Tag Archives: fraud hotlines

Fraudsters, All Too Human

Posted by on April 23, 2019 Comments Off on Fraudsters, All Too Human

Our certified Chapter members often get questions from clients and employers related to why a fraudster who’s victimized them did what he or she did. Examiners with the most experience in the process of interviewing those later convicted of fraud comment again and again about the usefulness to their overall investigation of a basic understanding of the fraudster’s basic mind set. Such knowledge can aid the examiner in narrowing down the preliminary pool of suspects, and, most importantly, assist in gaining an admission in a subsequent admissions seeking interview. ACFE experts regard fraud (and the process of interviewing) primarily as human constructs, and especially within the content of the interview process, to be able to tie in the pressure that the individual might have been under (as they perceived it) to the interview process; to understand that individual with regard to their rationalization as they were able to affect it, significantly increases the possibility of getting the compliance and cooperation that the examiner wants from the interviewee.

During your investigation, it’s important to remember that people do things for a reason. The fraud examiner might not understand the reasons a fraudster commits his or her crime, but the motivations certainly make sense to the perpetrator. For example, a perpetrator might commit fraud because her life has spiraled out of control, although it might not be out of control under a objective, reasonable person’s definition. But in the perpetrator’s view, her life has become so problematic that fraud is the only way she can see to restore balance. And during the fraud examination, if the examiner can get the suspected perpetrator to talk about the lack of control in her life, the examiner can often use this information to compel the fraudster to admit guilt and provide valuable insight into ways that similar frauds might be prevented in the future.

As a continuation of this line of thought, the examiner should consider possible human motives when examining evidence. Motive is the power that prompts a person to act. Motive, however, should not be confused with intent, which refers to the state of mind of the accused when performing the act. Motive, unlike intent, is not an essential element of crime, and criminal law generally treats a person’s motive as irrelevant in determining guilt or innocence. Even so, motive is relevant for other purposes. It can help identify the perpetrator; it will often guide the examiner to the proper rationalization; it further incriminates the accused, and it can be helpful in ensuring successful prosecution.

The examiner should search relevant documents to determine a possible motive. For example, if a fraud examiner has evidence in the form of a paycheck written to a ghost employee, she might suspect a payroll employee who recently complained about not receiving a raise in the past two years. Although such information doesn’t mean that the payroll employee committed fraud, the possible motive can guide the examiner.

ACFE experts also agree that interviewers should seek to understand the possible motives of the various suspects they encounter during an examination. To do this, interviewers should suspend their own value system. This will better position the interviewer to persuade the suspect(s) to reveal information providing insight into what might have pressured or motivated them and how they might have rationalized their actions. In an interview situation, the examiner should not suggest reasons for the crime. Instead, the examiner should let the individual share his motivations, even if the suspect reveals her motivations in an indirect manner. So when conducting an interview with a suspect, the interviewer should begin by asking questions about the standard procedures and the actual practice of the operations at issue. This is necessary to gain an understanding of the way the relevant process is intended to work as opposed to how it actually works. Additionally, asking such basic questions early in the interview will help the interviewer observe the interviewee’s normal behavior so that the interviewer can notice any changes in the subject’s mannerisms and word choice.

Always remember that there are times when rational people behave irrationally. This is important in the interview process because it will help humanize the misconduct. As indicated above, unless the perpetrator has a mental or emotional disorder, it is acceptable to expect that the perpetrator committed the fraud for a reason. Situational fraudsters (those who rationalize their right to an illegal enrichment and perpetrate fraud when the opportunity arises) do not tend to view themselves as criminals. In contrast to deviant fraudsters, who are more proactive than situational fraudsters and who are always on the alert for opportunities to commit fraud, situational fraudsters rationalize their crimes. Situational fraudsters feel that they need to commit fraud to regain control over their lives. Thus, an interviewer will be more likely to obtain a confession from a situational fraudster if she can genuinely communicate that she understands how anyone under similar circumstances might commit such a crime. Genuineness, however, is key. If the fraudster in any way detects that the interviewer is presenting a trap, he generally will not make any admission of wrongdoing.

So, in your examinations, never lose sight of the human element; that by definition, fraud involves human deception for personal gain. Why do people deceive to get what they want, or in some cases, what they need? Most humans commit deceptive acts to protect themselves from various consequences of the truth. Avoiding punishment is the most common reason for deception, but there are other reasons, including to protect another person, to win the admiration or respect of others, to avoid embarrassment, enjoy the thrill of accomplishment and to avoid hard work to achieve goals. When people feel that their self-security is threatened, they might resort to deception to preserve their image. Further, people can become so engaged in managing how others perceive them that they become unable to separate the truth from fiction in their own minds.

