CFE: Financial Transactions and Fraud Schemes
data classification policy
(1) organizing the entity's data into different security levels based on the data's value and sensitivity (2) assigning each level of classification different rules for viewing, editing, and sharing the data. - helps employee awareness.
check fraud prevention
- educate employees to recognize forged and fraudulent checks and the schemes behind them - Merchants and financial institutions should have a strict check acceptance policy and employees should be familiar. - employees ask for identification and make sure it is valid. -- examine each piece of identification closely every time
preventing skimming
- employees who have access to the cash register should not also be responsible for delivering the bank deposit - accounts receivable clerk should be restricted from preparing the bank deposit, accessing the accounts receivable journal, access to collections from customers. - management's communication - physical controls: video cameras, lockbox
mitigate the risk of billing schemes/ purchasing fraud prevention measure
- most effective: education and training of the purchasing and accounts payable personnel - second most effective measure: objective compensation arrangement with people making purchasing decisions. best results/accountability: separate purchasing department - separate purchasing function from the payment function - hotline for complaints & fraud tips companies should enforce competitive bidding - transparent procurement method - bids from competing contractors, suppliers, or vendors are invited by openly publicizing the scope, specifications, and terms and conditions of the proposed contract, as well as the criteria by which the bids will be evaluated. - aims at obtaining goods and services at the lowest prices by competition and preventing partiality and fraud.
preventing payroll-related fraud
- segregation of duties - periodic payroll review and analysis. The following activities should be separated: • Payroll preparation • Payroll disbursement (payroll & withholding tax accounts) • Payroll distribution • Payroll bank reconciliations • Human resource departmental functions
Data manipulation and data destruction
- use or manipulation of a computer to perpetrate a crime - unauthorized modification, suppression, or erasure of computer data or computer functions, with the intent to alter or hinder the normal functions of the targeted system. involves either direct or covert unauthorized access to a computer system by the introduction of malicious software. Some of the methods include: • Using malware to infect computers • salami technique to steal a substantial amount of money by "slicing" off a "thin" amount of cash repeatedly over time • Entering false or misleading information into a system to achieve a specific fraudulent purpose • Transmitting data, w/o authorization, to outside destination • Wire tapping into a computer's communication links • Launching a buffer overflow attack • Exploiting a vulnerability in an operating system or software application to gain access that is beyond level
Methods to conceal inventory fraud
-forced reconciliation of the account: Altering the perpetual inventory figure by decreasing inventory record to match the lower physical inventory. - physical padding of inventory: falsely making it appear that there are more assets present in the warehouse - writing off stolen inventory as scrap
bid evaluation and award phase of procurement
-procuring employees evaluate the bids or proposals -conduct discussions and negotiations -give the bidders an opportunity to revise their proposals. - elect the winning bid or proposal.
"1-in-5"
A postcard arrives in the mail telling the receiver he has already won a prize. - luxury vehicle tops the list, cash, jewelry, a living room set, and gift certificates - given items of minimal value or coupons redeemable only for company's own substandard merchandise. most common giveaway scam
fraudulent disbursement schemes
All of the following are types: • Register disbursement schemes • Check tampering schemes • Payroll schemes • Billing schemes • Expense reimbursement schemes
fee breaks
An insurance company might be guilty of fraud if it fails to pass on fee breaks it negotiates with its providers. Overcharging occurs when an insurance company negotiates a discount on a medical bill. - company does not pass along the discount - consumer's copayment is made on the full price rather than the discounted price - consumer ends up paying a higher percentage of his bill than he should
accounting equation
Assets = Liabilities + Owners' Equity -is the basis for all double-entry accounting asset (e.g., cash) is stolen, the equation can be balanced by: - increasing another asset -reducing a liability -reducing an owners' equity account -reducing revenues (and thus retained earnings) - creating an expense (and thus reducing retained earnings) removes a liability, the equation can be balanced by: - decreasing an asset -increasing a different liability -increasing an owners' equity account -increasing revenues (and thus retained earnings) -reducing an expense (and thus increasing retained earnings)
securing computer systems and communication networks
Computer networks and communications are inherently insecure and vulnerable to attack and disruption. -management must use technical and administrative controls to protect systems against threats Threats: - unauthorized use - disclosure - modification - destruction - denial of service Common technical and administrative controls include: • Logical access controls • Network security • Operating system security • Encryption • Application security • Separation of duties
fraudulent register disbursements
EX: False voids Prevention: - employee other than register worker should prepare register count sheets and agree them to register totals Red flags include the following: • Inappropriate separation of duties exists. • Cashiers, rather than supervisors, have access to the control keys necessary for refunds and voids. • Register employees authorized to void own transactions. • Register refunds are not carefully reviewed. • Multiple cashiers operate from a single cash drawer without separate access codes. • Personal checks from cashiers are found in the register. • Voided transactions are not properly documented or approved by a supervisor. • Voided cash receipt forms (manual systems) or supporting documents for voided transactions (cash register systems) are not retained on file. • Gaps exist in sequence of transactions on the register log. • high # of refunds, voids, or no-sales on the register log. • Inventory totals appear forced. • There are multiple refunds or voids for amounts just under the review limit.
Reusable medical equipment/durable medical equipment (DME) Fraud schemes
EX: crutches, wheelchairs, and specialized patient beds. perpetrated • Falsified prescriptions for equipment or supplies • Intentionally providing excessive supplies • Equipment not delivered or billed before delivery • Billing beyond when the equipment was checked out • Billing for supplies not covered by the insurance policy or health care program • Scooter scams (i.e., billing for electric-powered wheelchairs that are either unnecessary or are of poorer quality than the model billed for)
separating duties for cash fraud
Each of the following duties/responsibilities should be separated: • Cash receipts • Bank deposits • Bank reconciliation • Cash disbursements The bank deposit should be made by someone other than the cashier or the accounts receivable clerk. A person independent of the cash receipts and accounts receivable functions should compare entries to the cash receipts journal with: • Authenticated bank deposit slips • Deposit per the bank statements
accounting concept of consistency
Entities should employ consistent accounting procedures from period to period. -doesn't prohibit changes in the accounting principles used -Changes are allowed when the use of a different principle will result in a more fair financial presentation of the entity -change must be justifiable --desire to project an artificially strong performance, is not a justifiable reason for a change in accounting principle --Standards used to value inventory, depreciate assets, or accrue expenses should be consistent from one accounting period to the next. Examples include: - a change in the method of inventory pricing -a change in the depreciation method for previously recorded assets -a change in the method of accounting for long-term construction contracts disclosure should include the justification for the change, and explain why the newly adopted principle is preferable.
double-entry accounting
Every transaction recorded in the accounting records will have both a debit and a credit -The debit side of an entry will always equal the credit side so that the accounting equation remains in balance. Entries to the left side of an account are referred to as debits, and entries to the right side of an account are referred to as credits. Asset and expense accounts are increased with debits and decreased with credit liabilities, owners' equity, and revenue accounts are increased with credits and decreased with debits
fictitious expense scheme
Expense reimbursements are sometimes sought by employees for wholly fictitious items - employee invents a purchase that needs to be reimbursed. - create fraudulent support documents - can use simple computer software to create realistic-looking counterfeit receipts at home.
procurement processes
For the purpose of fraud detection, employ competitive bidding mechanisms can be reduced to four basic stages: • The presolicitation phase • The solicitation phase • The bid evaluation and award phase • The post-award and administration phase
Pass-through schemes
Instead of buying merchandise from a vendor, employee creates shell company & purchases through fictitious entity. - resells the merchandise to his employer at inflated price - makes an unauthorized profit on the transaction usually undertaken by employees in charge of purchasing on the victim company's behalf
insurance company health care fraud
Insurance companies might promote or condone deceptive or illegal sales practices to increase sales. -ex: disguise insurance policy as savings plan or investment. Insurance company/carrier is required to pay claims that: - properly submitted - contains all the required information - absent of fraud - has benefits available fraud when: - claims are consistently rejected even though the required information has been submitted - need regulatory approval for rate increases, may use cost data to justify their increases, but is fraudulent if they purposefully submit false cost data to get their rate hike
solicitation phase of procurements
Involves the bid solicitation, bid preparation, and bid submission -procuring entity prepares the solicitation document, provides notices of solicitation, and issues the solicitation document -After the procuring entity issues the solicitation document, the bidders prepare and submit their bids or proposals.
sham loan scheme
Loan officers making loans to accomplices who then share all or part of the proceeds with the lending officer to conceal: - loans are charged off as bad debts - loans paid off with the proceeds of new fraudulent loans
detecting cash fraud
Mandatory vacations, if within the company's policies -during the employee's absence, that employee's normal workload be performed by another individual Surprise cash counts could help perform independent reconciliations of the register totals to the amount of cash in the drawer -In contrast to skimming schemes, the register records should NOT match up with the cash in the drawer -For this reason, they are much easier to detect than skimming schemes—they leave an audit trail The bank deposit should be made by someone other than the cashier or the accounts receivable clerk. - person independent of the cash receipts and accounts receivable functions should compare entries to the cash receipts journal with: • Authenticated bank deposit slips • Deposit per the bank statements
special care facilities fraud
Medical facilities that offer special care services, such as nursing homes and psychiatric hospitals, and the patients in them are at a greater risk of fraud than most other medical institutions. schemes come to light after a patient reports strange charges or other red flags, but patients in special care facilities are more vulnerable to fraud: • Unscrupulous providers can operate their schemes in volume because the patients are all under one roof. • Many patients do not have the legal capacity or ability to be responsible for their own financial affairs and are not as likely to report fraud involving their care. • some facilities make patient records available to outside providers who are not responsible for the direct care of the patient (sometimes in violation of regulations). • automated claims environments: scrutiny of the claims at the processor level is inadequate, automated systems used don't accumulate data that flags indications of improbably high charges or levels of service in a timely manner. • repayment is rarely received because fraudsters go out of business or deplete resources so they lack repayment funds • Patient personal funds are often controlled by the facility's administration and are an inviting target for embezzlement. Individually, patients generally maintain a relatively small balance in their personal funds accounts. Collectively, these funds generate a considerable source of income for an unscrupulous special care facility operator or employee.
shell company schemes
Most involve the purchase of services rather than goods. - services are not tangible. - goods will obviously never arrive by comparing its purchases to its inventory levels, fraud can be detected - many schemes bill for things like "consulting services."
check fraud
Most major financial institutions attribute more than 50 percent to organized crime rings. considered a low-risk crime -the chances of being arrested and prosecuted are low -the penalties are relatively mild - fraudsters are constantly migrating items needed are easily obtainable and costs minimal. -necessary equipment for fraud ring: scanner, printer, PC
disclosing accounting changes
Must be disclosed: - changes in accounting principles - changes in estimates - changes in reporting entities required treatment for accounting changes varies for each type and across jurisdictions, susceptible to manipulation. - failure to retroactively restate financial statements for a change if causes financial statements to appear weaker - change reporting entity by adding entities owned privately by management or by excluding certain company-owned units to improve reported results.
