"Energy is Opportunity" the Foundation for Saudi Aramco’s Commitment to Fighting Fraud

/

PARTNER PROFILE

ACFE Staff

For the past 80 years, Saudi Aramco has worked to establish itself as a leader in energy, and oil and gas production. Most recently, the company has also taken steps to lead fraud detection and prevention efforts in the Middle East. More than just a company tagline, “energy is opportunity” is only a stepping stone to the larger principles of integrity, citizenship and ethics.

"While 'energy is opportunity' to us at Saudi Aramco, the company can only capitalize on its opportunities when the basic underlying business processes are all in place and functioning effectively," said Waheed Alkahtani, CFE and CCEP-I, head of the Internal Auditing Advisory Services Group at Saudi Aramco. "The culture has to be one that values and upholds core principles of high integrity, while each employee demonstrates good corporate citizenship. In this regard, being a leader in both fraud detection and also prevention, such as through greater ethics and fraud awareness, surely contributes to the success of Saudi Aramco."

Headquartered in Dhahran, Saudi Arabia, and employing more than 65,000 workers worldwide, Saudi Aramco is one of the largest oil companies in the world. The oil and gas producer leads the industry in production, operational reliability and technical advances. It is currently the world’s largest crude oil exporter, producing roughly one in every eight barrels of the world’s oil supply. With this great responsibility of service, comes an even greater responsibility of ensuring the businesses’ processes and values stay true to the vision of creating opportunity through integrity.

According to Alkahtani, Saudi Aramco has had a history of valued partnership with the ACFE. It established an ACFE Saudi Arabia Chapter in 1997, and most recently joined the Corporate Alliance Program. "When we realized the many benefits of the program, joining the Corporate Alliance became a natural transition for us," he said. "It allows our sizable complement of investigative professionals to have direct access into ACFE’s many resources."

Saudi Aramco decided to join the Corporate Alliance during a difficult time for oil prices, a bold step that could have been viewed risky. But according to Alkahtani, it was actually more cost-effective for Saudi Aramco to administer a group membership as opposed to individual memberships. “At a time of cost-containment and focus on efficiency due to budgetary tightening across the oil industry, the Corporate Alliance offered a positive solution for us, while maintaining valued access to ACFE for our professionals," he said. "We are also able to use ACFE research studies and reports to benchmark our anti-fraud efforts against best-in-class practices. The Corporate Alliance provides cost-effective tools that support our anti-fraud efforts, while keeping us abreast of the latest industry developments and training opportunities."

Affiliates are located in China, Japan, India, the Netherlands, the Republic of Korea, Singapore, the U.K. and the U.S. Like many large corporations, even though the company is headquartered in a central location, its reach is global. Saudi Aramco has designated organizations to effectively manage and investigate suspected fraud cases. “Fraud case profiles tend to be surprisingly similar across global locations,” said Alkahtani. “Saudi Aramco uses a consistent fraud investigation and reporting process to ensure that the General Auditor can reliably provide a comprehensive view to the Board Audit Committee. The two key departments that are involved in investigations of suspected fraud: Special Audits (SAD) and Corporate Security Services (CSSD). Their reports are issued to two corporate executive committees, such that the company acts fairly, ethically and responsibly.”

Perhaps a benefit of joining the ACFE’s Corporate Alliance that may seem obvious, yet understated, is something that Alkahtani is most enthusiastic about: he, and Saudi Aramco, are not alone. "We are all in this fight together! The fact is, no organization operates alone, and we must rely on each other’s efforts to stamp out fraud and corruption," he said. "No government can do it alone either. Regulatory pronouncements must be complemented by corporate policies that work hand-in-hand to enhance transparency and promote integrity. The company has taken a proactive stance in this matter to lead by example. By doing so, we hope that the benefits of a higher integrity business culture will accrue to every citizen and to Saudi Aramco itself."

To find out more about the ACFE's Corporate Alliance Program and hear more about how Saudi Aramco is committed to preventing and detecting fraud, visit ACFE.com.

Pacemaker Data Betrays Host in Fraud Case

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics
BKD, LLP | Forensics & Valuation Services

As the world of unique ways to investigate fraud expands, investigators in Middletown, Ohio, have given us the latest in ways of using data to solve a case. Not data from an accounting system, building access records or an Amazon Echo (see last month’s post) — this time it was data from a pacemaker. According to the article, a man was “charged for arson and fraud after law enforcement used data gleaned from his pacemaker to uncover an alleged plot to cheat his insurance company.” The man in question was attempting to collect more than $400,000 in damages caused by a fire at his home. However, the story he told of the exertion he underwent to pack suitcases and throw them out a window didn’t quite line up with the story his heart told. Police obtained a search warrant and went after the electronic records of his pacemaker. They quickly discovered that the heart doesn’t, in fact, lie. When I first read this story, I was initially shocked a pacemaker could be used this way. The more I thought about it, however, I quickly realized that it is an obvious application of analytics.

