A P U B L I C AT I O N O F T H E A S S O C I AT I O N O F C E R T I F I E D F R A U D E X A M I N E R S

Vol. 27, No. 1, January/February 2012

THE

Tell-Tale Signs of Deception

PLUS Fraud in Houses of Worship, PG. 18 Collegiate Athletics Fraud, PG. 24 Overachieving Fraud, PG. 36 Data Breaches, Part 3, PG. 40
 If Every Employee and Supplier
Displayed Model Behavior…

In a perfect business world, every employee and third-party supplier would display model business behavior, and there
would be little need for anti-fraud programs. But, in the real business world, occupational fraud and abuse are prevalent.
So, businesses must implement anti-fraud programs to protect themselves from financial, legal and reputational harm.

Tips are the leading source of fraud detection − and fraud hotlines are a leading source of tips. So, turn to EthicsLine®,
the official hotline of the ACFE.

The EthicsLine package includes:

• Hotline (telephone, web, mobile) for report intake Where a fraud hotline was in
• Case Management (web and mobile) for online place, the average duration of
investigation management a fraud scheme was reduced by
• Analytics for tracking and trending 7 months, and the median loss
• Communications Campaign Materials to communicate was reduced by 59%.*
when and how to report observed business misconduct
* 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

EthicsLine is now powered by Global Compliance

888-782-4769 • info@ethicsline.com • www.EthicsLine.com ©ACFE 2010. All Rights Reserved
 JANUARY/FEBRUARY 2012 | VOLUME 27 | NO. 1

COVER STORY

30 The 10 Tell-Tale Signs of Deception

The Words Reveal
By Paul M. Clikeman, Ph.D., CFE
Suspects and witnesses often reveal more than they
intend through their choices of words. Here are ways
to detect possible deception in written and oral
statements.

FEATURED ARTICLES

18 Fraud in Houses of Worship

What Believers Do Not Want to Believe
By Robert M. Cornell, Ph.D., CMA, Educator
Associate; Carol B. Johnson, Ph.D., Educator
Associate; and Janelle Rogers Hutchinson
Houses of worship are particularly vulnerable to fraud,
but most feel they are impervious. The authors provide
reasons why churches feel so bulletproof and seven
practical steps fraud examiners can use to help
churches stop fraud in its tracks.

24 Fraud in Collegiate Athletics

When Major League Money
Meets Little League Controls
By Herbert W. Snyder, Ph.D., CFE; and
David O’Bryan, Ph.D., CFE, CPA, CMA
A major, multimillion sports ticket fraud at the
University of Kansas highlights how CFEs can help
convince administrators and boards to reassert control
over their athletics departments. The answer could be
independent oversight.

1
 36 Overachieving Fraud Wolves
in Sheep’s Clothing
Targeting Top-Performing Employees
Gaming the Bonus System
By Jeffrey Horner, CFE, CRCMP
Follow this CFE consultant as he uncovers top collection
reps at a business call center who inflated their
performances for more money and job advancement.

40 Breaking Breach Secrecy, Part 3

Analysis Shows Entities Lack
Strong Data Protection Programs
By Robert E. Holtfreter, Ph.D., CFE, CICA; and
Adrian Harrington
The authors’ analysis of data-breach statistics shows
that organizations poorly protect personal data. Pos-
sible solution: U.S. federal rules for guidance in devel-
oping comprehensive data protection programs.

COLUMNS & DEPARTMENTS

4 From the President & CEO 52 Case in Point
Supporting Our International Chapters He Milked it For All it Was Worth:
By James D. Ratley, CFE A Dairy Farm Bankruptcy Fraud
By Roger W. Stone, CFE
6 Digital Fingerprints
Anything You Say Can and 56 Taking Back the ID
Will be Used Against You! Fraudsters Claiming Victims Via
By Jean-François Legault Payday Loan and LinkedIn Scams
By Robert E. Holtfreter, Ph.D., CFE, CICA
8 Fraud’s Finer Points
Using an Organization’s Credit 58 Global Fraud Focus
to Commit Fraud, Part 1 Chinese Stock Investment Fraud?
By Joseph R. Dervaes, CFE, ACFE Fellow, CIA Separating Fact from Fiction
By Tim Harvey, CFE, JP; and Richard Hurley, Ph.D.,
12 Fraud EDge J.D., CFE, CPA
Get Involved in Higher Education:
Opportunities for CFEs in Educating 60 Meet the Staff
Future Fraud Fighters Improving Members’ Lives
By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D., By Cora Bullock; Photo by Christi Thornton-
CFE, CPA; and Gary Weber, Ph.D. Edited by Richard Hranicky, CFE
“Dick” A. Riley, Ph.D., CFE, CPA
62 ACFE News
16 FraudBasics
‘Check 21’ Can Make Fraud Easier: 70 CPE Quiz
Be Alert to Changes in Technology • Earn CPE Toward Renewing Your CFE Credential.
By Linda Lee Larson, DBA, CFE, CPA, CISA

2 Fraud-Magazine.com
 TRAINING
Journal of the Association of Certified Fraud Examiners
Volume 27, No. 1, January/February 2012
EVENTS
Register at ACFE.com/Training
John D. Gill, J.D., CFE
Publisher

Dick Carozza Helen Pryor

Editor-in-chief Art Director
UPCOMING CONFERENCES
Cora Bullock Aimee Jost
Assistant Editor Circulation Manager 23rd Annual Fraud & Exhibition
+VOF



t
0SMBOEP
'-
Katie Ford Mark Scott, J.D., CFE
Contributing Editor Legal Editor

EDITORIAL ADVISORY COMMITTEE 2012 ACFE European

Jonathan E. Turner, CFE, CII, chair; Larry Adams,
CFE, CPA, CIA, CISA, CQA, CSP, CCP; Emmanuel Fraud Conference
A. Appiah, MBA, CPA, CFE; Richard Brody, Ph.D.,
CFE, CPA; Jean-Pierre Bruderer, Ph.D., CFE; Jeimy

.BSDI

t
-POEPO
J. Cano, Ph.D., CFE, CAS; Linda Chase, CPA, CFE;
Franklin Davenport, CFE; David J. Clements, CFE;
Craig Ehlen, Ph.D., CFE, CPA; Ellen Fischer, CFE,
CIA; Peter D. Goldmann; Allan F. Greggo, CFE, CPP; UPCOMING COURSES
Robert Holtfreter, Ph.D., CFE; Peter Hughes, Ph.D.,
MBA, CFE, CIA, CPA; Cheryl Hyder, CFE, CPA, Advanced Fraud Examination Healthcare Fraud
CVA; Robert Kardell, CFE, CPA; Thomas Cheney
Lawson, CFE, CIA; Philip C. Levi, CFE, CPA, FCA; Techniques .BSDI


t
-PVJTWJMMF
,:
Larry Marks, CFE, CISA, PMP, CISSP, CSTE; Michael 4FQUFNCFS


t
"VTUJO
59
A. Pearson, D.B.A., CFE, CPA, CMA; Marilyn
Peterson, CFE, CCA; Laura M. Preston, CFE; Herbert Interviewing Techniques for Auditors
Snyder, Ph.D., CFE; Scott Strain, CFE; Karen Forrest Auditing for Internal Fraud 'FCSVBSZ


t
'U
-BVEFSEBMF
'-
Turner, Ph.D., Educator Associate "VHVTU


t
/FX
:PSL
/: +VMZ


t
%FOWFS
$0
2011-2012 BOARD OF REGENTS 4FQUFNCFS

t
"UMBOUB
("
Johnnie R. Bejarano, DBA, CFE, CPA; Lt. Col. Robert CFE Exam Review Course
J. Blair, CFE, CGFM; Cynthia Cooper, CFE, CISA;
Bruce Dorris, J.D., CFE, CVA, CPA; Joseph L. Ford, 4FF
QH

GPS
DPVSTF
EBUFT Introduction to Digital Forensics
CFE; John Warren, J.D., CFE 'FCSVBSZ


t
/FX
0SMFBOT
-"
Fraud Magazine (ISSN 1553-6645) is published bimonthly
Conducting Internal Investigation
by the Association of Certified Fraud Examiners, 716 West 'FCSVBSZ


t
$IBSMPUUF
/$ Investigating Conflicts of Interest
Avenue, Austin, TX 78701-2727, USA ©2012 All rights +VMZ

t
8BTIJOHUPO
%$ 'FCSVBSZ


t
-PT
"OHFMFT
$"
reserved. Periodical Postage Paid at Austin, TX 78701
and at additional mailing offices.
Contract and Procurement Fraud Investigating on the Internet
POSTMASTER: Please send address changes to: +BOVBSZ


t
1IPFOJY
"; .BSDI


t
/FX
:PSL
/:
Fraud Magazine
ACFE World Headquarters • The Gregor Building NEW!Data Analytics Legal Elements of a Fraud
716 West Avenue • Austin, TX 78701-2727, USA
(800) 245-3321 • +1 (512) 478-9000 .BSDI


t
/FX
:PSL
/: Examination
Fax: +1 (512) 478-9297 'FCSVBSZ


t
$IBSMPUUF
/$
Subscriptions: ACFE members: annual membership dues Digital Forensics Tools &
include $20 for a one-year subscription. Non-members in Techniques Money Laundering: Tracing Illicit
U.S.: one year, $55. All others: one year, $75. Member- .BZ


t
$IJDBHP
*- Funds
ship information can be obtained by visiting ACFE.com
or by calling (800) 245-3321, or +1(512) 478-9000. .BSDI


t
#BMUJNPSF
.%
Change of address notices and subscriptions should be Financial Institution Fraud
directed to Fraud Magazine. Although Fraud Magazine "VHVTU

t
-BT
7FHBT
/7 Mortgage Fraud
may be quoted with proper attribution, no portion of
this publication may be reproduced unless written per- .BZ


t
4BO
%JFHP
$"
mission has been obtained from the editor. The views Financial Statement Fraud
expressed in Fraud Magazine are those of the authors
and might not reflect the official policies of the Associa- "QSJM


t
$PMVNCJB
4$ Principles of Fraud Examination
tion of Certified Fraud Examiners. The editors assume "QSJM


.BZ


t
"VTUJO
59
no responsibility for unsolicited manuscripts but will Fraud Prevention
consider all submissions. Contributors’ guidelines are
available at Fraud-Magazine.com. Fraud Magazine is a 'FCSVBSZ


t
#BMUJNPSF
.% Professional Interviewing Skills
double-blind, peer-reviewed publication. .BZ


t
1SPWJEFODF
3*
Fraud Related Compliance "VHVTU


t
4BO
'SBODJTDP
$"
To order printed or electronic reprints, visit
fraud-magazine.com/reprint-request.aspx or .BSDI


t
-PVJTWJMMF
,:
email reprints@fraud-magazine.com. "VHVTU


t
/FX
:PSL
/:
ADVERTISING COORDINATOR
Ross Pry NEW!Fraud Risk Management COMBO EVENT
(800) 245-3321 • rpry@ACFE.com 'FCSVBSZ


t
-PT
"OHFMFT
$" SAVE $100 by registering for both events!
Association of Certified Fraud Examiners, ACFE, Certified Fraud "VHVTU


t
1IJMBEFMQIJB
1"
Examiner (CFE), the ACFE Seal and Fraud Magazine® are trade- &WFOUT
TVCKFDU
UP
DIBOHF
marks owned by the Association of Certified Fraud Examiners Inc.

January/February 2012 3
 From the PRESIDENT AND CEO
By James D. Ratley, CFE

Supporting Our
International Chapters

A t the end of October and beginning of November, I

spent a whirlwind two weeks attending our Asia-
Pac Conference in Singapore and meeting with
our chapters in Singapore, Jakarta, Hong Kong,
Shanghai, Beijing and Mexico City. I thor-
oughly enjoyed getting to know many of you and learning about
your unique fraud-related issues.

HOPPING CONTINENTS
International chapter members put Southern hospitality to
shame. Everywhere I went I met extremely gracious people who
did everything they could for us. My job was to listen carefully
to their suggestions for improving our services.
The first stop was to vibrant and beautiful Singapore — my
first visit and also the first time the city has hosted our 2011
Asia-Pacific Fraud Conference (formerly known as the ACFE
Pacific-Rim Fraud Conference). Nearly 200 attendees net-
worked and attended workshops and panel discussions. (Please
see page 68 for more on this exciting conference.)
I enjoyed meeting Gatot Trihargo, CFE, president of the In-
donesia Chapter (established in 2002), who provided the same
generous hospitality I encountered with other chapters. He was
appreciative of the ACFE’s effort to send me there. I presented
to nearly 80 members and public- and private-sector guests.
“Chapter activity has become very intense since 2010, by
us conducting monthly discussions/workshops for the members
and other practitioners,” Trihargo said. “The chapter also suc-
cessfully conducted two annual congresses and seminars in 2010
and 2011, which gathered more than 200 participants for each
session, with both domestic and international speakers.”
After Jakarta, I jetted off to Hong Kong, with its exotic mix
of the old and new., “We’re excited that the ACFE is turning its
attention to Asia,” said Hong Kong chapter president Penny Sui-
Ping Fung, CFE. “Jim’s visit to Hong Kong no doubt has helped
to reinforce this message and reminded people of the role of pro-
fessional fraud examiners in a robust and sustainable economy.”
Prof. Yiu Wai Andy Kwok, CFE, vice president of the Shang-
hai Chapter and also president of the Beijing Chapter, called my
visit a “stunning pleasure.” He had this to say about China’s grow-
ing pains: “China’s high growth rates have encouraged foreign
investment, which have in turn helped fund China’s incredible
growth,” he said. “However, such large capital inflows are bound
to give way to sector imbalances and fraudulent behavior.”
I told the attendees at the first Corporate Anti-Fraud Semi-
nar in China, how fraud can occur in any industry and at any
level. I also gave suggestions on how CFEs can advise their cli-
ents in their battles against fraud, including setting the proper
tone at the top. “Mr. Ratley mentioned that anti-fraud measures
do not get proper attention since they cost money while the
benefits cannot be seen in a short-term period,” Kwok said. “As
a consequence, most companies are not willing to make any
expenditure regarding this issue. However, establishing efficient
and effective anti-fraud mechanisms will generate huge benefits
from the long-term perspective.”
The ACFE is striving to do all it can to help our interna-
tional chapters grow and thrive. We are excited to announce our
plan to open a regional call center in Singapore and host a CFE
Exam Review Course there March 26 - 29. Chapters, acting as
local ACFE representatives, provide continued support for mem-
bers worldwide through networking opportunities, CPE training,
leadership development and promoting local fraud awareness.
As always, please let me know how we can help you
support our all-important mission. (And please check out
Fraud-Magazine.com/LetterFromthePresident for more photos.)
James D. Ratley, CFE, President and CEO of the Association of
Certified Fraud Examiners, can be reached at: jratley@ACFE.com.

4 Fraud-Magazine.com
 Digital Fingerprints
A Closer Look at Technology and Fraud
Anything You Say Can and
Will Be Used Against You!
D
uring an investigation, we scour the web and
social networks for employment backgrounds,
contacts, education history, past behavior
and so on. However, we should be concerned
about information we are posting that the bad
guys can use against us.
Arthur Hulnick, a former CIA officer, estimates that open-
source intelligence (a form of intelligence collection manage-
ment that involves finding, selecting and acquiring information
from publicly available sources) accounts for “as much as 80
percent” of the entire intelligence database. (See “Sailing the
Sea of OSINT in the Information Age,” by Stephen C. Merca-
do, http://tinyurl.com/2sj5vy.) This is possible, in part, because
organizations and their employees freely publish information
online they probably should keep to themselves. And those
loose lips can lead to outright fraud. (Also see “NATO Open
Source Intelligence Reader,” http://tinyurl.com/7crt7ug.)
JOB POSTINGS
Before you continue reading this, look at your organiza-
tion’s job postings and ask, “What are we telling the
competition about us?”
Imagine a software company with a strong presence in
Asia Pacific that posts a public job offer for a sales manager
in North America. What are they telling the competition?
Think of the recruiting process in your organization and how
long it can take to staff a position. Is that enough time for the
competition to adjust to the arrival of this new sales manager?
Your competitors find or infer from your job postings
the technologies your organization uses, expansion into new
areas and territories, market growth, change in structure,
structural growth, etc.
What does this mean for fraud examiners? Make sure
you run proper background checks on potential hires! Why?
Because some job descriptions are so detailed that someone
wishing to be hired for fraudulent purposes can customize
his or her résumé. I just worked a case in which a candidate
6 Fraud-Magazine.com
By Jean-François
Legault
found a company he believed would be a good target and
redesigned his résumé to boost his employment chances. The
company hired him, and he then proceeded to steal intellec-
tual property during his employment.
WEB 2.0 AND SOCIAL NETWORKS
Employees are likely to reveal valuable information to the
competition on professional or personal networking sites.
Fraudsters can make conclusions about a company’s expan-
sion by studying comments about new connections and
relationships plus repeated trips to a city or country.
Through investigations, I have found nurses sharing
concerns about care in neo-natal intensive care units, law en-
forcement personnel sharing sensitive assignments and sales
managers claiming their stakes on new territories. Profes-
sional social networking sites tell the world about new hires
and those who are leaving employers.
Employees posting information online is nothing new.
In one case I worked nearly 12 years ago, a call-center
employee leaked sensitive information on a web forum. This
employee, who was privy to upcoming promotions offered
by a telecommunication provider, would repost information
online prior to a promotion launch. The company’s call cen-
ter then would be flooded with requests for promotions and
packages that did not exist yet.
Did this employee access highly sensitive documents?
Did he gain access to someone’s email account? No. He sim-
ply reposted information he learned in training sessions. We
had a difficult time tracking him down because back then we
did not log everything. Even today, we find organizations that
do not store online access information, which would allow
them to adequately investigate leaks.
MARKETING DOCUMENTATION
Documents that an organization provides its clients to market
its services often end up in competitors’ hands. Find ways to

securely communicate information that you
do not want the competition obtaining.
I was involved in a recent case in
which a competitor was able to reverse-
engineer a product (take it apart and
analyze it) by simply using the information
in product brochures and documenta-
tion. Imagine your competition not only
knowing your products but how you are
manufacturing them. That is a serious loss
of competitive advantage!
I have also been involved in cases in
which individuals used marketing infor-
mation to create fake companies to try to
defraud possible clients. The schemes were
simple: reuse information to make the com-
panies look legitimate, solicit clients, get
paid and then never deliver anything.
AS AN EXPERT WITNESS
Whatever you write, post and/or commu-
nicate may allow you to build eminence
as an expert. However, opposing counsel
could also use that public information to try
to disqualify you as an expert or to cross-
examine you in court.
AS AN INVESTIGATOR
Open-source intelligence can help you
discover valuable information about play-
ers in an investigation. In one case, I found
some undocumented aliens involved in
a fraud scheme because they gave some
prime evidence via their social media pro-
files, including their geographic locations.
In another example, we tracked down
vehicles purchased with embezzled funds
simply based on suspects’ photos that had
been posted online.
When I begin a background investiga-
tion into a company, one of the first things I
do is seek information through press releases
and trade publications. Companies love to
tell the world about what they are doing
right. However, the competition will always
seek out this valuable market intelligence.
January/February 2012
Digital Fingerprints
A Closer Look at Technology and Fraud
If you want to know more about
leveraging business intelligence techniques
in your fraud examinations, I strongly
encourage you to check out anything
fellow ACFE faculty member Cynthia
Hetherington teaches.
WHAT TO DO
So do you cut yourself off from the world
and go off grid? Absolutely not. But make
sure your organization’s policies strictly
control information that its employees can
release through all open-source channels
but especially online. When it comes to
social media, establish a “think before you
post” mentality.
Jean-François Legault is a senior manager
with Deloitte’s Forensic & Dispute Services
practice in Montreal. Canada. His email
address is: jlegault@deloitte.ca.
Use These Queries to Examine Your Online Exposure
Google search directives will add
power to your searches.
Searching for a specific phrase
using quotations:
• “find this specific phrase”
Searching a specific domain or
website:
• site:targetdomain.com or
• site:www.targetdomain.com
Searching for specific file type:
• filetype:extension
You can use the minus sign (-) as an
exclusion operator. For example, you
can use this search directive to exclude
a specific website from your search:
• -site:www.excludeddomain.com
I was involved in a recent
case in which a competitor
was able to reverse-engineer
a product (take it apart and
analyze it) by simply using
the information in product
brochures and documenta-
tion. Imagine your competi-
tion not only knowing your
products but how you are
manufacturing them. That is
a serious loss of competitive
advantage!
Here are some Google searches
that you can run against yourself to see
what could be available to fraudster.
Finding PowerPoint documents on
your site:
• site:www.yoursite.com filetype:ppt
• site:www.yoursite.com filetype:pptx
Finding Word documents on your
site:
• site:www.yoursite.com filetype:doc
• site:www.yoursite.com filetype:docx
Finding confidential documents on
your site:
• site:www.yoursite.com confidential
• site:www.yoursite.com “not for
distribution”
7
 Fraud’s Finer Points
Case History Applications
Using an Organization’s
Credit to Commit Fraud
Part 1
F raud by using an organization’s credit is a type of
fictitious expense scheme. In the ACFE’s fraud tree,
the crime is a subset of fraudulent disbursements,
which is a subset of cash schemes.
There are many types of fraud involving an employee’s
use of the organization’s credit to purchase assets (i.e., goods
and services) for personal benefit. Unauthorized use of the
organization’s general credit cards, purchasing credit cards,
travel credit cards or business charge accounts are some of the
most common fraud schemes I have encountered during my
career. Unscrupulous employees cause victim organizations
to order and pay for assets they do not really need. Obviously,
the damage to a victim organization is the money lost in
purchasing these unnecessary items.
The individuals who commit these crimes are usually
responsible for approving and processing transactions for pay-
ment. They may rely on the inexperience of their supervisors
(or their organizations’ governing bodies) to unknowingly
process their fraudulent transactions in the disbursement
cycle. Victimized organizations then issue checks for un-
authorized business purposes, and the wayward employees
receive personal benefits.
We begin this three-part series with employee abuses of
general organization credit cards.
GENERAL ORGANIZATION CREDIT CARDS
Commercial banks issue credit cards to organizations (and
individuals) to aid them in conducting official business.
Banks and organizations enter into agreements specifying the
terms of use for the credit cards. Some banks charge an an-
nual fee; others do not. Banks make their money for process-
ing your transactions by charging a fee to vendors who accept
the cards and by charging you an interest rate on the unpaid
8 Fraud-Magazine.com
By Joseph R. Dervaes,
CFE, ACFE Fellow, CIA
account balance when the full amount due is not paid each
month. The primary responsibility for charges on these credit
cards rests with the organizations.
THE BUSINESS OF CREDIT CARDS
An organization that authorizes company credit cards for its
employees’ use should maintain formal logs of all cards issued
and require all employees to sign agreements stating that they
have received a copy of the organization’s usage policies and
have been trained on the proper procedures for using the cards.
These agreements provide the foundation that employees un-
derstand that they can use the cards for official business only.
Written company policies should require employee
training, prohibit cash advances, restrict purchases of un-
authorized items (such as alcohol), require receipts for all
charge transactions and specify disciplinary actions for any
unauthorized or personal use of the cards. Organizations
never should pay for employee charges shown on the bank’s
monthly statement without accompanying receipts. It is the
descriptions of the items shown on the receipts that deter-
mine if the expenses are for official business purposes.
UNAUTHORIZED CARDS
Employees who have stolen company credit cards or who
have obtained unauthorized company credit cards through
other means (such as ordering them directly from banks
without approval) will circumvent organizations’ incoming
mail to snag the monthly credit card statements. They usually
make personal payments on the credit card account balances
to conceal their unauthorized purchases.
However, if employees submit unauthorized expenses
for payment by their companies, management and audi-
tors will have at least some documents they can review to

