Information technology, such as an ERP solutions, opens up new possibilities for fraud. Davis and Braun (2004) outlined five types of computer fraud, each of which has some relevance for ERP systems. The following explores what issues are most commonly discovered…
As long as organizations have existed, they have had to cope with the possibility of fraud. The corporate scandals of the late 20th century (Enron, WorldCom, Health South and others) brought the issue of fraud into sharp relief for most people, and signaled an increased interest in fraud examination. Although fraud can be classified and categorized in many ways, the focus of this article will be occupational fraud and abuse.
The Association of Certified Fraud Examiners (www.acfe.com) defines occupational fraud and abuse as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.” (ACFE, 2010) The ACFE uses a three-part taxonomy for discussing the types of occupational fraud and abuse. The three parts are (ACFE 2010):
- Corruption. Schemes involving the employee’s use of his or her influence in business transactions in a way that violates his or her duty to the employer for the purpose of obtaining a benefit for him- or herself or someone else. Examples of corruption include conflicts of interest, bribery and economic extortion.
- Asset misappropriation. Schemes in which the perpetrator steals or misuses an organization’s resources. Examples of asset misappropriation include cash larceny, accounts receivable lapping and check tampering.
- Fraudulent financial statements. Schemes involving the intentional misstatement or omission of material information in the organization’s financial reports. Examples of fraudulent financial statements include fictitious revenues, improper disclosures and concealed liabilities.
The ACFE estimates that the typical organization loses 5% of its annual revenues to fraud.
Fraudsters themselves are a diverse group. There is no “test” anyone can give to determine if a person will commit fraud. What we do know from years of studying fraudsters is that they commit fraud when three forces combine: opportunity, motivation and rationalization. First suggested by Dr. William Cressey, those three elements have come to be known as “Cressey’s fraud triangle.” (Wells, 2008)
Opportunity occurs when an organization’s internal controls are weak; inadequate separation of duties, lack of independent review, and poorly defined business processes often provide the opportunity to commit fraud. Fraudsters have a variety of motivations for what they do, including personal financial setbacks, substance abuse problems and the desire for revenge. Rationalization is the “story” a fraudster tells him / herself to justify the fraud. Examples of rationalization include statements like: “I was only borrowing the money. I intended to pay it back.” “This company doesn’t appreciate me or pay me enough. I deserve this money.”
When the three forces (opportunity, motivation and rationalization) combine, a person is much more likely to commit fraud.
Every fraud examination is different. Nevertheless, there are some common steps examiners often take when investigating. Consider the following diagram which shows those common steps. (Source: Wells, 2008)
Many fraud examinations begin with document analysis. A document in this context could be either paper or electronic. In a case I investigated early in my fraud examination career, a secretary had forged signatures on a series of checks; when the proprietor of the business (a psychotherapy practice) noticed the unusual signatures, he started considering the possibility of fraud.
After document analysis, the fraud examiner often speaks to neutral third-party witnesses. These folks may have seen the fraud occurring, but not realized it was a fraud. For example, a custodial worker may see a manager carrying a computer out of the office, but assume the manager has a legitimate reason for doing so. Third-party witnesses can provide valuable background information for a fraud investigation.
Corroborative witnesses are a bit closer to the fraud, but still not involved in it. They may corroborate evidence from documents or from neutral third-party witnesses; they may also provide valuable insight into how business processes are supposed to work. Knowing how processes are supposed to work can often help the fraud examiner identify lapses that lead to discovery of a fraud.
Although many frauds are committed by a single individual, many involve groups of people with varying degrees of culpability. The complex, infamous frauds of the late 20th century involved multiple people. As a fourth step, the fraud examiner could interview co-conspirators—people who facilitated the fraud, but who don’t bear major responsibility for it. For example, a corporate controller may direct a payroll clerk to prepare a check for a fictitious employee. The payroll clerk could be considered a co-conspirator. Although a fraud examiner should never make promises regarding the outcome of legal action, co-conspirators can often be motivated to disclose information if the fraud examiner implies that “things could go more easily for them” if they co-operate.
The final step in a fraud examination is interviewing the target(s). By the time a fraud examination reaches this stage, the examiner should know most of the facts. The examiner should prepare a list of questions, thinking about answers a fraudster might give and having evidence on hand during the interview that will “corner” the target.
