Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
THE
In a perfect business world, every employee and third-party supplier would display model business behavior, and there
would be little need for anti-fraud programs. But, in the real business world, occupational fraud and abuse are prevalent.
So, businesses must implement anti-fraud programs to protect themselves from financial, legal and reputational harm.
Tips are the leading source of fraud detection − and fraud hotlines are a leading source of tips. So, turn to EthicsLine®,
the official hotline of the ACFE.
• Hotline (telephone, web, mobile) for report intake Where a fraud hotline was in
• Case Management (web and mobile) for online place, the average duration of
investigation management a fraud scheme was reduced by
• Analytics for tracking and trending 7 months, and the median loss
• Communications Campaign Materials to communicate was reduced by 59%.*
when and how to report observed business misconduct
* 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
COVER STORY
FEATURED ARTICLES
1
36 Overachieving Fraud Wolves
in Sheep’s Clothing
Targeting Top-Performing Employees
Gaming the Bonus System
By Jeffrey Horner, CFE, CRCMP
Follow this CFE consultant as he uncovers top collection
reps at a business call center who inflated their
performances for more money and job advancement.
2 Fraud-Magazine.com
TRAINING
Journal of the Association of Certified Fraud Examiners
Volume 27, No. 1, January/February 2012
EVENTS
Register at ACFE.com/Training
John D. Gill, J.D., CFE
Publisher
January/February 2012 3
From the PRESIDENT AND CEO
By James D. Ratley, CFE
Supporting Our
International Chapters
HOPPING CONTINENTS
International chapter members put Southern hospitality to
shame. Everywhere I went I met extremely gracious people who
did everything they could for us. My job was to listen carefully
to their suggestions for improving our services.
The first stop was to vibrant and beautiful Singapore — my
first visit and also the first time the city has hosted our 2011 growth,” he said. “However, such large capital inflows are bound
Asia-Pacific Fraud Conference (formerly known as the ACFE to give way to sector imbalances and fraudulent behavior.”
Pacific-Rim Fraud Conference). Nearly 200 attendees net- I told the attendees at the first Corporate Anti-Fraud Semi-
worked and attended workshops and panel discussions. (Please nar in China, how fraud can occur in any industry and at any
see page 68 for more on this exciting conference.) level. I also gave suggestions on how CFEs can advise their cli-
I enjoyed meeting Gatot Trihargo, CFE, president of the In- ents in their battles against fraud, including setting the proper
donesia Chapter (established in 2002), who provided the same tone at the top. “Mr. Ratley mentioned that anti-fraud measures
generous hospitality I encountered with other chapters. He was do not get proper attention since they cost money while the
appreciative of the ACFE’s effort to send me there. I presented benefits cannot be seen in a short-term period,” Kwok said. “As
to nearly 80 members and public- and private-sector guests. a consequence, most companies are not willing to make any
“Chapter activity has become very intense since 2010, by expenditure regarding this issue. However, establishing efficient
us conducting monthly discussions/workshops for the members and effective anti-fraud mechanisms will generate huge benefits
and other practitioners,” Trihargo said. “The chapter also suc- from the long-term perspective.”
cessfully conducted two annual congresses and seminars in 2010 The ACFE is striving to do all it can to help our interna-
and 2011, which gathered more than 200 participants for each tional chapters grow and thrive. We are excited to announce our
session, with both domestic and international speakers.” plan to open a regional call center in Singapore and host a CFE
After Jakarta, I jetted off to Hong Kong, with its exotic mix Exam Review Course there March 26 - 29. Chapters, acting as
of the old and new., “We’re excited that the ACFE is turning its local ACFE representatives, provide continued support for mem-
attention to Asia,” said Hong Kong chapter president Penny Sui- bers worldwide through networking opportunities, CPE training,
Ping Fung, CFE. “Jim’s visit to Hong Kong no doubt has helped leadership development and promoting local fraud awareness.
to reinforce this message and reminded people of the role of pro- As always, please let me know how we can help you
fessional fraud examiners in a robust and sustainable economy.” support our all-important mission. (And please check out
Prof. Yiu Wai Andy Kwok, CFE, vice president of the Shang- Fraud-Magazine.com/LetterFromthePresident for more photos.)
hai Chapter and also president of the Beijing Chapter, called my
visit a “stunning pleasure.” He had this to say about China’s grow-
James D. Ratley, CFE, President and CEO of the Association of
ing pains: “China’s high growth rates have encouraged foreign
Certified Fraud Examiners, can be reached at: jratley@ACFE.com.
investment, which have in turn helped fund China’s incredible
4 Fraud-Magazine.com
Digital Fingerprints
A Closer Look at Technology and Fraud
By Jean-François
Legault
D
uring an investigation, we scour the web and found a company he believed would be a good target and
social networks for employment backgrounds, redesigned his résumé to boost his employment chances. The
contacts, education history, past behavior company hired him, and he then proceeded to steal intellec-
and so on. However, we should be concerned tual property during his employment.
about information we are posting that the bad
guys can use against us. WEB 2.0 AND SOCIAL NETWORKS
Arthur Hulnick, a former CIA officer, estimates that open- Employees are likely to reveal valuable information to the
source intelligence (a form of intelligence collection manage- competition on professional or personal networking sites.
ment that involves finding, selecting and acquiring information Fraudsters can make conclusions about a company’s expan-
from publicly available sources) accounts for “as much as 80 sion by studying comments about new connections and
percent” of the entire intelligence database. (See “Sailing the relationships plus repeated trips to a city or country.
Sea of OSINT in the Information Age,” by Stephen C. Merca- Through investigations, I have found nurses sharing
do, http://tinyurl.com/2sj5vy.) This is possible, in part, because concerns about care in neo-natal intensive care units, law en-
organizations and their employees freely publish information forcement personnel sharing sensitive assignments and sales
online they probably should keep to themselves. And those managers claiming their stakes on new territories. Profes-
loose lips can lead to outright fraud. (Also see “NATO Open sional social networking sites tell the world about new hires
Source Intelligence Reader,” http://tinyurl.com/7crt7ug.)
and those who are leaving employers.
Employees posting information online is nothing new.
JOB POSTINGS
In one case I worked nearly 12 years ago, a call-center
Before you continue reading this, look at your organiza-
employee leaked sensitive information on a web forum. This
tion’s job postings and ask, “What are we telling the
employee, who was privy to upcoming promotions offered
competition about us?”
Imagine a software company with a strong presence in by a telecommunication provider, would repost information
Asia Pacific that posts a public job offer for a sales manager online prior to a promotion launch. The company’s call cen-
in North America. What are they telling the competition? ter then would be flooded with requests for promotions and
Think of the recruiting process in your organization and how packages that did not exist yet.
long it can take to staff a position. Is that enough time for the Did this employee access highly sensitive documents?
competition to adjust to the arrival of this new sales manager? Did he gain access to someone’s email account? No. He sim-
Your competitors find or infer from your job postings ply reposted information he learned in training sessions. We
the technologies your organization uses, expansion into new had a difficult time tracking him down because back then we
areas and territories, market growth, change in structure, did not log everything. Even today, we find organizations that
structural growth, etc. do not store online access information, which would allow
What does this mean for fraud examiners? Make sure them to adequately investigate leaks.
you run proper background checks on potential hires! Why?
Because some job descriptions are so detailed that someone MARKETING DOCUMENTATION
wishing to be hired for fraudulent purposes can customize Documents that an organization provides its clients to market
his or her résumé. I just worked a case in which a candidate its services often end up in competitors’ hands. Find ways to
6 Fraud-Magazine.com
Digital Fingerprints
A Closer Look at Technology and Fraud
securely communicate information that you If you want to know more about
do not want the competition obtaining. leveraging business intelligence techniques
I was involved in a recent
I was involved in a recent case in in your fraud examinations, I strongly
which a competitor was able to reverse- encourage you to check out anything case in which a competitor
engineer a product (take it apart and fellow ACFE faculty member Cynthia
analyze it) by simply using the information Hetherington teaches.
was able to reverse-engineer
in product brochures and documenta- a product (take it apart and
tion. Imagine your competition not only WHAT TO DO
knowing your products but how you are So do you cut yourself off from the world analyze it) by simply using
manufacturing them. That is a serious loss and go off grid? Absolutely not. But make the information in product
of competitive advantage! sure your organization’s policies strictly
I have also been involved in cases in control information that its employees can brochures and documenta-
which individuals used marketing infor- release through all open-source channels tion. Imagine your competi-
mation to create fake companies to try to but especially online. When it comes to
defraud possible clients. The schemes were social media, establish a “think before you tion not only knowing your
simple: reuse information to make the com- post” mentality. products but how you are
panies look legitimate, solicit clients, get
paid and then never deliver anything. manufacturing them. That is
Jean-François Legault is a senior manager
with Deloitte’s Forensic & Dispute Services a serious loss of competitive
AS AN EXPERT WITNESS
practice in Montreal. Canada. His email advantage!
Whatever you write, post and/or commu-
address is: jlegault@deloitte.ca.
nicate may allow you to build eminence
as an expert. However, opposing counsel
could also use that public information to try
to disqualify you as an expert or to cross-
examine you in court.
Use These Queries to Examine Your Online Exposure
Google search directives will add Here are some Google searches
AS AN INVESTIGATOR power to your searches. that you can run against yourself to see
Open-source intelligence can help you
Searching for a specific phrase what could be available to fraudster.
discover valuable information about play-
ers in an investigation. In one case, I found using quotations: Finding PowerPoint documents on
some undocumented aliens involved in • “find this specific phrase” your site:
a fraud scheme because they gave some Searching a specific domain or • site:www.yoursite.com filetype:ppt
prime evidence via their social media pro- website: • site:www.yoursite.com filetype:pptx
files, including their geographic locations. • site:targetdomain.com or Finding Word documents on your
In another example, we tracked down
• site:www.targetdomain.com site:
vehicles purchased with embezzled funds
simply based on suspects’ photos that had Searching for specific file type: • site:www.yoursite.com filetype:doc
been posted online. • filetype:extension • site:www.yoursite.com filetype:docx
When I begin a background investiga- You can use the minus sign (-) as an Finding confidential documents on
tion into a company, one of the first things I exclusion operator. For example, you your site:
do is seek information through press releases can use this search directive to exclude • site:www.yoursite.com confidential
and trade publications. Companies love to a specific website from your search: • site:www.yoursite.com “not for
tell the world about what they are doing
• -site:www.excludeddomain.com distribution”
right. However, the competition will always
seek out this valuable market intelligence.
January/February 2012 7
Fraud’s Finer Points
Case History Applications
By Joseph R. Dervaes,
CFE, ACFE Fellow, CIA
Using an Organization’s
Credit to Commit Fraud
Part 1
8 Fraud-Magazine.com
Fraud’s Finer Points
Case History Applications
detect fraud. While the supporting documents for credit card scheme by scanning the city’s disbursement files to deter-
payments should include the statement and all purchase re- mine other risks. I quickly noted that the city was making
ceipts, fraudsters who choose this latter process usually only its monthly credit card payments using only the statements.
submit statements for payment purposes. In many cases, their There were very few purchase receipts available for review
supervisors or the governing bodies of the organizations may and audit. For example, credit card purchases from a local
unknowingly approve these fraudulent payments. computer store were almost always missing from the files. I
Employees may periodically use an organization’s credit contacted the city’s computer consultant who was responsi-
card for unauthorized purposes or personal benefit, but man- ble for all information technology issues. However, he wasn’t
agers who are assigned to monitor the credit card program aware of any official purchases from the computer store.
can resolve these minor infractions promptly according to A computer store representative faxed documents to
policies and procedures. me that showed Sarah had signed for a computer, monitor,
Companies should publicize employee disciplinary ac- software and games on many occasions through the period of
tions in their internal publications to deter future problems. this loss. City staff members conducted a search of city hall
Unfortunately, even this method is not fraud-proof because but were unable to locate any of these assets.
often the very managers who are charged with monitor- Sarah had made all credit card payments on time, but
ing the system are the ones who abuse it. These individuals she had destroyed all the supporting documents that listed
may be able to hide their unauthorized activities from other the details of the purchases from the computer store. She
employees and their supervisors, but most of the time they hoped that retaining only the monthly credit card statements
should not be able to conceal their actions from organi- on file for the city’s governing body and its external auditors
zations’ governing bodies and their internal or external would be sufficient to conceal her irregular activities. She
auditors. However, when their misdeeds are detected, the was wrong. The governing body did not notice this irregu-
fraudsters usually attempt to get organizations to pay from larity, but her fraud did not escape the watchful eye of the
monthly credit card statements by indicating that receipts for external auditors. In my experience dealing with fraud cases
individual transactions were not available or were inadver- in state agencies and local governments in the state of Wash-
tently misplaced or lost. ington, governing bodies rarely detect fraud in the transac-
tions they are reviewing and approving, primarily because no
Case No. 1 — Personal use of an authorized one took the time to properly train them for this task.
general organization credit card The clerk-treasurer demanded a trial to resolve the is-
In the November/December 2009 Fraud’s Finer Points, I sues in this case. She hired a prominent regional lawyer for
discussed a credit card case that involved missing support- her defense and agreed to a bench trial. (There was no jury.)
ing documents. This concept emphasized why organizations After all the evidence was heard during a week of testimony,
should never pay the balance due on monthly credit card the judge rendered a guilty verdict in the case and ordered
statements without seeing the supporting receipts for the Sarah to make restitution of the loss amount, plus audit
purchases first. costs. He also sentenced her to three months in a work-
Sarah was the clerk-treasurer responsible for processing release program.
all of the city’s disbursement transactions, including all pur-
chases on its credit card. The city first detected irregularities Case No. 2 — Personal use of an unauthorized
in accounts receivable and contacted its external auditor to general organization credit card
investigate the case. A small water district in the state of Washington had three
The subsequent audit detected multiple fraud schemes, employees, operated on an annual budget of $466,000 and
which totaled $49,894.88 in losses over 2½ years. These served approximately 1,000 customers. Jackson, the office
schemes included payroll fraud, accounts receivable fraud, manager, was responsible for practically all financial opera-
municipal court revenue fraud, unauthorized use of the city’s tions; his supervisor, the district superintendent, did not
business charge account and overpayments to a cleaning monitor his work. These are the two most common internal
contractor. The clerk-treasurer performed many tasks in a control weaknesses I have found in small organizations.
variety of functions at the city, and no one monitored her While Jackson had no prior criminal history, he appar-
work to ensure the city’s expectations were being met. ently came to work for the district with ill intentions. He
The clerk-treasurer purchased $5,319.16 in assets for sent a memorandum on official letterhead to the district’s
personal benefit using the city’s credit card. I detected this bank shortly after being hired requesting that the bank issue
January/February 2012 9
Fraud’s Finer Points
Case History Applications
a credit card in the district’s name and assign it to him. The intercepting the mail, removing the monthly credit card
credit limit on the card was initially set at $5,000, but Jack- statement and making personal payments on the account to
son subsequently sent a facsimile to the bank one month later conceal his unauthorized purchases. He basically used the
requesting an increase to $20,000. Of course, the district’s district’s credit card as his own by charging $7,797 in personal
governing body did not authorize either of these requests. purchases for more than a year. He used the card to make
Later, when the case was under investigation, the district unauthorized cash advances and also incurred finance charges
stated that someone had forged the authorizing signatures on when he did not make monthly payments on time.
the documents. When the district finally discovered the unauthorized
As the office manager, Jackson was responsible for open- card, there was a $1,599 unpaid balance on the account.
ing the mail and processing invoices for payment. Thus, he The district found out about the card while making a change
was able to remove the monthly bank credit card statements in signatories on all of its bank accounts after the fire chief
from the incoming mail before anyone else saw them. One of resigned for unrelated personal reasons. The chief reimbursed
the interesting facts of this case is that Jackson did not submit the district for this amount when questioned about the
any of the credit card statements to the district superinten- unauthorized purchases on the credit card. The district paid
dent or the governing body for approval or payment. Perhaps the balance due on the account and canceled the credit card.