detect fraud. While the supporting documents for credit card
payments should include the statement and all purchase re-
ceipts, fraudsters who choose this latter process usually only
submit statements for payment purposes. In many cases, their
supervisors or the governing bodies of the organizations may
unknowingly approve these fraudulent payments.
Employees may periodically use an organization’s credit
card for unauthorized purposes or personal benefit, but man-
agers who are assigned to monitor the credit card program
can resolve these minor infractions promptly according to
policies and procedures.
Companies should publicize employee disciplinary ac-
tions in their internal publications to deter future problems.
Unfortunately, even this method is not fraud-proof because
often the very managers who are charged with monitor-
ing the system are the ones who abuse it. These individuals
may be able to hide their unauthorized activities from other
employees and their supervisors, but most of the time they
should not be able to conceal their actions from organi-
zations’ governing bodies and their internal or external
auditors. However, when their misdeeds are detected, the
fraudsters usually attempt to get organizations to pay from
monthly credit card statements by indicating that receipts for
individual transactions were not available or were inadver-
tently misplaced or lost.
Case No. 1 — Personal use of an authorized
general organization credit card
In the November/December 2009 Fraud’s Finer Points, I
discussed a credit card case that involved missing support-
ing documents. This concept emphasized why organizations
should never pay the balance due on monthly credit card
statements without seeing the supporting receipts for the
purchases first.
Sarah was the clerk-treasurer responsible for processing
all of the city’s disbursement transactions, including all pur-
chases on its credit card. The city first detected irregularities
in accounts receivable and contacted its external auditor to
investigate the case.
The subsequent audit detected multiple fraud schemes,
which totaled $49,894.88 in losses over 2½ years. These
schemes included payroll fraud, accounts receivable fraud,
municipal court revenue fraud, unauthorized use of the city’s
business charge account and overpayments to a cleaning
contractor. The clerk-treasurer performed many tasks in a
variety of functions at the city, and no one monitored her
work to ensure the city’s expectations were being met.
The clerk-treasurer purchased $5,319.16 in assets for
personal benefit using the city’s credit card. I detected this
January/February 2012
Fraud’s Finer Points
Case History Applications
scheme by scanning the city’s disbursement files to deter-
mine other risks. I quickly noted that the city was making
its monthly credit card payments using only the statements.
There were very few purchase receipts available for review
and audit. For example, credit card purchases from a local
computer store were almost always missing from the files. I
contacted the city’s computer consultant who was responsi-
ble for all information technology issues. However, he wasn’t
aware of any official purchases from the computer store.
A computer store representative faxed documents to
me that showed Sarah had signed for a computer, monitor,
software and games on many occasions through the period of
this loss. City staff members conducted a search of city hall
but were unable to locate any of these assets.
Sarah had made all credit card payments on time, but
she had destroyed all the supporting documents that listed
the details of the purchases from the computer store. She
hoped that retaining only the monthly credit card statements
on file for the city’s governing body and its external auditors
would be sufficient to conceal her irregular activities. She
was wrong. The governing body did not notice this irregu-
larity, but her fraud did not escape the watchful eye of the
external auditors. In my experience dealing with fraud cases
in state agencies and local governments in the state of Wash-
ington, governing bodies rarely detect fraud in the transac-
tions they are reviewing and approving, primarily because no
one took the time to properly train them for this task.
The clerk-treasurer demanded a trial to resolve the is-
sues in this case. She hired a prominent regional lawyer for
her defense and agreed to a bench trial. (There was no jury.)
After all the evidence was heard during a week of testimony,
the judge rendered a guilty verdict in the case and ordered
Sarah to make restitution of the loss amount, plus audit
costs. He also sentenced her to three months in a work-
release program.
Case No. 2 — Personal use of an unauthorized
general organization credit card
A small water district in the state of Washington had three
employees, operated on an annual budget of $466,000 and
served approximately 1,000 customers. Jackson, the office
manager, was responsible for practically all financial opera-
tions; his supervisor, the district superintendent, did not
monitor his work. These are the two most common internal
control weaknesses I have found in small organizations.
While Jackson had no prior criminal history, he appar-
ently came to work for the district with ill intentions. He
sent a memorandum on official letterhead to the district’s
bank shortly after being hired requesting that the bank issue
9
 Fraud’s Finer Points
Case History Applications
a credit card in the district’s name and assign it to him. The
credit limit on the card was initially set at $5,000, but Jack-
son subsequently sent a facsimile to the bank one month later
requesting an increase to $20,000. Of course, the district’s
governing body did not authorize either of these requests.
Later, when the case was under investigation, the district
stated that someone had forged the authorizing signatures on
the documents.
As the office manager, Jackson was responsible for open-
ing the mail and processing invoices for payment. Thus, he
was able to remove the monthly bank credit card statements
from the incoming mail before anyone else saw them. One of
the interesting facts of this case is that Jackson did not submit
any of the credit card statements to the district superinten-
dent or the governing body for approval or payment. Perhaps
Jackson was not quite bold enough. While it would have
been prudent to do so, Jackson did not make any personal
payments to the bank on the card balance either. Because
neither the organization nor Jackson made any payments on
the credit card balance, the monthly expenses and interest
charges continually increased until the balance became delin-
quent and approached the credit limit on the card.
Jackson misappropriated $19,454.84 from the district
in 3½ months, with $18,284.03 of this amount representing
his unauthorized use of the district’s credit card for personal
benefit. Personal charges included the purchase of a used
pickup truck, frequent stays at a motel while traveling to his
favorite casino, thousands of dollars in cash advances at the
casino, Internet and telephone use and other miscellaneous
purchases. Jackson also misappropriated $1,170.81 in utility
revenue from the district.
The district first detected irregularities in its checking
account and petty cash fund and requested an external audit.
Jackson was placed on administrative leave and subsequently
terminated for a wide variety of managerial shortcomings.
Shortly thereafter, the district received a monthly statement
for the unauthorized credit card. In a plea-bargaining agree-
ment, the court ordered Jackson to make restitution for the
loss amount plus audit costs. It also sentenced him to less
than one year in county jail for this crime.
Case No. 3 — More personal use via an unauthorized
credit card
James, the chief of a small fire district in the state of Wash-
ington, obtained an unauthorized credit card in the district’s
name. He circumvented the district’s internal controls by
10
intercepting the mail, removing the monthly credit card
statement and making personal payments on the account to
conceal his unauthorized purchases. He basically used the
district’s credit card as his own by charging $7,797 in personal
purchases for more than a year. He used the card to make
unauthorized cash advances and also incurred finance charges
when he did not make monthly payments on time.
When the district finally discovered the unauthorized
card, there was a $1,599 unpaid balance on the account.
The district found out about the card while making a change
in signatories on all of its bank accounts after the fire chief
resigned for unrelated personal reasons. The chief reimbursed
the district for this amount when questioned about the
unauthorized purchases on the credit card. The district paid
the balance due on the account and canceled the credit card.
The county prosecutor declined to criminally prosecute the
case because the district had been made whole.
LESSONS LEARNED
Let us review some of the finer points of fraud detection from
these general organization credit card fraud schemes.
Organizations should:
• Establish written policies and procedures for credit card use
and train their employees to ensure they use the cards only
for official business purposes.
• Always obtain purchase receipts from employees and never
pay bills using only the monthly credit card statements.
• Properly train employees and governing bodies on the
authorization and approval procedures for all
disbursements.
• Appropriately segregate employee duties and periodically
monitor the work of key employees to ensure its
expectations are being met.
Once fraud examiners detect fraud, they should assess
what else is at risk of loss within an organization.
MORE CREDIT CARD MISUSE
In part two of this series, we will discuss the use of purchasing
credit cards and travel credit cards. Stay tuned.
Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE
Fellow, is retired after more than 42 years of government service.
He is the president of the ACFE’s Pacific Northwest Chapter. His
email address is: joeandpeggydervaes@centurytel.net.
Fraud-Magazine.com
 2012 CFE Exam Prep Course®
Arm yourself with the most effective tool
available to help you pass the CFE Exam.

How the course works:

The program provides typical exam questions, in-
forms you whether your answer is correct, provides a
detailed explanation of the correct answer and offers
an alternative study reference where you can learn
more about the topic.

The CFE Exam Prep Course focuses on the four

testing areas of the CFE Exam:
t
Legal Elements
t
Fraud Prevention and Deterrence
t
Financial Transactions
t
Fraud Investigation

The CFE Exam Prep Course Allows You To:

t
Create a personalized study plan tailored to your individual strengths

and weaknesses with an optional 100 question Pre-Assessment

t
Pick the sections and topics most relevant to your exam preparation
by creating custom review sessions

t
Learn more from your Practice Exam sessions by reviewing the ques-
tions you missed, anything your results by subsection and tracking
your progress over time

t
Focus on the areas where you need the most work with enhanced
review of results and progress by exam section, subsection and topic

t
Stay on track to earning your CFE credential by measuring your

progress towards your target dates for certification and using helpful
checklists within the Prep Course software

Visit ACFE.com/Prep to order your copy today

The 2012 CFE Exam Prep Toolkit is Also Available

Including the CFE Exam Prep Course, Fraud Examiners Manual
(Printed Edition), Corporate Fraud Handbook and the Encyclopedia
of Fraud (CD-ROM), the CFE Exam Prep Toolkit includes valuable
materials to aid in your CFE Exam preparation.
 Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D., CFE, CPA; and Gary
Weber, Ph.D. Edited by Richard “Dick” A. Riley, Ph.D., CFE, CPA
Get Involved in Higher Education
Opportunities for CFEs in Educating
Future Fraud Fighters
S
tudents at the collegiate level learn best about
business through a combination of theory and
practice. College professors are well equipped to
present the theory side of a particular topic, but
they frequently look to business professionals —
who have hands-on, practical experience — to help apply
those theories to real-world situations. This teaching method
works especially well in anti-fraud education, in which fraud
cases, whether real or fictitious, can help bring to life the
fraud theories and procedures introduced in the classroom.
However, it is not quite so clear exactly how to struc-
ture the interactions between CFEs and higher education to
encourage this method of learning. Many CFEs, for example,
believe that the only way to participate in collegiate fraud
education is to lead a class lecture based on their fraud expe-
riences, which could not be further from the truth.
In this column, we identify and explain a variety of ways
in which CFEs can foster and develop mutually beneficial rela-
tionships with college faculty and students to help educate and
prepare future anti-fraud and forensic accounting professionals.
INVITE FACULTY AND STUDENTS TO LOCAL FRAUD CONFERENCES
One of the easiest and least time-consuming ways for CFEs to
get involved with higher education is to invite college faculty
and students to attend local fraud conferences. Spokane
ACFE Chapter member Lenore Romney, CPA, CFE, CVA,
has invited both students and faculty to attend the local
ACFE conference for the past few years.
“The chapter leaders recognize that more can be accom-
plished in the fight against fraud if professionals from differ-
ent disciplines network with each other. We see the chapter
as being an ideal facilitator for such a network,” Romney said.
Conferences typically provide numerous and varied
opportunities through which students and faculty can learn
12
about both actual instances of fraud, as well as the work of
CFE professionals. Kris Ryan, a student at Gonzaga Univer-
sity who has attended the local ACFE conference for the past
two years, can attest to this.
“Both years that I attended the conference, a wide range
of topics was offered, including health care fraud, a critique
of software that helps businesses protect themselves against
fraud, gang activity (which is surprisingly more correlated
to the fraud problem than I would have thought), mortgage
fraud and different fraud topics covered by local law enforce-
ment and the FBI,” Ryan said.
“I found all of the topics interesting and also learned
fraud detection and investigation skills that I could put to use
immediately,” she said.
Since graduation, Ryan has gone on to earn her CFE
credential and has joined the fraud-fighter ranks.
BECOME A PROFESSIONAL MENTOR TO STUDENTS
Professors at Gonzaga University frequently refer students
who have an interest in forensic accounting to local CFEs for
advice on potential career paths, professional certifications, in-
terviewing and networking. Students benefit directly from the
wisdom and experience these mentors have gained from many
years of work in fraud and forensic accounting. Mentors also
share their knowledge of the skills and abilities necessary to be
successful in the forensic accounting profession. These inter-
actions also are great networking opportunities for students.
Many universities also have formal mentoring programs
through which students are matched with professional men-
tors based on factors such as field of study, geographic prefer-
ence and gender. These more formal relationships span the
majority of a student’s time in college, which allow mentors to
help identify curriculum paths, internship opportunities and
employment opportunities when the student nears graduation.
Fraud-Magazine.com

A more interactive — albeit more time-intensive —
method of mentoring students is for CFEs to arrange and
coordinate student internships with their employers. Stu-
dents participating in these internships benefit not only from
professional workplace mentoring but also from working in
actual forensic accounting situations.
ASSIST WITH CASE STUDIES AND RESEARCH PAPERS
Higher-education faculty are always searching for case stud-
ies with the richness of detail, ambiguity and issues that are
similar to those that students will encounter in their profes-
sional careers. Faculty and highly experienced CFEs jointly
produce the most detailed, complex cases.
Cindy Durtschi, Ph.D., associate professor at DePaul
University, invites CFEs to help in the classroom in several
ways. She recently had a full-time forensic accountant help
her judge student case presentations.
“The students presented their work from the view of the
prosecution, and then the CFE showed them how some-
one working for the defense would have responded to their
cases,” Durtschi says. “It was a wonderfully enriching experi-
ence for the students.”
Durtschi also had a local CFE help her with a fraud case
she developed. The CFE provided her with encouragement,
valuable feedback and suggestions that improved the case.
CFEs also frequently partner with faculty on forensic
accounting research papers. Frank Perri, J.D., CFE, CPA, has
co-authored several research papers with Rich Brody, Ph.D.,
CFE, an associate professor at the University of New Mexico.
They have written on topics ranging from the relationship
between workplace violence and fraud to identification of
organizational weaknesses at the Securities and Exchange
Commission. These partnerships between academics and
professionals foster balanced approaches to research and
ensure that publications are valuable not only for academics,
but also for practitioners who can use the results in the field.
COORDINATE FORENSIC ACCOUNTING INVESTIGATIONS
Romney and Marie Rice, CFE, CIA, CICA, president of the
Spokane ACFE Chapter, assist students at Gonzaga Univer-
sity as part of their Justice for Fraud Victims Project. (See
the July/August 2011 Fraud EDge.) Through a cooperative
partnership with law enforcement and local CFEs, Gonzaga
students provide free fraud examination services to small
businesses or nonprofit organizations that have been victims
of fraud. The students gain experience while simultaneously
giving back to their communities.
Last year, Romney worked with students on a case that
eventually led to the project’s first conviction.
January/February 2012
Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
“Working all semester with my student team was
personally rewarding,” she says. “My team of students was
incredibly bright and diligent and really took ownership in
our investigation. They were like sponges soaking up the
practical knowledge I was trying to share with them in only
one semester’s time together. I was proud of my team’s effort
the day they gave their final class presentation, the day I
submitted our report to law enforcement and especially the
day I was notified that charges were filed.
“Obtaining a guilty plea and restitution within a year of
submitting our case was the icing on the cake,” she says.
Romney and Rice play a number of critical roles in this
class by:
1. Assisting the students in developing theories of how the
fraud may have occurred.
2. Helping the students develop a plan for determining how
to test those theories.
3. Providing weekly guidance to students as their
investigations progress.
4. Reviewing the final report that students complete at the
end of the term and that law enforcement may use to
prosecute the fraud.
5. Serving as expert witnesses if a case goes to trial.
Reaching out to help local organizations with poten-
tially fraudulent situations is a noble idea with obvious
benefits, but usually the largest obstacle is that college faculty
members often lack required specific training for competent
forensic accounting investigations. Faculty also often lack
contacts with those in communities who are most likely to
refer cases, such as law enforcement and prosecuting attor-
neys. CFEs often have such connections and, thus, can refer
cases and supervise the investigations.
SERVE AS AN ADJUNCT INSTRUCTOR OR GUEST SPEAKER
CFEs who want a more substantive role in higher education
can pursue teaching courses as adjunct instructors. Adjunct
instructors typically teach one or two courses during a semes-
ter, but they do not have other academic commitments, such
as research or service, to the institution. Colleges frequently
seek professionals, like CFEs, to teach more specialized
courses, such as forensic accounting, because full-time faculty
often do not have this expertise.
Not long after she began mentoring, Gonzaga University
approached CFE mentor Rice to see if she was interested in
teaching a fraud examination class as an adjunct instructor.
She jumped at the chance.
“It had been my long-term goal to adjunct, and I was
thrilled by the prospect,” Rice said.
13
 Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
She has taught three courses over the past two years and
has enjoyed the experience. She sees many benefits to having
professionals, like CFEs, in the classroom.
“As a student, I always appreciated the professors who
had both real-world and research experience. CFEs are for-
tunate in that we have so many stories and experiences that
can help shape our future anti-fraud professionals.”
CFEs considering this option should be aware that the
weekly time commitment is somewhat greater than the time
teaching in the classroom. Adjunct instructors also will spend
several hours each week planning lectures, grading student
work and answering emails from students. In addition, most
colleges expect adjunct instructors to be available on cam-
pus for an hour or two each week to meet with students and
answer questions.
CFEs who cannot commit to teach an entire course can
serve as guest speakers. This may involve preparing a short
case study or other relevant topical material and leading a
class in a discussion of the material. Departments and
instructors are generally receptive to such arrangements,
provided there is a good match between the course goals
and the proposed topic.
Guest speaking opportunities for CFEs are not limited to
forensic accounting courses. For example, CFEs could present
internal control cases to an accounting information systems
class. They also could discuss evidentiary or legal aspects of
CFE work in criminal justice or psychology classes. Given
the diversity and complexity of fraudulent activities and the
motivations of those who commit fraud, there are many other
disciplines in which CFEs could provide valuable insights
and enrich the classroom experience.
FOSTERING STUDENT INTEREST
The ACFE Handbook and Guidelines for Local Chapters en-
courages close relationships with schools and universities to
foster student interest in the fraud-fighting profession. CFEs’
unique skill sets and training create multiple opportunities
across college campuses. We have described a number of
ways that CFEs have participated in higher education. Inter-
ested CFEs should contact program directors or chairpersons
at nearby colleges. Universities, and especially business
schools, are always looking for adjunct instructors and guest
speakers with practical experience. Students love to hear
from professionals who can describe their field experiences
and how they can pursue careers in specialty fields, such as
forensic accounting.
14
Given the diversity and complexity of fraudulent
activities and the motivations of those who commit
fraud, there are many other disciplines in which
CFEs could provide valuable insights and enrich
the classroom experience.
Rice wants to see more CFEs in college classrooms.
“As professionals, we need to strive to make the anti-
fraud movement more real for students, who often believe
they will never encounter a fraudster or become a victim of
fraud,” Rice said.
Matching the expertise and interest of CFEs with the
needs of higher education can result in relationships that are
enriching and rewarding for all parties involved.
Gerhard Barone, Ph.D., is an assistant professor of accounting
at Gonzaga University. He teaches classes in financial
accounting and accounting information systems. His email
address is: barone@jepson.gonzaga.edu.
Sara Melendy, Ph.D., CFE, CPA, is an associate professor of
accounting at Gonzaga University. She teaches auditing and fraud
examination, including a hands-on laboratory called the Justice
for Fraud Victims Project. Her email address is:
melendy@jepson.gonzaga.edu.
Gary Weber, Ph.D., is an associate professor of accounting and
coordinator of accounting programs/director of the master of
accountancy program at Gonzaga University. His email address
is: weber@gonzaga.edu.
Richard “Dick” A. Riley Jr., Ph.D., CFE, CPA, is a
Louis F. Tanner distinguished professor of public accounting in
the College of Business and Economics at West Virginia
University in Morgantown. He is chair of the ACFE Higher
Education Advisory Committee and the vice president of
operations and research for the Institute for Fraud Prevention.
His email address is: richard.riley@mail.wvu.edu. Riley
served as editor on this column.
Fraud-Magazine.com
 REGISTER NOW

2012 ACFE European

Fraud Conference
The Cumberland Hotel London 25-27 March 2012

Fraudsters are continually creating, perfecting and

executing new schemes. Gain the knowledge you
need to stay one step ahead.

Join anti-fraud professionals in London for the

2012 ACFE European Fraud Conference to
exchange insights and develop cutting-edge skills
in the global fight against fraud. In addition to
informative sessions offering practical techniques
and tips, you’ll network with leaders of Europe’s
anti-fraud community and earn up 23 CPE
credits.

FEATURED KEYNOTE SPEAKERS

James D. Ratley, CFE Stephen Harrison

President and CEO, Chief Executive
Association of Certified National Fraud Authority
Fraud Examiners

Register online at ACFE.com/European

by 24 February to SAVE GBP 100!
 FraudBasics
‘Check 21’ Can Make Fraud Easier
Be Alert to Changes in Check-Imaging Technology
B
ob, an internal auditor for ABC Company, is con-
ducting a routine cash receipts controls review.
The procedure calls for the day’s checks to be
deposited remotely in a company bank account
daily. Susan, the clerk who processes customer
checks, had gone home sick on Monday. Before she left, she
completed the remote deposit procedure, which involves
scanning each check and electronically sending those scans
to the bank. Then she put the checks she had just scanned in
her work-in-process file and went home, intending to proper-
ly file them away the next day. Unfortunately, when Betty —
who had done Susan’s job years ago — was assigned to cover
Susan’s desk on Tuesday, she came across the previous day’s
checks. Without asking anyone, Betty prepared a deposit
slip — as she had done in the past — and took the checks to
the nearby bank branch and made the deposit. When Susan
came in on Wednesday, she noticed that the stack of checks
she had processed on Monday were not where she had put
them and immediately asked Betty where they were. Oops ...
The checks had been deposited twice. They immediately con-
tacted the bank. The bank manager explained that the bank’s
duplicate check detecting software had caught the error and
that all was well. If the bank had not had the duplicate check
software working properly or if Susan and Betty had conspired
to modify the original paper checks before re-depositing them,
the bank could have been liable for some big bucks. This ficti-
tious example could easily have happened.
Banking industry experts report that check processing
is moving rapidly away from the traditional paper methods
and toward the processing of electronic images of checks. As
of August 2011, almost 70 percent of all institutions are now
receiving check images, according to CheckImage Central.
(See www.checkimagecentral.org.) With the implementation
in 2004 of the Check Clearing for the 21st Century Act, or
Check 21, auditors and CFEs cannot afford to ignore the new
16
By Linda Lee Larson,
DBA, CFE, CPA,
CISA
risks and challenges associated with processing of increasingly
larger volumes of electronic check images.
Even with so many more consumers and businesses pay-
ing their bills electronically, checks are still the standard for
many. The major impetus for banks moving to check images
is that electronic processing costs much less than paper check
processing. Historically, paper processing had been a cumber-
some procedure that required physically moving millions of
paper checks through the banking system.
Before Check 21 processing, when a person deposited
a paper check in his bank, that person would be credited
for the amount of the deposit. Then, at the end of the day,
the bank would sort that day’s processed paper checks and
forward them to the Federal Reserve — or another check-
clearing entity — where the checks would be cleared. The
paper checks then would be sorted and sent back to the banks
the checks were drawn on (and in some cases returned to the
check writer). Grounded planes following the terrorist attacks
of 9/11 caused major delays in check processing and brought
increased awareness to antiquated paper-check procedures.
A number of electronic payment processing technologies are
now in wide use, including Check 21 technology.
Under Check 21 processing, paper checks are scanned,
and the images are used to process the checks. Alternatively,
banks that desire to continue receiving and processing paper
checks may print and process copies of the images, called sub-
stitute checks. The substitute checks are the legal equivalent
of the original checks and can be used to document payments
in the same way that cancelled scanned checks would.
Although compliance with Check 21 is not manda-
tory, most banks are expected to invest in check imaging
technology eventually to take advantage of the projected
costs savings. So far, the adoption from paper to digital has
been slower than expected as the banking world upgrades its
Fraud-Magazine.com

technology for image processing. The underlying cause of
the delay has been the significant investment in the technol-
ogy required to both create and process check images and
substitute checks. Sources in the banking world in 2004
estimated a cost of $1.5 billion to $2.5 billion to fully imple-
ment Check 21 technology in the U.S. [See “The Domino
Effect of Check 21,” by J.D. (Denny) Carreker, http://tinyurl.
com/7yuxjrc.] The Federal Reserve expects that the use of
substitute checks should decline as more banks have the
technological capability to process check images directly.
THE CRUX OF THE PROBLEM
Check truncation — the process of digitally scanning paper
checks — greatly increases the chances of a check being
processed twice, either accidentally or fraudulently. Dupli-
cate check processing occurs when a business uses remote
processing to scan incoming checks and also drops the paper
checks off at a bank branch. The branch then forwards the
paper check to the Federal Reserve to be processed. Thus, as
in the opening case, checks can be processed twice.
Before Check 21, duplicate check processing rarely hap-
pened. However, American Banker magazine now estimates
that duplicate check processing is a $500 million problem,
which accounts for about half of the total check fraud in the
U.S. (See “Seeing Double,” by Glen Fest in American Banker,
Nov. 1, 2010, http://tinyurl.com/7dkt8jx.)
Whether done by accident or fraudulently, duplicate
check processing is becoming increasingly more expensive
to weed out. Many believe that the new technology creates
a unique opportunity for fraudsters. The problem is expected
to increase as the remote deposit capture continues, especial-
ly as consumers are using smartphones to capture deposits.
(That has to be the subject of another column.)
The banking industry, recognizing this problem, has
developed software to identify checks that are deposited
twice, but it is not foolproof. It tends to create false positives
because the software only identifies checks that are identical
in amount and payee. Complicating the situation further is
when fraudsters get involved and change the payee and/or
the amount of the check. The duplicate identification soft-
ware is not designed to identify this type of fraudulent check.
Reformed con man Frank Abagnale has said that banks
are generally liable for “ordinary care,” according to U.S.
Uniform Commercial Code (UCC) 4-103, and the bank that
accepts a fraudulent check — paper or electronic image — is
liable for any losses. Therefore, the banking industry has a
real stake in doing what it can to reduce these losses. (See
UCC provisions at http://tinyurl.com/725p8zv and “Check
Fraud: A National Epidemic,” by Frank Abagnale, New Jer-
sey CPA, May/June 2010.) This is where CFEs can help.
January/February 2012
FraudBasics
Before Check 21, duplicate check processing
rarely happened. However, American Banker
magazine now estimates that duplicate check pro-
cessing is a $500 million problem, which accounts
for about half of the total check fraud in the U.S.
High-tech fraudsters are always looking for new ways
to access and manipulate digitized information. Basically,
substitute checks may be altered, counterfeited, duplicated
and/or created from scratch. If a payment is in question, only
the substitute check image can be accessed. The result is that
proving alterations and forgeries becomes even more difficult
because many of the traditional security features so evident
on paper checks are lost when the originals are scanned in
the clearing process. In addition, with no actual cancelled
paper checks to examine, evidence of counterfeiting, forgery
and alterations (such as fingerprints) are not available for the
auditor or CFE.
Systems controls need to be in place and working prop-
erly to prevent unauthorized persons from accessing elec-
tronic check processing data and to protect private customer
information. CFEs can help implement these controls. Also,
CFEs must keep current on changes in check-imaging technol-
ogy and auditing electronic payment controls. Multiple lines of
defense are needed to prevent problems. CFEs need to monitor
controls to prevent/detect duplicate check processing.
VIGILANT WATCHDOGS
Electronic check processing technologies may make check
fraud crimes harder to prove, especially if a jury is involved.
It is important that consumers, businesses and banks are
aware of the possible risks and take appropriate steps to
protect themselves and their sensitive data. Electronic check
processing is here to stay, and auditors and CFEs need to
be ready to meet the challenges. Unless the watchdogs are
vigilant, the community has to deal with increasingly more
sophisticated fraudsters trying to commit electronic check
fraud using altered substitute checks or check images.
Linda Lee Larson, DBA, CFE, CPA, CISA, is
an associate professor of accounting at Central Washington
University – Lynnwood Center in Lynnwood, Wash. Her
email address is: LarsonL@cwu.edu.
17
 Fraud In
Houses Of Worship

What Believers
DO NOT
Want to
BELIEVE
By Robert M. Cornell, Ph.D., CMA, Educator Associate; Carol B. Johnson,
Ph.D., Educator Associate; and Janelle Rogers Hutchinson

©Cara Bresette-Yates/iStockphoto

18 Fraud-Magazine.com
 Houses of worship are particularly vulnerable to
fraud, but most feel they are impervious. The authors
provide reasons why churches feel so bulletproof and
seven practical steps fraud examiners can use to help
churches stop fraud in its tracks.

