Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 11: Fraud and Forensic Accounting Investigation.

Computer ForensicsPrinciples and Practices

by Volonino, Anzaldua, and Godwin

Chapter 11: Fraud and Forensic Accounting Investigation

© Pearson Education Computer Forensics: Principles and Practices 2

Objectives

Understand the challenges of fraud investigations

Describe the common types of fraud committed against and on behalf of companies and organizations

Explain the characteristics and symptoms of fraud


Objectives (Cont.)

Identify the role of computer forensics in fraud detection and deterrence

Understand the purposes of forensic accounting investigations and how to participate in them


Introduction

In crimes of fraud, the intent or conscious desire to deceive is essential to prosecuting these types of white collar crimes. This chapter helps you understand fraud and forensic accounting cases, what they are about, and how to utilize tools to help collect e-evidence in these cases.

Corporate Fraud (Criminal Cases & Charging Documents of the President’s Corporate Fraud Task force).


Challenges of Fraud Investigations

Has fraud been committed?

Is fraud still going on? Who might have done it? Who might have been

involved? Did someone break into

the network?

Did an employee gain access to a system beyond the level of their authority? How?

Has someone overridden the controls in a financial system? How?

How do we prevent what has happened from happening again?

Questions to ask when fraud is suspected:


Challenges of Fraud Investigations (Cont.) Scope of fraud

Fraud is on the rise both in scope and scale Corporate and occupational fraud Examples illustrate the complexity and challenges

of investigating these types of fraud cases Bank Fraud and Conspiracy – Kenneth J. Flury, Oct 2005

Multinational fraud case involving 19 computers in 18 countries

Accounting fraud at Cisco Systems Corporate fraud at Prudential Insurance Co. Fraud and corruption among San Diego city employees


Challenges of Fraud Investigations (Cont.)

Fraud to trial process Most investigations of fraud originate from one of

six sources: Internal audits Outside or external audits Regulatory inquiries, primarily by the SEC Shareholder actions, such as class action lawsuits Complaints from customers or vendors Anonymous tips

Note: Fifth Amendment Right Against Self-Incrimination



Special protection considerations Occupational investigations must be kept secret

to avoid harming an employee’s reputation Investigation team must understand law of

privilege and how it relates to contemporaneous documents and work product of the case

A work product may not be released, even through subpoena



Legal elements of fraud Fraud depends on intentional (willful) acts of

misrepresentation Specific elements required to prove fraud:

A material false statement An intent to deceive A victim’s reliance on the statement Damages to the victim


Investigator Independence

Forensics experts are needed in fraud investigations because of their specialized experience and objectivity

Their reports carry an impartiality that might not be true of reports from an internal audit



Intent is usually proven circumstantially Ways to help prove intent include:

Motive Opportunity Repetitive acts Concealment

Showing the victim relied on the false statement and was harmed There is no fraud if victim is not damaged



Fraud claims have to meet tougher requirements than many other civil actions

A fraud plaintiff has to detail: What misrepresentations were made To whom the misrepresentations were made How they were false Why the plaintiff relied on them


Challenges of Fraud Investigations (Cont.) Handling a fraud suspect

Make copies of all suspicious paper documents secretly and keep the copies in a secured location

Don’t tell the suspect that she is going to be interviewed to avoid destruction of evidence

Do not interview the suspect in his office or other familiar “comfortable” location

Don’t show the suspect the evidence, unless necessary for a confession

Have a verbal confession converted into a written statement and then signed


In Practice: Bank Fraud and Conspiracy In 2004, Kenneth J. Flury obtained stolen

CitiBank debit card account numbers, PINs, and personal identifier information

He encoded blank cards with the stolen information

He was indicted by a federal grand jury in the Shadowcrew investigation, a long-term online undercover investigation


In Practice: Fifth Amendment Right Against Self-Incrimination Fifth Amendment to the Constitution

guarantees that one cannot be compelled to be a witness against himself

Fourteenth Amendment applies that guarantee to state courts

Refusing to testify based on this guarantee is called “taking the Fifth”

The right does not apply in all situations


Types of Fraud

Fraud can be categorized based on who committed the fraud and who was victimized Internal fraud is committed by someone within an

organization External fraud is committed by an outside party When fraud is committed against a company, the

company is the victim When fraud is committed on behalf of a company,

the victims may be shareholders or employees


Types of Fraud (Cont.)

Fraud Category Examples

Computer crime Hacking

Phishing

Insider fraud (e.g., employees and managers)

Theft of intellectual property

Payroll fraud

Extortion

Expense account abuse

Misappropriation of assets

External fraud (e.g., vendors or customers)

Bribery

Kickbacks

Conflicts of interest

(Continued)



Fraud Category Examples

Misconduct Conflict of interest

Corruption

Insider trading

Customer fraud Check fraud

Credit card fraud

Fraudulent merchandise returns

Identity theft



Types of fraud committed against a company Operating-management corruption Misappropriation of assets Conflict of interest Bribery Extortion Kickbacks Theft of trade secrets


In Practice: Kickback and Embezzlement Red Flags Red flags of kickbacks require a closer look

at suspect’s activities Red flags include not taking time off, personal

financial problems, extravagant lifestyle Behavior that could indicate embezzlement

may also be zealous actions of dedicated employee Red flags include missing documents, delayed

bank deposits, large drop in profits



Three main types of fraud committed for a company Senior management financial reporting fraud Accounting cycle fraud Bribery

Healthcare fraud defined as Misrepresentation of fact for payment of a claim Theft of money or property belonging to a health

plan or health insurance company


Common Types of Healthcare Fraud

Fraud Description Perpetrated By

Phantom billing Charging for services not performed

Billing or healthcare provider

Upcoding Charging for a more expensive service


Doctor shopping Visiting multiple doctors to get multiple prescriptions

Patient

Unnecessary care Giving unnecessary surgeries, tests, or other procedures

Healthcare provider

Misrepresenting services

Performing uncovered services but billing insurance companies for different services


(Continued)


Common Types of Healthcare Fraud (Cont.)