Jackson was not quite bold enough. While it would have The county prosecutor declined to criminally prosecute the
been prudent to do so, Jackson did not make any personal case because the district had been made whole.
payments to the bank on the card balance either. Because
neither the organization nor Jackson made any payments on LESSONS LEARNED
the credit card balance, the monthly expenses and interest Let us review some of the finer points of fraud detection from
charges continually increased until the balance became delin- these general organization credit card fraud schemes.
quent and approached the credit limit on the card. Organizations should:
Jackson misappropriated $19,454.84 from the district • Establish written policies and procedures for credit card use
in 3½ months, with $18,284.03 of this amount representing and train their employees to ensure they use the cards only
his unauthorized use of the district’s credit card for personal for official business purposes.
benefit. Personal charges included the purchase of a used
• Always obtain purchase receipts from employees and never
pickup truck, frequent stays at a motel while traveling to his
pay bills using only the monthly credit card statements.
favorite casino, thousands of dollars in cash advances at the
casino, Internet and telephone use and other miscellaneous • Properly train employees and governing bodies on the
purchases. Jackson also misappropriated $1,170.81 in utility authorization and approval procedures for all
revenue from the district. disbursements.
The district first detected irregularities in its checking • Appropriately segregate employee duties and periodically
account and petty cash fund and requested an external audit. monitor the work of key employees to ensure its
Jackson was placed on administrative leave and subsequently expectations are being met.
terminated for a wide variety of managerial shortcomings. Once fraud examiners detect fraud, they should assess
Shortly thereafter, the district received a monthly statement what else is at risk of loss within an organization.
for the unauthorized credit card. In a plea-bargaining agree-
ment, the court ordered Jackson to make restitution for the MORE CREDIT CARD MISUSE
loss amount plus audit costs. It also sentenced him to less In part two of this series, we will discuss the use of purchasing
than one year in county jail for this crime. credit cards and travel credit cards. Stay tuned.
10 Fraud-Magazine.com
2012 CFE Exam Prep Course®
Arm yourself with the most effective tool
available to help you pass the CFE Exam.
t Pick the sections and topics most relevant to your exam preparation
by creating custom review sessions
t Learn more from your Practice Exam sessions by reviewing the ques-
tions you missed, anything your results by subsection and tracking
your progress over time
t Focus on the areas where you need the most work with enhanced
review of results and progress by exam section, subsection and topic
S
tudents at the collegiate level learn best about about both actual instances of fraud, as well as the work of
business through a combination of theory and CFE professionals. Kris Ryan, a student at Gonzaga Univer-
practice. College professors are well equipped to sity who has attended the local ACFE conference for the past
present the theory side of a particular topic, but two years, can attest to this.
they frequently look to business professionals — “Both years that I attended the conference, a wide range
who have hands-on, practical experience — to help apply of topics was offered, including health care fraud, a critique
those theories to real-world situations. This teaching method of software that helps businesses protect themselves against
works especially well in anti-fraud education, in which fraud fraud, gang activity (which is surprisingly more correlated
cases, whether real or fictitious, can help bring to life the to the fraud problem than I would have thought), mortgage
fraud theories and procedures introduced in the classroom. fraud and different fraud topics covered by local law enforce-
However, it is not quite so clear exactly how to struc- ment and the FBI,” Ryan said.
ture the interactions between CFEs and higher education to “I found all of the topics interesting and also learned
encourage this method of learning. Many CFEs, for example, fraud detection and investigation skills that I could put to use
believe that the only way to participate in collegiate fraud immediately,” she said.
education is to lead a class lecture based on their fraud expe- Since graduation, Ryan has gone on to earn her CFE
riences, which could not be further from the truth. credential and has joined the fraud-fighter ranks.
In this column, we identify and explain a variety of ways
in which CFEs can foster and develop mutually beneficial rela- BECOME A PROFESSIONAL MENTOR TO STUDENTS
tionships with college faculty and students to help educate and Professors at Gonzaga University frequently refer students
prepare future anti-fraud and forensic accounting professionals. who have an interest in forensic accounting to local CFEs for
advice on potential career paths, professional certifications, in-
INVITE FACULTY AND STUDENTS TO LOCAL FRAUD CONFERENCES terviewing and networking. Students benefit directly from the
One of the easiest and least time-consuming ways for CFEs to wisdom and experience these mentors have gained from many
get involved with higher education is to invite college faculty years of work in fraud and forensic accounting. Mentors also
and students to attend local fraud conferences. Spokane share their knowledge of the skills and abilities necessary to be
ACFE Chapter member Lenore Romney, CPA, CFE, CVA, successful in the forensic accounting profession. These inter-
has invited both students and faculty to attend the local actions also are great networking opportunities for students.
ACFE conference for the past few years. Many universities also have formal mentoring programs
“The chapter leaders recognize that more can be accom- through which students are matched with professional men-
plished in the fight against fraud if professionals from differ- tors based on factors such as field of study, geographic prefer-
ent disciplines network with each other. We see the chapter ence and gender. These more formal relationships span the
as being an ideal facilitator for such a network,” Romney said. majority of a student’s time in college, which allow mentors to
Conferences typically provide numerous and varied help identify curriculum paths, internship opportunities and
opportunities through which students and faculty can learn employment opportunities when the student nears graduation.
12 Fraud-Magazine.com
Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
A more interactive — albeit more time-intensive — “Working all semester with my student team was
method of mentoring students is for CFEs to arrange and personally rewarding,” she says. “My team of students was
coordinate student internships with their employers. Stu- incredibly bright and diligent and really took ownership in
dents participating in these internships benefit not only from our investigation. They were like sponges soaking up the
professional workplace mentoring but also from working in practical knowledge I was trying to share with them in only
actual forensic accounting situations. one semester’s time together. I was proud of my team’s effort
the day they gave their final class presentation, the day I
ASSIST WITH CASE STUDIES AND RESEARCH PAPERS submitted our report to law enforcement and especially the
Higher-education faculty are always searching for case stud- day I was notified that charges were filed.
ies with the richness of detail, ambiguity and issues that are “Obtaining a guilty plea and restitution within a year of
similar to those that students will encounter in their profes- submitting our case was the icing on the cake,” she says.
sional careers. Faculty and highly experienced CFEs jointly Romney and Rice play a number of critical roles in this
produce the most detailed, complex cases. class by:
Cindy Durtschi, Ph.D., associate professor at DePaul 1. Assisting the students in developing theories of how the
University, invites CFEs to help in the classroom in several fraud may have occurred.
ways. She recently had a full-time forensic accountant help 2. Helping the students develop a plan for determining how
her judge student case presentations. to test those theories.
“The students presented their work from the view of the
3. Providing weekly guidance to students as their
prosecution, and then the CFE showed them how some-
investigations progress.
one working for the defense would have responded to their
cases,” Durtschi says. “It was a wonderfully enriching experi- 4. Reviewing the final report that students complete at the
ence for the students.” end of the term and that law enforcement may use to
Durtschi also had a local CFE help her with a fraud case prosecute the fraud.
she developed. The CFE provided her with encouragement, 5. Serving as expert witnesses if a case goes to trial.
valuable feedback and suggestions that improved the case. Reaching out to help local organizations with poten-
CFEs also frequently partner with faculty on forensic tially fraudulent situations is a noble idea with obvious
accounting research papers. Frank Perri, J.D., CFE, CPA, has benefits, but usually the largest obstacle is that college faculty
co-authored several research papers with Rich Brody, Ph.D., members often lack required specific training for competent
CFE, an associate professor at the University of New Mexico. forensic accounting investigations. Faculty also often lack
They have written on topics ranging from the relationship contacts with those in communities who are most likely to
between workplace violence and fraud to identification of refer cases, such as law enforcement and prosecuting attor-
organizational weaknesses at the Securities and Exchange neys. CFEs often have such connections and, thus, can refer
Commission. These partnerships between academics and cases and supervise the investigations.
professionals foster balanced approaches to research and
ensure that publications are valuable not only for academics, SERVE AS AN ADJUNCT INSTRUCTOR OR GUEST SPEAKER
but also for practitioners who can use the results in the field. CFEs who want a more substantive role in higher education
can pursue teaching courses as adjunct instructors. Adjunct
COORDINATE FORENSIC ACCOUNTING INVESTIGATIONS instructors typically teach one or two courses during a semes-
Romney and Marie Rice, CFE, CIA, CICA, president of the ter, but they do not have other academic commitments, such
Spokane ACFE Chapter, assist students at Gonzaga Univer- as research or service, to the institution. Colleges frequently
sity as part of their Justice for Fraud Victims Project. (See seek professionals, like CFEs, to teach more specialized
the July/August 2011 Fraud EDge.) Through a cooperative courses, such as forensic accounting, because full-time faculty
partnership with law enforcement and local CFEs, Gonzaga often do not have this expertise.
students provide free fraud examination services to small Not long after she began mentoring, Gonzaga University
businesses or nonprofit organizations that have been victims approached CFE mentor Rice to see if she was interested in
of fraud. The students gain experience while simultaneously teaching a fraud examination class as an adjunct instructor.
giving back to their communities. She jumped at the chance.
Last year, Romney worked with students on a case that “It had been my long-term goal to adjunct, and I was
eventually led to the project’s first conviction. thrilled by the prospect,” Rice said.
January/February 2012 13
Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
She has taught three courses over the past two years and
has enjoyed the experience. She sees many benefits to having Given the diversity and complexity of fraudulent
professionals, like CFEs, in the classroom.
“As a student, I always appreciated the professors who activities and the motivations of those who commit
had both real-world and research experience. CFEs are for- fraud, there are many other disciplines in which
tunate in that we have so many stories and experiences that
can help shape our future anti-fraud professionals.” CFEs could provide valuable insights and enrich
CFEs considering this option should be aware that the the classroom experience.
weekly time commitment is somewhat greater than the time
teaching in the classroom. Adjunct instructors also will spend
several hours each week planning lectures, grading student
work and answering emails from students. In addition, most Rice wants to see more CFEs in college classrooms.
colleges expect adjunct instructors to be available on cam- “As professionals, we need to strive to make the anti-
pus for an hour or two each week to meet with students and fraud movement more real for students, who often believe
answer questions. they will never encounter a fraudster or become a victim of
CFEs who cannot commit to teach an entire course can fraud,” Rice said.
serve as guest speakers. This may involve preparing a short Matching the expertise and interest of CFEs with the
case study or other relevant topical material and leading a needs of higher education can result in relationships that are
class in a discussion of the material. Departments and enriching and rewarding for all parties involved.
instructors are generally receptive to such arrangements,
provided there is a good match between the course goals
Gerhard Barone, Ph.D., is an assistant professor of accounting
and the proposed topic.
at Gonzaga University. He teaches classes in financial
Guest speaking opportunities for CFEs are not limited to
accounting and accounting information systems. His email
forensic accounting courses. For example, CFEs could present
address is: barone@jepson.gonzaga.edu.
internal control cases to an accounting information systems
class. They also could discuss evidentiary or legal aspects of
CFE work in criminal justice or psychology classes. Given Sara Melendy, Ph.D., CFE, CPA, is an associate professor of
the diversity and complexity of fraudulent activities and the accounting at Gonzaga University. She teaches auditing and fraud
motivations of those who commit fraud, there are many other examination, including a hands-on laboratory called the Justice
disciplines in which CFEs could provide valuable insights for Fraud Victims Project. Her email address is:
and enrich the classroom experience. melendy@jepson.gonzaga.edu.
FOSTERING STUDENT INTEREST Gary Weber, Ph.D., is an associate professor of accounting and
The ACFE Handbook and Guidelines for Local Chapters en- coordinator of accounting programs/director of the master of
courages close relationships with schools and universities to accountancy program at Gonzaga University. His email address
foster student interest in the fraud-fighting profession. CFEs’ is: weber@gonzaga.edu.
unique skill sets and training create multiple opportunities
across college campuses. We have described a number of Richard “Dick” A. Riley Jr., Ph.D., CFE, CPA, is a
ways that CFEs have participated in higher education. Inter- Louis F. Tanner distinguished professor of public accounting in
ested CFEs should contact program directors or chairpersons the College of Business and Economics at West Virginia
at nearby colleges. Universities, and especially business University in Morgantown. He is chair of the ACFE Higher
schools, are always looking for adjunct instructors and guest Education Advisory Committee and the vice president of
speakers with practical experience. Students love to hear operations and research for the Institute for Fraud Prevention.
from professionals who can describe their field experiences His email address is: richard.riley@mail.wvu.edu. Riley
and how they can pursue careers in specialty fields, such as served as editor on this column.
forensic accounting.
14 Fraud-Magazine.com
REGISTER NOW
B
ob, an internal auditor for ABC Company, is con- risks and challenges associated with processing of increasingly
ducting a routine cash receipts controls review. larger volumes of electronic check images.