A n accounting professor who teaches a fraud investigation class re-

cently told a story about a student in her class who approached
her for help on a personal project. The student’s church had
asked the student to attempt to determine the dollar amount of damages
in a recent embezzlement. The perpetrator, a former church secretary, had
been defrauding the 200-member church for 18 months by writing herself
duplicate paychecks, stealing cash from donation deposits and taking out
credit card accounts in the church name, among other schemes.
The church discovered the fraud when the secretary was called away
for a family emergency, and the previously inattentive manager received
a phone call about an unpaid credit card bill. The manager did not know
the credit card existed. Because the church had not segregated employee
duties, the secretary had free rein over all aspects of church finances: she
kept the books, paid all the bills, handled cash receipts, managed the pay-
roll, issued paychecks and reconciled the bank account. The sky was the
limit for her fraud. A simple search of public records would have revealed
that the secretary was in financial trouble — a serious red flag for fraud.
But the church did not conduct that search until it was too late.
The professor was not surprised by such a common scheme. However,
she was taken aback when she opened the student’s work file to review
the case. She recognized the name of the perpetrator as a secretary in her
church and confirmed this identity by questioning the student investiga-
tor. Internal controls in the professor’s church were a bit better — it had
segregated some accounting duties — but were still insufficient. In fact,
internal controls were bad enough that no one could ever know if the
secretary stole from the professor’s church.
It was quite common for people to drop cash and checks by the
church office during the week and leave them with the secretary for use
in special funds, such as one to aid local homeless people. It would have
been easy for the secretary to simply pocket some of the funds, and no
one would have been the wiser. The secretary eventually resigned; it is
unknown if she stole from the professor’s church during her tenure there.
She was replaced with another secretary who had her own financial prob-
lems — her home was in foreclosure within six months of taking the job.
The professor advised church officials that they needed to improve
internal controls, but the staff members believed that “no one would ever
do such a thing here.” Indeed, fraud examiners who deal with finances,
fraud and internal controls in houses of worship may be labeled over-
reacting conspiracy theorists when they tell church staffs they may have
fraudsters in their midst. However, fraud examiners know that houses of

January/February 2012 19
FRAUD IN HOUSES OF WORSHIP
worship — churches, synagogues, temples, mosques etc. — are
among the most vulnerable entities.
WHY are CHURCHES SO VULNERABLE?
Churches typically emphasize the importance of good acts and
deeds, so we might expect their tone at the top would protect
them from fraud. Not so. A variety of factors lead to the op-
posite situation. Donald Cressey’s research on the fraud triangle
showed that pressure, opportunity and rationalization are pres-
ent in almost all frauds. (See pages 10 through 14 of “Occupa-
tional Fraud and Abuse,” by Dr. Joseph T. Wells, CFE, CPA.)
However, some forms of these three elements are more preva-
lent in houses of worship.
PRESSURES AND RATIONALIZATION
In many cases, ministers, secretaries and other staff members in
houses of worship are expected to work long hours on paupers’
wages for the love of a deity, while mingling with the wealthi-
est of society. These working conditions can create resentment,
desperation and rationalization, such as “they owed it to me.”
Church staff and volunteers can also face financial prob-
lems from feeding vices and addictions. A pastor or church mem-
ber with a serious vice likely will feel that any resulting financial
pressure is highly “non-shareable.” Cressey emphasized that the
non-shareable aspect of a pressure made it a particular impetus
for fraud.
OPPORTUNITY
Churches might be the poster child for fraud opportunity for a
variety of reasons. First, they tend to be small organizations. The
ACFE’s 2010 “Report to the Nations” found that fraud happens
most frequently in entities with less than 100 employees — a
category that would include most houses of worship. Because
of their small size, churches tend not to be willing or able to
hire professionals who have significant financial expertise or are
knowledgeable about internal controls. Also, by default, small
organizations find it difficult to adequately segregate duties or
install independent checks.
Secondly, trust among employees and volunteers fuels
church engines. Unfortunately, church cultures foster the belief
that trust is an adequate control — a fallacy that can create af-
finity frauds, such as the $78 million fraud that Daren Palmer, a
pillar of his church, perpetrated against members. (http://tinyurl.
com/4xae883) Because of the tight-knit culture, it is common
for churches to hire family members and close friends, which
increases opportunities for collusion.
Also, churches often do not create the perception of con-
sequences that is necessary to deter fraud. History and human
nature show that when a fraud does occur in a church, staff
members often hide the crime so they will not upset members
and other potential donors. In the opening case of the embez-
zling church secretary, the fraud at the first church was never
publicized or prosecuted because a close relative of the secretary
20
was a significant donor to the church and a powerful member of
the church board. In addition, U.S. nonprofits generally are not
tightly regulated. State attorneys general and the Internal Reve-
nue Service (IRS) are the only entities in a position to provide regu-
latory oversight to churches. Attorneys general are typically preoc-
cupied with other issues. And churches are exempt from the rule
that nonprofits must file informational tax returns with the IRS. So
only parent denominations, church governing boards and possibly
church members are likely to be privy to financial information.
DO THEY REALLY BELIEVE IT CANNOT
HAPPEN IN THEIR CHURCH?
To get a feel for churches’ perceived fraud invincibility, we in-
terviewed individuals who provided financial oversight in 132
U.S. houses of worship. Our survey included a broad variety
of denominations (primarily Christian) of differing member-
ships, annual budgets and numbers of employees. Memberships
ranged from 25 to 37,500, with an average of 1,168 and a medi-
an of 425. Annual budgets ranged from $10,000 to $30 million,
with an average budget of $1,089,045 and a median budget of
$430,000. Figure 1 illustrates the distribution of church bud-
gets. Most of these churches had at least a few paid employees,
and some were affiliated with national or international denomi-
nations providing some oversight role.
Fraud had indeed reared its ugly head with 13.4 percent of
the church leaders acknowledging they had experienced a fraud
Figure 1: Budget Range of Churches Surveyed
7%
28%
Over $1 million
$750,000 – $1 million
12%
$500,000 –
36%
$0 – $250,000
$750,000
17%
$250,000 –
$500,000
in their organizations within the previous five years. The esti-
mated sizes of the frauds ranged from a few dollars to $35,000.
We suspect that the actual frequency and dollar amount of fraud
were seriously underreported for two reasons.
First, our interviews indicated that churches generally
lacked proper internal accounting controls, including segrega-
tion of duties, and that even if those controls were in place, the
churches did not consistently follow them. The reported levels
of controls in most of these institutions were so poor that they
probably harbored many undetected frauds. For example, most of
the churches we surveyed did not separate record keeping from as-
Fraud-Magazine.com
 FRAUD IN HOUSES OF WORSHIP

set custody, particularly with respect

to the payment of expenses. Also,
Figure 2: Control Problems in Churches
in most cases, the same person who
wrote the checks also reconciled the
bank statements. Figure 2 illustrates No surprise audits 87%
the frequency of various control vio- No required vacations 80%
lations that we found in churches. No credit checks for employees 78%
The second reason we suspect Same person records and
deposits receipts 72%
underreporting is that it is likely
No term limits for financial volunteers 67%
that some interviewees were un-
willing to admit frauds, or their No financial expert on board 51%

churches did not tell them about Same person deposits receipts and 48%
reconciles bank statements
discovered crimes. Ministers and Related parties on board of directors 47%
church elders are accustomed to No criminal background checks 20%
holding the “sins” of their flocks
No checking references 13%
close to the chest, and this empha-
sis on confidentiality may prevail 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

even in the case of white-collar

sins. The cloak of secrecy may mean that the right hand does
not know what the left hand is doing within the church. Also, in
the same way that those who have been scammed are often too
embarrassed to admit their victimhood, church ministers and oth-
er financial leaders may be hesitant to reveal their vulnerability.
We asked interview participants how vulnerable they
thought their organizations were to employees’ or members’ il-
legal or unethical financial actions. Despite generally poor levels
of controls, none of the respondents — even those in organi-
zations that had experienced fraud — felt their organizations
were extremely vulnerable. Almost a fourth said they were not
vulnerable at all to fraud, and nearly two-thirds said they were
only slightly vulnerable. Table 1 on page 22 presents the percep-
tions of vulnerability to fraud within churches that experienced
a fraud within the last five years and those that had no report-
ed fraud over the same period. Overall, most believed that “it
wasn’t going to happen here.”
WHY DO THEY FEEL SO BULLETPROOF?
The lack of a realistic perception of vulnerability is driven by
several psychological mechanisms including overconfidence, ig-
noring base rates and confirmation biases.
Overconfidence
Overconfidence is a particularly difficult psychological barrier
to overcome, even among those with high levels of education.
Psychologists and economists, who have studied the overconfi-
dence phenomenon since the 1960s, find that this mindset re-
sults from two factors. One might be called the Lake Wobegon
effect (from Garrison Keillor’s “A Prairie Home Companion”):
we all think we are above average.1 Secondly, we tend to have
an illusion of control over circumstances.2 The combination of
these two factors leads to unrealistic optimism. Researchers find
that people are more overconfident when they are faced with
difficult or very difficult tasks. The “hard-easy effect” suggests
that they are more vulnerable to fraud when 1) it is difficult to
assess the likelihood of fraud, and 2) they lack the skills to ap-
propriately safeguard their most valuable assets.
Ignoring Base Rates
Cognitive researchers find that even when people are provided
information on the likelihood of fraud, they tend to ignore
“base rates.” (A base rate can be defined as the average num-
ber of times an event occurs divided by the average number of
times on which it might occur.) Consequently, if we were to tell
a group of church leaders that 20 percent of all houses of wor-
ship (a hypothetical number) are likely to be victims of fraud
within the next five years, their over-optimism will lead almost
all of them to conclude that they will not be victims of fraud.
In other words, people tend to place themselves into the group
that is not affected by frauds instead of accurately assessing if
their particular situation is more reflective of the group that
will experience a fraud.
Confirmation Bias
Auditors and fraud examiners do not tend to conclude that as-
sets are safe unless they have assessed the quality of the controls
in place. The “average Joe,” however, suffers from a confirma-
tion bias. In other words, Joe will rely too much on confirm-
ing evidence, such as “we have never had a fraud before.” At
the same time, he will dismiss contradictory arguments, such as
“we do not have adequate controls in place.” This bias increases
with the amount and strength of confirming evidence. It will
decrease with contradictory evidence but at a much slower rate.3
Walt Pavlo, the perpetrator of a multi-million dollar fraud
at MCI and WorldCom, expressed confirmation bias well. At the
Oklahoma State University 2008 Financial Reporting Conference,
he was asked where the auditors were while he was committing his

January/February 2012 21
FRAUD IN HOUSES OF WORSHIP
Perception of Vulnerability to Fraud
Fraud Occurred
in Last 5 Years Slightly
Not Vulnerable Vulnerable
Vulnerable
Yes 24% 53% 17%
No 25% 66% 6%
Total 24% 64% 9%
Table 1
crime, which involved overstatement of receivables. His response:
“No one wants to question good news.” In the for-profit world, the
evidence has shown that excessively high revenues are a much big-
ger red flag for fraud than excessively low revenues.
HOW TO HELP
Based on our survey findings and observations, we offer seven
steps fraud examiners can take to help churches avoid fraud:
1. Freely lend your expertise to small nonprofits and church
boards to help them understand and implement the concept
of separation of duties and independent checks.
2. Help them understand that checks are cash — only more
vulnerable. You could explain this by saying, “If someone
steals a $1 bill from you, the most they have stolen is $1. If
they steal a $1 check from you and then add a few zeroes,
they have stolen much more.”
3. Combat overconfidence through education and training.
Church boards must understand that trust is never an effec-
tive internal control.
4. To achieve adequate perception of detection and conse-
quences, encourage church boards to be open and forth-
coming about problems and consequences and to prosecute
when appropriate. Such prosecutions could have prevented
the secretary in our opening story from moving to the next
church to possibly do the same thing.
5. While churches may be in the business of “bringing the good
news,” it is a good idea to remind them that at least when it
comes to financial affairs, they should always question news
that is “too good to be true.”
6. Church leaders are becoming aware of the need (and some-
times the legal requirement) to conduct background checks
to specifically find sex-related crimes. Help them understand
that they also can use criminal and credit checks to protect
the church’s financial assets and help ensure that donors’
wishes are honored by applying donor funds to good deeds,
rather than using them to feather the fraudsters’ pockets.
7. While we have a psychological tendency to ignore base rates,
we tend to respond to stories. These stories help bring the
reality home; so share stories about church frauds. And if you
are feeling really brave, leave a few copies of Fraud Magazine
in the church library.
22
Extremely
Very Vulnerable Grand Total
Vulnerable
6% 0% 100%
3% 0% 100%
3% 0% 100%
Help them understand
that checks are cash —
only more vulnerable.
©Sue Colvil/iStockphoto
Individuals who contribute to religious institutions or other
nonprofits do so with the intent that their sacrifices will help the
institution and/or the parties it serves. Fraud examiners can help
these institutions ensure good stewardship over these resources
and prevent the unintended distribution of resources to the pock-
ets of fraudsters. An essential element of providing this help in-
volves convincing them that yes, it can happen here.
Robert M. Cornell, Ph.D., CMA, ACFE Educator
Associate, is an assistant professor of accounting in the Oklahoma
State University Spears School of Business. His email address is:
robert.cornell@okstate.edu.
Carol B. Johnson, Ph.D., ACFE Educator Associate, is the
Masters of Science coordinator and Wilton T. Anderson Professor
of Accounting in the Oklahoma State University Spears School of
Business. Her email address is: carol.johnson@okstate.edu.
Janelle Rogers Hutchinson is a Masters in Accounting student
at Oklahoma State University. Her email address is:
janelle.rogers@okstate.edu.
1
Alicke, M. D., & Govorun, O. (2005). “The better-than-average
effect.” In M. D. Alicke, D. Dunning & J. Krueger (Eds.), “The self in
social judgment.” 85-106. New York: Psychology Press.
2
Gino, F., Sharek, Z., & Moore, D. A. (2011). “Keeping the illusion
of control under control: Ceilings, floors, and imperfect calibration.”
Organizational Behavior & Human Decision Processes, 114, 104-114.
3
Juslin, P., Winman, A., & Olsson, H. (2000). “Naive empiricism and
dogmatism in confidence research: A critical examination of the hard-
easy effect.” Psychological Review, 107, 384-396.
It Can Happen in Your Neighborhood
Example 1
A husband and wife served as treasurer and assistant treasurer
in a small church in North Carolina. When their business began
failing, they stole several thousand dollars from the church by
simply writing checks to themselves over a three-year period. The
fraud was discovered when a contractor complained that he had
not been paid for work on the church property. (http://tinyurl.
com/2e2gm2w)
Example 2
Three unrelated individuals who served as office manager, facilities
manager and a volunteer in a California church colluded to steal
$500,000 from the church coffers to fund extravagant lifestyles.
The threesome carried out their thefts by issuing fraudulent checks
and making inappropriate use of credit cards. The theft was discov-
ered when the church pastor became suspicious and reported the
theft to the finance committee. (http://tinyurl.com/66cqchg)
Example 3
The pastor of a large Ohio church commingled funds, laundered
money, tampered with records, forged documents and sold 19
acres of church land to steal more than $1 million from his church
and cover his tracks. The proceeds were used to buy cars, a boat,
a pool and hair treatments in addition to funding private-school
tuition for his children. When a church employee reported that
funds were missing, it took two years to investigate the crime before
charges were filed. (http://tinyurl.com/6dpnvch)
Example 4
The business manager of an Oklahoma church was accused of
embezzling $140,000 to pay her personal expenses. The alleged
theft was discovered when the bank notified the church of an over-
drawn account. The suspect said she could not have stolen that
much money because the church was audited every year.
(http://tinyurl.com/6bpqblr)

Learn from the experts at

Principles of Fraud Examination
Austin, TX | April 30 - May 3, 2012

Solid Fundamentals for All Anti-Fraud Professionals

There’s so much to learn in order to be an effective fraud fighter – where do
you start? Right here, with Principles of Fraud Examination. This course is the
foundation of the ACFE’s curriculum and is recommended for all anti-fraud
professionals. Whatever industry or area of specialization you end up in, you
will benefit from a solid understanding of the fundamentals of the four key
areas of fraud examination:
t
Fraud Prevention and Deterrence
t
Legal Elements of Fraud
t
Fraudulent Financial Transactions
t
Fraud Investigation

Build your anti-fraud career on a solid foundation –

register online at ACFE.com/POFE by March 30 to save an additional $200!

January/February 2012 23
A major, multimillion sports ticket fraud at the University of Kansas
highlights how CFEs can help convince administrators and boards
to reassert control over their athletics departments. The answer
could be independent oversight.

By Herbert W. Snyder, Ph.D., CFE; and David O’Bryan, Ph.D., CFE, CPA, CMA
o
n June 30, 2009, David Freeman pleaded guilty to
conspiracy to commit bank fraud as part of a federal
bribery case. Anxious to please the judge prior to
his sentencing, he provided investigators with in-
formation about theft and resale of football and basketball
tickets at the University of Kansas (KU). Freeman fingered
two individuals, one of whom was exonerated while the
other proved to be central to the case.
Freeman had his sentence reduced from 24 to 18
months, which his attorney said was an inadequate re-
ward for the information he had provided, according to
“Developer source in KU ticket scandal,” by Steve Fry,
in The Topeka Capital-Journal, April 22, 2010. (http://
tinyurl.com/24wwss9)
Federal authorities contacted KU officials in late 2009.
Under increasing pressure, KU announced in March 2010
that it had retained the services of the Wichita office of
Foulston Siefkin LLP to conduct an internal investigation.
Assisted by a forensic accounting firm, Foulston Siefkin
found that six employees had conspired to improperly sell
or use approximately 20,000 KU athletic tickets — mostly
to basketball games, including the Final Four tournament
— from 2005 through 2010. The sales amounted to more
than $1 million at face value and could range as high as
$3 million at market value. Even worse, the investigators
were unable to determine how many of the tickets were
sold directly to brokers because the employees disguised
these distributions into categories with limited account-
ability, such as complimentary tickets, according to “Uni-
versity of Kansas athletic tickets scam losses may reach
$3M,” in the Kansas City Business Journal, May 26, 2010.
(http://tinyurl.com/3nvaf76)
The investigation did not examine years prior to 2005
because the athletics department did not retain those re-
cords. The investigation of KU’s ticket sales and fundrais-
ing operations by federal authorities continued throughout
2010 and 2011.
KU’s internal investigation, which was released May 26,
2010, implicated the associate athletic director for develop-
ment, the associate athletic director for the ticket office, the
assistant athletic director for development, the assistant ath-
letic director for sales and marketing, the assistant athletic
director for ticket operations and the husband of the associ-
ate athletic director for the ticket office who had been work-
ing for KU as a paid consultant.
WHAT ACTUALLY HAPPENED?
The accused allegedly abused the complimentary ticket
policies of the university in three ways:
First, official policy allowed for certain athletic office
employees to receive two complimentary tickets for each
athletic event provided they would not resell them. In-
stead, the athletic department routinely gave each of these
employees more than two tickets for each event and tacitly
permitted, if not overtly encouraged, reselling.
Second, the development/fundraising arm of the ath-
letic office was permitted to use complimentary tickets to
cultivate relationships with prospective donors. However,
these officials helped themselves to many more complimen-
tary tickets than they could have reasonably needed.
Third, athletic department members improperly used
or resold complimentary tickets reserved only for chari-
table organizations.
The culprits concealed these thefts by simply charg-
ing tickets to such fictitious accounts as RJDD — “Rod-
ney Jones Donor Discretionary” — and not recording the
ultimate recipients. (Jones was the assistant athletic di-
rector for development and one of the two persons the
informant identified.)
By 2009, a cover-up compounded the original
schemes. When the 2008-2009 basketball ticket sale re-
cords could not be reconciled, Charlotte Blubaugh told
Brandon Simmons and Jason Jeffries to move documents
from the athletic office to the football stadium where she,
Ben Kirtland and Tom Blubaugh would destroy them on a
weekend and then attribute their absence to construction at
the stadium, according to Foulston Siefkin’s final report to
the KU’s general counsel.
In a separate scheme, the husband of the associate
athletic director for the ticket office, who was supposedly em-
ployed as a consultant to the athletic department, received
payments totaling $116,500, all approved by the associate
athletic director for development. Apparently, the husband
did not provide any services in exchange for these payments.
Importantly, no allegations or evidence suggested
that any players, coaches or university administrators out-
side athletics were involved in these crimes. The athletic
director was not involved in the scheme but accepted re-
sponsibility for the lax oversight that contributed to its
extent and duration. Athletics office employees solely
perpetrated these frauds.
©Daniel Padavona and Charles Mann/iStockphoto
FRAUD IN COLLEGIATE ATHLETICS
So how did the frauds go undetected for at least five years?
And what can anti-fraud professionals do to prevent situations
like this?
WHY COLLEGE ATHLETIC PROGRAMS
ARE VULNERABLE TO FRAUD
The KU ticket scandal is not unique. It is merely the most recent
and largest among financial scandals in college athletic depart-
ments that have included the University of Louisville, the Uni-
versity of Colorado and the University of Miami. What happened
at KU is a combination of separate, but related, problems that
have become increasingly common in college athletic programs:
• Major athletic programs generate and spend huge sums of money.
• These programs frequently lack transparency in their finances.
• Athletic programs often operate independently of university
oversight.
As we have seen, the frauds at KU were not particularly so-
phisticated. (For example, the associate athletic director for the
ticket office used multiple dummy accounts for ticket purchasers
with business locations that matched her home address.) The
difficulty anti-fraud professionals face is not designing or imple-
menting financial controls; the challenge is convincing senior
administrators and oversight boards to reassert control over their
athletic departments so that existing controls will be effective.
A higher-education institution often uses a top-down, com-
mand-and-control structure on the field or in the gym to build
successful sports programs. However, that school might inappro-
priately use that same approach to administer the business side
of athletic programs. Fraud examiners who deal with intercol-
legiate athletics should be aware of the following factors, which
may predispose athletic programs to fraud:
College sports are a lucrative target for frauds
Part of the difficulty in dealing with ticket sale frauds in col-
lege athletics is that the sheer volume of money invites theft.
According to most recent figures available from the National
Collegiate Athletic Association (NCAA) and compiled by
ESPN (“The money that moves college sports,” March 3, 2010,
by Paula Lavigne, http://tinyurl.com/yf5d9vw), the 120 schools
that comprise the Division I Football Bowl Subdivision gener-
ate more than $1.1 billion from ticket sales each year. Of these,
the top five schools raise between $30.6 million and $44.7 mil-
lion. (By comparison, KU is large but not exceptional. During
the same period, the KU athletic programs spent more than $65
million and generated more than $17 million in ticket sales.)
College sports increasingly value winning over good
financial stewardship
The inherent risk that surrounds such large sums of money is
compounded by the intense pressure athletic programs face to
win games and increase their television exposure. As the Knight
Commission observed in its 2009 report on college athletics:
26
©Jon Helgason/iStockphoto
Part of the difficulty in dealing with ticket
sale frauds in college athletics is that
the sheer volume of money invites theft.
“The growing emphasis on winning games and increasing
television market share feeds the spending escalation because of
the unfounded yet persistent belief that devoting more dollars
to sports programs leads to greater athletic success and thus to
greater revenues.” (“Restoring the Balance: Dollars, Values and
the Future of College Sports,” http://tinyurl.com/yjvr9kp)
This situation, albeit in different contexts, is common to
many businesses that experience fraud. High revenues combined
with a focus on growth at all costs often lead to situations in
which organizations outstrip their own control structures and
invites unscrupulous employees to siphon funds.
Sports tickets are inherently valuable and easily convertible to cash
Athletic departments maintain an inventory of valuable, readily
exchangeable assets in the form of tickets. An active secondary
market, including ticket brokers, scalpers and casual sales among
ticket holders, facilitates the unauthorized, difficult-to-trace re-
sale of these tickets. This is exacerbated when the market value
of the tickets frequently exceeds their considerable face value by
a wide margin.
Also, custodians of complimentary tickets can wield great
power and influence over those who want these coveted assets.
Otherwise good people may turn a blind eye to wrongdoing if
tempted, for example, by free tickets to the Final Four or a BCS
bowl game.
College athletic departments frequently lack transparency
in their operations
Lack of access to information is a classic condition for facilitat-
ing fraud. The financial reporting that university athletic de-
partments require varies widely in the amount and quality of
information that they make publicly available. The U.S. Equity
in Athletics Disclosure Act, for example, requires colleges to
Fraud-Magazine.com
 Make an investment in yourself.

Become a Certified
Fraud Examiner.

When you are able to set some time aside and take away all the distractions, it’s
amazing what you can learn. The CFE Exam Review Course offers you four days of
guidance from experienced instructors, giving you all the tools you need to
prepare for and pass the CFE Exam.

According to the 2010/2011 Compensation Guide for Anti-Fraud Professionals,

CFEs earn nearly 22% more than their non-certified colleagues.

Distinguish yourself as an expert in the field by attending our CFE Exam Review Course.

Benefits of Attending the CFE Exam Review Course: UPCOMING COURSES:

Structured Learning — Learn how to prepare for the CFE Exam January 30 – February 2, 2012
Dallas, TX
Fast Track — Immerse yourself in an intense, 3½ day
preparation period NEW LOCATION!
March 26 – 29, 2012
Instructor-Led — Receive guidance from experienced instructors Singapore

Interactive Sessions — Participate in open discussions on a April 16 – 19, 2012

Las Vegas, NV
variety of topics in fraud prevention
July 23-26, 2012
Team Environment — Meet others preparing for the CFE Boston, MA
Exam and practicing CFE instructors to help you organize study
sessions to review materials, and provide you with tips and August 27 – 30, 2012
processes designed for the working professional’s busy schedule Chicago, IL

September 17 – 20, 2012

“ Great job! Well organized, very engaging and I learned a

lot. Very worthwhile class. I did not feel a minute of my time
was wasted.”
Washington, DC

October 15 – 18, 2012

New York, NY

— Melinda Wilp, CPA November 5 – 8, 2012

Austin, TX

See more information about the CFE Exam Review Course at ACFE.com/CFE-Exam
FRAUD IN COLLEGIATE ATHLETICS

file annual reports with the U.S. Department of Education.

