By Thomas A. Buckhoff and James D. Hansen
In Brief
Ask the Right Questions, Interpret the Answers
The increasing opportunity for employee fraud is a significant problem for all businesses. Fraud is often discovered through tips or complaints from individuals—most employees are willing to reveal fraud if asked the right questions. Fraud assessment questioning (FAQ) is a technique that CPAs can use to uncover problems and determine where to start looking for fraud.
The authors provide sample fraud assessment questions and advice on how to interpret employee responses—both verbal and nonverbal. If properly utilized, FAQ not only can uncover the suspected fraudster, but it can identify other high-risk individuals, expose internal control weakness, and build a perception of detection that contributes significantly to a fraud-free environment.
The complexity of business transactions and information systems has created increased opportunity for employee fraud. A 1998 KPMG survey suggests that some employees are taking advantage of these opportunities, resulting in a median loss of $116,000 per incident. As awareness has increased, businesses have engaged CPAs as fraud investigators. The likelihood of detecting fraud increases if the CPA is adept in asking relevant questions and understanding the responses. The interviewing technique known as fraud assessment questioning (FAQ) can help bring an investigation to a successful conclusion.
The Fraud Interview
According to R.L. Gorden’s Basic Interviewing Skills, an interview can be categorized into two phases: planning and doing. In the planning phase, the interviewer formulates relevant questions, words the questions to motivate responses, and establishes a communicative atmosphere. In the doing phase, the interviewer delivers the questions, paying close attention to nonverbal factors such as eye contact, tone of voice, pacing, and the respondent’s willingness to answer.
The interviewer should actively pay attention to both verbal and nonverbal (tone of voice, silences, pacing) aspects of speech. The interviewer should also observe the respondent’s body language (posture, movement of hands and feet, facial expressions, and eye movement) and discrepancies between verbal and nonverbal messages. Each response should be recorded and evaluated: Is it relevant, valid, and complete? If a response is inadequate, the interviewer must probe further and improve it. FAQ is based on the assumption that lying is unnatural.
Interviewing skills involve a high-order combination of observation, empathic sensitivity, and intellectual judgment. According to J.T. Wells in “Fraud Assessment Questioning” (The Internal Auditor, vol. 49, no. 4), a good interviewer can structure questions so that the individual being questioned is not even aware of the significance of the information being provided. By incorporating basic interviewing skills with the FAQ technique, a CPA can effectively gather information to assess the risk of fraud.
FAQ is a nonaccusatory, structured interview method designed to elicit information about potential fraud. It benefits the CPA in at least four ways: First, an effective method for detecting fraud is to simply ask about it. Research has shown that frauds are most commonly discovered through tips or complaints. Employees that are aware of fraud are usually willing to communicate what they know if specifically asked about it. Second, FAQ solicits information about how someone would go about stealing from the organization, identifying internal control deficiencies that can then be investigated to determine whether they have already been exploited. Third, FAQ responses can help identify high-risk employees. CPAs can then review those areas in which high-risk employees have significant responsibilities and the opportunity to commit fraud. Finally, many fraud experts contend that the perception of detection is the strongest deterrent to fraud—employees that think they will get caught rarely commit fraud. Asking all employees about fraud increases this perception and is, therefore, an effective fraud prevention device.
Example
The owner of a medium-sized construction company received a tip from a disgruntled spouse that Steve—a highly trusted, upper-level project manager—had an ownership interest in two of the company’s vendors. The owner engaged an independent CPA who was also a certified fraud examiner (CFE) to conduct a review of the vendors in question. The review revealed that the vendors’ addresses were post office boxes, no phone numbers were listed on the invoices, no taxpayer identification numbers were on file, and neither of the vendors was listed in the phone book.