credit repair scams
Pitch men insinuate they have ways of changing or disguising a person's credit history. - there is really no way to erase bad credit - many people fall for this scam, paying large sums of money to expunge their records
real estate fraud schemes
Real estate transactions assume a willing buyer and a willing seller. - transaction breaks down - no expert assistance at closing - expert assistance is not at arm's length - false appraisal report as a condition precedent
sales with conditions
Sales that have uncompleted terms so the rights and risks of ownership have not passed to the purchaser - such sales cannot be recorded as revenue. - when conditions for sale becomes satisfied in the future, revenue recognition would become appropriate most common: - conditional sales - consignment sales
corrupt third party
Some common red flags include a party who: • Routinely offers inappropriate gifts, provides lavish business entertainment, or otherwise tries to ingratiate himself into an organization • receives contracts w/o apparent competitive advantage • Provides poor-quality products or services but is continually awarded contracts • Charges unjustified high prices or price increases for common goods or services • Receives or pays fees in cash • Receives or pays fees in a country different from where the underlying business takes place • Offers no apparent value to the organization • Charges high commissions • Claims to have special influence with a specific buyer • Does not relate well to competitors • Has an address or telephone number that matches an employee's address, the address of an employee's outside business, or an employee's relative's address • Provides an incomplete address (e.g., a PO Box, no telephone number, or no street address) • Provides multiple addresses • Has a reputation for corruption or works in an industry or country with a reputation for corruption • Works as an independent sales representative, consultant, or other middleman who does not have the reporting and internal control requirements of his larger, publicly held competitors
corrupt employee
Some common red flags include: • high success rate in markets where competitors are known to bribe • Reputation for regularly accepting inappropriate gifts • Extravagant lifestyle • Reputation for taking action on his own or directing subordinates to bend, break, or ignore standard operating procedures or rules to benefit the payer • Tendency of employee to insert himself into areas in which he is normally not involved • Propensity to assert authority or make decisions in areas for which the employee is not responsible • Inclination to make excuses for deficiencies in a third party's products or services, such as poor quality, late deliveries, or high prices • Circumstances that generate extreme personal pressures, such as ill family members or drug addiction • History of not filing conflict of interest forms • Frequent hospitality and travel expenses for foreign public officials • Friendly social relationship with a third-party contractor • Wheeler-dealer attitude
Health Insurance Portability and Accountability Act of 1996
The Act established several criminal statutes related specifically to health care fraud. The statutes prohibit: • Committing fraud against health care benefit programs • Theft or embezzlement in connection with health care • False statements relating to health care matters • Obstruction of criminal investigations of health care offenses provides that a judge order a person convicted of a federal health care offense to forfeit any property that can be traced from the proceeds received from the offense.
End of fiscal Year closing
The accounts reflected on the income statement are temporary; at the end of each fiscal year, they are reduced to a zero balance (closed), with the resulting net income (or loss) added to (or subtracted from) retained earnings on the balance sheet.
verifier
The caller who reads some vague words about the deal and records the person's agreement - recordings are intentionally vague - leaving out the pitch and key details - essentially recording only the customer's consent - stall customers who call back to complain (heat calls) - finding reasons why a little more patience will solve the problem - convincing the person to send a little more money to help the process along
The largest amount of insurance fraud occurs in the area of:
There are a multitude of insurance fraud schemes. Likewise, there are fraud schemes that are prevalent only in specific insurance areas. The largest amount of insurance fraud is in health care.
billing schemes
There are three principal types: • Invoicing via shell companies • Invoicing via nonaccomplice vendors • Personal purchases with company funds
factoring companies
These groups buy credit card receipts from telemarketing operations at a discount, and then use their merchant bank accounts to convert the receipts into cash. -charge up to 30% of receipts' gross value to launder slips - Telemarketing operations commonly engage with them. - illegal in some jurisdictions - perpetrators slip through loopholes or disguise alliances. - doing it through Asian and European merchants is becoming increasingly common. --companies in these countries tend to charge a lower price - between nine and ten percent of the gross.
ATM fraud schemes
These schemes include: - theft of card and/or unauthorized access to PINs and account codes for transactions by unauthorized persons - employee manipulation - counterfeit ATM cards - counterfeit ATMs - magnetic strip skimming devices - ATM deposit fraud
safeguarding proprietary information task force
To coordinate a company-wide program for safeguarding proprietary information - develops the program - should include managers and staff from departments that deal with proprietary information, ex: R&D - include representatives from the following departments: corporate security, human resources, records management, data processing, and legal. FIRST STEP: task force identifies the information that is to be protected. - identify areas that give the company its competitive edge - "What information would a competitor like to know?"
risk-based information-security systems
To prevent the loss or misuse of sensitive data or proprietary information - designed to detect and prevent unauthorized access to sensitive information - requires controls to ensure that data is used as intended --depend on the combination and coordination of people, processes, technologies, and other resources. should include the following: • Task force • Security risk assessments • Security policies and procedures • Awareness training • Nondisclosure agreements • Noncompetition agreements • Data classification • Data retention and destruction policies • Data minimization • Security controls • Measures to guard manual file systems • Monitoring of visitor access • Quiet room
gross margin, or gross profit
Two basic types of accounts are reported on the income statement—revenues and expenses. Revenues represent amounts received from the sale of goods or services during the accounting period. -Most companies present net sales as the first line item on the income statement -net means that the amount is the company's total sales minus any sales refunds, returns, discounts, or allowances. Net Sales = Sales - sales refunds, returns, discounts, or allowances From net sales, an expense titled cost of goods sold or cost of sales is deducted. -this expense denotes the amount a company spent (in past, present, and/or future accounting periods) to produce the goods or services that were sold during the current period. The difference between net sales and cost of goods sold is called gross margin, or gross profit, which represents the amount left over from sales to pay the company's operating expenses. Gross Margin = Net Sales - Cost of Goods Sold
Credit card fraud
Types: Advance payments, card counterfeiting, and account takeovers are all; NOT profiling chances of being caught are low and prosecution is not ensured Retail stores have identified credit card thieves and contacted law enforcement only to receive little or no response regarding the crime. Fraudulent activity normally occurs within hours of the loss or theft, before most victims have called to report the loss.
identity theft
Utility company, health club, and school records all carry identifiers that can be used to steal someone's identity. - Government identification numbers on many applications and are instrumental in obtaining other information. ways to protect yourself include: • make sure individual/business requesting personal information has a valid reason for requiring the information. • Never write your credit card numbers or government identification number on checks or on envelopes • Don't give out account numbers over the telephone or to persons/companies with which you are not familiar. • Keep all financial documents in a secure place. • Obtain a copy of your credit report on a regular basis. • Shred pre-approved credit applications. • Have yourself taken off of pre-screened lists. • Mail bill payments from post office or business location. • Keep your birth certificate in a safe place. • use difficult passwords and different ones for all accounts. • Change passwords and PIN codes often. • Don't put your government identification number on any document that you are not legally required to.
Defective pricing
When contractors intentionally use inaccurate cost or pricing data to inflate costs in negotiated contracts - involve inflated labor costs or inflated material costs contractor can inflate material costs by: • Failing to disclose discounts and credits • Using outdated standard costs • small-quantity costs to price large-quantity purchases • Subcontracting to or purchasing from affiliated companies at inflated prices • Failing to disclose residual materials inventory • Using phantom suppliers to inflate costs • Failing to disclose changes in "make or buy" decisions • Estimating costs based on invalid cost allocation methods • Using unsupported cost escalation factors
balance sheet or statement of financial position
a "snapshot" of a company's financial situation at a specific point in time, generally the last day of the accounting period -an expansion of the accounting equation, Assets = Liabilities + Owners' Equity Assets are the resources owned by a company. -presented on the balance sheet in order of liquidity (i.e., how soon they are expected to be converted to cash). -in a financial statement fraud scheme, the balance sheet is manipulated to appear stronger by overstating assets and/or understating liabilities. -Current assets: cash or other liquid assets that are expected to be converted to cash, sold, or used up, usually within a year or less. --include: cash, accounts receivable, inventory, supplies, and prepaid expenses -long-term assets: assets that will not be converted to cash in the near future, such as fixed assets and intangible assets -fixed assets: presented net of accumulated depreciation --an amount that represents the cumulative expense taken for wear-and-tear on a company's property. Liabilities are presented in order of maturity -current liabilities: obligations that are expected to be paid within one year --accounts payable (the amount owed to vendors by a company for purchases on credit) --accrued expenses (e.g., taxes payable or salaries payable) --portion of long-term debts due within the next year -long-term liabilities: not due for more than a year --bonds, notes, and mortgages payable Includes: -Notes payable, current assets, retained earnings, and accumulated depreciation can all be found on the balance sheet.
forged maker scheme
a check tampering scheme in which an employee misappropriates a check and fraudulently affixes the signature of an authorized maker - person who signs a check is the "maker" of the check
register disbursement scheme
a fraudulent transaction that justifies the removal of cash from the register, such as a false return or a voided sale.
phantom services scheme
a legitimate health care providers charge or bill a health care program for services that were not rendered at all. - providers submit bills for patients they have never seen - use private patient information they purchased from someone involved in identity theft/improperly obtained it
air loan
a loan for a nonexistent property -"air" is loan's fraudulent absence of collateral - documentation is fabricated, including the borrower, the property ownership documents, and the appraisal - involves a high level of collusion - might have even set up a dummy office with people pretending to be participants in the transaction - go into early payment default - no actual properties to foreclose, losses is enormous
computer worm
a malicious self-replicating computer program that penetrates operating systems to spread malicious code to other computers.
when to deviate from generally accepted accounting principles (GAAP)
a matter of professional judgment; there is no clear-cut set of circumstances that justify such a departure. Departures from GAAP can be justified in the following circumstances: • It is common practice in the entity's industry for a transaction to be reported a particular way. • The substance of the transaction is better reflected (and, therefore, the financial statements are more fairly presented) by not strictly following GAAP. • If a transaction is considered immaterial (i.e., it would not affect a decision made by a prudent reader of the financial statements), then it need not be reported. • There is concern that assets or income would be overstated (the conservatism constraint requires that when there is any doubt, one should avoid overstating assets and income). • The results of departure appear reasonable under the circumstances, especially when strict adherence to GAAP will produce unreasonable results and the departure is properly disclosed. the fact that complying with GAAP would be more expensive or would make the financial statements look weaker is not a reason
Separation of duties for inventory
a measure commonly used to prevent inventory theft. duties that should be handled by different personnel: • Requisition of inventory • Receipt of inventory • Disbursement/shipment of inventory • Conversion of inventory to scrap • Receipt of proceeds from disposal of scrap
need recognition scheme
a procurement employee convinces his employer that it needs excessive or unnecessary products or services procurement actions begin with the procuring entity making a determination of its general needs -include assessments of the types and amounts of goods or services required to meet the entity's needs red flags: -unusually high requirements for stock and inventory levels - materials not being ordered at the optimal reorder point - writing off large numbers of surplus items as scrap, these items leave the inventory, and open up space - "need" defined so that only a certain supplier can fulfill it - failure to develop a satisfactory list of backup suppliers = unusually strong attachment to a primary supplier
bid manipulation schemes
a procuring employee manipulates the bidding process to benefit a favored contractor or supplier. common ways to commit these schemes include: • Prematurely opening bids • Altering bids • Extending bid opening dates without justification
Past posting
a scheme in which a person becomes involved in an automobile accident, but does not have insurance. After the accident, the person gets insurance, waits a short time, and then reports the vehicle as having been damaged in some manner, thus collecting for the earlier loss.
altered payee scheme
a type of check tampering fraud in which an employee intercepts a company check intended for a third party and alters the payee designation so that the check can be converted by the employee or an accomplice. - inserts his own name, the name of a fictitious entity, or some other name on the check's payee line.
understated sales scheme
a type of skimming scheme in which a fraudster records a sale for less than it actually is and skims the difference.