However, compliance requires only six areas of expense — an
overly broad set of categories that allows wide variation among
institutions. The situation is a bit ironic when we consider that Winning may actually contribute to
many Division I schools such — as The University of Texas with financial mismanagement because it
yearly athletic revenues of $44 million, or Alabama, with an an- promotes an aura of invincibility,,
nual athletic budget of $126 million — rival or exceed for-profit
which could lead to lax oversight.
firms but without the same reporting requirements imposed by
the U.S. Securities and Exchange Commission or IRS, accord-
ing to Lavigne’s 2010 ESPN article.
Frequently, a single individual controls the daily financial man-
agement of an athletic department and is not subject to financial
controls and oversight normally found in profit-making entities.
This trend to place all the power in one person often be-
gins at schools with highly successful coaches. According to the
Knight Commission’s 2009 review of college presidents, a ma-
jority believes that the influence of outside money has eroded
their ability to control coaches and their programs. (“Quantita-
tive and Qualitative Research with Football Bowl Subdivision
University Presidents on the Costs and Financing of Intercol-
legiate Athletics,” http://tinyurl.com/yjvr9kp)
The trend has continued from coaches to omni-competent
athletic directors. John Gasaway, in his blog, “Basketball Prospec-
tus,” has gone so far as to christen this effect, the “Lew Perkins
Fallacy.” (He takes the name from the former KU athletic director,
who resigned in the wake of the ticket scandal, but the phenome-
non is by no means limited to the KU program.) The fallacy is that
presiding over an operation that generates an enormous amount of
revenue justifies an enormous salary: $65 million and $4 million
for KU and Lew Perkins, respectively. (“Jayhawks see through the
Lew Perkins Fallacy. Will others?” http://tinyurl.com/3vrok9d)
©Brandon Laufenberg/iStockphoto
Apart from the pressure that large salaries place on univer-
sity finances, they create two additional but related problems.
Winning athletic events does not necessarily translate into
As the KU scandal illustrates, it is absolutely critical that
managerial or financial competence. Winning may actually con-
someone independent from the athletic department perform
tribute to financial mismanagement because it promotes an aura timely reconciliations after each event to ensure adequate seg-
of invincibility, which could lead to lax oversight. Who wants regation of duties.
to kill the proverbial goose that is laying the golden eggs? KU’s Schools that provide free tickets to employees need addi-
athletic director, according to Gasaway, lost millions of dollars tional controls and tests. In most cases, complimentary tickets
in potential revenue for the university. should be reported as part of employees’ taxable income. Simi-
A second problem is that private sources often pay the large larly, controls need to be in place to make sure that employees
salaries. A number of college presidents noted in the Knight do not receive more tickets than they are allowed by their em-
Commission study that they are losing control over athletics as ployment contracts. (Regardless, it seems to be more than a lack
schools are accepting more outside sources of income, such as of specialized training that caused Kansas’ auditors to overlook
television contracts or private fundraising, to pay athletic salaries. the scandal during their periodic reviews of the ticket sales as
shown by the multiple front organizations using the ticket direc-
Ticket audits may require specialized testing tor’s home address.)
Most colleges provide free or reduced-price tickets to major or
prospective donors. That group changes from game to game. So, REASSERTING CONTROL OVER COLLEGE ATHLETICS
athletic departments need to test internal controls and reconcile Whether big-money sports are appropriate for universities is a
actual game attendance with revenues to ensure that the ticket topic beyond the scope of this article. However, large revenue
office is not overly generous with its donor tickets. streams are likely to remain an integral part of intercollegiate

28 Fraud-Magazine.com

athletics. The obvious course for universities, barring reducing
sports, is to become better stewards of their athletic resources.
More specifically, the same aspects of college sports that spawned
the scandal at KU and other universities should be the focus of
improvements, including better transparency and oversight.
Transparency
Public disclosure of an organization’s finances is a powerful de-
terrent to numerous types of fraud. Although the U. S. Depart-
ment of Education requires universities to report some data for
athletic programs, it is difficult to compare these disclosures
among institutions because the law requires reporting only in
very broad categories. The NCAA requires reporting with great-
er detail. However, the public rarely sees such data. Moreover,
the NCAA allows much leeway on the ways universities can
categorize such data.
A uniform system of accounts and reporting would promote
comparability and consistency among programs. To increase ac-
curacy and reliability, information provided to external parties
should come from universities’ central financial administrations,
not directly from their athletic programs. A university inter-
nal audit function should be actively involved to enhance the
quality of reported information. The external agencies receiv-
ing these reports should post them on the Internet to promote
openness and transparency and so independent watchdogs can
scrutinize them for evidence of wrongdoing.
Oversight
As with any other organization, simply installing better anti-
fraud controls is not sufficient to deter fraud. A standard of fraud
prevention is that controls are only as effective as the people
who use them. A lesson from the KU case is that athletic depart-
ments require independent oversight.
If it is true, as the Knight Report suggests, that university
presidents feel they are unable to do this directly, then universi-
ties must seek other bodies to provide the oversight. Potential
candidates include private university accrediting bodies, state
boards of higher education or a university’s board of governors.
Together with improved reporting standards, the move to inde-
pendent review would remove the process from the more political
atmosphere of university presidents and their competing needs to
run their schools, raise funds and have winning athletic programs.
KU EPILOGUE
Since the scandal broke at KU, federal and state authorities
have continued their investigation, which as of press time has
thus far resulted in seven indictments and seven guilty pleas:
Jason Jeffries, assistant athletic director for ticket opera-
tions, pled guilty to one count of misprision and was sentenced
to two years of probation and $56,000 restitution.
Brandon Simmons, assistant athletic director for sales and
marketing, pled guilty to one count of misprision and was sen-
tenced to two years of probation and $157,840 restitution.
January/February 2012
FRAUD IN COLLEGIATE ATHLETICS
Both Jeffries and Simmons cooperated in the investigation
from an early stage and received relatively light sentences.
Kassie Liebsch, athletic department systems analyst, pleaded
guilty to one count of conspiracy to commit wire fraud and was
sentenced to 37 months and $1.2 million restitution. Liebsch was
not identified as a co-conspirator in the spring 2010 investiga-
tion. She continued to work at KU until the day of her indict-
ment, Nov. 18, 2010.
Rodney Jones, assistant athletic director for development,
pleaded guilty to one count of conspiracy to commit wire fraud
and was sentenced to 46 months and $1.2 million restitution.
Charlette Blubaugh, associate athletic director for the ticket
office, pleaded guilty to one count of conspiracy to commit bank
fraud and was sentenced to 57 months and $2.2 million restitution.
Tom Blubaugh, paid consultant to KU and husband of
Charlette Blubaugh, pled guilty to one count of conspiracy to
commit wire fraud and was sentenced to 46 months and nearly
$1 million restitution.
Ben Kirtland, associate athletic director for development,
pleaded guilty to one count of conspiracy to commit wire fraud.
He was sentenced to 57 months and nearly $1.3 million resti-
tution, including about $85,000 to the U.S. Internal Revenue
Service and the balance to Kansas athletics.
After the story broke, Athletic Director Perkins announced
he would retire in September 2011 and then abruptly retired on
Sept. 7, 2010. KU has since replaced him with a new athletic
director who makes roughly 10 percent of his predecessor.
An Aug. 10, 2011, court filing indicates that the U.S. attor-
ney’s office had collected only $81,025 from the five individuals
convicted of conspiracy.
As Ben Franklin was quoted as saying, “It takes many good
deeds to build a good reputation, and only one bad one to lose
it.” It may be easier to recover the money than the damaged
reputation. Supporters of college athletics have asserted that the
KU ticket fraud represents a crime by employees and not a fail-
ure of college athletics. However, any enterprise that generates
millions and has so little internal control is inviting fraud.
Effective control of intercollegiate athletics will require
broader social and cultural changes that include good student
outcomes over a win-at-all costs mentality. Until that occurs,
anti-fraud professionals can best serve universities by helping
them ensure they receive the revenue they are entitled to for all
athletic events for advancing the institutions’ goals.
Herbert Snyder, Ph.D., CFE, is a professor of accounting in
the Accounting, Finance and Information Systems Department
at North Dakota State University in Fargo. His email address is:
herbert.snyder@ndsu.edu.
David O’Bryan, Ph.D., CPA, CFE, CMA, is a professor in the
Department of Accounting and Computer Information Systems in
the College of Business at Pittsburg (Kansas) State University. His
email address is: obryan@pittstate.edu.
29
 THE

Tell-Tale Signs of Deception

The Words Reveal

Suspects and witnesses often reveal more than they intend through their choices of
words. Here are ways to detect possible deception in written and oral statements.

By Paul M. Clikeman, Ph.D., CFE

 T he manager of a fast food restaurant calls the po-
lice late at night to report that an armed robber
had entered the restaurant while the manager was alone
in the office finishing some paperwork. The manager said
the gunman had stolen the entire day’s cash receipts —
a little more than $4,000. The manager had reported a
similar robbery at the restaurant about six months earlier.
No other witnesses were present at either alleged robbery.
The restaurant owner learns from police investigators that
armed robbery is extremely unusual in the surrounding
neighborhood. Also, the owner knows that the manager’s
wages have been garnished for the last year for nonpay-
ment of child support. The owner hires you, a CFE, to in-
vestigate whether the manager is filing false police reports
to cover his thefts. You begin your investigation by asking
the manager to write a description of the evening’s events.
Detecting Anomalies
Linguistic text analysis involves studying the language,
grammar and syntax a subject uses to describe an event to
detect any anomalies. Experienced investigators are accus-
tomed to studying interview subjects’ nonverbal behavior,
such as eye contact and hand movement. Text analysis,
on the other hand, considers only the subject’s verbal be-
havior. Because text analysis evaluates only the subject’s
words, investigators can apply it to written as well as oral
statements. In fact, many investigators prefer to analyze
suspects’ written statements for signs of deception before
conducting face-to-face interviews.
Text analysis is based on research originating in the
1970s. Psychologists and linguists studied the language and
word choices of subjects in controlled experiments and
found predictable differences between truthful and decep-
tive statements. Susan Adams, an instructor who taught
text analysis (which she called statement analysis) at the
FBI Academy for many years, described it as a two-part
process (“Statement Analysis: What Do Suspects’ Words
Really Reveal?” FBI Law Enforcement Journal, October
1996). First, investigators determine what is typical of a
truthful statement. Secondly, they look for deviations from
the norm.
The following section describes deviations that sug-
gest a subject may be withholding, altering or fabricat-
ing information.
Ten Signs of Deception
1. Lack of self-reference
Truthful people make frequent use of the pronoun “I” to
describe their actions: “I arrived home at 6:30. The phone
was ringing as I unlocked the front door, so I walked
January/February 2012
straight to the kitchen to answer it. I talked to my mother
for 10 minutes before noticing that my TV and computer
were missing from the living room.” This brief statement
contains the pronoun “I” four times in three sentences.
Deceptive people often use language that minimizes
references to themselves. One way to reduce self-referenc-
es is to describe events in the passive voice.
• “The safe was left unlocked” rather than “I left the safe
unlocked.”
• “The shipment was authorized” rather than “I autho-
rized the shipment.”
Another way to reduce self-references is to substitute
the pronoun “you” for “I.”
Question: “Can you tell me about reconciling the
bank statement?”
Answer: “You know, you try to identify all the out-
standing checks and deposits in transit, but sometimes
when you’re really busy you just post the differences to the
suspense account.”
In oral statements and informal written statements,
deceptive witnesses sometimes simply omit self-referenc-
ing pronouns. Consider this statement by a husband who
claims his wife was killed accidently: “I picked up the gun
to clean it. Moved it to the left hand to get the clean-
ing rod. Something bumped the trigger. The gun went off,
hitting my wife.” The husband acknowledges in the first
sentence that he picked up the gun. But the second sen-
tence is grammatically incomplete; “I” has been omitted
from the beginning of the sentence. In the third sentence,
“something” rather than “I” bumped the trigger. The state-
ment also contains few personal possessive pronouns. The
witness refers to “the” gun and “the” left hand where we
might expect “my” to be used.
2. Verb tense.
Truthful people usually describe historical events in the
past tense. Deceptive people sometimes refer to past
events as if the events were occurring in the present. De-
scribing past events using the present tense suggests that
people are rehearsing the events in their mind. Investiga-
tors should pay particular attention to points in a narra-
tive at which the speaker shifts to inappropriate present
tense usage. Consider the following statement made by an
employee claiming that a pouch containing $6,000 in cash
was stolen before she could deposit it at the bank (I have
emphasized certain words.):
“After closing the store, I put the cash pouch in my
car and drove to the Olympia Bank building on Elm Street.
It was raining hard so I had to drive slowly. I entered the
parking lot and drove around back to the night depository
slot. When I stopped the car and rolled down my window,
31
10 TELL-TALE SIGNS OF DECEPTION
a guy jumps out of the bushes and yells at me. I can see
©Stephan Zabel/iStockphoto
he has a gun. He grabs the cash pouch and runs away.
The last I saw him he was headed south on Elm Street.
After he was gone, I called the police on my cell phone
and reported the theft.”
The first three sentences describe the employee’s
drive to the bank in the past tense. But the next three
sentences describe the alleged theft in the present
tense. An alert investigator might suspect that the
employee stole the day’s cash receipts, then drove to
the bank and called the police from the bank parking
lot to report a phony theft. (See another example in
“Antics with Semantics” on page 35.)
3. Answering questions with questions
Even liars prefer not to lie. Outright lies carry the risk
of detection. Before answering a question with a lie, a deceptive
person will usually try to avoid answering the question at all.
One common method of dodging questions is to respond with a
question of one’s own. Investigators should be alert to responses
such as:
• “Why would I steal from my own brother?”
• “Do I seem like the kind of person who would do something
like that?”
• “Don’t you think somebody would have to be pretty stupid to
remove cash from their own register drawer?”
4. Equivocation
The subject avoids an interviewer’s questions by filling his or her
statements with expressions of uncertainty, weak modifiers and
vague expressions. Investigators should watch for words such
as: think, guess, sort of, maybe, might, perhaps, approximately,
about, could. Vague statements and expressions of uncertainty al-
low a deceptive person leeway to modify his or her assertions at a
later date without directly contradicting the original statement.
Noncommittal verbs are: think, believe, guess, suppose, fig-
ure, assume. Equivocating adjectives and adverbs are: sort of,
almost, mainly, perhaps, maybe, about. Vague qualifiers are: you
might say, more or less.
5. Oaths
Although deceptive subjects attempt to give interviewers as lit-
tle useful information as possible, they try very hard to convince
interviewers that what they say is true. Deceptive subjects often use
mild oaths to try to make their statements sound more convincing.
Deceptive people are more likely than truthful people to sprinkle
their statements with expressions such as: “I swear,” “on my honor,”
“as God is my witness,” “cross my heart.” Truthful witnesses are more
confident that the facts will prove the veracity of their statements
and feel less need to back their statements with oaths.
32
6. Euphemisms
Many languages offer alternative terms for almost any action or
situation. Statements made by guilty parties often include mild
or vague words rather than their harsher, more explicit synonyms.
Euphemisms portray the subject’s behavior in a more favorable
light and minimize any harm the subject’s actions might have
caused. Investigators should look for euphemistic terms such
as: “missing” instead of “stolen,” “borrowed” instead of “took,”
“bumped” instead of “hit,” and “warned” instead of “threatened.”
7. Alluding to actions
People sometimes allude to actions without saying they actually
performed them. Consider the following statement from an em-
ployee who was questioned about the loss of some valuable data:
“I try to back up my computer and put away my papers every
night before going home. Last Tuesday, I decided to copy my files
onto the network drive and started putting my papers in my desk
drawer. I also needed to lock the customer list in the office safe.”
Did the employee back up her computer? Did she copy her files
onto the network drive? Did she put her papers in the desk draw-
er? Did she lock the customer list in the office safe? The employ-
ee alluded to all these actions without saying definitively that
she completed any of them. An attentive investigator should not
assume that subjects perform every action they allude to.
8. Lack of Detail
Truthful statements usually contain specific details, some of
which may not even be relevant to the question asked. This
happens because truthful subjects are retrieving events from
long-term memory, and our memories store dozens of facts about
each experience — the new shoes we were wearing, the song
that was playing in the background, the woman at the next table
who reminded us of our third-grade teacher, the conversation
that was interrupted when the fire alarm rang. At least some of
these details will show up in a truthful subject’s statement.
Those who fabricate a story, however, tend to keep their
statements simple and brief. Few liars have sufficient imagination
Fraud-Magazine.com
to make up detailed descriptions of fic-
titious events. Plus, a deceptive person
23rd ANNUAL
wants to minimize the risk that an inves-
tigator will discover evidence contradict-
ing any aspect of his or her statement;
ACFE Fraud
the fewer facts that might be proved
false, the better. Wendell Rudacille, the
Conference
author of “Identifying Lies in Disguise”
(Kendall/Hunt, 1994), refers to seeming-
and Exhibition
ly inconsequential details as “tangential
verbal data” and considers their presence
to be prime indicators that subjects are JUNE 17-22, 2012
telling the truth.

9. Narrative balance
A narrative consists of three parts: pro-
logue, critical event and aftermath. The
ORLANDO, FL
prologue contains background informa- Gaylord Palms Resort & Convention Center
tion and describes events that took place
before the critical event. The critical
event is the most important occurrence
in the narrative. The aftermath describes
what happened after the critical event. In
a complete and truthful narrative, the bal-
ance will be approximately 20 percent to
25 percent prologue, 40 percent to 60 per-
cent critical event and 25 percent to 35
percent aftermath. If one part of the narra-
tive is significantly shorter than expected,
important information may have been
Don’t Miss 2012’s Largest Anti-fraud Event.
omitted. If one part of the narrative is Join forces with thousands of anti-fraud
significantly longer than expected, it may
be padded with false information. The fol-
professionals at the 23rd Annual ACFE Fraud
lowing statement, filed with an insurance Conference and Exhibition in the fight against
claim, is suspiciously out of balance: fraud. You will address the challenges and
“I was driving east on Elm Street critical issues faced by anti-fraud professionals
at about 4:00 on Tuesday. I was on my
during top-level educational sessions and
way home from the A&P supermarket.
The traffic light at the intersection of participate in unmatched networking
Elm and Patterson was red, so I came to opportunities with the premier practitioners
a complete stop. After the light turned and thought leaders from all over the world.
green, I moved slowly into the intersec-
tion. All of a sudden, a car ran into me.
The other driver didn’t stop, so I drove For more information or to register,
home and called my insurance agent.” visit FraudConference.com.
The subject’s statement contains
four sentences of prologue, only one sen-
tence describing the critical event, and
only one sentence of aftermath. The
prologue contains a credible amount of
detail: the day and time of the accident,
the driver’s destination, and the location

January/February 2012 33
10 TELL-TALE SIGNS OF DECEPTION

of the accident. But the description of the critical event (i.e.,
the alleged accident) is suspiciously brief. The claimant did not
describe the other vehicle, which direction it came from, how
fast it was going, whether the driver braked to try to avoid the
accident or how the two vehicles made contact.
The aftermath is also shorter than one would expect from a
complete and truthful account of a two-car accident. The claimant
does not say which direction the other vehicle went after leaving
the scene of the accident. He does not mention getting out of his
vehicle to inspect the damage nor does he say whether he spoke
to any people in the area who may have witnessed the accident. A
claims adjuster receiving such a statement would be wise to inves-
tigate whether the policyholder concocted a phony hit-and-run
story to collect for damages caused by the driver’s negligence.
10. Mean Length of Utterance
The average number of words per sentence is called the “mean
length of utterance” (MLU). The MLU equals the total number
of words in a statement divided by the number of sentences:
Total number of words / Total number of sentences = MLU
Most people tend to speak in sentences of between 10 and
15 words (ACFE Self-Study CPE Course, “Analyzing Written
Statements for Deception and Fraud,” 2009). When people feel
anxious about an issue, they tend to speak in sentences that are
either significantly longer or significantly shorter than the norm.
Investigators should pay particular attention to sentences whose
length differs significantly from the subject’s MLU.
The Words Reveal
Complete and accurate descriptions of actual events are usually
stated in the past tense and tend to have a predictable balance of
prologue, critical event and aftermath. Truthful statements gener-
ally contain numerous self-referencing pronouns and include at
least a few seemingly inconsequential details. Truthful statements
rarely contain oaths, equivocation or euphemisms. Investigators
should apply extra scrutiny to written or oral statements that de-
viate from these norms. Suspects and witnesses often reveal more
than they intend through their choices of words.
Paul M. Clikeman, Ph.D., CFE, is an associate professor in the
Robins School of Business at the University of Richmond. His email
address is: pclikema@richmond.edu.

NEW COURSE!
Using Data Analytics to Detect Fraud will introduce
students to the basics of using data analytics techniques to
uncover fraud. Taking a software-independent approach,
this one-day course provides attendees with numerous
data analytics tests that can be used to detect various
fraud schemes. Attendees will also discover how to
examine and interpret the results of those tests to identify
the red flags of fraud.

Using Data Analytics March 19, 2012

to Detect Fraud New York, NY
CPE Credit: 8 This event is held in conjunction with
Course Level: Basic Investigating on the Internet, March 20-21, 2012.
Prerequisite: None

For more information or to register, visit ACFE.com/DataAnalytics.

34 Fraud-Magazine.com

Antics with Semantics
I t may happen that you inherit a case that someone else
opened. Besides financial documents, all you have are the
written statements from witnesses and suspects. Can you tell
enough from words alone to detect evasion, lack of cooperation
and the intent to deceive? Yes, you can.
Semantics is a discipline concerned with the meaning of
words and the ways that words combine to form meanings in sen-
tences. The noun “rock,” for example, can indicate a stone or a
type of music. As a verb, “to rock” indicates the action of causing
something to rock (rock the cradle) or to rock oneself in a chair
(rocking on the front porch) or a form of party-time behavior (“we
were rocking last night”).
Anytime you interpret someone’s words — during a conversa-
tion, or as part of your professional duties — you are practicing
semantics. Here is one example of semantic analysis:
Use of Present Tense when Describing a Past Occurrence
Sometimes deceptive individuals display a reluctance to refer to
past events as past, particularly if the past event is the subject of
investigation. They refer to past events as if they were occurring in
the present. You should pay particular attention to those points in
the narrative at which the speaker shifts to this inappropriate pres-
ent tense usage, as in the following example.
How many times in this written statement does this person
switch to the present tense? What seems significant about the
points at which the switch occurs?
“On December 15, 2009, in the late afternoon hours, Don L.
Harrington, wife Wanda, and friends Amy Barr, Judy Partin and
Myself, Bob Boone, went to Taylor’s to pick up some layaway
items. We used two cars because there was some bulky merchan-
dise such as bicycles and a battery-operated car. Don had just
gotten his paycheck so instead of making a trip to the bank he
would pay the balance of the layaway with his check. Wanda
usually handles the finances, so she had Don’s check in her purse.
So Wanda hands Don his check, which in turn he gives it to the
layaway clerk. The clerk look at the check and said that she
couldn’t accept it but it was obvious that clerk was inexperienced,
because in fact it was the other clerk working in layaway that
told the clerk that she would have to check with the manager first.
So the clerk takes the check over to the manager, and we all see
the manager shake her head ‘no.’ By this time Don sees that he
can’t use his check, which was a surprise to us because it was a
payroll check instead of a personal check. But instead of causing
chaos, Don decided to pay for it in cash, which Wanda had in her
January/February 2012
10 TELL-TALE SIGNS OF DECEPTION
purse. So Don asked her for the money, gave it to the clerk, the
clerk gave him the receipt, and we went to the back to pick up the
merchandise. In all the confusion, Don thought that Wanda had
the check, and Wanda thought that Don had it, and by this time
we had gotten to Don’s house. So Don called ABC Company and
told the payroll dept. that his check was lost.”
Bob Boone uses the present tense in three sentences:
“So Wanda hands Don his check which in turn he gives it to
the layaway clerk.”
“So the clerk takes the check over to the manager, and we all
see the manager shake her head ‘no.’ “
“By this time Don sees that he can’t use his check, which
was a surprise to us because it was a payroll check instead of a
personal check.”
It is remarkable that the switch to the present tense occurs at
key moments in the exchange: as the check is handed over, as the
manager refuses to accept the check and as Don becomes aware
he will not be able to use the payroll check. This indicates the
person is sensitive about those moments.
Often, people use the present tense for past events when they
are rehearsing the events in their mind. It is a device for keeping
things straight. Maybe the person is just being careful, or maybe
he is being deceptive.
As an investigator, you should note the switches to the present
tense, and the point of the narrative at which these occur. From
there, you will decide how to explore the issues further.
Excerpted and adapted from the ACFE Self-Study CPE
Course, “Analyzing Written Statements for Deception and Fraud,”
2009. This excerpt is by Don Rabon, CFE.
Further Reading
• “Analyzing Written Statements for Deception and Fraud,”
ACFE Self-Study CPE Course, 2009 (ACFE.com/
products.aspx?id=2809).
• “Investigating Discourse Analysis,” by Don Rabon, CFE
(Carolina Academic Press, 2003).
• “Identifying Lies in Disguise,” by Wendell Rudacille
(Kendall/Hunt, 1994).
• “I Know You Are Lying,” by Mark McClish (The Marpa
Group, 2001).
• “Statement Analysis: What Do Suspects’ Words Really
Reveal?” by Susan H. Adams, FBI Law Enforcement
Journal (October 1996).
35
 Overachieving Fraud Wolves
in Sheep’s Clothing
Targeting Top-Performing Employees Gaming the Bonus System
Follow this CFE consultant as he uncovers top collection reps at a business call center who inflated their
performances for more money and job advancement. Lesson? Do not always follow the money.
SOMETIMES WE FIND FRAUDULENT ACTIVITY OCCURRING
IN THE MOST UNSUSPECTING PLACES. What started out
as a routine examination into a tip from an anonymous
call-center employee who was concerned with the large
number of suspicious credit card payments a few fellow
employees were processing, turned out to be the discovery
of a whole new area of call center fraud operating right
under the noses of management, compliance, internal au-
dit, quality assurance and even fraud committee members.
A call center environment can foster many credit
card processing scams. The most popular is for call cen-
ter agents to retain credit card account numbers, expira-
tion dates and security codes for themselves or to sell to
fraudsters. We also see this scam in restaurants and other
retail industries. Fortunately, in this case, the employee
who called the hotline supplied the locations and names
of the suspicious employees and claimed that the number
of payments they processed was far beyond the norm.
As an outside consultant, I first had to become famil-
iar with the work of the business unit and the group in
which the suspected employees worked. That unit han-
dles inbound and outbound phone calls with customers
who are past due on delinquent accounts. The collectors,
who use defined call scripts, process payments through
a number of payment options for consumers, including
mailing payments, self-performed Internet payments,
check by phone, automatic account debit and, naturally,
credit card and debit card payments processed over the
phone. The company provides exceptional training ser-
vices for the employees and monitors their work so they
comply with company policies, procedures and applicable
federal, state and even some local statutes. An automated
account management system documents all work, and the
company records all phone calls.
By Jeffrey Horner, CFE, CRCMP
36
Next, I zeroed in on the accused employees because
the tipster had not provided specific details of the al-
leged fraudulent conduct. I listened to call recordings,
reviewed the corresponding accounts associated with
calls and sat in on some blind monitoring of the col-
lectors’ live calls. Nothing seemed out of the ordinary.
The targeted collection representatives were very pro-
fessional, positive and helpful to consumers.
I expanded the investigation to several previous
months and increased the sampling of calls and ac-
counts. I reviewed consumer complaints containing
allegations of unauthorized charges to see if these col-
lectors had handled them. I still found no question-
able conduct. As a final part of the examination, I in-
terviewed the entire business unit staff to uncover any
other employee suspicions of fraudulent activities. I im-
mediately saw that the group members were extremely
competitive, but management encouraged this through
bonuses and advancement to high achievers.
After six or eight interviews, I believed I discovered
the employee who filed the anonymous report to the ho-
tline. She made remarks that those who “know how to
work the system” are the ones who make bonuses and ad-
vance, while those who “play by the rules” are stuck, live
paycheck to paycheck and are passed over for promotions.
She struck me as either a disgruntled employee or some-
one tired of seeing cheaters prosper. After a few additional
probing questions, I had what I needed to develop a theory
for what may be the most unsuspecting fraudulent activity
I have ever uncovered. I tore into the historical perfor-
mance measurements, metrics, reports and employee files
of the business unit. What I found was shocking.
Fraud-Magazine.com
 My interviews with the business unit’s
management and review of historical docu-
mentation showed clearly that the top col-
lection representatives processed over the
phone as much as two to three times the
number of credit card and debit card pay-
ments as the average collector. Incentives for
the number of credit card payments allowed
representatives to earn bonuses.
After I traced the payments to the ac-
counts, I noticed that some collection rep-
resentatives would set up customers on pay-
ment plans to charge their credit cards once
or even twice a week, instead of the typical
payment plan for once every two weeks or
monthly. The total amount the customer
paid was the same, but it was broken down
into smaller amounts and processed regu-
larly to increase the number of payments
per week. Ironically, these “top-performing”
employees appeared to be the most talented,
dedicated, hardest-working phone represen-
©Juan Darien/iStockphoto
tatives in the business unit.
As I reviewed the employment records
and performance reviews of the current and former supervisors We are familiar with criminologist Dr. Donald R. Cressey’s
and managers of the business unit, I found it crystal clear that fraud triangle that defines fraud as the convergence of three
they had all worked their way up in similar fashion. They rou- factors to set the climate for fraud: pressure, opportunity and
tinely outscored their peers at the performance metrics. I ex- rationalization. CFEs are trained to focus their sights on the
panded my investigative analysis to other call center business business resources, processes, procedures, employee activities
units and found the same conduct. and personnel to detect the potential for, and existence of, the
fraud triangle factors. Nevertheless, many fraud examiners do
DRIVING EMPLOYEES TO CHEAT not recognize the existence of these factors in the out-in-the-
Much has been written, preached and practiced in the area of em- open business environment because we are diligently sleuthing
ployee motivation, especially for those directly interacting with for the not-so-obvious, hidden schemes buried deep in the orga-
customers. Management drives them to shatter sales and service nization. Is it possible that fraudulent activity is fully accepted
records, surpass customer satisfaction standards, hit key perfor- and expected? If so, where, and how do we identify it?
mance indicators, out-hustle the competition and find ways to
do more with less. We set goals and budgets, apply performance
THE NUMBERS CAN LIE
metrics, and offer various bonuses and creative incentives.
In this case, the use of data was essential to steer the investi-
Organizations monitor and evaluate employee performance,
gation in the proper direction. Looking at the total payment
and top achievers climb up corporate ladders. If you are passed
over too many times you are branded as stale, and you may lose processed by the representatives in the group in Figure 1 (on
all hope to advance. Those who earn promotions then study the page 38), we see no significant variance. In fact, the highest pro-
playing fields and develop their strategies to move up the next ducers of total payments are reps 112 and 117. However, drilling
rungs of corporate ladders. into the number of debit card and credit card payments pro-
Capitalism through competition. So what is there to worry cessed quickly reveals a statistical anomaly. Reps 114 and 118
about? Plenty. Let us take a deeper look into this activity. clearly processed a disproportionately higher number of these
Typically, CFEs, internal auditors, external auditors, and payments than the others in the group. Because the company
risk and compliance managers will search for fraudulent em- incents reps with bonuses and awards to obtain these payments,
ployee activity by focusing on employee theft, embezzlement, Reps 114 and 118 benefitted.
expense account fraud, larceny, fraudulent check writing or This information caused us to review the details of payments
cashing, vendor contracts and countless other schemes. They and customer accounts. We were alarmed to see that these reps
follow the money and focus on financial transactions and report- were breaking policy by processing payments as often as two
ing as sources for discovery. But significant fraudulent employee times per week on the same customer account to artificially in-
activity can be occurring in the open, and we fail to recognize it flate the number of payments and earn bonuses. The consumers
or the severity of the risks and potential losses. agreed to this practice when the reps told them it was necessary

January/February 2012 37
OVERACHIEVING FRAUD WOLVES IN SHEEP’S CLOTHING

to keep activity occurring on their accounts so

no additional collection action was taken.
In another group, we found that manage-
Figure 1: Employee Performance Anomoly
ment was looking at a standard call center Key
Performance Indicator (KPI) to identify any em- 160 Credit Card
ployee that may not be in line with performance 140 135 134
129 Debit Card
125 125
129

Number of Payments Processed

standards. Figure 2 below shows that the average 120 115 113 Total
handle time seems consistent across all employ- 100
ees. However, upon closer examination, we no- 80
tice that Reps 223 and 226 have extremely short 60 55
46
first contact and inbound call times. 40
39
32 31
44
31 29 28
We decided to monitor calls and found that 25 23
21 18 22 18 20
20
these reps would not thoroughly and adequately
0
address customers’ questions, disputes or requests Rep 111 Rep 112 Rep 113 Rep 114 Rep 115 Rep 116 Rep 117 Rep 118

for documentation, as required by company pol- Representative

icy. They were cutting corners to handle more

calls. You will not be surprised to learn that the
monthly incentives in the group were based on
Figure 1
the average number of calls handled per day. By
cutting these calls short and telling customers
that someone would get back to them on their
issues or concerns, they were able to make more
calls than other reps. Figure 2: Employee Performance Anomoly

RISK AND COMPLIANCE 8:24 1st Contact

7:02

6:54
According to The Committee of Sponsoring 2nd Contact
6:32
6:26

6:21
6:12
6:86
Call Handle Time (min:sec)

Organizations of the Treadway Commission Inbound

5:49 Average
(COSO), “Everyone in an organization has re-

4:38
4:25

4:28

4:28

4:31
4:21

4:08
4:19

4:04
4:11

4:11
3:59
3:58

3:59
3:57

3:55

3:57
3:48
3:55

sponsibility for internal control.” (http://tinyurl.

