UNIT 1 - Introduction

1)Defining Fraud
ANS 1. Fraud Definition:
Fraud is intentional deception or
dishonesty carried out by one or more
individuals, often for financial gain.

2. Elements of Fraud:
The false statement must be
significant.
The person making the false statement
must know it's untrue.
There must be an intent to deceive.
The victim relies on the false
statement.
The victim experiences financial or
other harm.

3. Occupational Fraud:
This occurs when an employee breaches
trust, engaging in deceptive actions
at work and trying to keep it hidden,
leading to financial losses for the
employer.

4. Abuse:
The term "abuse" is used when the
explicit elements of fraud may not be
present.
In the workplace, abuse can include
actions like using work time for
personal activities, taking
unnecessary sick days, making personal
calls, intentionally underperforming,
using office supplies for personal
use, or not working as expected while
telecommuting.

5. Handling Abuse:
Employers might address these
situations case by case, as the
severity can vary.
Mild forms of abuse may not lead to
legal action.
In summary, fraud involves intentional
deception causing harm, occupational
fraud occurs within the workplace with
an employee violating trust, and abuse
is a term used when the elements of
fraud aren't explicitly present, often
involving less severe actions that may
be addressed by employers case by
case.

2)Anomalies versus, Fraud

ANS Detecting fraud in data analysis
is often compared to finding a needle
in a haystack because fraudulent
transactions are usually rare compared
to the overall volume of records. In
electronic records, fraudulent
activities are not the norm. On the
other hand, anomalies, which are
deviations from the expected or normal
patterns, can also be present in data
sets.

Anomalies in accounting records may

arise from inadequate procedures or
weaknesses in internal controls.
Unlike fraud, these anomalies are not
intentional deceptive activities but
rather the result of procedural or
control issues. These weaknesses tend
to be repetitive and occur frequently
in the data set. They might even
follow specific intervals, such as
recurring issues at the end of a month
or year. Understanding the business,
its practices, and procedures is
crucial in explaining and addressing
most anomalies.

In summary, fraud is the intentional

deception for gain, whereas anomalies
are irregularities that may result
from procedural or control weaknesses.
While fraud is rare, anomalies can be
more frequent and are often related to
business processes and control
deficiencies.
3) Types of Fraud
ANS Types of Fraud:
The Association of Certified Fraud
Examiners (ACFE) classifies
occupational fraud into three main
categories, each with its
subcategories:

Asset Misappropriation:
Examples include theft of cash on
hand, skimming, fraudulent
disbursements, and inventory larceny.
This category is the most common,
accounting for 87% of reported cases,
but the least costly, with a median
loss of $120,000.

Corruption:
Involves conflicts of interest,
bribery, kickbacks, and illegal
gratuities.
Corruption schemes occur in just over
one-third of reported cases, with a
median loss of $250,000.

Financial Statement Fraud:

Includes fictitious revenues,
understated revenues, and overstated
liabilities and expenses.
Financial statement fraud makes up 8%
of reported cases but causes the
greatest median loss at $1 million.

Case Study: Outsourcing Fraud:

An example from Verizon’s security
blog illustrates a unique form of
fraud where an employee outsourced his
job to a Chinese consulting firm.
Despite the employee's excellent
performance reviews, it was discovered
that he spent most of his workday on
personal matters while his job was
outsourced at a fraction of his
earnings.
Although the company did not suffer
direct financial loss, the employee
violated security policies and abused
company resources.

Globalization and New Forms of Fraud:

With globalization and internet
accessibility, new and innovative
types of fraud are emerging.
The case study highlights an employee
logging in from China while physically
present in the United States,
outsourcing his job.

Reflection on Contractor Issues:

The case raises questions about
whether the situation would be
problematic if the employee were a
contractor subcontracting work,
assuming compliance with login
procedures.
It emphasizes the complexity of
addressing issues related to
unauthorized access and abuse of
company resources.
In summary, occupational fraud
encompasses various types, with asset
misappropriation being the most
common, corruption falling in the
middle, and financial statement fraud
being less frequent but more costly.
The case study illustrates the
evolving nature of fraud in a
globalized and technologically
advanced environment.