The ability to sympathetically cast oneself into the human situation of others is one of the most valuable skills that a fraud examiner can have in our efforts to determine the truth.

Inventory of Fraud

Posted by on November 26, 2018 Comments Off on Inventory of Fraud
One of the first frauds I worked on early in my career was a scheme by management to overstate the periodic inventory of the Prison Industries system of a state Department of Corrections.   In that case the manipulation was carried out by creating false inventory counts and altering records after the physical count.

What made this an especially interesting case of management fraud were the various reasons that the audit report subsequently revealed why accounting management had decided to overstate the inventory:

• To overstate the income of Prison Industries.
• To achieve internally projected goals.
• To increase Prison Industry’s perceived value in the eyes of  the State government administration.
• To meet Department of Corrections stiff goals for Prison Industry management.
• To hide poor operational performance.
• To enhance the perceived performance of individual members of management.
• To hide the theft of some inventory.

These reasons are in contrast to fraudster goals if a fraud scheme’s overall objective is to show reduced inventory:

• To reduce income.
• The entity has achieved its goals and wants to show reduced results for the reporting period.
• To reduce the overall value of the business or enterprise.
• A new management team is in place and wants to defer reporting additional performance to the future.

Such inventory counting related schemes are likely to occur with inventory components perceived to be less likely of being counted or in conjunction with a planned reason for the false count. The hope is that any examiner/auditor will view the false count as an error versus an intentional plan to misstate the inventory. Therefore, the examiner needs to ensure that management has no record of the test counts. Certain types of inventory counts are more susceptible to being false, such as:

• Periodic Inventory. This particular inventory is susceptible to false counting because the auditor has no inventory reports to determine what the inventory should have been prior to the count.
• Perpetual Inventory. Variances or in-transit items are often used as an explanation for any deviations.
• Multiple Inventory locations. The non-tested sites are susceptible to false counts because the auditor is not performing procedures at those locations. Management may also use other scams in conjunction with the false-count fraud schemes.

As every accounting student knows, inventory is tangible property that either (1) is held for sale in the ordinary course of business (finished goods); (2) is in the process of production for such sale (work in process); or (3) is currently consumed either directly or indirectly in the production of goods or services available for sale (raw materials). The primary basis of accounting for inventory is cost. By definition, inventory excludes long-term assets subject to depreciation accounting.

The inventory records at Prison Industries were complex. Inventory was constantly being transferred between manufacturing processes, was often dispensed in several locations across the state’s correctional system, and normally comprised a significantly large amount of items. For these reasons, as well as the variety of decisions made about direct valuations, inventory was an appealing place for management to decide to commit financial statement fraud, in this case by manipulating and altering the physical inventory count.

Inventory falsification occurred at Prison Industries when the entity showed inventory on its financial statements that both did not exist and was improperly valued;  the two methods were  used simultaneously.  Techniques used to inflate the value of inventory included the creation of false documents, such as inventory count sheets, receiving reports, and manipulation of the actual physical inventory. During the fraud, it was common for management to insert phony inventory count sheets during the inventory observation or to alter the quantities on the count sheets. There where instances where management created the illusion that inventory existed with the help of phony inventory items. Simply put, some items of inventory that appeared real on paper were actually fake.

The fraud examination was originated as a result of predication provided by a Hot Line tip and featured the application of a number of procedures. Interviews were conducted with management and personnel. Questions asked included the following to determine whether the inventory represented by management actually existed and whether it was properly valued:

– Do the inventories included in the Prison Industries balance sheet physically exist?
– Does the inventory represent items held for use in the ordinary course of production?
– Do inventory quantities include all items on hand or in transit?
– Are inventory listings accurately compiled and are they properly included in the inventory accounts?
– Does the State have legal title or ownership rights to the inventory items?
– Does the inventory exclude items billed to customers or owned by others?
– Are inventory costs the result of an acceptable method consistently applied?
– Are inventories properly classified in the balance sheet and are the related disclosures adequate?

The examiners calculated the inventory turnover ratio. The inventory turnover ratio measures how fast inventory was moving through the entity. If the inventory is inflated, then the average inventory balance will be overstated, causing the inventory turnover ratio to decline. The  inventory turnover ratio was compared with the results from prior years and with industry averages for reasonableness.