Using analytics to detect fraud often involves the application of pattern recognition technology. That can mean looking for specific patterns indicative of a fraud, looking for patterns contrary to your expectations or finding patterns where you wouldn’t expect. In this particular case, it was the absence of a pattern where one was expected. So, how does one go about applying analytics to a case like this? The same way you apply analytics in any situation — following a predictable framework.

Strategic question: Is Mr. Compton’s story plausible?

Objective: Identify indications of exertion of effort consistent with description of actions.

Data: Pacemaker electronic records.

Procedures: Trend analysis of heart rate, demand on pacemaker and heart rhythms before, during and subsequent to actions in story.

Analyze results: Patterns don’t show signs of increased exertion that would have been present based on story.

Manage results: Investigate other possible reasons for inconsistent pattern.

At its core, this is the same framework and application methodology for analyzing trends in financial or other data. What differentiates this from typical applications of analytics in investigations is the willingness to get data outside of traditional systems. As the Internet of Things grows and expands, the opportunities to go outside these traditional systems will also grow. More devices — wearables, virtual assistant devices, vehicles, etc. — will generate more data than ever before. Each of these will provide an opportunity to evaluate patterns in data compared to expectations. 

The challenge is this — how will you begin to leverage these non-traditional data systems in your investigations?

How One Man Exposed His Fellow FBI Agent as a Russian Spy

/

FROM THE PRESIDENT

James D. Ratley, CFE
ACFE President

Here’s the situation. You’re a new FBI undercover field operative. But the bureau has called you into headquarters, put a suit and tie on you, and ordered you to take a desk job as the assistant to a longtime FBI special agent and computer systems expert. You’ll be locked in a soundproof, two-office vault to do one thing: covertly surveil this man suspected of being a master spy for the Russians.

That’s where Eric O’Neill found himself in 2001. He became a loyal assistant to Robert Hanssen — an intimidating, demanding and suspicious boss. The FBI had its eye on Hanssen, but they just needed a smoking gun.

O’Neill, who will be a keynote speaker at the 28th Annual ACFE Global Fraud Conference, June 18-23 in Nashville, watched Hanssen for months, but couldn’t find anything incriminating.

Finally, O’Neill was able to get to Hanssen’s Palm Pilot. O’Neill rushed it to the FBI techies on another floor who decrypted it and found Hanssen’s drop date and location of classified material to the Russians. They had him.

Hanssen was arrested on Feb. 18, 2001, at Foxstone Park, near his home in Vienna, Virginia, where he’d made his last drop. He was charged with selling U.S. secrets to the Soviet Union and then the Russian Federation for more than $1.4 million in cash and diamonds in 22 years.

He pleaded guilty to 15 counts of espionage and was sentenced to 15 life terms without the possibility of parole. The U.S. Department of Justice described his spying as “possibly the worst intelligence disaster in U.S. history.”

I’m impressed that O’Neill was able to gather information on Hanssen, who prided himself on being able to detect any hint of deception.

The story was so dramatic that Hollywood transformed it into the 2007 movie, “Breach,” starring Ryan Phillipe as O’Neill, Chris Cooper as Hanssen and Laura Linney as “Kate Burroughs,” O’Neill’s handler. O’Neill was an onsite advisor for the film.

During the 28th Annual ACFE Global Fraud Conference, O’Neill — who now runs an investigative and security consulting firm, and works for a security protection software company — will be addressing recent changes in fraud and cyberespionage through the eyes of sophisticated attackers.

“I will use elements of the Hanssen investigation as a framework and also to tell an entertaining story,” O’Neill says. “The audience will understand why I say that there are no hackers; there are only spies.”

3 Tips to Help Prevent and Detect Fraudulent Travel Expense Activity 

/

GUEST BLOGGER

Misty Carter, CFE, CIA, CISA
ACFE Research Specialist

Have you ever wondered, “Are my travel expenses being reviewed?” Fraudsters who have been successful at defrauding companies through the submission of fictitious travel expenses most likely have. If management, though, has never considered this question from the employee’s perspective, they might unknowingly be paying out thousands of dollars to fund a fraudster’s lifestyle — that fraudster being one of their own employees.