4) Assess the Risk of Fraud

ANS Assessing Fraud Risk:

Fraud risk cannot be eliminated but

can be managed strategically.
Companies may choose to avoid certain
risks through a formal or informal
risk assessment, weighing costs and
benefits. Acceptance of some risks
without additional controls is common
when implementation costs exceed
expected losses.
Risk Analysis and Mitigation:

Risk is assessed using the formula:

Risk = Impact × Probability.
Mitigation involves preventative,
monitoring, or detection controls.
Insurance and employee bonding are
additional strategies.
The decision to invest in detection
measures over prevention depends on
cost-effectiveness and potential
losses.
Management Decision and Purpose:

Management decides the response level

based on the assessment's purpose,
considering audit, regulatory
compliance, internal control
evaluation, or cost reduction.
Factors Influencing Probability:

Factors include industry nature,

values of management and employees,
internal controls, business
environment, likelihood, industry
trends, history, resources,
whistleblower complaints, moral
impact, value, and maximum exposure.
Considerations in Risk Assessment:

Adverse publicity, loss of consumer

confidence, lawsuits, legal
violations, and overall business
impairment are additional
considerations.
Fraud-Risk Assessment Framework:

Appendix D of "Managing the Business

Risk of Fraud" provides a template for
a fraud-risk assessment framework
applicable to any organization.
The template includes fraud risks,
likelihood, significance, departments
at risk, existing controls, control
effectiveness, residual risks, and
fraud-risk response.
In summary, managing fraud risk
involves a comprehensive assessment,
decision-making based on assessment
purpose, and a balanced approach
considering costs and benefits.

5)
Fraud Detection Challenges:

Occupational fraud is challenging to

detect, given that employees
attempting fraud often seek to evade
established policies and procedures.
These employees, typically trusted
individuals with legitimate access to
various systems, possess an in-depth
understanding of the company's
operations due to their roles.

Employee Familiarity with Systems:

Trusted employees, as part of their

regular duties, become well-versed in
system operations and may identify
weaknesses.
They might have previously worked
around procedures to address issues,
inadvertently exposing system
vulnerabilities.
Limitations of Policies and
Procedures:

While policies and procedures

communicate the employer's stance and
aim to uncover common errors, they may
not effectively detect intentional
fraudulent activities.
Fraudulent actions involve deliberate
circumvention of systems, often
coupled with attempts to conceal
through lies, falsified documents,
misrepresented transaction recordings,
and abuse of internal controls.
Balancing Control and Trust:
Striking a balance between preventing
fraud and allowing smooth business
operations is crucial.
Excessive restrictions or controls can
impede efficiency, making it necessary
to trust employees with assets, tools,
and information for their duties.
Flaws and Unintentional Errors:

Honest employees may inadvertently

contribute to errors due to system
flaws or unintentional mistakes.
Achieving a balance involves
understanding the risk of potential
fraud and ensuring the ongoing
functionality of the business.
In essence, the challenge lies in
navigating the delicate balance
between implementing adequate controls
to deter fraud and maintaining a level
of trust that enables employees to
carry out their responsibilities
diligently and honestly.
6)
Recognizing Fraud:

Observation of Indicators:

Fraud detection relies on observing

indicators, symptoms, or red flags.
Investigating detected red flags is
crucial to verify actual fraud, but
there's a risk of false positives,
often due to the high volume of
indicators.
Red Flags Categories:

Red flags can be internal control

irregularities, accounting anomalies,
analytical anomalies, tips, and
behavioral changes.
Internal Controls and Fraud
Prevention:

Internal controls aim to prevent,

deter, and detect fraud, but
weaknesses or overrides in these
controls can lead to common types of
fraud.
Balancing control measures with
operational efficiency and trust in
employees is essential.
Components of Good Internal Control:

Separation of duties, physical

safeguards for assets, independent
checks through monitoring and audits,
proper record-keeping, and
authorization controls.
Detection Techniques:

Detection should focus on weaknesses

in internal controls.
Irregularities must be examined,
documented, and corrective measures
implemented if necessary.
Accounting Anomalies and Analytical
Anomalies:
Accounting anomalies involve unusual
items associated with the accounting
system, especially journal entries.
Analytical anomalies include anything
outside normal patterns, requiring
careful review to distinguish
high-risk from low-risk anomalies.
Understanding Business Systems:

Expect a high number of analytical

anomalies, requiring a clear
understanding of business systems,
industry practices, and normal
anomalies.
Internal and external auditors must
employ standard audit steps, including
site visits, financial analysis, and
interviews.
Red Flags from Tips and Complaints:

Tips and complaints, especially those

related to alleged fraud, are critical
red flags.
People are often reluctant to provide
tips, fearing reprisals or lacking
confidence in anonymity.
Employee Observations:

Employees are best positioned to

observe behavioral and lifestyle
changes that could indicate fraud.
Tips remain the most common initial
detection method, emphasizing the
importance of fostering whistleblowing
and integrity hotlines.
Behavioral and Lifestyle Changes:

Employees are more likely to notice

changes, both detrimental and
positive, in their peers.
Proactive investigation of observed
changes contributes to overall
employee well-being and can mitigate
pressures leading to fraud.
In conclusion, recognizing fraud
involves a multi-faceted approach,
relying on indicators, internal
controls, detection techniques, and
employee observations. Careful
investigation and a proactive stance
are essential to distinguish potential
fraud from normal anomalies.