Price tests were performed. A fraud examiner must determine whether the pricing of the inventory is reasonable. Price testing employs vouching, tracing, and re-computation procedures to test the auditee’s  pricing of its inventory. An examiner should test the application of prices by vouching items to vendors’ invoices and to cost accounting records to verify that the inventory is properly priced. For example, an examiner selects from the inventory detail item L243, classified as a raw material. According to the company’s records as of the balance sheet date, there are twenty L243s at $120 apiece. The examiner reviews the last invoice representing the purchase of L243s and discovers that the company purchased the L243s at $60 apiece. This price discrepancy is a sign that management might be trying to inflate the value of its inventory. Vendors’ invoices should also be traced to the books to confirm proper price recording. Examiners should recompute the quantities indicated on-hand by the observation with vendor prices to determine that the inventory, balances on the balance sheet are correct.

Following the fraud examination inventory was re-performed. The physical inventory was re-performed to ensure that the enterprise’s application of corrective action to methods for counting inventory would result in an accurate and reliable count in future. The re-examination of physical inventory included observation, as well as inquiries and physical examination (i.e., test counts). It is important to remember that management is responsible for the propriety of the inventory. The examiner observed the re-taking of the inventory to satisfy his/her reliance on management’s representations of the quantities and prices.

Cut off tests were performed. A cut-off test is a procedure to control the shipping and receiving activities at the physical inventory date. For the time of the physical inventory, the examiner  noted the numbers of the last pre-numbered shipping and receiving documents because purchases of inventory often are recorded when received and sales recorded when shipped. Identifying the document numbers helped the examiner determine whether the inventory was properly or improperly included or excluded from the inventory counts. For instance, if management indicated that the last shipping document for 1991 was #2500, then the examiner would assume that #2501 was shipped in January 1992. If, upon review of shipping document #2501, the examiner notices that the inventory was shipped in 1991, then there is the possibility that management is inflating the quantity and value of the company’s inventory at year-end. Therefore, inquiry and further testing are warranted. These cut-off numbers are often used in conjunction with the cut-off test used in accounts receivable and accounts payable testing. If cut-off procedures appear unclear or indicate possible inclusions in inventory of goods sold, then cut-off tests should be expanded.

There are several other audit procedures that can be used in detecting inventory fraud scenarios. These include:

• Reviewing the statement of cash flows and asking whether the increases and decreases in cash make sense in relation to the inventory account balances and changes.
• Computing the inventory turnover ratio and days-to-sell ratio. Do these ratios make sense in relation to what the auditor has verified regarding the physical aspects of the inventory?
• Computing the percentage of gross profit and the related percentage of the cost of goods sold, and then the trend to look for understatement of the cost of goods sold percentage.
• Ensuring there is a consistent use of the inventory cost flow assumption. For example, the use of first-in-first out (FIFO) gives a higher net income in an inflationary environment.

It was the large number of items comprising the inventory that made it an attractive target for fraudulent manipulation at Prison Industries. Theft and misuse are the actions of choice when it comes to inventory fraud. The rationale typically Is: “Who is going to miss a few hundred widgets in an inventory of thousands, perhaps millions?” The size of inventory as a percentage of the amount of total assets also makes it an easy target for management-initiated financial reporting misstatement. Having the possibility of two types of fraudulent acts ganging up on inventories at the same time, the CFE doesn’t want to waste time going down the wrong path, so it’s very important to determine which fraudulent act is likely occurring.

Any discussion of fraud likelihood involves the concepts of concealment, conversion, and opportunity. So, in addition to “how” the Inventory fraud took place, other questions need to be addressed, such as: How sophisticated is the concealment strategy? Who has the most benefit to gain by the theft, misuse, or misstatement of the inventories? Who has and where are the opportunities to divert/misstate inventories? These are the questions that need to be answered by the CFE/auditor, and fortunately, the tools and guidance are available from the ACFE to achieve the right answers when faced with almost any pattern of inventory fraud.

Whistle & Fish

Posted by on September 10, 2018 Comments Off on Whistle & Fish

Every CFE and forensic accountant in practice encounters companies that operate outside accounting rules and tax laws. Blowing the whistle on such companies can be risky for the employee whistleblower; we all know that doing so often results in tipsters losing their jobs and reputations and facing limited future career prospects. Yet, on every side such employees are exhorted to offer the information they do to uncover fraud.

