The word 'Fraud” means wrongful or criminal deception intended to result in financial or personal gain. In the corporate area, or in the 'Corporate fraud” is defined as an intentional misrepresentation of company financial information or activities or mislead the stakeholders and reduce the tax liability. Typical cases of corporate frauds are complex, highly secretive, and generally involve economic scandals. Corporate frauds can occur in public and privately owned businesses, not-for-profit organizations.
Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operation. Its role includes detecting, preventing, and monitoring fraud risks and addressing those risks in audits and investigations. It should consider where fraud risk is present within the business and respond appropriately. (The IIA's perspective). Organizations should have robust internal control procedures to limit the risk of fraud, and an internal audit's role is to assess these controls.
Operationally, internal audit should have sufficient knowledge of fraud to:
- Identify red flags indicating fraud may have been committed.
- Understand the characteristics of fraud and the techniques used to commit fraud, and the various fraud schemes and scenarios.
- Evaluate the indicators of fraud and decide whether further action is necessary or whether an investigation should be recommended.
- Evaluate the effectiveness of controls to prevent or detect fraud.
Following are the four fraud risk areas have been analyzed for red flags where corporate frauds are likely to occur and the corresponding audit procedures:
A. BILLING SCHEME
Almost all the expenditures made by the company are processed through accounts payable which generally includes trade payable or expense payable. Since so many transactions go through accounts payable and it is the largest outlay, there is a high probability of bogus payment. Errors may be duplicate payments made or unnecessary charges paid for. Inefficient processing may include unnecessary payments for late payment interest or fees, discounts for an earlier payment not taken, or individual payments of multiple invoices to the same provider during the same period.
Audit methodology to identify the fraud areas:
|
S.No. |
Audit Methodology |
|
1 |
Review of the data received for testing of any anomalies as the data is generally huge. Benford law can be used in this regard |
|
2 |
A review of the top vendors and bottom vendors gives the idea regarding the vendors which are needed to be focussed |
|
3 |
Z-score can be used to see how much the data deviates from the Centre amount |
|
4 |
Payment without purchase order test & analysis of infrequent payments of vendors that have no purchase order associated with payments |
|
5 |
Review of length and time between invoice and payment date test |
|
6 |
Processing of transactions on Holidays or weekends or after the office hours |
|
7 |
Review of the vendor master by matching employee address with supplier address |
|
8 |
Review of duplicate address in the vendor master |
|
9 |
Payments made the vendors which are not in the vendor master |
|
10 |
Gap detection to check the series to missing numbers during the payment |
B. FRAUDULENT REFUND AND FRAUDULENT VOID SCHEME
False refunds are when no actual return of goods or pricing adjustments are made —they are merely recorded. This allows cash to be taken from the register while the cash still balances the registration records. Instead of cash, the refund is made to the fraudster credit card. This avoids other people as well as a surveillance camera to know that fraud has taken place. False refunds overstate the inventory of goods. Since there is no physical return of inventory, there will be an inventory shortage as per the books. Some of the examples of void schemes include "Price guarantee". Customers are offered a refund of the price difference if the purchased item goes on sale within 30 days of purchase. The customer is required to bring their receipt that has bar code scanning to qualify for a different refund. A legitimate sale is made and then the fraudster voids the sale. The funds received from the sale are then directed to the fraudster account. Typical control would include that the original receipt should be attached with the void sales. Void sales create an inventory problem, i.e. the inventory is lower than that recorded in the books.