Wells (2008) identified five types of questions fraud examiners can ask during interviews. Although each type has a specific, distinct purpose, the fraud examiner should keep one overarching principle in mind: never ask a question unless you already know the answer. Here’s a brief description of each question type:
- Introductory. Introductory questions are designed to establish rapport with the person being interviewed. They usually focus on the employee’s background— seemingly innocuous things like how long the employee has worked for the company and the like.
- Informational. These questions, as the name implies, seek information about the interviewee’s job responsibilities and the organization’s processes. The fraud examiner’s goal for informational questions is to establish a set of facts that can be referenced later as a baseline. For example, if an interviewee says a purchase order over $1,000 always requires two signatures, the interviewer might eventually show one without the two required signatures—or one where one of the signatures has been forged.
- Assessment. If the fraud examiner suspects deception from the interviewee, assessment questions come into play. By asking assessment questions, the fraud examiner is gauging the interviewee’s overall attitude toward honesty. The fraud examiner should carefully observe the interviewee’s behavior at all times, but particularly during assessment questions. Changes in body posture, tone of voice and other factors can indicate deception. Assessment questions can include things like “Who could have stolen the inventory” or “Why would someone forge a signature on a check.”
- Admission-seeking. The goal of an admission-seeking question is to encourage confession or to clear guilt. It is at this stage of the interview that things get extremely serious. Admission-seeking questions should be asked behind closed (but not locked) doors, with a witness in the room to counter possible future false claims of coercion or imprisonment. The fraud examiner must phrase admission-seeking questions very carefully to avoid making implicit or explicit promises about what will happen if the interviewee confesses. “Did you steal the money because you are dishonest or because you were in over your head financially?”
- Concluding. To conclude an interview, the fraud examiner should reconfirm facts and ask for any additional information that might be helpful in the examination. Examples of concluding questions include: “So let me summarize what I think you said. Please correct me as necessary.” or “Is there anything else you would like to tell me regarding this situation.”
Introductory, informational and concluding questions will be a part of every interview. Assessment and admission-seeking questions, however, would only be used if the fraud examiner deems them necessary based on their purposes.
Information technology, such as an ERP system, opens up new possibilities for fraud. Davis and Braun (2004) outlined five types of computer fraud, each of which has some relevance for ERP systems:
- The alteration or copying of system input. For example, a production employee may record the use of two pounds of raw material in the ERP system, while actually using only one pound. Or, a payroll clerk could copy a discharged employee’s personal information, attempting to use it for fraudulent purposes.
- The theft of processing capabilities due to unauthorized use. A purchasing department employee and a receiving department employee could collaborate to order unnecessary goods through the ERP system.
- The unauthorized duplication, deletion, modification, or installation of software. Although the idea that employers have the right to monitor their employees’ use of the company’s technology resources is well established, an unscrupulous manager or disgruntled employee could modify the system or plant viruses, Trojan horses or logic bombs in the ERP software.
- The unauthorized duplication, deletion, or modification of data. Financial reporting is full of estimates that are normally developed through a collaborative process (uncollectible receivables, useful lives of plant assets and the like). An accountant in the firm with access to the right files in an ERP system could modify previously established estimates (or other financial data) in an attempt to commit some form of financial statement fraud.
- The theft or misuse of system output. Trade secrets, sensitive human resources information and / or product specifications could be downloaded from the ERP system and used for fraudulent purposes.
After those descriptions, you may be asking yourself why anyone would install an ERP system if the opportunities for fraud are so numerous. Please keep in mind that ERP systems aren’t inherently breeding grounds for fraud. If someone is determined to commit fraud, they will seek a way to do it with or without an ERP system. But, information technology in general can make fraud easier to commit and harder to detect. Since most frauds are discovered by people inside the organization, and since the implementation of an ERP system is a big change for most organizations, managers should consider setting up an anonymous mechanism for reporting suspected fraud simultaneously with the ERP project. Doing so may reap unforeseen dividends in the future.
- Association of Certified Fraud Examiners. Report to the Nations on Occupational Fraud and Abuse. ACFE, 2010.
- Davis, H.E. and R.L. Braun. “Computer Fraud: Analyzing Perpetrators and Methods.” The CPA Journal (July 2004).
- Hurt, R. L. Accounting Information Systems: Basic Concepts and Current Issues (2nd edition). McGraw-Hill / Irwin, 2010. www.mhhe.com/hurt2e.
- Wells, J. T. Principles of Fraud Examination. Wiley, 2008.