Unscrupulous debt consolidation schemes
agency collects money from debtor but doesn't forward it to the creditors - considerable time can pass before the debtor finds out that his money has been misappropriated. another version: customer "guaranteed" that he will receive a loan or a credit card regardless of his credit ratings - victims have been rejected by legitimate financial institutions because their credit ratings are poor. - pays a processing fee for the application to be accepted. - After the victim pays the fee, the con artist disappears.
noncompetition agreement
agreement whereby an employee agrees not to work for competing companies within a certain period of time after leaving his current employer.
Retainage/ holdback
amount withheld from each draw request until the construction is complete and the lien period has expired
Collusion
an agreement between two or more individuals to commit an act designed to deceive or gain an unfair advantage -ex: a purchasing employee and vendor agree to bill the company for services never rendered
quiet room
an area that is acoustically and radio-frequency shielded so that conversations that occur within the room cannot be monitored or heard from outside the room - prevent corporate spies from listening in on meetings
misappropriation of a company asset
an asset can be misused (or "borrowed") or it can be stolen. Assets that are typically misused: -company vehicles, supplies, computers, office equipment Despite the modest financial impact, it constitutes fraud, particularly when a false statement accompanies the use.
unauthorized disbursement of funds to an outsider
an employee abuses his authority to approve a fraudulent (counterfeit, forged, stolen, etc.) instrument - embezzlement scheme used against financial institutions The scheme in this
forged endorsement scheme
an employee intercepts a company check intended for a third party and converts the check by endorsing it with the third party's name
Extortion
an employee or official, with the other party's consent obtained though wrongful use of actual or threatened force or fear and demands money or some other consideration to make a particular business decision - government official demands money in exchange for making a business decision - politician threatens to shut down a business if it does not pay a bribe
mischaracterized expense scheme
an employee requests reimbursement for a personal expense, claiming that it is business related
multiple reimbursement scheme
an employee submits several types of support for the same expense so he can get reimbursed multiple times
Bid tailoring schemes/specifications schemes
an employee with procurement responsibilities, often in collusion with a contractor, drafts bid specifications in a way that gives an unfair advantage to a certain contractor. -occur during the presolicitation phase Bid specifications: list of elements, measurements, materials, characteristics, required functions, and other specific information detailing the goods and services that a procuring entity needs from a contractor. There are three primary methods: - drafting narrow specifications: tailors to accommodate a vendor's capabilities and to eliminate other competitors so that the favored contractor is effectively guaranteed to win - drafting broad specifications: broad qualification standards to qualify an otherwise unqualified contractor - drafting vague specifications: buyer's personnel and the contractor collude to write vague specifications or intentionally omit bid specifications --enables subsequent contract amendments, allowing the contractor to raise the contract's price
Ponzi schemes
an illegal business practice in which new investors' money is used to make payments to earlier investors - investment opportunity is typically presented with the promise of uncommonly high returns - little or no actual commerce involved Several red flags can help investigators: • Sounds too good to be true • Promises of low risk or high rewards: all legitimate investments include some degree of risk, any guarantee that an investment will perform in a certain way is sign • History of consistent returns: remarkably consistent returns regardless of market conditions • High-pressure sales tactics: investment firms and agents do not push potential investors to act immediately, and investment opportunities are rarely that time sensitive. • Pressure to reinvest: convincing investors to reinvest their profits rather than take a payout. • Complex trading strategies: Legitimate agents provide clear explanations about investment strategies, fraudsters purposefully employ complicated strategies to confound • Lack of transparency or access: Secrecy in operations of a financial company, operators are often unlicensed and supposed investments are typically unregistered, lack of access to regular statements or an online account • Lack of segregation of duties: financial manager who manages, administers, and retains custody of the funds.
skimming scheme
an off-book fraud, routine account reconciliation is not likely to prevent or detect a skimming scheme. -reconciling the sales records to the amount of cash received will not indicate there is anything amiss; because the skimmed sale was never recorded, the books will remain in balance. methods to protect against: -Reconciling the physical inventory count with the perpetual inventory records - off-book sales of goods always causes inventory shrinkage and a rise in the cost of goods sold Types: Unrecorded Sales: an employee sells goods/services to a customer & collects the customer's payment, but makes no record of the sale. - Independent salespersons who sells goods door-to-door and does not turn in the orders to his employer - removal of cash from a victim entity prior to its entry in an accounting system - steal sales OR accounts receivable payments before they are recorded in the company books Understated sales: employee enters a sales total that is lower than the amount actually paid by the customer - skims the difference between the actual purchase price of the item and the sales figure recorded on the register - could also record the sale of fewer items
Red Flag Rules
apply primarily to financial institutions, also apply to any creditor with covered accounts - creditor: any entity that "regularly extends, renews, or continues credit" or "regularly arranges for the extension, renewal, or continuation of credit," includes banking institutions, mortgage lenders, retailers, utility companies, car dealers, and debt collectors - covered account: account primarily used for personal, family, or household purposes and that involves multiple payments or transactions, including credit card accounts, mortgage loans, car loans, cell phone accounts, utility accounts, and savings accounts.
Labor costs
are more susceptible to mischarging than material costs -unlike other costs, no external documentation or physical evidence to provide an independent check or balance - can readily be charged to any contract the only way to ensure that labor costs are charged to the correct account is to actually observe each employee's work and then review the accounting records to verify that the employee's cost is charged to the proper contract.
construction loan fraud
are numerous; the more common ones are related to: - estimates of costs to complete - draw requests: substantiates that developer/borrower has incurred appropriate construction expenses and is seeking reimbursement or direct payment --fraud: requesting advances on loan for inappropriate costs, ex. personal expenses or unrelated project costs -- greatest opportunity for fraud because the lender relies upon the developer's documentation. - retainage/holdback schemes - developer overhead: purpose is supply developer with operating capital while the project is under construction -- allocation should not include a profit percentage, as the developer realizes profit upon completion
going concern
assumption that the life of the entity will be long enough to fulfill its financial and legal obligations -management is required to provide disclosures when existing events or conditions indicate that it is more likely than not that the entity might be unable to meet its obligations within a reasonable period of time after the financial statements are issued.
Pharming
attack in which a user is fooled into entering sensitive data (such as a password or credit card number) into a malicious website that imitates a legitimate website - different from phishing in that the attacker does not have to rely on having the user click on a link in an email to direct him to the imitation website.
Authentication
authentication of a customer's identity - E-commerce entities must make sure that they can determine with whom they (or their computers) are communicating - Digital signatures function to authenticate e-commerce transactions.
Password cracking
automated process by which an attacker attempts to guess a system user's most likely passwords.
daisy chain
bank buys, sells & swaps bad loans for another bank's - creating new documentation in the process - purpose is to mask or hide bad loans by making them look like they are recent and good
double-pledging collateral scheme
borrowers pledge the same collateral with different lenders before liens are recorded and without telling the lenders.
Job postings
can contain valuable information -provide information on job skills that a target company needs and the number of employees it is seeking to hire. - an intelligence professional can infer a target company's success over time, the kinds of projects it is developing, or where it is devoting personnel resources. - large-scale hiring: indicate that a competitor has signed or expects to sign a large contract. -employment ads point out defections of key personnel.
"dumpster diving"
can yield checks, credit card and bank statements, or other records that bear a person's name, address, and telephone number - can target the trash at banks, insurance companies, hospitals, and other businesses—locations that an individual has no control over.
telemarketer scheme
catching a boiler room operation in progress is difficult - Operations select a town, set up a room, make their haul, and leave again in a matter of weeks or months - When authorities raid, operation have already moved on - company owners registered with regulators under an alias many businesses are affected by office supply and marketing services scams Vocabulary: • Boiler room staff:room shared by fronters, closers, verifiers • Fronters: calls victims, makes initial pitch, low-level worker, breaks into the business & reads a script to customer, seldom see merchandise or know extent of the operation, limiting what they can tell investigators and protects them in the event of prosecution. • Closers: Fronters pass an interested caller to them, the firm's "manager," who convinces the person to buy. • Verifiers: reads some words about deal & records person's agreement, recordings are intentionally vague, leave out pitch & key details, record customer's consent. Also stall customers who call back to complain (heat calls), give reasons why patience will solve problem & convince person to send a little more money to help the process along.
payroll schemes
categories: • Ghost employees • Falsified hours and salary • Commission schemes
quick ratio/ acid test ratio
compares assets that can be immediately liquidated - measure of a company's ability to meet sudden cash requirements - during turbulent economic times, used more prevalently, - gives analyst worst-case of working capital situation (cash + marketable securities + receivables) / current liabilities.
circumventing the competitive bidding process
competitors collude to defeat competition or to inflate the prices of goods and services artificially common forms of collusion between competitors: • Bid rotation/bid pooling: contractors conspire to alternate the business among themselves on a rotating basis • Bid suppression: contractors enter into an illegal agreement where at least one of the conspirators refrains from bidding or withdraws a previously submitted bid. • Market division/market allocation: agreements among competitors to divide and allocate markets and to refrain from competing in each other's designated portion
protect manual file systems
composed of all human-readable files and documents include: contact lists, schedules, and calendars information thief might pilfer trash, act as a cleaning crew member, or commit theft or burglary. Reasonable measures to protect: • high-grade locked filing cabinets, lock when not in use. • cross-cut shredder • bonded waste-disposal company. • Receive & send mail at a secure site (ex: post office boxes) • perimeter security: alarm system,door and window locks • Pay attention to securing auxiliary materials.
Turnkeys
comprise an industry of their own by providing the collateral a telemarketing scam needs: - launder credit card receipts and checks - sell autodialers and phone lists - provide the merchandise portrayed as valuable prizes
debt-to-equity ratio
computed by dividing total liabilities by total equity heavily considered by lending institutions - comparison between the long-term and short-term debt of the company and the owner's financial injection plus earnings to date - ratio requirements are often included as borrowing covenants in corporate lending agreements.
post-award and administration phase of procurement
contracting parties fulfill their respective duties through the performance of their contractual obligations. Activities include: - contract modifications (i.e., change orders) - review of completed portions and release of monies - assessment of deliverables for compliance with the contract terms, including quality control.
fictitious provider scheme
corrupt providers or other criminals fraudulently obtain and use another provider's identification information and steal or purchase lists of patient identifying information. - perpetrator submits bills using the fictitious provider's information to the insurance provider or government health care program for medical services, although no services are performed.
lapping/receivables scheme
crediting of one account through the abstraction of money from another account fraudster skims a customer's payment instead of posting it to his account, the next payment does get posted to victim's account -next statement arrives, customer will see that his payment was not applied to his account and will complain -- to avoid this fraudster takes another customer's payment and posts it to the victim's account, etc -can be detected by independent confirmation of customers' account balances - at least one customer account will appear delinquent on the books, even though that customer has paid. most difficult aspect to reproduce is the hologram - True holograms use a "lenticular refraction" process; counterfeits use reflected materials with an image stamped - decals are attached to the card's surface rather than fixed into the plastic, as is the case with legitimate cards - holograms do not change colors, as legitimate ones do, when viewed from various angles.
financial statement fraud scheme
deliberate misrepresentation of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users. The five classifications are: • Fictitious revenues • Timing differences • Concealed liabilities and expenses • Improper disclosures • Improper asset valuations goal when committing a is to make the entity look stronger and more profitable - achieved by concealing liabilities and/or expenses - understate liabilities or capitalize a an expense cost Financial statements are the responsibility of management. - fraudster typically someone in a managerial role with ability to alter the financial statements - has incentive to commit fraud - fraud investigations: conducted/overseen by management -->fraud cases persist for a long time before the whistle is blown or the fraud is discovered by an external party. capital expenditures recorded as expenses not as assets= - lower net income - understated assets reasons entity might want to look worse than it actually is: - minimizing net income due to tax considerations - result for the current accounting period is that total assets will be understated and expenses will be overstated.