7)Data Mining vs. Data Analysis and

Analytics:

Data Mining:

Definition: Sifting through extensive

data sets using artificial
intelligence techniques, neural
networks, and statistical tools (e.g.,
cluster analysis) to unveil trends,
patterns, and relationships.
Approach: No specific outcomes are
anticipated; it involves the search
for trends, patterns, or relationships
without testing a hypothesis.
Data Analysis:

Definition: The process of evaluating

data through analytical and logical
reasoning to examine each data
component. It is part of research
experiments where data is gathered,
reviewed, and analyzed to form
findings or conclusions.
Approach: Can include various methods
like data mining, text analytics,
business intelligence, and data
visualizations. It encompasses a
broader set of techniques compared to
data mining.
Data Analytics:

Definition: Data analytics is broader

and includes a hypothesis-driven
approach where a hypothesis is
confirmed or proven false based on
findings.
Types: Further refined into
exploratory data analysis (EDA),
confirmatory data analysis (CDA), and
qualitative data analysis (QDA).
EDA: Initial stage for exploring data
relationships and discovering new
patterns when little is known about
the data. Visual and graphical
techniques are common.
CDA: Testing hypotheses, proving them
correct or false, and verifying causal
relationships. Often involves online
analytical processing (OLAP) tools.
QDA: Drawing conclusions from
non-quantitative or non-numerical data
like images or text.
Data Analytics Objectives:

Insight Generation: Provides insight

into the dataset.
Relationship Discovery: Discovers
underlying data relationships and
structures.
Hypothesis Testing: Tests assumptions
and hypotheses.
Causal Relationship Identification:
Identifies variables involved in
cause-and-effect relationships.
Anomaly Detection: Detects anomalies
within the data.
In summary, data mining is a specific
technique for uncovering patterns
without predefined hypotheses, while
data analysis is a broader process
involving logical reasoning and
various methods. Data analytics
encompasses both, utilizing a
hypothesis-driven approach and
incorporating techniques such as data
mining within a structured framework.

8)Data Analytical Software:

Several software programs are

available for data analysis, catering
to different needs and complexities.
Here's a comparison of commonly used
software:

Microsoft Access and Microsoft Excel:

Suitability: Familiar to many users,

commonly used by businesses and
individuals.
Use Cases: Suitable for smaller
datasets and less complex analyses.
Limitations: Complex procedures may
require many steps; learning time can
be high, lacks data integrity, and can
be cumbersome for large datasets.
Professional Data Analysis Software:

Examples: ACL, Arbutus, IDEA.

Design: Specifically designed for
large and very large datasets.
Features:
Protected data source.
Quick analysis.
Retains audit trails.
Built-in data analytical functions.
User-friendly interface.
Import from various sources and file
formats.
Analysis of 100% of transactions.
Field statistics, various sampling
techniques.
Benford’s Law analysis, correlation
and trend analysis.
Drill-down features, aging,
stratification.
Fuzzy matching, sophisticated
duplicate testing.
Auto-run or automated procedures.
ActiveData:

Type: Excel add-in with data

analytical capabilities.
Positioning: A middle-ground solution
between Excel/Access and more powerful
data analytical software.
Features:
Feature-rich with an attractive price.
Provides enhanced data analytical
capabilities within the Excel
environment.
Considerations:

Learning Curve: Professional tools may

have a steeper learning curve but
offer advanced features and data
integrity.
Data Size: Choose tools based on the
size and complexity of your dataset.
Price: Consider the budget and
specific requirements when selecting
software.
In summary, while Microsoft Access and
Excel are widely used, dedicated data
analysis software like ACL, Arbutus,
IDEA, and tools like ActiveData offer
more sophisticated features, enhanced
data integrity, and better suitability
for large datasets. The choice depends
on the specific needs, dataset size,
and budget constraints.
9)Anomalies vs. Fraud within Data:

Data anomalies are inevitable in

databases, often caused by errors,
limitations, or bugs in the system.
While insertion, deletion, and
modification anomalies are common and
expected, they are distinct from
anomalies related to fraud detection.