The procedure calls for the day’s checks to be Even with so many more consumers and businesses pay-
deposited remotely in a company bank account ing their bills electronically, checks are still the standard for
daily. Susan, the clerk who processes customer many. The major impetus for banks moving to check images
checks, had gone home sick on Monday. Before she left, she is that electronic processing costs much less than paper check
completed the remote deposit procedure, which involves processing. Historically, paper processing had been a cumber-
scanning each check and electronically sending those scans some procedure that required physically moving millions of
to the bank. Then she put the checks she had just scanned in paper checks through the banking system.
her work-in-process file and went home, intending to proper- Before Check 21 processing, when a person deposited
ly file them away the next day. Unfortunately, when Betty — a paper check in his bank, that person would be credited
who had done Susan’s job years ago — was assigned to cover for the amount of the deposit. Then, at the end of the day,
Susan’s desk on Tuesday, she came across the previous day’s the bank would sort that day’s processed paper checks and
checks. Without asking anyone, Betty prepared a deposit forward them to the Federal Reserve — or another check-
slip — as she had done in the past — and took the checks to clearing entity — where the checks would be cleared. The
the nearby bank branch and made the deposit. When Susan paper checks then would be sorted and sent back to the banks
came in on Wednesday, she noticed that the stack of checks
the checks were drawn on (and in some cases returned to the
she had processed on Monday were not where she had put
check writer). Grounded planes following the terrorist attacks
them and immediately asked Betty where they were. Oops ...
of 9/11 caused major delays in check processing and brought
The checks had been deposited twice. They immediately con-
increased awareness to antiquated paper-check procedures.
tacted the bank. The bank manager explained that the bank’s
A number of electronic payment processing technologies are
duplicate check detecting software had caught the error and
now in wide use, including Check 21 technology.
that all was well. If the bank had not had the duplicate check
Under Check 21 processing, paper checks are scanned,
software working properly or if Susan and Betty had conspired
to modify the original paper checks before re-depositing them, and the images are used to process the checks. Alternatively,
the bank could have been liable for some big bucks. This ficti- banks that desire to continue receiving and processing paper
tious example could easily have happened. checks may print and process copies of the images, called sub-
Banking industry experts report that check processing stitute checks. The substitute checks are the legal equivalent
is moving rapidly away from the traditional paper methods of the original checks and can be used to document payments
and toward the processing of electronic images of checks. As in the same way that cancelled scanned checks would.
of August 2011, almost 70 percent of all institutions are now Although compliance with Check 21 is not manda-
receiving check images, according to CheckImage Central. tory, most banks are expected to invest in check imaging
(See www.checkimagecentral.org.) With the implementation technology eventually to take advantage of the projected
in 2004 of the Check Clearing for the 21st Century Act, or costs savings. So far, the adoption from paper to digital has
Check 21, auditors and CFEs cannot afford to ignore the new been slower than expected as the banking world upgrades its
16 Fraud-Magazine.com
FraudBasics
January/February 2012 17
Fraud In
Houses Of Worship
What Believers
DO NOT
Want to
BELIEVE
By Robert M. Cornell, Ph.D., CMA, Educator Associate; Carol B. Johnson,
Ph.D., Educator Associate; and Janelle Rogers Hutchinson
©Cara Bresette-Yates/iStockphoto
18 Fraud-Magazine.com
Houses of worship are particularly vulnerable to
fraud, but most feel they are impervious. The authors
provide reasons why churches feel so bulletproof and
seven practical steps fraud examiners can use to help
churches stop fraud in its tracks.
January/February 2012 19
FRAUD IN HOUSES OF WORSHIP
worship — churches, synagogues, temples, mosques etc. — are was a significant donor to the church and a powerful member of
among the most vulnerable entities. the church board. In addition, U.S. nonprofits generally are not
tightly regulated. State attorneys general and the Internal Reve-
WHY are CHURCHES SO VULNERABLE? nue Service (IRS) are the only entities in a position to provide regu-
Churches typically emphasize the importance of good acts and latory oversight to churches. Attorneys general are typically preoc-
deeds, so we might expect their tone at the top would protect cupied with other issues. And churches are exempt from the rule
them from fraud. Not so. A variety of factors lead to the op- that nonprofits must file informational tax returns with the IRS. So
posite situation. Donald Cressey’s research on the fraud triangle only parent denominations, church governing boards and possibly
showed that pressure, opportunity and rationalization are pres- church members are likely to be privy to financial information.
ent in almost all frauds. (See pages 10 through 14 of “Occupa-
tional Fraud and Abuse,” by Dr. Joseph T. Wells, CFE, CPA.) DO THEY REALLY BELIEVE IT CANNOT
However, some forms of these three elements are more preva- HAPPEN IN THEIR CHURCH?
lent in houses of worship. To get a feel for churches’ perceived fraud invincibility, we in-
terviewed individuals who provided financial oversight in 132
PRESSURES AND RATIONALIZATION U.S. houses of worship. Our survey included a broad variety
In many cases, ministers, secretaries and other staff members in of denominations (primarily Christian) of differing member-
houses of worship are expected to work long hours on paupers’ ships, annual budgets and numbers of employees. Memberships
wages for the love of a deity, while mingling with the wealthi- ranged from 25 to 37,500, with an average of 1,168 and a medi-
est of society. These working conditions can create resentment, an of 425. Annual budgets ranged from $10,000 to $30 million,
desperation and rationalization, such as “they owed it to me.” with an average budget of $1,089,045 and a median budget of
Church staff and volunteers can also face financial prob- $430,000. Figure 1 illustrates the distribution of church bud-
lems from feeding vices and addictions. A pastor or church mem- gets. Most of these churches had at least a few paid employees,
ber with a serious vice likely will feel that any resulting financial and some were affiliated with national or international denomi-
pressure is highly “non-shareable.” Cressey emphasized that the nations providing some oversight role.
non-shareable aspect of a pressure made it a particular impetus Fraud had indeed reared its ugly head with 13.4 percent of
for fraud. the church leaders acknowledging they had experienced a fraud
OPPORTUNITY
Churches might be the poster child for fraud opportunity for a Figure 1: Budget Range of Churches Surveyed
variety of reasons. First, they tend to be small organizations. The
ACFE’s 2010 “Report to the Nations” found that fraud happens
most frequently in entities with less than 100 employees — a
category that would include most houses of worship. Because 7%
28%
Over $1 million
of their small size, churches tend not to be willing or able to $750,000 – $1 million
20 Fraud-Magazine.com
FRAUD IN HOUSES OF WORSHIP
churches did not tell them about Same person deposits receipts and 48%
reconciles bank statements
discovered crimes. Ministers and Related parties on board of directors 47%
church elders are accustomed to No criminal background checks 20%
holding the “sins” of their flocks
No checking references 13%
close to the chest, and this empha-
sis on confidentiality may prevail 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
January/February 2012 21
FRAUD IN HOUSES OF WORSHIP
Table 1
22
It Can Happen in Your Neighborhood
Example 1 Example 3
A husband and wife served as treasurer and assistant treasurer The pastor of a large Ohio church commingled funds, laundered
in a small church in North Carolina. When their business began money, tampered with records, forged documents and sold 19
failing, they stole several thousand dollars from the church by acres of church land to steal more than $1 million from his church
simply writing checks to themselves over a three-year period. The and cover his tracks. The proceeds were used to buy cars, a boat,
fraud was discovered when a contractor complained that he had a pool and hair treatments in addition to funding private-school
not been paid for work on the church property. (http://tinyurl. tuition for his children. When a church employee reported that
com/2e2gm2w) funds were missing, it took two years to investigate the crime before
charges were filed. (http://tinyurl.com/6dpnvch)
Example 2
Three unrelated individuals who served as office manager, facilities Example 4
manager and a volunteer in a California church colluded to steal The business manager of an Oklahoma church was accused of
$500,000 from the church coffers to fund extravagant lifestyles. embezzling $140,000 to pay her personal expenses. The alleged
The threesome carried out their thefts by issuing fraudulent checks theft was discovered when the bank notified the church of an over-
and making inappropriate use of credit cards. The theft was discov- drawn account. The suspect said she could not have stolen that
ered when the church pastor became suspicious and reported the much money because the church was audited every year.
theft to the finance committee. (http://tinyurl.com/66cqchg) (http://tinyurl.com/6bpqblr)
January/February 2012 23
A major, multimillion sports ticket fraud at the University of Kansas
highlights how CFEs can help convince administrators and boards
to reassert control over their athletics departments. The answer
could be independent oversight.
By Herbert W. Snyder, Ph.D., CFE; and David O’Bryan, Ph.D., CFE, CPA, CMA
o
n June 30, 2009, David Freeman pleaded guilty to WHAT ACTUALLY HAPPENED?
conspiracy to commit bank fraud as part of a federal The accused allegedly abused the complimentary ticket
bribery case. Anxious to please the judge prior to policies of the university in three ways:
his sentencing, he provided investigators with in- First, official policy allowed for certain athletic office
formation about theft and resale of football and basketball employees to receive two complimentary tickets for each
tickets at the University of Kansas (KU). Freeman fingered athletic event provided they would not resell them. In-
two individuals, one of whom was exonerated while the stead, the athletic department routinely gave each of these
other proved to be central to the case. employees more than two tickets for each event and tacitly
Freeman had his sentence reduced from 24 to 18 permitted, if not overtly encouraged, reselling.
months, which his attorney said was an inadequate re- Second, the development/fundraising arm of the ath-
ward for the information he had provided, according to letic office was permitted to use complimentary tickets to
“Developer source in KU ticket scandal,” by Steve Fry, cultivate relationships with prospective donors. However,
in The Topeka Capital-Journal, April 22, 2010. (http:// these officials helped themselves to many more complimen-
tinyurl.com/24wwss9) tary tickets than they could have reasonably needed.
Federal authorities contacted KU officials in late 2009. Third, athletic department members improperly used
Under increasing pressure, KU announced in March 2010 or resold complimentary tickets reserved only for chari-
that it had retained the services of the Wichita office of table organizations.
Foulston Siefkin LLP to conduct an internal investigation. The culprits concealed these thefts by simply charg-
Assisted by a forensic accounting firm, Foulston Siefkin ing tickets to such fictitious accounts as RJDD — “Rod-
found that six employees had conspired to improperly sell ney Jones Donor Discretionary” — and not recording the
or use approximately 20,000 KU athletic tickets — mostly ultimate recipients. (Jones was the assistant athletic di-
to basketball games, including the Final Four tournament rector for development and one of the two persons the
— from 2005 through 2010. The sales amounted to more informant identified.)
than $1 million at face value and could range as high as By 2009, a cover-up compounded the original
$3 million at market value. Even worse, the investigators schemes. When the 2008-2009 basketball ticket sale re-
were unable to determine how many of the tickets were cords could not be reconciled, Charlotte Blubaugh told
sold directly to brokers because the employees disguised Brandon Simmons and Jason Jeffries to move documents
these distributions into categories with limited account- from the athletic office to the football stadium where she,
ability, such as complimentary tickets, according to “Uni- Ben Kirtland and Tom Blubaugh would destroy them on a
versity of Kansas athletic tickets scam losses may reach weekend and then attribute their absence to construction at
$3M,” in the Kansas City Business Journal, May 26, 2010. the stadium, according to Foulston Siefkin’s final report to
(http://tinyurl.com/3nvaf76) the KU’s general counsel.
The investigation did not examine years prior to 2005 In a separate scheme, the husband of the associate
because the athletics department did not retain those re- athletic director for the ticket office, who was supposedly em-
cords. The investigation of KU’s ticket sales and fundrais- ployed as a consultant to the athletic department, received
ing operations by federal authorities continued throughout payments totaling $116,500, all approved by the associate
2010 and 2011. athletic director for development. Apparently, the husband
KU’s internal investigation, which was released May 26, did not provide any services in exchange for these payments.
2010, implicated the associate athletic director for develop- Importantly, no allegations or evidence suggested
ment, the associate athletic director for the ticket office, the that any players, coaches or university administrators out-
assistant athletic director for development, the assistant ath- side athletics were involved in these crimes. The athletic
letic director for sales and marketing, the assistant athletic director was not involved in the scheme but accepted re-
director for ticket operations and the husband of the associ- sponsibility for the lax oversight that contributed to its
ate athletic director for the ticket office who had been work- extent and duration. Athletics office employees solely
ing for KU as a paid consultant. perpetrated these frauds.
26 Fraud-Magazine.com
Make an investment in yourself.
Become a Certified
Fraud Examiner.
When you are able to set some time aside and take away all the distractions, it’s
amazing what you can learn. The CFE Exam Review Course offers you four days of
guidance from experienced instructors, giving you all the tools you need to
prepare for and pass the CFE Exam.
Distinguish yourself as an expert in the field by attending our CFE Exam Review Course.
Structured Learning — Learn how to prepare for the CFE Exam January 30 – February 2, 2012
Dallas, TX
Fast Track — Immerse yourself in an intense, 3½ day
preparation period NEW LOCATION!
March 26 – 29, 2012
Instructor-Led — Receive guidance from experienced instructors Singapore
See more information about the CFE Exam Review Course at ACFE.com/CFE-Exam
FRAUD IN COLLEGIATE ATHLETICS
28 Fraud-Magazine.com
FRAUD IN COLLEGIATE ATHLETICS
athletics. The obvious course for universities, barring reducing Both Jeffries and Simmons cooperated in the investigation
sports, is to become better stewards of their athletic resources. from an early stage and received relatively light sentences.
More specifically, the same aspects of college sports that spawned Kassie Liebsch, athletic department systems analyst, pleaded
the scandal at KU and other universities should be the focus of guilty to one count of conspiracy to commit wire fraud and was
improvements, including better transparency and oversight. sentenced to 37 months and $1.2 million restitution. Liebsch was
not identified as a co-conspirator in the spring 2010 investiga-
Transparency tion. She continued to work at KU until the day of her indict-
Public disclosure of an organization’s finances is a powerful de- ment, Nov. 18, 2010.
terrent to numerous types of fraud. Although the U. S. Depart- Rodney Jones, assistant athletic director for development,
ment of Education requires universities to report some data for pleaded guilty to one count of conspiracy to commit wire fraud
athletic programs, it is difficult to compare these disclosures and was sentenced to 46 months and $1.2 million restitution.
among institutions because the law requires reporting only in Charlette Blubaugh, associate athletic director for the ticket
very broad categories. The NCAA requires reporting with great- office, pleaded guilty to one count of conspiracy to commit bank
er detail. However, the public rarely sees such data. Moreover, fraud and was sentenced to 57 months and $2.2 million restitution.
the NCAA allows much leeway on the ways universities can Tom Blubaugh, paid consultant to KU and husband of
categorize such data. Charlette Blubaugh, pled guilty to one count of conspiracy to
A uniform system of accounts and reporting would promote commit wire fraud and was sentenced to 46 months and nearly
comparability and consistency among programs. To increase ac- $1 million restitution.
Ben Kirtland, associate athletic director for development,
curacy and reliability, information provided to external parties
pleaded guilty to one count of conspiracy to commit wire fraud.
should come from universities’ central financial administrations,
He was sentenced to 57 months and nearly $1.3 million resti-
not directly from their athletic programs. A university inter-
tution, including about $85,000 to the U.S. Internal Revenue
nal audit function should be actively involved to enhance the
Service and the balance to Kansas athletics.
quality of reported information. The external agencies receiv-
After the story broke, Athletic Director Perkins announced
ing these reports should post them on the Internet to promote
he would retire in September 2011 and then abruptly retired on
openness and transparency and so independent watchdogs can Sept. 7, 2010. KU has since replaced him with a new athletic
scrutinize them for evidence of wrongdoing. director who makes roughly 10 percent of his predecessor.
An Aug. 10, 2011, court filing indicates that the U.S. attor-
Oversight ney’s office had collected only $81,025 from the five individuals
As with any other organization, simply installing better anti- convicted of conspiracy.
fraud controls is not sufficient to deter fraud. A standard of fraud As Ben Franklin was quoted as saying, “It takes many good
prevention is that controls are only as effective as the people deeds to build a good reputation, and only one bad one to lose
who use them. A lesson from the KU case is that athletic depart- it.” It may be easier to recover the money than the damaged
ments require independent oversight. reputation. Supporters of college athletics have asserted that the
If it is true, as the Knight Report suggests, that university KU ticket fraud represents a crime by employees and not a fail-
presidents feel they are unable to do this directly, then universi- ure of college athletics. However, any enterprise that generates
ties must seek other bodies to provide the oversight. Potential millions and has so little internal control is inviting fraud.
candidates include private university accrediting bodies, state Effective control of intercollegiate athletics will require
boards of higher education or a university’s board of governors. broader social and cultural changes that include good student
Together with improved reporting standards, the move to inde- outcomes over a win-at-all costs mentality. Until that occurs,
pendent review would remove the process from the more political anti-fraud professionals can best serve universities by helping
atmosphere of university presidents and their competing needs to them ensure they receive the revenue they are entitled to for all
run their schools, raise funds and have winning athletic programs. athletic events for advancing the institutions’ goals.