The whistleblower programs set up by U.S. government agencies are of particular interest to our Chapter members, practicing as they do in such close proximity to Washington D.C., and to those practicing in and around Richmond, the seat of government of the Commonwealth of Virginia. State and Federal entities encourage these tips by offering hot-lines and whistleblower awards programs that pay monetary awards to tipsters if their information leads to successful enforcement and to collection of money from a violator.

The two most important of these programs likely to be encountered by our Central Virginia Chapter members are the whistleblower rewards programs of the Internal Revenue Service (IRS) and the Security and Exchange Commission (SEC). The IRS program, which began 140 years ago, authorizes the Department of the Treasury to pay amounts to individuals who provide information that allow the IRS to detect, bring to trial and punish those guilty of violating internal revenue laws. A 2006 amendment created the current IRS whistleblower program, which mandates that the government pay whistleblowers awards based on the size of the taxes collected as a result of their tips.

The seminal U.S. Federal Claims Act, enacted in 1863, allows whistleblowers a portion of reclaimed money when defendants are found guilty of defrauding the federal government. The Commodities Futures Trading Commission has also recently established a whistleblower program. As I’m sure most of you remember, in 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act established the SEC’S whistleblower awards program. The program seeks to encourage high-quality tips about securities violations with its monetary awards supplemented by protections from retaliation.

The IRS created the whistleblower awards program, codified in IRC 7623(a), to close the tax gap and fight tax fraud more aggressively. In this original program, the maximum award was 15 percent of collected taxes, penalties and other amounts not to exceed $10 million, but the decision whether to make an award at all was wholly within the IRS’ discretion. When the courts considered attempts to challenge award decisions under this law, they uniformly found that the discretion to make or not make an award is essentially not reviewable. In other words, the courts decided the IRS has the right to make an award or not, and the whistleblower can’t appeal that decision.

The Tax Relief and Health Care Act of 2006, which made major changes to the IRS awards program, mandated that the IRS pay out a substantial award whenever a whistleblower’s information leads to the collection of tax, interest and penalties based on disputes in excess of $2 million. The new section, IRC 7623(b), was intended to create strong incentives to bolster insider reporting of tax violations for claims enacted after Dec. 20, 2006. The awards are now mandatory rather than discretionary; and they range from 15 percent to 30 percent of monies collected with no cap on the dollar amount of the award. With some exceptions, a whistleblower may collect an award even if convicted of a felony.

Whistleblowers are eligible for awards based on additions to tax, penalties, interest, and other amounts collected as a result of any administrative or judicial action resulting from the information provided. The 2006 amendment added whistleblower appeal rights to the U.S. Tax Court. To implement the law, the IRS was also required to create a Whistleblower Office that reports to the IRS commissioner. Submissions that don’t qualify under the new section IRC 7623(b) (usually because the disputes are for less than $2 million) are processed under the original IRC 7623(a). The IRS will continue to consider these cases, but the award is at the discretion of the agency, and there’s no requirement that an award be issued. These whistleblowers have no minimum statutory award percentage and no appeal provision.

The Dodd-Frank bill was partly a response to financial debacles such as the Madoff fraud and widespread mortgage frauds. Many criticized the SEC for its inaction to the causative circumstances that led to the Great Recession, although it definitely wasn’t alone in its failure to uncover and stop massive frauds. The SEC had an awards program before Dodd-Frank, but it wasn’t particularly effective, and it focused solely on insider trading. The new whistleblower awards program, which is much broader, encourages tips related to all kinds of securities violations from financial statement fraud to alleged Ponzi schemes.

The Dodd-Frank whistleblower program stipulates that as long as collected monetary sanctions exceed $1 million, awards are 10 percent to 30 percent of that amount. Awards are paid to individuals who voluntarily provide original information that leads to successful SEC enforcement. The award percentage is increased or decreased based on several factors including the extent of the whistleblower’s assistance.

Section 924(d) of the Dodd-Frank Act required the SEC to create a separate office within the agency to enforce the new regulation. In May 2011, the SEC adopted the Final Rules, Regulation 21F, which included prohibitions against retaliation, defined terms and established policies for submitting tips, applying for awards and filing appeals on award decisions.

