Chapter 3 types of fraud in an operating business and preventative measures

• Jurisdiction: United States

Chapter 3 types of fraud in an operating business and preventative measures

Maryellen K. Sebold

Judith K. Spry

The Sarbanes-Oxley Act of 2002 opened up the door for anonymous reporting of fraud in operating businesses. Large operating businesses now have reporting "hot lines" for the tipsters to send a voicemail or an email, if the tipster believes a behavior is inappropriate. In smaller companies the fraud or inappropriate behavior is sometimes not found for years after the fraudster started the scheme, often times only when the fraudster takes a vacation or a sick day. And in mid-size operating companies, a combination of schemes can erupt and disrupt the normal flow of the operations.

Fraud in an operating business can affect the business in many ways. The initial discovery is often devastating to the company personnel, both on a professional and personal level. This may be even more troubling if the company is in a state of distress or in a chapter 11 bankruptcy proceeding. The chief financial officer, controller, and accountants ask themselves why and how this happened on their watch.

In the scenario where the company is in distress or in chapter 11, the debtor-in-possession, chief restructuring officer or chapter 11 trustee might need to engage a team of professionals, including forensic accountants, financial advisors, lawyers, auditors and other investigators to determine whether fraud is present and whether the fraud will affect the ongoing operations of the business. For example, financial statement fraud may position the company to have to borrow funds, or put the company in jeopardy of breaching loan obligations, or could have a significant impact on investors.

A forensic accountant's role in detecting and preventing fraud in an operating business involves an awareness of the types of fraud that may be present and a need to develop procedures to preserve and review evidence. The forensic accountant may need to preserve and review the company's internal documents, including both the hard-copy evidence and electronic evidence such as emails. It will also likely be necessary to review external documentation, such as vendor invoices, bank statements, purchase orders and other documentation used in the course of business and utilized by the fraudster to commit fraudulent acts.

I. The Team

The forensic accountant is usually part of a larger team assembled to detect or stop fraudulent activity. The team make-up is dependent on the size of the organization and the complexity of the fraud. The team of professionals assembled by a chapter 11 trustee or a chief restructuring officer may include financial advisors, outside counsel, a forensic accountant or an internal auditor from the company, as well as in-house counsel.

One of the first decisions should be to determine whether law enforcement authorities must be contacted. If so, the team should evaluate the best authority to contact, which may be different depending on the size and the nature of the fraud. In addition, a decision needs to be made as to any regulatory agencies that may have to be informed.

If insurance coverage is available, the risk manager, broker or agent should be included as part of the team, especially if there are coverage issues, or if the fraud spans a number of policy years. The insurance carrier may retain its own forensic accountant, so the defrauded company may want to wait to finalize its own analyses. Other decisions may include when to raise the concerns with the board of directors and the audit committee, the outside auditors, bankers or other investors.

II. How Is Fraud Detected?

The ACFE 2012 Global Fraud Study¹⁰ shows that the most common discovery of fraud and abuse is by tip, followed by management review, internal audit and by accident. Some fraudsters in operating companies are discovered by police or other agencies. Lastly, there are times when the fraudster confesses, usually admitting that they misappropriated less than they actually did, as the pressure becomes too much.

Either in an effort to divert attention from the fraudulent scheme, hide the truth or as a continued means of cover-up, the fraudster will lie about the misappropriation. Often, he or she will lie to the auditors who may request certain supporting documentation by either giving an incorrect answer or claiming that the documents are not available. The astute auditor will continue to pry when denied requested information and will verify data with third parties whenever possible in order to identify fraud.

Fraud and abuse can be lessened by management review of personnel, internal audit, detailed account reconciliations, careful review of support documentation, external audits, surveillance monitoring and strong internal controls. As a means of identifying what may be backdating of financial transactions, test dates against outside sources, trace the order in which transactions occurred, and utilize built-in audit programs to help highlight the questionable dates and encourage further investigation.

With respect to destruction of evidence, it is becoming more and more difficult to truly destroy evidence, especially if it was created electronically or if there is the ability to review surveillance tapes or location tracking devices. There are robust programs available that can be used to locate deleted files. There are also document-review platforms that enable the investigator to perform keyword searches, de-duplicate and thread the emails to reduce the population, and assist with a quicker analysis of emails.

A. Analyze Cash Flow

In detecting fraud in an operating business, the analyses should revolve around the largest and most vulnerable assets. Cash, accounts receivable and inventory should be reviewed carefully. Large amounts, even dollar amounts, or an amount just below an audit limit may be signs of fraud that can be detected by reviewing the company's general ledger and disbursement ledgers, independently reviewing the bank statements, cancelled checks and wire detail, and assessing the inventory controls.

For example, under Federal Reserve Regulation CC, which regulates hold periods on deposits made to commercial bank accounts, cashier's checks are recognized as "guaranteed funds" and amounts under $5,000 are not subject to deposit hold, except in the case of a new account. If a person or company had many deposits of $4,999, this may be suspicious and require further...