Fraud Auditing, Detection, and Prevention Blog

How to Use Fraud Risk Statements in a Fraud Detection Program

Jan 30, 2023 7:04:28 AM / by Leonard W. Vona

We looked at how to create fraud risk statements using the payroll function in the last blog. In this blog, we’ll look at how to apply the fraud risk statement in a fraud audit program.

But first, the Trivia answers:

Was Christmas ever illegal?

True or False? In 1644 Christmas was banned in England, however, it was restored in 1660, when the monarchy was restored, and Charles II took to the throne. There appears to be some evidence that one colony in the U.S. did make it illegal to celebrate Christmas in 1659.

Is KFC one of the most popular Christmas meals in Japan? True or False? There seems to be some truth, although apparently chicken is popular in Japan.

What retail store created Rudolph the red nose reindeer? Montgomery Wards. I am sure people of my generation remember the store and its catalogs.

Which band had the most Christmas hits? The Beatles had four number ones. However, the question is a little misleading because they are not Christmas songs, but released over the holidays, including I want to hold your hand.

Which countries write the most letters to Santa Claus? During the months of November and December, Santa receives around 32,000 letters daily. Most letters come from the United Kingdom, Italy, Romania, Poland, Finland, and Japan.

Which country has the cleverest postal code for Santa Claus? Canada: H0H 0H0

Who wrote the most Christmas songs? Irving Berlin

Which food group is named after Christmas? In New Mexico, if you want red and green chili, you say, “I will have it Christmas style.” For my trivia connoisseurs, the phrase was originally suggested by waitress Martha Rotuno at Tia Sophia's restaurant in Santa Fe, New Mexico, per Wiki. FYI, I have dined at the restaurant, and I would recommend it to all.

Connecting the Fraud Risk Statement to the Fraud Audit Program

The fraud risk statements identify what you are looking for. They set the criteria for your data analysis. They include an entity and an action. Once you have your fraud risk statements, you can set up a plan for your fraud audit. For this illustration, our fraud risk statements are:

1. Payroll function causes a fictitious person to be added to the payroll system and compensated for services not performed resulting in the theft of monetary funds.

2. Senior members of management cause a fictitious person to be added to the payroll system and compensated for services not performed for the purpose of paying bribes.

3. Computer hackers cause a fictitious person to be added to the payroll system and compensated for services not performed resulting in the theft of monetary funds.

4. The payroll function causes a terminated employee to be reactivated (temporary or permanent?) and compensated for services not performed resulting in the theft of monetary funds.

Fraud Data Analytic (FDA) Plan 1 & 2

In designing your reports, you should always capture the employee number, employee name, department, and employee start date.

The plan is fundamentally the same for the first two fraud risk statements. Because it is a false entity scheme, you start with Human Resources data. The first test would be to search for duplicate identifying information. Look for duplicate addresses, bank accounts, government identification numbers, email addresses, telephone numbers, emergency contacts& telephone numbers. The second test is to look for missing Human Resources information on those same data fields.

If the person committing the scheme is a department head or senior member of management, expand your duplicate test to include duplicate cost centers If the person committing the scheme is the payroll function, the duplicate cost center is less critical.

If the person committing the scheme is payroll or a senior member of management, give special consideration to those departments where an added employee would be less visible.

Search for any employee with a blank address and blank bank account.

Search for time and attendance records that were created by someone other than the employee named on the time and attendance record. A duplicate test on the timecard creator and timecard approver may also be useful.

FDA Plan 3

Same as 1 & 2

If the person is a computer hacker or a payroll employee, search for additions or changes that occur after hours or just before key operational cut-offs.

FDA Plan 4

Search for all reactivated employees with bank account changes.

Using the same search, look for a termination date within the same year as reactivate date. This is an easy way to search for a temporary takeover scheme.

For permanent take-overs, the perpetrator tends to change employee identifying information such as a telephone number, email, or mailing address.

If your company has foreign nationals on payroll, add this code to your analysis. Since the employee has departed from your country, it obviously makes it difficult to validate their existence.

FDA 1,2,3 & 4

Ghost employees tend to have a high percentage of net pay to gross pay. The reason ghost employees have a high percentage is the absence of voluntary deductions.

Search for payroll payments that are not recorded in the regular payroll registers.

Fraud Audit Test

The primary test would be proof of services. Clearly, this test would be tailored to your workforce. My preference is to compare the selected employee to a database that the perpetrator cannot impede or alter such as online access, employee building access card, or telephone records.

Other Tests to Consider 

  • Proof of services or personal confirmation of the individual. For personal confirmation, remember, the more sophisticated person would be able to produce an individual with false government identification.
  • An examination of the employee’s workplace for evidence of the employee.
  • An examination of documents in the Human Resource file that tend to demonstrate the employee is a real person such as an annual evaluation, copies of government identification, and health insurance forms.
  • An examination of payment documentation for anomalies such as a foreign bank account.
  • Interviews of co-workers to determine their personal knowledge of the existence of the employee.

Remember, the search for fraud starts with a logic-based approach. Once the fraud risk statement is defined and understood, the process of building your fraud audit program becomes easier. The comprehensive search for ghost employees would start with identifying all the ghost employee schemes relevant to your company and following the above process in building your fraud audit program

Internal Control Trivia

  1. 1. What was the first shape used to describe the COSO Control Model?
  2. 2. In what year was COSO created?
  3. 3. Why was COSO created?
  4. 4. Before COSO, how were internal controls referred to?
  5. Have you visited the SEC Historical Society?


Demystifying Fraud eBook CTA

Topics: Fraud Data Analytics, Fraud Risk Statements, Fraud Auditing, Fraud Plan

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.