rais12 sm ch05

8/18/2019 Rais12 SM CH05

1/36

Accounting Information Systems

CHAPTER 5

COMPUTER FRAUD

SUGGESTED ANSWERS TO DISCUSSION QUESTIONS

5.1 Do you agree that the o!t e""e#t$%e &ay to o'ta$( a)e*uate !y!te !e#ur$ty $! to re+y

o( the $(tegr$ty o" #o,a(y e,+oyee!- Why or &hy (ot- Doe! th$! !ee $ro($#-

What !hou+) a #o,a(y )o to e(!ure the $(tegr$ty o" $t! e,+oyee!-

The statement is ironic because employees represent both the greatest control strength andthe greatest control weakness. Honest, skilled employees are the most effective frauddeterrent. However, when fraud occurs, it often involves an employee in a position of trust.As many as 9! of computer frauds are insider "obs by employees.

#mployers can do the following to maintain the integrity of their employees. $%&T#'

Answers are introduced in this chapter and covered in more depth in (hapter )*

• Human +esource olicies. Implement human resource policies for hiring,compensating, evaluating, counseling, promoting, and discharging employees that sendmessages about the re-uired level of ethical behavior and integrity

• Hiring and iring ractices' #ffective hiring and firing practices include'

o Screen potential employees using a thorough background checks and written tests

that evaluate integrity.o

o +emove fired employees from all sensitive "obs and deny them access to thecomputer system to avoid sabotage.

8/18/2019 Rais12 SM CH05

2/36

computer system to avoid sabotage.

(h. 3' (omputer raud

8/18/2019 Rais12 SM CH05

3/36


5. /ou are the ,re!$)e(t o" a u+t$(at$o(a+ #o,a(y &here a( e0e#ut$%e #o("e!!e) to

$t$(g 21334333. What $! $t$(g a() &hat #a( your #o,a(y )o to ,re%e(t $t- Ho&

&ou+) you re!,o() to the #o("e!!$o(- What $!!ue! u!t you #o(!$)er 'e"ore ,re!!$(g

#harge!-

In a kiting scheme, cash is created using the lag between the time a check is deposited andthe time it clears the bank. Suppose a fraud perpetrator opens accounts in banks A, 6, and(. The perpetrator 7creates8 cash by depositing a 5, check from bank 6 in bank ( and

withdrawing the funds. If it takes two days for the check to clear bank 6, he has created5, for two days. After two days, the perpetrator deposits a 5, check from bank Ain bank 6 to cover the created 5, for two more days. At the appropriate time, 5, isdeposited from bank ( in bank A. The scheme continues, writing checks and makingdeposits as needed to keep the checks from bouncing.

:iting can be detected by analy2ing all interbank transfers. Since the scheme re-uiresconstant transferring of funds, the number of interbank transfers will usually increase

significantly. This increase is a red flag that should alert the auditors to begin aninvestigation.

;hen the employee confesses, the company should immediately investigate the fraud anddetermine the actual losses. #mployees often 1underconfess1 the amount they have taken.;hen the investigation is complete, the company should determine what controls could beadded to the system to deter similar frauds and to detect them if they do occur.

#mployers should consider the following issues before pressing charges'• How will prosecuting the case impact the future success of the business<

• ;hat effect will adverse publicity have upon the company=s well being< (an the

bli it i th i id f f d b i k

8/18/2019 Rais12 SM CH05

4/36


5. D$!#u!! the "o++o&$(g !tatee(t 'y Ro!&e++ Ste""e(4 a #o(%$#te) e'e66+er7 8For e%ery

"oo+,roo" !y!te4 there $! a etho) "or 'eat$(g $t.9 Do you 'e+$e%e a #o,+ete+y !e#ure

#o,uter !y!te $! ,o!!$'+e- E0,+a$(. I" $(ter(a+ #o(tro+! are +e!! tha( 133:

e""e#t$%e4 &hy !hou+) they 'e e,+oye) at a++-

The old saying 1where there is a will, there is a way1 applies to committing fraud and to breaking into a computer system. It is possible to institute sufficient controls in a system sothat it is very difficult to perpetrate the fraud or break into the computer system, but moste>perts would agree that it "ust isn=t possible to design a system that is 5! secure from

every threat. There is bound to be someone who will think of a way of breaking into thesystem that designers did not anticipate and did not control against.

If there were a way to make a foolproof system, it would be highly likely that it would betoo cost prohibitive to employ.

Though internal controls can=t eliminate all system threats, controls can'

• +educe threats caused by employee negligence or error. Such threats are often morefinancially devastating than intentional acts.

• Significantly reduce the opportunities, and therefore the likelihood, that someone can

break into the system or commit a fraud.

8/18/2019 Rais12 SM CH05

5/36


5.; Re%+o( h$re) amine both sides of an issue with no clear answer. In most

classes, some students will feel strongly about each side and many will sit on the fence andnot know.

8/18/2019 Rais12 SM CH05

6/36


5.5 e#au!e $,ro%e) #o,uter !e#ur$ty ea!ure! !oet$e! #reate a (e& !et o"

,ro'+e!Bu!er a(tago($!4 !+ugg$!h re!,o(!e t$e4 a() ha,ere) ,er"ora(#eB

!oe ,eo,+e 'e+$e%e the o!t e""e#t$%e #o,uter !e#ur$ty $! e)u#at$(g u!er! a'out

goo) ora+ #o()u#t. R$#har) Sta++a(4 a #o,uter a#t$%$!t4 'e+$e%e! !o"t&are

+$#e(!$(g $! a(t$!o#$a+ 'e#au!e $t ,roh$'$t! the gro&th o" te#h(o+ogy 'y ee,$(g

$("orat$o( a&ay "ro the (e$gh'or!. He 'e+$e%e! h$gh !#hoo+ a() #o++ege !tu)e(t!