income statement (statement of profit or loss and other comprehensive income)
details how much profit (or loss) a company earned during a period of time, such as a quarter or a year
statement of changes in owners' equity
details the changes in the total owners' equity amount listed on the balance sheet -it shows how the amounts on the income statement flow through to the balance sheet --it acts as the connecting link between the two statements. The balance of the owners' equity at the beginning of the year is the starting point for the statement. The transactions that affect owners' equity are listed next and are added together. The result is added to (or subtracted from, if negative) the beginning-of-the-year balance, which provides the end-of-the-year balance for total owners' equity.
statement of changes in owners' equity
details the changes in the total owners' equity amount listed on the balance sheet. -shows how the amounts on the income statement flow through to the balance sheet, it acts as the connecting link between the two statements -is a summary overview of the effects of owner investment and company net income on the owners' equity balance -does not name any shareholders or their individual ownership stake in the company. -balance of the owners' equity at the beginning of the year is the starting point for the statement. ->The transactions that affect owners' equity are listed next and are added together ->The result is added to (or subtracted from, if negative) the beginning-of-the-year balance, which provides the end-of-the-year balance for total owners' equity
Inventory fraud
detected by using an analytical review because certain trends become immediately clear -sales and cost of goods sold should move together since they are directly related. -if the cost of goods sold increases disproportionately to amount of sales, and no changes occur in the purchase prices, quantities purchased, or quality of products purchased, the cause might be one of two things: (1) ending inventory has been depleted by theft (2) someone has been embezzling money through a false billing scheme Someone who is knowledgeable about the inventory but independent of the purchasing or warehousing functions should conduct physical observation of inventory. - Ex: sales representatives who typically have no access to the physical inventory.
embezzlement red flags
detected with review of source documents, particular situation determines what the examiner needs to look for common red flags in source documents: • Missing source documents • Payees on source documents don't match general ledger • Receipts or invoices lack professional quality • Duplicate payment documents for different transactions • Payee identification information that matches an employee's information or that of his relatives • Apparent signs of alteration to source documents • Lack of original source documents (photocopies only)
intrusion detection system (IDS)
device or software application that monitors inbound and outbound network activity and identifies any suspicious patterns of activity that might indicate a network or system attack or security policy violations. - supplement firewalls/forms of network security - detect malicious activity coming across the monitored entity's network or system activities - like a motion sensor detects individuals who bypassed perimeter security.
human intelligence
direct contact with people, gathered from subject matter experts and informed individuals. - target those who can provide most valuable information. EX: Disguise as a customer approach exploits two weaknesses of corporate culture: (1) all salespeople want to make a sale (2) salespeople will do almost anything to make a sale. Other approaches include: • Employment interviews (real and fake) • False licensing negotiations • False acquisition or merger negotiations • Hiring an employee away from a target entity • Planting an agent in a target organization • Social engineering
draw request
documentation substantiating that a developer has incurred the appropriate construction expenses and is now seeking reimbursement or direct payment. - made on a periodic schedule and verified by a quantity surveyor (QS) or other authorized entity request accompanied by the following documents: • Paid invoices for raw materials • Lien releases from each subcontractor • Inspection reports • Canceled checks from previous draw requests • Bank reconciliation for construction draw account for previous month • Loan balancing form demonstrating that the loan remains in balance • Change orders, if applicable • Wiring instructions, if applicable • Proof of developer contribution, if applicable
Motivation for financial statement fraud
does not always involve personal gain - to make a company's earnings look better on paper. more common reasons include: • To encourage investment through the sale of stock • To demonstrate increased earnings per share or partnership profits interest, thus allowing increased dividend/distribution payouts • To cover inability to generate cash flow • To avoid negative market perceptions • obtain financing/favorable terms on existing financing • To receive higher purchase prices for acquisitions • To demonstrate compliance with financing covenants • To meet company goals and objectives • To receive performance-related bonuses
Real estate scams
easily recognized, always time pressure, victims convinced it's a "once-in-a-lifetime, now-or-never" deal - investors led to believe there is no time to investigate the venture, and will miss the opportunity to make a fortune. - Promises of big profits for little or no involvement are the norm in real estate scams - investor told it's a special offer or an exclusive deal
fictitious refund scheme
employee processes a transaction as if a customer were returning merchandise, though no actual return takes place. register log balances with the amount of cash in register - money taken by the fraudster is supposed to have been removed and given to the customer as a refund - instead employee keeps this cash for himself debit is made to inventory system showing that the merchandise has been returned - no merchandise is actually returned resulting in company's inventory being overstated.
false accounting entries schemes
employees debit the general ledger to credit their own accounts or to cover up a theft from a customer account. - embezzlement scheme used against financial institutions.
targets of intelligence gatherers
employees in the following departments: - research and development - marketing - manufacturing and production - human resources - sales - purchasing.
liability omissions
failure to disclose loan covenants or contingent liabilities - Loan covenants: agreements, in addition to or as part of a financing arrangement, that a borrower has promised to keep as long as the financing is in place - agreements can contain various types of covenants: -- certain financial ratio limits -- restrictions on other major financing arrangements
tombstone policies
fictitious policies submitted by an insurance salesperson to improve his sales record or increase his commissions. -term came into being because agents would literally copy names from tombstones to write the new, fictitious policies.
credit card fraud red flags
following can occur in a legitimate transaction, they frequently are present during fraudulent transactions: • Takes a card from a pocket instead of a wallet or purse • Purchases an unusual number of expensive items • Makes random purchases, selecting items with little regard to size, quality, or value • Makes several small purchases to stay under the floor limit, or asks what the floor limit is • Signs the sales draft slowly or awkwardly • Charges expensive items on a newly valid credit card • Cannot provide a photo identification when asked • Rushes the merchant or teller • Purchases a large item, and insists on taking it at the time, even when delivery is included in the price • Becomes argumentative with the teller or merchant while waiting for the transaction to be completed
Methods to prevent inventory fraud
four basic measures to help prevent: - proper documentation --documents that should be prenumbered and controlled: • Requisitions • Receiving reports • Perpetual records • Raw materials requisitions • Shipping documents • Job cost sheets - separation of duties (including approvals) - independent checks - physical safeguards --locks -- access limited to authorized personnel only.
Workers' compensation schemes
four categories: • Premium fraud: misrepresentation of information to the insurer by employers to lower the cost of workers' compensation premiums. For example, an employer might understate the amount of the payroll for higher-risk classifications, thus receiving lower-cost premiums. • Agent fraud schemes: stealing premiums and conspiring to reduce premiums. Agents sometimes issue certificates of coverage to the apparently insured customer while misappropriating the premium rather than forwarding it to the insurance carrier. Agents might also conspire to alter or improperly influence insurance applications to offer lower premiums to their clients. • Claimant fraud involves misrepresenting the circumstances of any injury or fabricating that an injury occurred. • Organized fraud schemes are composed of the united efforts of a lawyer, a capper, a doctor, and the claimant. This type of scheme is used not only in workers' compensation cases, but also in other medical frauds, such as automobile injuries.
detecting non-conforming goods or services scheme
fraud examiner should examine the following for red flags: • Contract or purchase order specifications • Contractor's statements, claims, invoices, supporting documents • Received product • Test/inspection results, search for discrepancies between tests and inspection results and contract specifications • Review correspondence and contract files for indications of noncompliance. • Request assistance from outside technical personnel to conduct after-the-fact tests. • Inspect/test goods or materials by examining packaging, appearance, & description • Segregate/identify source of suspect goods or materials. • Review inspection reports to determine whether the work performed and materials used in a project were inspected and considered acceptable. • Review the contractor's books, payroll, and expense records to see if they incurred necessary costs to comply with contract specifications. • Review the inspection and testing reports of goods • Conduct routine and unannounced inspections and tests of questioned goods or materials. • Examine the contractor's books and manufacturing or purchase records for additional evidence, looking for discrepancies between claimed and actual costs, contractors, etc. • Interview procurement personnel about the presence of any red flags or other indications of noncompliance. • Search external records for history of misconduct.
check fraud red flags
fraud examiner should look for the following: • Frequent deposits & checks in the same amounts, in round numbers, or with checks written on the same (other) bank • Frequent ATM account balance inquiries • Many large deposits made on Thursday or Friday to take advantage of the weekend • Large periodic balances in individual accounts with no apparent business activity • Low average balance compared to high level of deposits • Many checks made payable to other banks • Bank willingness to pay against uncollected funds • Deposits not made daily or intact • Entity uses receipts that do not indicate mode of payment • personal checks in the cash drawer by the fund custodian • Deposit timing lags • Irregular check endorsements • Amount of deposit doen't agree with daily activity report • Inappropriate access to signature plate • Check numbers, payee name, date, and amount don't agree with entries in the check register • Voided checks are not retained • Checks issued to individuals for large, even dollar amounts • Supporting documentation for checks is not available or has been prematurely destroyed • Cash withdrawal with deposit checks drawn on another bank
managed care environment
fraud is not eliminated - Insured fraud might be reduced substantially - provider fraud is still alive and well - can bill for fraudulent services has an additional incentive for fraud - providers share in the financial risk of a patient - provides fewer services to a patient since a fixed capitation rate allows the patient unlimited visits to provider.
new bank accounts fraud
fraud on account within the first 90 days that it is open - Fraud is more likely to occur than in established accounts. - perpetrators open accounts with sole intent of fraud - efforts taken to identify the potential new customers
Phishing schemes
fraudster manipulates victims into providing sensitive information by falsely claiming to be from an actual business, bank, Internet service provider (ISP), or other entity with which the target does business. - emails to direct Internet users to websites that look like legitimate e-commerce sites - control these sites and use them to steal sensitive information, such as bank account details and passwords.
SMiShing
hybrid of phishing and text messaging -use text messages or other short message systems to dupe an individual or business into providing sensitive data by falsely claiming to be from an actual business, bank, ISP, or other entity with which the target does business.
Kickbacks
improper, undisclosed payments made to obtain favorable treatment. ex: an employee receiving a payment for directing excess business to a vendor -compensation could involve monetary payments, entertainment, travel, or other favorable perks -may be no overbilling; the vendor simply pays to ensure a steady stream of business from the purchasing company.
Types of insurance agent/broker fraud
include: • Premium theft—An agent collects the premium, but does not remit the check to the insurance company. Thus, the insured unknowingly has no coverage available upon a qualifying event. • Fictitious payees—An agent or a clerk changes the beneficiary on record to a fictitious person and subsequently submits the necessary papers to authorize the issuance of a check. • Fictitious death claims—An agent or employee obtains a fictitious death certificate and requests that a death claim check be issued. The agent receives the check and cashes it.