January/February 2012 29
THE
January/February 2012 31
10 TELL-TALE SIGNS OF DECEPTION
a guy jumps out of the bushes and yells at me. I can see
©Stephan Zabel/iStockphoto
he has a gun. He grabs the cash pouch and runs away.
The last I saw him he was headed south on Elm Street.
After he was gone, I called the police on my cell phone
and reported the theft.”
The first three sentences describe the employee’s
drive to the bank in the past tense. But the next three
sentences describe the alleged theft in the present
tense. An alert investigator might suspect that the
employee stole the day’s cash receipts, then drove to
the bank and called the police from the bank parking
lot to report a phony theft. (See another example in
“Antics with Semantics” on page 35.)
32 Fraud-Magazine.com
to make up detailed descriptions of fic-
titious events. Plus, a deceptive person
23rd ANNUAL
wants to minimize the risk that an inves-
tigator will discover evidence contradict-
ing any aspect of his or her statement;
ACFE Fraud
the fewer facts that might be proved
false, the better. Wendell Rudacille, the
Conference
author of “Identifying Lies in Disguise”
(Kendall/Hunt, 1994), refers to seeming-
and Exhibition
ly inconsequential details as “tangential
verbal data” and considers their presence
to be prime indicators that subjects are JUNE 17-22, 2012
telling the truth.
9. Narrative balance
A narrative consists of three parts: pro-
logue, critical event and aftermath. The
ORLANDO, FL
prologue contains background informa- Gaylord Palms Resort & Convention Center
tion and describes events that took place
before the critical event. The critical
event is the most important occurrence
in the narrative. The aftermath describes
what happened after the critical event. In
a complete and truthful narrative, the bal-
ance will be approximately 20 percent to
25 percent prologue, 40 percent to 60 per-
cent critical event and 25 percent to 35
percent aftermath. If one part of the narra-
tive is significantly shorter than expected,
important information may have been
Don’t Miss 2012’s Largest Anti-fraud Event.
omitted. If one part of the narrative is Join forces with thousands of anti-fraud
significantly longer than expected, it may
be padded with false information. The fol-
professionals at the 23rd Annual ACFE Fraud
lowing statement, filed with an insurance Conference and Exhibition in the fight against
claim, is suspiciously out of balance: fraud. You will address the challenges and
“I was driving east on Elm Street critical issues faced by anti-fraud professionals
at about 4:00 on Tuesday. I was on my
during top-level educational sessions and
way home from the A&P supermarket.
The traffic light at the intersection of participate in unmatched networking
Elm and Patterson was red, so I came to opportunities with the premier practitioners
a complete stop. After the light turned and thought leaders from all over the world.
green, I moved slowly into the intersec-
tion. All of a sudden, a car ran into me.
The other driver didn’t stop, so I drove For more information or to register,
home and called my insurance agent.” visit FraudConference.com.
The subject’s statement contains
four sentences of prologue, only one sen-
tence describing the critical event, and
only one sentence of aftermath. The
prologue contains a credible amount of
detail: the day and time of the accident,
the driver’s destination, and the location
January/February 2012 33
10 TELL-TALE SIGNS OF DECEPTION
of the accident. But the description of the critical event (i.e., Statements for Deception and Fraud,” 2009). When people feel
the alleged accident) is suspiciously brief. The claimant did not anxious about an issue, they tend to speak in sentences that are
describe the other vehicle, which direction it came from, how either significantly longer or significantly shorter than the norm.
fast it was going, whether the driver braked to try to avoid the Investigators should pay particular attention to sentences whose
accident or how the two vehicles made contact. length differs significantly from the subject’s MLU.
The aftermath is also shorter than one would expect from a
complete and truthful account of a two-car accident. The claimant The Words Reveal
does not say which direction the other vehicle went after leaving Complete and accurate descriptions of actual events are usually
the scene of the accident. He does not mention getting out of his stated in the past tense and tend to have a predictable balance of
vehicle to inspect the damage nor does he say whether he spoke prologue, critical event and aftermath. Truthful statements gener-
to any people in the area who may have witnessed the accident. A ally contain numerous self-referencing pronouns and include at
claims adjuster receiving such a statement would be wise to inves- least a few seemingly inconsequential details. Truthful statements
tigate whether the policyholder concocted a phony hit-and-run
rarely contain oaths, equivocation or euphemisms. Investigators
story to collect for damages caused by the driver’s negligence.
should apply extra scrutiny to written or oral statements that de-
viate from these norms. Suspects and witnesses often reveal more
10. Mean Length of Utterance
than they intend through their choices of words.
The average number of words per sentence is called the “mean
length of utterance” (MLU). The MLU equals the total number
of words in a statement divided by the number of sentences: Paul M. Clikeman, Ph.D., CFE, is an associate professor in the
Total number of words / Total number of sentences = MLU Robins School of Business at the University of Richmond. His email
Most people tend to speak in sentences of between 10 and address is: pclikema@richmond.edu.
15 words (ACFE Self-Study CPE Course, “Analyzing Written
NEW COURSE!
Using Data Analytics to Detect Fraud will introduce
students to the basics of using data analytics techniques to
uncover fraud. Taking a software-independent approach,
this one-day course provides attendees with numerous
data analytics tests that can be used to detect various
fraud schemes. Attendees will also discover how to
examine and interpret the results of those tests to identify
the red flags of fraud.
34 Fraud-Magazine.com
10 TELL-TALE SIGNS OF DECEPTION
January/February 2012 35
Overachieving Fraud Wolves
in Sheep’s Clothing
Targeting Top-Performing Employees Gaming the Bonus System
Follow this CFE consultant as he uncovers top collection reps at a business call center who inflated their
performances for more money and job advancement. Lesson? Do not always follow the money.
SOMETIMES WE FIND FRAUDULENT ACTIVITY OCCURRING Next, I zeroed in on the accused employees because
IN THE MOST UNSUSPECTING PLACES. What started out the tipster had not provided specific details of the al-
as a routine examination into a tip from an anonymous leged fraudulent conduct. I listened to call recordings,
call-center employee who was concerned with the large reviewed the corresponding accounts associated with
number of suspicious credit card payments a few fellow calls and sat in on some blind monitoring of the col-
employees were processing, turned out to be the discovery lectors’ live calls. Nothing seemed out of the ordinary.
of a whole new area of call center fraud operating right
The targeted collection representatives were very pro-
under the noses of management, compliance, internal au-
fessional, positive and helpful to consumers.
dit, quality assurance and even fraud committee members.
I expanded the investigation to several previous
A call center environment can foster many credit
card processing scams. The most popular is for call cen- months and increased the sampling of calls and ac-
ter agents to retain credit card account numbers, expira- counts. I reviewed consumer complaints containing
tion dates and security codes for themselves or to sell to allegations of unauthorized charges to see if these col-
fraudsters. We also see this scam in restaurants and other lectors had handled them. I still found no question-
retail industries. Fortunately, in this case, the employee able conduct. As a final part of the examination, I in-
who called the hotline supplied the locations and names terviewed the entire business unit staff to uncover any
of the suspicious employees and claimed that the number other employee suspicions of fraudulent activities. I im-
of payments they processed was far beyond the norm. mediately saw that the group members were extremely
As an outside consultant, I first had to become famil- competitive, but management encouraged this through
iar with the work of the business unit and the group in bonuses and advancement to high achievers.
which the suspected employees worked. That unit han- After six or eight interviews, I believed I discovered
dles inbound and outbound phone calls with customers the employee who filed the anonymous report to the ho-
who are past due on delinquent accounts. The collectors, tline. She made remarks that those who “know how to
who use defined call scripts, process payments through work the system” are the ones who make bonuses and ad-
a number of payment options for consumers, including
vance, while those who “play by the rules” are stuck, live
mailing payments, self-performed Internet payments,
paycheck to paycheck and are passed over for promotions.
check by phone, automatic account debit and, naturally,
She struck me as either a disgruntled employee or some-
credit card and debit card payments processed over the
phone. The company provides exceptional training ser- one tired of seeing cheaters prosper. After a few additional
vices for the employees and monitors their work so they probing questions, I had what I needed to develop a theory
comply with company policies, procedures and applicable for what may be the most unsuspecting fraudulent activity
federal, state and even some local statutes. An automated I have ever uncovered. I tore into the historical perfor-
account management system documents all work, and the mance measurements, metrics, reports and employee files
company records all phone calls. of the business unit. What I found was shocking.
36 Fraud-Magazine.com
My interviews with the business unit’s
management and review of historical docu-
mentation showed clearly that the top col-
lection representatives processed over the
phone as much as two to three times the
number of credit card and debit card pay-
ments as the average collector. Incentives for
the number of credit card payments allowed
representatives to earn bonuses.
After I traced the payments to the ac-
counts, I noticed that some collection rep-
resentatives would set up customers on pay-
ment plans to charge their credit cards once
or even twice a week, instead of the typical
payment plan for once every two weeks or
monthly. The total amount the customer
paid was the same, but it was broken down
into smaller amounts and processed regu-
larly to increase the number of payments
per week. Ironically, these “top-performing”
employees appeared to be the most talented,
dedicated, hardest-working phone represen-
©Juan Darien/iStockphoto
tatives in the business unit.
As I reviewed the employment records
and performance reviews of the current and former supervisors We are familiar with criminologist Dr. Donald R. Cressey’s
and managers of the business unit, I found it crystal clear that fraud triangle that defines fraud as the convergence of three
they had all worked their way up in similar fashion. They rou- factors to set the climate for fraud: pressure, opportunity and
tinely outscored their peers at the performance metrics. I ex- rationalization. CFEs are trained to focus their sights on the
panded my investigative analysis to other call center business business resources, processes, procedures, employee activities
units and found the same conduct. and personnel to detect the potential for, and existence of, the
fraud triangle factors. Nevertheless, many fraud examiners do
DRIVING EMPLOYEES TO CHEAT not recognize the existence of these factors in the out-in-the-
Much has been written, preached and practiced in the area of em- open business environment because we are diligently sleuthing
ployee motivation, especially for those directly interacting with for the not-so-obvious, hidden schemes buried deep in the orga-
customers. Management drives them to shatter sales and service nization. Is it possible that fraudulent activity is fully accepted
records, surpass customer satisfaction standards, hit key perfor- and expected? If so, where, and how do we identify it?
mance indicators, out-hustle the competition and find ways to
do more with less. We set goals and budgets, apply performance
THE NUMBERS CAN LIE
metrics, and offer various bonuses and creative incentives.
In this case, the use of data was essential to steer the investi-
Organizations monitor and evaluate employee performance,
gation in the proper direction. Looking at the total payment
and top achievers climb up corporate ladders. If you are passed
over too many times you are branded as stale, and you may lose processed by the representatives in the group in Figure 1 (on
all hope to advance. Those who earn promotions then study the page 38), we see no significant variance. In fact, the highest pro-
playing fields and develop their strategies to move up the next ducers of total payments are reps 112 and 117. However, drilling
rungs of corporate ladders. into the number of debit card and credit card payments pro-
Capitalism through competition. So what is there to worry cessed quickly reveals a statistical anomaly. Reps 114 and 118
about? Plenty. Let us take a deeper look into this activity. clearly processed a disproportionately higher number of these
Typically, CFEs, internal auditors, external auditors, and payments than the others in the group. Because the company
risk and compliance managers will search for fraudulent em- incents reps with bonuses and awards to obtain these payments,
ployee activity by focusing on employee theft, embezzlement, Reps 114 and 118 benefitted.
expense account fraud, larceny, fraudulent check writing or This information caused us to review the details of payments
cashing, vendor contracts and countless other schemes. They and customer accounts. We were alarmed to see that these reps
follow the money and focus on financial transactions and report- were breaking policy by processing payments as often as two
ing as sources for discovery. But significant fraudulent employee times per week on the same customer account to artificially in-
activity can be occurring in the open, and we fail to recognize it flate the number of payments and earn bonuses. The consumers
or the severity of the risks and potential losses. agreed to this practice when the reps told them it was necessary
January/February 2012 37
OVERACHIEVING FRAUD WOLVES IN SHEEP’S CLOTHING
6:54
According to The Committee of Sponsoring 2nd Contact
6:32
6:26
6:21
6:12
6:86
Call Handle Time (min:sec)
4:38
4:25
4:28
4:28
4:31
4:21
4:08
4:19
4:04
4:11
4:11
3:59
3:58
3:59
3:57
3:55
3:57
3:48
3:55
4:12
3:26
3:12
3:07
2:12
2:74
should ultimately “assume ‘ownership’ of the
1:41
1:37
system,” COSO states. However, management
devises goals, targets, budgets and service stan- 0:00
Rep 222 Rep 223 Rep 224 Rep 225 Rep 226 Rep 227 Rep 228 Rep 229
dards and drives them to the production level. A
Representative
close examination of the conduct and behavior
at that level may reveal potential fraudulent ac-
tivity that standard business processes and pro-
cedures have cloaked. Figure 2
We know that certain areas are ripe for em-
ployee fraud, such as expense accounts, com- and data, or the absence of these values from negative data that
mission reports and vendor contracts. But does the definition could be used to improve the organization and its outcomes.
of fraud and Cressey’s fraud triangle apply to activity and con- And finally, does the perpetrating employee receive gain?
duct related to employee performance metrics? We can build This is where we make a critical mistake and overlook the ob-
the case that it does. vious. Up to this point, we are dismissing these acts and omis-
Employees, supervisors or managers who intentionally in- sions by employees as harmless, just seeking to look good to the
flate performance metrics in daily job duties, or omit negative boss, avoid the consequences of missteps or failure, earn that
information or activities, meet the first part of the definition for bonus or climb the ladder in the organization. Employees who
fraud. But what about the requirement for a victim suffering loss are evaluated by performance measurements, metrics, data,
by these actions? Again, the victim here is the employer organiza- etc. who manipulate these values are in essence causing their
tion through the receipt of invalid performance metrics, delivery performances to appear to be better/higher/more valuable to
38 Fraud-Magazine.com
OVERACHIEVING FRAUD WOLVES IN SHEEP’S CLOTHING
the organization than they would actually be otherwise. What compliance reviews originate inside the same departments that
is the motivation? Clearly, for those who are compensated by breed the “culture of fudging the numbers.” You must address it,
commission and bonuses the answer is obvious: money. But job or it will continue. Because pressure from management to hit
retention or advancement also constitutes personal gain. the numbers will always be a source of temptation for all to look
The totality of the definition has been met in the descrip- the other way, the answer is to expand our reach to areas of the
tion of employees who purposefully skew performance metrics. enterprise that possess the resources and skill sets necessary for
It is not hard for frontline employees to cut corners, force orders, independent examination.
shorten calls, bury complaints, etc., day after day to put up some In our case, once we showed executives the data for em-
impressive numbers. ployee performance anomalies, management culture and per-
This environment is ripe with employee incentive/pres- formance-based compensation and advancement history, it was
sure. The opportunity is present for front-liners to manipulate clear that change was required. After we developed and imple-
the input, statistics, calls, paperwork and other job functions. mented training programs to expose and address the conduct
And rationalization is a personal psychological characteristic as fraudulent behavior, we devised measurements and reporting
that has been found to be present in 40 percent of employees, to display such activity to serve as deterrents. In a short period
according to “Managing the Business Risk of Fraud: A Practical of time, performance metrics reflected true and clean data for
Guide.” And according to Freud, rationalization is a defensive employee call statistics. With this information, we were able to
Risk, cost and liability from damage to customer goodwill, brand and exposure
to regulatory actions may be significant once the missteps are revealed.
mechanism that seeks to offer acceptable reasons to others, or accurately identify problem employees and quash the culture
ourselves, for unacceptable behavior. As stated by ACFE found- of “working the system” for bonuses and advancement. In just
er and Chairman, Dr. Joseph T. Wells, CFE, CPA, in his “Corpo- three months we gained a 14 percent increase in KPIs and cus-
rate Fraud Handbook,” “For the purpose of detecting and deter- tomer satisfaction ratings! Only employees playing by the rules
ring occupational fraud, it does not matter whether employees earn bonuses for the right reasons.
are actually justified, but whether they perceive that they are.” Clearly the solutions are very simple, and if you take one
Now that we have seen that frontline employee conduct thing away from this article, this is it: The targets, goals, incen-
may be an undetected area primed for fraud, we need to assess tives and bonuses are not the problem. We must focus investi-
the risk to the enterprise. According to the International As- gative principles and techniques on performance anomalies be-
sociation of Risk and Compliance Management Professionals, cause they are ripe for frontline, transparent fraudulent activity.
the risk and harm sustained by an organization are not limited to It is critical that we segment employee production by tenure,
the losses from employees who work the system to advance and skill and past achievement variances.
earn more money. Risk, cost and liability from damage to cus- A business environment probably already has all the neces-
tomer goodwill, brand and exposure to regulatory actions may sary tools, resources and historical data to assess the accuracy,
be significant once the missteps are revealed. When company or lack thereof, of job performances at any level. Management
management is unable to obtain valid data from operations, the will need to develop controls, checks and balances, monitoring,
impact can be devastating. reporting, ethics training, employee hotlines and preventative
measures to reduce the risk for fraud.
