Five-Step Approach to Fraud Detection: #4 Build Audit Programs/Detective Processes to Look for Symptoms

The "Five-Step Approach to Fraud Detection" is a strategy I use to detect fraud in any area, and a template I provide to company executives and managers when helping them establish control systems design to detect frauds in their day-to-day operations. In this article, we will discuss building detective processes in audit programs and processes to discover symptoms of fraud.

Here is the Five-Step Approach:

1. Know the Exposures
2. Know the Symptoms of Occurrence
3. Be Alert for Symptoms and Behavior Indicators
4. Build Audit Programs/Detective Processes To Look for Symptoms
5. Follow Through on All Symptoms Observed

In my previous articles of this series, I have discussed the importance of understanding fraud exposures and symptoms of occurrence, not just for auditors, but also for finance and accounting managers seeking to prevent unnecessary losses in their areas of operation. Once you understand the risks, then it is time to look for those symptoms.

Most auditors do not include fraud detection steps in their audit programs, either because they have been taught it is not the auditor's job to find fraud, or because their programs are so loaded with tests of controls that they feel it would be too time-consuming to add procedures to look for double endorsements on the backs of checks, or use data mining to locate the one bank account with 17 electronic paycheck transfers into it every 2 weeks.

For auditors to find fraud, it is essential to include symptom detection in their audit programs. Symptoms are not control weaknesses: just because a check lacks a proper signature does not mean the check is fraudulent. On the other hand, every fraudulent disbursement or expense report I have seen in my career had an approval signature on it. So audit programs which ask the auditor to seek approval signatures are woefully inadequate in their ability to direct an auditor toward fraud.

If you manage an operational or finance/accounting unit, then you can structure an environment hostile to fraud by designing processes to detect fraud symptoms. Managers generally understand how to establish preventative controls: approval signatures for checks over a certain amount, requiring original receipts on expense reports, three-way matching approved purchase orders to invoices to packing slips. But managers often overlook processes to detect frauds after the perpetrator has run the gauntlet of front-end controls. It is like a rancher who builds a fence around his livestock but has no way to catch the thief who has jumped the barrier.

For those auditors and managers who believe their budgets cannot handle extra detective procedures, I would advise them to scan their normal procedures, determine which have generally been ineffective, and replace those with more effective detection procedures.

Following are some audit tests/detective processes designed to catch the symptoms discussed in the previous article.

• Show up at odd hours to a department that is reporting high overtime or payroll expenses coming in over budget; observe whether people are present performing work and compare that to the hours they report.
• Review time reports for trends of steady, upward increases in overtime, particularly where there is no corresponding increase in output or sales.
• On construction projects that contain a right to audit clause in the contract, visit the vendor site and review documentation for all indirect expenses which exceed a reasonable percentage of total billings.
• Perform a bid analysis of recent vendor bid requests, listing out the date the bid was received, goods/services descriptions, and price per unit. Group the vendors by bid request, and look for patterns in the bidding which would indicate one vendor received information the others did not.
• Talk with bid losers and ask them if their contact at your company offered any unusual terms for favored status.
• In locations suffering odd unexplained or "miscellaneous" losses, perform an inventory count of portable/high demand items and reconcile with system balances.
• Secretly install cameras at locations in which your company is experiencing unexplained inventory losses. Review for direct evidence of theft. At a minimum, ensure that every shipment out over a period of time is supported by proper documentation and that upper management is aware of the shipments.

Of course, the descriptions of some of these tests are too general to properly implement, but they should provide you with an idea about how to construct detective audit tests or procedures within your own environment.

Good luck in discovering symptoms of fraud!