Insertion Anomalies:

Occur during data entry.

Common errors include missing or
incorrectly formatted entries.
Well-designed software should have
error-checking features to prevent
incorrect or incomplete data entry.
Deletion Anomalies:

Arise when the last record for a group

is deleted, potentially removing
relevant information associated with
that record.
Example: Deleting an employee's shift
schedule may also erase the associated
address information.
Modification/Update Anomalies:

Require changing incorrect

information, which may lead to
unintended consequences and errors in
other records.
Updates may introduce mistakes if not
carefully managed.
Fraud Detection Anomalies:

Focus on unexpected or unusual

patterns within the data.
Target suspicious transactions or
those deviating from the norm.
Examples: Outliers, too many inliers,
transactions that are unusually
typical.
Analyzing data for fraud anomalies
provides a starting point for further
investigation.
Professional Skepticism in Anomaly
Analysis:

Critical Assessment: Evaluate

anomalies without drawing premature
conclusions.
Bias Avoidance: Avoid being overly
suspicious or cynical.
Evidence Scrutiny: Do not accept
evidence at face value; ensure
completeness.
Fact Pursuit: Follow the audit trail,
review source documents, and
associated factors.
Objectivity Check: Assess whether
staff-provided information lacks
objectivity or knowledge.
Importance of Professional Skepticism:

Anomalies alone do not prove fraud;

they guide further analysis.
Professional skepticism ensures a
thorough and unbiased investigation.
Evaluate anomalies in context,
considering supporting documents and
the audit trail.
Observation vs. Anomaly:

Not every anomaly indicates fraud;

some are simply observations.
Example: The gap between the years
1987 and 2013 is an anomaly due to the
absence of four different digits, but
it is not an error or fraud.
In summary, understanding the
distinction between common data
anomalies and anomalies relevant to
fraud detection is crucial.
Professional skepticism plays a key
role in objectively evaluating
anomalies and guiding further
investigations.

10)Fraudulent Data Inclusions and

Deletions:
Many employees, including managers and
shareholders, have access to business
systems, and without proper controls,
this access is susceptible to errors
and potential fraud. Fraudulent data
manipulations involve both inclusion
and deletion of records, impacting
financial statements and concealing
theft.

Fraudulent Inclusions:

Definition: Recording unauthorized or

false transactions.
Examples:
Modifying or substituting the details
of a legitimate transaction to
misrepresent its nature.
Falsely including non-existent sales
or transactions to inflate revenue.
Purpose: To manipulate financial
records, often to present a more
favorable financial picture.
Fraudulent Deletions:

Definition: Failure to record

transactions that should be included
or deliberately removing records.
Examples:
Concealing theft by altering inventory
records to match physical counts.
Reclassifying missing inventory as
obsolete or creating fictitious sales
to hide shrinkage.
Omitting the recording of liabilities
and expenses to inflate net income.
Purpose: To conceal fraudulent
activities, misstate financial
performance, or manipulate financial
statements.
Concealing Inventory Theft:

Methods:
Altering inventory records to match
physical counts.
Changing count numbers during physical
inventory to match perpetual inventory
records.
Reclassifying missing inventory as
obsolete or creating fictitious sales.
Objective: To maintain consistency
between physical inventory and
records, concealing inventory
shrinkage.
Recharacterizing Expenses:

Method: Reclassifying expenses as

capital expenditures.
Impact: Increases net income and may
constitute financial statement fraud.
Detection Challenge: Difficult for
auditors to detect as it leaves no
audit trail.
True Deletion of Electronic Records:

Comparison to Shredding Documents:

Similar to shredding paper documents,
erasing electronic records.
Audit Trail Logging: Most systems log
deletions in an audit trail file to
maintain integrity.
Zappers and Phantom-Ware: Programs
facilitating systematic skimming of
cash receipts by deleting records,
re-numbering receipts, and producing
falsified financial reports.
In summary, fraudulent data
manipulations involve unauthorized
inclusions or intentional omissions of
records. These actions aim to
misrepresent financial information,
conceal theft, or manipulate financial
statements for various purposes. The
challenge for auditors lies in
detecting these activities, especially
when sophisticated methods like
zappers and phantom-ware are employed
to cover tracks.