Unfortunately, this was the case with New York State Assemblyman William Boyland, Jr. Boyland, indicted on charges of allegedly filing tens of thousands of dollars’ worth of fraudulent travel expenses, claimed he had been traveling on legislative business in Albany, New York, between January 2007 and December 2011 when he allegedly was not (as reported in Metropolis, a Wall Street Journal blog). In fact, in some of the instances where he allegedly claimed he was traveling to Albany, he was in New York City meeting with undercover investigators who were building an unrelated bribery case against him.

While the exact dollar amount falsely claimed by Boyland is still uncertain, an audit found no record of him being in Albany 609 of the 975 days he claimed he had traveled there. Based on these audit findings, Boyland is required to repay the state $67,497 in mileage reimbursement and per-diem payments. In addition to the indictment for submitting fraudulent travel expenses, Boyland has two other pending charges against him related to bribery and mail fraud.

This is just one example of many where employees abuse company or tax-payer dollars through expense reimbursement schemes. According to the 2016 Report to the Nations, expense reimbursement fraud schemes made up 14 percent of the asset misappropriation schemes with an average loss of $40,000. The report also noted that these frauds lasted a median of 24 months before being detected, as was the case with Boyland.

Even though the detection and prevention of fraudulent employee expenses can seem overwhelming, there are controls that management can put in place to mitigate risk in this area. The following tips can aid in the detection, prevention and deterrence of this type of fraud:

  • Implement continuous control monitoring software. This software is automated and can review 100 percent of expense data. It can be configured to identify outliers or areas where fraud and noncompliance are most likely to be detected. Data reported from these monitoring solutions can help decrease fraudulent expense activity through trend reviews of anomalies. Employees might also be deterred from attempting a fraud if they know that a tool is in place to review all expenses submitted. 
  • Implement a formal travel and entertainment expense policy. It is important for management to develop a clear travel and entertainment expense policy and communicate it to their employees. Management should also ensure employees are aware of their expectations toward policy adherence and establish consequences for failure to comply with policy requirements. 
  • Hold management accountable. Management might be lax in its review and approval of employee expenses, but if held accountable for approving fraudulent expenses, they might spend more time reviewing them. Approving managers should also consider occasionally questioning employees about expenses they submitted. This practice can actually have a deterrent effect: if employees know someone is actually reviewing what they submit, they are less likely to submit a fraudulent expense. 

Although expense reimbursement fraud is rampant, it can be minimized if the proper action is taken. Management must be proactive and implement the necessary controls to help deter employees from committing schemes and detect if they do occur. Failing to take action can be detrimental to the company and leave it exposed to this and other types of fraud schemes.

Episode Notes for Fraud Talk: 'The Problem With Too Many Choices'

/

GUEST BLOGGER

Emily Primeaux, CFE
Associate Editor, Fraud Magazine

In January I had the pleasure of interviewing Bret Hood, CFE, about using data analytics in fraud examinations and the problem of “choice paralysis.” Currently the director of 21st Century Learning & Consulting and a retired FBI supervisory special agent, Hood has spoken at ACFE Annual Global Conferences and is a federal court-recognized expert in fraud and money laundering.

Hood recently wrote an article for the January/February 2017 issue of Fraud Magazine about choice paralysis using a grocery store study. In the article and on the podcast, he explained that this study helped highlight that when people are given too many choices, they freeze and can’t make a decision. The same can happen when a fraud examiner approaches an investigation using data analytics.

Data analytics software can produce an endless amount of data — some usable, others distracting. In the podcast, Hood explained that it’s important for fraud examiners to determine which data sets are relevant. “If we’re doing a billing fraud, I should only be concerned with the billing and not something else,” Hood said. “So if I have billing fraud, I don’t necessarily care about accounts payable. It depends on what kind of billing we have, but what happens is when we start to focus on other things, when we start to take the divergent path, that distracts us from what our original purpose is.”

Other highlights from the interview include:

  • Recommendations for how fraud examiners can overcome choice paralysis, including prioritizing three things that are relevant to your case, focusing on those and fighting the urge to move down other paths as they become present.
  • An analysis of how the brain processes information, including a look at your “working memory.”
  • System 1, the reactionary part of your brain, versus system 2, the reasoning part of your brain.

You can listen to Hood’s entire interview at ACFE.com/podcast and join the discussion about the podcast in the ACFE Community.

Helpful Resources Mentioned in This Episode