Fraud prevention and detection – focus on the technological trend
February 2017 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
How much loss could fraud cause? According to a report from the Association of Certified Fraud Examiners (ACFE), which contains an analysis of 2410 cases from January 2014 to October 2015, it is estimated that fraud could cause losses totalling 5 percent of the annual revenue of an organisation (ACFE, Report to the Nations, 2016 Global Fraud Study). Additionally, from the perspective of organisations’ sustainable operation, there is a high possibility that their reputation could suffer from fraud. Despite this astonishing figure and potential reputational damage, companies still fail to appreciate the importance of establishing a sound fraud prevention and detection policy. For practical reasons, companies show indifference due to compliance costs and the naive attitude that fraud will never affect them. This financial strategy and careless view ensure that fraud continues.
The structure of a sound fraud prevention policy
By virtue of preventive measures incorporated into organisations’ management policies, fraud risks could be better controlled to some extent. But how can organisations establish a sound and comprehensive fraud management policy? From an internal control perspective, the 2013 Committee of Sponsoring Organizations of Treadway Commission (COSO) Framework’s five components (COSO, Fraud Risk Management Guide, September 2016), which consist of control environment, risk assessment, control activities, information and communication and monitoring activities, could be utilised as the whole structure for establishing fraud management procedures.
For further explanation, boards of directors and senior managers should possess high integrity and enshrine this attitude as a company priority for all employees. In addition, pursuant to different industrial environments and individual conditions, each organisation should assess exhaustive fraud risks (no matter the size) and endeavour to mitigate those risks via related control methods. Moreover, the cross-departments communication process should be established to demonstrate managers’ determination and take corrective actions (whether rewarding tiptsers or punishing fraudsters) in a timely manner. Companies should then evaluate the management process periodically to ensure its effectiveness and accountability. Those procedures are merely in skeleton form and prone to paperworks, so the reasons fraudsters commit crimes must also be considered when refining the management policy.
In this regard, companies should understand the theory of the fraud triangle originated by Donald Cressey, which consists of three components: pressure, opportunity and rationalisation. Empirically, people who face financial or emotional conundrums are inclined to engage in irrational behaviours, which usually lead to fraud. Senior managers, in particular members of the HR department, should try to learn if there are any employees trapped in these situations and, accordingly, enact rules such as rotation or compulsory vacation. Furthermore, companies should rigorously examine any flaws that exist in their operational cycles, for example, sales or manufacturing cycles, which facilitate employee fraud. For example, do companies implement segregation of duties appropriately? As for the component of rationalisation, this is purely people’s subjective thoughts and is difficult to determine. Nevertheless, companies could review policies on employee promotion and personal development to check for any unfairness.
The importance of fraud detection and related technology
Along with precautionary, well-designed fraud prevention procedures, once fraud occurs, how companies can detect it promptly and efficiently is also of great importance. With financial statement fraud for example, when investigators dedicate themselves to probing for suspicious transactions or activities, they traditionally perform inspections on every voucher and invoice of every transaction. If the quantity of transactions is too large for them to tackle, they usually choose an alternative method: a selective check based on the filtered importance threshold. However, there is still a possibility that fraudulent transactions remain undiscovered since the checks are selective, not comprehensive. Thanks to the evolution of technology, investigators can now conduct a thorough and complete audit of entire populations of transactions in a relatively short period.
So how can technology improve the efficiency of the fraud detection process? As previously illustrated, a full and detailed examination can now be achieved via data analysis. Additionally, technology could be integrated into the fraud investigation process. In our experience, once fraud is discovered, the first step was to build a basic background information understanding. In this aspect, it is necessary to comprehend a fraudster’s relatives and close friends to establish his or her interpersonal relationships, then try to clarify the accomplice network. The prevalence of mobile phones and social networking apps such as Facebook, Twitter, WeChat, Instagram and WhatsApp provides investigators with a great opportunity to observe fraudsters’ interests, lifestyle and characteristics. In addition, social networking analysis tools, like NodeXL, SVAT, Gephi, etc., could be deployed to achieve the same goal.
At the next stage, it is critical to work out a fraudster’s motives for crime. Is it for love, hatred, money or fairness? Once the reasons behind illegal behaviours are recognised, it is not difficult to envisage why and how criminal activity is carried out. Similarly, social networking analysis tools and communication records could be adapted to accomplish this aim. Patterns of illicit behaviour also need to be grappled with. In this aspect, it is useful to compare different data across different periods to identify anomalies. For instance, the fact that new suppliers involved with the suspicious transactions are never presented in the company’s client master data is a warning sign.
Evidence of specific or unprecedented accounting subjects, such as temporary payments or account receivables factoring, are also red flags. Those anomalies could be identified via several data analysis tools like SAP, CaseWare IDEA, etc.
Another investigative phase is to appropriately and legitimately collect evidence. In a digital world, almost all data is stored on electronic devices, such as cellphones, computers, servers, cloud systems, etc. Thus, it is vital to gather digital evidence through proper devices to prevent them from being polluted, which might result in them being unable to be presented in court. In this regard, forensic tools such as Encase, FTK or Helix are certified and commonly employed by investigators.
Lastly, it is requisite to summarise all the information and make an interpretation – a task which is traditionally completed by investigators. With the development of computer technology, some programmes, such as Qlik or Tableau, could be applied to comprehensively display trends and variables, so that the whole story can be seen.
Fraud can indeed cause great damage to companies – both financially and reputationally. However, with the assistance of sound and complete fraud prevention and management procedures, the possibility of fraud can be reduced to a certain extent. In addition, through efficient fraud detection methods, particularly the aforementioned technologies, not only can losses be reduced instantly, but a company can also demonstrate its fraud-resolving determination to society. Only when preventive measures and post-response actions complement each other can fraud risks be effectively deterred and controlled.
Kuo Ming Huang is an associate at Jones Day. He can be contacted on +886 (0)27 712 3390 or by email:firstname.lastname@example.org.
© Financier Worldwide
Kuo Ming Huang