Open-source information
information in the public domain - publicly available data that anyone can lawfully obtain by request, purchase, or observation.
targeting research and development (R&D) personnel
intelligence professionals target them because they are in the flow of information, open exchange of information is part of the nature of their job - participate in conferences, attend trade shows, and work with academic institutions; intelligence spies listen in - researchers who publish findings in industry journals might include details of a project on which they are working --particularly true of academic professionals --management must make sure that the academician understands that he must keep the results confidential and must make sure that teaching assistants or graduate students is minimal and understand the confidentiality
Property flipping/ ABC transaction
investor purchases a home and then resells it at a unjustly inflated price shortly thereafter. - not intrinsically illegal or fraudulent - often as the result of a fraudulent appraisal - property is sold twice in rapid succession at a significant increase in value
Confidence schemes
involve a range of fraudulent conduct usually committed by professional "con artists" against unsuspecting victims -victims can be organizations but commonly are individuals -Con men usually act on their own, but they might group together for a particularly complex endeavor. examples include: - advance-fee swindles - debt consolidation schemes - directory advertising schemes - personal improvement frauds - diploma mills
improper asset valuations
involve fraudulent overstatement of inventory or receivables, with goal being to strengthen the appearance of the balance sheet and/or certain financial ratios include: - manipulation of the allocation of the purchase price of an acquired business in order to inflate future earnings - misclassification of fixed and other assets - improper capitalization of inventory or start-up costs. usually take the form of one of the following classifications: • Inventory valuation • Accounts receivable • Business combinations • Fixed assets
Property flopping
involves a property subject to a short sale (meaning the owner sells the property at a lower value than the unpaid mortgage amount on the property). - variation on property flipping, - conducted by industry insiders or unscrupulous entrepreneurs rather than the homeowner - rapid transfer of property with unjustified, significant change in value, with value on first transaction is deflated - lenders require all interested parties to sign an affidavit requiring disclosure of an immediate subsequent sale
Scavenging
involves collecting information left around computer systems (e.g., on desks or workstations)
Fraudulent sale scams
involves fraudulent acquisition of real estate by filing a fraudulent deed or respective real estate document, makes it appear that the property legally belongs to the criminal. - without the homeowner's knowledge, scam happens decades after the property was originally sold - perpetrator identifies owned free property and clear - creates fictitious property transfer documents that purport to grant all rights and title on the property to the fraudster. - true owner's signature is forged and scammer files them in the jurisdiction's real property records - Once ownership documents are filed, he applies for and executes a loan on the property (using a straw borrower). - value is inflated, leaves with 100% of the loan proceeds.
Ditching/ owner give-ups
involves getting rid of a vehicle to collect on an insurance policy or to settle an outstanding loan. -vehicle is expensive and with a small down payment -owner falsely reports the vehicle as stolen while orchestrating its destruction or disappearance in some way --ex: stripped for parts, burned, or submerged in water. --owner abandons the vehicle, hoping that it will be stolen. The scheme also sometimes involves a homeowner's insurance claim for the property that was supposedly in the vehicle when it was "stolen."
scavenger or revenge scheme
involves the company that initially conned the consumer - with a different company's name - contacts the consumer again and asks if he would like to help put the unethical company out of business and get his money back - upfront fee is required to finance the investigation.
Administrative security
involves the use of tools to provide an acceptable level of protection for computing resources
Shoulder surfing
involves watching and listening to an unsuspecting target from a nearby location while the target: - enters his username and password into a system - talks on the phone - fills out financial forms - performs some other task to obtain valuable information.
Illegal gratuities
items of value given for, or because of, some act, to reward a decision, often after the recipient has made the decision. -unlike bribery schemes, illegal gratuity schemes do not necessarily involve an intent to influence a particular decision before the fact -often is merely something that a party who has benefited from a decision offers as a "thank you" to the person who made the beneficial decision.
Voice phishing vishing
leveraging Voice over Internet Protocol (VoIP) in using the telephone system to falsely claim to be a legitimate enterprise in an attempt to scam users (both consumers and businesses) into disclosing personal information -transmitted as an incoming recorded telephone message that uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization - message uses an urgent pretext to direct unsuspecting users to another telephone number - victim punches in personal information on his keypad - criminals capture the key tones and convert them back to numerical format Government, financial institutions, online auctions and their payment services, can be targets of voice phishing.
Direct-action viruses
load themselves onto the target system's memory, infect other files, and then unload themselves.
nonperforming loan
loan that is in default or close to being in default - interest and principal payments might be overdue - creditor believes the loan will not be collected in full - indicative of different fraud scheme: • Fraudulent appraisals—The cash flow cannot support an inflated loan and resulting debt amount. • False statements—The loan was made on false or fraud ulently presented assumptions. • Equity skimming— never intended to make loan payments. •Construction over-budget items—The amount over budget might be a concealment method for other schemes such as embezzlement, misappropriation, or false statements. • Bribery—loan made because lender received a bribe • Land flips—The purpose of the loan was to finance the seller out of a property that has an artificially inflated value. • Disguised transactions—The loans are sham transactions without substance, made to conceal other ills.
Current Procedural Terminology (CPT) codes
maintained by the American Medical Association and are designed to describe inpatient and outpatient health care services by a provider in the United States - billing an insurer or health care program: provider will use CPT codes to identify the services performed
Fictitious voids
making fraudulent disbursements from the register appear to be legitimate - perpetrator needs customer's copy of the sales receipt - withholds the customer's receipt at the time of the sale - results in inventory shrinkage
Crimeware
malware designed to simplify or automate online criminal activities, such as programs to fraudulently obtain financial gain from the affected user or other third parties. not a type of malware, but rather a classification of malware denoted by its intent to facilitate criminal behavior.
Change orders
many change orders are legitimate construction changes (for design, cost, etc), can also be indicators of fraud - often submitted along with draw requests. - increasing trend in number or amounts on them indicate that construction changes alter the original project enough to render underwriting inappropriate - same impact on project as altering original documents - contracted on bid so is an indication of collusive bidding - indication that original project was not feasible and that shortcuts are shoring up other problem areas - should be approved by the architect and engineer on the project in addition to the lender's inspector
Ratio analysis
means of measuring the relationship between two different financial statement amounts - allows internal evaluations using financial statement data - used in comparisons to an entity's industry average - useful in detecting red flags for a fraud examination
Diagnostic-related groupings (DRG) creep
medical staff manipulate diagnostic & procedural codes to increase reimbursement amounts or other forms of funding reimbursement methodology for the payment of institutional services - categorizes patients who are medically related with respect to various types of information, such as: -- primary and secondary diagnosis -- age -- gender -- weight -- length of stay -- complications - Reimbursements are determined by the categories
Non-repudiation
method to guarantee that parties involved in e-commerce transaction cannot (deny) participation in that transaction - an information security goal that an e-commerce system should strive to provide its users and asset holders obtained through the use of digital signatures, confirmation services, and timestamps
false sales scheme
method where employee depends on an accomplice to help steal inventory. -accomplice pretends to buy merchandise, but the employee does not ring up the sale. The accomplice then take the merchandise without paying for it -To a casual observer, transaction appears like normal sale. -bags the merchandise and "sale" is not recorded -accomplice might pass an amount of money to the employee to complete the illusion -related scheme:employee sells merchandise to an accomplice at an unauthorized discount
percentage analysis of financial statements
methods: - Vertical analysis: analyzing the relationships among the items on an income statement, balance sheet, or statement of cash flows by expressing components as percentages --on income statement: net sales is assigned 100 percent --On balance sheet: total assets is assigned 100 percent and total liabilities and equity is assigned 100 percent - Horizontal analysis: analyzing % change in individual financial statement items from one year to the next -- first period considered the base, changes to subsequent periods are computed as a percentage of the base period
"window dressing."
misclassifying long-term assets as short-term to make current ratio appear artificially stronger. - critical concern to lending institutions that often require the maintenance of certain financial ratios. - of consequence when loan covenants are on unsecured or under-secured lines of credit/short-term borrowings. current ration = (current assets/current liabilities) to evaluate a company's ability to satisfy its short-term obligations - some schemes are used to inflate current assets at the expense of long-term assets
claimant fraud
misrepresenting the circumstances of any injury or fabricating that an injury occurred. -perpetrated by employees who stage accidents or exaggerate minor injuries, sometimes in collusion with unethical doctors, to fraudulently receive compensation benefits. -Workers' compensation: entitling persons who are injured on the job to compensation while they heal. The primary victim of a workers' compensation scheme is the insurance carrier for the employer. -they pays for the perpetrator's fraudulent medical bills and unnecessary absences -employer is a tertiary victim of these crime -- bogus claims can result in higher premiums for the company in the future.
rolling lab
mobile laboratory that solicits individuals to participate in health screening tests at no cost to the patient. - after conducting the tests, lab bills the individual's insurance provider or health care program - lab might bill additional claims for later service dates even though no more tests are conducted - typically moves to another location prior to the patient receiving the test results to avoid detection
Keyloggers
monitor & log the keys pressed on a system's keyboard - can be either software or hardware based. - some are malware, but others are not.
Malware
more common carriers of include: • Unknown or unchecked application software • Infected websites • Banner ads • Software or media employees bring to work • Files downloaded from the Internet • Infected software from vendors and suppliers • Uncontrolled and shared program applications • Demonstration software • Freeware and shareware files • Email attachments
Electronic payment tampering/fraud
more difficult to detect than check tampering schemes - lack of physical evidence & forged signatures makes concealment less challenging than check tampering most important practice for preventing and detecting is separation of duties - online bill payments separate: -- maintaining payment templates -- entering payments -- approving payments - wire transfers segregate: -- duties for creating wires -- approving wires -- releasing wires - prevent concealment: no individual in the payment process reconcile or access the bank statement Examples: - alter the bank statement - miscode transactions in the accounting records - send fraudulent payments to a shell company with a name similar to that of an existing vendor - rely on company's failure to monitor/reconcile accounts. mitigating the risk: - ACH blocks: account holders notify their banks that ACH debits are not allowed on specific accounts - ACH filters: account holders give a list of defined criteria to filter ACH debits & reject unauthorized transactions. - Positive pay for ACH: bank match details of ACH payments with a list of legitimate and expected payments; exceptions are reported to the customer for review. - segregating bank accounts, ex: separate paper and electronic transaction accounts, facilitates audit process, identify electronic payments that seem suspicious.
Loan fraud
multifaceted activity including several criminal activities - Larger schemes involve real estate lending and collusion between insiders and outsiders. - highest risk area for financial institutions. - number of occurrences small, amount per each is large.
check kiting scheme
multiple bank accounts are opened and money is "deposited" from account to account; however, the money never exists Floating makes it possible to do this Businesses are most susceptible if they have employees who are authorized to write checks or make deposits in more than one bank account - now it is more difficult because technology allows for a much shorter float period
Firewalls
network hardware and software that block unauthorized or unverified access to computer systems and network assets. -survey incoming and outgoing transmissions - decide what type of traffic to permit onto an internal network based on factors such as: -- origination or destination address -- content of the message -- protocol being used to transmit the message -- other filtering methods.
identity thief tactics
obtain information through: • Sorting through discarded trash • Shoulder surfing • Searching through coworkers' desk drawers • Stealing incoming or outgoing mail • Using an accomplice within the organization • Soliciting identifiers through false job application schemes • Checking utility companies, health clubs, and schools • Examining certifications & licenses on workplace walls • Using pretext, ruse, or gag calls • Looking at rental and loan applications • Consulting public records • Using the Internet
Related-party transactions/ self-dealing
occur when a company does business with another entity whose management or operating policies can be controlled or significantly influenced by the company or by some other party in common -nothing inherently wrong with it, if fully disclosed -if not disclosed, might injure shareholders by engaging in economically harmful dealings without their knowledge. - financial interest might have might not be apparent Examples: - Common directors of two companies that do business with each other - corporate general partner and the partnerships with which it does business - controlling shareholder of the corporation with which he/she/it does business - Family relationships
Corrupt payments
often take the form of loans. Three types of "loans" often turn up in fraud cases: • An outright payment that is falsely described as an innocent loan • A legitimate loan in which a third party—the corrupt payer—makes or guarantees the loan's payments • A legitimate loan made on favorable terms (e.g., an interest-free loan) In a legitimate loan made at market rates the recipient would not be receiving anything unusual or special. Form of payments: -payer might use his credit card to pay recipient's: --transportation/vacation/entertainment expenses --credit card debt --recipient might carry and use the payer's credit card -promises of favorable treatment -transfers for a value other than fair market --sell or lease property to the recipient at a price that is less than its market value --agree to buy or rent property from the recipient at inflated prices -- "sell" an asset to the payer but retain the title or use of the property -- giving the recipient a hidden interest in a joint venture or other profit-making enterprise. ways to prove corrupt payments: • Turn an inside witness. • Secretly infiltrate or record ongoing transactions. • Identify & trace the corrupt payments through audit steps.
overstated expense reimbursement
overstating the cost of an actual business expenses - ex: altering receipt to a higher cost than actually paid
overstated refund scheme
overstating value of a customer's refund, pays the customer the actual amount owed for the returned merchandise, and then keeps the excess portion of the return for himself - type of register disbursement scheme
rent-a-patient schemes
paying individuals to undergo unnecessary medical procedures that are then billed to the patient's insurer or health care program - occur in countries using a third-party-payer system or single-payer system that allows private providers to bill health care programs.