In the IRS program, a whistleblower must be a “natural person”, in other words, not a corporation or other business organization. Because the claim form must be signed under penalty of perjury, the whistleblower can’t be anonymous, nor can the claim come from a representative of the whistleblower. Multiple whistleblowers can submit a joint claim, but each must sign under penalty of perjury. Similarly, in the SEC program the whistleblower must be a natural person or persons. However, the SEC whistleblower can be anonymous up to the point that the award is paid out, and he or she can be represented by an attorney or other person. IRS whistleblowers can’t be taxpayer’s representatives, employees of the Treasury Department, or employees of federal, state or local governments if they learned of the information as part of their job duties. The SEC whistleblower can’t be an auditor who learned of the issue as part of his or her duties during an audit or other engagement. The SEC whistleblower also must provide the information “voluntarily’ which means that the whistleblower can’t provide it in response to a request from regulators or law enforcement.

IRS claims must include the tax violator’s name and address, date of birth, Social Security number and the specific nature of the violation. If possible, it should also include the tax year(s), the dollar amounts of unreported income or erroneous deductions and supporting documentation. SEC claims must be original information about possible securities laws violations not already known to the SEC and not derived from publicly available sources. Even though the whistleblower employee might have first reported the information to his or her company’s internal hotline process, the SEC will still consider the information to be original. The content of this required information isn’t as clearly specified as in the IRS program, but it must cause the SEC to open (or expand) an investigation and bring a successful enforcement action.

The IRS protects the whistleblower’s identity as far as possible. If the whistleblower is needed as a witness in a court case, the IRS will notify the whistleblower who can then decide whether or not to proceed. The legislation that established the IRS program failed to include any protection for the whistleblower from possible retaliation. However, the alleged tax violator’s information is strictly protected, so that the whistleblower can only be told whether the case is open or closed. If the case is closed, the IRS can reveal to the whistleblower if his or her claim is payable, the amount of a payment or if a payment has been denied.

The SEC can’t disclose information that could reasonably be expected to reveal the identity of a whistleblower except if it needs to comply with law enforcement proceedings or protect investors by notifying another authority. For example, the SEC might need to notify the U.S. Department of Justice or a state attorney general or even foreign law enforcement if a criminal investigation should be opened as a result of the whistleblower’s allegations. The SEC informant must file through an attorney to remain anonymous during the process. After the SEC presents the award to the whistleblower, it will release the whistleblower’s name. Federal laws state that the whistleblower’s company can’t retaliate against the employee.

The IRS pays its awards when the proceeds are collected, and the appeals period for the taxpayer has expired. Many have said that the IRS program process is lengthy and slow. Claimants can generally expect to wait five to seven years to receive an award. While a whistleblower can’t appeal the award amount for IRC 7623(a) through the Tax Court, awards filed under the newer IRC 7623(b) are subject to appeal in the Tax Court.

The SEC will pay after the time has expired for the violator to file an appeal or after any appeals have been concluded. Then it evaluates all claims. The SEC must collect all sanctions from the violator before the SEC pays the award. A whistleblower can’t appeal an award amount but can appeal a denial.

In summary, we CFEs should inform our clients, individual and corporate, that whistleblowers can expect a long and bumpy ride to the chance, but not the promise, of monetary reward.

Bye-Bye Money

Posted by on August 13, 2017 Comments Off on Bye-Bye Money

Miranda had responsibility for preparing personnel files for new hires, approval of wages, verification of time cards, and distribution of payroll checks. She “hired” fictitious employees, faked their records, and ordered checks through the payroll system. She deposited some checks in several personal bank accounts and cashed others, endorsing all of them with the names of the fictitious employees and her own. Her company’s payroll function created a large paper trail of transactions among which were individual earnings records, W-2 tax forms, payroll deductions for taxes and insurance, and Form 941 payroll tax reports. She mailed all the W-2 forms to the same post office box.

Miranda stole $160,000 by creating some “ghosts,” usually 3 to 5 out of 112 people on the payroll and paying them an average of $650 per week for three years. Sometimes the ghosts quit and were later replaced by others. But she stole “only” about 2 percent of the payroll funds during the period.

A tip from a fellow employee received by the company hotline resulted in the engagement of Tom Hudson, CFE.  Tom’s objective was to obtain evidence of the existence and validity of payroll transactions on the control premise that different people should be responsible for hiring (preparing personnel files), approving wages, and distributing payroll checks. “Thinking like a crook” lead Tom to readily see that Miranda could put people on the payroll and obtain their checks just as the hotline caller alleged. In his test of controls Tom audited for transaction authorization and validity. In this case random sampling was less likely to work because of the small number of alleged ghosts. So, Tom looked for the obvious. He selected several weeks’ check blocks, accounted for numerical sequence (to see whether any checks had been removed), and examined canceled checks for two endorsements.