!hou+) ha%e u(+$$te) a##e!! to #o,uter! &$thout !e#ur$ty ea!ure! !o that they #a(

+ear( #o(!tru#t$%e a() #$%$+$6e) 'eha%$or. He !tate! that a ,rote#te) !y!te $! a ,u66+e

a()4 'e#au!e $t $! hua( (ature to !o+%e ,u66+e!4 e+$$(at$(g #o,uter !e#ur$ty !o

that there $! (o te,tat$o( to 'rea $( &ou+) re)u#e ha#$(g.

Do you agree that !o"t&are +$#e(!$(g $! a(t$!o#$a+- I! eth$#a+ tea#h$(g the !o+ut$o( to

#o,uter !e#ur$ty ,ro'+e!- Wou+) the reo%a+ o" #o,uter !e#ur$ty ea!ure!

re)u#e the $(#$)e(#e o" #o,uter "rau)- Why or &hy (ot-

Answers will vary. Students should consider the following conflicting concepts'

Software licensing encourages the development of new ideas by protecting the efforts ofbusinesses seeking to develop new software products that will provide them with a profitand/or a competitive advantage in the marketplace. This point is supported by thefollowing ideas'

• The prospect of a financial reward is the primary incentive for companies to e>pend

the time and money to develop new technologies.

• If businesses were unable to protect their investment by licensing the software to

others, it would be much more difficult for them to receive a reward for their effortsin the research and development of computer software.

• #conomic systems without such incentives are much more likely to fail in developing

8/18/2019 Rais12 SM CH05

7/36


ltimately, the reduction in security measures will increase opportunities for fraud. If the perpetrator has sufficient motive and is able to rationali2e his dishonest acts, increasedopportunity will probably lead to an increase in computer crimes.

8/18/2019 Rais12 SM CH05

8/36


SUGGESTED ANSWERS TO THE PRO

8/18/2019 Rais12 SM CH05

9/36


roper internal control says that Accounts ayable should match the vendorBs invoiceto both the purchase order and the receiving report. 6ecause this matching would notdetect the theft, some may argue that this is a weakness in internal control. However,the weakness lies in the sales department not counting $independently verifying* thereceiving department count. $see parts c and e*

Therefore, accounts payable paying the vendor the total amount due is not a fraud or

an indicator of fraud or an internal control weakness. It has no bearing on theinvestigation.

e. a!e) o( the re#e$%$(g )e,arte(t !u,er%$!or@! $(!tru#t$o(!4 *ua(t$t$e! o( there#e$%$(g re,ort! &ere (ot #ou(te) 'y !a+e! ,er!o((e+.

This is the same internal control weakness described in part c. The receivingdepartment supervisor gave those instructions to facilitate his or her fraud

In addition, sales personnelBs following the receiving department supervisorBsinstructions is another internal control weakness. The receiving departmentsupervisor should not have control over or manage sales personnel. There should be aclear4cut segregation of duties between sales and receiving.

The receiving department supervisor having control over or supervising sales personnel is also a fraud symptom that should alert auditors to the possibility of fraud.

8/18/2019 Rais12 SM CH05

10/36


5. A #+$e(t hear) through $t! hot +$(e that oh(4 the ,ur#ha!e! our(a+ #+er4 ,er$o)$#a++y

e(ter! "$#t$t$ou! a#*u$!$t$o(!. A"ter oh( #reate! a "$#t$t$ou! ,ur#ha!e4 he (ot$"$e! A+$#e4

the a##ou(t! ,aya'+e +e)ger #+er4 !o !he #a( e(ter the $( her +e)ger. Whe( the

,aya'+e! are ,ro#e!!e)4 the ,aye(t $! a$+e) to the (o(e0$!te(t !u,,+$er@! a))re!!4 a

,o!t o""$#e 'o0 re(te) 'y oh(. oh( )e,o!$t! the #he# $( a( a##ou(t he o,e(e) $(

the (o(e0$!te(t !u,,+$er@! (ae. Ada pted from the (IA #>amination.

a. De"$(e "rau)4 "rau) )eterre(#e4 "rau) )ete#t$o(4 a() "rau) $(%e!t$gat$o(.

raud is gaining an unfair advantage over another person. @egally, for an act to befraudulent there must be'

5. A false statement, representation, or disclosureC. A material fact , which is something that induces a person to act?. An intent to deceiveE. A justifiable reliance; that is, the person relies on the misrepresentation to take an

action

3. An injury or loss suffered by the victim

raud can be perpetrated for the benefit of or to the detriment of the organi2ation and by persons outside as well as inside the organi2ation.

raud deterrence is the actions taken to discourage the perpetration of fraud.

raud detection is using any and all means, including fraud symptoms $also called red

flags of fraud* to determine whether fraud is taking place

raud investigation is performing the procedures needed to determine the nature andamount of a fraud that has occurred

8/18/2019 Rais12 SM CH05

11/36


• +egular borrowing from fellow employees.

• ersonal checks returned for insufficient funds.

• (ollectors and creditors appearing at the place of business.

• lacing unauthori2ed I&s in petty cash funds.

• Inclination toward covering up inefficiencies or 1plugging1 figures.