HELP THE COMPANY HELP THEMSELVES We may nip and tuck around the edges to modify behavior,
The environments most susceptible to transparent frontline and still the crafty employees find ways to “hit their numbers”
fraud are those you would not normally suspect: service centers and get the prizes. If we are not diligent in reviewing, reconcil-
within the enterprise with high-volume, measurable workload ing and building operations-oriented analysis tools to identify
functions. These include call center operations, inside order performance anomalies — and investigate them — unrecog-
processing, lead generation, online agent help desks, billing nized fraudulent activity will occur before our eyes.
and collection, telemarketing, mail processing, customer service
centers and back-office operations. Jeffrey Horner, CFE, CRCMP, is chief development officer and
Once you recognize conduct as potentially fraudulent and senior vice president of the Government Services Division of UCB
know where to focus efforts to discover the activity, you must ex- Inc. His email address is: jwhorner@ucbinc.com.
amine what can be done to mitigate that risk. Often, process and
January/February 2012 39
Data Breaches, a 3-Part Series
BREAKING BREACH
SECRECY, Part 3
©PN_Photo/iStockphoto
Analysis Shows Entities Lack Strong
Data Protection Programs
The authors’ analysis of data-breach statistics shows that organizations
poorly protect personal data. Possible solution: U.S. federal rules for
guidance in developing comprehensive data protection programs.
here are data breaches and then there as successful profit-making businesses, constantly
are data breaches. Hold on as we look developing new fraudulent schemes to look for
at two enormous cases reported by the system weaknesses and collect personal identifi-
Privacy Rights Clearinghouse (PRCH) able information (PII).
in its “Chronology of Data Breaches.” However, as our new report and analysis in
Even though the number of records compromised this article show, it is not just blatant hacker ef-
in these two cases is atypical, it does illustrate the forts that cause data breaches. Organizations and
problems consumers face when their personal data individuals who do a horrible job protecting per-
is not protected by organizations that use it. sonal data, of course, create conditions that lead
On Jan. 20, 2009, Visa and MasterCard to the majority of data breaches.
alerted Heartland Payment Systems, a credit and
debit card processor, of suspicious activity related TRACKING THE PESKY BREACHES
to card transactions. After the company inves- Though not all organizations report data breaches
tigated, it found evidence of malicious software publicly, at least three independent groups track
that compromised data on more than 130 million and analyze breaches and publish them in reports:
cards. The incident may have been the result of a the Privacy Rights Clearinghouse (PRCH), Veri-
global cyberfraud operation. zon and the Identity Theft Resource Center®.
On June 16, 2005, hackers infiltrated the net-
work of CardSystems — a third-party processor of Privacy Rights Clearinghouse
payment card transactions — and exposed names, PRCH describes itself as a “nonprofit consumer edu-
card numbers and card security codes of more cation and advocacy project whose purpose is to ad-
than 40 million card accounts, including 68,000 vocate for consumers’ privacy rights in public policy
Mastercard accounts, 100,000 Visa accounts and proceedings.” From Jan. 1, 2005, through press time,
30,000 accounts from other card brands. On Feb. it has tracked, analyzed and classified 2,752 data
26, 2006, CardSystems agreed to settle charges breaches and more than 542 million compromised
with the Federal Trade Commission that it failed records for inclusion in its “Chronology of Data
to have in place the proper security measures to Breaches,” which is updated daily (www.privacy-
protect sensitive personal information. CardSys- rights.org/data-breach) from these sources:
tems notified affected consumers and offered them
• The Open Security Foundation’s DATALOSSdb.
one year of credit monitoring services.
(www.datalossdb.org)
Data breaches that lead to identity theft
have affected the lives of individual consumers, • Databreaches.net, a spinoff from www.PogoWas-
businesses, nonprofit organizations and govern- Right.org, has compiled a wide range of breach
ments at all levels throughout the world, espe- reports since January 2009.
cially in the past decade. Security companies are • Personal Health Information Privacy (www.
constantly working to develop better products for phiprivacy.net/), affiliated with Databreaches.
individuals and organizations to protect personal net, is a database that compiles only medical
information. Many organized cybercriminals work data breaches. Many of these are obtained from
41
BREAKING BREACH SECRECY
the U.S. Department of Health and Human Services’ medical These organizations use differing methodologies to select
data breach list. and classify data breaches, which allow us to view the data from
• National Association for Information Destruction Inc. (www. different perspectives. “Data breaches are not all alike,” accord-
naidonline.org) provides monthly newsletters that include a ing to the ITRC. “Security breaches can be broken down into a
number of data breaches largely resulting from improper docu- number of categories. What they all have in common is that they
ment destruction. usually contain personal identifying information in a format eas-
ily read by thieves, in other words, not encrypted.” That is true,
The PRCH classifies data breaches as:
• Unintended disclosure: sensitive information posted publicly
on a website, mishandled or sent to the wrong party via email,
fax or mail.
• Hacking or malware: electronic entry by an outside party.
• Payment card fraud: fraud involving debit and credit cards
that is not accomplished via hacking. For example, skimming
devices at point-of-service terminals.
• Insider: someone with legitimate access such as an employee
or contractor intentionally breaches information.
• Physical loss: lost, discarded or stolen non-electronic records,
such as paper documents.
• Portable device: lost, discarded or stolen laptops, PDAs,
smartphones, portable memory devices, CDs, hard drives,
data tapes, etc. ©Gualtiero Boffi/iStockphoto
42 Fraud-Magazine.com
The ACFE Career Center
More than just a Job Board.
security breach that put more than 5,000 current and former 2%
External-XTF
Vancouver district school employees at risk for identity theft.
18%
IL: Internal — loss of data: For example, on Oct. 15, 2009, External-XP
the Virginia Department of Education reported that a flash drive
containing 103,000 student names, SSNs, and employment and 59%
demographic data was misplaced. External-XH
44 Fraud-Magazine.com
BREAKING BREACH SECRECY
January/February 2012 45
CFE Exam Prep Course® | Books and Manuals | Self-Study CPE | Software | Merchandise | Toolkits
ACFE.com/Shop
Ordering is Easy! Course
(800) 245-3321 / +1 (512) 478-9000 Workbook CD DVD Online E-Workbook
Formats
SELF-STUDY CPE
Unfortunately, “Interviewing Techniques 101” is not a course most of Locate Hidden Assets
us took in school. As a fraud examiner, however, you are challenged $59 M Course Level: Basic
with the task of interviewing on a regular basis. This toolkit includes $79 NM Prerequisite: None
four resources to help you improve your interviewing skills and ensure
Every anti-fraud professional needs the tools to
you become a more effective interviewer: $139 M pursue an investigation that involves a search for
$159 NM concealed assets. This course gives you insight
UÊ Finding the Truth: Effective Techniques for Interview and on how to locate hidden assets and how to iden-
Communication (20 CPE Credits) $159 M tify and trace hidden payments and sources of
$179 NM income. Hear from fraudsters about how to hide
UÊ Fraud-Related Interviewing
assets and from anti-fraud experts on how to find
UÊ Interviewing and Interrogation, Second Edition them.
UÊ Report Writing Manual
Ethical Issues for Fraud
NEW!
CPE Credit: 2
Regular Price: $254 Members / $270 Non-Members Examiners (Online Self-Study)
Bundle Price: $179 Members / $229 Non-Members $59 M CPE Credit: 2
$79 NM Course Level: Basic
Prerequisite: None
NEW!FCPA Investigations: Combating
CPE Credit: 4 Corruption in International Business Ethical Issues for Fraud Examiners will help you understand what con-
stitutes an ethical dilemma and develop an awareness of ethical is-
$119 M (Online Self-Study) sues faced by fraud examiners. The course also presents six fictional
$159 NM Course Level: Intermediate scenarios that illustrate potential ethical situations that pertain to fraud
Prerequisite: None examinations. The purpose of these scenarios is not to provide you
with solutions, but rather to familiarize you with some types of ethical
FCPA Investigations: Combating Corruption in International Business
dilemmas that might arise in a fraud examination.
provides you with important information to help you, your company
and its employees avoid adverse consequences and combat bribery
in international business. This course offers an overview of the FCPA, NEW! Inside the Fraudster’s Mind
discusses how you should respond to evidence of corruption, presents CPE Credit: 16
(Fulfills 2 hours ethics CPE requirement)
a roadmap that will help you conduct investigations of suspected cor-
$59 M CPE Credit: 8 (Fulfills 2 hours of required Ethics CPE)
ruption and discusses how to conclude an investigation.
$79 NM Course Level: Basic
NEW! Fraud Risk Management Prerequisite: None
CPE Credit: 3 $109 M
Course Level: Intermediate Understanding the thoughts and feelings of a
$129 NM fraudster can provide valuable insight to enhance
$89 M Prerequisite: None
an organization’s anti-fraud efforts. This course
$109 NM The field of risk management has attracted in- $129 M will explore psychological information that is key
creased attention in the wake of the economic $179 NM to the successful development of a fraud preven-
meltdown as the public comprehends the negative effects of uncon- tion and detection program. In the accompanying
tained risk. This course explains why managing fraud risk is important for training video you will hear ten convicted fraudsters explain directly
organizations and the steps to develop an effective fraud risk manage- what they were thinking when they decided to commit fraud and how
ment program. they finally got caught.
Highlights Include:
t The business case for managing fraud risk
t Objectives of a fraud risk management program
t The components of a fraud risk management program
t A discussion of COSO and other risk management frameworks
percent of the total data breaches but only 2 percent of the total The Massachusetts law is considered one of the strictest
compromised records. Lastly, XTNF, or the “theft of data by a in the U.S. The standards and precise requirements that are
non-employee with low or no probability of fraudulent intent,” paraphrased and listed below might be a model for other U.S.
accounted for only 8 percent of the total compromised records states, the U.S. Congress and perhaps some foreign countries
but an amazing 24 percent of the total data breaches. for developing comparable legislation. They will also provide
valuable guidance for organizations and consultants who advise
Analysis? Numerous Data Compromises Without Controls them about specific elements that should be addressed in setting
The results strongly indicate that the organizations experi- up a comprehensive data protection program.
encing these data breaches lack strong comprehensive data The law states that “every person that owns or licenses per-
protection programs. As a result, the personal data that or-
For example, if
ganizations should control and safeguard more easily is being
compromised in many ways.
companies properly
For example, 26 percent of the total breaches result from
the internal “improper protection and disposal of data.” Exam- protected and/or
ples include posting data online — including SSNs on mailing disposed data by
labels — giving documents or hard drives to recyclers that in- securing physical
clude personal information (how about destroying them inter- facilities, software
nally?) and leaving documents containing personal data unat- and hardware, then
less data, such as
tended in the workplace.
Do we know if any of the compromised records in this cat-
egory of data breaches were used for identity theft purposes? No, employee SSNs,
but the opportunity exists. As we know, closing the door on op- would be lost or
portunity is one of the best methods for fraud prevention. misplaced. ©Ivelin Radkov/iStockphoto
The “protection and disposal of data” category is also direct-
ly linked to two other internal data breach and three external sonal information about a resident of the Commonwealth shall
subtype categories. For example, if companies properly protect- develop, implement, and maintain a comprehensive informa-
ed and/or disposed data by securing physical facilities, software tion security program. …” That includes the following standards
and hardware, then less data, such as employee SSNs, would be and requirements briefly outlined by InstantSecurityPolicy on
lost or misplaced. And employees or non-employees would be its website at: http://tinyurl.com/4xnnoky.
stealing less internal and external data, such as customer debit In the section of the Massachusetts law, “17.03: Duty to
card numbers and other personal data. Also, as we wrote earlier, Protect and Standards for Protecting Personal Information,” ev-
organizations could better control internal and external hacking ery comprehensive information security program shall include,
and resulting identity theft if they were required to encrypt all but not be limited to:
sensitive data with the use of the 128-bit encryption standard.
a. Designating one or more employees to maintain a compre-
hensive information security program.
SELF-REGULATION NOT WORKING
It is obvious that many organizations need guidance in develop- b. Identifying risks to the security, confidentiality, and/or integrity
ing comprehensive data protection programs. Self-regulation has of records containing personal information, and improving cur-
not worked; maybe federal rules might help. Because of recent na- rent safeguards where necessary, including 1) ongoing employee/
tional exposure on data breaches, the U.S. Congress is considering contractor training, 2) employee compliance with policies, and
legislation on this topic. But do not hold your breath because they 3) means for detecting and preventing security system failures.
have been considering legislation on notification of data breaches c. Developing policies relating to the storage, access, and trans-
for the past three sessions and have not passed any law. (The 2007 portation of personal information outside of business premises.
U.S. “Red Flags Rule” does require many business and organiza- d. Imposing disciplinary measures for violations of the security
tions to implement a written identity theft prevention program policy.
designed to detect the warning signs of identity theft in their daily
e. Preventing terminated employees from accessing records
operations. See http://tinyurl.com/d6de4y.)
containing personal information.
The state of Massachusetts, on the other hand, has re-
cently passed a comprehensive data protection law (201 CMR f. Oversee service providers by 1) selecting and retaining service
17.00) containing standards and requirements directly related providers capable of securing personal information and 2) re-
to the types of internal and external data breaches described quiring service providers by contract to implement and main-
and analyzed in this article. tain appropriate security measures for personal information.