Tom reasoned that there may be no “balance” to audit for existence/occurrence, other than the accumulated total of payroll transactions, and that the total might not appear out of line with history because the tipster had indicated that the fraud was small in relation to total payroll and had been going on for years.  He decided to conduct a surprise payroll distribution, then followed up by examining prior canceled checks for the missing employees and then scan personnel files for common addresses.

Both the surprise distribution and the scan for common addresses quickly provided the names of 2 or 3 exceptions. Both led to prior canceled checks (which Miranda had not removed and the bank reconciler had not noticed), which carried Miranda’s own name as endorser. Confronted, she confessed.

The major risks in any payroll business cycle are:

•Paying fictitious “employees” (invalid transactions, employees do not exist);

• Overpaying for time or production (inaccurate transactions, improper valuation);

•Incorrect accounting for costs and expenses (incorrect classification, improper or inconsistent presentation and disclosure).

The assessment of payroll system control risk normally takes on added importance because most companies have fairly elaborate and well-controlled personnel and payroll functions. The transactions in this cycle are numerous during the year yet result in lesser amounts in balance sheet accounts at year-end. Therefore, in most routine outside auditor engagements, the review of controls, test of controls and audit of transaction details constitute the major portion of the evidence gathered for these accounts. On most annual audits, the substantive audit procedures devoted to auditing the payroll-related account balances are very limited which enhances fraud risk.

Control procedures for proper segregation of responsibilities should be in place and operating. Proper segregation involves authorization (personnel department hiring and firing, pay rate and deduction authorizations) by persons who do not have payroll preparation, paycheck distribution, or reconciliation duties. Payroll distribution (custody) is in the hands of persons who do not authorize employees’ pay rates or time, nor prepare the payroll checks. Recordkeeping is performed by payroll and cost accounting personnel who do not make authorizations or distribute pay. Combinations of two or more of the duties of authorization, payroll preparation and recordkeeping, and payroll distribution in one person, one office, or one computerized system may open the door for errors and frauds. In addition, the control system should provide for detail control checking activities.  For example: (1) periodic comparison of the payroll register to the personnel department files to check hiring authorizations and for terminated employees not deleted, (2) periodic rechecking of wage rate and deduction authorizations, (3) reconciliation of time and production paid to cost accounting calculations, (4) quarterly reconciliation of YTD earnings records with tax returns, and (5) payroll bank account reconciliation.

Payroll can amount to 40 percent or more of an organization’s total annual expenditures. Payroll taxes, Social Security, Medicare, pensions, and health insurance can add several percentage points in variable costs on top of wages. So, for every payroll dollar saved through forensic identification, bonus savings arise automatically from the on-top costs calculated on base wages. Different industries will exhibit different payroll risk profiles. For example, firms whose culture involves salaried employees who work longer hours may have a lower risk of payroll fraud and may not warrant a full forensic approach. Organizations may present greater opportunity for payroll fraud if their workforce patterns entail night shift work, variable shifts or hours, 24/7 on-call coverage, and employees who are mobile, unsupervised, or work across multiple locations. Payroll-related risks include over-claimed allowances, overused extra pay for weekend or public holiday work, fictitious overtime, vacation and sick leave taken but not deducted from leave balances, continued payment of employees who have left the organization, ghost employees arising from poor segregation of duties, and the vulnerability of data output to the bank for electronic payment, and roster dysfunction. Yet the personnel assigned to administer the complexities of payroll are often qualified by experience than by formal finance, legal, or systems training, thereby creating a competency bias over how payroll is managed. On top of that, payroll is normally shrouded in secrecy because of the inherently private nature of employee and executive pay. Underpayment errors are less probable than overpayment errors because they are more likely to be corrected when the affected employees complain; they are less likely to be discovered when employees are overpaid. These systemic biases further increase the risk of unnoticed payroll error and fraud.

Payroll data analysis can reveal individuals or entire teams who are unusually well-remunerated because team supervisors turn a blind eye to payroll malpractice, as well as low-remunerated personnel who represent excellent value to the organization. For example, it can identify the night shift worker who is paid extra for weekend or holiday work plus overtime while actually working only half the contracted hours, or workers who claim higher duty or tool allowances to which they are not entitled. In addition to providing management with new insights into payroll behaviors, which may in turn become part of ongoing management reporting, the total payroll cost distribution analysis can point forensic accountants toward urgent payroll control improvements.