• ronounced criticism of others.

• Association with -uestionable characters.

•

Annoyance with reasonable -uestionsD replying to -uestions with unreasonableanswers.

• nusually large bank balance.

• 6ragging about e>ploits.

• (arrying unusually large amounts of cash.

#.

8/18/2019 Rais12 SM CH05

12/36


5. The #o,uter "rau)! that are ,u'+$#+y re%ea+e) re,re!e(t o(+y the t$, o" the $#e'erg.

A+though a(y ,eo,+e ,er#e$%e that the aor threat to #o,uter !e#ur$ty $! e0ter(a+4

the ore )a(gerou! threat! #oe "ro $(!$)er!. Ma(agee(t u!t re#og($6e the!e

,ro'+e! a() )e%e+o, a() e("or#e !e#ur$ty ,rogra! to )ea+ &$th the a(y ty,e! o" #o,uter "rau).

E0,+a$( ho& ea#h o" the "o++o&$(g !$0 ty,e! o" "rau) $! #o$tte). U!$(g the "orat

,ro%$)e)4 a+!o $)e(t$"y a )$""ere(t etho) o" ,rote#t$o( "or ea#h a() )e!#r$'e ho& $t

&or! Adapted from the (/A #>amination.

Type of raud

#>planation Identification and 0escription of rotection /ethods

Inputmanipulation

This re-uires the least amount oftechnical skill and littleknowledge of how the computersoperate.

Input data are improperly alteredor revised without authori2ation.or e>ample, payroll time sheetscan be altered to pay overtime or an e>tra salary.

0ocumentation and Authori2ation

− 0ata input format authori2ed and

properly documented.

− (ontrol over blank documents.

−

(omprehensive editing− (ontrol source of data

rogrammed Terminalser protection

− rograms that only accept inputs from

certain designated users, locations,terminals, andor times of the day.

rogram

alteration

rogram alteration re-uires

programming skills andknowledge of the program.

di i i d f

rogrammers should not be allowed to

make changes to actual productionsource programs and data files.

S ti f 0 ti

8/18/2019 Rais12 SM CH05

13/36


ilealteration

0efrauder revises specific data ormanipulates data files. ore>ample'

− sing program instructions to

fraudulently change anemployeeBs pay rate in the payrollmaster file

− Transferring balances among

dormant accounts to concealimproper withdrawals of funds.

+estrict Access to #-uipmentiles

− +estrict access to computer center.

− rogrammers and analysts should not

have direct access to production datafiles.

− Have a librarian maintain production

data files in a library.

− +estrict computer operator access to

applications documentation, e>ceptwhere needed to perform their duties,to minimi2e their ability to modify programs and data files.

0ata theft Smuggling out data on'4 Hard copies of reportsfiles.4 /agnetic devices in briefcases,

employees= pockets, etc.

Tap or intercept data transmitted bydata communication lines

#lectronic sensiti2ation of all librarymaterials to detect unauthori2edremovals.

#ncrypt sensitive data transmissions.

Sabotage hysical destruction of hardware orsoftware.

Terminated employees immediatelydenied access to all computere-uipment and information to preventthem from destroying or altering

e-uipment or files.

/aintain backup files at secure off4sitelocations

8/18/2019 Rais12 SM CH05

14/36


5.; E(%$ro(e(ta+4 $(!t$tut$o(a+4 or $()$%$)ua+ ,re!!ure! a() o,,ortu(e !$tuat$o(!4 &h$#h

are ,re!e(t to !oe )egree $( a++ #o,a($e!4 ot$%ate $()$%$)ua+! a() #o,a($e! to

e(gage $( "rau)u+e(t "$(a(#$a+ re,ort$(g. Frau) ,re%e(t$o( a() )ete#t$o( re*u$re that

,re!!ure! a() o,,ortu($t$e! 'e $)e(t$"$e) a() e%a+uate) $( ter! o" the r$!! they ,o!e

to a #o,a(y. Adapted from the (/A #>amination.

a. I)e(t$"y t&o #o,a(y ,re!!ure! that &ou+) $(#rea!e the +$e+$hoo) o" "rau)u+e(t

"$(a(#$a+ re,ort$(g.

•

Sudden decr eases in revenue or market share• inancial pressure from bonus plans that depend on short4term economic

performance

• Intense pressure to meete>ceed earnings e>pectations or improve reported

performance

• Significant cash flow problemsD unusual difficulty collecting receivables or

paying payables

• Heavy losses, high or undiversified risk, high dependence on debt, or unduly

restrictive debt covenants

• Heavy dependence on new or unproven product lines

• Severe inventory obsolescence or e>cessive inventory buildup

• Highly unfavorable economic conditions $inflation, recession*

• @itigation, especially management vs. shareholders

• Impending business failure or bankruptcy

• roblems with regulatory agencies

• nusual spikes in interest rates

• oor or deteriorating financial position

8/18/2019 Rais12 SM CH05

15/36


• @ack of proper authori2ation procedures

• %o independent checks on performance or infre-uent third4party reviews

• Inade-uate documents and records

• Inade-uate system for safeguarding assets

• %o physical or logical security system

• %o audit trails

The list show here can be augmented by the items in Table 34E listed in the &ther

actors column.

#. For ea#h o" the "o++o&$(g4 $)e(t$"y the e0ter(a+ e(%$ro(e(ta+ "a#tor! that !hou+)

'e #o(!$)ere) $( a!!e!!$(g the r$! o" "rau)u+e(t "$(a(#$a+ re,ort$(g

The #o,a(y@! $()u!try

o

Specific industry trends such as overall demand for the industry=s products,economic events affecting the industry, and whether the industry is e>pandingor declining.

o ;hether the industry is currently in a state of transition affecting

management=s ability to control company operations.

