August 1999

AUDITING

COMPUTER-ASSISTED TECHNIQUES FOR FRAUD DETECTION

By David Coderre

Computer technology gives auditors a new set of techniques for examining the automated business environment. In fact, the detection of fraud is a perfect application for computer-assisted audit tools and techniques (CAATTs).

As early as 1982 CAATTs was a powerful audit tool for detecting financial errors. In recent years, analytical techniques have become not only more powerful but also more widely used by auditors. But it is only in the last 10 years that the use of computer-assisted tools and auditing techniques has become standard practice. Audit software permits auditors to obtain a quick overview of the business operations and drill down into the details of specific areas of interest. The audit program can also be extended to perform a 100% verification of certain transactions and a recalculation of important ratios and figures.

Audit software can highlight those individual transactions that contain characteristics often associated with fraudulent activity. With audit software, millions of files can be examined, previous years' data can be used to identify anomalies, and comparisons can be made between different locations. Also, computer-based data analysis tools can prove invaluable when addressing suspected fraud situations.

The techniques and types of data interrogations in modern audit software are almost unlimited. For example, audit software has many commands that support the auditor's requirement to review transactions for fraud such as the existence of duplicate transactions, missing transactions, and anomalies. Some examples of these commands include--

* comparing employee addresses with vendor addresses to identify employees that are also vendors;

* searching for duplicate check numbers to find photocopies of company checks;

* searching for vendors with post office boxes for addresses;

* analyzing the sequence of all transactions to identify missing checks or invoices;

* identifying vendors with more than one vendor code or more than one mailing address;

* finding several vendors with the same mailing address; and

* sorting payments by amount to identify transactions that fall just under financial control on contract limits.

Audit software can be used to interrogate a company's data files and identify data patterns associated with fraud. Patterns such as negative entries in inventory received fields, voided transactions followed by "No Sale," or a high percentage of returned items may indicate fraudulent activity. Auditors can use these data patterns to develop a "fraud profile" early in their review of operations. The patterns can function as auditor-specified criteria; and transactions fitting the fraud profile can trigger auditor reviews. Systems can even be built to monitor transactions on an ongoing basis. Continuous monitoring is a proactive approach to the early detection of fraud.

Computerized techniques and interactive software can help auditors focus their efforts on the areas of greatest risk. Auditors can choose to exclude low risk transactions from their review and to focus on those transactions that contain a higher probability of fraud.

Audit software also provides auditors with the ability to extract information from several files, with different database management systems, in order to search for underlying patterns or relationships among data. For example, reviewing data from the accounts payable and the contracting databases may reveal a concentration of contracts with one vendor all initiated by the same contracting officer, leading to concerns about possible kickbacks.

Today's audit software makes "what if" analysis easy to formulate and perform. Auditors can form an initial hypothesis, test that hypothesis, and revise it as necessary based on the results of interactive analyses.

Computerized techniques can assist the auditor in identifying symptoms early in the life of a fraud. This will serve to reduce the negative impact of many frauds--before millions of dollars are lost or goodwill is destroyed. Automated routines that monitor key symptoms and track trends can be a major deterrent of fraud, preventing some fraudulent activities and identifying fraud almost as soon as it occurs.

Fraud Detection Using Digital Analysis

A growing area of fraud prevention and detection involves the examination of patterns in data. The rationale is that unexpected patterns can be symptoms of fraud. A simple example of the application of this technique is a search for duplicate transactions, such as identical invoice or vendor numbers for the same amount.

The existence of duplicates would be an unexpected pattern in the data and indicate possible fraud.

Another simple digital analysis technique is to search for invoices with even dollar amounts, such as $200.00 or $5,000.00. The existence of particular even amounts may be a symptom of fraud and should be examined.

Case Study: Even Amounts

Travel expenses had always been a concern for the auditors of X Company since it was an area where the controls were weak. Employees had a maximum per diem rate when traveling but had to submit receipts to cover the actual expenses. Maximums were also established for meals: breakfast $10.00, lunch $20.00, dinner $30.00, and hotel lodging $100.00. The auditors configured the audit software to identify meal expenses that were multiples of $10.00. These transactions were compared to receipts to ensure that the amounts expensed were appropriate. A detailed review determined that many travelers were charging the maximum rates for meals even though their receipts did not justify the amounts.

Ratio Analysis

Another useful fraud detection technique is the calculation of data analysis ratios for key numeric fields. Like financial ratios that give indications of the financial health of a company, data analysis ratios report on the fraud health by identifying possible symptoms of fraud. Three commonly employed ratios are--

* the ratio of the highest value to the lowest value (max/min);

* the ratio of the highest value to the second highest value (max/max2); and

* the ratio of the current year to the previous year.

For example, auditors concerned about prices customers were being charged for products could calculate the ratio of the maximum sales price to the minimum sales price for each product. If the ratio is close to 1.0, they can be sure that there is little variance between the highest and lowest prices charged to customers. However, if the ratio is large this could indicate that a customer was being charged too much or too little for the product.

In Exhibit 1, there is a large difference between the minimum and maximum prices of Product 1 (ratio of 1.85); whereas there is a small variance in the prices of Product 2 (ratio of 1.01). The auditor may wish to examine the transactions for the customers charged $235 and $127 for Product 1 to ensure the proper pricing was used.

The ratio of the maximum value to the second highest value can also highlight possible frauds. In Exhibit 2, the large ratio for purchases made by XYZ Corp. could indicate an anomaly in the data.