3:35

4:12
3:26
3:12

3:07

com/4y24k9n) It starts with the CEO, who

2:41

2:12

2:74
should ultimately “assume ‘ownership’ of the
1:41

1:37
system,” COSO states. However, management
devises goals, targets, budgets and service stan- 0:00
Rep 222 Rep 223 Rep 224 Rep 225 Rep 226 Rep 227 Rep 228 Rep 229
dards and drives them to the production level. A
Representative
close examination of the conduct and behavior
at that level may reveal potential fraudulent ac-
tivity that standard business processes and pro-
cedures have cloaked. Figure 2
We know that certain areas are ripe for em-
ployee fraud, such as expense accounts, com- and data, or the absence of these values from negative data that
mission reports and vendor contracts. But does the definition could be used to improve the organization and its outcomes.
of fraud and Cressey’s fraud triangle apply to activity and con- And finally, does the perpetrating employee receive gain?
duct related to employee performance metrics? We can build This is where we make a critical mistake and overlook the ob-
the case that it does. vious. Up to this point, we are dismissing these acts and omis-
Employees, supervisors or managers who intentionally in- sions by employees as harmless, just seeking to look good to the
flate performance metrics in daily job duties, or omit negative boss, avoid the consequences of missteps or failure, earn that
information or activities, meet the first part of the definition for bonus or climb the ladder in the organization. Employees who
fraud. But what about the requirement for a victim suffering loss are evaluated by performance measurements, metrics, data,
by these actions? Again, the victim here is the employer organiza- etc. who manipulate these values are in essence causing their
tion through the receipt of invalid performance metrics, delivery performances to appear to be better/higher/more valuable to

38 Fraud-Magazine.com

the organization than they would actually be otherwise. What
is the motivation? Clearly, for those who are compensated by
commission and bonuses the answer is obvious: money. But job
retention or advancement also constitutes personal gain.
The totality of the definition has been met in the descrip-
tion of employees who purposefully skew performance metrics.
It is not hard for frontline employees to cut corners, force orders,
shorten calls, bury complaints, etc., day after day to put up some
impressive numbers.
This environment is ripe with employee incentive/pres-
sure. The opportunity is present for front-liners to manipulate
the input, statistics, calls, paperwork and other job functions.
And rationalization is a personal psychological characteristic
that has been found to be present in 40 percent of employees,
according to “Managing the Business Risk of Fraud: A Practical
Guide.” And according to Freud, rationalization is a defensive
Risk, cost and liability from damage to customer goodwill, brand and exposure
to regulatory actions may be significant once the missteps are revealed.
mechanism that seeks to offer acceptable reasons to others, or
ourselves, for unacceptable behavior. As stated by ACFE found-
er and Chairman, Dr. Joseph T. Wells, CFE, CPA, in his “Corpo-
rate Fraud Handbook,” “For the purpose of detecting and deter-
ring occupational fraud, it does not matter whether employees
are actually justified, but whether they perceive that they are.”
Now that we have seen that frontline employee conduct
may be an undetected area primed for fraud, we need to assess
the risk to the enterprise. According to the International As-
sociation of Risk and Compliance Management Professionals,
the risk and harm sustained by an organization are not limited to
the losses from employees who work the system to advance and
earn more money. Risk, cost and liability from damage to cus-
tomer goodwill, brand and exposure to regulatory actions may
be significant once the missteps are revealed. When company
management is unable to obtain valid data from operations, the
impact can be devastating.
HELP THE COMPANY HELP THEMSELVES
The environments most susceptible to transparent frontline
fraud are those you would not normally suspect: service centers
within the enterprise with high-volume, measurable workload
functions. These include call center operations, inside order
processing, lead generation, online agent help desks, billing
and collection, telemarketing, mail processing, customer service
centers and back-office operations.
Once you recognize conduct as potentially fraudulent and
know where to focus efforts to discover the activity, you must ex-
amine what can be done to mitigate that risk. Often, process and
January/February 2012
OVERACHIEVING FRAUD WOLVES IN SHEEP’S CLOTHING
compliance reviews originate inside the same departments that
breed the “culture of fudging the numbers.” You must address it,
or it will continue. Because pressure from management to hit
the numbers will always be a source of temptation for all to look
the other way, the answer is to expand our reach to areas of the
enterprise that possess the resources and skill sets necessary for
independent examination.
In our case, once we showed executives the data for em-
ployee performance anomalies, management culture and per-
formance-based compensation and advancement history, it was
clear that change was required. After we developed and imple-
mented training programs to expose and address the conduct
as fraudulent behavior, we devised measurements and reporting
to display such activity to serve as deterrents. In a short period
of time, performance metrics reflected true and clean data for
employee call statistics. With this information, we were able to
accurately identify problem employees and quash the culture
of “working the system” for bonuses and advancement. In just
three months we gained a 14 percent increase in KPIs and cus-
tomer satisfaction ratings! Only employees playing by the rules
earn bonuses for the right reasons.
Clearly the solutions are very simple, and if you take one
thing away from this article, this is it: The targets, goals, incen-
tives and bonuses are not the problem. We must focus investi-
gative principles and techniques on performance anomalies be-
cause they are ripe for frontline, transparent fraudulent activity.
It is critical that we segment employee production by tenure,
skill and past achievement variances.
A business environment probably already has all the neces-
sary tools, resources and historical data to assess the accuracy,
or lack thereof, of job performances at any level. Management
will need to develop controls, checks and balances, monitoring,
reporting, ethics training, employee hotlines and preventative
measures to reduce the risk for fraud.
We may nip and tuck around the edges to modify behavior,
and still the crafty employees find ways to “hit their numbers”
and get the prizes. If we are not diligent in reviewing, reconcil-
ing and building operations-oriented analysis tools to identify
performance anomalies — and investigate them — unrecog-
nized fraudulent activity will occur before our eyes.
Jeffrey Horner, CFE, CRCMP, is chief development officer and
senior vice president of the Government Services Division of UCB
Inc. His email address is: jwhorner@ucbinc.com.
39
Data Breaches, a 3-Part Series

BREAKING BREACH
SECRECY, Part 3

BY ROBERT E. HOLTFRETER, PH.D., CFE, CICA; AND ADRIAN HARRINGTON

©PN_Photo/iStockphoto
Analysis Shows Entities Lack Strong
Data Protection Programs
The authors’ analysis of data-breach statistics shows that organizations
poorly protect personal data. Possible solution: U.S. federal rules for
guidance in developing comprehensive data protection programs.
here are data breaches and then there
are data breaches. Hold on as we look
at two enormous cases reported by the
Privacy Rights Clearinghouse (PRCH)
in its “Chronology of Data Breaches.”
Even though the number of records compromised
in these two cases is atypical, it does illustrate the
problems consumers face when their personal data
is not protected by organizations that use it.
On Jan. 20, 2009, Visa and MasterCard
alerted Heartland Payment Systems, a credit and
debit card processor, of suspicious activity related
to card transactions. After the company inves-
tigated, it found evidence of malicious software
that compromised data on more than 130 million
cards. The incident may have been the result of a
global cyberfraud operation.
On June 16, 2005, hackers infiltrated the net-
work of CardSystems — a third-party processor of
payment card transactions — and exposed names,
card numbers and card security codes of more
than 40 million card accounts, including 68,000
Mastercard accounts, 100,000 Visa accounts and
30,000 accounts from other card brands. On Feb.
26, 2006, CardSystems agreed to settle charges
with the Federal Trade Commission that it failed
to have in place the proper security measures to
protect sensitive personal information. CardSys-
tems notified affected consumers and offered them
one year of credit monitoring services.
Data breaches that lead to identity theft
have affected the lives of individual consumers,
businesses, nonprofit organizations and govern-
ments at all levels throughout the world, espe-
cially in the past decade. Security companies are
constantly working to develop better products for
individuals and organizations to protect personal
information. Many organized cybercriminals work
as successful profit-making businesses, constantly
developing new fraudulent schemes to look for
system weaknesses and collect personal identifi-
able information (PII).
However, as our new report and analysis in
this article show, it is not just blatant hacker ef-
forts that cause data breaches. Organizations and
individuals who do a horrible job protecting per-
sonal data, of course, create conditions that lead
to the majority of data breaches.
TRACKING THE PESKY BREACHES
Though not all organizations report data breaches
publicly, at least three independent groups track
and analyze breaches and publish them in reports:
the Privacy Rights Clearinghouse (PRCH), Veri-
zon and the Identity Theft Resource Center®.
Privacy Rights Clearinghouse
PRCH describes itself as a “nonprofit consumer edu-
cation and advocacy project whose purpose is to ad-
vocate for consumers’ privacy rights in public policy
proceedings.” From Jan. 1, 2005, through press time,
it has tracked, analyzed and classified 2,752 data
breaches and more than 542 million compromised
records for inclusion in its “Chronology of Data
Breaches,” which is updated daily (www.privacy-
rights.org/data-breach) from these sources:
• The Open Security Foundation’s DATALOSSdb.
(www.datalossdb.org)
• Databreaches.net, a spinoff from www.PogoWas-
Right.org, has compiled a wide range of breach
reports since January 2009.
• Personal Health Information Privacy (www.
phiprivacy.net/), affiliated with Databreaches.
net, is a database that compiles only medical
data breaches. Many of these are obtained from
41
BREAKING BREACH SECRECY
the U.S. Department of Health and Human Services’ medical
data breach list.
• National Association for Information Destruction Inc. (www.
naidonline.org) provides monthly newsletters that include a
number of data breaches largely resulting from improper docu-
ment destruction.
The PRCH classifies data breaches as:
• Unintended disclosure: sensitive information posted publicly
on a website, mishandled or sent to the wrong party via email,
fax or mail.
• Hacking or malware: electronic entry by an outside party.
• Payment card fraud: fraud involving debit and credit cards
that is not accomplished via hacking. For example, skimming
devices at point-of-service terminals.
• Insider: someone with legitimate access such as an employee
or contractor intentionally breaches information.
• Physical loss: lost, discarded or stolen non-electronic records,
such as paper documents.
• Portable device: lost, discarded or stolen laptops, PDAs,
smartphones, portable memory devices, CDs, hard drives,
data tapes, etc.
• Stationary device: Lost, discarded or stolen stationary electronic
devices such as a computer or server not designed for mobility.
• Unknown.
Verizon Business
For the past six years, the Verizon Business Risk Team, in con-
junction with the U.S. Secret Service (since 2009) and the
Dutch National High Tech Crime Unit (starting in 2010), has
prepared the annual Data Breach Investigations Report (http://
tinyurl.com/3votjlj) based on its analysis of more than 900 data
breaches representing more than 900 million compromised re-
cords. The Verizon study classifies the breach types as from ex-
ternal agents, insiders, business partners and multiple parties.
Identity Theft Resource Center ®
The Identity Theft Resource Center® (ITRC) (www.idtheft-
center.org) describes itself as “a nonprofit, nationally respected
organization dedicated exclusively to the understanding and
prevention of identity theft.”
The ITRC list is a compilation of data breaches confirmed
by various media sources and/or notification lists from state
governmental agencies. The group updates the list weekly. To
qualify for the list, breaches must include PII that could lead
to identity theft, especially SSNs. Since Jan. 1, 2005, and up
to press time, the ITRC has tracked and analyzed 2,852 data
breaches and more than 496 million compromised records.
The ITRC classifies its types of data breaches as from: data
on the move, accidental exposure, insider theft, subcontractors
and hacking.
42
These organizations use differing methodologies to select
and classify data breaches, which allow us to view the data from
different perspectives. “Data breaches are not all alike,” accord-
ing to the ITRC. “Security breaches can be broken down into a
number of categories. What they all have in common is that they
usually contain personal identifying information in a format eas-
ily read by thieves, in other words, not encrypted.” That is true,
©Gualtiero Boffi/iStockphoto
but a lot of personal information included in data breaches is
encrypted. If organizations use the 56–bit Data Encryption Stan-
dard rather than the 128-bit Advanced Encryption Standard,
then hackers can normally break key codes and return encrypted
data to plain text so they can use it for identity theft.
HOLTFRETER/HARRINGTON DATA BREACH ANALYSIS REPORT
We decided we wanted to compile a data breach report for the
public and anti-fraud professionals using a different classifica-
tion system to provide additional breadth and depth.
Methodology
We analyzed 2,278 data breaches and 512,289,000 compromised
records reported by the PRCH for a six-year period of 2005
through 2010 — Jan. 1, 2005 through Dec. 31, 2010. (Beth
Givens, PRCH’s director, granted us permission to use its data.)
We developed our classification system by conducting an
analysis of a large sample of 300 data breaches to initially clas-
sify each of them into three broad categories: internal, external
and non-traceable. We used this initial broad approach because
data breaches and related comprehensive data protection legis-
lation are typically viewed by the public and identity theft ex-
perts from an internal/external perspective. Internal and exter-
nal data breaches are defined, simply, as those originating from
within or outside an organization, respectively.
In the second phase of our analysis we examined all the
sampled breaches included in the internal and external catego-
ries to look for useful patterns for determining specific subtypes.
Fraud-Magazine.com
The ACFE Career Center
More than just a Job Board.

The ACFE Career Center has resources and advice for

anti-fraud professionals at every stage of their career, from
entering the workforce to mentoring the next generation.
Even if you’re currently employed, the Career Center can
help you chart your path with:

t
Career advice from HR experts, hiring managers,

self-employed fraud examiners and more.

t
Profiles of ACFE members who share how they charted their

career path, what worked and what didn’t.

t
Valuable web resources including checklists, articles and

career-planning tools.

t
The ACFE Job Board, where job seekers go to find job

postings targeted to their skill set.

Don’t forget to check out job listings and network with

colleagues on the ACFE LinkedIn group.

Invest in your career. Visit the ACFE Career Center at ACFE.com/Career.

BREAKING BREACH SECRECY

We then completed the classification process by placing all

2,278 data breaches for the six-year period into the following
subtype categories, which we defined and used for the analysis: Figure 1: Record Breach Sum
IIPD: Internal — improper protection or disposal of data:
For example, on Sept. 4, 2007, the University of South Caro- 1%
Non-traceable
lina exposed online a number of files containing Social Security 13%
Internal Sum
numbers, test scores and course grades.
ITF: Internal — theft of data by a current or former em-
ployee with absolute or high probability of fraudulent intent:
86%
For example, on Feb. 5, 2009, a Mooresville, N.C., dry cleaner External Sum
skipped town with her clients’ credit card numbers.
ITNF: Internal — theft of data by a current or former
employee with low or no probability of fraudulent intent:
For example, on April 27, 2007, an employee at the Caterpillar
Corporation stole a laptop computer containing personal data of
employees, including SSNs, banking information and addresses.
IH: Internal — hacking or unauthorized intrusion of Figure 2: Record Breach Types
a network by a current/former employee: For example, on
March 21, 2010, a 21-year-old former Evergreen Public School 6% 4%
3%
8% Internal-ITF Internal-IL
Internal-IIPD
employee Vancouver, Wash., pulled off a computerized payroll External-XTNF

security breach that put more than 5,000 current and former 2%
External-XTF
Vancouver district school employees at risk for identity theft.
18%
IL: Internal — loss of data: For example, on Oct. 15, 2009, External-XP
the Virginia Department of Education reported that a flash drive
containing 103,000 student names, SSNs, and employment and 59%
demographic data was misplaced. External-XH

XP: External — partner/third-party theft or loss of data

by improper exposure or disposal: For example, on April 27,
2007, the Long Island Railroad reported that, while in transit,
its delivery contractor, Iron Mountain, lost data tapes contain-
ing names, addresses, SSNs and salary figures of virtually all the
employees who worked for the company.
XTF: External — theft of data by a non-employee with ab-
solute or high probability of fraudulent intent: For example, on
Feb. 2, 2009, a school volunteer at the Irving Independent School
District in Texas, stole information including SSNs and birth
dates of school employees and tried to buy tires at a local Sears
store after opening up a line of credit using the name of one of the
school teachers. A suspicious, alert employee called the police.
XTNF: External — theft of data by a non-employee with
low or no probability of fraudulent intent: For example, on
Aug. 1, 2009, Williams Companies Inc., in Tulsa, Okla., report-
ed that a laptop containing personal information of 4,400 cur-
rent and former employees was stolen from a worker’s car.
XH: External — hacking or unauthorized intrusion of
network by a non-employee: For example, on June 23, 2010,
Anthem Blue Cross – WellPoint of California reported that
hackers may have compromised customers’ personal informa-
tion after gaining access to the company’s web-based tool for
tracking pending insurance applications.
NA: Non-traceable — unable to determine as internal or
external: For example, on June 22, 2009, numerous folders con-
taining medical records and SSNs from Baptist Medical Center
were found in a landfill.
0%: Internal-IH
0%: Internal-ITNF
0%: Non-traceable
Results? Entities Have Some Explaining to Do
Bear with us on the detailed results. Getting through these sta-
tistics will pay off. Figure 1, Record Breach Sum (above), shows
the percentage of the 581,289,000 compromised records for the
six-year period. As shown, approximately 13 percent were traced
to the internal category, 86 percent to external and 1 percent
to non-traceable. Most individuals believe that the majority of
compromised records and related breaches are externally driven
— an opinion probably shaped by media outlets, which tend
to focus their reporting on data breaches of large organizations.
Figure 2, Record Breach Types (above), shows the percent-
ages of the total compromised records traced to each of the
five internal (IIPD, ITF, ITNF, IH, IL), four external (XP, XTF,
XTNF, XH) and non-traceable (NA) subtype categories.
In the internal subtype categories, IIPD or the “improper
protection or disposal of data,” accounted for approximately 3
percent of the total compromised records; ITF or “theft of data
by a current or former employee with absolute or high prob-
ability of fraudulent intent,” accounted for about 6 percent; IH
or “hacking or unauthorized intrusion of network by a current/
former employee,” was about 1 percent; IL or “loss of data,” was
about 4 percent, and ITNF or “theft of data by an employee
with low or no probability of fraudulent intent theft,” was about

44 Fraud-Magazine.com
 BREAKING BREACH SECRECY

accounted for 39 percent, external for 56 percent and 5 percent

for non-traceable. These results are quite different when com-
Figure 3: Case Breach Sum pared to the number of compromised records for internal, ex-
ternal and non-traceable categories, which were noted above at
5%
Non-traceable
13 percent, 86 percent and 1 percent, respectively. This strongly
indicates that the external hackers are getting access to more
39% records per breach than those stealing internal records.
Internal Sum
Figure 4, Case Breach Types (left), shows the percentage of
the 2,278 data breaches for the five internal (IIPD, ITF, ITNF,
56%
External Sum IH, IL), four external (XP, XTF, XTNF, XH) and non-traceable
(NA) subtype categories. For internal, XP or the “improper pro-
tection or disposal of data,” accounted for approximately 24 per-
cent; XTF or “theft of data by a current or former employee with
absolute or high probability of fraudulent intent,” accounted for
about 8 percent; XH or “hacking i.e. unauthorized intrusion of
network by current or former employee,” was about 1 percent;
Figure 4: Case Breach Types XL or “loss of data” was 7 percent, and XTNF or “theft of data
by a current or non-current employee with low or no probability
7%
5%
Internal-IL 5%
of fraudulent intent,” was about 1 percent.
External-XP
7%
External-XTF
Non-traceable Improper protection or disposal of data dominates this sub-
2%
category, which again shows that some organizations need to
Internal-IH tighten up their controls.
8%
Internal-ITF In the external subtype categories, IIPD or “partner/third
24%
External-XTNF party theft or loss of data by improper exposure or disclosure,”
18%
External-XH accounted for approximately 7 percent of the total data breaches;
24% XTF or “theft of data by a non-employee with absolute or high
Internal-IIPD
probability of fraudulent intent,” accounted for about 6 percent;
0%: Internal-ITNF XH or “hacking or unauthorized intrusion of network by a non-
employee,” was about 18 percent; XTNF or “theft of data by a
non-employee with low or no probability of fraudulent intent,”
1 percent. There is no dominant internal breach type, but this was 24 percent, and NA or “non-traceable — unable to determine
is somewhat expected because the total compromised records as internal or external,” accounted for approximately 5 percent.
in this area accounted for only 13 percent of the overall total The pattern that exists among the total compromised re-
compromised records. cords and data breaches for the general internal, external and
In the external subtype categories, XP or “partner/third party non-traceable categories seems to be true for the subtypes. For
theft or loss of data by improper exposure or disposal,” accounted internal types, NC or the “improper protection or disposal of re-
for approximately 18 percent of the total compromised records; cords,” accounted for about 24 percent of the total breaches but
XTF or “theft of data by a non-employee with absolute or high 3 percent of the total compromised records. XTF, or the “theft of
probability of fraudulent intent,” accounted for about 2 percent; data by a current or non-employee with absolute or high prob-
XH or “hacking or unauthorized intrusion of network by a non- ability of fraudulent intent,” accounted for about 8 percent of
employee,” was about 59 percent; XTNF or “theft of data by a the data breaches and about 6 percent of the compromised re-
nonemployee with low or no probability of fraudulent intent,” cords. In addition, the subtype IL, or the internal “loss of data,”
was 8 percent, and NA or “non-traceable — unable to trace to accounted for about 5 percent of the total data breaches but only
internal or external,” accounted for approximately 3 percent. 4 percent of the total compromised records.
External hackers caused most of the compromised records, The above results are similar for the external subtypes. For
which is expected because they get more bang for the buck by example, XP, or the “partner/third party loss of data by improper
gaining access to more data when infiltrating the networks of exposure or disposal,” accounts for about 18 percent of the to-
larger organizations. But another serious problem exists with tal compromised records but only 7 percent of the total data
some partners and third-party contractors who seem to be ir- breaches. XH, or “hacking or unauthorized intrusion of network
responsible when entrusted with the data of other organizations. by a non-employee,” accounts for 18 percent of the data breach-
Figure 3, Case Breach Sum (above), shows the percent- es but a whopping 59 percent of the total compromised records.
ages of data breaches for the general internal, external and XTF, or the “theft of data by a non-employee with absolute or
non-traceable categories. Of the 2,278 data breaches, internal high probability of fraudulent intent,” accounted for nearly 6

January/February 2012 45
 CFE Exam Prep Course® | Books and Manuals | Self-Study CPE | Software | Merchandise | Toolkits
ACFE BOOKS AND MANUALS
Fraud Fighter: My Fables and Foibles
By Dr. Joseph T. Wells, CFE, CPA
At a period when dishonesty at top U.S. companies is
dominating public attention, Fraud Fighter: My Fables
NEW! and Foibles is a surprisingly frank and gripping mem-
oir from an unsurprisingly effective fraud fighter. This
autobiography forms a full tapestry of a life, displaying
wit, intrigue, trepidation, regret and finally, victory (342
pages).
$25 Members / $39 Non-Members
Visit ACFE.com/FraudFighter for more details.
Internet Fraud Casebook (Audio CD Set)
This popular ACFE casebook is now available in a con-
venient audio CD set. Featuring 13 CDs with more than
10 hours of captivating fraud cases, the Internet Fraud
NEW! Casebook CD set allows you to listen to the war sto-
ries of more than 40 fraud examiners and learn from
their real-life investigations. Each case study walks
through the investigation step-by-step, presenting les-
sons learned and recommendations for preventing fu-
ture occurrences of fraud.
To download a sample chapter, visit ACFE.com/
FraudCD.
$59 Members / $79 Non-Members
NEW!Corporate Fraud Handbook:
Prevention and Detection, Third Edition
By Dr. Joseph T. Wells, CFE, CPA
Fraud continues to be a serious and costly problem
for businesses. Now in its third edition, the Corporate
NEW!
Fraud Handbook, written by the founder and Chairman
of the ACFE, is filled with real-world cases and statis-
tics on the various types of fraud and their real cost to
organizations.
It reveals the incredibly creative fraud schemes used by
employees, owners, managers and executives to de-
fraud their companies. Auditors, fraud examiners and
criminal investigators will discover how to spot the red
flags of fraud and prevent it from happening in the first
place (456 pages).
$49 Members / $75 Non-Members
ACFE.com/Shop
Ordering is Easy!
(800) 245-3321 / +1 (512) 478-9000
Social Engineering: The Art of Human
Hacking
By Christopher Hadnagy and Paul Wilson
From elicitation and pretexting to influence and manipu-
NEW! lation, all aspects of social engineering are picked apart,
discussed and explained by using real world examples,
personal experience and the science behind them to un-
ravel the mystery of social engineering. This indispens-
able book examines a variety of maneuvers that are
aimed at deceiving unsuspecting victims, while it also
addresses ways to prevent social engineering threats
(408 pages).
$24 Members / $35 Non-Members
NEW!A Guide to Forensic Accounting
Investigation, Second Edition
By Steven Skalak; Thomas Golden, CFE, CPA;
Mona Clayton, CFE, CPA; Jessica Pill
Recent catastrophic business failures have caused
NEW!
some to rethink the value of the audit, with many de-
manding that auditors take more responsibility for fraud
detection. This book provides new coverage on the
latest PCAOB Auditing Standards, the Foreign Corrupt
Practices Act and on options fraud, as well as on fraud
in China and its implications. This book equips auditors
with the necessary practical aids, case examples and
skills for identifying situations that call for extended
fraud detection procedures (622 pages).
$129 Members / $175 Non-Members
NEW!The Fraud Audit: Responding to the
Risk of Fraud in Core Business Systems
CBy Leonard W. Vona, CFE, CPA
The 2010 Report to the Nations found that the typical
organization loses 5 percent of its annual revenue to
NEW!
fraud and abuse. Discover fraud within your business
before yours becomes another fraud statistic. The Fraud
Audit provides a proven fraud methodology that allows
auditors to discover fraud versus investigating it (378
pages).
$54 Members / $75 Non-Members
Course
Workbook CD DVD Online E-Workbook
Formats
SELF-STUDY CPE

“ The ACFE has the highest quality CPE

of any organization that I belong to!”
— Avery Hudson, CFE, CPA
Internal Auditor, Liberty Bank

Interviewing and Interrogation Toolkit CPE Credit: 16

Making Crime Pay: How to
BEST SELLER!

