perpetrator, quantifying the amount of the loss, testifying in court, for instance).
After admitting to the fraud, the accounting manager was immediately terminated by the owner. One of the first procedures I performed was to create a duplicate copy of the accounting manager's computer hard drive. This process is known as imaging a hard drive. Once the original hard drive was copied, it was carefully removed from the computer, sealed, and stored as evidence. My team of experts and I then used the duplicate hard drive to recover deleted files and e-mail, and review and analyze data stored on the accounting manager's computer.
Literally, thousands of messages (including deleted e-mail messages) help a fraud examiner determine a perpetrator's motives, at times disclosing how the fraud was committed.
It is amazing how much you can learn about someone as a result of reviewing e-mail received and sent through a business's e-mail system.
What my team of investigators and I learned through the review of e-mail messages was that the accounting manager had large gambling debts, had a mistress, and constantly complained to friends of being underpaid and disrespected by his supervisor.
THE FRAUD TRIANGLE
Research has identified three key factors that determine whether a person will or will not commit fraud: opportunity, pressure, and rationalization.
The fraud triangle is similar to the fire triangle we learned in elementary school. In order to have fire, you need heat, oxygen and fuel. Fraud likely will be committed if a person has the opportunity, is pressured, and is able to rationalize the fraudulent act. Once we determined what pressured the accounting manager to commit a fraud, and understood how he probably rationalized performing an immoral act, our next step was to determine how the accounting manager stole from the company.
Of course, in this information age, there is specialized forensic computer software to assist fraud examiners with this. Accounting data is downloaded into data mining software and analyzed through different methods. One method is the theory of Benford's Law, also known as the "first digit law," which describes the relationship of the first digit in a series of random numbers (such as the invoice values or invoice numbers in an invoice history transaction file).
Benford's Law states that "1" will appear approximately 30 percent of the time as the leading digit whereas "9" will be the leading digit only 4.6 percent of the time.
At Grant Thornton, we use IDEA (data mining software used in fraud investigations) in our standard audits.
And in this case, when we analyzed vendor payments made by the company, there was a very high frequency of paid invoice amounts with the first digit of '4.'
The accounting manager was authorized to sign checks for amounts up to $5,000 so this explained why there was an unusually high number of checks written for slightly less than $5,000. We also determined these amounts were mostly to the same vendor.
It also was discovered that this vendor was not a legitimate vendor for the company. In fact, the company sold plumbing parts and was owned by the accounting manager's brother in-law.
It didn't make sense for a clothing retailer to be paying hundreds of thousands of dollars to a plumbing company.
The plumbing company had a name similar to a legitimate vendor, so the accounting manager created fake vendor invoices by copying and pasting the legitimate vendor logo from the Internet onto a Microsoft Excel worksheet. By using a color printer, fake invoices can look very realistic.
My team found the deleted files of these fake invoices on the accounting manager's computer. Since the company had an accounts payable clerk, the accounting manager had to create fake invoices to get the information into the accounting system.
INTERNAL CONTROLS LACKING
Once entered into the system, the fraud easily could be executed since the accounting manager had control and authorization to prepare and approve payment. It was determined that the company's accounting function had a lack of segregation of duties and hardly any internal controls. The accounting manager easily could manipulate the accounting records.
Creating fake invoices is a common scheme, and perpetrators are becoming more sophisticated with the usage of scanners and color printers. Fraud examiners, in response, have begun utilizing information provided by color printer manufacturers. In cooperation with the U.S. government to prevent counterfeiting of currency and other government-issued documents, color printer manufacturers have designed color printers to encode every sheet of paper printed with virtually invisible data. This data gives the date and time when the page was printed, serial number of the printer the page was printed from, and other pertinent information.
Using a blue LED flashlight and a magnifying glass, fraud examiners can use this additional information to help determine the legitimacy of these color-printed documents, such as faked invoices. For instance, if a ransom note is ever printed from a color printer, there is a way for detectives to determine when the document was printed and, in working with the printer manufacturer, the location where the printer was purchased and very likely the exact location of the printer.
While fraud examiners review substantial amounts of accounting records and data in a fraud investigation, interviewing people is also an important area to successfully understand how the scheme was conducted.
Unlike auditors examining historical financial data, fraud examiners are looking for the unknown. That is why interviewing employees, vendors, customers, and the possible perpetrators are so critical.
Although fraud examiners do not rely primarily on testimonies, the interviews help corroborate evidences discovered in the examination.
Over time, fraud perpetrators get lazy. The accounting manager got pretty gutsy by writing checks payable to cash. I think he believed that because he didn't get caught for a while it was unlikely he would ever be caught.
So while this crime doesn't involve a bloody knife or a missing body, it still has its casualties. While the company ended up losing over $450,000, the biggest loss was the relationship between the owner and the accounting manager.
The owner was devastated when I told him how much was stolen. I think he had thought it was less than $20,000. The saddest part was learning that these two guys were best of friends in high school.