Payments made to the two vendors totaled $65,000. Steve, who was also a close personal friend of the owner, had approved the payments. A search of local business registrations revealed that both vendors had indeed been created by Steve. Steve was confronted with the evidence in a four-hour interview during which he ultimately admitted that he had embezzled the $65,000 by means of a fictitious vendor scheme. Steve was immediately terminated and the company filed an employee dishonesty insurance claim with its insurance provider. The documentary evidence and Steve’s signed statement of confession were turned over to law enforcement for prosecution. Steve pleaded guilty and was convicted of theft by deception, a class B felony.
In the aftermath of the investigation, the company’s owner wanted to know: 1) whether Steve’s fictitious vendor scheme was an isolated incident or whether other fraudulent activities were being perpetrated against the company, and 2) which, if any, employees were the likely perpetrators. The CPA then developed 10 assessment questions to provide the owner with the requested information. The questions were framed so as not to directly accuse the interviewee of fraud. All employees were notified that they were to meet individually with the CPA to answer some questions.
Sample Questions
Before asking fraud assessment questions, the CPA should first establish a rapport with the interviewee by asking about job titles, areas of responsibility, specific duties, and length of employment. This initial phase of the interview helps the employee become comfortable with the interview environment, and allows the interviewer to observe the employee’s normal verbal and nonverbal reactions, a process called calibration. It establishes a baseline from which deception can be detected through significant changes in verbal and nonverbal reactions. After the employee is comfortable and calibrated, the interviewer can move on to the fraud assessment questions:
Question No. 1: The project I am working on relates to the prevention and detection of fraud. The owner has asked me to make a diligent inquiry about potential misdeeds by management and employees. Do you understand that?
This question conveys the purpose of the interview. A “yes” indicates the interviewee accepts the premise of the interview and is willing to answer questions about possible fraud within the company. Should the response be “no,” the purpose of the interview should be reexplained until the interviewee understands it.
Question No. 2: When we talk about fraud in business, we are talking about a big area. We’re not talking about taking a pen or making a few photocopies. Rather, we are talking about a whole range of activities where employees steal from the company, lie to management, or take unfair advantage of the company. Do you think fraud is a problem for business in general?
This question helps identify higher fraud risk employees who—if given the opportunity—might defraud the company in some way. A “yes” indicates general agreement that fraud is a problem in business today. A “no” indicates either ignorance or denial of the fraud problem. Negative responses are often associated with individuals engaged in fraud, individuals who would be uncomfortable with this line of questioning and would like it to end.
Question No. 3: Do you think this company has a problem with fraud?
This question can help uncover fraudulent activity as well as identify high fraud risk employees. A “yes” indicates the employee has specific knowledge of fraud within the company and should be questioned further about it. A “no” either indicates genuine belief or—as in Question No. 2—denial of the problem. Negative responses tend to be associated with those engaged in fraud. Because the pattern of questioning is moving from the general to the specific, the interviewee may now think that she will eventually be accused directly and therefore will try to terminate the interview as soon as possible.
Question No. 4: If employees or managers are stealing from this company, why do you think they do it?
An honest person is likely to respond that the perpetrator must be either dishonest or greedy and will not rationalize or minimize the problem. Someone engaged in fraud tends to minimize the act with rationalizations such as “the employee must have been underpaid or underappreciated” or “everybody does it.” In response to this question, a dishonest person will sometimes declare, “How should I know, I didn’t do it.” Such emphatic denials offered without provocation indicate a high-risk employee whose areas of responsibility should be carefully, but discreetly, reviewed for fraud.
Question No. 5: Frequently, small thefts by employees can add up to a lot of money. If you knew another employee was stealing from the company, what would you do?
This question can help determine whether employees are familiar with company policy—assuming one exists—for reporting fraud. Honest individuals are generally willing to report fraud if they think they will be believed and if there is a policy for communicating that information. Otherwise, they might say they would do nothing. Dishonest persons, however, are unlikely to report fraudulent activity under any circumstances.
Question No. 6: Do you know of anyone who might be stealing or taking advantage of the company?