The #o,a(y@! 'u!$(e!! e(%$ro(e(t

o The continued viability of the company=s products in the marketplace.o Sensitivity of the company=s operations and profits to economic and political

factors.

8/18/2019 Rais12 SM CH05

16/36


• 0esign and implement internal controls that provide reasonable assurance that

fraudulent financial reporting is prevented, such as establishing an Internal Audit0epartment that reports to the Audit (ommittee of the 6oard of 0irectors.

• #nforce the internal controls

%&T#' /ost fraudulent financial reporting fraud is perpetrated by topmanagement, often by overriding internal controls. ;hile some of the abovecontrols in part d are more likely to prevent misappropriation of assets, they canstill be useful for preventing or deterring fraudulent financial reporting.

8/18/2019 Rais12 SM CH05

17/36


5.5 For ea#h o" the "o++o&$(g $()e,e()e(t #a!e! o" e,+oyee "rau)4 re#oe() ho& to

,re%e(t !$$+ar ,ro'+e! $( the "uture. Adapted from the (/A #>amination

a. Due to a'(ora+ $(%e(tory !hr$(age $( the au)$o%$!ua+ )e,arte(t at a reta$+

#ha$( !tore4 $(ter(a+ au)$tor! #o()u#te) a( $(=)e,th au)$t o" the )e,arte(t.

They +ear(e) that a #u!toer "re*ue(t+y 'ought +arge (u'er! o" !a++ e+e#tro($#

#o,o(e(t! "ro a #erta$( #a!h$er. The au)$tor! )$!#o%ere) that they ha) #o++u)e)

to !tea+ e+e#tro($# #o,o(e(t! 'y (ot re#or)$(g the !a+e o" $te! the #u!toer too

"ro the !tore.

;hile collusion is difficult to prevent, the store could improve its control system by'

• Implementing "ob rotation so that the same employees are not always performing

the same duties.

• Separating the payment for e>pensive items from the pickup of these items at a

separate location.

• Jideotaping the cashiers and periodically reviewing the tapes looking for fraud andcollusion. /ore specifically, they could determine whether or not a sale was rungup.

• Tagging each item with an electronic tag that can only be deactivated by scanning it

into a cash register. This may cost more $and be more hassle* than it is worth.

b. Dur$(g a( u(a((ou(#e) au)$t4 au)$tor! )$!#o%ere) a ,ayro++ "rau) &he( they)$!tr$'ute) ,ay#he#! $(!tea) o" )e,arte(t !u,er%$!or!. Whe( the au)$tor!

$(%e!t$gate) a( u(#+a$e) ,ay#he#4 they )$!#o%ere) that the e,+oyee *u$t "our

o(th! ,re%$ou!+y a"ter argu$(g &$th the !u,er%$!or. The !u,er%$!or #o(t$(ue) to

tur( $( a t$e #ar) "or the e,+oyee a() ,o#ete) h$! #he#.

8/18/2019 Rais12 SM CH05

18/36


• Implement and enforce a policy that prohibits the payment of invoices based on

copies of supporting documents.

• +e-uire all vendors to submit a numbered electronic invoice. The computer could

match the invoice to the supporting documents, automatically looking for duplicateinvoices or duplicate supporting documents.

• /ake all payments to the vendorBs bank account using electronic funds transfers

$#T*.

• +e-uire specific authori2ation if a situation arises where payment on the basis of

copies of supporting documents is necessary.

8/18/2019 Rais12 SM CH05

19/36


5. A( au)$tor "ou() that Re(t=A=Wre# a(agee(t )oe! (ot a+&ay! #o,+y &$th $t!

!tate) ,o+$#y that !ea+e) '$)! 'e u!e) to !e++ o'!o+ete #ar!. Re#or)! $()$#ate) that!e%era+ %eh$#+e! &$th re#e(t aor re,a$r! &ere !o+) at (egot$ate) ,r$#e!. Ma(agee(t

%$gorou!+y a!!ure) the au)$tor that ,er"or$(g +$$te) re,a$r! a() (egot$at$(g &$th

(o&+e)gea'+e 'uyer! re!u+te) $( 'etter !a+e! ,r$#e! tha( the !ea+e)='$) ,ro#e)ure!.

Further $(%e!t$gat$o( re%ea+e) that the %eh$#+e! &ere !o+) to e,+oyee! at ,r$#e! &e++

'e+o& aret %a+ue. Three a(ager! a() "$%e other e,+oyee! ,+ea)e) gu$+ty to

#r$$(a+ #harge! a() a)e re!t$tut$o(. Adapted from the (IA #>amination

a.

8/18/2019 Rais12 SM CH05

20/36


5.7 A 'a( au)$tor et &$th the !e($or o,erat$o(! a(ager to )$!#u!! a #u!toer@!

#o,+a$(t that a( auto +oa( ,aye(t &a! (ot #re)$te) o( t$e. The #u!toer !a$) the

,aye(t &a! a)e o( May 54 $t! )ue )ate4 at a te++er@! &$()o& u!$(g a #he# )ra&(

o( a( a##ou(t $( the 'a(. O( May 134 &he( the #u!toer #a++e) "or a +oa( ,ay=o""

'a+a(#e !o he #ou+) !e++ the #ar4 he +ear(e) that the ,aye(t ha) (ot 'ee( #re)$te) to

the +oa(. O( May 14 the #u!toer &e(t to the 'a( to $(*u$re a'out the ,aye(t

a() eet &$th the a(ager. The a(ager !a$) the ,aye(t ha) 'ee( a)e o( May

11. The #u!toer &a! !at$!"$e) 'e#au!e (o +ate #harge &ou+) ha%e 'ee( a!!e!!e) u(t$+

May 15. The a(ager a!e) &hether the au)$tor &a! #o"orta'+e &$th th$! !$tuat$o(.

