Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
com/au
Fraud
A guide to its prevention,
detection and investigation
Fraud in the Australian context
Corporate fraud is a persistent While there is no foolproof method
fact of business life, affecting of preventing fraud, the risk can be
businesses of all sizes and across minimised by taking a systematic
all industries. Consider the following and considered approach to its
recent statistics: management.
• 49.5% of Australian businesses For most organisations, internal
suffered some form of fraud fraud (fraud committed by an
between 2005 and 2007 organisation’s employees or
(PricewaterhouseCoopers’ officers) is its greatest risk. In fact,
Economic Crime Survey 2007) the PricewaterhouseCoopers’
• Fraud costs Australian Economic Crime Survey 2007
business and government identified that 71.4% of Australian
$5.8 billion a year – one-third fraud was committed by internal
of the total cost of all crime in perpetrators.
Australia (Australian Institute
Therefore this guide is primarily
of Criminology’s 2003 report,
directed toward the mitigation of
Counting the costs of crime in
internal fraud, even though many of
Australia)
the methods described can be used
• 21.4% of Australian respondents to mitigate external fraud.
suffered losses in excess of
$1 million between 2005 and The guide will take you on the
2007 (PricewaterhouseCoopers’ iterative journey of fraud risk
Economic Crime Survey 2007). management, providing a basic
summary of better practice
techniques in fraud prevention,
detection and investigation.
Risk assessment
Fraud
Prevention Detection
control
Investigation
1
Internal fraud control
2
Contents
Introduction _______________________________________________________ 4
3
Introduction
Internal fraud control
Mischaracterised
expenses
Forged maker
Ghost employee
Overstated expenses Forged endorsement
Commission schemes
Fictitious expenses Altered payee
Workers compensation
Shell company Multiple Concealed cheques
Falsified wages reimbursements False voids
Authorised maker
Non accomplice supplier
False refunds
Personal purchases Expense
Payroll reimbursement Cheque
Petty cash box access schemes schemes tampering Unrecorded
Falsified documentation Billing Point of sale Understated
and/or reconciliations schemes payments
dulent payments
Cash on Frau
Falsified bank reconciliations Sales
hand Write-off schemes
Safe deposit box access Cash Lapping schemes
Kiting From the
Sk
Receivables
deposit
imm
ft
Inadequate physical
The
Multiple refunds
security controls
ing
se
I
en s schemes
to r y
Utilisation for personal and all oth er a
Mi
us ef
False sales
t
s
Plant and
equipment Inappropriate segregation
Purchasing of duties
and receiving
Fictitious customers
Inadequate supervision Intellectual property
Unconcealed
or controls and other assets
theft
4
4
r Acce
Othe p
kickb ting
ac k
s s
ale mes
e st r
sc S
tere
Bidging
h
ig
in Bri
of b
schemases
er
es
s
ict
Other
Purch
Confl
Corruption
Moneta
l
Socia
Illeg
on
al
y r
at
rti
gr
uit to
ie s Ex
al
No net
mo
tic
n
ar
oli
y P
M
lau oney c
nder omi
ing Econ
Timing Unrecorded
differences Understated
Fictitious Improper
revenues estimates
Concealed contingencies
liabilities and Liabiliti
expenses ents es /
ta tem exp
ers en Concealed
Improper
ov se assets
disclosures/ Financial
e
su
nu
classifications
nd
e ve
ers
t/r
tate
Improper Timing
As se
differences
ments
asset
valuations
Fraudulent
statements
Emplo
ts
Qualifications Corrupt
m en
practices/
bribery
yme
ocu
Identity No a
l
n- nt
nt
ld
na
en ncial/envi environment
er
d
tia t
Professional ls Ex and regulatory
reporting
accreditations
Intern s
al document Side letters
Employment
history
Privacy Improper
breach Non-disclosure forecasting
of loss or
related parties
The ‘web of deceit’ – also known as the It is important when investigating incidents
Fraud Tree – is adapted from a uniform of fraud to remember the concept of the
occupational fraud classification system web. This helps remove mental blinkers
developed by the United States based and reminds the investigator to consider
Association of Certified Fraud Examiners. all potential aspects of a perpetrator’s
fraudulent activities.