The detail inside payroll and personnel databases can reveal hidden information to the forensic examiner. Who are the highest earners of overtime pay and why? Which employees gained the most from weekend and public holiday pay? Who consistently starts late? Finishes early? Who has the most sick leave? Although most employees may perform a fair day’s work, the forensic analysis may point to those who work less, sometimes considerably less, than the time for which they are paid. Joined-up query combinations to search payroll and human resources data can generate powerful insights into the organization’s worst and best outliers, which may be overlooked by the data custodians. An example of a query combination would be: employees with high sick leave + high overtime + low performance appraisal scores + negative disciplinary records. Or, reviewers could invert those factors to find the unrecognized exemplary performers.

Where predication suggests fraud concerns about identified employees, CFEs can add value by triangulating time sheet claims against external data sources such as site access biometric data, company cell phone logs, phone number caller identification, GPS data, company email, Internet usage, company motor fleet vehicle tolls, and vehicle refueling data, most of which contain useful date and time-of-day parameters.  The data buried within these databases can reveal employee behavior, including what they were doing, where they were, and who they were interacting with throughout the work day.

Common findings include:

–Employees who leave work wrongfully during their shift;
–Employees who work fewer hours and take sick time during the week to shift the workload to weekends and public holidays to maximize pay;
–Employees who use company property excessively for personal purposes during working hours;
–Employees who visit vacation destinations while on sick leave;
–Employees who take leave but whose managers do not log the paperwork, thereby not deducting leave taken and overstating leave balances;
–Employees who moonlight in businesses on the side during normal working hours, sometimes using the organization’s equipment to do so.

Well-researched and documented forensic accounting fieldwork can support management action against those who may have defrauded the organization or work teams that may be taking inappropriate advantage of the payroll system. Simultaneously, CFEs and forensic accountants, working proactively, can partner with management to recover historic costs, quantify future savings, reduce reputational and political risk, improve the organization’s anti-fraud policies, and boost the productivity and morale of employees who knew of wrongdoing but felt powerless to stop it.

Not Just the Hotline

Posted by on July 21, 2017 Comments Off on Not Just the Hotline

Prior to our Chapter’s last scheduled live training event, I was invited as a presenter to an orientation session for a group of employees serving as staff to a local government fraud, waste and abuse hotline. Anonymous communications, often called “tips,” may take various forms, including a posted letter, telephone call, fax, or e-mail. Long gone are the days when any governmental or private organization receiving such a communication would feel comfortable disregarding it. In today’s environment, such communications are almost always taken seriously, and significant efforts are made to resolve every credible allegation. By their very nature, such investigations are triggered suddenly and generally require a prompt and decisive response, even if only to establish that the allegations are unfounded or purely mischievous. The allegations may be in the form of general statements or they may be very specific, identifying names, documents, situations, transactions, or issues. From the CFE’s or forensic investigator’s perspective, no matter what form they take or how they are received, anonymous communications addressed to the client can pose challenging investigative issues in themselves whose complexity is often under-estimated.

The initiators of such tips can be motivated by a variety of factors, which range from the possibility of monetary gain (substantial monetary recovery is available to whistleblowers under the U.S. False Claims Act), to moral outrage, to genuine concern over an issue or simply from the desire of a disgruntled employee to air an issue or undermine a colleague. Adding to the complication, legislation such as Sarbanes-Oxley and the raft of on-going private and governmental scandals, the increased scrutiny of health care providers and of defense contractors have all served to raise public awareness of whistle-blower programs specifically and of the importance of anonymous reporting mechanisms in general.

With hotlines now so ubiquitous, it’s equally important for investigators to be aware that anonymous tips come in not only to formal public hotlines but in a wide variety of forms and through many channels; such communications can come addressed to various individuals and groups within the company or to outside entities, to government agencies, and even via outside news agencies. Typical recipients within the company of non-hotline tips can be expected to be legal counsel, audit committee members, senior management, department supervisors, human resources managers and the compliance or ethics officer. A tip may take the form of a typical business letter addressed to the company, an e-mail (usually from a nontraceable account), or an official internal complaint. It may also duplicate tips submitted to news agencies, competitors, web site postings, chat rooms, or government agencies. It may also be a message to an internal ethics hotline phone number. Whatever form it takes, a tip may contain allegations that, while factually correct at its core, may also include embellishments or inaccurate information, wildly emotional allegations, or poor grammar. Further, the communication structure of the tip may be disorganized, repetitive, display unprioritized thoughts and mix key issues with irrelevant matters and unsupported subjective opinions. In other cases, while the tip’s information about specific issues may not be correct, it may contain a grain of truth or may identify elements of several unrelated but potentially troubling issues.