The au)$tor +o#ate) the #u!toer@! ,a$) #he# a() "ou() that $t ha) #+eare) o( May

5. The au)$tor tra#e) the $te 'a# through the #o,uter re#or)! a() "ou() that

the te++er ha) ,ro#e!!e) the #he# a! 'e$(g #a!he). The au)$tor tra#e) the ,aye(t

through the e(try re#or)! o" May 11 a() "ou() that the ,aye(t ha) 'ee( a)e &$th

#a!h $(!tea) o" a #he#.

What ty,e o" e'e66+ee(t !#hee )oe! th$! a,,ear to 'e4 a() ho& )oe! that !#hee

o,erate- Adapted from the CIA Examination

The circumstances are symptomatic of lapping, which is a common form of embe22lement by lower4level employees in positions that handle cash receipts.

In a lapping scheme, the perpetrator steals cash, such as a payment on accounts receivable by customer A. unds received at a later date from customer 6 are used to pay offcustomer A=s balance. #ven later, funds from customer ( are used to pay off 6, and so

forth. Since the time between the theft of cash and the subse-uent recording of a paymentis usually short the theft can be effectively hidden. However, the cover4up must continueindefinitely unless the money is replaced, since the theft would be uncovered if the schemeis stopped

8/18/2019 Rais12 SM CH05

21/36


5. AI(A adapted

a. Pre,are a !#he)u+e !ho&$(g ho& u#h the #a!h$er e'e66+e).

6alance per 6ooks, %ovember ?5K,95.LC

Add' &utstanding (hecks %umber Amount

LC 55L.C3 5K? 53.

CKE C3?.C3KLC5 59.)5KLCC CL.K

KL?C 5E3.CK5,LC.C9

Add 6ank credit 5.

Total additions to balance per books 5,5LC.C9

Subtract' 0eposits in transit $?,)9E.E5*

6alance per bank 5L,CL9.36alance per bank $according to the bank* 53,33.Amount of theft )59.3

'. De!#r$'e ho& the #a!h$er atte,te) to h$)e the the"t.

8/18/2019 Rais12 SM CH05

22/36


5. A( a##ou(ta(t &$th the At+a(ta O+y,$# Gae! &a! #harge) &$th e'e66+$(g o%er

234333 to ,ur#ha!e a Mer#e)e!=e(6 a() to $(%e!t $( a #ert$"$#ate o" )e,o!$t. Po+$#e

a++ege) that he #reate) "$#t$t$ou! $(%o$#e! "ro t&o #o,a($e! that ha) #o(tra#t! &$th

the O+y,$# Co$ttee7 I(ter(at$o(a+ Prote#t$o( Co(!u+t$(g a()

8/18/2019 Rais12 SM CH05

23/36


• Have someone familiar with the contractors authori2e payments M someone whowould have known that the goods and services were never ordered or performed.This should be someone other than the preparer of the checkD that is, someonewithout custody or recording functions.

• +e-uire that someone other than the people with custody and authori2ation

responsibilities record the payments.

). What #o(tro+! #ou+) ha%e )ete#te) h$! "rau)-

• A bank reconciliation prepared by someone else. An &lympic (ommittee official

should have reviewed bank statements and cancelled checks.

• eriodic confirmations of invoices with vendors.

• Analytical reviews designed to detect an abnormal increase in e>penses

8/18/2019 Rais12 SM CH05

24/36


5.13

8/18/2019 Rais12 SM CH05

25/36


Wea(e!! Re#oe()at$o(

There are no controls over branch managers issuingemergency purchase orders. The branch managercan decide when an 1emergency1 e>ists and she is permitted to choose a vendor sub"ectively. Thisopens the door to fraud and errors.

A procedure for e>pediting emergencyorders should be developed for the purchasing department that containsappropriate controls.

Invoices are paid without agreeing them to purchase orders and receiving reports. /aking payments without this comparison could result in payments for goods that were not ordered or thatwere not received.

+e-uire proper authori2ations andverification documentation $agreementof invoices, purchase orders, andreceiving report* prior to payment.

There is no supporting documentation attached tothe checks when they are forwarded to the treasurer for payment.

(hecks sent to the Treasurer forsignature should be accompanied by alloriginal supporting documents $invoice, purchase order and receiving report* sothe Treasurer can verify that the

payment is valid and appropriate.The supporting documents are not canceled after payment, allowing the possibility of a second payment of the same invoice.

The invoices and other supportingdocuments should be canceled after thechecks are signed.

8/18/2019 Rais12 SM CH05

26/36


. De!#r$'e three &ay! a(agee(t $("orat$o( #ou+) 'e )$!torte) a()

re#oe() $,ro%ee(t! to #orre#t the!e &ea(e!!e!.

Wea(e!! Re#oe()at$o(

5. (ash balances are distorted when checks aredrawn when due but are not mailed until sufficientcash is available. (ash management will also beaffected by inaccurate due dates, lack of procedures for taking vendor discounts, and

inaccurate information for #&F calculations.