Areas of risk and fraudulent schemes are
grouped under the broad categories of asset In many cases perpetrators will use several
misappropriation, fraudulent statements and different fraudulent schemes that are
corruption. interconnected. For example, invoicing
schemes will often require the perpetrator
to create false suppliers and then cover
their tracks by creating false accounting
records. These have a direct impact on an
organisation’s financial statements.
5
5
6
Fraud risk management
Fraud risk management
How to establish a robust framework
7
Fraud risk management
Fraud and poor governance are serious risks for all organisations.
High-profile cases in recent years have shown that dishonest behaviour not
only undermines profits, operating efficiencies and reliability, but can severely
damage an organisation’s reputation.
3. Cash and cheques and other assets are rarely and distribution of counterfeit
Most organisations have adequate. products on a global basis.
procedures to safeguard cash, Close to one fifth of Australian
This can lead to large-scale,
yet those procedures are often organisations who contributed
organised fraud schemes through
ignored where cheques are to the PricewaterhouseCoopers
the theft of inventory, cash and
concerned. Economic Crime Survey 2007
other assets.
believe that this situation is going
Despite a reduction in cheque A major aspect of any fraud risk to continue over the next couple
usage following the transition to management activity will need to of years.
electronic fund transfer payments, be an assessment of the physical
misappropriation of cheque Some of the most valuable
security of an organisation’s
receipts and cheque payments assets an organisation possesses
assets.
remains a problem. Most cheque is its intellectual property
theft occurs within the postal and confidential information.
Case study: Organisations should identify
system. However, larger-scale Unauthorised removal of
cheque fraud can also occur what confidential information they
corporate information possess and determine the level
inside organisations where bank
reconciliation processes are
A senior manager of an electrical of security to be applied based on
components organisation entered into a its relative sensitivity.
weak and there is inadequate contract with an overseas manufacturer
segregation of duties. to produce identical components for his It is important to think about
employers. He subsequently created
his own business, resigned from his
access to photocopiers, and
Case study: position and set up in competition. the ability to access electronic
Cheque misappropriation and As a result of concerns about the loss information with portable storage
expense fraud of customers, an investigation was devices such as CDs, DVDs,
initiated.
The finance director of a large, fast flash-drives etc.
growing services organisation found This investigation established that
the combination of trusting senior the senior manager had managed
management, poor internal controls to access a database he was not
and readily accessible funds too authorised to enter, and had obtained Case study:
tempting. Over a period of several electronic copies of the complete
customer list, product price list and
Entertainment piracy
years, he defrauded the organisation of
over $5 million, mostly by purchasing technical information prior to his A major computer entertainment
bank cheques using the organisation’s resignation. This had enabled him to manufacturer believed that it was
funds. target the organisation’s customers and losing significant revenue to pirates
offer cheaper prices. His actions were and counterfeiters, who were
The finance director had sole in breach of the anti-competitive clause distributing their product via classified
responsibility for completing bank in his contract. advertisements, online and in suburban
reconciliations which were falsified
markets. The organisation estimated
and often destroyed. The fraudulent
that it was losing 10% of its revenue
transactions were able to be hidden
5. Piracy, intellectual property and in this way and that piracy accounted
as unreconciled items due to the
for 100% of units for its software in
existence of high funds transfer confidential information Australia (that is, for every legitimate
volumes within the organisation’s bank
computer game, there is a pirated one).
accounts. Product piracy is one of the
major economic crimes facing An anti-piracy investigation program
manufacturers and distributors of was undertaken which included the
4. Physical security use of undercover and surveillance
branded goods and software. operatives.