In some situations, the allegations aired in an anonymous tip may be known within the company and labeled as rumors or gossip. Some whistle-blowers are neither gossip hounds nor disgruntled employees but, rather, frustrated employees who have tried to engage management about a problem and have gone unheard. Only then do they file a complaint by sending a letter or an e-mail or by making a phone call.  While one should never leap to a specific conclusion upon receipt of an anonymous communication, inaction is never a recommended option. One of the dangers of ignoring an anonymous tip that wasn’t initially received via the hotline is that a situation that can be satisfactorily addressed with prompt action at lower levels or locally within the organization may become elevated to higher levels or to third parties and even to regulatory bodies outside the entity because the whistle-blower believes the communication has been side-lined or shunted aside. This can have damaging consequences for an organization’s reputation and brands if the allegations become public or attract media attention and a cover-up appears to have occurred, however well-intentioned the organization may have been. Ignoring an anonymous tip also may negatively impact staff morale and motivation, if suspicions of impropriety are widespread among staff and it appears that the employer is uninterested or doing nothing to rectify the situation. Ultimately, management may leave itself open to criticism or perhaps the danger of regulatory censure or legal action by stakeholders or authorities if it cannot demonstrate that it has given due consideration to the issues raised in an anonymous communication.

Once notified by a client of the receipt of an anonymous tip, the CFE or forensic accounting investigator should obtain an understanding of all the circumstances of that receipt. While the circumstances on the surface may appear unremarkable and trivial, that information is often a key factor in determining the best approach to dealing with a tip and, more broadly, often provides clues that are helpful in other areas. Initial facts and circumstances to be established include:

• How? This refers to how the information was conveyed—for example, whether it was in a letter, phone call, or e-mail and whether the letter was handwritten or typed. Additionally, the forensic accounting investigator seeks to determine whether the message includes copies of corporate documents or references to specific documents and whether the tip is anonymous, refers to individuals, or is signed.
• When? This includes establishing the date on which the message was received by the entity, the date of the tip, and in the case of a letter, the postmark date and postmark location.
• Where? This involves establishing where the tip was sent from, be it a post office, overseas, a private residence, within the office, a sender’s fax number, or an e-mail account.
• Who? To whom was the tip sent? Was it a general reference such as “To whom it may concern”? A specific individual? A department such as the head office or internal audit? The president’s office? The press? A competitor? Sometimes an anonymous notification will indicate that another entity has been copied on the document; this requires verification. Always consider the possibility that the tip may have been sent to the auditor and/or to the U.S. Securities and Exchange Commission.
• What? This refers to understanding the allegations and organizing them by issue. Often, a tip will contain many allegations that are variations on the same issue or that link to a common issue. For this reason, it is often helpful to formally summarize in writing the tip by issues and related sub-issues. Does the information in the tip contain information that may be known only to a certain location or department? If so, that may point to a group of individuals or former employees as the source of the tip.
• Why? What is the possible motivation for the tip? Issues with misreporting financial information? Ethical decisions? Disgruntled employee? Former employee airing grievances?

For many organizations, whistle-blower communications have become almost daily phenomena. But many of the most serious allegations don’t arrive via a hotline.  This is largely because in the wake of corporate scandals, lawmakers and ethics authorities are responding to public concern by encouraging employee monitoring of corporate ethics and affording some statutory protections for whistle-blowers. Dealing with the unexpected anonymous tip that triggers a CFE conducted investigation can be a challenging matter, even for the most seasoned investigator. Objective analysis and the strategic approach taken by professionals skilled in corporate investigations can assist clients in successfully addressing issues that may have serious legal and financial implications. Protection of employees from retaliatory action and the
company’s need to decide whether and to whom to disclose information are among the many issues created by the receipt of anonymous tips.  For the CFE, the key to resolving cases of anonymous tips usually involves a detailed examination of copious amounts of data obtained from various sources such as interviews, public records searches, data mining, hard-copy document review, and electronic discovery. A careful, experience-based investigative strategy is imperative to address the circumstances surrounding the transmittal and receipt of any anonymous tip and to tackle its allegations prudently and thoroughly.