Employees and others who commit fraud have long relied on management's inability to see what's going on right under their noses. Why? Because it has been too difficult and expensive to sift through the enormous volume of business transactions taking place each day. Too often the intensive record-screening necessary to detect improprieties slows business processes and consumes funding and staffing. At some point, the "cure" becomes worse than the "disease."
Practitioners' clients and employers need better antifraud weapons: This article explains several ways CPAs can respond by using technology to detect fraud--and even prevent it from taking place.
There are several reasons to make the effort. SAS no. 82, Consideration of Fraud in a Financial Statement Audit, requires auditors to assess the risk of material misstatement in financial statements due to fraud. And the payoff--for companies that beat fraud--is potentially great savings. In its 2002 publications, Report to the Nation and National Fraud Survey, the Association of Certified Fraud Examiners estimated that fraud and abuse costs U.S. organizations more than $600 billion annually.
To control that financial hemorrhaging, business leaders have begun teaming up with fraud experts--in a recent trend--to quickly examine financial data, uncover evidence of possible misdeeds and prevent additional losses. Technology plays a central role in such strategies, and by combining their knowledge of business processes with forensic computing skills, CPAs can pinpoint and evaluate signs of possible fraud and, if further investigation reveals actual wrongdoing, take steps to recover losses and prevent more damage.
HOW SMALL COMPANIES CAN FIGHT FRAUD
CPAs can choose from among several techniques to penetrate thickets of data and find the relevant bits of evidence necessary to uncover and stop fraud. But to apply such methods effectively, practitioners first must consider the extent of the entity's auditable data, its available funding and the qualifications of its staff.
Auditors looking for fraud in smaller organizations' data will find that most of the following technology-based methods--which rely on deductive analysis--will suffice. These techniques derive specific findings from general principles. For example, if an organization wants to find out why its purchasing costs are rising, its staff and its CPA could examine the records relating to each of its vendors. If a particular vendor's prices rose, but a purchasing manager ordered more of its products, the only legitimate explanation would be that the quality of the vendor's products had improved greatly, inducing the purchasing manager to both pay a higher unit price and increase the quantity of his or her order. But if the auditors then analyzed customer service records and found numerous complaints about the quality of that vendor's products, the likelihood of fraud would be sufficient to perform a thorough investigation, even if--as is quite possible in such inconclusive circumstances--there turns out to be no evidence of wrongdoing. Generally, deductive techniques are simple and economical to apply but can lead to ambiguous findings, as the following examples will demonstrate.
Discovery sampling. This basic technique, which requires only a personal computer and inexpensive generic software designed for this kind of analysis, suits the capabilities of small organizations that don't have the budget or expertise to conduct more thorough and expensive investigations. Since discovery sampling requires only moderate skills and rudimentary technology, its cost is minimal.
For instance, if an auditor wanted to examine checks to see if someone in the company was making fraudulent payments to vendors, he or she would use random-number-generating software to select the serial numbers of checks to review. The auditor then would refer to a basic discovery sampling table (see "Discovery Sampling Table") available in any auditing textbook. …