48 Fraud-Magazine.com
g. Placing restrictions on physical access to records containing (2) Secure access control measures that:
personal information and securely storing of this information. a. Restrict access to files containing personal information to
h. Regular monitoring to ensure the security program is op- those who need such access.
erating in the intended manner and upgrading safeguards b. Assign non-vendor-supplied, unique identifications and pass-
where necessary. words to each person with computer access that are designed
i. Reviewing security measures at least annually or whenever it to maintain the integrity of the security of the access controls.
is reasonably necessitated by a change in business practices. (3) Encryption of all transmitted files containing personal
j. Documenting actions taken in response to any incident in- information when traveling across a public network or a wireless
volving a breach of security, and a post-incident review of connection.
events and actions taken. 17.04 (4) Monitoring of systems for unauthorized use of or access
to personal information.
Computer System Security Requirements (5) Encryption of all personal information stored on laptops
(1) Secure user authentication protocols including: or portable devices.
(6) Use firewall protection and reasonably up-to-date
a. Control of user IDs and other identifiers.
patches on Internet-connected systems that contain personal
b. A reasonably secure method of assigning and selecting pass- information.
words or other unique identifiers. (7) Use anti-virus/anti-malware software with reasonably up-
c. Control passwords to ensure that the location and/or format to-date patches and virus definitions on Internet-connected systems
does not compromise data security. that contain personal information.
d. Restricting access to active user accounts only. (8) Education and training of employees of the proper
use of the computer security system and the importance of
e. Blocking access after multiple unsuccessful logon attempts.
information security.
Is your deadline for CPE fast-approaching? All Certified Fraud Examiners must earn
the required 20 Continuing Professional Education (CPE) credits to remain in good
standing. If you are a CFE and want to make sure you have your 10 required fraud-
related credits, then take advantage of ACFE’s Fraud Magazine CPE quizzes.
January/February 2012 49
BREAKING BREACH SECRECY
RESTORING TRUST
Never-ending data breaches have seri-
ously jeopardized our national security
and trust in organizations to protect per-
sonal data. In the same way that the U.S.
Sarbanes-Oxley Act has restored the NEW! Ethical Issues for Fraud Examiners
public’s confidence in our financial mar- (Online Self-Study)
kets, the federal government would do
well to pass a similar law to restore the
CPE Credit: 2
public’s confidence and trust in transact- Course Level: Basic | Prerequisite: None
ing business electronically.
In your work to resolve allegations of fraud, you might encounter
Robert E. Holtfreter, Ph.D., CFE, ethical issues that require you to look beyond the technical require-
CICA, is distinguished professor of ments of your job and toward the moral dimensions. But ethical
accounting and research at Central issues can be perplexing. What is the right thing to do?
Washington University in Ellensburg, Wash.
His email address is: holtfret@cwu.edu. Ethical Issues for Fraud Examiners will help you to understand
what constitutes an ethical dilemma and help you to develop an
Adrian Harrington graduated from awareness of ethical issues faced by fraud examiners.
Central Washington University in
Ellensburg, Wash., in June 2011 with a
Bachelor’s Degree in Economics. His email What you will learn:
address is: aaharrington87@gmail.com. tEthical values that you are expected to honor when carrying out your
fraud examination duties.
(Robert E. Holtfreter thanks co-author
tUnderstandintg ethical decisions
Adrian Harrington, a former student in his
fraud examination class, who volunteered to tConsiderations to keep in mind as you work toward your own
work for him as an unpaid research assistant. resolutions of ethical dilemmas. Imperative, utilitarian and
“He has worked hundreds of hours over the generalization ethical principles
past 18 months providing outstanding intel- tHow to locate resources that might be useful to you in resolving
lect, leadership and work ethic in helping to ethical dilemmas.
conduct research and investigate the data
breach area, develop our data breach clas-
sification model, analyze the data and write Order your copy today at
this article and work on others. He has a se- ACFE.com/EthicalIssues
rious interest working in the fraud area and
will make a great investigator.” – ed.)
50 Fraud-Magazine.com
“The CFE credential is known and respected
around the world.”
B
ankruptcy fraud, which is a form of financial state-
ment fraud, is perpetrated by concealing assets Almost two years after the initial filing, the
through misappropriation and/or a misclassifica-
tion of accounts. In the following case, we will bankruptcy court established the value of the
show how delayed bankruptcy schedule filings,
farmland at $2,926,000, which differed from the
inaccurate bankruptcy schedules and incorrect monthly
operation reports can create an opportunity for a dishonest initial $1,116,000 valuation on the schedules.
debtor to misappropriate assets of a bankruptcy estate.
The consequences of this particular bankruptcy fraud
case resulted in $1.5 million in misappropriated assets, neg- that undermined what little trust existed. The attorney ini-
ligence action against the attorney and the convicted debtor tially filed for a Chapter 12 bankruptcy proceeding, which is
receiving a 10-year prison sentence. a type of bankruptcy for farmers who have less than $1.5 mil-
lion of debt. However, his client’s estate had more than $1.5
THE DAIRY FARMER CASE million of debt, and the attorney admitted during his deposi-
The wayward debtor in this case, a dairy farmer (we will call tion that he knew his debtor did not qualify for Chapter 12
him Stan), was suspected of gambling away the majority of at the time he submitted the filing. A plausible explanation
the misappropriated $1,528,502 from the estate at casinos. for the attorney’s action was that a Chapter 12 filing would
Eight months prior to filing bankruptcy, Stan submitted result in future filings to correct the initial filing. Those filings
a signed personal financial statement showing $5,582,103 of would delay reporting requirements for the debtor.
assets and $4,842,505 of liabilities, which set his net worth The attorney continuously requested extensions to file
at $739,598.Three months prior to filing bankruptcy, Stan bankruptcy schedules, saying that he wanted to ensure their
submitted a signed personal financial statement showing accuracy. However, the amended bankruptcy schedules were
$11,607,450 of assets and $4,981,100 of liabilities, which also inaccurate. Moreover, Stan’s monthly reports of opera-
then made his net worth $6,626,350.
tions, when they were filed with the U.S. Trustee office, were
When he finally filed, the assets of the farmer’s bank-
filled with inaccuracies and misapplications of accounts. The
ruptcy estate consisted of farmland, farm equipment, build-
most cursory review could detect these inaccuracies, so it was
ings, dairy cows, growing crops and crops in storage. The
clear that the attorney had not reviewed these reports prior
bankruptcy schedules showed real property of $1,116,000 and
personal property of $574,370, for total assets of $1,690,370. to their submittal. Lastly, Stan’s plan for reorganization was
The farmer’s liabilities consisted of secured creditors and pri- submitted late and was unrealistic in scope. The creditors’
ority creditors holding claims of $4,661,866, and unsecured attorneys objected to virtually every filing.
creditors holding claims of $293,202. This brought the total Because of these delays, the creditors did not have accurate
claims to $4,955,068. information about the estate’s assets and monthly cash flow, and
Stan was able to maintain control over the estate’s assets for
COURSE OF THE BANKRUPTCY 2½ years, instead of being removed and replaced with a court-
This bankruptcy was extremely adversarial from the begin- appointed Chapter 7 trustee who would administer the estate.
ning. The bankruptcy estate attorney imposed several delays Almost two years after the initial filing, the bankruptcy court
52 Fraud-Magazine.com
Case in Point
established the value of the farmland at $2,926,000, which To further explain, in most dairy farm operations, dairy
differed from the initial $1,116,000 valuation on the schedules. cows produce less milk over time; therefore, it is normal for a
The farmland eventually sold for more than $3 million. dairy farm to sell approximately 20 percent to 25 percent of
The risk to the creditors was not the farmland’s de- its herd every year for meat and then replace those animals
creased value on the schedules, because the farmland itself with younger dairy cows. A significant number of calves born
was not a liquid asset. The real risk was Stan’s misappropria- every year can be kept or sold, but these animals typically are
tion of assets (i.e., dairy cows, farm equipment, etc.) when not on the accounting books because they have no basis.
he sold those assets outside the normal course of business Following are the specific ways the bankruptcy court
without first obtaining the court’s permission. He used the liquidated the assets:
funds from those sales for his personal gain.
The creditors attempted to deter the debtor’s liquidation
1. Dairy cows sold
of assets by taking inventories and by taking court action.
Depreciation records showed that Stan bought 957 dairy
However, the court action was slow and the inventory results
cows at an average cost of $1,229 per cow in the four years
were disputed. Without cooperation from the estate attorney,
the creditors did not accomplish much in trying to thwart prior to the bankruptcy. The average useful life of a dairy
the debtor from liquidating his assets. cow is five years, and then it is sold for beef. The bankruptcy
The debtor misappropriated the following assets for schedules showed 252 cows on hand. Two-and-a-half years
these amounts: after the initial bankruptcy filing there was a total liquida-
tion of dairy cows that resulted in a sale of 102 cows for
• Dairy cows ..............................................................$638,925
which the estate received $49,574.The bankruptcy estate did
• Grain sales not deposited to estate.........................$308,895
not recover everything else that was sold.
• Withdrawals of cash ...............................................$221,775
• Farm equipment and vehicles ................................$167,500 2. Calves sold
• Direct payment to debtors........................................$75,000 It was estimated that there were 957 cows in the herd at
• Accounts receivables not disclosed on schedules ....$43,341 the time of the bankruptcy filing, which would result in a
minimum of 574 calves produced per year. However, there is
• Preference payments.................................................$62,230
no evidence that funds from these sales were deposited in the
• Miscellaneous ...........................................................$10,836 bankruptcy estate.
• Total ....................................................................$1,528,502
3. Milk production
HOW THE ASSETS WERE LIQUIDATED The dairy farm was making about $240,000 monthly in milk
During a bankruptcy, the law allows inventory held for sales, which was being deposited in the bankruptcy accounts.
sale by the business to be purchased and sold in the normal Stan made a side deal with his milk buyer, who agreed to pay
course of business as long as the creditors are protected. For less for the milk and then make $8,000 monthly payments
instance, inventory cannot be sold at below-market value,
directly to the debtor. This money never came into the
but it can be sold at market value during the normal course
bankruptcy estate.
of business. Also, estate assets that are used to produce in-
come cannot be sold without the court’s permission. To apply
4. Crop sales
these rules to the dairy farm case, the milk produced by the
cows could be sold at market price in the normal course of Crops were grown using assets of the bankruptcy estate.
business. However, the cows that produce the milk could not However, during at least one year, Stan sold the crops and
be sold without the court’s permission. never deposited the receipts and money from the sales in the
There is a gray area within the definition of “normal bankruptcy estate.
business operations,” and this is where a dishonest debtor can
do harm to creditors, shareholders and the business itself. In 5. Farm equipment
the dairy farm case, Stan perverted the dairy farm’s “normal It should be difficult to liquidate farm equipment that is in
operations” to his benefit and the harm of the creditors. (The a bankruptcy proceeding because of Uniform Commercial
attorney, though not proven to be negligent, caused the Code filings on the equipment. However, Stan was able to
delays that allowed Stan to pervert operations.) liquidate his equipment in two ways:
January/February 2012 53
Case in Point
• The first was leased farm equipment accountant made several errors. When pre-
that had a significant residual value — paring the monthly reports of operation, he:
If the accountant had been
$45,000 more than what he owed on • Did not have copies of checks or deposits.
more experienced or the lease. It appears that Stan returned
the equipment to the leasing company • Did not have a check register.
properly instructed prior • Relied on descriptions of checks and
with some agreement that he personally
to performing his court- received the residual value. The residual deposits provided by Stan.
value never came back to the estate. • Did not question Stan about the
appointed duties, it is
• The second method involved used farm appropriateness of deposits made or
reasonable to expect that equipment as a part of a blanket security checks written.
Stan would have been agreement for an operating loan Stan had • Did not consider it his responsibility to
obtained prior to the bankruptcy. In this question unusual expenses or deposits.
deterred. As it stood, instance, the equipment was placed for
• Did not know that Stan was not allowed
Stan was allowed to auction out of the area with the proceeds
to have personal bank accounts other
going to a relative.
liquidate assets and than the debtor in possession accounts.
If the accountant had been more
pocket the proceeds. 6. Withdrawals of cash
experienced or properly instructed prior to
Without adequate supervision and con-
performing his court-appointed duties, it is
trols, Stan wrote checks to cash totaling reasonable to expect that Stan would have
$221,775 out of the bankruptcy estate. been deterred. As it stood, Stan was allowed
At the pre-filing conference, the estate to liquidate assets and pocket the proceeds.
attorney counseled the debtor to hoard cash Two-and-a-half years after the initial
to prepare for footing the bankruptcy ex- filing, the court finally appointed a Chapter
penses. What the attorney probably meant 7 trustee to liquidate the estate. One month
was to not pay creditors, lessors and other later, the original attorney for the bank-
accounts payable prior to filing for bankrupt- ruptcy estate resigned.
cy and the automatic stay (an injunction
that halts the bankruptcy’s courts actions). WHAT THE CREDITORS COULD HAVE DONE
The goal was to keep as much money as pos- Early on, the creditors realized that Stan
sible in the bankruptcy checking account so was dishonest, and there was a real risk that
the debtor could continue to operate amidst he would misappropriate the assets. The
the business disruptions associated with creditors hired appraisers, took inventories
filing for bankruptcy. However, the debtor, of the assets and filed court documents to
who had dishonest intentions, interpreted protect their assets during the bankruptcy.
this advice as keeping as much actual cash However, these actions failed to deter Stan.
in the house as possible and to not report it. The creditors could have engaged a
It is suspected that the debtor had in excess forensic accountant/CFE to inspect the
of $100,000 cash on hand at various times debtor’s monthly reports of operations. This
person could have:
during the course of the bankruptcy.
• Verified reconciliations of bankruptcy
THE INEXPERIENCED ACCOUNTANT accounts.
Approximately one year after the initial • Verified that all payments were for
bankruptcy filing, the court appointed an appropriate services.
accountant to prepare the monthly reports • Verified that all deposits were being made
of operation. The inexperienced insolvency to the appropriate accounts.
54 Fraud-Magazine.com
Case in Point
• Reviewed prior years’ purchases and accounts payables to the judge; the court could have appointed a more experi-
verify the existence of assets that were in the bankruptcy enced accountant, etc.
schedules or that should be in the schedules.
• Notified the creditors of anything that appeared unusual or PROFESSIONALS’ ROLES
inappropriate. Most experienced forensic accountants, and many CFEs, can
It is true that these services can be costly, so creditors review businesses in bankruptcy and determine fairly quickly if
should only take this route when the expense can be justified the debtors are following the rules. If a debtor is following the
rules, these professionals will only need to periodically review
by the risk of loss.
operations reports, greatly reducing the cost of the accoun-
The Chapter 7 trustee engaged me to quantify and prove
tant’s services. Such reviews will give the creditor the informa-
the amount of misappropriated assets. There was virtually
tion required to force the court to act quickly, either by remov-
nothing left for the creditors, except for a cause of action ing the debtor in possession or by forcing the individual to
against the original bankruptcy attorney. report as required. Either way, the creditor is better protected.