Fraudulent second liens
person assumes homeowner's identity & takes out an additional loan or 2nd mortgage in the homeowner's name - variation of the fraudulent sale scheme - If there is not enough equity in the home to warrant a second loan, an inflated appraisal is obtained. - involves collusion between loan officer, appraiser, and a title agent (or other real estate document service provider)
Smart cards
plastic card, the size of a credit card, embedded with a microchip - identifies user through encrypted information on the chip - must be inserted into a card reader connected to the credit provider's network - more secure than traditional magnetic stripe credit cards -- cards cannot be easily replicated - AKA chip-and-pin: user must be present with the card and enter a pin code to complete the transaction - a less secure chip-and-signature system is being used -- microprocessor-embedded smart card with magnetic stripe card's signature verification rather than a PIN.
Contingent liabilities
potential obligations that will materialize only if certain events occur in the future - EX: corporate guarantee of personal loans taken out by an officer or a private company controlled by an officer - GAAP: potential liability must be disclosed if it is material.
provider fraud
practices by health care providers (practitioners, medical suppliers, and medical institutions) that cause unnecessary costs to health care programs or patients through: - reimbursement for unnecessary or excessive services - services not meeting recognized standards for health care some of the most common fraud schemes encountered by investigators and claims approvers: • Alterations • Added services • Code manipulation
Understating liabilities and expenses
pre-tax income will increase by the full amount of the expense or liability not recorded - can significantly affect reported earnings with relatively little effort by the fraudster. There are three common methods: • Omitting liabilities and/or expenses • Improperly capitalizing costs rather than expensing them • Failing to disclose warranty costs & product-return liabilities
Mishandling claims
primarily in the area of an insurance company acting as an intermediary administering the payer's insurance program The insurance company is under a duty to try to detect false claims by providers and beneficiaries - if company bypasses own claims verification procedures, can be found guilty of fraud in some jurisdictions.
logical access controls
process by which users are identified and granted certain privileges to information, systems, or resources - designed to protect the confidentiality, integrity, and availability of informational resources options for authenticating users in information systems: • Passwords • Card-based systems • Biometrics • Profiling software: authenticates users by monitoring their statistical characteristics, such as typing speed and keystroke touch
physical infiltration techniques
process whereby an individual enters a target organization to spy on the organization's employees techniques: - secure a position - pose as an employee - pose as a contract laborer of the target - steal or fabricate employee badges
Physical access controls
process which users are allowed access to physical objects (e.g., buildings). • Locks and keys • Electronic access cards • Biometric systems
bid splitting scheme
procuring entities must use competitive methods for projects over a certain amount to avoid this requirement, an employee might break up a large project into several small projects that fall below the mandatory bidding level and award some or all of the component jobs to a contractor with whom he is conspiring. Common red flags: • Two or more similar or identical procurements from the same supplier in amounts just under upper-level review or competitive-bidding limits • Two or more consecutive related procurements from the same contractor that fall just below the competitive-bidding or upper-level review limits • Unjustified split purchases that fall under the competitive-bidding or upper-level review limits • Sequential purchases just under the upper-level review or competitive-bidding limits • Sequential purchases under the upper-level review or competitive-bidding limits that are followed by change orders
Non-conforming goods or services fraud
product substitution/failure to meet contract specifications -contractors attempt to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications -contractor bills & receives payment for conforming goods or services without informing the purchaser of deficiencies list of potential red flags: • High percentage of returns for noncompliance • Missing, altered, modified product compliance certificate • Compliance certificates signed by employees with no quality assurance responsibilities • Materials testing done by supplier, using his own personnel and facilities • Evidence that test or inspection results were falsified • Highest profit product lines have the highest number of material return authorizations or reshipments • Discrepancy between product's description or normal appearance and actual appearance • Used, surplus, or reworked parts are delivered • Delivery of products that appear counterfeit • contractors offers to select sample & prepare it for testing • Delivery of look-alike goods • Unusually high number of early replacements • Contractor restricts or avoids inspections of goods or services upon delivery
counterfeit credit cards
production: - using "blank plastic" cards - credit-card-sized plastic - embossed account numbers and names - manufacturing cards using high-speed printing facilities - desktop computers - embosser - tipping foil - laminators often works in conjunction with a corrupt and collusive merchant or a merchant's employee
Trojan horse
program or command procedure that appears useful but contains hidden code that causes malicious damage - when hidden code is activated, it performs some unwanted or harmful function - viruses and worms attach themselves to other legitimate programs and spread to other systems.
information security goals
provide security to users and asset/account holders of information systems Should Include: • Non-repudiation • Confidentiality of data • Integrity of data • Availability of data • Authentication
unbundling/coding fragmentation
providers attempt to increase profits by billing separately for procedures that are actually part of a single procedure. - Health care procedures have special reimbursement rates for a group of procedures typically performed together
income smoothing/ timing difference fraud schemes
recording of revenues or expenses in improper periods - done to shift revenues or expenses between one period and the next, increasing or decreasing earnings as desired. Examples of include: • Premature revenue recognition—revenue should be recognized in the accounting records when a sale is complete—when title of goods has passed from the seller to the buyer, or when the services have been rendered. • Long-term contracts—revenue can be recognized under: - completed-contract method: record revenue when project is 100 percent complete - The percentage-of-completion method: recognizes revenues/expenses proportional to % of project complete. • Recording expenses in the wrong period—per the matching principle, expenses must be recognized in the same period as the corresponding revenues
Fictitious or fabricated revenues
recording of sales of goods or services that did not occur - involve fake customers or involve legitimate customers challenge: balance the other side of the entry - credit to revenue increases the revenue account - corresponding debit in a legitimate sales transaction goes to cash or accounts receivable - no cash is received in a fictitious revenue scheme, so increasing accounts receivable easiest way to balance - accounts receivable stay on books as asset until collected - If outstanding accounts never get collected, they will eventually need to be written off as bad debt expense. - long overdue AR on books = common sign scheme
Dumpster diving
refers to gleaning sensitive information from trash receptacles and dumpsters
Spoofing
refers to the process whereby an individual impersonates a legitimate user to obtain access to the target's network
indemnity bond
reimburses its holder for any loss to third-party beneficiaries when the insured fails to fulfill a specific undertaking for the third party's benefit -Property insurance indemnifies against pecuniary loss to the insured's property for specific losses --example, from fire, theft, or auto collision -Casualty insurance indemnifies against legal liability to others for injury or damage to persons, property, or other defined legal interests because of specified risks or conduct -Fidelity insurance indemnifies against economic loss to the insured because of employee dishonesty. -Disability insurance indemnifies against income loss under defined circumstances.
statement of cash flows
reports a company's sources and uses of cash during the accounting period -often used by potential investors and other interested parties in tandem with the income statement to determine a company's true financial performance during the period being reported -nature of accrual accounting allows/requires the income statement to contain many noncash items and subjective estimates --make it difficult to fully and clearly interpret a company's operating results -- it is much harder to falsify the amount of cash that was received and paid during the year --statement of cash flows enhances the financial statements' transparency broken down into three sections: • Cash flows from operating activities • Cash flows from investing activities • Cash flows from financing activities
draw request fraud red flags
request should be accompanied by these documents: • Paid invoices for raw materials • Lien releases from each subcontractor • Inspection reports • Canceled checks from previous draw requests • Bank reconciliation for construction draw account for previous month • Loan balancing form demonstrating loan is in balance • Change orders, if applicable • Wiring instructions, if applicable • Proof of developer contribution, if applicable missing or altered documentation is a red flag - advances on the loan should be adequately documented - developer's personal account statements would never be included with a draw request.
Bank Secrecy Act (BSA)
require U.S. national banks to file Suspicious Activity Reports (SARs) under certain circumstances. - Financial Crimes Enforcement Network (FinCEN) is the administrator of SARs and brings enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA SARs are required in each of the following instances: • known/suspected criminal violation, and bank has basis for identifying responsible bank personnel. • known/suspected criminal violation, amount is $5,000 or more, and bank has basis for identifying possible suspect. • known/suspected criminal violation and amount of $25,000 or more, regardless of an identified suspect. • transaction aggregating $5,000 or more was conducted or attempted to be conducted through the bank when the bank knows or has reason to suspect that transaction: (1) potential money laundering or terrorist financing (2) designed to evade any regulations under the BSA (3) intrusion into a financial institution's computer systems to steal or affect funds, information, or critical systems (4) no apparent business or lawful purpose which customer would likely engage, and the institution has no reasonable explanation after examining the available facts (5) bank knows that customer is operating as an unlicensed money services business.
credit card skimming scheme
requires a device, aka skimmer or wedge, that scans and stores a large amount of credit card numbers - more frequent in businesses where an employee is able to remove the card from the customer's view to process the transaction before returning it to the customer. - covert devices attached to ATMs, automated fuel dispensers, vending machines, self-service checkout kiosks. -- can be paired with a hidden camera to record PIN input
full disclosure
requires an entity's financial statements to include all information necessary for users to make valid decisions -should not include too much information -required to include enough information to refrain from misleading the user -Supplemental notes to the financial statements are often required to meet these criteria. -must include information on changes in accounting methods, contingent liabilities, significant subsequent events
matching principle
requires that expenses be recorded in the same accounting period as the revenues they help generate. -Estimates, accruals, and allocations are often needed to meet this requirement. -When a sale is recorded, the appropriate charges for cost of goods sold, or other expenses directly corresponding to the sale, should be recorded in the same accounting period.
conservatism constraint
requires that when there is any doubt, one should avoid overstating assets and income principle's intention is to provide a reasonable guideline in a questionable situation -ex: the use of the lower of cost or market rule as it relates to inventory valuation If a company's financial statements intentionally violate the principal, they could be fraudulent.