(hecks should be drawn only when cashis available and mailed immediately.rocedures should be established fortaking advantage of vendor discountswhen appropriate.

C. Accounts payable information is distorted bydrawing checks and then holding them for future payment, by entering invoices without supportingdocumentation, and by inaccurate receivingdocumentation.

Invoices should not be entered into thesystem until matched with supportingdocuments, and receiving documentsshould be matched against original purchase orders.

?. Inventory balances are likely to be misstated because of no physical counts.

eriodically count inventory andreconcile the counts to inventory records.

E. (alculating due dates by hand and using theinvoice date instead of the date the goods arereceived could lead to inaccurate due dates thatcould damage vendor relations.

The system should calculate due datesfrom the date goods are received, not based on the date they are invoiced.

The lack of control over emergency orders coulddistort inventory balances and cause duplicate purchases.

Implement appropriate controls to prevent duplicate purchases, such asimmediate entry of emergency orders sothe system has a record of them.

. I)e(t$"y a() e0,+a$( three !tre(gth! $(

8/18/2019 Rais12 SM CH05

27/36


5.11 The A!!o#$at$o( o" Cert$"$e) Frau) E0a$(er! ,er$o)$#a++y ,re,are! a( art$#+e #a++e)

8What I! /our Frau) IQ-9 It #o(!$!t! o" 13 or ore u+t$,+e #ho$#e *ue!t$o(! )ea+$(g&$th %ar$ou! a!,e#t! o" "rau). The a(!&er!4 a! &e++ a! a( e0,+a(at$o( o" ea#h a(!&er4

are ,ro%$)e) at the e() o" the art$#+e. $!$t the Journal of Accountancy !$te

>htt,7&&&.our(a+o"a##ou(ta(#y.#o? a() !ear#h "or the art$#+e!. Rea) a() a(!&er

the *ue!t$o(! $( three o" the!e art$#+e!4 a() the( #he# your a(!&er!.

There should be 3 or L of these articles on the Gournal of Accountancy web site. %osolution is provided here as the solutions are at the end of each article. /ost -uestions arethought provoking and the answers informative.

5.1 E0,+ore the A(t$=Frau) a() Fore(!$# A##ou(t$(g ,ort$o( o" the AICPA We' !$te

>htt,7&&&.a$#,a.orgINTERESTAREASFORENSICANDApose the students to the websitecontents. The author grades the report on a passfail basis based on whether the studentgave an honest effort in e>ploring the site and writing up the report.

8/18/2019 Rais12 SM CH05

28/36


SUGGESTED ANSWERS TO THE CASES

5.1 1. Ho& )oe! M$++er "$t the ,ro"$+e o" the a%erage "rau) ,er,etrator-

• @ike many fraud perpetrators, 0avid /iller was not much different than the

general public in terms of education, values, religion, marriage, and psychologicalmakeup.

• @ike /iller, many white4collar criminals are regarded as ideal employees until

they are caught. @ike him, they are dedicated and work long hours.

•He was well respected, occupied a position of trust, and was viewed as an honest,upstanding citi2en.

• /ost fraud perpetrators spend all that they steal. ew invest it. /iller was no

e>ception.

Ho& )oe! he )$""er-

/iller was not disgruntled and unhappy, nor was he seeking to get even with his

employer.• Though 0avid /iller was never convicted of fraud, he was involved in a number

of schemes. In contrast, most fraud perpetrators are first time offenders.

Ho& )$) the!e #hara#ter$!t$#! ae h$ )$""$#u+t to )ete#t-

It is often difficult to detect fraud perpetrators because they possess few

characteristics that distinguish them from the public. /ost white4collar criminals aretalented, intelligent, and well educated. /any are regarded as the ideal employee thatoccupies a position of trust, is dedicated, and works hard for the company. They areotherwise honest, upstanding citi2ens that have usually never committed any other

8/18/2019 Rais12 SM CH05

29/36


C. To avoid detection, the perpetrator must #o(#ea+ the crime. erpetrators must

keep the accounting e-uation in balance by inflating other assets or decreasingliabilities or e-uity. (oncealment often takes more effort and time and leaves behind more evidence than the theft or misrepresentation. Taking cash re-uiresonly a few secondsD altering records to hide the theft is more challenging andtime4consuming.

To conceal the theft, /iller retrieved the canceled check from the bankreconciliation and destroyed it. The amount stolen was then charged to ane>pense account of one of the units to balance the company=s books. /iller wasable to work himself into a position of trust and influence. 6ecause he occupiedthis position his actions were not -uestioned and he was able to subvert some ofthe internal controls intended to prevent the type of actions he was able to take.

?. The perpetrator must #o(%ert the stolen asset into some form usable by the perpetrator if the theft is of an asset other than cash. or e>ample, stolen

inventory and e-uipment must be sold or otherwise converted into cash. Infinancial statement fraud, the conversion is more indirect, such as in undeserved pay raises, promotions, more stock options, etc.

/iller was able to convert the check to cash by writing himself checks anddepositing them in his personal account.