Unfortunately, “Interviewing Techniques 101” is not a course most of Locate Hidden Assets
us took in school. As a fraud examiner, however, you are challenged $59 M Course Level: Basic
with the task of interviewing on a regular basis. This toolkit includes $79 NM Prerequisite: None
four resources to help you improve your interviewing skills and ensure
Every anti-fraud professional needs the tools to
you become a more effective interviewer: $139 M pursue an investigation that involves a search for
$159 NM concealed assets. This course gives you insight
UÊ Finding the Truth: Effective Techniques for Interview and on how to locate hidden assets and how to iden-
Communication (20 CPE Credits) $159 M tify and trace hidden payments and sources of
$179 NM income. Hear from fraudsters about how to hide
UÊ Fraud-Related Interviewing
assets and from anti-fraud experts on how to find
UÊ Interviewing and Interrogation, Second Edition them.
UÊ Report Writing Manual
Ethical Issues for Fraud
NEW!
CPE Credit: 2
Regular Price: $254 Members / $270 Non-Members Examiners (Online Self-Study)
Bundle Price: $179 Members / $229 Non-Members $59 M CPE Credit: 2
$79 NM Course Level: Basic
Prerequisite: None
NEW!FCPA Investigations: Combating
CPE Credit: 4 Corruption in International Business Ethical Issues for Fraud Examiners will help you understand what con-
stitutes an ethical dilemma and develop an awareness of ethical is-
$119 M (Online Self-Study) sues faced by fraud examiners. The course also presents six fictional
$159 NM Course Level: Intermediate scenarios that illustrate potential ethical situations that pertain to fraud
Prerequisite: None examinations. The purpose of these scenarios is not to provide you
with solutions, but rather to familiarize you with some types of ethical
FCPA Investigations: Combating Corruption in International Business
dilemmas that might arise in a fraud examination.
provides you with important information to help you, your company
and its employees avoid adverse consequences and combat bribery
in international business. This course offers an overview of the FCPA, NEW! Inside the Fraudster’s Mind
discusses how you should respond to evidence of corruption, presents CPE Credit: 16
(Fulfills 2 hours ethics CPE requirement)
a roadmap that will help you conduct investigations of suspected cor-
$59 M CPE Credit: 8 (Fulfills 2 hours of required Ethics CPE)
ruption and discusses how to conclude an investigation.
$79 NM Course Level: Basic
NEW! Fraud Risk Management Prerequisite: None
CPE Credit: 3 $109 M
Course Level: Intermediate Understanding the thoughts and feelings of a
$129 NM fraudster can provide valuable insight to enhance
$89 M Prerequisite: None
an organization’s anti-fraud efforts. This course
$109 NM The field of risk management has attracted in- $129 M will explore psychological information that is key
creased attention in the wake of the economic $179 NM to the successful development of a fraud preven-
meltdown as the public comprehends the negative effects of uncon- tion and detection program. In the accompanying
tained risk. This course explains why managing fraud risk is important for training video you will hear ten convicted fraudsters explain directly
organizations and the steps to develop an effective fraud risk manage- what they were thinking when they decided to commit fraud and how
ment program. they finally got caught.

Highlights Include:
t
The business case for managing fraud risk
t
Objectives of a fraud risk management program
t
The components of a fraud risk management program
t
A discussion of COSO and other risk management frameworks

Order online at ACFE.com/Shop

Where the Experts Shop.
BREAKING BREACH SECRECY
percent of the total data breaches but only 2 percent of the total
compromised records. Lastly, XTNF, or the “theft of data by a
non-employee with low or no probability of fraudulent intent,”
accounted for only 8 percent of the total compromised records
but an amazing 24 percent of the total data breaches.
Analysis? Numerous Data Compromises Without Controls
The results strongly indicate that the organizations experi-
encing these data breaches lack strong comprehensive data
protection programs. As a result, the personal data that or-
ganizations should control and safeguard more easily is being
compromised in many ways.
For example, 26 percent of the total breaches result from
the internal “improper protection and disposal of data.” Exam-
ples include posting data online — including SSNs on mailing
labels — giving documents or hard drives to recyclers that in-
clude personal information (how about destroying them inter-
nally?) and leaving documents containing personal data unat-
tended in the workplace.
Do we know if any of the compromised records in this cat-
egory of data breaches were used for identity theft purposes? No,
but the opportunity exists. As we know, closing the door on op-
portunity is one of the best methods for fraud prevention.
The “protection and disposal of data” category is also direct-
ly linked to two other internal data breach and three external
subtype categories. For example, if companies properly protect-
ed and/or disposed data by securing physical facilities, software
and hardware, then less data, such as employee SSNs, would be
lost or misplaced. And employees or non-employees would be
stealing less internal and external data, such as customer debit
card numbers and other personal data. Also, as we wrote earlier,
organizations could better control internal and external hacking
and resulting identity theft if they were required to encrypt all
sensitive data with the use of the 128-bit encryption standard.
SELF-REGULATION NOT WORKING
It is obvious that many organizations need guidance in develop-
ing comprehensive data protection programs. Self-regulation has
not worked; maybe federal rules might help. Because of recent na-
tional exposure on data breaches, the U.S. Congress is considering
legislation on this topic. But do not hold your breath because they
have been considering legislation on notification of data breaches
for the past three sessions and have not passed any law. (The 2007
U.S. “Red Flags Rule” does require many business and organiza-
tions to implement a written identity theft prevention program
designed to detect the warning signs of identity theft in their daily
operations. See http://tinyurl.com/d6de4y.)
The state of Massachusetts, on the other hand, has re-
cently passed a comprehensive data protection law (201 CMR
17.00) containing standards and requirements directly related
to the types of internal and external data breaches described
and analyzed in this article.
48
The Massachusetts law is considered one of the strictest
in the U.S. The standards and precise requirements that are
paraphrased and listed below might be a model for other U.S.
states, the U.S. Congress and perhaps some foreign countries
for developing comparable legislation. They will also provide
valuable guidance for organizations and consultants who advise
them about specific elements that should be addressed in setting
up a comprehensive data protection program.
The law states that “every person that owns or licenses per-
For example, if
companies properly
protected and/or
disposed data by
securing physical
facilities, software
and hardware, then
less data, such as
employee SSNs,
would be lost or
misplaced. ©Ivelin Radkov/iStockphoto
sonal information about a resident of the Commonwealth shall
develop, implement, and maintain a comprehensive informa-
tion security program. …” That includes the following standards
and requirements briefly outlined by InstantSecurityPolicy on
its website at: http://tinyurl.com/4xnnoky.
In the section of the Massachusetts law, “17.03: Duty to
Protect and Standards for Protecting Personal Information,” ev-
ery comprehensive information security program shall include,
but not be limited to:
a. Designating one or more employees to maintain a compre-
hensive information security program.
b. Identifying risks to the security, confidentiality, and/or integrity
of records containing personal information, and improving cur-
rent safeguards where necessary, including 1) ongoing employee/
contractor training, 2) employee compliance with policies, and
3) means for detecting and preventing security system failures.
c. Developing policies relating to the storage, access, and trans-
portation of personal information outside of business premises.
d. Imposing disciplinary measures for violations of the security
policy.
e. Preventing terminated employees from accessing records
containing personal information.
f. Oversee service providers by 1) selecting and retaining service
providers capable of securing personal information and 2) re-
quiring service providers by contract to implement and main-
tain appropriate security measures for personal information.
Fraud-Magazine.com
g. Placing restrictions on physical access to records containing
personal information and securely storing of this information.
h. Regular monitoring to ensure the security program is op-
erating in the intended manner and upgrading safeguards
where necessary.
i. Reviewing security measures at least annually or whenever it
is reasonably necessitated by a change in business practices.
j. Documenting actions taken in response to any incident in-
volving a breach of security, and a post-incident review of
events and actions taken. 17.04
Computer System Security Requirements
(1) Secure user authentication protocols including:
a. Control of user IDs and other identifiers.
b. A reasonably secure method of assigning and selecting pass-
words or other unique identifiers.
c. Control passwords to ensure that the location and/or format
does not compromise data security.
d. Restricting access to active user accounts only.
e. Blocking access after multiple unsuccessful logon attempts.
(2) Secure access control measures that:
a. Restrict access to files containing personal information to
those who need such access.
b. Assign non-vendor-supplied, unique identifications and pass-
words to each person with computer access that are designed
to maintain the integrity of the security of the access controls.
(3) Encryption of all transmitted files containing personal
information when traveling across a public network or a wireless
connection.
(4) Monitoring of systems for unauthorized use of or access
to personal information.
(5) Encryption of all personal information stored on laptops
or portable devices.
(6) Use firewall protection and reasonably up-to-date
patches on Internet-connected systems that contain personal
information.
(7) Use anti-virus/anti-malware software with reasonably up-
to-date patches and virus definitions on Internet-connected systems
that contain personal information.
(8) Education and training of employees of the proper
use of the computer security system and the importance of
information security.

Time running out

to earn your CPE?
Earn 10 fraud-related credits with
Fraud Magazine® CPE Quizzes!

Is your deadline for CPE fast-approaching? All Certified Fraud Examiners must earn
the required 20 Continuing Professional Education (CPE) credits to remain in good
standing. If you are a CFE and want to make sure you have your 10 required fraud-
related credits, then take advantage of ACFE’s Fraud Magazine CPE quizzes.

Take this issue’s Fraud Magazine CPE Quiz on pg. 70,

or download archived quizzes at Fraud-Magazine.com/CPE-Quiz-Archive.aspx
Fraud Magazine® is a trademark owned by the Association of Certified Fraud Examiners, Inc.

January/February 2012 49
BREAKING BREACH SECRECY

A new federal comprehensive data

protection law should also include the
requirement that all government agen-
Attention CFEs
cies, nonprofits and businesses conduct
Fulfill Your Annual Ethics CPE Requirement
periodic audits by teams of experts to with this new course from the ACFE Bookstore
determine if they are compliant with the
requirements set forth in any mandated
comprehensive data protection plan.
Each organization should include a sec-
tion that includes an opinion on the re-
sults of the audit in its annual report, if
required, or on its website, if not.
Organizations that lack strong com-
prehensive data protection plans would
be substantially penalized.

RESTORING TRUST
Never-ending data breaches have seri-
ously jeopardized our national security
and trust in organizations to protect per-
sonal data. In the same way that the U.S.
Sarbanes-Oxley Act has restored the NEW! Ethical Issues for Fraud Examiners
public’s confidence in our financial mar- (Online Self-Study)
kets, the federal government would do
well to pass a similar law to restore the
CPE Credit: 2
public’s confidence and trust in transact- Course Level: Basic | Prerequisite: None
ing business electronically.
In your work to resolve allegations of fraud, you might encounter
Robert E. Holtfreter, Ph.D., CFE, ethical issues that require you to look beyond the technical require-
CICA, is distinguished professor of ments of your job and toward the moral dimensions. But ethical
accounting and research at Central issues can be perplexing. What is the right thing to do?
Washington University in Ellensburg, Wash.
His email address is: holtfret@cwu.edu. Ethical Issues for Fraud Examiners will help you to understand
what constitutes an ethical dilemma and help you to develop an
Adrian Harrington graduated from awareness of ethical issues faced by fraud examiners.
Central Washington University in
Ellensburg, Wash., in June 2011 with a
Bachelor’s Degree in Economics. His email What you will learn:
address is: aaharrington87@gmail.com. t
Ethical values that you are expected to honor when carrying out your
fraud examination duties.
(Robert E. Holtfreter thanks co-author
t
Understandintg ethical decisions
Adrian Harrington, a former student in his
fraud examination class, who volunteered to t
Considerations to keep in mind as you work toward your own
work for him as an unpaid research assistant. resolutions of ethical dilemmas. Imperative, utilitarian and
“He has worked hundreds of hours over the generalization ethical principles
past 18 months providing outstanding intel- t
How to locate resources that might be useful to you in resolving
lect, leadership and work ethic in helping to ethical dilemmas.
conduct research and investigate the data
breach area, develop our data breach clas-
sification model, analyze the data and write Order your copy today at
this article and work on others. He has a se- ACFE.com/EthicalIssues
rious interest working in the fraud area and
will make a great investigator.” – ed.)

50 Fraud-Magazine.com
 “The CFE credential is known and respected
around the world.”

Will White, Jr., CFE

ACFE Member Since 2007

Certified Fraud Examiner

Chief Anti-Fraud Officer
Office of Fraud Deterrence and
Detection, NAVSEA

The CFE credential has proven to be

a great benefit to my career, as I have
been selected to lead the Anti-Fraud
Program for the Department of
Defense’s largest Systems Command
as the Chief Anti-Fraud Officer. As the
Chief Anti-Fraud Officer, I have the
responsibility of providing oversight
(prevention and detection of fraud,
waste and abuse) for the Naval Sea
Systems Command’s 55K personnel
and $40 billion annual budget.

Invest in your career. Become a CFE.

Visit ACFE.com/CFE
 Case in Point
He Milked it For All it Was Worth
A Dairy Farm Bankruptcy Fraud
B
ankruptcy fraud, which is a form of financial state-
ment fraud, is perpetrated by concealing assets
through misappropriation and/or a misclassifica-
tion of accounts. In the following case, we will
show how delayed bankruptcy schedule filings,
inaccurate bankruptcy schedules and incorrect monthly
operation reports can create an opportunity for a dishonest
debtor to misappropriate assets of a bankruptcy estate.
The consequences of this particular bankruptcy fraud
case resulted in $1.5 million in misappropriated assets, neg-
ligence action against the attorney and the convicted debtor
receiving a 10-year prison sentence.
THE DAIRY FARMER CASE
The wayward debtor in this case, a dairy farmer (we will call
him Stan), was suspected of gambling away the majority of
the misappropriated $1,528,502 from the estate at casinos.
Eight months prior to filing bankruptcy, Stan submitted
a signed personal financial statement showing $5,582,103 of
assets and $4,842,505 of liabilities, which set his net worth
at $739,598.Three months prior to filing bankruptcy, Stan
submitted a signed personal financial statement showing
$11,607,450 of assets and $4,981,100 of liabilities, which
then made his net worth $6,626,350.
When he finally filed, the assets of the farmer’s bank-
ruptcy estate consisted of farmland, farm equipment, build-
ings, dairy cows, growing crops and crops in storage. The
bankruptcy schedules showed real property of $1,116,000 and
personal property of $574,370, for total assets of $1,690,370.
The farmer’s liabilities consisted of secured creditors and pri-
ority creditors holding claims of $4,661,866, and unsecured
creditors holding claims of $293,202. This brought the total
claims to $4,955,068.
COURSE OF THE BANKRUPTCY
This bankruptcy was extremely adversarial from the begin-
ning. The bankruptcy estate attorney imposed several delays
52
By Roger W. Stone,
CFE
Almost two years after the initial filing, the
bankruptcy court established the value of the
farmland at $2,926,000, which differed from the
initial $1,116,000 valuation on the schedules.
that undermined what little trust existed. The attorney ini-
tially filed for a Chapter 12 bankruptcy proceeding, which is
a type of bankruptcy for farmers who have less than $1.5 mil-
lion of debt. However, his client’s estate had more than $1.5
million of debt, and the attorney admitted during his deposi-
tion that he knew his debtor did not qualify for Chapter 12
at the time he submitted the filing. A plausible explanation
for the attorney’s action was that a Chapter 12 filing would
result in future filings to correct the initial filing. Those filings
would delay reporting requirements for the debtor.
The attorney continuously requested extensions to file
bankruptcy schedules, saying that he wanted to ensure their
accuracy. However, the amended bankruptcy schedules were
also inaccurate. Moreover, Stan’s monthly reports of opera-
tions, when they were filed with the U.S. Trustee office, were
filled with inaccuracies and misapplications of accounts. The
most cursory review could detect these inaccuracies, so it was
clear that the attorney had not reviewed these reports prior
to their submittal. Lastly, Stan’s plan for reorganization was
submitted late and was unrealistic in scope. The creditors’
attorneys objected to virtually every filing.
Because of these delays, the creditors did not have accurate
information about the estate’s assets and monthly cash flow, and
Stan was able to maintain control over the estate’s assets for
2½ years, instead of being removed and replaced with a court-
appointed Chapter 7 trustee who would administer the estate.
Almost two years after the initial filing, the bankruptcy court
Fraud-Magazine.com

established the value of the farmland at $2,926,000, which
differed from the initial $1,116,000 valuation on the schedules.
The farmland eventually sold for more than $3 million.
The risk to the creditors was not the farmland’s de-
creased value on the schedules, because the farmland itself
was not a liquid asset. The real risk was Stan’s misappropria-
tion of assets (i.e., dairy cows, farm equipment, etc.) when
he sold those assets outside the normal course of business
without first obtaining the court’s permission. He used the
funds from those sales for his personal gain.
The creditors attempted to deter the debtor’s liquidation
of assets by taking inventories and by taking court action.
However, the court action was slow and the inventory results
were disputed. Without cooperation from the estate attorney,
the creditors did not accomplish much in trying to thwart
the debtor from liquidating his assets.
The debtor misappropriated the following assets for
these amounts:
• Dairy cows ..............................................................$638,925
• Grain sales not deposited to estate.........................$308,895
• Withdrawals of cash ...............................................$221,775
• Farm equipment and vehicles ................................$167,500
• Direct payment to debtors........................................$75,000
• Accounts receivables not disclosed on schedules ....$43,341
• Preference payments.................................................$62,230
• Miscellaneous ...........................................................$10,836
• Total ....................................................................$1,528,502
HOW THE ASSETS WERE LIQUIDATED
During a bankruptcy, the law allows inventory held for
sale by the business to be purchased and sold in the normal
course of business as long as the creditors are protected. For
instance, inventory cannot be sold at below-market value,
but it can be sold at market value during the normal course
of business. Also, estate assets that are used to produce in-
come cannot be sold without the court’s permission. To apply
these rules to the dairy farm case, the milk produced by the
cows could be sold at market price in the normal course of
business. However, the cows that produce the milk could not
be sold without the court’s permission.
There is a gray area within the definition of “normal
business operations,” and this is where a dishonest debtor can
do harm to creditors, shareholders and the business itself. In
the dairy farm case, Stan perverted the dairy farm’s “normal
operations” to his benefit and the harm of the creditors. (The
attorney, though not proven to be negligent, caused the
delays that allowed Stan to pervert operations.)
January/February 2012
Case in Point
To further explain, in most dairy farm operations, dairy
cows produce less milk over time; therefore, it is normal for a
dairy farm to sell approximately 20 percent to 25 percent of
its herd every year for meat and then replace those animals
with younger dairy cows. A significant number of calves born
every year can be kept or sold, but these animals typically are
not on the accounting books because they have no basis.
Following are the specific ways the bankruptcy court
liquidated the assets:
1. Dairy cows sold
Depreciation records showed that Stan bought 957 dairy
cows at an average cost of $1,229 per cow in the four years
prior to the bankruptcy. The average useful life of a dairy
cow is five years, and then it is sold for beef. The bankruptcy
schedules showed 252 cows on hand. Two-and-a-half years
after the initial bankruptcy filing there was a total liquida-
tion of dairy cows that resulted in a sale of 102 cows for
which the estate received $49,574.The bankruptcy estate did
not recover everything else that was sold.
2. Calves sold
It was estimated that there were 957 cows in the herd at
the time of the bankruptcy filing, which would result in a
minimum of 574 calves produced per year. However, there is
no evidence that funds from these sales were deposited in the
bankruptcy estate.
3. Milk production
The dairy farm was making about $240,000 monthly in milk
sales, which was being deposited in the bankruptcy accounts.
Stan made a side deal with his milk buyer, who agreed to pay
less for the milk and then make $8,000 monthly payments
directly to the debtor. This money never came into the
bankruptcy estate.
4. Crop sales
Crops were grown using assets of the bankruptcy estate.
However, during at least one year, Stan sold the crops and
never deposited the receipts and money from the sales in the
bankruptcy estate.
5. Farm equipment
It should be difficult to liquidate farm equipment that is in
a bankruptcy proceeding because of Uniform Commercial
Code filings on the equipment. However, Stan was able to
liquidate his equipment in two ways:
53
 Case in Point
• The first was leased farm equipment
that had a significant residual value —
If the accountant had been
$45,000 more than what he owed on
more experienced or the lease. It appears that Stan returned
the equipment to the leasing company
properly instructed prior
with some agreement that he personally
to performing his court- received the residual value. The residual
value never came back to the estate.
appointed duties, it is
• The second method involved used farm
reasonable to expect that equipment as a part of a blanket security
Stan would have been agreement for an operating loan Stan had
obtained prior to the bankruptcy. In this
deterred. As it stood, instance, the equipment was placed for
Stan was allowed to auction out of the area with the proceeds
going to a relative.
liquidate assets and
pocket the proceeds. 6. Withdrawals of cash
Without adequate supervision and con-
trols, Stan wrote checks to cash totaling
$221,775 out of the bankruptcy estate.
At the pre-filing conference, the estate
attorney counseled the debtor to hoard cash
to prepare for footing the bankruptcy ex-
penses. What the attorney probably meant
was to not pay creditors, lessors and other
accounts payable prior to filing for bankrupt-
cy and the automatic stay (an injunction
that halts the bankruptcy’s courts actions).
The goal was to keep as much money as pos-
sible in the bankruptcy checking account so
the debtor could continue to operate amidst
the business disruptions associated with
filing for bankruptcy. However, the debtor,
who had dishonest intentions, interpreted
this advice as keeping as much actual cash
in the house as possible and to not report it.
It is suspected that the debtor had in excess
of $100,000 cash on hand at various times
during the course of the bankruptcy.
THE INEXPERIENCED ACCOUNTANT
Approximately one year after the initial
bankruptcy filing, the court appointed an
accountant to prepare the monthly reports
of operation. The inexperienced insolvency
54
accountant made several errors. When pre-
paring the monthly reports of operation, he:
• Did not have copies of checks or deposits.
• Did not have a check register.
• Relied on descriptions of checks and
deposits provided by Stan.
• Did not question Stan about the
appropriateness of deposits made or
checks written.
• Did not consider it his responsibility to
question unusual expenses or deposits.
• Did not know that Stan was not allowed
to have personal bank accounts other
than the debtor in possession accounts.
If the accountant had been more
experienced or properly instructed prior to
performing his court-appointed duties, it is
reasonable to expect that Stan would have
been deterred. As it stood, Stan was allowed
to liquidate assets and pocket the proceeds.
Two-and-a-half years after the initial
filing, the court finally appointed a Chapter
7 trustee to liquidate the estate. One month
later, the original attorney for the bank-
ruptcy estate resigned.
WHAT THE CREDITORS COULD HAVE DONE
Early on, the creditors realized that Stan
was dishonest, and there was a real risk that
he would misappropriate the assets. The
creditors hired appraisers, took inventories
of the assets and filed court documents to
protect their assets during the bankruptcy.
However, these actions failed to deter Stan.
The creditors could have engaged a
forensic accountant/CFE to inspect the
debtor’s monthly reports of operations. This
person could have:
• Verified reconciliations of bankruptcy
accounts.
• Verified that all payments were for
appropriate services.
• Verified that all deposits were being made
to the appropriate accounts.
Fraud-Magazine.com