Audit methodology to identify the fraud areas:
|
S.No. |
Audit Methodology |
|
1 |
Review the void transactions and the transactions made through cash and compare the anomalies |
|
2 |
Review the void transactions on monthly basis to analyze the month/ season in which void transactions generally takes place |
|
3 |
Review of the terminal in which the void transactions have taken place |
|
4 |
Review the corresponding sales transactions for which void transactions have taken place. Analyze whether the sale was made by cash or credit card |
|
5 |
Pair the invoice number and invoice time sequencing vis a vis the void transactions |
|
6 |
Trend analysis of sales adjustment or refund of goods. |
|
7 |
Review the sales where the sales were made from one credit card but the refund was made from another credit card |
|
8 |
Identify where the sales were made by credit card but the refund was made by cash |
|
9 |
Review the duplicate refund |
|
10 |
Verify the sales file and inventory file to calculate the difference in day to day analysis |
C. FRAUD IN EXPENSE REIMBURSEMENT SCHEME
The most common type of expense reimbursement in an organization is for travel and entertainment expenses. These expenses are incurred for every level of employment, whether they are for sales, training, meeting, or attending conferences. Typically, these the level which incurs high travel and entertainment are sales-related functions and executives of the company. To detect any fraud in these expenses, one must be familiar with the policy of the company.
The following are the types of fraud which could generally happen in these areas:
1. Overstated expense reimbursement
These are legitimate business expenses but they are over-claimed by the employees. The employee must have stayed in a lower-priced hotel or used lower transportation costs and then create a receipt for a higher price.
Purchasing two tickets and then returning for a refund of the higher-priced ticket resulting employee having both the tickets.
2. Mischaractized expense reimbursement
Expense reimbursement is generally for business purposes until they are specifically stated otherwise. Bills may be submitted for business expenses when in fact they were for personal purpose. The fraud can be done by either mischaracterize or reclassify the expenses.
3. Multiple reimbursements
Multiple reimbursement fraud is simple in that the same expenses are claimed more than once. Staff at a more senior level in charge of several projects may submit the same expenses to each of the projects for multiple reimbursements. One of the simple methods of fraud could be claiming the data charge card receipt and then again submitting the data charge card bill
4. Fictitious Expense reimbursement
This kind of fraud requires a bit of hard work and a few artistic skills. With personal computers and some sophisticated software, making realistic looking receipt is an easier job nowadays. In fact, there are websites available that create legitimate looking fake bills/receipts. Some simpler method is to ask for fake receipts from the restaurant or the blank receipt from a taxi driver.
The following are the internal audit procedures to identify such frauds:
|
S.No. |
Audit Methodology |
|
1 |
Analyze the negative values in the data |
|
2 |
Review the time span of the travel claim from the start date and the end date to analyze high differences between the dates |
|
3 |
Transactions where the accommodation cost and both the start and end date of the travel are of the same date |
|
4 |
Review of the same day travel with both flight and accommodation charges |
|
5 |
Deviation from the against the average can be verified and high differences are required to be analyzed |
|
6 |
Review of the duplicate travel details by the same employees |
|
7 |
The daily average test could be done for meals, incidentals, and other expenses from the start and the end date and determine the anomalies if any |
|
8 |
The travel details can be stratified based on the role of the employees and the deviation from the average could be obtained and reviewed |
|
9 |
Review of the corporate discounts and discounted weekend rates with the hotels |
|
10 |
Matching of the travel dates and leave / vacation data of employees |
D. PAYMENT TAMPERING SCHEME
The payments can be made through cheque or through electronic means. Even with today's technology with more and more payments being made electronically, the physical hard copy of cheques is going to remain for some time to come. The opportunities for fraud with electronic payments can be mitigated if procedures and internal controls are in place and adhered to.
The following are the internal audit procedures to identify such frauds:
|
S.No. |
Audit Methodology |
|
1 |
Review of the internal control for control over the bank cheques with respect to segregation of duties, control over the unused cheques & canceled cheques, and access to payment module |
|
2 |
Bank reconciliation statements and review of the long-pending items |
|
3 |
Check for the person posting and authorizing the payments |
|
4 |
Review of the void cheques as they may be cashed and not just void |
|
5 |
Payments made without a purchase order and payments directly made without account payable entry |
|
6 |
Review the adjustment entries impacting the bank accounts |
|
7 |
Review the employee access log with the rights of accessing the payment entries |
CAclubindia
