Printer Friendly

Fraud profiling.

The Front Door to Detection, The Back Door to Prevention

Can you prevent fraud? Simply, no. Internal controls and security systems reduce the risk but there are no guarantees and the track record is, frankly, not great. People are ingenious and some are desperate -- others are risk-takers. Some of your employees may have a lot more devious entrepreneurial spirit than you may have thought. Research done in the US by Dr. Steven Albrecht indicates that one of the characteristics of employee fraud is that it is frequently committed by trusted employees who know the system. Do all you can to prevent it but be real -- fraud happens. Fraud Profiling is the process of identifying the characteristics that fraud would present if it happened in your organization. If you know what it looks like, you can catch it when it happens. If you catch it when it happens it will make the next person think twice about committing fraud.

In a recent survey of Canada's largest 1000 companies, 56% of the respondents acknowledged that they had been defrauded in the past year and 63% expected that fraud would increase in 1993. No-one knows the real cost but estimates of the annual cost of Canadian corporate crime range from $8 to $20 billion. Statistics Canada reports that the incidence of reported fraud in 1990 increased 7% over 1989.

In periods of economic recession the likelihood of employee fraud also increases because of increased psychological pressure on employees. Employees tend to be under greater personal financial stress and may also be under greater personal insecurity about their future in the organization. When close colleagues are laid off, fear and insecurity pervade the psychological environment.

If you don't like the outlook -- change what you're doing.

Consider the proposition that not all the people who might commit fraud necessarily work for someone else. Some of them--one of them--might work for you. If that is possible, take the next step-- expect that fraud will happen--it alters the paradigm.

If you can't practically stop fraud occurring, the next best thing you can do is catch it quickly and as painlessly as possible when it happens. Develop a detection-based strategy.


In order to identify anything, you've got to know what it looks like. If you don't know what it looks like you may walk right past it without recognizing what it is. There is an infinite variety of forms fraud can take because there is an infinite variety of business structures, accounting systems, documentation characteristics etc. Like attempts to prevent fraud, there is no guarantee that a detection strategy will work all the time and identify every fraud but research indicates that most employee fraud is not sophisticated and, generally, not well concealed. All that is required, in many cases, is to identify what it would look like and it will be found. The process outlined in this article is not intended to provide an absolute standard of fraud detection but an incremental improvement in the odds against your business becoming a victim of fraud.

The process is simple, understandable, rigorous and comprehensive. Its objective is the development of a set of detection controls that will identify the characteristics that fraud would present if it occurred in your business. The characteristics fall into three general categories -- Behavioural, Documentary and Data Patterning. All three categories of characteristics are usually presented by any fraud.


People commit fraud. When they do there are, normally, identifiable behaviour patterns that are consistent with fraudulent activity. These are mostly generic such as employees not taking vacation, not accepting a promotion, being secretive and uncooperative etc. They are generic by default, largely because the particular personalities of individuals are not sufficiently well known for them to be more specific. The level at which identifiable behavioural characteristic are more specific is among co-workers who know the individual sufficiently well to be able to identify sometimes quite subtle changes in behaviour. Sometimes, in the course of a fraud investigation and too often, in the aftermath, a co-worker will identify and comment about anomalies in the perpetrator's behaviour. In smaller business units these behaviour anomalies observed by co-workers can be valuable indicators of fraudulent activity.


Documentary characteristics appear in the form of altered or missing documents or data such as changed dates or missing authorization signatures, data that is inconsistent with other characteristics such as a PO Box number address for a supplier from whom deliveries of goods should have been received, accounting journal entries that reduce cash and charge an operating account. Characteristics such as these are frequently obvious but just as frequently overlooked or not recognized as indicators of fraud.


Patterning characteristics are represented by trends and results that fraudulent activity will be likely to produce. Concealment of the theft of cash by lapping accounts receivable will produce an increasingly aging receivables profile. Concealment by lapping successive day's cash receipts will produce a time lag between receipt of cash and bank deposit. ("Lapping" is the concealment of a theft by creating a delay to permit the substitution of cash stolen today with cash received tomorrow.)

The specific Behavioural, Documentary and Data Patterning characteristics that exist will be particular to your business and will constitute the Fraud Profile for your business.