A large ratio indicates that the maximum value is significantly larger than the second highest value. Companies with max/max2 ratios of 5.0 or higher would be of interest to auditors and fraud examiners because they represent a significant deviation from the norm. This is particularly true if a company has a large number of transactions within a small dollar range, except for the maximum amount. For example, a suspicious pattern would be 100 transactions, 99 of which are between $1,000 and $2,000, with the highest at $12,000 (a max/max2 ratio of 6.0).

Case Study: Doctored Bills

The auditors reviewed the patient billing system at Company Y to determine if the appropriate charges were being assessed by health care providers. An initial analysis of the data was performed to calculate the ratio of the highest and lowest charges for each procedure. A judgment was made that procedures with a max/min ratio of greater than 1.30 be noted and subjected to additional review.

For a particular quarter, three procedures had ratios higher than 1.30, the highest being 1.42. A filter was used to identify the records related to the three procedures in question, and additional analysis was performed. This quickly determined that one doctor was charging significantly more than the other doctors for the same procedures. A comparison of charges from the billing system with payments in the accounts receivable system revealed that the doctor was skimming off the patient payments. The amount recorded in the receivable system was in line with the usual billing amount for the procedures. The doctor was unable to justify the higher prices or explain the difference in the billing and the receivable systems.

The third ratio compares data from different years, departments or operating areas, and the like. For example, the ratio of last year's purchases to current year's purchases for each supplier can point to symptoms of fraud such as kickbacks in the contracting section. If the total purchases from a supplier has gone from $100,000 to $400,000--a ratio of 4.0--further analysis may be in order.

Case Study: Contracting Kickbacks

Johnathan, one of the contracting officers, had devised a great win/win kickback scheme. The auditors decided to use digital analysis as part of their review of the contracting section. One of the analyses calculated the total contract amount by supplier for each of the past two years. A ratio of current year to previous year was calculated and the minimum, maximum, average, and highest and lowest five ratios were displayed. While the average was close to 1.0, the highest and lowest five values showed that some companies had significant decreases in business, while others had experienced significant increases in business.

The auditors reviewed the details of all companies that had a ratio of less than 0.7 or more than 1.30. Totals were calculated by a contracting officer. For companies with an increase in business, the results revealed that Johnathan had raised many of the contracts. In comparison, Johnathan had raised no contracts with the companies that had seen a decrease in business. The auditors learned of Johnathan's kickback scheme when they interviewed salesmen from the companies that had ratios less than 0.7. Interviews with salesmen from the firms that had increased sales by 1.30 or more added credence to the fraud accusations. Both groups of salesmen said that they were told they would only get business if they paid Johnathan a kickback.

Benford's Law

More advanced techniques take data analysis to another level, examining the actual frequency of the digits in the data. Benford's Law, developed by Frank Benford in the 1920s, predicts the occurrence of digits in data. Benford's Law concludes that the first digit in a large population of transactions (10,000 plus) will most often be a 1. Less frequently will the first digit be a 2; even less frequently a 3. Benford calculated the occurrence of each numeral appearing as the first digit and found that it decreased inversely with its value. As seen in Exhibit 3, the first digit will be a 1 about 30% of the time, whereas 9 only has an expected frequency of about five percent as the first digit.

Benford's Law calculates the expected frequencies (rounded to three decimal places) for first and second digits as shown in Exhibit 3.

However, not all data will have distributions as predicted by Benford's Law. Sometimes there is valid rationale for certain numbers occurring more frequently than expected. For example, if a company sends a large amount of correspondence via courier, and the cost is a standard rate ($6.12) for sending a package of under one pound, then the first digit (6) or the first two digits (61) may occur more often than predicted by Benford's Law. Guidelines for determining whether the data will comply to Benford's Law include the following:

* There should be no set maximum or minimum,

* There should be no price break points (e.g., a $6.12 standard rate for all packages under one pound), and

* The numbers should not be assigned (i.e., policy numbers or Social Security numbers).

Given Benford's Law, we would expect that valid, unaltered data will follow the predicted frequencies. Data that meets the above criteria but fails to follow the expected frequencies may include fraudulent items.

An analysis of the frequency distribution of the first or second digits can detect abnormal patterns in the data and may identify possible fraud. An even more focused test can be used to examine the frequency distribution of the first two digits (FTD). The formula for the expected frequencies is:

Expected FTD Frequency = log(1+1/FTD)

Therefore, the expected frequency of 13 is log(1+1/13). The expected frequencies range from 0.041 for 10, to 0.004 for 99.

Some audit software programs can be used to determine the frequency distribution for first digits, first two digits, and second digits.

Case Study: Signing Authority

The auditors for Z Company were investigating possible fraud in the contracting section, where thousands of contracts were raised every month. They used Benford's Law to examine the first two digits of the contract amount. The results of their analysis revealed that the digits 49 were in the data more often than expected.

Classifying on the contracting officer for all contracts with 49 as the first two digits determined that the contracting manager was raising contracts for $49,000­$49,999 to avoid contracting regulations. Contracts under $50,000 could be sole-sourced; contracts greater than $50,000 had to be submitted to the bidding process. He was raising contracts just under the financial limit and directing them to a company owned by his wife. *

This article is derived by David Coderre from his book Fraud Detection: Using Data Analysis Techniques to Detect Fraud, published by Global Audit Publications (GAP). It can be purchased for $65 from (877) 225-4277, or outside of North America from (604) 646-4241.

Editor:
Paul D. Warner, PhD, CPA
Hofstra University

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.