. What ,re!!ure! ot$%ate) M$++er to e'e66+e- Ho& )$) M$++er rat$o(a+$6e h$!

a#t$o(!-

/otivation. After 0avid /iller had undergone therapy, he believed his problem withcompulsive embe22lement was an illness "ust like alcoholism or compulsive

8/18/2019 Rais12 SM CH05

30/36


;. M$++er ha) a "rae) T=!h$rt $( h$! o""$#e that !a$)4 8He &ho )$e! &$th the o!t

toy! &$(!.9 What )oe! th$! te++ you a'out M$++er- What +$"e!ty+e re) "+ag! #ou+)

ha%e t$,,e) o"" the #o,a(y to the ,o!!$'$+$ty o" "rau)-

/iller=s life seemed to be centered on financial gain and the accumulation of materialgoods or, as the -uote says, 1toys.1 Such gain, he felt, would lead to prestige andrecognition among his friends in the business community.

The wealth and e>travagant spending in relation to /iller=s salary was the primary redflag that most companies never -uestioned. (onsider that on his 5?, a yearsalary he was able to afford two /ercedes46en2 sedansD a lavish suburban houseD acondominium at /yrtle beachD e>pensive suitsD tailored and monogrammed shirtsDdiamond, sapphire, ruby, and emerald rings for his wifeD and a new car for his father4in4law.

3. Why )o #o,a($e! he!$tate to ,ro!e#ute &h$te=#o++ar #r$$(a+!-

•

%egative publicity. (ompanies are reluctant to prosecute fraud because of thefinancial damage that could result from negative publicity. A highly visible fraudis a public relations disaster. The company could lose a lot of business due to theadverse publicity.

• #>poses system weaknesses. +eporting and prosecuting fraud may reveal

vulnerabilities in a company=s system. This could attract even more acts of fraud.

• (oncern for the perpetrator=s family. If an employee is willing to makeretribution, companies may not press charges to protect the employeeBs family andreputation.

8/18/2019 Rais12 SM CH05

31/36


• @ack of e>pertise. /any law enforcement officers, lawyers, and "udges lack the

skills necessary to investigate, prosecute and evaluate fraud, especially computerfraud.

• @ight sentences. ;hen fraud cases are prosecuted and a conviction is obtained,

the sentences received are sometimes very light. This discourages prosecution.

What are the #o(!e*ue(#e! o" (ot ,ro!e#ut$(g-

;hen fraud is not prosecuted, it sends a message to employees and to the public thatenforcing laws is not important to the company. A reputation for being 1soft1 on fraudmay result in the companies becoming increasingly vulnerable to additional fraud.

ailure to report and prosecute a fraud also means that the perpetrator goes free andcan repeat his or her actions at another company, as 0avid /iller did. If the perpetrator does not have to pay the conse-uences of his actions, she is more likely to

repeat them because she 1got away with it1 and was not punished.

Ho& #ou+) +a& e("or#ee(t o""$#$a+! e(#ourage ore ,ro!e#ut$o(-

To encourage more fraud prosecution, law enforcement officials must take actions tosolve each of the problems mentioned above. In addition, they must encourage moreeffective reporting of such crimes. The public should be educated to recogni2e andreport fraud as a serious offense.

L. What #ou+) the %$#t$$6e) #o,a($e! ha%e )o(e to ,re%e(t M$++er@!e'e66+ee(t-

8/18/2019 Rais12 SM CH05

32/36


5.

1. F$gure 5=; !ho&! the e,+oyee! a() e0ter(a+ ,art$e! that )ea+ &$th He$r+oo. E0,+a$( ho& He$r+oo #ou+) )e"rau) the

'a( a() ho& ea#h $(ter(a+ a() e0ter(a+ ,arty e0#e,t the 'a( #ou+) )e"rau) He$r+oo.

. What r$! "a#tor4 u(u!ua+ $te4 or a'(ora+$ty &ou+) a+ert you to ea#h "rau)-. What #o(tro+ &ea(e!!e! ae ea#h "rau) ,o!!$'+e-

;. Re#oe() o(e or ore #o(tro+! to ,re%e(t or )ete#t ea#h ea(! o" #o$tt$(g "rau).

There are many ways to perpetrate fraud. Some of the more easily recogni2able ways are the following'

5. ;ays to (ommit raud C. Indication Something is ;rong ?.;eaknesses Allowingraud

E.(ontrols to /inimi2e raud

+eceivables employees could

1. Stea+ #a!h re#e$,t! 'y +a,,$(g.ayments are made by sending in acoupon and a C3 payment. Any ofthe three receivables employeescould pocket the payment, save thecoupon, put a subse-uent paymentwith the 7saved8 coupon, and runthe payment through the system.

. Stea+ #a!h re#e$,t! a() a++o&

a##ou(t! to 'e &r$tte( o"".It is difficult to collect from somecustomers because they only have a& 6o> address and do not have a phone. +eceivables employeescould steal cash receipts from thesecustomers each month and allow theaccounts to be written off.

@ag between customer paymentsand the posting of the payments.

If the appropriate controls are in place, customers listed on the pre4listing of cash would not matchthe names on the bank deposit orthose credited for payment on thesame day.

Increase in the number ofaccounts written off.

If the perpetrator did not getgreedy, this might not be easilydetected since ?34E! ofaccounts are defaulted on already.#ven a slow steady increase inthe number of defaulting4due4to4fraud customers might not beeasily detected.

%o separation ofduties between cash

receipts, postingreceivables, and preparing bankdeposit.

%o independentchecks on performance.

%o monthly

statements.

%o work or familysecondary addressesand phone numbers.

Separate custody of cash $opening cashreceipts* from recording $posting payments to

receivables records*.

Have C people open all cash receipts and prepare a pre4listing of cash receipts.

(ompare customer names on the pre4listing tocustomer names on the receivables posting andthe bank deposits.

Send monthly statements.