The PricewaterhouseCoopers
Economic Crime Survey 2007 In Australia it is estimated that During the five-year campaign,
identified asset misappropriation nearly one-third of all software more than 3,500 piracy cases were
in use has been pirated. This investigated, resulting in civil actions
as the highest risk category for against organised pirates, and
Australia, representing 37.1% has resulted in lost sales to settlement awards to the manufacturer
of economic crime reported. the software, video game and of over $500,000. In some cases,
Although organisations often toy industries alone of more matters were reported to law
than $670 million a year. The enforcement authorities, resulting in
create and maintain a physical criminal prosecutions and convictions.
security environment, the controls internet has created a ready
over access to cash, inventory environment for the advertising
10
Information technology
Case study: Case study:
Asian software piracy Information technology is a Leaked confidential information
A compact disk manufacturing plant in
significant part of the day-to-day A group of employees in an organisation
Asia was believed to be counterfeiting a operations for most organisations. were suspected of leaking confidential
large volume of an organisation’s software But while the integration of information by electronic mail. It was
products. A search warrant was executed technology results in many benefits, alleged that this information was used
on the suspect production facility and a by certain people to obtain financial
forensic image taken of nine computers.
it also brings increased risks. advantage.
During the analysis an accountancy Information technology fraud The computer network was logged
database was located on one of the can be defined as a criminal act to identify the movement of email
computers. It was possible to establish in which a computer is essential attachments. Leaked documents were
the financial position of the counterfeiting tracked exiting the organisation’s
manufacturer, and to obtain a full list of
to the perpetration of the crime. network. Access was obtained to laptop
suppliers and customers. This database It can include hacking, mail- computer systems used by employees
was successfully reconstructed and bombing, spamming, domain and the computers were forensically
supplied in a working format to the client. name hijacking, server takeovers, imaged. Deleted electronic mail messages
containing the document in question were
Keyword text searches were denial of service, internet money recovered. A time line was constructed
conducted on all computer hard drives laundering, destruction or theft of which identified the movement of the
discovered at the plant for supporting
data, electronic eavesdropping and document through a chain of emails to
documentation. Numerous documents outside parties.
and spreadsheets were located, many unauthorised transfers of funds,
of which were recovered from deleted electronic vandalism and terrorism, Analysis of data and time information
areas of the drives. A number of the and sales and investment fraud. associated with the email messages and
spreadsheets were password protected. the attached document clearly identified
It can also include a criminal act
These passwords were cracked using the time period over which the leak had
specialised software and found to contain where a computer, not essential to occurred. Analysis of hidden data within
relevant information. the perpetration of the crime, acts the document resulted in the identification
as a store of information concerning of the original computer from which the
A number of the documents located document was first emailed, as well as
from text searches indicated a clear the crime.
the subsequent editing of the document
relationship between the factory and other by people in the electronic email chain.
organisations throughout Asia. Most information technology frauds
are uncovered by accident or chance, The people responsible for editing and
revealing the inadequacy of many releasing the document were identified.
Evidence collected was used in a
computer control systems to detect
successful civil action.
frauds. With increased dependence
on information technology, the
incidence of information technology
fraud is increasing, and will continue
to do so. This is explored further in
Section 5.
11
12
Fraud prevention techniques
Fraud prevention techniques
Some easy-to-implement fraud prevention techniques
13
Fraud prevention techniques
Markets are looking for a rigorous approach to risk management and loss
prevention to safeguard business value. Increasing public awareness
has also forced public institutions to take a more thorough approach to
managing the taxpayer dollar.
Below are some basic fraud control and prevention techniques identified for Australian organisations from
the PricewaterhouseCoopers Economic Crime Survey 2007. In combination with a thorough fraud risk
assessment (as discussed in Section 1), detection methods and investigation plan (discussed in Sections 3
& 4), the use of these techniques should minimise the risk and impact of fraud in most organisations.
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0%
% of companies (multiple answers)
According to the survey, the vast majority of organisations in Australia and around the world have at least
some specific fraud prevention measures in place.