As is frequently the case in misappropriations, the
involved parties missed many obvious opportunities to stop
or minimize the fraud, prior to and during the bankruptcy. Roger W. Stone, CFE, is the owner and operator of
For example, Stan’s attorney could have resigned when he Management Accounting Services in Champaign, Ill. His
realized his client was dishonest; the U.S. Trustee office primary business is providing insolvency and forensic accounting
could have been more proactive in reporting the level of services to businesses and attorneys. His email address is:
extreme inadequacy of the monthly operating reports to rstone@financialstatements.net.
Here is a summary of the key players in a bankruptcy filing and the trustees being appointed to future cases. Also, the risk of
their respective interests: going to trial is that the plaintiff could lose, which means there
The bankruptcy estate attorney. In most cases, attorneys might not be funds to pay the Chapter 7 trustee.
in bankruptcy cases will resign when they believe they are The U.S. Trustee office. The office may not want a case to
representing individuals who are not adhering to the rules of go to trial because it could be revealed during the trial that the
bankruptcy. In my opinion, attorneys on these types of cases office was not carefully reviewing the debtor’s monthly operat-
are not paid enough to get entangled with dishonest persons; ing reports.
the amount of the attorney’s fees is miniscule compared to the The judge. This player might not have a dog in the hunt.
amount that dishonest persons steal. Attorneys want their insur- However, in my opinion, judges seem reluctant to find lawyers
ance to settle the case before it goes to court. guilty of negligence.
The malpractice insurer. Working for the estate attorney, the The creditors. They are motivated to go to trial or settle for
insurer is motivated to settle the case for the minimum if engaged. the maximum amount. However, it is the Chapter 7 trustee’s call
The Chapter 7 trustee. The Chapter 7 trustee is torn be- as to whether or not to settle — not the creditors. Their primary
tween recovering the maximum amount for creditors and doing recourse is to object to what they perceive as an unreasonable
something that might upset the U.S. Trustee office and jeopardize settlement between the Chapter 7 trustee and the insurer.
January/February 2012 55
Taking Back the ID
Identity Theft Prevention Analysis
By Robert E.
Holtfreter, Ph.D.,
CFE, CICA
56 Fraud-Magazine.com
Taking Back the ID
Identity Theft Prevention Analysis
January/February 2012 57
Global Fraud Focus
Examining Cross-Border Issues
By Richard Hurley, Ph.D., J.D., CFE, CPA;
and Tim Harvey, CFE, JP
A
ccording to a June 5 article, “China foreign list-
ings dogged by scandal,” by Robert Cookson The recent wave of accounting issues and
in the Financial Times, a spate of scandals at
Chinese companies listed in New York, Hong scandals involving Chinese firms has raised
Kong and Toronto is unsettling investors. regulatory concern levels from a small crack to
“It seems to have bubbled into a hysteria and creates an
unfortunate overhang over all Chinese companies seeking to a chasm. Furthermore, short sellers are not
raise capital in the U.S. markets,” said William McGovern, helping to distinguish reality from rumor.
Hong Kong-based partner at Kobre & Kim and former en-
forcer at the U.S. Securities and Exchange Commission. “It
has become hard for investors to separate fact from fiction.”
(http://tinyurl.com/5udkgk3) The report summarizes the concept of reverse mergers
And a May 26 article in The New York Times, “The (also known as backdoor mergers) as: “… any acquisition
Audacity of Chinese Frauds,” by Floyd Norris, explains of a private operating company by a public shell company
how Deloitte Touche Tohmatsu exposed fraud at one of its that typically results in the owners and management of the
long-time clients, the Chinese financial software company private operating company having actual or effective voting
Longtop Financial Technologies. Apparently, the company and operating control of the combined company. Through a
fooled some smart people into buying devalued stock. (http:// reverse merger transaction, although the public shell com-
tinyurl.com/6axc5ll) pany is the surviving entity, the private operating company’s
Are these stock scandals “legitimate” frauds aided by shareholders control the surviving entity or hold shares that
backdoor investment listings and outsourced by auditing firms? are publicly traded. In a reverse merger transaction, the entity
Or are they works of fabrication initiated by short sellers reap- whose equity interests are acquired (the legal acquiree) is the
ing profits selling on stock price declines either by allegations acquirer for accounting purposes.” The end result is that:
or innuendo? The reality is that there is probably a mixture of 1. The private company has access to the U.S. financial
everything from fact and fraud to analysis and anxiety within markets as a registered SEC reporting company without
the perceived red-hot Chinese stock market. filing a registration statement under the Securities Act of
Would-be investors should be aware of the potential 1933 or the Exchange Act of 1934, but the public shell
for fraud in any investment no matter its national origin. company must file Form 8-K filing with the SEC.
The U.S. Public Company Accounting Oversight Board
2. The private company probably incurs a lower
(PCAOB) released a report on March 14 on the “Activ-
accounting, legal and filing fee and gains faster access
ity Summary and Audit Implications for Reverse Mergers
to capital markets than filing an IPO.
Involving Companies from the China Region” (the China
region refers to the People’s Republic of China, Hong Kong 3. Investors may perceive added value to the public shell
Special Administrative Region and Taiwan) from Jan. 1, company. (See http://tinyurl.com/3s8tkq9 and
2007, through March 31, 2010 (Research Note #2011-P1). http://tinyurl.com/3awrx3g.)
58 Fraud-Magazine.com
Global Fraud Focus
Examining Cross-Border Issues
The PCAOB’s March 11 report on reverse mergers investors, they need the credibility that comes from being
identified 159 companies, with a market capitalization of part of a joint inspection process that includes the U.S. and
$12.8 billion, that have accessed the U.S. capital markets via other similarly constituted regulatory regimes. In light of
a reverse-merger transaction from Jan. 1, 2007, to March 31, these risks, the PCAOB’s inability to inspect the work of reg-
2010. During that same time, only 56 Chinese companies, istered firms from China is a gaping hole in investor protec-
with a market capitalization of $27.2 billion, completed the tion.” (http://tinyurl.com/3dns5eo)
initial public offering (IPO) process. The recent wave of accounting issues and scandals
Although Chinese auditors completed 24 percent of the involving Chinese firms has raised regulatory concern levels
audits of Chinese reverse mergers, the PCAOB staff takes is- from a small crack to a chasm. Furthermore, short sellers
sue with some U.S. registered accounting firms because “they are not helping to distinguish reality from rumor. Take, for
may not be conducting audits of companies with operations example, Sino-Forest, a Chinese forestry company listed on
outside of the U.S. in accordance with PCAOB standards.” the Toronto exchange. Robert Cookson, reporting in the
On July 12, 2010, the PCAOB issued Staff Audit Practice June 6 Financial Times article, “China foreign listings dogged
Alert No. 6, Auditor Considerations Regarding Using by scandal,” writes that in a few days Sino “lost more than
the Work of other Auditors and engaging Assistants from two-thirds of its market value since Thursday after Muddy
Outside the Firm, which highlighted the PCAOB’s concerns Waters, a research firm founded by short-seller Carson Block,
with auditors hiring external auditors and staff to perform accused the company of overstating its sales and the value of
audits outside the U.S. including ones in the Chinese region. its forest land.” (http://tinyurl.com/3svmcn4)
(http://tinyurl.com/63wrvpg) Sino denied the allegation and claimed Muddy was
The PCAOB inspection staff observed that in “some sit- “muddying the waters” to profit from short selling. However,
uations it appeared that U.S. firms provided audit services by another forestry group, China Forestry, had its shares sus-
having most or all of the audit performed by another firm or pended in January, 2011 after its chief executive was arrested
by assistants engaged from outside the firm without comply- for the alleged embezzlement of $4.6 million.
ing with PCAOB standards applicable to using the work and Cookson, reporting in his June 6 Financial Times article,
reports of another auditor or supervising assistants. In one writes that in the last six months “more than 25 New York-
case the U.S. firm’s personnel did not travel to China region listed Chinese companies have disclosed accounting discrep-
during the audit, and substantially all of the audit documen- ancies or seen their auditors resign. … Nasdaq and NYSE
tation was maintained by the Chinese firm that did the audit Euronext have halted trading in the shares of at least 21
work.” (See footnote 37 of http://tinyurl.com/3knf6db.) small and micro-cap Chinese companies in the past year, and
SEC Chairman Mary Schapiro is also working with kicked five of them off the exchanges.”
Chinese regulators to address areas of concern. One key issue
Doty is optimistic that the PCAOB can reach an agree-
is the PCAOB’s inability to inspect the reverse-merger firms
ment with Chinese regulators on inspections. In the interim,
in China. SEC Commissioner Luis Aguilar was a little more
investors should understand that investing in China has its
emphatic with his concerns when he addressed attendees of
own sets of investment risks. Then again, they should realize
the Council of Institutional Investors Annual Conference on
that in a post-Enron, Madoff, Paramlat, Satyam, Siemens and
April 4, 2011: “While the vast majority of these companies
Societe Generale world, fraud has no national boundaries.
may be legitimate businesses, a growing number of them
Just remember: No nation has a monopoly on stock fraud.
have accounting deficiencies or are outright vessels of fraud.”
Investors must be diligent and be aware of the risks and act
The PCAOB also has difficulties in inspecting Chinese
accordingly. Caveat Emptor — Let the buyer beware.
audit firms that have registered with the agency. Michael
Rapoport reported in the August 8 article, “Progress Cited on
Audits in China,” in The Wall Street Journal, that Chinese Tim Harvey, CFE, JP, is director of the ACFE’s UK Operations,
authorities have not granted permission to the PCAOB to a member of Transparency International and the British Society of
enter their country to evaluate audit firms who are registered Criminology. His email address is: tharvey@ACFE.com.
with the agency. (http://tinyurl.com/63xzwrl)
On April 4, PCAOB Chairman James Doty said in a Richard Hurley, Ph.D., J.D., CFE, CPA, is a professor in
speech to the Council of Institutional Investors that, “If the University of Connecticut (Stamford) School of Business.
Chinese companies want to attract U.S. capital for the long His email address is: rhurley@business.uconn.edu.
term, and if Chinese auditors want to garner the respect of
January/February 2012 59
Meet the Staff
60 Fraud-Magazine.com
enough, she also took classes her last two years of high school to
become a licensed cosmetologist, which is how she paid her way
through college.
Ashly graduated from high school in 2003 and attended
Texas State University in San Marcos, 30 minutes south of
Austin. It took her a while to figure out her major. She initially
decided on accounting, because she is good at math, but then
Ashly took a speech class, which she loved so much that she
majored in mass communication. She also loves to counsel
people, so she minored in psychology.
Working full time as a hairdresser and attending school full
time meant she took a little longer to earn her Bachelor of Arts
in Mass Communication, which she did in 2009.
January/February 2012 61
ACFE News
62 Fraud-Magazine.com
tacted the Austin headquarters to ask some questions and learn
what I could. I remember sitting in my office a few days later
and receiving a call from [now ACFE President and CEO] Jim
Ratley asking if I needed additional information. We had a very
nice conversation during which he said he hoped that with my
accounting background, combined with the interest I expressed
in fraud issues, I would seriously consider membership. And as
they say, that was that!
(Thanks to Lupe DeLeon, ACFE membership coordinator,
for assistance with this interview. — ed.)
Cost
Cost effective.
effffective Time
Time saving.
saving CConvenient
Convenient.
onvenient.
t.
t Receive a 10% discount on your dues t Your dues are automatically paid
each year you are enrolled in the service. each year — no need to write a
check or pay online.
t Get $75 off a live ACFE training event.*
t No interruption of member benefits
t Environmentally friendly - paper state- and services.
ments and postage are eliminated.
January/February 2012 63
ACFE News
show. The credential has helped his career, and the program has In Memoriam
tested his resolve.
“I wanted the opportunity to experience the world’s most
entertaining and challenging obstacle course while appearing Major Karl J. Flusche, CFE,
on prime-time TV,” said Kennedy, the supervising management USAF, Ret., passed away on
analyst for the San Diego Public Utilities Department. Nov. 16. He was director
You have probably seen this wildly popular show when and manager of all elec-
channel surfing: Contestants move through a course of twirl- tronic evidence collection
ing and thrusting padded plastic wheels, giant balls, platforms activities for Fios Inc.
and mazes as they are shot with water cannons, pummeled with ACFE President and
exploding airbags and often ungracefully fly into pools of water. CEO James D. Ratley, CFE,
“From my couch, being on the show looked like it would be said, “Karl was a true profes-
fun, exciting and easy,” Kennedy said. After all he was young, sional. He personified what
had played college and semi-pro football and was still relatively we wanted in a CFE.”
fit. “It was one of the most physically exhausting things I have Flusche was a federal
ever done in my life!” agent for the Air Force Of-
He auditioned in four casting calls over 1½ years, but he fice of Special Investigations
was ready when he got the call. More than 75,000 applied for for 25 years, specializing in
season four, and he finally was in the 1 percent that made the computer systems analysis,
Karl J. Flusche, CFE
cut. Now ironically nicknamed “Sewer Rat” by the show’s pro- computer crime investiga-
ducers — he is a self-described germophobe who helps secure
tions and forensic analysis of computer systems and associated
funding for San Diego’s water and wastewater projects — he
storage media. He pioneered innovative ways for conducting
worked out frenetically for three months before the show’s tap-
forensic analysis of computer-related evidence and was credited
ing in May of last year. He ran, biked, swam, jumped rope and
in 1984 with finding the first-ever use of a computer to hide a
lifted weights. Still, after completing the qualifying run, “it must
have taken almost an hour before my heavy breathing stopped!”
During the taped competition, Kennedy fought his way to
the top six of 24 contestants in the semifinals, but he just missed “Karl was a true professional. He personified what
the final push for the $50,000 prize.
we wanted in a CFE.”
Throughout the ordeal, his family, friends and co-workers
cheered him on. Many of them, including members of his
church’s youth ministry, gathered at a pizza parlor to watch the
show last summer. He had told the church kids during his audi- suicide letter. In U.S. vs. Peri (1989), he was able to successfully
tions that he would buy a flat-screen TV, an Xbox and a “Wipeout” recover hundreds of electronically stored pages of classified war
video game for each of the three youth classrooms if he won. plans that a defecting U.S. soldier had passed on to the East
“Although I didn’t win, I didn’t have the heart to not get German Intelligence Service via electronic media — the first
them anything after they had been looking forward to celebrat- computer spy case in U.S. history.
ing with me for almost two years,” Kennedy said. So at the end His father, Don Flusche, was a sergeant with the Dallas Po-
of the viewing party he presented all those fun items for one of lice Department when Ratley was a police officer with the force.
the three classrooms. Then daughter Zaria, 11, Kennedy’s big- Ratley said Don Flusche had a profound influence on him. “Don
gest fan, led her Pop Warner cheerleading squad in a cheer. was the finest man I have ever known, and Karl was a chip off
He is not ready to retire from the punishment. He wants the old block,” said Ratley.
to appear on future all-star shows with other contestants who Karl Flusche is survived by his wife, Cindy; a son, Karl Jr.;
also did not quite make it to the finals. Kennedy definitely is and a daughter, Lorrie. He enjoyed spending time with their
not wiped out. three grandchildren, and he loved family genealogy, and stamp
— Dick Carozza and coin collecting.