The process of developing a fraud profile requires a detailed knowledge about the systems, the documentation and the people in the organization. It also requires a high level of security -- this process produces a road map of how to commit fraud in your organization. The development of the fraud profile is something that, preferably, should not be directed by someone directly involved in operations or finance. The need for security is one reason that companies often seek outside assistance when dealing with fraud. Within an organization, probably the ideal people to develop a fraud profile are internal auditors. They have knowledge of the systems, documents and people, they have relevant training and they are not in line positions. However, remember that when considering a transfer from internal audit to operations you could be transferring someone who drew the roadmap of how to commit fraud in your business.

There are three phases in Fraud Profiling. The first is the development of a Fraud Exposure Template. This identifies the fraud risks to which your business is exposed. The second phase is the identification of the characteristics the fraud exposures would present if they matured -- the Fraud Profile. The final phase is the development of cost-effective monitoring controls to recognize and report the characteristics if they occur -- the Detection Net.


The development of a fraud exposure template is a basic risk assessment exercise. The template can be used repeatedly when there are multiple operating units with the same control and organization structures. It also has comparative value among different businesses. The development of a fraud exposure template involves the testing of the organization model against criteria in the form of working hypotheses of how fraud could be committed. As with any risk assessment the quality of the assessment is a function of the richness of detail in the model and the completeness of the criteria against which it is tested.

The Organization Model

The first step is the development of a detailed understanding of the systems, documentation, reporting and control structure of each business cycle in the organization. The richer the detail the better the profile will be. The nature of the business directs the focus and emphasis of this phase of the work.

In many cases, a preliminary model will exist in one form or another -- perhaps in procedure manuals, in internal or external audit files or ultimately in the heads of the people who operate the business. In developing the organization model, expect that the actual way the system works is not quite the way the procedure manual describes it, nor the way it is documented in the audit files. Even when starting from scratch by asking the people who operate the system, commonly they will describe what should happen rather than what does happen. To be effective, this model needs to describe the way the business actually operates. Asking people to sign off a memorandum setting out their understanding of the actual functions of the operation can be very helpful in focusing the mind on the difference between the procedural model and reality.

The Fraud Risk Assessment

The next step is to identify the apparent weaknesses in the organization model that could permit errors. Why errors? Errors often present the same evidence as fraud, the principal differences being intent and benefit. If a system will permit an error to occur that would result in an under or overstatement of income it will normally also permit a fraud. Many employee frauds start because an employee makes an honest mistake that is not detected and represents the key to the door of fraud opportunity. While the primary focus of most internal and external audit methodologies is not employee fraud, they do address error and consequently this aspect of audit training is a valuable resource in assessing fraud risk.

The next step is to develop working hypotheses of the ways in which employee fraud could occur. This involves stepping through the particular business processes from beginning to end to identify the junctures at which fraud could occur, who the perpetrator could be, the control weaknesses that could be exploited and how the existing controls could be subverted. One word of caution - the people assigned to develop the Fraud Exposure Template will probably be rational, intelligent, analytical individuals, often with training in accounting and auditing. The perpetrators of frauds do not always share these personal qualities. Do not dismiss a fraud risk because it is clear that the perpetrator will eventually be detected. By the time detection occurs the employee may be gone. The purpose of the profiling exercise is to recognize and report the characteristics fraud presents just as soon as it occurs. The output of this phase is a list of fraud exposures identifying who the perpetrator could be, how the fraud would occur and the weakness in the system that would permit the fraud to occur.

Many frauds are permitted to occur by the failure to implement or maintain the most basic internal controls. If someone in your organization has access to cash and access to the accounting records that person has the opportunity to commit a fraud. The failure to segregate fundamentally incompatible functions is a depressingly frequent theme in employee fraud. If it is uneconomic to segregate functions effectively consider other compensating controls, develop the profile of what the fraud would look like if it occurred and start looking for it.


The next step is to develop the profile. With the knowledge of the documents, the people, the data patterns, the existing controls and security and accounting systems, it is now possible to identify the characteristics the hypothetical frauds would present if they occurred in your business. The critical element of this part of the process is to identify the characteristics that individually and collectively will be of most practical value as indicators of fraudulent activity. These are the profile keys. The output is a schedule that identifies the potential perpetrator or class of perpetrators and the behaviour that execution and management of the fraud would require such as a requirement to access particular records within a particular time frame, to override certain reporting or reconciliation controls, to be in particular places at particular times, to restrict other people's access to particular records etc. It will also identify likely behavioural consequences such as changes in relationships with superiors or subordinates; for example,

* uncharacteristic delays in producing reports,

* unusual resistance or hostility to routine enquiries,

* changes in the social relationships with co-workers,

* unusual overtime or weekend work without apparent reason,

* changes in lifestyle.