14
There are four key elements to Oversight should extend to: Scope of the directors’ oversight
effective fraud prevention: Appropriateness of the board
Management
1. Oversight by the board and audit and audit committee’s oversight
• anti-fraud programs and
committee as it relates to fraud should be
controls, including the
2. Policies and training identification of fraud risks and evidenced through discussions with
3. Employment screening implementation of anti-fraud members plus management and
measures reported in the minutes. The scope
4. Internal fraud controls. of their oversight should include:
• the potential for override of
Oversight by the board and controls or other inappropriate • considering the nature and
audit committee influence over the financial frequency of their meetings and
reporting process assessing whether adequate
The board is responsible for time is dedicated to considering
overseeing the internal controls over • review of accounting principles, fraud
financial reporting established by policies and assumptions
used in determining significant • ensuring that audit committee
management and the process by
estimates members consider fraud in their
which management satisfies itself
review of:
that those controls are working • review of significant non-routine
effectively. The board is also transactions. – accounting principles,
responsible for assessing the risk of policies and estimates used
financial fraud by management and Employees by management
ensuring controls are in place to • mechanisms for reporting – significant non-routine
prevent, deter and detect fraud by concerns. transactions entered into by
management. Much of the board’s management
Reporting
oversight is embedded in the other • evaluating management’s
• receipt and review of periodic
elements of an effective anti-fraud assessment of fraud risk
reports describing the nature,
program.
status and eventual disposition • holding discussions with the
The organisation’s board of of alleged or suspected fraud external and internal auditors as
directors and audit committee and misconduct to their views on the potential for
significantly influence the control • functional reporting by internal fraud.
environment and ‘tone at the top’. and external auditors to the
They should therefore both be free Policies and training
board and audit committee.
from management’s influence. The development and
Internal Audit and other bodies implementation of a rigorous fraud
It is critical that the board and
• a plan that addresses fraud risk control policy document for most
audit committee systematically and
and a mechanism to ensure that organisations is a critical step
periodically review management’s
Internal Audit can express any toward effective fraud prevention.
controls over financial reporting
concerns about management’s
and other operations. It is also Staff can only be expected to
commitment to appropriate
critical that such responsibilities comply with policy if it is clearly set
internal controls or to report
for oversight be reflected in their out in a comprehensive document
suspicions or allegations of fraud
respective charters. which details procedures to be
• involvement of other experts followed. Where no such document
such as legal, accounting and exists, it is often difficult to prove
other professional advisers that employees or external parties
as needed to investigate have knowingly acted against the
any alleged or suspected interests of the organisation.
wrongdoing.
Indeed the lack of clear guidelines is
often the first excuse offenders will
use when questioned concerning
fraudulent acts.
15
Fraud prevention techniques
16
Detailed checks Qualifications Taken together, the above checks
The application form and the CV • all educational certificates should help build an accurate
provide the basis for detailed should be inspected and picture of the candidate’s
checks to be carried out with independently verified experience, background and
referees, educational institutions, • be aware that desktop qualifications.
previous employers and public publishing enables convincing A specialist task
records. The following should be documentation to be produced
undertaken as a matter of course: with little effort Effective employment screening
is a specialist task requiring
Reference checks • contact the institutions for
investigative skills and access to
verification of qualifications
• referees and previous employers a wide array of public information
and professional memberships,
(preferably line managers) should databases. Many organisations,
rather than relying exclusively on
be spoken to after their identities particularly those involved in
candidate-supplied certificates.
are independently confirmed financial services, prefer to
• bear in mind that referees Background searches outsource this work to screening
provided by the candidate are • Background searches should experts. Further, it should be
unlikely to provide unfavourable be undertaken using public remembered that very few
information even if they are databases and information placement organisations perform
aware of such information. sources. These might include employment checks to the standard
directorship searches to ensure recommended in this guide.
there are no potential conflicts
of interest, bankruptcy searches,
and media searches.
• Criminal record searches might
also be considered.
17
Fraud prevention techniques
Case study:
Sales commission fraud
A publishing organisation was concerned Evidence included statements from
about the high outstanding debtor balances the debtors and audit logs showing the
in the accounts of a remote subsidiary. creation of the sales on the system by the
Enquiries made to some of the debtors sales manager. Further enquires revealed
identified a number of suspect sales the suspect had also processed a number
transactions which were denied by the of fraudulent accounts payable cheques.
debtors.
Investigations revealed that a particular
sales manager with access to sales records
had created fraudulent sales using existing
debtor accounts, in order to generate
fraudulent commissions. Although the total
amount of the fraudulent commissions
was small, the corresponding revenue
overstatement amounted to $800,000.
19
20
Proactive fraud detection
Proactive fraud detection
Making fraud detection part of business-as-usual
21
Proactive fraud detection
The PricewaterhouseCoopers Economic Crime Survey 2007 for Australia found that in most cases frauds
were not detected by specific preventative or detective measures, but rather were revealed through external
or independent business functions.
The following diagram from the PwC survey tells the story:
Electronic, automated
7.7%
suspicious reporting systems
Based on these statistics, and belief in its stated corporate An example is fraud ‘hotlines’,
which align with anecdotal values. which are proving useful as
experience, the key to successful a means of encouraging the
fraud detection is facilitating Protected disclosures/ reporting of fraud incidents, either
tip-offs through whistleblower whistleblower protection anonymously or otherwise.
programs, and by putting in place A fraud control policy should
detection programs such as make it clear that it is the
suspicious transaction analysis, responsibility of staff to report
that replicates the ‘accidental’ any malpractice to management.
discovery. In practice there is often a
Through a whistleblower reluctance to do this as some
protection program and other staff interpret it as ‘dobbing’.
investigative services an Because of this, the development
organisation clearly demonstrates of a protected disclosures
its commitment to good corporate (whistleblower) program is an
governance, comprehensive risk important element of any effective
mitigation and the establishment fraud prevention or mitigation
of an organisational culture that strategy.
promotes a high degree of ethics
22
Such a program should be designed How to implement a protected before or after normal work hours.
to: disclosures program
Communicate and train
• encourage the reporting of There are four essential
incidents of fraud, corruption, The key to any successful
components to an effective
legal or regulatory non- disclosure hotline is an effective
whistleblower protection program,
compliance, and questionable awareness and communication
as follows:
accounting or auditing matters program. An important aspect of
Develop a whistleblower protection this training is fraud prevention
• allow for the efficient and policy and procedures and ethics awareness as well as
effective investigation of A policy should be developed that: detailed training on organisational
disclosures policies and procedures to prevent
• complements and enhances
• protect those making the the already established misconduct. Options for delivering
disclosure from reprisal communication channels training include:
• appropriately manage those between employees and • conducting workshops for all
subject to an allegation. supervisors staff
In their 2006 Report to the Nation • protects employees from • conducting ‘train the trainer’
on Occupational Fraud and Abuse, reprisals that might otherwise workshops
the Certified Fraud Examiners be inflicted as a result of their • online training rolled out over the
established that 44% of million disclosures intranet/internet
dollar frauds in the US were • ensures disclosures are properly • a combination of all of these.
discovered as a result of tip-offs. investigated and dealt with
Similar results were found by the Appropriate promotional material,
• ensures relevant disclosures are
PricewaterhouseCoopers Economic including posters, brochures and
appropriately reported to senior
Crime Survey 2007 for Australia tactile cards should be developed,
management.
(see whistle blowing system in the and appropriate material should
diagram on page 22). Develop a disclosures database also be accessible on your intranet.
A secure database should In all these materials a statement
Legislators in the US have moved assuring staff of confidentiality
to compel certain organisations be built to record details of
disclosures, including details of should be prominently displayed.
to protect genuine whistleblowers
through provisions in the Sarbanes- progress of investigations and the
Oxley Act of 2002. ultimate disposition of matters. Case study:
It is important that access to this Whistleblower protection policy
In Australia, CLERP 9, AS database be strictly limited.
8004-2003: Whistleblower and set-up of an external
Protection Programs for Entities, Implement methods of receiving hotline
disclosures A publicly listed company in Victoria
ASA 240 and the Australian Stock
required a whistleblower protection
Exchange Corporate Governance There are a number of ways to policy and an externally managed
Council’s Corporate Governance receive disclosures, including hotline that could receive disclosures
Principles and Recommendations telephone, ordinary mail, email and from staff and the general public.
have placed an impetus on facsimile. In our experience, setting With the aid of external advice, the
organisations to establish an up a single free-call telephone company developed a whistleblower
effective whistleblower system. number is the most effective protection policy, including a 1800
In many cases, state based telephone number, PO Box, and
method of receiving disclosures. a database accessible on the
government organisations have In this way the investigator can organisation’s website for the receipt of
legislated whistleblower obligations. immediately commence to build disclosures. Experienced investigators
The Corporations Act also places rapport with the caller at the time of manage the system, reporting
certain obligations on companies disclosures to the organisation’s
the initial call and there is a greater whistleblower protection coordinator
receiving disclosures, touching chance of obtaining all relevant with recommendations for further
up on breaches of corporations information. action.
legislation.
We recommend the line be open
between at least 8.00 am and
8.00 pm so calls can be made 23
Proactive fraud detection
Case study:
Fraudulent collusion between suppliers and employees
Analysis of payments carried out for a large insurance organisation identified duplicate
claim payments and suspicious payments to suppliers sharing an address with an
employee.
The payments were proved to be fraudulent and were reported to the police. This led
to criminal charges being laid.
24
Case study: Case study:
Duplicate payment of supplier Overpaid overtime
invoices and cleaning of supplier External analysts were contracted by
master files a government agency to analyse staff
salaries and overtime payments over a
External analysts contracted by an
three year period.
organisation identified $600,000 of
duplicate invoice payments over a The analysts identified nine employees
two-year period. An automated detection who were paid overtime rates in excess of
program established that these had $1000 per hour, the highest being $4,989
occurred because a number of suppliers per hour. These results allowed the agency
had been entered on the supplier master to investigate the payments and recover
file more than once, allowing for the easy the over-payments.
processing of duplicate invoices.
The value-add of data mining the best use of valuable and often organisation to regularly identify
An automated fraud detection scarce resources. It is a tool which transactions of interest, it also
program can provide management will quickly identify problem areas allows them to determine whether
or the auditor with, for example, and can also be used to audit the control or process changes, made
a detailed list of questionable records of suppliers where a ‘right as a result of a previous analysis,
transactions, employees and to audit’ exists. The process is have resulted in a decreased
suppliers which need further simple and time-efficient and is number of transactions of interest in
investigation. not disruptive to normal business the subsequent year’s analysis.
operations.
In larger organisations, automated
fraud detection tests conducted Automated fraud detection has
before an audit will also been found to be particularly
complement an organisation’s beneficial when conducted annually.
schedule of audit visits, making Annual analysis not only allows an
Case study:
Vehicle over-servicing
Unsatisfied with the operating costs of its vehicle fleet, particularly relating to vehicle
maintenance, the organisation approached external analysts to undertake a data review
specifically over vehicle maintenance payments.
An analysis of all electronic maintenance data for the entire vehicle fleet over a three
year period was undertaken. Several anomalies were detected, including apparent over-
servicing of vehicles and vehicles serviced with either no labour costs or no parts costs.
The fleet provider was able to revisit the service provider agreements with the intention of
terminating the relationship with the vehicle maintenance provider.
25
26
Effective fraud investigation
Effective fraud investigation
A step-by-step plan
27
Effective fraud investigation
Forensic accounting/
transaction analysis
Investigation
Investigative
report and Computer
intelligence and
recommendations forensics
analysis
Fieldwork and
interviews
Investigation resources
Investigative intelligence and analysis
This is the research component of the investigation. It involves
experts in publicly sourced information obtaining relevant information
concerning individuals and entities suspected of involvement in the
fraud. This is one of the first steps taken in an investigation where
a suspect has been identified. Investigative researchers will quickly
identify, for example:
• directorships and shareholdings in private companies in Australia
and overseas
• mentions in the global media
• bankruptcy and disqualifications by regulators
• court judgments
• asset holdings.
28
Fieldwork and interviews Initial actions are crucial to
Again a crucial part of most the eventual outcome of an
investigations, interviews with investigation and, if a proper
witnesses and suspects can prove strategy is put in place and adhered
vital to an investigation. Statements to, the extent of fraudulent activity
made during an interview can can usually be assessed and
become admissible evidence, if action taken to resolve the matter
obtained in an appropriate manner. successfully.
Assign responsibility
Responding to a fraud
incident Fraud investigation is by necessity
Forensic accounting/transaction a confidential task and is a sensitive
The following plan is a guide to the matter for the vast majority of
analysis actions that should be taken in the organisations. It is vital that all
Forensic accountants are a event that a fraud incident occurs, allegations of fraud are treated
vital piece of the investigation or suspicion of a fraud arises. Of seriously and that responsibility for
puzzle, as they are responsible course, every fraud incident is handling fraud incidents is assigned
for quantifying and evidencing different, and reactive responses will to a senior, trusted individual or
identified fraudulent transactions. vary depending on the facts that are collection of individuals.
This can be a challenge in situations unique to each case. However, this
where the suspects themselves plan is a typical response which can In many organisations, responsibility
are skilled accountants and have be used as the basis for responding is handed to a corporate security
knowledge of the financial system. to any fraud incident. advisor, internal audit or risk
Often, a forensic accountant will management director or manager.
need to piece together incomplete Before you start In other organisations, the
or deliberately falsified financial When fraud is first suspected, the responsibility is shared between
records. Section 6 has further matter could be more serious than it members of senior management
details about this. may initially appear. This is because or an audit committee, and the
financial criminals rarely restrict organisation’s human resources
Forensic accountants may also be personnel and corporate lawyers
their activities to only one modus
required to calculate losses and are involved from a very early
operandi. Therefore every effort
damages and prepare insurance point. Fraud incident management
should be made to obtain as much
claims. You can read more about responsibility is an important role,
information as possible before
this on pages 32 and 33 under and those chosen to administer
anyone is questioned, confronted
`Fidelity insurance’. the role must come from the
or interviewed. This is particularly
Computer forensics important in organisations or appropriate legal and management
business units with a close working level to authorise investigative
Computer forensics involves the actions and to co-ordinate the
environment, where there may
search, seizure and analysis of organisation’s overall response to
be a strong temptation to simply
electronic evidence, which is most fraud incidents.
question an employee as soon as a
often found on personal computers
suspicion is raised. As part of its overall fraud control
but can also be found on virtually
any modern electronic device. It is also important to be aware that plan, organisations should assign
larger scale frauds of the modern responsibility for fraud incident
It is rare for modern day frauds management to an appropriate
era are often international in nature.
to be perpetrated without the person(s) as a precursor to adopting
Therefore, any fraud contingency
involvement of computers, and an incident management plan.
planning must include measures for
therefore computer forensics is a Consideration should also be
taking legal and investigative action
vital skill-set in the vast majority of given to the appropriate level of
across jurisdictions.
fraud investigations. Section 5 has involvement by corporate lawyers
further details about this. and human resource personnel.
29
Effective fraud investigation
33
34
Electronic investigations
Electronic investigations
What if there’s no paper trail?