revenue recognition principle
revenue is recognized or recorded when it becomes realized or realizable, and earned. -revenue should not be recognized for work that is to be performed in subsequent accounting periods, even though the work might currently be under contract. -revenue should be recognized in the period in which the work is performed
detecting skimming
reviewing journal entries for: • Credits to inventory to conceal unrecorded or understated sales • Write-offs of lost, stolen, or obsolete inventory • Write-offs of accounts receivable accounts • Irregular entries to cash accounts :
check tampering scheme
scheme in which an employee either: (1) prepares a fraudulent check for his own benefit (2) intercepts a check intended for a third party and converts the check for his own benefit. EX: Stolen paychecks Red Flags: • Missing checks or large gaps in the check register might indicate lax control over the physical safekeeping of checks. Stop payments should be issued for all missing checks. • Checks payable to employees, exception of regular payroll checks. Indicate other schemes: conflicts of interest, fictitious vendors, duplicate expense reimbursements. • Altered endorsements or dual endorsements of returned checks might indicate possible tampering. • Returned checks with obviously forged or questionable signature endorsements must verify with the original payee. • Altered payees on returned checks should be verified with the intended payee. • Duplicate/counterfeit checks indicate fraud, checks might be traceable to depositor through bank check coding. • Questionable deposit dates should be matched to the corresponding customer accounts. • examination of cash advances revealing that not all advances are properly documented and, therefore, inappropriate payments have been made to employees. • Customer complaints regarding payments not being applied to their accounts should be investigated. • questionable payee/payee address on a check should be reviewed with corresponding check and support docs • Checks payable to cash are considered suspicious The four major categories include: • Forged maker schemes • Forged endorsements • Altered payees • Authorized maker schemes
Loan brokering fraud scheme
selling phony loans (packages) or selling participations in loans that have not been properly underwritten - applies to either packages of individual residential (consumer) loans or single commercial loans - large fee is charged for these brokered loans - loan participation: multiple parties purchase and have interests in a loan or a package of loans. - residential loan packages: broker sells the package, takes the money, and disappears - Brokered loans not sold with recourse to the broker -- purchaser must look to the borrower and the underlying collateral for debt satisfaction -- lead bank generally performs the underwriting
phony charities
send school-age children door to door to say they are raising money for antidrug programs or group that takes underprivileged kids on trips - some children repeat what they are told for a few dollars - Others believe they will receive rewards and free trips when in fact they, too, are being scammed.
fraudulantly processing claims for own benefit
several different types of reports to determine: -address similarity reports electronically compare multiple checks going to the same address --extremely useful because they might show a check defalcation or funds going to another insurance company, broker, or fictitious payee -the exception or manual override reports list all exceptions to normal electronic processing, thereby pointing out when a computer is being used outside the normal processing time
expense reports
should require the following information: • Explanation of expense, including business purpose • Time period when the expense occurred • Place of expenditure • Amount • Receipts or other support documentation - if possible, require original paper receipts - electronic copies of receipts are easier to forge and alter - Special attention to receipts via email or email attachment - compare prices on Internet receipts with vendor's website. policy requiring the periodic review of expense reports & examining the appropriate detail, will help deter employees from submitting personal expenses for reimbursement.
multilevel marketing organization
signs of an illegal organization: - recruits distributors into pyramid-style compensation plan - offers big payoffs for recruiting - spends more time extolling its distributor levels than its product lines
statement of retained earnings
some companies have this statement instead of a statement of changes in owners' equity Similar to the statement of changes in owners' equity, it starts with the retained earnings balance at the beginning of the year
ghost employee schemes
someone on the payroll who does not work for company - falsification of personnel or payroll records, causing paychecks to be generated to a non-employee, or ghost. detection: - Comparing human resources department's personnel records to payroll data can - analysis of payroll withholdings, will often not have withholding taxes, insurance, or other normal deductions. - paychecks w/ dual endorsements indicate forged endorsement to deposit paychecks into his own account. to work, four things must happen: (1) the ghost must be added to the payroll (2) timekeeping (for an hourly employee) and wage rate information must be collected (3) a paycheck must be issued to the ghost (4) the check must be delivered to perpetrator/ accomplice.
electronic transfer of funds fraud
sources of fraud include the following: • biller sends a bill for services/goods not rendered • person uses another person's bank account info to instruct a biller to obtain payment from the other person's account. • hacker uses passwords and usernames from an aggregator & directs transfers from a consumer's bank account. • employee who knows consumers' usernames and passwords for screen-scraping purposes uses info to direct transfers from consumers' bank accounts. • employee might use customer information to direct transfers from a customer's account
Advance-fee swindles
structured to obtain an illegal gain by falsely promising the delivery of a product or service - product is marketed to a large number of customers - operation is shut down prior to the delivery stage Common scenarios used to commit include the following: • A home improvement contractor requires pre-payment for materials. • Notice of a supposed inheritance from an unknown relative is received. • Various exorbitant fees are required prior to securing financial assistance or advice.
cash larceny scheme
taking money out of the register without making any entry that would account for the missing money
Affinity fraud
targets groups of individuals with some social connection -Neighborhoods chiefly populated by racial minorities -immigrant groups -Religious and professional ties
Sliding
term used for including additional coverage in an insurance policy without the insured's knowledge -extra charges are hidden in the total premium -Since the insured is unaware of the coverage, few claims are ever filed -ex:motor club memberships, accidental death, and travel accident coverage
Floating
the additional value of funds generated in the process of collection and arises because the current holder of funds has been given credit for the funds before the check clears the financial institution upon which it is drawn
Encryption
the deliberate scrambling of a message so that it is unreadable except to those who hold the key for unscrambling the message. -Any confidential information or credit card numbers should be encrypted in their entirety. one of the most effective methods of protecting networks and communications against attacks
EDI
the health care industry concern about its potential to stimulate fraudulent activity include: • The lack of tools to detect EDI fraud • The variety of health care services increases the potential for dissimilar frauds • The efficiency of EDI allows for more vendors and thus more claims to account for • The swiftness in which transactions take place allows less time to uncover fraud Examiner's issues with detecting fraud: • automation of claims erased claims professionals' ability to detect suspicious-looking claims, reduces each transaction to individual claims. • impersonal nature of electronic transactions, raises the temptation of fraudsters to commit white-collar crime. • no paper trail, making fraud detection difficult
health care fraud
the more common schemes include: • Filing of false cost reports • DRG creep • Billing for experimental procedures • Improper contractual and other relationships with physicians • Revenue recovery firms to (knowingly or unknowingly) bill extra charges
illegal pyramid scheme
the more members that are recruited, the higher the investor is purported to rise in the ranks of the enterprise, and the more money he is supposed to make. - Not all organizations with this structure are engaging in illegal activity - legitimate merchandising companies rank their employee-owners and determine those people's compensation. - a scheme when recruitment takes precedence over the product or service that the company is promoting - offer sounds good and (within its own logic) makes sense - "opportunity" pitched by someone trusted by victim - does return people's money, with incredible profits - designed to initially pay off to the earliest investors
bribery schemes
the offering, giving, receiving, or soliciting of corrupt payments—items of value paid to procure a benefit contrary to the rights of others—to influence an official act or business decision -not necessarily involve direct payments of cash or goods -Promises of favorable treatment count: • A payer might promise a government official lucrative employment when the recipient leaves government service. • An executive leaving a private company for a related government position might be given favorable or inflated retirement and separation benefits. • The spouse or other relative of the intended recipient might also be employed by the payer company at an inflated salary or with little actual responsibility. not nearly as common as other forms of occupational fraud, such as asset misappropriations, they tend to be much more costly.
Technical surveillance
the practice of covertly acquiring audio, visual, or other types of data from targets through the use of technical devices, procedures, and techniques -usually to gather nondocumentary evidence, or information that cannot be found through open sources. forms: - aerial photograph - bugging and wiretapping - video surveillance - photographic camera - mobile phones - monitoring computer emanations - computer system penetrations.
Inventory shrinkage
the unaccounted-for reduction in the company's inventory that results from error or theft EX: computer retailer has 1,000 computers in stock -an employee loads 10 computers into a truck and takes them home -company has 990 computers, but the inventory = 1,000 - inventory shrinkage = 10 computers.
Corruption
the wrongful use of influence to procure a benefit for the actor or another person, contrary to the duty or the rights of others.
Check washing
type of check fraud that involves using acid-based chemicals found in common household products to erase payee name or amount but carefully not altering the check issuer's signature -check dries & new payee & payment amount are inscribed - colored inks and ball-point pens tend to be most susceptible, experts recommend black ink and gel pens
authorized maker scheme
type of check tampering fraud in which an employee with signature authority on a company account writes fraudulent checks for his own benefit and signs his name as the maker - ex: majority owner/sole shareholder uses his company to pay personal expenses out of company accounts
Spyware
type of software that collects and reports information about a computer user without the user's knowledge or consent.
initial acquisition cost (historical cost)
under U.S. GAAP, is generally the proper basis for the recording of assets, expenses, equities -not at current market value - not at estimated replacement value - is fraudulent to inflate assets by marking them up to market value
Rock phishers
use botnets to send massive amounts of phishing emails to huge volumes of Internet users - emails contain a message from a financial institution, enticing users to click on a fraudulent URL. - some believe phishers cycle through multiple email lists and attempt to reach the Internet users most likely to use the brands that they are targeting.
asset turnover ratio
used to determine the efficiency with which asset resources are used by the entity -one of the reliable indicators of financial statement fraud - sudden or continuing decrease in ratio is associated with improper capitalization of expenses -- increases the denominator without a corresponding increase in the numerator. = net sales /average total assets OR = net sales / average operating assets
Piggybacking
used to gain access to restricted areas & computer systems, - attacker exploits the access capability of another person. - can be done to gain physical or electronic access. Physical access: • gaining access to an area that is secured by locked doors • occurs when an attacker exploits a false association with another person who has legitimate access to the area • Following behind an individual who has been cleared for access into the restricted area • Tricking an authorized individual into believing they are authorized & convincing them to allow them to tag along • Secretly following behind someone cleared for access, giving the appearance of being legitimately escorted • Pretending to be a part of a large authorized crowd Electronic access: - attacker gains access to system by exploiting the access capability of another person with legitimate access - attacker takes advantage of a legitimate computer user's active session when the user did not properly terminate the session, the user's logoff is unsuccessful, or the user attends to other business while still logged on.
expense account review
uses one of two methods: - historical comparisons: compares balance expended this period in relation to balance spent in prior, similar periods - comparisons with budgeted amounts: determining excessive expenses or inaccurate budget estimates
Social engineering
using deceptive techniques to manipulate people into taking certain actions or disclosing information. -use trickery, persuasion, threats, or cajolery to encourage their targets to release information Attackers use it to achieve various means: - to gain unauthorized access to systems - confidential communication so they can commit fraud - intrude into networks - gain access to buildings - steal another party's secrets - commit identity theft - engage in some other nefarious act - information that will give them a competitive advantage - to find ways in which they can install malware.
Technical security
using safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, related devices
pay-and-return scheme
using the invoices of legitimate third-party vendors - vendors are not a part of the fraud scheme - employee intentionally mishandles payments that are owed to legitimate vendors - EX: double-pay an invoice, call vendor & request one of the checks be returned, clerk then keeps returned check type of fraudulent disbursements
Fictitious inventory schemes
usually involve the creation of fake documents, such as inventory count sheets and receiving reports inventory is recorded at the lower of cost or market value. - must be valued at its acquisition cost current market value falls below acquisition, cost is written down to current value, or written off if it has no value. - Failing to do so = overstated assets and the mismatching of cost of goods sold with revenues. methods by which inventory can be improperly stated: - manipulation of the physical inventory count - inflation of the unit costs used to price out inventory - failure to adjust inventory for the costs of goods sold how to achieve: - co-conspirators claim to hold inventory for companies - falsely reporting large values of inventory in transit fraud examiners should perform a physical inventory count
Privilege escalation
way hackers gain unauthorized access to computer system
Cost mischarging schemes
when a contractor charges the procuring entity for costs that are not allowable, not reasonable, or cannot be allocated to the contract directly or indirectly Three types: accounting mischarges, material mischarges, and labor mischarges
Accounting mischarge
when a contractor knowingly charges unallowable costs to the buyer by concealing or misrepresenting them: - as allowable costs - hiding them in accounts not closely audited variation: circumventing the limits for certain cost categories by charging those expenses to other cost categories that do not have such limits. Ex: contractor charges bid and proposal costs or independent R& D costs to salaries and wages, repairs and maintenance, or other not fixed cost categories
Upcoding
when a provider bills for a higher level of service than actually rendered. - generic substitution: filling a prescription with a less expensive drug, while billing for the more expensive drug.
Simple unbundling
when a provider charges a comprehensive code, as well as one or more component codes
conflict of interest
when an employee or agent—someone who is authorized to act on behalf of a principal—has an undisclosed personal or economic interest in a matter that could influence his professional role. -ex: employee with an undisclosed personal relationship with a company that does business with his employer i employee with undisclosed side job would not count if: - job is in a different industry - does not create a time conflict - does not create any personal or economic interest that could influence his ability to act in his primary employer's best interest. could occur because: - undisclosed economic interest in a transaction - to provide a benefit to a friend or relative, even though the fraudster himself receives no financial benefit. difficult to uncover, types of methods to uncover: -tips and complaints -comparing vendor addresses with employee addresses -review of vendor ownership files -review of exit interviews -compare vendor addresses to subsequent employers -policies requiring certain employees to provide the names and employers of immediate family members -interviews with purchasing personnel regarding favorable treatment of one or more vendors Not necessarily a legal violation, if it is properly disclosed.
falsified hours and salary scheme
when an hourly employee fraudulently increases the size of his paycheck, by either falsifying the number of hours worked or changing the wage rate - hourly employees: paycheck is based on number of hours worked and the rate of pay - common control breakdown is the failure to maintain proper control over timecards - most common method of misappropriating funds from the payroll is the overpayment of wages proper system: once timecards are authorized by management, they should be sent directly to payroll - timecard preparers should not have access to them after they have been approved, if not the person who prepared a timecard can alter it after his supervisor has approved it but before it is delivered to payroll. Common ways to commit include: • Inflating the number of hours worked • Inflating the rate of pay • Forging a supervisor's signature • Collusion with a supervisor • Implementing poor custody procedures • Altering a timesheet after it has been approved
Complementary bidding/ protective, shadow, or cover bidding
when competitors submit token bids that are not serious attempts to win the contract - form of collusion between competitors - Token bids give the appearance of genuine bidding, but, by submitting token bids, the conspirators can influence the contract price and who is awarded the contract.
nondisclosure agreement
written agreement: signatories must keep all trade secrets and proprietary information learned during their employment confidential. - one of the least expensive and most efficient methods for controlling the loss of proprietary information. - employees must be clearly informed as to what information is considered confidential upon hiring, upon signing a nondisclosure agreement, and during exit interviews.
indicators of insider computer fraud
• Access privileges are beyond those required to perform assigned job functions. • Exception reports are not reviewed and resolved. • Access logs are not reviewed. • Production programs are run at unusual hours. • Lack of separation of duties exists in the data center.
safeguards against unauthorized electronic funds transfers
• Confirm phone and mailing addresses on the application - consistent with information from other sources and with current records about these customers - obtaining credit reports or utility bills • area or city code of telephone number matches the geographical area for the applicant's address. • "welcome" letter with the bank's return address so that the letter will be returned if the applicant does not live there. • Verify by any change of address requests telephone or mailing the same way that new accounts are verified. • customer reports, loss/theft of an access device, cancel existing card, PIN, or other form of access & issue new one. • customer reports a person previously authorized to use an access device no longer has that authority, cancel all cards, PINs, or other access devices and issue new ones • mail PINs separately from other information (usernames) • Separate the responsibility of employees with custody of information of access devices from those with responsibility for issuance, verification, or reissuance of PINs. • communication concerning usernames or passwords is sent in a secure encrypted format • Require customers who register for EBPP or P2P systems to provide information indicating that they are authorized to use the bank account or credit card from which payments will be made.
Defective pricing red flags
• Contractor provides inadequate, inaccurate, or incomplete documentation to support cost proposals. • Contractor is late in providing, delays providing, or cannot provide supporting cost or pricing data. • Contractor's cost estimates are inconsistent with its prices (i.e., discrepancy between quoted prices and actual prices). • Contractor uses out-of-date pricing information (e.g., outdated cost schedules) in cost proposals. • Contractor fails to update cost or pricing data when past activity showed that costs or prices have decreased. • Contractor fails to disclose internal documents on discounts, rebates, and so on. • Contractor fails to disclose information regarding significant cost issues that reduce proposal costs. • Contractor uses vendors or subcontractors during contract performance that are different from the ones named in the proposal or contract. • Materials, supplies, or components that the contractor used in production are different than those listed in the proposal or contract. • delays releasing information that results price reductions. • Evidence of falsifications or alterations of documentation used to support cost calculations. • unrealistically high profit margins on completed work. • Contractor fails to correct known system deficiencies that lead to defective pricing. • Unqualified personnel developed cost or pricing data used in contractor's estimating process.
new account fraud red flags
• Customer residence outside the bank's trade area • Dress and/or actions inconsistent or inappropriate for the customer's stated age, occupation, or income level • requesting immediate cash withdrawal upon deposit • Request for large quantity of temporary checks • Services that do not match the customer's purpose • Missing or inaccurate customer application information • Invalid phone numbers or addresses • Use of a mail drop address (a service where non-affiliated party collects and distributes a person or entity's mail) • Large check or ATM deposits followed by rapid withdrawal or transfer of funds (a flow-through account) • Business accounts without standard business transactions, ex. payroll or expected transactions in that business • Transactions without a clear purpose in jurisdictions known for high levels of corruption • Opening deposit that is a nominal cash amount • Rare customer ID type • Applicants over the age of 25 with no credit history • Customers who cannot remember basic application information (phone number, address, etc.)
Kickbacks in the health care industry
• Payment for referral of patients • Waiver of deductibles and copayments • Payment for additional medical coverage • Payment for vendor contracts • Payments to adjusters reason for having copayments is to make patients take an active part in the financial responsibility for their care - attract patients: providers improperly pay for or waive the patient's out-of-pocket expense, hoping to make up for that cost in additional business.
indicators of fraud by insured individuals and beneficiaries under health care programs
• Pressure by a claimant to pay a claim quickly • Individuals who hand-deliver claims and insist on picking up their payment in-person • Threats of legal action if a claim is not paid quickly • Anonymous telephone or email inquiries regarding the status of a pending claim • Identical claims for the same patient in different months or years • Dates of service just prior to termination of coverage or just after coverage begins • Services billed that do not appear to agree with the medical records • Billing for services or equipment that are clearly unsuitable for the patient's needs
provider fraud red flags
• Pressure for rapid processing of bills or claims • Threats of legal action for delay in making payments • Frequent telephone inquiries on claim status • Assertive providers who demand same-day claim payment and special handling • Charges submitted for payment for which there is no supporting documentation, such as X-rays or lab results • Patient's address on claim form is the same as provider's
Separation of duties in internal control system
• Programmers should not have unsupervised access to production programs or to production data sets (data files). • Information systems personnel's access to production data should be limited. • Application system users should only be granted access to those functions and data required for their job duties. • Program developers should be separated from program testers. • System users shouldn't have access to program source code. • Computer operators should not perform computer programming. • Development staff should not have access to production data. • Development staff should not access system-level technology or database management systems. • End users should not have access to production data outside the scope of their normal job duties. • End users or system operators should not have direct access to program source code. • Programmers should not be server administrators or database administrators. • IT departments should be separated from information user departments. • Functions involving the creation, installation, and administration of software programs should be assigned to different individuals. • Managers at all levels should review existing and planned processes and systems to ensure proper separation of duties. • Employees' access to documents should be limited to those that correspond with their related job tasks.
red flags of procurement fraud schemes involving collusion among contractors
• The industry has limited competition. • The same contractors bid on each project or product. • The winning bid appears too high. • All contractors submit consistently high bids. • Qualified contractors do not submit bids. • The winning bidder subcontracts work to one or more losing bidders or to non-bidders. • Bids appear to be complementary bids by companies unqualified to perform the work. • Some bids fail to conform to the essential requirements of the solicitation documents (i.e., some bids do not comply with bid specifications). • Some losing bids were poorly prepared. • Fewer competitors than usual submit bids • new contractor enters the competition, and bid prices fall. • There is a rotational pattern to winning bidders (e.g., geographical, customer, job, or type of work). • There is evidence of collusion in the bids (e.g., bidders make the same mathematical or spelling errors; bids are prepared using the same typeface, handwriting, stationery, or envelope; or competitors submit identical bids). • pattern where the last party to bid wins the contract. • patterns of conduct by bidders or their employees that suggest the possibility of collusion (e.g., competitors regularly socialize, hold meetings, visit each other's offices, subcontract with each other, and so on).
Bid tailoring schemes red flags
• Weak controls over the bidding process • Only one or a few bidders respond to bid requests • Contract is not re-bid even though fewer than the minimum number of bids are received • Similarity between specifications and winning contractor's product or services • Bid specifications and statements of work are tailored to fit the products or capabilities of a single contractor • Unusual or unreasonably narrow or broad specifications for the type of goods or services being procured • Requests for bid submissions do not provide clear bid submission information (e.g., no clear time, place, or manner of submitting bids) • Unexplained changes in contract specifications from previous proposals or similar items • High number of competitive awards to one supplier • Socialization or personal contacts among contracting personnel and bidders • Specifications developed by or in consultation with a contractor who is permitted to compete in the procurement • High number of change orders for one supplier
avoid infection from malware
• anti-malware software: scan email messages & files. • update virus definitions in anti-malware programs. • Use precaution when opening emails from acquaintances. • Don't open email attachments from untrustworthy sources. • Only download files from reputable sources. • Regularly update the operating system. • Regularly update latest security patches available for the operating system, software, browser, and email programs. • Ensure that there is a clean boot disk to facilitate testing with antivirus software. • Use a firewall and keep it turned on. • test computer software on isolated system before loading • network environment: no untested programs on server. • Secure the computer against unauthorized access from external threats such as hackers and crashers. • Keep backup copies of production data files and computer software in a secure location. • Scan pre-formatted storage devices before using them. • prevent the system from booting with a removable storage device; this might prevent accidental infection. • policies & employee education program:inform employees of how malware is introduced & what to do if it is suspected • tell employees to protect home systems: malware infections result from employees bringing infected storage devices or files from home.
Detecting malware
• system suddenly, and for no apparent reason, slows down its response time to commands. • computer stops responding or locks up frequently. • computer crashes and then restarts every few minutes. • computer restarts on its own. • computer does not run as usual. • sudden and sometimes dramatic decrease of free space. • size of some files increases. • operating system or other programs and applications begin behaving in unpredictable ways. • Files cannot be accessed or erased with no warning. • change in the length of executable files, a change in their content, or a change in their file date or timestamps. • Disks or disk drives are inaccessible. • An attachment that was recently opened has a double extension, such as a .jpg, .vbs, .gif, or .exe extension. • The system does not boot up. • There are unusual graphics and messages. • The user cannot access a hard disk drive. • There are unexplained and repeated maintenance repairs. • There are unexplained changes to memory. • System or data files disappear or become fragmented. • Items cannot be printed correctly. • Unusual error messages appear. • Menus and dialog boxes are distorted. • New icons, which are not associated with any new programs, appear on the desktop. • Programs experience unexplained changes in size. • Antivirus program is disabled for no reason. • Antivirus program cannot be restarted. • Antivirus program messages: virus has been encountered. • The Web browser's homepage is changed automatically. • Internet search leads to Web browser visiting strange site. • excessive popup windows that appear without cause. • user receives a lot of bounced back email. • emails are being sent without the user's knowledge. • Unusual/unexpected toolbars in Web browser.