Fraud Auditing, Detection, and Prevention Blog

This year, I have focused on the fraud risk assessment process as both a management tool and an audit tool. The common theme of my blogs is, “Do you understand fraud risk?” I have raised a number of issues that I hope were helpful within your career as an auditor, investigator, risk manager, or senior leader. In this blog, we’re diving into what having a deeper understanding looks like.

My guess is that most people understand the word “fraud” at some level. And, my guess is that most people understand the word “risk” at some level. But the new standards require auditors to add a “deeper understanding of potential fraud schemes” into their audit planning and execution. In my opinion, this is a two-step process. First, you must understand the fraud risk,  second you must plan your audit to reveal fraud in the transactions you are examining.

What is a deeper understanding of a ghost employee?

As an illustration, let’s consider ghost employees. Most people think a ghost employee is a fictitious person. That, however, is a shallow understanding of the fraud risk. As a reminder, there are five elements in a fraud risk statement. They are: person committing, entity, action, impact, and fraud conversion. Out of those five, one is always key. It is considered the “primary element.” Keep in mind that there are multiple permutations of the fraud risk statement.

For what is called a ghost employee scheme, the primary element is the entity. The action statement is the same for every permutation: Paid for services not performed.

How does one obtain a deeper understanding?

1. Start with the first level of the fraud risk statement.

2. Identify the permutations of the first level of the fraud risk statement.

3. Tailor those permutations to your industry and your company’s organizational structure.

4. Tailor the permutations to your payroll system, whether it is an in-house system or an outside service.

5. Consider who could commit the scheme. The who question.

6. Brainstorm on how each fraud risk statement would occur in your company. The how question.

7. Brainstorm on where each fraud risk statement would occur in your company. The where question.

8. Incorporate the business knowledge associated with the fraud risk statements. The industry question.

9. If you want a real deep understanding of the fraud risk statement, consider the sophistication of concealment. This is what I call creating the illusion of propriety.

10. Remember, this is not the time to consider internal controls. Your goal is to understand the risk of fraud.

First Level of Fraud Risk Statements

In the spirit of giving this holiday season, I will provide the first level of fraud risk statements for ghost employee schemes. Each one will have variations; in real life the variations will be created by virtue of your industry and your company. Let’s start with the following illustrative examples: These are 

• The fictitious person scheme occurs by creating an identity for a person who does not exist in real life.
•  Perpetrator assumes the identity of a real person who is not complicit in the scheme and is added to your human resource database.
•  Perpetrator assumes the identity of either a terminating employee or a terminated employee, and the employee is not complicit in the scheme. The takeover could occur on a temporary or permanent basis.
•  Perpretrator assumes identity of a real person in your human resource database on a temporary basis.
• Real person complicit in the fraud action. In payroll, “complicit” is defined as the real employee receives the payroll payment. The slang term is a no-show employee. The motive is either theft of assets or a bribe payment.
• Real person not complicit in fraud action. In payroll, “not complicit” is defined as the real person does not receive the payroll payment. The payment is diverted to the perpetrator. One could argue that these last two overlap with the assumed identity schemes above.

Let’s walk through the questions for a deeper understanding.

Use simple logic to develop the permutations. The person is a real person or a fake person. The real person is either in the HR database or not in the HR database. The identity of a person is assumed either temporarily or permanently. Let me illustrate the thought process necessary to obtain a deeper understanding of the fraud risk:

We will assume your company is in the retail business. Therefore, store managers have a high degree of control over entering human resources and payroll transactions either by direct access or by management override.

• Assumed identity of a terminating employee, and the employee is not complicit in the scheme
• Store manager assumes the identity of an employee who has departed from the workplace. The store manager causes payroll hours to be submitted for the departed employee and causes the payroll payment to be diverted.
• Store manager assumes the employee’s identity for a limited time.
• After a limited time period, the store manager processes the termination. Then the store manager selects another terminating employee for a limited time period
• Since duties are physically separated at corporate headquarters, the likelihood of this fraud risk statement occurring at corporate headquarters is deemed low.
• Payroll and timekeeping system is an in-house system.
• At the retail location, the manager is the most likely person to commit to the scheme, unless the manager has relinquished their duties to a subordinate.
• Manager would not notify human resources that an employee has departed the workplace and enter the hours worked for the employee. Alternatively, a new employee completes the W-2 form, providing the manager with their government identification number, and then never shows up for work. Or, manager processes a payroll for the employee the week before the new hire starts work.
• The scheme would most likely occur when an employee receives a paper check of paid in currency. It could occur if the manager causes a change in the employee’s bank account.
• Business knowledge per se is not critical with this scheme.
• Manager would obviously create all the necessary paperwork for the employee. If the timekeeping system is electronic, then the manager would use their override feature. The manager would select an employee with duties not associated with the sales entry system. The manager would list the employee on the weekly work schedule.

Now you have a choice when writing your fraud risk statement:

• Ghost employee fraud risk

Or

• Store manager takes over for a limited time the identity of an employee who has departed the workplace, the store manager causes hours worked to be entered into the timekeeping system for the departed employee, and subsequently diverts the departed employee’s wages.

Which of the above represents a “deeper understanding” to you?

More importantly: May your holidays be filled with warmth, laughter, and happiness for you and your loved ones wherever they may be.  

Fraud Trivia

1. Last month's answers:

2. What is a common AI-powered technique used to replicate a person's voice for scam purposes?
3. b) Voice cloning. This uses AI to replicate someone's voice, allowing scammers to impersonate trusted individuals.
4.  

1. Which of the following is a potential giveaway that a video is an AI-generated "deepfake"?

1. a) The speaker's clothing changes between cuts. Inconsistencies like changing clothes, disappearing background details, or unnatural neck movements can be telltale signs of a deepfake.
2.  

1. How does AI make phishing attacks more dangerous and harder to spot?
2. a) By creating highly personalized messages that mimic a legitimate sender's tone and style. AI can craft more sophisticated, convincing, and personalized emails.

1. When analyzing a suspicious image for AI manipulation, what visual inconsistency should you look for?

1. b) Reflections on shiny surfaces that don't make sense. While AI has improved with common errors, flaws in reflections and shadows are still common indicators of a manipulated image.
2.  

1. What can an AI system do to detect fraudulent financial transactions in real-time?

1. b) Look for anomalies or unusual activities based on learned patterns. AI-powered fraud detection systems use machine learning to identify unusual activity that deviates from normal customer behavior.

This Month's Questions 

5. Which AI technology is used to create realistic but fake videos or images of individuals?
   a) Voice synthesis
   b) Neural networks
   c) Deepfakes
   d) Natural Language Processing (NLP)
6.  
7. What is a behavioral biometric that AI can use to identify a legitimate user and prevent fraud?
   a) The user's height.
   b) The user's typing speed and patterns.
   c) The user's hair color.
   d) The user's shoe size.
8.  
9. If you receive an unexpected request for money from a family member via a phone call, what is the best first step to take?
   a) Immediately send the money.
   b) Ignore the message.
   c) Verify the request by contacting the person or institution directly through a known, trusted channel.
   d) Share the request on social media to see if others have received the same scam.
10.  
11. In AI-generated text, what might be a sign that the content is fraudulent?
    a) Consistent formatting.
    b) A unique and original writing style.
    c) Factual claims or statistics that cannot be verified.
    d) Proper grammar and spelling.
12.  
13. What is the primary advantage of using Machine Learning for fraud detection?
    a) It is a perfect, error-free system.
    b) It can learn from historical data to automatically and quickly classify new transactions.
    c) It is a replacement for all human security teams.
    d) It only requires a small amount of data to be effective.