• Reviewed prior years’ purchases and accounts payables to
verify the existence of assets that were in the bankruptcy
schedules or that should be in the schedules.
• Notified the creditors of anything that appeared unusual or
inappropriate.
It is true that these services can be costly, so creditors
should only take this route when the expense can be justified
by the risk of loss.
The Chapter 7 trustee engaged me to quantify and prove
the amount of misappropriated assets. There was virtually
nothing left for the creditors, except for a cause of action
against the original bankruptcy attorney.
As is frequently the case in misappropriations, the
involved parties missed many obvious opportunities to stop
or minimize the fraud, prior to and during the bankruptcy.
For example, Stan’s attorney could have resigned when he
realized his client was dishonest; the U.S. Trustee office
could have been more proactive in reporting the level of
extreme inadequacy of the monthly operating reports to
The Motivations of the Players in a Bankruptcy Case
Here is a summary of the key players in a bankruptcy filing and
their respective interests:
The bankruptcy estate attorney. In most cases, attorneys
in bankruptcy cases will resign when they believe they are
representing individuals who are not adhering to the rules of
bankruptcy. In my opinion, attorneys on these types of cases
are not paid enough to get entangled with dishonest persons;
the amount of the attorney’s fees is miniscule compared to the
amount that dishonest persons steal. Attorneys want their insur-
ance to settle the case before it goes to court.
The malpractice insurer. Working for the estate attorney, the
insurer is motivated to settle the case for the minimum if engaged.
The Chapter 7 trustee. The Chapter 7 trustee is torn be-
tween recovering the maximum amount for creditors and doing
something that might upset the U.S. Trustee office and jeopardize
January/February 2012
Case in Point
the judge; the court could have appointed a more experi-
enced accountant, etc.
PROFESSIONALS’ ROLES
Most experienced forensic accountants, and many CFEs, can
review businesses in bankruptcy and determine fairly quickly if
the debtors are following the rules. If a debtor is following the
rules, these professionals will only need to periodically review
operations reports, greatly reducing the cost of the accoun-
tant’s services. Such reviews will give the creditor the informa-
tion required to force the court to act quickly, either by remov-
ing the debtor in possession or by forcing the individual to
report as required. Either way, the creditor is better protected.
Roger W. Stone, CFE, is the owner and operator of
Management Accounting Services in Champaign, Ill. His
primary business is providing insolvency and forensic accounting
services to businesses and attorneys. His email address is:
rstone@financialstatements.net.
the trustees being appointed to future cases. Also, the risk of
going to trial is that the plaintiff could lose, which means there
might not be funds to pay the Chapter 7 trustee.
The U.S. Trustee office. The office may not want a case to
go to trial because it could be revealed during the trial that the
office was not carefully reviewing the debtor’s monthly operat-
ing reports.
The judge. This player might not have a dog in the hunt.
However, in my opinion, judges seem reluctant to find lawyers
guilty of negligence.
The creditors. They are motivated to go to trial or settle for
the maximum amount. However, it is the Chapter 7 trustee’s call
as to whether or not to settle — not the creditors. Their primary
recourse is to object to what they perceive as an unreasonable
settlement between the Chapter 7 trustee and the insurer.
55
 Taking Back the ID
Identity Theft Prevention Analysis
Fraudsters Claiming Victims Via
Payday and LinkedIn Scams
S usie Duke was a fanatic when it came to technol-
ogy. She had all the latest hardware, including a
smartphone, a laptop, an iPad and a Blackberry —
all of which she used to communicate with friends
and business associates. However, she was not
sophisticated about protecting herself from fraud in a tech
environment. She ended up falling for a telephone collection
scam related to “purported delinquent payday loans.”
Payday loans have become more common over the
past few years because of the declining economy. The loans
are short-term fixes, usually for two-week periods, to allow
individuals to cover their expenses until the loans become
due the next payday. A recipient normally is required to write
a check for the cash amount of the loan plus the loan fee,
which often is extremely high — ranging from 15 percent to
30 percent of the loan. The lender normally deposits the check
in his account when the payday date arrives. If the loan recipi-
ent does not repay the loan, the lender usually extends it at the
same interest rate. The real cost of these loans can easily reach
from 300 percent to 1,000 percent of the loan if the recipient
does not cover it in a reasonable time period.
Susie would occasionally get behind in paying her bills,
so she would go online and apply for a payday loan to tide her
over until she received her next payroll check. She recently
had begun receiveing telephone calls purportedly from a FBI
representative who said he was collecting debts for a cash
advance company. Susie was very upset and confused because
she always paid off her payday loans when they became due.
This fraudster had already obtained Susie’s personal informa-
tion, including her Social Security, driver’s license and bank
account numbers, from an unknown source and was attempt-
ing to use it to bilk her out of money. In the next two weeks,
he harassed her with numerous calls, and he threatened her
with legal action if she did not immediately pay off her debt
of $2,000 by placing that amount on a prepaid Visa gift card
and mail it to him. Susie became confused and overwhelmed
and finally gave in and paid the fraudster.
56
By Robert E.
Holtfreter, Ph.D.,
CFE, CICA
THE DELINQUENT PAYDAY LOAN SCAM
This identity theft case is fictional, but it represents a fraud
that has gained enough momentum to be reported by the
Internet Crime Complaint Center (IC3) in an Intelligence
Note on Dec. 10, 2010 (“Telephone Collection Scam Related
to Delinquent Payday Loan”). Like the FBI, the Federal Trade
Commission (FTC) and the Federal Insurance Deposit Cor-
poration, the IC3 alerts the public when it receives numerous
complaints about a new scam.
The IC3 mentioned that fraudsters in this scam typi-
cally purport that they are with either the FBI, the “Federal
Legislative Department” (whatever that is), other high-level
government agencies or a law firm. They say that they are
calling to collect debts for Internet check-cashing companies,
such as U.S. Cash Net, U.S. Cash Advance and United Cash
Advance. In most cases, the victims are current or former
payday loan recipients.
The fraudsters do their homework before calling their
potential victims. They have the targeted individuals’ Social
Security numbers, dates of birth, addresses, employer infor-
mation, bank account numbers, and names and telephone
numbers of relatives and friends. How the personal informa-
tion is collected is unknown, but the IC3 said that the “vic-
tims often relay that they had completed online applications
for other loans or credit cards before the calls began.”
Once a con artist gets a victim on the hook, he will
accelerate the scheme by continually calling that person at
work, at home, and on his or her mobile phone with threats
of physical violence, arrest and legal action. An intended
victim will question the con artist about the particulars of
the loan, but he will refuse to respond, will be abusive and,
in some documented cases, will harass the victim’s family
and friends. In many cases, this hard-sell strategy overwhelms
the victim, and he or she gives in. Like many telephone and
online schemes, the fraudsters have orchestrated scripts, and
Fraud-Magazine.com

The only explanation I have is that the hacker
stole his Gmail account from the LinkedIn website
and used it to capture a contact list, which
included my email address.
they are well trained to listen for victims’ cues and respond
accordingly to complete sales.
The U.S. Fair Debt Collection Practices Act provides
consumer protection from illegal and unethical debt collec-
tion practices. According to Lawyers.com, the act does not
allow bill collectors to:
• Tell people they will be arrested if they do not pay.
• Repeatedly call the person to harass or annoy him.
• Issue threats of violence or harm.
• Falsely claim to be attorneys.
• Falsely claim that the person committed a crime.
The website also advises consumers to do the following
if they receive suspicious phone calls about a debt:
• Ask the caller to send the loan information in writing.
• Refuse to verify any bank account, credit card or personal
information over the phone.
• Report any telephone harassment or threats to the FTC,
which enforces the Fair Debt Collection Practices Act.
• File a Better Business Bureau complaint to help let others
know about the scam.
• Contact the state attorney general’s office to find out
about state debt collection and consumer protection
laws that might apply.
In addition, the IC3 says to do the following:
• Contact your banking institutions.
• Contact one of the three major credit bureaus and request
that an alert be put on your file.
• Contact your law enforcement agencies if you feel you are
in immediate danger.
• File a complaint at www.IC3.gov.
SCAMS USING LINKEDIN
Recently, there have been reports of con artists culling
personal information from the online business social network
LinkedIn to commit fraud. LinkedIn has more than 120
January/February 2012
Taking Back the ID
Identity Theft Prevention Analysis
million members worldwide, and as of June 30, its member-
ship included executives from all 2011 Fortune 500 com-
panies. LinkedIn members share personal information on
the site, including their names, titles and places of business,
which allows them to create opportunities for themselves
and others. LinkedIn can be a great resource for identify-
ing and networking with key people at other companies.
However, some join LinkedIn to gather information on other
members and perpetrate fraud. Many of them will email
spear-phishing messages to LinkedIn members.
Spear Phishing
In a typical phishing scheme, a fraudster casts his net wide by
sending a fraudulent email message to millions of individuals
to try to hook some victims into a scam. However, in a spear-
phishing scheme, the fraudster directs an email to an indi-
vidual or a select group of individuals within a company or
industry. The fraudster wants to convince the recipient that
the message is coming from someone who is in a position
of authority within the company — for example, a network
administrator — who is asking for confidential information.
The message typically includes a request for the person’s
username and password, or it will ask the recipient to click
on a link that turns out to be corrupt and allows a banking
Trojan to download onto the victim’s computer. The bank-
ing Trojan contains a key logger that will harvest the email
recipient’s business or corporate bank account information.
At that point, the fraudster can masquerade as the legitimate
user and transfer money out of the account.
ZenuS Malware Scheme
Fraudsters also have used LinkedIn to install a malware
called ZenuS on LinkedIn members’ computers by sending
invitations to accept new contacts. A member clicks on a
link in the email message, the malware becomes embedded
in the member’s browser and is used to steal personal infor-
mation, including passwords for personal or corporate bank
accounts, depending on whether the message was received
at home or work. The end result is the fraudster can transfer
funds out of the accounts.
A couple of other versions of this scheme recently hap-
pened to me. Over the past four months, I have received five
suspect emails. The first four were purportedly from people I
knew who wanted to add me to their LinkedIn network. To
accept, I would have to click on a link provided in the mes-
sage. One of the individuals was a student in one of my sum-
mer classes. I immediately became suspicious and declined
the offer. I then went to the LinkedIn website and entered
TAKING BACK THE ID cont. on page 69
57
 Global Fraud Focus
Examining Cross-Border Issues
Chinese Stock Investment Fraud?
Separating Fact from Fiction
A
ccording to a June 5 article, “China foreign list-
ings dogged by scandal,” by Robert Cookson
in the Financial Times, a spate of scandals at
Chinese companies listed in New York, Hong
Kong and Toronto is unsettling investors.
“It seems to have bubbled into a hysteria and creates an
unfortunate overhang over all Chinese companies seeking to
raise capital in the U.S. markets,” said William McGovern,
Hong Kong-based partner at Kobre & Kim and former en-
forcer at the U.S. Securities and Exchange Commission. “It
has become hard for investors to separate fact from fiction.”
(http://tinyurl.com/5udkgk3)
And a May 26 article in The New York Times, “The
Audacity of Chinese Frauds,” by Floyd Norris, explains
how Deloitte Touche Tohmatsu exposed fraud at one of its
long-time clients, the Chinese financial software company
Longtop Financial Technologies. Apparently, the company
fooled some smart people into buying devalued stock. (http://
tinyurl.com/6axc5ll)
Are these stock scandals “legitimate” frauds aided by
backdoor investment listings and outsourced by auditing firms?
Or are they works of fabrication initiated by short sellers reap-
ing profits selling on stock price declines either by allegations
or innuendo? The reality is that there is probably a mixture of
everything from fact and fraud to analysis and anxiety within
the perceived red-hot Chinese stock market.
Would-be investors should be aware of the potential
for fraud in any investment no matter its national origin.
The U.S. Public Company Accounting Oversight Board
(PCAOB) released a report on March 14 on the “Activ-
ity Summary and Audit Implications for Reverse Mergers
Involving Companies from the China Region” (the China
region refers to the People’s Republic of China, Hong Kong
Special Administrative Region and Taiwan) from Jan. 1,
2007, through March 31, 2010 (Research Note #2011-P1).
58
By Richard Hurley, Ph.D., J.D., CFE, CPA;
and Tim Harvey, CFE, JP
The recent wave of accounting issues and
scandals involving Chinese firms has raised
regulatory concern levels from a small crack to
a chasm. Furthermore, short sellers are not
helping to distinguish reality from rumor.
The report summarizes the concept of reverse mergers
(also known as backdoor mergers) as: “… any acquisition
of a private operating company by a public shell company
that typically results in the owners and management of the
private operating company having actual or effective voting
and operating control of the combined company. Through a
reverse merger transaction, although the public shell com-
pany is the surviving entity, the private operating company’s
shareholders control the surviving entity or hold shares that
are publicly traded. In a reverse merger transaction, the entity
whose equity interests are acquired (the legal acquiree) is the
acquirer for accounting purposes.” The end result is that:
1. The private company has access to the U.S. financial
markets as a registered SEC reporting company without
filing a registration statement under the Securities Act of
1933 or the Exchange Act of 1934, but the public shell
company must file Form 8-K filing with the SEC.
2. The private company probably incurs a lower
accounting, legal and filing fee and gains faster access
to capital markets than filing an IPO.
3. Investors may perceive added value to the public shell
company. (See http://tinyurl.com/3s8tkq9 and
http://tinyurl.com/3awrx3g.)
Fraud-Magazine.com

The PCAOB’s March 11 report on reverse mergers
identified 159 companies, with a market capitalization of
$12.8 billion, that have accessed the U.S. capital markets via
a reverse-merger transaction from Jan. 1, 2007, to March 31,
2010. During that same time, only 56 Chinese companies,
with a market capitalization of $27.2 billion, completed the
initial public offering (IPO) process.
Although Chinese auditors completed 24 percent of the
audits of Chinese reverse mergers, the PCAOB staff takes is-
sue with some U.S. registered accounting firms because “they
may not be conducting audits of companies with operations
outside of the U.S. in accordance with PCAOB standards.”
On July 12, 2010, the PCAOB issued Staff Audit Practice
Alert No. 6, Auditor Considerations Regarding Using
the Work of other Auditors and engaging Assistants from
Outside the Firm, which highlighted the PCAOB’s concerns
with auditors hiring external auditors and staff to perform
audits outside the U.S. including ones in the Chinese region.
(http://tinyurl.com/63wrvpg)
The PCAOB inspection staff observed that in “some sit-
uations it appeared that U.S. firms provided audit services by
having most or all of the audit performed by another firm or
by assistants engaged from outside the firm without comply-
ing with PCAOB standards applicable to using the work and
reports of another auditor or supervising assistants. In one
case the U.S. firm’s personnel did not travel to China region
during the audit, and substantially all of the audit documen-
tation was maintained by the Chinese firm that did the audit
work.” (See footnote 37 of http://tinyurl.com/3knf6db.)
SEC Chairman Mary Schapiro is also working with
Chinese regulators to address areas of concern. One key issue
is the PCAOB’s inability to inspect the reverse-merger firms
in China. SEC Commissioner Luis Aguilar was a little more
emphatic with his concerns when he addressed attendees of
the Council of Institutional Investors Annual Conference on
April 4, 2011: “While the vast majority of these companies
may be legitimate businesses, a growing number of them
have accounting deficiencies or are outright vessels of fraud.”
The PCAOB also has difficulties in inspecting Chinese
audit firms that have registered with the agency. Michael
Rapoport reported in the August 8 article, “Progress Cited on
Audits in China,” in The Wall Street Journal, that Chinese
authorities have not granted permission to the PCAOB to
enter their country to evaluate audit firms who are registered
with the agency. (http://tinyurl.com/63xzwrl)
On April 4, PCAOB Chairman James Doty said in a
speech to the Council of Institutional Investors that, “If
Chinese companies want to attract U.S. capital for the long
term, and if Chinese auditors want to garner the respect of
January/February 2012
Global Fraud Focus
Examining Cross-Border Issues
investors, they need the credibility that comes from being
part of a joint inspection process that includes the U.S. and
other similarly constituted regulatory regimes. In light of
these risks, the PCAOB’s inability to inspect the work of reg-
istered firms from China is a gaping hole in investor protec-
tion.” (http://tinyurl.com/3dns5eo)
The recent wave of accounting issues and scandals
involving Chinese firms has raised regulatory concern levels
from a small crack to a chasm. Furthermore, short sellers
are not helping to distinguish reality from rumor. Take, for
example, Sino-Forest, a Chinese forestry company listed on
the Toronto exchange. Robert Cookson, reporting in the
June 6 Financial Times article, “China foreign listings dogged
by scandal,” writes that in a few days Sino “lost more than
two-thirds of its market value since Thursday after Muddy
Waters, a research firm founded by short-seller Carson Block,
accused the company of overstating its sales and the value of
its forest land.” (http://tinyurl.com/3svmcn4)
Sino denied the allegation and claimed Muddy was
“muddying the waters” to profit from short selling. However,
another forestry group, China Forestry, had its shares sus-
pended in January, 2011 after its chief executive was arrested
for the alleged embezzlement of $4.6 million.
Cookson, reporting in his June 6 Financial Times article,
writes that in the last six months “more than 25 New York-
listed Chinese companies have disclosed accounting discrep-
ancies or seen their auditors resign. … Nasdaq and NYSE
Euronext have halted trading in the shares of at least 21
small and micro-cap Chinese companies in the past year, and
kicked five of them off the exchanges.”
Doty is optimistic that the PCAOB can reach an agree-
ment with Chinese regulators on inspections. In the interim,
investors should understand that investing in China has its
own sets of investment risks. Then again, they should realize
that in a post-Enron, Madoff, Paramlat, Satyam, Siemens and
Societe Generale world, fraud has no national boundaries.
Just remember: No nation has a monopoly on stock fraud.
Investors must be diligent and be aware of the risks and act
accordingly. Caveat Emptor — Let the buyer beware.
Tim Harvey, CFE, JP, is director of the ACFE’s UK Operations,
a member of Transparency International and the British Society of
Criminology. His email address is: tharvey@ACFE.com.
Richard Hurley, Ph.D., J.D., CFE, CPA, is a professor in
the University of Connecticut (Stamford) School of Business.
His email address is: rhurley@business.uconn.edu.
59
Meet the Staff
Improving Members’ Lives
By Cora Bullock
M ember Services Representative Ashly Worsham
enjoys talking to members and helping them,
but the ACFE fulfills her in a way she never
anticipated when she accepted the position
— her constant quest for self-improvement. She takes as many
classes as the ACFE offers, from speech and finance to personal
safety and business writing. “At the ACFE, they want you as a
staff member to further yourself,” she said. “You feel valued.”
COUNTRY LIFE
Ashly was born in the East Texas town of Groves, but imme-
diately moved to La Grange, where she grew up. Her family
includes little sister April, with whom she is extremely close,
and brother David, who is six years younger. Her mother,
Brenda, worked as a seamstress when the kids were young. She
then went on to work for the grocery store chain H-E-B, first
as a bookkeeper, later as a customer service representative. Her
father, David, was a petro-chemical draftsman when Ashly was
little, then returned to school to earn a certificate in computer
technology. He now is a computer technician with the
Lower Colorado River Authority.
Ashly grew up in the country. She lived off a dirt road, and
they raised Barbado sheep, pigs and cattle. The family had a
stock tank for fishing. But Ashly, who calls herself “pretty girly,”
avoided all of that and stayed inside with her mother, who
taught her to sew and cook. Ashly still takes scraps of fabric and
hand sews dresses. She loved to play dress-up: “I remember read-
ing ‘Gone With the Wind’ really young and then pretending I
was Scarlett in the backyard,” she said. “I also thought math was
ACFE Member Services Representative Ashly Worsham loves to assist
members, but she also works to improve her performance with the ACFE’s
continuing education offerings
60
fun when I was a kid. My dad (being a techie) gave me a huge
IBM and installed ‘Math Blasters.’ I became obsessed with it for
a whole summer until I beat it.”
Her father focused on making her independent. “He
wanted me to not be reliant on anyone,” she said. Like him,
Ashly is a comedian. On her first day at the ACFE, President
and CEO James Ratley, CFE, told her (falsely and with a
straight face) that he was the custodian and would take care of
trash and small spills. An hour later, she called him to clean up
an imaginary soda spill under her desk, knowing full well who
he really was. Jim was delighted, of course.
Ashly’s parents divorced when she was 11, but they
remained friends and still live near one another. Her mother
remarried, and Ashly considers her stepfather, Hunter, like a
second father. (She also has two older stepsisters from the union
with whom she is close.) He sparked her enthusiasm for science
fiction so much that she even gave a presentation during the
ACFE speech course about how much she loves the recent
remake of the sci-fi TV series “Battlestar Galactica.”
GIFT OF SINGING
Ashly was the good kid and rarely got into trouble, but she
did love to sing, which could be a blessing or a curse, she said,
because she was constantly singing. “My parents regretted buy-
ing me ‘The Little Mermaid,’ ” she said, laughing. She made
excellent grades and took a lot of dance classes. During high
school, she also sang lead vocals for her church’s praise and
worship band. She was a member of the drill team and business
club, acted in plays and sang in musicals. As if she was not busy
Fraud-Magazine.com
enough, she also took classes her last two years of high school to
become a licensed cosmetologist, which is how she paid her way
through college.
Ashly graduated from high school in 2003 and attended
Texas State University in San Marcos, 30 minutes south of
Austin. It took her a while to figure out her major. She initially
decided on accounting, because she is good at math, but then
Ashly took a speech class, which she loved so much that she
majored in mass communication. She also loves to counsel
people, so she minored in psychology.
Working full time as a hairdresser and attending school full
time meant she took a little longer to earn her Bachelor of Arts
in Mass Communication, which she did in 2009.

SERVING OUR MEMBERS

After she graduated, she was perusing craig’slist and saw the
ACFE’s posting for a member services representative. She
started in May 2010 and began managing the Fraud Magazine
CPE quiz in January of 2011.

Photo by Christi Thorton-Hranicky, CFE

“I love to be able to listen to our members and make them
happy and solve their problems, even when they don’t know
what their problems are,” said Ashly. She might one day return
to school to become a counselor. “Despite being a communica-
tions major, I like to listen to people, and over the years, I’ve
honed my listening skills.”

LEADING A FULL LIFE

When she is not assisting members, Ashly stays incredibly
busy. She has a passion for karaoke and sings with and writes Ashly Worsham
lyrics for her co-worker Justin Dillon’s electronic band, GOBI.
She also writes her own music and loves to cook. Her mother
goes through cookbooks from start to finish, trying every ADVERTISERS’ INDEX
recipe, and Ashly does the same. Her favorite cuisine is
Asian, specifically Thai.
Ashly has not had the opportunity to travel much — “The
EthicsLine .............................................. inside front cover
first time I touched or saw the Pacific Ocean was at the 22nd
Annual ACFE Fraud Conference and Exhibition.” — but she TLO...........................................................................page 5
one day plans to do more, though she does not want to leave SAS ................................................................... back cover
Austin right now. She fell in love with the city, despite the frus-
This index is provided as a reader service. The publisher doesn’t
trating construction — the city’s growing pains — she encoun-
assume any liability for errors or omissions. For information
ters every day. She tries to see the beauty in everything. “Your
about advertising, call Ross Pry at the ACFE, (800) 245-3321,
mindset really shapes your world, and I try to keep a positive or email him at rpry@ACFE.com.
perspective,” she said. Luckily our members, and the ACFE,
get to benefit from this too. Publication of an advertisement in Fraud Magazine® doesn’t
constitute an endorsement of the product or service by Fraud
Magazine or the Association of Certified Fraud Examiners Inc.
Cora Bullock is assistant editor of Fraud Magazine. Her email
address is: cbullock@ACFE.com.

January/February 2012 61
ACFE News
MCFADYEN REVEALS TULSA CHAPTER’S ‘SECRETS’
OF RITCHIE-JENNINGS SCHOLARSHIP SUCCESS
R. Cameron McFadyen, CFE, longtime Tulsa fraud examiner
and accountant and active ACFE member, recently spoke with
Fraud Magazine about his participation in the ACFE’s Ritchie-
Jennings Memorial Scholarship program, the Oral Roberts
University (ORU) scholarship process and his work in the
fraud examination field. McFadyen is the founding president of
the ACFE’s Tulsa Area Chapter and chairman of the Ritchie-
Jennings Memorial Scholarship Committee. (See ACFE.com/
scholarship.aspx.)
How long have you been associated with ORU and how have
you served in the scholarship process?
The Tulsa Area Chapter began participating in the annual
Ritchie-Jennings Memorial Scholarship competition in 1996.
I began as the chapter’s committee chair and started talking
about the scholarship to professors at local universities. A friend
of mine, Terry Unruh, an assistant professor of accounting at
ORU, expressed real interest. From that point on, we worked
closely together, and, over time, we developed a process, which
has been very successful. Since being named to serve on the
Ritchie-Jennings Memorial Scholarship Committee last year, I
have removed myself from the process at the local level to avoid
any conflict-of-interest issues.
ORU has had a number of candidates win the Ritchie-
Jennings Memorial Scholarship through the years.
The Tulsa Area Chapter established the R. Cameron Mc-
Fadyen, CFE, Scholarship Award beginning in the 1999-2000
competition year. This award provides additional scholarship
money to local winners.
How do you attribute ORU’s success?
I believe there are four key reasons for the success of this pro-
gram. First, the chapter scholarship chair maintains a close rela-
tionship with ORU professors and officials. Second, the chapter
sponsors events throughout the year, such as photo shoots and
congratulatory meetings for the winners and presentations to
recipients of the Fraud Magazine issue containing the scholarship
article. Third, the chapter evaluates students regularly to deter-
mine those who would make the best candidates for endorse-
ment. And fourth, the selection interviews are always in person
and designed to reveal as much as possible about each student:
who they are, what they want to do and how they view their fu-
tures. Those interviews are major components when the chapter
decides who to put forward as Ritchie-Jennings applicants.
62
What steps can educa-
tors take to help
students submit a
worthy application?
Educators can make all
the difference. They
are on the front lines
and know better than
anyone those students
who would make the best
scholarship applicants.
They can introduce their
students to the scholar-
ship program and tell
R. Cameron McFadyen, CFE them about its back-
ground. Educators can
spur students to work their hardest and, hopefully, steer them to
the fraud examination profession and the CFE credential. Dedi-
cated educators can mentor students through the application
processes and assure that they meet all requirements. Educators
also can help students present themselves in the best possible
way by highlighting achievements, experiences and honors that
differentiate them from the pack.
What motivated you to become a fraud examiner?
During my years as director of corporate internal audit, I came
across inappropriate actions by individuals in various parts of
our global operations. Finding this was a shock because you
just don’t start into an audit project expecting to uncover
fraud. Over time, in discussions with other audit professionals,
there was growing concern about fraud and the risks that came
with it. More and more forums about it became part of auditor
meetings to allow a sharing of experiences, and these provided
some education about how to deal with it. The subject matter
really intrigued me, and the interest grew to the point where I
just decided that I wanted to learn as much as possible and then
help others either through education or by helping them deal
directly with these very trying, difficult situations. More to the
point, I hate to see the bad guys win.
Your ACFE number is 300; you’ve been a member since
1989. Why did you decide to become a member and then a
CFE? What do you enjoy the most about the ACFE?
Prior to the ACFE, there was no authority to specifically address
these issues for professionals. When the ACFE began in 1988, I
saw some literature about this new organization. So I contacted
Fraud-Magazine.com
tacted the Austin headquarters to ask some questions and learn
what I could. I remember sitting in my office a few days later
and receiving a call from [now ACFE President and CEO] Jim
Ratley asking if I needed additional information. We had a very
nice conversation during which he said he hoped that with my
accounting background, combined with the interest I expressed
in fraud issues, I would seriously consider membership. And as
they say, that was that!
(Thanks to Lupe DeLeon, ACFE membership coordinator,
for assistance with this interview. — ed.)

CFE TAKES THE BLOWS AND GETS BACK UP IN ‘WIPEOUT’

Wilson Kennedy holds two distinctions as a City of San Diego
employee: He is the first to become a CFE and the first to be a Wilson Kennedy, CFE, swings with gusto during the trials of a
contestant on ABC’s summer “Wipeout” obstacle course TV summer “Wipeout” TV show.

Automatic Dues Renewal Service

Cost
Cost effective.
effffective Time
Time saving.
saving CConvenient
Convenient.
onvenient.
t.

