Chapter 6: Fraud Detection Flashcards
Fraud Detection Process
involves identifying indicators of fraud that suggest a need for further investigation.
Ways Fraud is Detected
includes tips and hotlines, financial statement audits, and by accident.
Hotlines
Very effective but must have a disclosure policy. Confidentiality vs Anonymity.
Confidentiality
The investigator may contact the tipster for additional info, but the tipster’s name is to remain confidential and not shared outside the Office of the Inspector General. Could be required to release by order of law (e.g., a court order or subpoena).
Fraud Discovery by Accident
This happens frequently, especially in companies with weak controls. But it might happen too late for a small company to survive.
Fraud Discovery by External Auditors
SAS 99 requires that auditors design financial statement audits in such a way so as to have a reasonable chance of detecting misstatements in the financial reports. But not all fraud leads to misstatements. Still, external auditors must consider fraud risk and should use the fraud triangle
Other Means of Fraud Discovery
- By internal auditors
- Internal auditors should report directly to the board of directors
- By inspectors general
- By security departments
Fraud Detection and ERM
Internal controls can be preventive, detective, or corrective
Preventive controls
stop fraud before it happens
Detective controls
signal the existence of fraud
False positives
indicate fraud when there is none
False negatives
indicate no fraud where this is fraud
Corrective controls
include investigating and recovering from fraud
Total Fraud Costs
= Prevention Costs + Detection Costs + Correction Costs + Fraud Losses
Composite indicators
- Are typically produced from weighted sums of individual indicators. The weighted sum is called a risk score.
- One example of a risk score is a FICO credit score
Single-factor indicators
- Are also called red flags
- In the typical scenario, a single red flag may initiate an investigation
Random Tests
Discovery sampling- investigator selects a random sample in a way tp have a high profitability of detecting particular type and size error or fraud.
Internal control data
data include reconciliation failures, control total failures, exception transactions, and apparent errors
Security breaches
occur when an individual accesses some entity resources without first being granted a sufficient privilege to do so.
Pattern data analysis
- or data mining, combines different data items in complex and non-intuitive ways to signal fraud
- can be used to detect fraud as well as a tool to improve business process and better compete in the market.
Steps in Building a Fraud Detection System
- risk analysis and control development
- exploitation of expert knowledge
- knowledge discovery
- implementation
Knowledge discovery involves SEMMA
Sampling, Exploration, Modification, Modeling, and Assessment
Benford’s law
A fraud indicator that predicts the relative incidence of first digits of numbers in certain types of random data.
Most things start with #1