This question provides interviewees the opportunity to expose any fraud within the company. In addition, it increases the perception of detection because prospective fraudsters might think other employees would implicate them. Both honest individuals and fraudsters will be reluctant to implicate those engaged in fraud. A dishonest person will quickly respond “no”; an honest person, however, will generally hesitate, either to think of someone or to decide whether they want to implicate the fraudster. Generally, the honest person with knowledge of fraudulent activity can eventually be persuaded to implicate others, whereas the fraudster will often refuse to implicate others, regardless of the pressure applied by the interviewer. One final point to consider: There are generally honest individuals within every organization that are genuinely unaware of fraud that exists.
Question No. 7: Suppose someone who worked at the company decided to steal or commit fraud. How could they do it and get away with it?
This question is designed to identify internal control deficiencies within the company. An honest person will generally offer ideas on how fraud could successfully be accomplished. Individuals engaged in fraud tend not to offer any specific ideas, however, for fear of being discovered. Instead, they tend to give nonspecific answers such as “They would catch you if you stole” or “Anybody could steal anything around here and nobody would know.”
Question No. 8: In your opinion, who is beyond suspicion when it comes to committing fraud at this company?
In general, honest persons will not be reluctant to eliminate possible suspects. In contrast, those engaged in fraud tend not to narrow the list, preferring that the circle of suspicion be as wide as possible. Sometimes they will even issue a denial such as “It wasn’t me.” Such denials to nonaccusatory questions can indicate a high-risk employee.
Question No. 9: Did you ever think about stealing from the company, even though you didn’t go through with it?
Most honest employees have probably thought about committing fraud but then did not go through with it. Dishonest individuals will quickly and emphatically reply “no.” Frequently, dishonest persons will attempt to increase the credibility of their denials with such phrases as “Absolutely not” or “To tell you the truth, no.” An individual answering honestly does not need to increase the credibility of their denials. A “no” response does not necessarily mean that the interviewee is engaged in fraudulent activity; it simply means that the question was most likely not answered truthfully.
Question No. 10: Is there any other information you wish to furnish regarding any possible fraud within this company?
This question allows the interviewee a final chance to provide information about possible fraud within the company. An honest person generally will hesitate while considering the question whereas the dishonest person will quickly respond “no.” Hesitation combined with certain body language (e.g., shifting positions, crossing arms or legs) can indicate the interviewee has information but is reluctant to share it. With enough encouragement, honest individuals can generally be persuaded to divulge information about possible fraud. After the interviewee has provided all the information she is willing to provide, the CPA should end the interview on a positive note and thank the interviewee for taking time to help with the project.
FAQ’s Limitations
When conducting fraud assessment interviews, the CPA should remember that FAQ is an art, not a science. Honest persons tend to respond in certain ways and dishonest persons tend to respond in certain ways. Someone is not necessarily a fraudster because he responds to a single question in a manner consistent with dishonest responses; however, if an employee responds to multiple questions this way, his areas of responsibility should be discreetly reviewed for fraud.
When attempting to identify high-risk employees, interviewees should be evaluated by both their verbal and nonverbal communication. Additional information about nonverbal forms of deception can be obtained from a variety of sources, including: Fraud Examiners Manual, 3rd ed. (Association of Certified Fraud Examiners) and Non-Verbal Communication: The Unspoken Dialogue (McGraw-Hill, Inc.).
In the example discussed above, the information obtained from the interviews provided the CPA and the company with a wealth of valuable information. First, the employees interviewed did not indicate that major fraud was prevalent, making it likely that the fictitious vendor scheme was an isolated incident. Second, the CPA identified two moderate-risk employees and one high-risk employee; their respective areas of responsibility were then discreetly reviewed for fraudulent activity. Third, the interviews uncovered several serious internal control deficiencies which were corrected. Finally, the handling of this situation greatly increased the perception of detection amongst all employees. They knew what had happened to Steve and could tell from the interviews that the company was serious about maintaining a fraud-free working environment. This perception of detection can be highly effective in preventing fraud in the workplace.
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.