35
Electronic investigations
In today’s corporate environment, is a breach of legislation and any a computer forensics expert for
the paper trail largely originates evidence gathered is likely to be advice rather than relying solely
from, and in many cases has inadmissible. on an organisation’s information
been replaced by, records from technology staff.
personal computers and other The forensic image process
Forensic computer images have
electronic devices such as PDAs. The fundamental principle of been accepted by Australian
In response to this trend, a field computer forensics is that original courts. It is no longer necessary
known as ‘computer forensics’ data is never altered. For this (in most cases) to seize physical
has developed. Computer reason, purpose-written ‘forensic computer hardware. Indeed, in
forensics is the seizure and image’ software is used to take an situations where target computer
analysis of electronic data using exact copy of a ‘target’ computer systems contain critical data,
a methodology which ensures system. From this image the such as in a doctor’s surgery,
its admissibility as evidence in a original system can be recreated physical seizure may not be a
court of law. at any time. It is essential viable option. Once an image has
Computer forensics is an that trained and experienced been taken, hardware that may
integral part of modern fraud specialists be assigned to this otherwise have been required
investigation. task. to be secured for evidence
This ensures both the integrity continuity may be put back into
Legislation in NSW has the
of the target system (it is difficult use.
potential to have an impact
on an organisation’s ability to to put a monetary value on the Forensic imaging is also well
investigate computer systems accidental loss of commercial suited to covert investigations.
and electronic records such information), and the integrity Much information can be drawn
as email. From 7 October of seized evidence. Computer from a suspect’s personal
2005, all NSW businesses are forensic technicians or any one computer without alerting him/her
required to notify employees that else who gathers computer-based to an investigation.
electronic surveillance can be or electronic evidence must be
performed by their employer. If able to justify their actions in
the employees are not notified future court proceedings. We
and surveillance is conducted, it strongly recommend the use of
39
Financial statement misrepresentation
The warnings from very public identified that 14.1% of economic – a transaction has been
financial frauds, such as Enron crime in Australia is attributed to deliberately recorded to misstate
and WorldCom, together with accounting fraud. the financial position.
a tightening and regulator
Forensic accounting Forensic accountants work
oversight has stemmed the tide
closely with investigators in
of companies facing shareholder Forensic accounting is a order to gather evidence to
class actions relating to financial specialised discipline that arose determine the facts of accounting
misreporting. However, alarmingly to deal with instances of financial transactions. These are often
in the past two years, a company misstatement, in terms of both complex transactions, in an
a week is still being sued for prevention and detection and, environment where there has
accounting irregularities and ultimately, recovery and remedy. been control breakdowns or
financial misstatement. Forensic accounting means weaknesses.
As illustrated below, the average the investigation or analysis of
settlement is steadily rising. accounting evidence relating to
unusual transactions due to either
error or fraud.
Accounting cases
Company directors, especially Chief Executive Officers and Chief Financial Officers, are subject to increasing
risk exposure, including personal liability for the actions and financial reporting of their companies. Yet how
do you know whether the information you receive is sufficiently accurate, reliable, complete, relevant and
timely to satisfy your duties and responsibilities as a company director? Important information you need to
receive and review:
• liquidity reviews, including • analysis of inventory, including – disclosure of underlying
disclosure of cash balances a review of assumptions as to assumptions and changes in
and disclosure of restrictions the adequacy of provision for forecasts
on the use of cash and loan inventory obsolescence – comparison of forecast
covenant compliance • analysis of earnings, including to actual results with
• analysis of trade debtors, obtaining from management explanation as to the nature
including a review of disclosures and analysis of the of any variance
assumptions used to calculate underlying assumptions and – analysis of changes
provision for doubtful debts, estimates in the preparation of in underlying forecast
collection trends and efforts to management accounts assumptions
improve collections • analysis of forecasts for • other industry or
• analysis of creditors, earnings and cash flow, company-specific reviews.
including analysis of aging including:
and disclosure of creditors in
dispute
43
Conclusion
This guide is designed to give readers a broad overview of fraud prevention, detection and investigation techniques
which have proved effective in the past. Naturally, some techniques will be more relevant than others, depending
upon the industry and company involved. Organisations encountering fraud should take forensic and legal advice at a
very early stage.
Taken together, these techniques should provide any organisation with an effective means of dealing with fraud risk.
For more information about the specific Forensic Services provided by PwC,
please visit www.pwc.com/au/forensicservices
44
www.pwc.com/au
Fraud
A guide to its prevention,
detection and investigation