The key to saving time and money on your ACFE dues…

t
Receive a 10% discount on your dues t
Your dues are automatically paid
each year you are enrolled in the service. each year — no need to write a
check or pay online.
t
Get $75 off a live ACFE training event.*
t
No interruption of member benefits
t
Environmentally friendly - paper state- and services.
ments and postage are eliminated.

Visit ACFE.com/AutoDues to enroll today.

*Offer expires December 31, 2012. ACFE webinars, online learning and one-day seminars are excluded.

January/February 2012 63
ACFE News

show. The credential has helped his career, and the program has In Memoriam
tested his resolve.
“I wanted the opportunity to experience the world’s most
entertaining and challenging obstacle course while appearing Major Karl J. Flusche, CFE,
on prime-time TV,” said Kennedy, the supervising management USAF, Ret., passed away on
analyst for the San Diego Public Utilities Department. Nov. 16. He was director
You have probably seen this wildly popular show when and manager of all elec-
channel surfing: Contestants move through a course of twirl- tronic evidence collection
ing and thrusting padded plastic wheels, giant balls, platforms activities for Fios Inc.
and mazes as they are shot with water cannons, pummeled with ACFE President and
exploding airbags and often ungracefully fly into pools of water. CEO James D. Ratley, CFE,
“From my couch, being on the show looked like it would be said, “Karl was a true profes-
fun, exciting and easy,” Kennedy said. After all he was young, sional. He personified what
had played college and semi-pro football and was still relatively we wanted in a CFE.”
fit. “It was one of the most physically exhausting things I have Flusche was a federal
ever done in my life!” agent for the Air Force Of-
He auditioned in four casting calls over 1½ years, but he fice of Special Investigations
was ready when he got the call. More than 75,000 applied for for 25 years, specializing in
season four, and he finally was in the 1 percent that made the computer systems analysis,
Karl J. Flusche, CFE
cut. Now ironically nicknamed “Sewer Rat” by the show’s pro- computer crime investiga-
ducers — he is a self-described germophobe who helps secure
tions and forensic analysis of computer systems and associated
funding for San Diego’s water and wastewater projects — he
storage media. He pioneered innovative ways for conducting
worked out frenetically for three months before the show’s tap-
forensic analysis of computer-related evidence and was credited
ing in May of last year. He ran, biked, swam, jumped rope and
in 1984 with finding the first-ever use of a computer to hide a
lifted weights. Still, after completing the qualifying run, “it must
have taken almost an hour before my heavy breathing stopped!”
During the taped competition, Kennedy fought his way to
the top six of 24 contestants in the semifinals, but he just missed “Karl was a true professional. He personified what
the final push for the $50,000 prize.
we wanted in a CFE.”
Throughout the ordeal, his family, friends and co-workers
cheered him on. Many of them, including members of his
church’s youth ministry, gathered at a pizza parlor to watch the
show last summer. He had told the church kids during his audi- suicide letter. In U.S. vs. Peri (1989), he was able to successfully
tions that he would buy a flat-screen TV, an Xbox and a “Wipeout” recover hundreds of electronically stored pages of classified war
video game for each of the three youth classrooms if he won. plans that a defecting U.S. soldier had passed on to the East
“Although I didn’t win, I didn’t have the heart to not get German Intelligence Service via electronic media — the first
them anything after they had been looking forward to celebrat- computer spy case in U.S. history.
ing with me for almost two years,” Kennedy said. So at the end His father, Don Flusche, was a sergeant with the Dallas Po-
of the viewing party he presented all those fun items for one of lice Department when Ratley was a police officer with the force.
the three classrooms. Then daughter Zaria, 11, Kennedy’s big- Ratley said Don Flusche had a profound influence on him. “Don
gest fan, led her Pop Warner cheerleading squad in a cheer. was the finest man I have ever known, and Karl was a chip off
He is not ready to retire from the punishment. He wants the old block,” said Ratley.
to appear on future all-star shows with other contestants who Karl Flusche is survived by his wife, Cindy; a son, Karl Jr.;
also did not quite make it to the finals. Kennedy definitely is and a daughter, Lorrie. He enjoyed spending time with their
not wiped out. three grandchildren, and he loved family genealogy, and stamp
— Dick Carozza and coin collecting.

64 Fraud-Magazine.com
Independent CFEs Need to Check Their
Jurisdictions on PI Licensure Laws
By James S. Peet, Ph.D., CFE
Last summer, the General Forum in the Members Only discus-
sion forums on ACFE.com contained a long conversational
stream on whether CFEs need private investigator licenses to
conduct fraud examinations. The consensus among the discus-
sants was a clear “maybe.” This unequivocal consensus was
based on the private investigator licensing laws and regulations
applicable in the relevant jurisdictions.
Most licensing laws define the activities that constitute
private investigative work and state that only licensed persons
can engage in those activities. In the U.S., for example, private
investigator licensing is controlled by each state, and 42 states
and the District of Columbia have licensing requirements for
private investigators. (Alabama, Alaska, Colorado, Idaho,
Mississippi, South Dakota and Wyoming do not have statewide
licensing requirements.)
Basically, in most jurisdictions, the question as to whether
an individual must be licensed as a private investigator depends
on whether the individual engages in private investigative
work. And perhaps the most relevant factors in determining
this are how the relevant jurisdictions define “private inves-
tigative work” (or some variation of this term, such as private
detective business or private investigation service) and if the in-
dividual is an employee of an entity or is independent. (Check
out the thread “PI Licensure” in the General Forum.)
WHAT CONSTITUTES PRIVATE INVESTIGATIVE WORK?
The definition of private investigative work can vary from state to
state, but generally, private investigative work involves engaging
in the business to, or accepting employment to, obtain or furnish
information with reference to any number of matters, including:
• Crime, criminals or rleated information.
• The identity, habits, conduct, business, occupation, honesty,
integrity, credibility, knowledge, trustworthiness, efficiency,
loyalty, activity, movement, whereabouts, affiliations,
associations, transactions, acts, reputation, or character
of any person.
January/February 2012
• The cause or responsibility for fires, libels, losses, accidents, or
damage or injury to persons or to property.
• Evidence to be used before a court, board, officer or investiga-
tive committee.
• Detecting the presence of electronic eavesdropping devices.
• The truth or falsity of a statement or representation.1
The above language, which is typical of some state laws,
is quite broad, meaning that it could encompass almost any
investigative profession, including the anti-fraud profession.
The general frameworks of state private investigation statutes,
however, regulate only those who are holding themselves out as
private investigators or conducting a business to perform those
functions. Indeed, these statutes typically exclude those em-
ployed exclusively and regularly by only one employer insofar as
their acts relate solely to the business of that employer.
DOES CONDUCTING A FRAUD EXAMINATION
CONSTITUTE PRIVATE INVESTIGATIVE WORK?
According to the ACFE’s 2010 Fraud Examiners Manual, a
“fraud examination is a methodology for resolving fraud allega-
tions from inception to disposition. More specifically, fraud
examination involves obtaining evidence and taking state-
ments, writing reports, testifying to findings, and assisting in the
detection and prevention of fraud.”
Investigative work is one of many components in a fraud
examination, but it does not include the fraud prevention com-
ponent. That is, fraud examination involves activities outside
the scope of traditional types of investigative work.
While some types of private investigative work may be
limited to reviewing data and evidence for signs of wrongdoing,
most are much more detailed. They require routine investiga-
tive tasks, such as interviewing victims, witnesses and suspects,
and taking their statements. Typically, the private investigator
collects evidence and maintains a chain of that evidence so that
a court of law will not dismiss it. The private investigator writes
detailed reports indicating the chain of events and often testifies
in court about that material.
65
ACFE News

If a fraud examiner engages in the typical activities

of investigative work, a private investigator’s license
might be required. This is because many jurisdictions Private Investigator Licensing in Canada and the United States
have laws that define investigative work broadly to
include the activities involved in fraud examinations.
Thus, if a CFE conducts fraud examinations or investi-
gations (separate, but similar activities), then this falls
under the purview of “investigative work.” It does not
matter if the investigations are of a criminal nature
or not; what matters is that the licensing jurisdiction
views them as investigative work.
But even if you engage in investigative work, it is
not definite that you are required to obtain a private
investigator license. Again, these statutes generally leave
free of regulation those employees acting on behalf of
their employers. PI License Required:
You likely will need a private investigator’s license Yes No
if you are an independent CFE (not a paid employee of a
corporation, organization, agency or any other entity). Note: Hawaii, Puerto Rico and the
District of Columbia require PI licenses,
An example of how an independent CFE could be but Guam and the U.S. Virgin Islands do not.

involved in investigative work is when a prospective cli-

ent contacts him or her about a possible case of occupa-
tional fraud. If the CFE speaks with the client, obtains
some cursory evidence that points to a particular employee, and investigator licensing laws — as long as the investigations are in
then decides to interview the employee and his co-workers, this the performance of their official duties.
is the beginning of a formal investigation. If the CFE completes Most CPAs are also exempt, as long as the work they do for
the interviews, takes statements and collects further evidence, their clients does not extend beyond the services traditionally
he or she is now well into an investigation, which may lead to offered by CPAs and into activities within the scope of tradi-
the employee’s termination and possible arrest. And the CFE tional investigative work. In many jurisdictions, once someone
may then testify in court. leaves straight accounting and begins forensic accounting, a PI
In short, if you are paid as an independent CFE (not license may be required. This is most often the case when some-
employed by an entity) to investigate a crime, you interview one begins interviewing victims, witnesses and suspects. The
people, and you collect evidence, which may be used before a person is no longer just reviewing data or evidence but is con-
court, you will likely be required to obtain a PI license. ducting a private investigation, as determined by law. Although
Dr. Joseph T. Wells, CFE, CPA, founder and chairman of some CPA activities could fall within the broad definitions in
the ACFE Board of Directors expresses his own opinion suc- state private investigator licensing laws, the AICPA maintains
cinctly. “If there is any chance at all that a state licensing board that CPAs should be exempt from state private investiga-
could view you as holding out as an investigator, do yourself tor licensing laws.2 Regardless of what the AICPA maintains,
a favor and get licensed,” Wells said. “Many of these state though, jurisditional laws always take precedence.
boards are self-funding and actively look for anyone that can Lawyers are also usually exempt from PI license require-
be construed to be unlicensed because it adds to their coffers. ments if they are acting in their capacities as attorneys. For
Moreover, if courts or opposing counsel can brand you as an un- example, Nevada provides that “[e]xcept as to polygraphic
licensed investigator, your case will likely suffer severe damage.” examiners and interns, this chapter does not apply … [t]o an at-
torney at law in performing his duties as such.” Nev. Rev. Stat.
FINER POINTS section 648.018.
Public employees conducting investigations on behalf of their If a lawyer decides to help another lawyer investigate
governmental organizations are exempt from state private fraud who is not in his or her firm, then the exception might

66 Fraud-Magazine.com
 NOW AVAILABLE

2012 Fraud Examiners Manual

not apply and that lawyer might need

a PI license.
As mentioned, those conducting
internal audits/investigations for corpo-
rations that employ them are generally
exempt from state private investigator
licensing laws. (These CFEs are usually
internal auditors or internal investiga-
tors.) A couple of jurisdictional excep-
tions — mostly in Canada — require
corporate CFEs to obtain PI licenses,
but this is not the norm. The essential resource for anti-fraud professionals
What if you do not conduct actual has been updated with even more information valuable to fraud
investigations but work as a consultant fighters worldwide. Stay up-to-date with latest changes in laws,
to develop fraud prevention programs statistics, fraud examination techniques, methodology and
or review materials for others, such as procedures with the new 2012 Fraud Examiners Manual. Because
law enforcement agencies or law firms? no other works provides such a comprehensive guide for the
There is a fine line between consult- anti-fraud professional, every fraud fighter should keep a copy in
ing, reviewing and investigating, so you their library.
should check with your licensing juris-
diction. Most jurisdictions do not require
a license if you are only a consultant and Important updates for 2012 include:
do not engage in investigative work. Fur- t
New chapter on Fraud Risk Management
thermore, if you are a forensic accoun- t
New chapter on Corporate Governance
tant (one who reviews and analyzes data
t
New coverage of the whistle-blower provisions of the Dodd-Frank Act
for purposes of litigation but does not
collect data or interview individuals) or t
Updated Computer and Internet Fraud chapter, including expanded
material on:
a computer forensic consultant, you may
be exempt from licensing. Most state t
Methods fraudsters use to gain unauthorized access to
laws are unclear on this matter. A few computer systems
states, such as Texas, specifically require t
Data manipulation and data destruction, including a discus-
computer forensic professionals to be sion on some of the common methods used to destroy and
licensed as private investigators. manipulate data
t
Ways organizations can prevent unauthorized access to their
CROSSING JURISDICTIONAL BOUNDARIES computer systems
To throw yet another monkey wrench t
Log management and analysis as a means to detect unauthorized
into the gears, what if your work takes access to computer systems
you over jurisdiction lines? Some states t
Conducting investigations regarding computer crimes, including
or countries do not have reciproc- a new eight-step plan for responding to such issues
ity agreements with other states or
countries. A CFE may be legal in one U.S. Edition Now Available. International Editions Coming Soon.
jurisdiction but not in another. Other
places grant reciprocity to PIs up to 30
days to investigate cases originating in
Visit ACFE.com/Shop to order your copy today
their home jurisdictions.

January/February 2012 67
ACFE News
KEEP IT LEGAL
If you are an independent CFE, check with your jurisdiction’s
licensing agency and get its response in writing. Better to be
on the safe side than to have your credibility destroyed in court
because you were not legal.
Useful resources for checking out U.S. private investigator
licensing is the CrimeTime.com website linking all the state’s
licensing agencies, http://tinyurl.com/kqp6uj, and Michael
Kessler’s website on forensic accounting licensing,
http://tinyurl.com/86q7z3s.
See the map on page 66 for those states and provinces in
North America that require PI licenses.
James S. Peet, Ph.D., CFE, is an instructor at Highline
Community College in Des Moines, Wash., and principal manager
at Peet & Associates LLC in Enumclaw, Wash. He is also a licensed
Washington State private investigator. His email address is:
jpeet@peetassociates.com.
1
This definition was taken from the Revised Code of (the state of )
Washington §18.165.10, the law regulating Private Investigators. Some
state statutes contain language that is more vague and open-ended. For
example under Nebraksa’s statute (Neb. Rev. Stat. § 71-3201), a private
investigator is one who engages in the secret service or private policing
business, which “shall mean and include: general investigative work,
non-uniformed security services, surveillance services, location of miss-
ing persons and background checks.
2
American Institute of CPAs. (2011). Digest of State Issues: For the CPA
Accounting Profession 2011. Retrieved from http://tinyurl.com/89bkarb.
68
ACFE Asia-Pacific
Conference a Hit
The first-ever ACFE Asia-Pacific Conference held Oct. 23-25
in Singapore was a great success, with more than 200 attendees.
Speaker highlights included Aedit Bin Abdullah,
chief prosecutor of both the Criminal Justice Division and the
Attorney-General’s Chambers in Singapore; ACFE President
and CEO James D. Ratley, CFE; and Mark Steward, executive
director, Enforcement Division, of the Securities and Futures
Commission of Hong Kong. Attendees participated in educa-
tional workshops and lively panel discussions covering such
topics as anti-bribery efforts and corruption enforcement.
“The ACFE Asia Pacific Fraud Conference in Singapore
was a real eye opener for me,” said Kevin Taparauskas, CFE,
ACFE’s director of events and marketing, who also attended.
“I knew that the ACFE had loyal members in the region. But I
was extremely impressed with the enthusiasm of our attendees
and dedication to truly growing the profession that I witnessed.
I now understand why this has been our fastest-growing region
in the world for the last several years.
“For our part, the ACFE intends to fully support and help
facilitate ongoing growth in the Asia Pacific,” he continued.
“I announced at the conclusion of the conference that the
ACFE would be holding our first CFE Exam Review Course
in the area March 26-29, 2012. In addition, we are working
on a regional call center, based in Singapore, that will greatly
improve support all of our members in the Asia-Pacific region
and beyond.”
Photos by Patrick Ong
Fraud-Magazine.com
 NEW! ONLINE SELF-STUDY

FCPA Compliance:
Creating an Effective Anti-Corruption
TAKING BACK THE ID
cont. from page 57
Compliance
the name of the student; up came 25
Program
individuals with the same name, along
with their profiles. I contacted the
student and asked him for an explana- CPE Credit: 4
tion. He said he never contacted me via Course Level: Intermediate
LinkedIn, but he had used his Gmail Prerequisite: None
account to email me throughout the
course. The only explanation I have is
that the hacker stole his Gmail account
from the LinkedIn website and used it
to capture a contact list, which included Since its enactment, the FCPA has had an enormous impact
my email address. on the way organizations around the world conduct business
The fifth suspect email included domestically and abroad. As a result, it is important for you
a message, with an embedded link,
and your company to understand the intricate and interlocking
that read, “Your LinkedIn account was
blocked due to inactivity. Please follow network of criminal and civil laws designed to combat
this link to learn more. Thank you for transnational bribery.
using LinkedIn! – The LinkedIn Team.”
I do not have a LinkedIn account,
FCPA Compliance provides relevant information on the current
so I can only assume it was another
fraudster’s attempt to install the ZenuS legal and regulatory framework of the government’s efforts to
malware on my computer. If you receive combat bribery in international trade. More specifically, this
a similar message, do not click on the course provides an overview of the FCPA and other international
embedded link. If you know the indi- anti-corruption initiatives, advises how companies can establish
vidual, contact that person to see if he
compliance programs to detect and minimize violations of law
or she sent it, and if they did not, alert
LinkedIn. I am sure that LinkedIn is and examines bribery risk assessments.
doing an excellent job trying to prevent
this type of fraud. However, its website is
a gold mine of personal information for
fraudsters to exploit with their schemes. What you will learn:
MORE FOR THE COMMUNITY t
The principal components of the FCPA
To help prevent identity theft, share
these scams with your friends, family and t
14 essential elements of an effective compliance
colleagues. Contact me if you have any program
identity theft issues that I might be able to t
Creating an FCPA Risk Assessment
research and report back. Stay tuned!
t
The 7 core risk factors of FCPA
Robert E. Holtfreter, Ph.D., CFE,
CICA, is distinguished professor of ac-
counting and research at Central Washing-
ton University in Ellensburg, Wash. His Order your course today at ACFE.com/compliance.
email address is: holtfret@cwu.edu.

January/February 2012 69
 CPE QUIZ
1. According to the opening case in the article, “Fraud in Houses
of Worship,” the perpetrator:
a. Was a former youth minister.
b. Had been defrauding the 2,000-member church for 36
months.
c. Was in financial trouble.
d. Admitted everything in a teary confession.
2. According to the opening case in the article, “Fraud in Houses
of Worship,” the perpetrator had been defrauding the church by:
a. Writing herself duplicate paychecks.
b. Stealing cash from donation deposits.
c. Taking out credit card accounts in the church name.
d. All of the above.
3. According to the KU ticket scandal case in the article, “Fraud in
Collegiate Athletics”:
a. Ticket sales amounted to more than $2.5 million at face
value and could range as high as $3.7 million in market
value.
b. Athletic department members did not improperly use or resell
complimentary tickets reserved only for charitable organizations.
c. Evidence suggested that several coaches were involved in the
schemes.
d. The culprits concealed these thefts by simply charging tickets
to fictitious accounts and not recording the ultimate recipients.
4. According to the article, “Fraud in Collegiate Athletics”:
a. Part of the difficulty in dealing with ticket sale frauds in
college athletics is that the sheer volume of money invites theft.
b. The U.S. Equity in Athletics Disclosure Act requires colleges to
file annual reports with the U.S. Department of Intercollegiate
Sports.
c. Frequently, two individuals control the daily financial
management of an athletic department.
d. Winning often contributes to sound financial management.
5. According to the article, “The 10 Tell-Tale Signs of Deception,”
linguistic text analysis involves studying the language, grammar
and syntax a subject used to describe an event to detect any
anomalies.
a. True.
b. False.
Circle the correct answers and mail to the ACFE with four other completed quizzes
published within the last 24 months and the CPE Quiz Payment Form (see next page).
No. 100 (Vol. 27, No. 1)
6. According to the article, “The 10 Tell-Tale Signs of Deception”:
a. Deceptive people often use language that maximizes
references to themselves.
b. In oral statements and informal written statements, deceptive
witnesses never omit self-referencing pronouns.
c. Truthful people usually describe historical events in the past tense.
d. Deceptive people never refer to past events as if the events
were occurring in the present.
7. According to the article, “Overachieving Fraud Wolves in
Sheep’s Clothing,” the author in the case:
a. Was an in-house consultant.
b. Zeroed in on the accused employees because the tipster had
provided specific details of the alleged fraud conduct.
c. Expanded the investigation to several previous months and
increased the sampling of calls and accounts.
d. After reviewing consumer complaints, he found questionable
conduct.
8. According to the article, “Overachieving Fraud Wolves in
Sheep’s Clothing, ” CFEs are trained to focus their sights on the
business resources, processes, procedures, employee activities
and personnel to detect the potential for, and existence of, the
fraud triangle factors.
a. True.
b. False.
9. According to the article, “Breaking Breach Secrecy, Part 3”:
a. Organizations and individuals who do a horrible job
protecting personal data, of course, create conditions that
lead to the majority of data breaches.
b. The PRCH describes itself as a “for-profit consumer education
and advocacy project.”
c. The PRCH defines unintended disclosure as electronic entry
by an outside party.
d. For the past seven years, the Verizon Business Risk Team has
prepared the Data Breach Summary Research Report.
10. According to the Holtfreter/Harrington Data Breach Analysis
Report, described in the article, “Breaking Breach Secrecy, Part 3”:
a. Few individuals believe that the majority of compromised
records and related breaches are externally driven.
b. Internal hackers caused more of the compromised records.
c. The results strongly indicate that the organizations
experiencing these data breaches lack strong comprehensive
data protection programs.
d. Thirty-eight percent of the total breaches result from the
internal “improper protection and disposal of data.”
Name
ACFE Member No.
 Fraud Magazine CPE Quiz Payment Form

3 EASY
1 READ the feature articles and columns in any five issues of Fraud
Magazine published within the last 24 months.

STEPS: 2 CIRCLE the correct answers to the quizzes in the back of the issues.

PLEASE NOTE: The Fraud Magazine CPE Service CPE credits apply only
to the CFE status and not to any other professional designations. Fraud
Magazine CPE Service is not registered with the National Association of
State Board of Accountancy (NASBA).
3 REGISTER by completing the form below and mailing or faxing in your $69
fee and five quizzes together.

Once you’ve passed all five quizzes (with a score of 70% or better on each quiz), the ACFE will e-mail you a certificate
of completion. You will receive 10 of the 20 hours of CPE credit required annually to maintain your CFE credential.

FRAUD MAGAZINE CPE QUIZ PAYMENT FORM

T YES! I want to register for the Fraud Magazine CPE Service to earn 10 hours of CPE for only $69. I have enclosed
payment along with my five quizzes.

Name, first and last (TDr. TMr. TMrs. TMs.) Certified Fraud Examiner? TYes (if yes, member #) TNo Other designations (CPA, etc.)

Company Title

THome TWork Address

City State/Province Zip/Postal Code Country

Phone number (THome TWork) Fax number (THome TWork)

Local Chapter E-Mail Address (THome TWork) TSend me your FREE FraudInfo e-newsletter

METHOD OF PAYMENT

TCharge my (check one). Cards charged in U.S. dollars. Name on Card Card Number

Expiration Date (month/year) V-Code (on back / front of AMEX)

Billing Address

City State Zip/Postal Code Country

Signature

Download archived quizzes and this payment form at

TCheck or money order enclosed (made payable to the Association of Certified Fraud Examiners). Fraud-Magazine.com/CPE-Quiz-Archive.aspx.

ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

8PSME
)FBERVBSUFST
t
5IF
(SFHPS
#VJMEJOH
t

8FTU
"WF
t
"VTUJO
59

t
64"




























'SBVE.BHB[JOFDPN
t
NFNCFSTFSWJDFT!"$'&DPN
ACFE Calendar of Events
For information or to register, visit ACFE.com/Training

January
sun mon tues wed thurs fri sat
22 23 24 25 26 27 28

Contract & Procurement Fraud:

Phoenix, AZ

February
29 30 31 1 2 3 4
Investigating
Conflicts of Fraud Risk Management:
Interest: Los Angeles, CA
Los Angeles, CA

CFE Exam Review: Dallas, TX

5 6 7 8 9 10 11

12 13 14 15 16 17 18

Introduction to Digital Forensics:

New Orleans, LA

March
26 27 28 29 1 2 3
Fraud
Interviewing Techniques for Auditors: Prevention: Money Laundering: Tracing Illicit
Ft. Lauderdale, FL Funds: Baltimore, MD
Baltimore, MD

Legal Elements
of Fraud Conducting Internal Investigations:
Examination: Charlotte, NC
Charlotte, NC

4 5 6 7 8 9 10
Fraud Related
Compliance: Healthcare Fraud:
Louisville, KY Louisville, KY

11 12 13 14 15 16 17

18 19 20 21 22 23 24

Data Analytics: Investigating on the Internet:

New York, NY New York, NY

25 26 27 28 29 30 31

2012 ACFE European Fraud Conference: London

 April
15 16 17 18 19 25 21
Three ways
to save!
CFE Exam Review Course: Las Vegas, NV
Early Registration
Savings
22 23 24 25 26 27 28
Find the events that you
Financial Statement Fraud: want to attend. Register
Columbia, SC and pay before the
Early Registration Dead-
line listed for the event
May (generally one month
29 30 1 2 3 4 5 before event start date)
and SAVE $95 or more
Principles of Fraud Examination:
Austin, TX
off of the regular price
for the event.

6 7 8 9 10 11 12
Mortgage Fraud:
Combo Event Savings
Digital Forensics Tools & Techniques: San Diego, CA
Chicago, IL
Register to attend two
events being held
Professional Interviewing Skills: consecutively in select
Providence, RI
cities and receive $100
in savings! Combo
June events are designated
with this icon:
17 18 19 20 21 22 23

Group Savings
23rd Annual Fraud Conference & Exhibition: Orlando, FL
Select the event that
best suits the learning
July needs of your group.
Gather a team of at
22 23 24 25 26 27 28 least three or more
individuals to register
Interviewing Techniques for Auditors:
Denver, CO together. Call the ACFE
at (800) 245-3321 or
CFE Exam Review Course: Boston, MA +1 (512) 478-9000 to
determine your savings.

August
5 6 7 8 9 10 11
Fraud Related
Compliance: Auditing for Internal Fraud: Professional Interviewing Skills:
New York, NY New York, NY San Francisco, CA

12 13 14 15 16 17 19

Fraud Risk Management:

Philadelphia, PA

26 27 28 29 30 31 1

CFE Exam Review Course: Chicago, IL

*Location and/or topic are subject to change.

 ANALYTICS Stamp out fraud.
With SAS Analytics, you can score millions of transactions a day in real time – to detect fraud faster, reduce
®

risk, streamline investigations and prevent losses. Decide with confidence.

Scan the QR code* with your mobile device to view a brief customer
video or visit sas.com/bankfraud for the complete success story video.

*Requires reader app to be installed on your mobile device

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S76016US.0711