64 Fraud-Magazine.com
Independent CFEs Need to Check Their
Jurisdictions on PI Licensure Laws
By James S. Peet, Ph.D., CFE
Last summer, the General Forum in the Members Only discus- • The cause or responsibility for fires, libels, losses, accidents, or
sion forums on ACFE.com contained a long conversational damage or injury to persons or to property.
stream on whether CFEs need private investigator licenses to • Evidence to be used before a court, board, officer or investiga-
conduct fraud examinations. The consensus among the discus- tive committee.
sants was a clear “maybe.” This unequivocal consensus was • Detecting the presence of electronic eavesdropping devices.
based on the private investigator licensing laws and regulations
• The truth or falsity of a statement or representation.1
applicable in the relevant jurisdictions.
The above language, which is typical of some state laws,
Most licensing laws define the activities that constitute
is quite broad, meaning that it could encompass almost any
private investigative work and state that only licensed persons
investigative profession, including the anti-fraud profession.
can engage in those activities. In the U.S., for example, private The general frameworks of state private investigation statutes,
investigator licensing is controlled by each state, and 42 states however, regulate only those who are holding themselves out as
and the District of Columbia have licensing requirements for private investigators or conducting a business to perform those
private investigators. (Alabama, Alaska, Colorado, Idaho, functions. Indeed, these statutes typically exclude those em-
Mississippi, South Dakota and Wyoming do not have statewide ployed exclusively and regularly by only one employer insofar as
licensing requirements.) their acts relate solely to the business of that employer.
Basically, in most jurisdictions, the question as to whether
an individual must be licensed as a private investigator depends DOES CONDUCTING A FRAUD EXAMINATION
on whether the individual engages in private investigative CONSTITUTE PRIVATE INVESTIGATIVE WORK?
work. And perhaps the most relevant factors in determining According to the ACFE’s 2010 Fraud Examiners Manual, a
this are how the relevant jurisdictions define “private inves- “fraud examination is a methodology for resolving fraud allega-
tigative work” (or some variation of this term, such as private tions from inception to disposition. More specifically, fraud
detective business or private investigation service) and if the in- examination involves obtaining evidence and taking state-
dividual is an employee of an entity or is independent. (Check ments, writing reports, testifying to findings, and assisting in the
out the thread “PI Licensure” in the General Forum.) detection and prevention of fraud.”
Investigative work is one of many components in a fraud
WHAT CONSTITUTES PRIVATE INVESTIGATIVE WORK? examination, but it does not include the fraud prevention com-
The definition of private investigative work can vary from state to ponent. That is, fraud examination involves activities outside
state, but generally, private investigative work involves engaging the scope of traditional types of investigative work.
in the business to, or accepting employment to, obtain or furnish While some types of private investigative work may be
information with reference to any number of matters, including: limited to reviewing data and evidence for signs of wrongdoing,
most are much more detailed. They require routine investiga-
• Crime, criminals or rleated information.
tive tasks, such as interviewing victims, witnesses and suspects,
• The identity, habits, conduct, business, occupation, honesty, and taking their statements. Typically, the private investigator
integrity, credibility, knowledge, trustworthiness, efficiency, collects evidence and maintains a chain of that evidence so that
loyalty, activity, movement, whereabouts, affiliations, a court of law will not dismiss it. The private investigator writes
associations, transactions, acts, reputation, or character detailed reports indicating the chain of events and often testifies
of any person. in court about that material.
January/February 2012 65
ACFE News
66 Fraud-Magazine.com
NOW AVAILABLE
January/February 2012 67
ACFE News
KEEP IT LEGAL
If you are an independent CFE, check with your jurisdiction’s ACFE Asia-Pacific
licensing agency and get its response in writing. Better to be
on the safe side than to have your credibility destroyed in court Conference a Hit
because you were not legal.
Useful resources for checking out U.S. private investigator The first-ever ACFE Asia-Pacific Conference held Oct. 23-25
licensing is the CrimeTime.com website linking all the state’s in Singapore was a great success, with more than 200 attendees.
licensing agencies, http://tinyurl.com/kqp6uj, and Michael Speaker highlights included Aedit Bin Abdullah,
Kessler’s website on forensic accounting licensing, chief prosecutor of both the Criminal Justice Division and the
http://tinyurl.com/86q7z3s. Attorney-General’s Chambers in Singapore; ACFE President
See the map on page 66 for those states and provinces in and CEO James D. Ratley, CFE; and Mark Steward, executive
North America that require PI licenses. director, Enforcement Division, of the Securities and Futures
Commission of Hong Kong. Attendees participated in educa-
James S. Peet, Ph.D., CFE, is an instructor at Highline tional workshops and lively panel discussions covering such
Community College in Des Moines, Wash., and principal manager topics as anti-bribery efforts and corruption enforcement.
at Peet & Associates LLC in Enumclaw, Wash. He is also a licensed “The ACFE Asia Pacific Fraud Conference in Singapore
Washington State private investigator. His email address is: was a real eye opener for me,” said Kevin Taparauskas, CFE,
jpeet@peetassociates.com. ACFE’s director of events and marketing, who also attended.
“I knew that the ACFE had loyal members in the region. But I
1
This definition was taken from the Revised Code of (the state of ) was extremely impressed with the enthusiasm of our attendees
Washington §18.165.10, the law regulating Private Investigators. Some and dedication to truly growing the profession that I witnessed.
state statutes contain language that is more vague and open-ended. For
example under Nebraksa’s statute (Neb. Rev. Stat. § 71-3201), a private I now understand why this has been our fastest-growing region
investigator is one who engages in the secret service or private policing in the world for the last several years.
business, which “shall mean and include: general investigative work, “For our part, the ACFE intends to fully support and help
non-uniformed security services, surveillance services, location of miss- facilitate ongoing growth in the Asia Pacific,” he continued.
ing persons and background checks.
2
“I announced at the conclusion of the conference that the
American Institute of CPAs. (2011). Digest of State Issues: For the CPA
Accounting Profession 2011. Retrieved from http://tinyurl.com/89bkarb. ACFE would be holding our first CFE Exam Review Course
in the area March 26-29, 2012. In addition, we are working
on a regional call center, based in Singapore, that will greatly
improve support all of our members in the Asia-Pacific region
and beyond.”
68 Fraud-Magazine.com
NEW! ONLINE SELF-STUDY
FCPA Compliance:
Creating an Effective Anti-Corruption
TAKING BACK THE ID
cont. from page 57
Compliance
the name of the student; up came 25
Program
individuals with the same name, along
with their profiles. I contacted the
student and asked him for an explana- CPE Credit: 4
tion. He said he never contacted me via Course Level: Intermediate
LinkedIn, but he had used his Gmail Prerequisite: None
account to email me throughout the
course. The only explanation I have is
that the hacker stole his Gmail account
from the LinkedIn website and used it
to capture a contact list, which included Since its enactment, the FCPA has had an enormous impact
my email address. on the way organizations around the world conduct business
The fifth suspect email included domestically and abroad. As a result, it is important for you
a message, with an embedded link,
and your company to understand the intricate and interlocking
that read, “Your LinkedIn account was
blocked due to inactivity. Please follow network of criminal and civil laws designed to combat
this link to learn more. Thank you for transnational bribery.
using LinkedIn! – The LinkedIn Team.”
I do not have a LinkedIn account,
FCPA Compliance provides relevant information on the current
so I can only assume it was another
fraudster’s attempt to install the ZenuS legal and regulatory framework of the government’s efforts to
malware on my computer. If you receive combat bribery in international trade. More specifically, this
a similar message, do not click on the course provides an overview of the FCPA and other international
embedded link. If you know the indi- anti-corruption initiatives, advises how companies can establish
vidual, contact that person to see if he
compliance programs to detect and minimize violations of law
or she sent it, and if they did not, alert
LinkedIn. I am sure that LinkedIn is and examines bribery risk assessments.
doing an excellent job trying to prevent
this type of fraud. However, its website is
a gold mine of personal information for
fraudsters to exploit with their schemes. What you will learn:
MORE FOR THE COMMUNITY tThe principal components of the FCPA
To help prevent identity theft, share
these scams with your friends, family and t14 essential elements of an effective compliance
colleagues. Contact me if you have any program
identity theft issues that I might be able to tCreating an FCPA Risk Assessment
research and report back. Stay tuned!
tThe 7 core risk factors of FCPA
Robert E. Holtfreter, Ph.D., CFE,
CICA, is distinguished professor of ac-
counting and research at Central Washing-
ton University in Ellensburg, Wash. His Order your course today at ACFE.com/compliance.
email address is: holtfret@cwu.edu.
January/February 2012 69
CPE QUIZ No. 100 (Vol. 27, No. 1)
1. According to the opening case in the article, “Fraud in Houses 6. According to the article, “The 10 Tell-Tale Signs of Deception”:
of Worship,” the perpetrator: a. Deceptive people often use language that maximizes
a. Was a former youth minister. references to themselves.
b. Had been defrauding the 2,000-member church for 36 b. In oral statements and informal written statements, deceptive
months. witnesses never omit self-referencing pronouns.
c. Was in financial trouble. c. Truthful people usually describe historical events in the past tense.
d. Admitted everything in a teary confession. d. Deceptive people never refer to past events as if the events
were occurring in the present.
2. According to the opening case in the article, “Fraud in Houses
of Worship,” the perpetrator had been defrauding the church by: 7. According to the article, “Overachieving Fraud Wolves in
a. Writing herself duplicate paychecks. Sheep’s Clothing,” the author in the case:
c. Taking out credit card accounts in the church name. b. Zeroed in on the accused employees because the tipster had
provided specific details of the alleged fraud conduct.
d. All of the above.
c. Expanded the investigation to several previous months and
increased the sampling of calls and accounts.
3. According to the KU ticket scandal case in the article, “Fraud in
Collegiate Athletics”: d. After reviewing consumer complaints, he found questionable
conduct.
a. Ticket sales amounted to more than $2.5 million at face
value and could range as high as $3.7 million in market
value. 8. According to the article, “Overachieving Fraud Wolves in
Sheep’s Clothing, ” CFEs are trained to focus their sights on the
b. Athletic department members did not improperly use or resell business resources, processes, procedures, employee activities
complimentary tickets reserved only for charitable organizations. and personnel to detect the potential for, and existence of, the
c. Evidence suggested that several coaches were involved in the fraud triangle factors.
schemes. a. True.
d. The culprits concealed these thefts by simply charging tickets b. False.
to fictitious accounts and not recording the ultimate recipients.
9. According to the article, “Breaking Breach Secrecy, Part 3”:
4. According to the article, “Fraud in Collegiate Athletics”:
a. Organizations and individuals who do a horrible job
a. Part of the difficulty in dealing with ticket sale frauds in protecting personal data, of course, create conditions that
college athletics is that the sheer volume of money invites theft. lead to the majority of data breaches.
b. The U.S. Equity in Athletics Disclosure Act requires colleges to b. The PRCH describes itself as a “for-profit consumer education
file annual reports with the U.S. Department of Intercollegiate and advocacy project.”
Sports.
c. The PRCH defines unintended disclosure as electronic entry
c. Frequently, two individuals control the daily financial by an outside party.
management of an athletic department.
d. For the past seven years, the Verizon Business Risk Team has
d. Winning often contributes to sound financial management. prepared the Data Breach Summary Research Report.
5. According to the article, “The 10 Tell-Tale Signs of Deception,” 10. According to the Holtfreter/Harrington Data Breach Analysis
linguistic text analysis involves studying the language, grammar Report, described in the article, “Breaking Breach Secrecy, Part 3”:
and syntax a subject used to describe an event to detect any
anomalies. a. Few individuals believe that the majority of compromised
records and related breaches are externally driven.
a. True.
b. Internal hackers caused more of the compromised records.
b. False.
c. The results strongly indicate that the organizations
experiencing these data breaches lack strong comprehensive
data protection programs.
d. Thirty-eight percent of the total breaches result from the
internal “improper protection and disposal of data.”
Name
Circle the correct answers and mail to the ACFE with four other completed quizzes
published within the last 24 months and the CPE Quiz Payment Form (see next page). ACFE Member No.
Fraud Magazine CPE Quiz Payment Form
3 EASY
1 READ the feature articles and columns in any five issues of Fraud
Magazine published within the last 24 months.
STEPS: 2 CIRCLE the correct answers to the quizzes in the back of the issues.
PLEASE NOTE: The Fraud Magazine CPE Service CPE credits apply only
to the CFE status and not to any other professional designations. Fraud
Magazine CPE Service is not registered with the National Association of
State Board of Accountancy (NASBA).
3 REGISTER by completing the form below and mailing or faxing in your $69
fee and five quizzes together.
Once you’ve passed all five quizzes (with a score of 70% or better on each quiz), the ACFE will e-mail you a certificate
of completion. You will receive 10 of the 20 hours of CPE credit required annually to maintain your CFE credential.
T YES! I want to register for the Fraud Magazine CPE Service to earn 10 hours of CPE for only $69. I have enclosed
payment along with my five quizzes.
Name, first and last (TDr. TMr. TMrs. TMs.) Certified Fraud Examiner? TYes (if yes, member #) TNo Other designations (CPA, etc.)
Company Title
Local Chapter E-Mail Address (THome TWork) TSend me your FREE FraudInfo e-newsletter
METHOD OF PAYMENT
TCharge my (check one). Cards charged in U.S. dollars. Name on Card Card Number
Billing Address
Signature
January
sun mon tues wed thurs fri sat
22 23 24 25 26 27 28
February
29 30 31 1 2 3 4
Investigating
Conflicts of Fraud Risk Management:
Interest: Los Angeles, CA
Los Angeles, CA
5 6 7 8 9 10 11
12 13 14 15 16 17 18
March
26 27 28 29 1 2 3
Fraud
Interviewing Techniques for Auditors: Prevention: Money Laundering: Tracing Illicit
Ft. Lauderdale, FL Funds: Baltimore, MD
Baltimore, MD
Legal Elements
of Fraud Conducting Internal Investigations:
Examination: Charlotte, NC
Charlotte, NC
4 5 6 7 8 9 10
Fraud Related
Compliance: Healthcare Fraud:
Louisville, KY Louisville, KY
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
6 7 8 9 10 11 12
Mortgage Fraud:
Combo Event Savings
Digital Forensics Tools & Techniques: San Diego, CA
Chicago, IL
Register to attend two
events being held
Professional Interviewing Skills: consecutively in select
Providence, RI
cities and receive $100
in savings! Combo
June events are designated
with this icon:
17 18 19 20 21 22 23
Group Savings
23rd Annual Fraud Conference & Exhibition: Orlando, FL
Select the event that
best suits the learning
July needs of your group.
Gather a team of at
22 23 24 25 26 27 28 least three or more
individuals to register
Interviewing Techniques for Auditors:
Denver, CO together. Call the ACFE
at (800) 245-3321 or
CFE Exam Review Course: Boston, MA +1 (512) 478-9000 to
determine your savings.
August
5 6 7 8 9 10 11
Fraud Related
Compliance: Auditing for Internal Fraud: Professional Interviewing Skills:
New York, NY New York, NY San Francisco, CA
12 13 14 15 16 17 19
26 27 28 29 30 31 1
Scan the QR code* with your mobile device to view a brief customer
video or visit sas.com/bankfraud for the complete success story video.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S76016US.0711