It identifies the documentation anomalies that would have to exist such as,

* the absence of or delay in an authorization signature,

* the backdating of documents,

* an unusual relationship in the sequence of documents,

* the absence of particular documents,

* payment records for the same amounts to different customers,

* deposit slips from the bank that have the same amount as the office copy but have different components making up the deposit.

The data patterns that emerge are usually, but not always, financial; for example,

* changes in the number and frequency of transactions with particular suppliers,

* the award of tenders to the supplier who submits the latest bid,

* an above average level of credits to one customer or by one salesman.

The value of the Fraud Profile is the reference framework it provides. When documentation or other anomalies are identified in a vacuum they can easily be rationalized away or not even recognized as anomalies. Even when they are identified, without the framework that the profile offers there is often no way to answer the "so what?" question. The Profile is a filter that sifts out the linkages from a mass of otherwise unorganized information. The first fraud I ever found was twenty-five years ago as a young auditor. In retrospect, it amazes me that I noticed the anomaly and failed to rationalize it by some other explanation. I tried for two full days to find some other plausible explanation for a payroll fraud that was staring me in the face. A profile of that fraud would have identified it as soon as it happened. The subsequent investigation revealed that it had been quietly proceeding below the noise level for five years.


The final step is to develop the close monitoring procedures that will flag and report the key characteristics. These procedures can frequently be incorporated into existing computer processes and control structures that have legitimate management objectives such as monitoring receivables aging and bank reconciliations. Frequently, the structures already exist. All that is required is to add an additional focus. If cost-effective monitoring procedures cannot be developed, reassess the preventive controls and review less effective but cheaper monitoring procedures that will at least identify the characteristics of more serious fraud.


A further requirement of a detection-based strategy is a policy that addresses what happens when you do find fraud. For a deterrent to be effective, real sanctions such as termination and reporting to the police have to be contemplated. Clear, unequivocal messages are required from senior management that abuse of trust and any form of unethical behaviour by anyone in the organization, regardless of their position, is unacceptable. Senior management must, in other words practice what they preach.

The Profile you develop is a dynamic model. It will change as people and documents change. Left unattended, over time it will become less reliable and ultimately dangerous. If reviewed frequently, however, it will improve as new insight and experience adds to its quality. Frauds identified by the profile invariably provide additional data to improve the quality of the profile. If fraud escapes the detection net, it will identify a set of exposures that may not have been hypothesized or a set of characteristics not contemplated. If the profile fails to identify a fraud, reassess the process. Was there faulty reasoning? What was overlooked and how? Is the problem systemic or an isolated fact set? Was the profile right but the monitoring controls failed? There are no more valuable experiences in this work than reviewing the circumstances of an actual fraud. Even the experience of petty frauds is valuable. Many of the characteristics will be similar if not identical to much larger ones. Albrecht expressed the view that there is no such thing as an immaterial fraud -- just one that hasn't had enough time to grow!

Although Fraud Profiling is conceptually simple, it is a rigourous, systematic process. It takes time and considerable intellectual effort to develop and implement. If it seems a daunting task, consider implementation in stages over time. While it might be desirable to have a Fraud Profile for all aspects of the business, any incremental improvement is a step in the right direction. Start with the areas that are most vulnerable, and easiest to profile and sleep a little more easily.

Nick Hodson is a partner in Ernst & Young's Forensic Accounting and Litigation Practice. He has practiced public accounting for the past 25 years in three countries. He found his first fraud in 1970. His most renowned case was the 1979 investigation into the Town of Richmond Hill. The many frauds this investigation disclosed are summarized in a public document.

Mr. Hodson has investigated frauds in public agencies, law firms, manufacturing and distribution companies, real estate companies, insurance companies, charitable organizations, and other types of organizations.
COPYRIGHT 1993 Canadian Institute of Management
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Hodson, Nick
Publication:Canadian Manager
Date:Jun 22, 1993
Previous Article:Real-life marketing at UCCB.
Next Article:New strategies for a tough job market.

Related Articles
Telephone Hacker Fraud Security Systems.
The Financial Advisory Services practice of Deloitte & Touche LLP.
Adapting to automated fraud: fraudsters are using technology to automate the fraud process, and banks and financial institutions must prepare for...
Mortgage fraud requires industry effort.
Know your enemy: all employers must protect themselves against the real risk of being defrauded by their own staff. Mike Brooks explains how to set...

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters