The way students are learning has significantly changed since I attended college classes 30 years ago. I remember my accounting instructor standing in front of the 300-seat lecture hall with an overhead projector. When I first started teaching, I thought I was being “progressive” using PowerPoint slides! Today’s students are demanding more hands-on experience. They don’t want to just sit there and be “talked at.” They want more of the “tell me, show me, let me do it” type classroom. One of the most successful components of my class is the community project my students undertake each semester. Here’s how it works.Read More
Mandy Moody, CFE
ACFE Content Manager
Last week, more than 250 fraud fighters from the European region gathered in London to discuss the latest in fraud examination techniques, ethics and more. In addition to a presentation by convicted UBS trader, Kweku Adoboli (read the New York Times article, "A Rogue Trader Blames the System, but Not All Are Persuaded"), attendees walked away with actionable items to include in their own daily activities for preventing and detecting fraud. A few of the highlights include:
When and how to approach law enforcement and prosecution
A panel of investigators discussed tips for companies and individuals to follow when reporting fraud to law enforcement:
- Include a well-written report that defines intent. As Pennings said, “It is easier to conduct an investigation once there is a clear sign of intent. It has to hold water that it was intentional and not an accident.”
- Make sure there is a clear collection of evidence. According to Pennings, you can’t recreate a path of evidence after the fact. It may be best to train your employees on how to forensically collect evidence at a crime scene.
- Complete and submit a report that tells a cohesive story. Felton explained that his reports are only about half a page, so companies have to tell that story succinctly and efficiently. “If it is not clear in your head, then you have got a problem,” Felton said. “When you can’t even read through it and can’t understand it, you have got a problem. Sometimes I can’t find an offense.”
A strong ethical framework is good for business
Laura Davies, Director of Fraud at Huntswood, explained that understanding the current global landscape and putting an emphasis on culture is a step in the right direction for anti-fraud experts and organizations. Davies shared examples of recent scandals where consumer trust has been deeply shaken. Most recently, Volkswagen (VW) has been dealing with the fallout from their diesel emissions scandal. Read the full recap.
Using a risk-based pre-employment screening
Previous criminal activity can be hard to find and can put organizations at considerable risk. There are checklist recommendations that usually provide a list of information sources that should be accessed during a screening — they tell you where you can find information on an applicant. But, according to Bernhard Maier, CII, director of BM-Investigations E.U., many of these lists come from the U.S. and aren't multi-jurisdictional. Read the full recap.
Attendees also enjoyed keynote presentations by Clare Rewcastle Brown, the Editor-in-Chief of the Sarawak Report and the investigative journalist who reported on the Malaysian 1MDB corruption scandal, and Mark Livschitz, a recognized AML attorney. You can find more in-depth coverage of the conference at FraudConferenceNews.com.
LETTER FROM THE PRESIDENT
James D. Ratley, CFE
I bet your organization works extremely hard to find good employees. Weeks of intensive searching, vetting of qualifications and background checks hopefully yield hardworking, loyal colleagues. Of course, you know all that cultivation still can yield some rotten apples.
Ryan Duquette, CFE, CFCE, author of the latest Fraud Magazine cover article, "Insider threats! Using digital forensics to prevent intellectual property theft," quotes studies that show that half of all departing employees leave with confidential company information — either deliberately or unintentionally. That's sobering. How are your organizations deterring the fraudulent flow of intellectual property out the door?
Because most fraud examinations focus on establishing if, and how, someone did what they're suspected of doing, the author writes, they must learn fraudsters' common methods to remove sensitive information. These include the obvious means, such as personal webmail accounts, portable storage media and personal devices. But they also include accessing corporate systems via remote sessions and cloud storage.
Duquette emphasizes that fraud examiners should be part of the everyday work routines to examine new and leaving employees. "Your input and expertise is vital because you might see different patterns and suggest other methods, which could help examine broader fraud matters in your organization,” he writes.
Fraud examiners can use their skills at observing behaviors to help their organizations, he explains, such as looking for those who take proprietary information home via thumb drives or email without authorization, and inappropriately seek or obtain proprietary or classified information on subjects not related to their work duties.
Duquette also says we can help by looking for those who disregard the organization's computer policies on installing personal software or hardware, access restricted websites, conduct unauthorized searches or download confidential information.
As always, we have to review local, regional and national privacy laws and regulations on examining employees, which seem to change daily around the world.
"If the employee’s role grants them privileged access to highly confidential data such as payment card numbers, personally identifiable information or financial information, there's a risk that your activities might result in compliance issues," Duquette writes. "For example, you might locate payment card and transactional data and duplicate it to present as evidence. That action, while well intended, might be in a contravention of a policy or control that you've agreed to adhere to because you're moving the data outside of a controlled environment."
As Duquette implores, don't let departing employees leave with valuable intellectual property. Use digital forensics in daily workflows before they resign and in exit interviews to prevent IP theft rather than potentially be involved in litigation after they're gone.
Read more about the cover article and more at Fraud-Magazine.com.
FROM THE RESOURCE GUIDE
Tiffany Couch, CFE, CPA, CFF
Learning the basics. While the phrase may conjure up long ago memories of learning the alphabet, using building blocks, participating in a new sport or, starting over in a new school, new job or new professional field — I find that when it comes to fraud examination, the basics are essential to the success of any engagement. From understanding fraud schemes and the red flags of those schemes, to interviewing witnesses, collecting evidence and writing reports, applying these fundamental concepts consistently during each engagement are building blocks indeed — building blocks of success.
In a recent engagement I was asked to identify why and how a senior vice president had manipulated the CEO’s signature on an expense reimbursement form — I definitely used “the basics”:
- To identify that all four expense reimbursement schemes (fictitious, altered, mischaracterized and duplicate) were potentially being perpetrated against our client;
- To ask open-ended questions which led to information regarding the suspect’s approval authorities, lifestyle and assets;
- To appropriately collect evidence, including paper and electronic evidence; and
- To write a solid fraud examination report that led to an indictment and arrest of the suspect just three weeks later (and eventually to his incarceration in federal prison for 46 months).
Conducting a fraud examination based on a solid foundation of knowledge, skill and professional standards will lead to a successful case resolution. In fact, the more complex a case, the more important those basics become. Think about this: you are the smartest person in the room. Sure, your report or testimony may be considered by attorneys, judges and intelligent clients; but, they do not have the expertise you do. Conveying complex financial crimes in a simple way to those who do not have such a background is your most important job. And doing so consistently will be building blocks for something else: your professional credibility.
Consider what happens when a building or a relationship doesn’t have a solid foundation. You got it — it crumbles. I have been involved in a few cases where professionals who attempted to conduct investigations omitted critical information, opined on the “guiltiness” of a person or wrote incoherent reports. Their professional credibility and their work were put into question. I wondered, “Did they forget the basics? Ignore them? Think the rules didn’t apply to them?” Whatever the reason, it didn’t matter. Their cases crumbled for lack of a foundation. Don’t be afraid to get back to the basics every single time you approach a new case.
Whether you are an auditor wishing to improve your fraud detection skills, a professor wanting to impart more knowledge to your students or a law enforcement officer looking to gain skills for the increasing number of white-collar crimes hitting your desk, you won’t be sorry you spent time attending some of the ACFE’s foundational courses like Principles of Fraud Examination. Where else can you gather the knowledge you’re looking for, network with other like-minded professionals and even meet a fraudster in person? You won’t be disappointed. And who knows, you may just find that learning the basics introduces you to a whole new level of success. You can read more about this course and more events and seminars in our latest Resource Guide.
Tiffany Couch, CFE, CPA, CFF, ACFE Regent, is founder and principal of Acuity Forensics, a forensic accounting firm based in Vancouver, Washington. She has more than 15 years of experience in the field of accounting, with the last seven years focused solely on forensic accounting-related engagements. Couch has conducted dozens of financial investigations, managed litigation cases involving tens of thousands of documents, and has testified in state and federal jurisdictions throughout the U.S.
John E. “Jack” Little, CFE, CPA, and Jenny Mak
Organizations of all sizes should regularly evaluate the systems they have in place to deter fraud, abuse and misconduct. This involves an organized review of current policies, procedures and controls that safeguard and protect an organization’s assets from unnecessary risk.
As part of a project in the spring 2015 Fraud Examination class in the Dyson School of Applied Economics and Management at Cornell University, a checklist was developed to aid in the evaluation of such systems. The class focused on understanding different types of fraud through textbook readings, guest speakers and local fraud cases. We began creating the checklist by reviewing a white paper authored by a group of forensic investigators from KPMG titled Fraud Risk Management, Developing a Strategy for Prevention, Detection and Response. The document provides an overview of the fundamentals involved in deterring the risk of fraud and abuse within organizations.
Applying key concepts from this resource, the class converted it into a checklist that can be used to gather information, document controls and procedures, and evaluate existing policies. The checklist focuses on three key areas of control: prevention, detection and response. Additionally, it indicates the specific KPMG document page number from which the question was developed for ease of guidance and reference. The checklist works in a way such that opportunities for improvement in the system of internal controls, policies and procedures become apparent when the questions are answered and the comments written up.
Once this checklist was designed, the student group moved to apply it to the systems used by Cornell University. Students first completed the checklist with information that was readily available online. Later, students met with the University Audit Office and Cornell Human Resources, both of whom provided additional information via interviews and discussions. After the meetings, the student circled back around to complete any gaps in the checklist. A copy of the completed checklist can be found here.
At the conclusion of our work, the class came to believe that the systems and controls in place at Cornell University were adequate. However, we had a number of suggestions for improvements to those systems and controls to strengthen the processes. Those recommendations were:
- Consider having a more formal fraud risk assessment conducted by independent outside consultants.
- Expand its use of data analytics within the internal audit function of the University Audit Office.
- To continue improvement in campus-wide training programs for fraud deterrence.
- To implement a universal acknowledgment by employees documenting their familiarity with Cornell’s policies and procedures for the deterrence of fraud, abuse and misconduct.
In a closing meeting with University Auditor Glen Mueller and Audit Director Mark Perry, the student group presented the completed checklist and recommendations. Since the final meeting, the University Audit Office has made a shift towards continuous monitoring through the use of data analytics and is actively working towards implementing the use of ACL software to track fraud.
It is our hope that by sharing this checklist, there will be a benefit for both practitioners and management of organizations who must consider a review of their systems of fraud deterrence.
John E. “Jack” Little, CFE, CPA, is the senior lecturer of accounting at the Dyson School of Applied Economics and Management at Cornell University in Ithaca, New York, and a local practitioner. His email address is: firstname.lastname@example.org.
Jenny Mak is senior in the Dyson School of Applied Economics and Management at Cornell University and will graduate with a Bachelor’s of Science with concentrations in accounting and finance in December. Upon graduation she will begin her career in the profession and will sit for the CPA Exam. Her email address is: email@example.com.