6ank financing, credit card payments, orautomatic withdrawals from checking orsavings accounts.Involve sales agent in tracking down customersthat cannot be reached before writing them off.

34?C

8/18/2019 Rais12 SM CH05

33/36


(ustomer complaints.

Sales agents could

. Fa+!$"y !a+e! to rea#h a(

$(#e(t$%e +e%e+. Agents can bookfictitious contracts, pay with amoney order, send correspondenceto a & 6o> they control, and let thecontract default with no more payments. An agent selling K5contracts can break even byfalsifying C sales. $C3 down 4

5C3 commission P C3 cost.C3 bonus 5C3 cost P Ccontracts*An agent selling 535 contracts can break even on 3 sales.

;. De"er yeare() !a+e!

Sales that will not -ualify for a newincentive level could be held and putin ne>t yearBs sales.

Abnormally large number of sales

"ust before year end, combinedwith agent barely reaching anincentive level

Increase in the number ofaccounts written off, especiallyfor agents barely reaching anincentive level.


ew and steep

incentive levels thatmotivate unwanted behavior .

Inability to effectivelyfollow 4up oncollections $addressesand phone numbers*.See QC

(ustomer credit notchecked.

Address and phonenumbers not verified.

/ore graduated incentives that do not provide

such strong incentives.

6ase sales incentives on customer collections,not on original sales.

Analysis of 0ecember sales for sales agentswho barely reach an incentive level, especiallyon last day or two of the year.

Analysis of default rates per sales agent for

those who barely reach an incentive level,especially on last day or two of the year.

(heck customer credit, addresses, and phonenumbers.

Sales agents could

5. Stea+ ,art o" a #u!toer@!

,aye(t. An agent could send inC3 of a 9 sale and pocket thedifference. The agent could thenmake payments for a while and letthe contract lapse. %ot a big risk as

0ecrease in the number ofcustomers paying the 9, whichwill be hard to detect since, sofew use that option.


0o most customers finance

hotographers donBtverify if customers arecurrent before asitting, so C3 is asgood as 9.

(ustomers donBt sign,initial photography

+e-uire photographers to verify that customersare current before each sitting.

+e-uire customers to sign photography planorder forms and initial the amount paid andfinancing arrangements.

34??

8/18/2019 Rais12 SM CH05

34/36

8/18/2019 Rais12 SM CH05

35/36


taken. purchase. for customers that are no longer current.

0o credit checks on all potential customers.

. Photogra,her! #ou+) !e() $(u(u!e) #ou,o(! or "ae #ou,o(!. hotographers have e>clusive rightsto customers in their specified areas.They could encourage customers toleave the coupons at the photostudio so they are not lost ormisplaced. If a customer did notcome in during the L4month period,the photographer could submit his

unused coupon.

If the coupon book is not left forsafekeeping, the photographer couldscan a coupon, change the name to acustomer who did not use theircoupon, print it, and send it in.

Abnormally high rate ofcustomers using their coupons

(oupons that do not lookauthentic.


hotographers givenan e>clusive area.

(ustomers not signingcoupons or otherwiseverifying they had asitting.

hotographers couldsend in coupons for

non4current customersas they are notre-uired to verify ifcustomers are current before a sitting. %ordoes the companyverify that submittedcoupons are for acurrent customer.

re4number coupons.

Have a code on the coupon that the photographer has to call in to the company $orenter on a website* before authori2ation isgranted to take the photo.

or each photographer, analy2e what percent of customers use their coupons looking forabnormally high usage rates.

+e-uire photographers to verify that customersare current before each sitting.

0o not pay for customers that are no longercurrent.

. He$r+oo #a( )e"rau) the 'a(

'y $!!tat$(g the a0$uaou(t He$r+oo #a( 'orro&.

%otes payable are in the borrowing base until they are L days overdue.To ma>imi2e that base, Heirloomcould lap customer payments. Theycould take a monthly payment on acurrent account and apply it to an

Abnormally high number of

customers ?4L days overdue.

6ank does not verify

data from Heirloom.

Analysis of the list, such as

•

An increase in the number or percentage ofaccounts on the list submitted to the bankwith no comparable increase in sales.

• (omparison of monthly lists to see if the same

names appear month after month.

34?3

8/18/2019 Rais12 SM CH05

36/36


account that is "ust about to go Ldays overdue. The inflated listcould be used to support a higher

than "ustified loan.13. He$r+oo #a( )e"rau) the

'a( 'y $!!tat$(g $t! "$(a(#$a+

!tatee(t! $( a(y &ay!. ore>ample'4 nderstating its allowance and bad

debt e>pense $not writing offuncollectible receivables and low4 balling the bad debt e>pense*.

4 (reating fictitious sales and notes

receivables.4 Intentionally under or over statingthe sales commission estimates.

nusual decrease in theallowance or bad debt amounts.

Sales increase without acomparable increase inreceivablesD inventoryD cost ofgoods soldD and applicablee>penses such as photographerand album e>penses, embossing

and shipping, and commissions.

Sales commissions out of linewith those of the industry or pastyears.

There is no mention of an e>ternal audit byindependent (As.

An e>ternal, independent audit.

inancial statement analysis, such as

• Analysis of bad debt to sales and allowance to

sales ratios to see if they are below those of past years and those of comparable customersin the same industry.

• Analysis of sales ratios, comparing sales to

receivablesD inventoryD gross margin, cost of

goods soldD and applicable e>penses such asalbum and photographer e>penses, embossingand shipping, and commissions.

34?L

rais12 sm ch05

Documents