Fraud Description Perpetrated By

Unbundling Charging separately for procedures that are actually part of a single procedure


Masquerading as health-care professionals

Delivering healthcare services without proper licenses

Fraudster

Identity theft Using another person’s health insurance card or identification to obtain health care or to impersonate that individual

Patient



Relationship of job level and type of fraud committed Senior management—financial statement fraud Operating management—bribery and corruption Administrative management—asset

misappropriation Employees—embezzlement Nonemployees—conflict of interest Medical doctors or healthcare providers—

phantom billing, upcoding, unnecessary care


In Practice: Fraudulent Dossier about Saddam’s Regime British government maintained that trusted

intelligence sources had produced a report on Saddam Hussein

Analysis of document revealed report was created by Foreign Office and Downing Street staffers http://www.number10.gov.uk/Page271 http://www.joeant.com/DIR/info/get/10381/118599 http://www.computerbytesman.com/privacy/blair.htm



Why fraud is not reported Insufficient police resources to investigate it Concern that a lengthy investigation will be

expensive and not worth the cost Concern that the news will harm the brand image

or business reputation and scare away customers


Characteristics and Symptoms of Fraud Three factors common in all fraud:

Pressure Opportunity Rationalization


Characteristics and Symptoms of Fraud (Cont.) Pressures that most commonly drive people

to commit fraud are financial Financial pressures include

Greed or living beyond one’s means High bills, personal debt, or poor credit Personal financial losses or unexpected financial

needs Vices or addictions Expensive extramarital relationships


Characteristics and Symptoms of Fraud (Cont.) Weaknesses in organizations that create

opportunities to commit fraud include: Lack of controls that prevent or detect fraud Overriding of internal controls Failure to search out and discipline fraud

perpetrators Lack of access to information Lack of an audit trail, of which the perp is aware


Characteristics and Symptoms of Fraud (Cont.) Rationalization for fraud

Most difficult to investigate because it cannot be seen

Certain questionable behaviors can be rationalized and eventually escalate into massive fraud Case of Jack Abramoff –Formerly Powerful republican lobbyist


In Practice: Jack Abramoff

Abramoff’s e-mails indicated that he blatantly deceived Indian tribes and did business with people linked to the underworld

Choctaw Indians gave Abramoff more than $80 million between 2000 and 2003

Abramoff pleaded guilty to engaging in conspiracy involving corruption of public officials, fraud, and tax evasion http://www.npr.org/templates/story/story.php?storyId=5081540


Fraud Investigation and Deterrence

Perception of detection can be an effective deterrent to fraud

Companies need to educate employees that computer forensics experts can find out everything they do and tie it to a particular person


Digital Forensic Accounting

Forensic accounting involves identifying, collecting, analyzing, and interpreting financial data with reports and expert opinions that will stand up in legal actions

Three high-profile forensic accounting cases: Adelphia Global Crossing Tyco


Digital Forensic Accounting (Cont.)

General purposes of forensic accounting investigations Fraud investigation Dispute analysis or litigation Data recovery

SEC Relaxes Policy on Routine E-mail Inspection


Reasons for Forensic Accounting InvestigationsReasons Forensics Investigator Hired By

To investigate suspicions that fraud has occurred

Management

To provide expert witnesses in court to help quantify damages from a contract that has gone bad or some other business dispute

Lawyer

To investigate a company before entering into a contract

Investors, venture capitalists, potential business partners

To investigate a company before contemplating a merger


(Continued)


Reasons for Forensic Accounting InvestigationsReasons Forensics Investigator Hired By

To investigate a company before contemplating a merger


To investigate a company before investing in their stock

Financial services

To determine whether a company problem was due to error or fraud

Lawyers, prosecutors


Comparison of Forensic Accounting Fraud and InvestigationForensic Accounting Fraud Examination

A broad discipline applying accounting skills to legal matters in a wide range of issues

A focused discipline relating entirely to the issue of fraud

Addresses a past event Addresses past, present, and future events

Uses financial information Uses financial and nonfinancial information

Produces information about finances Produces information about finances, people, and their actions

For use in judicial proceedings For use in business and government internal proceedings and private and judicial proceedings


Summary

More and more frauds are perpetrated using computers and networks

Fraudster could be disgruntled employee, greedy executive, or unethical business partner

Pressure, opportunity, and rationalization are elements of every fraud Cybercrime.gov Behavioral Red Flag


Summary (Cont.)

Prosecutor must show intent and deceit in order to prove fraud

E-evidence can show intent and deceit “Forensic” in financial investigations implies

that the information can be used in court Forensic accounting is the investigation and

analysis of financial evidence Requires proper procedures and detailed

evidence to ensure admissibility

Fraud Video Links

Fraud Investigation & Dispute Services

Forensic Accountant-David Malamed James Bierstaker Forensic

Jonathan Barnett - WTC7 forensic engineer – REVISITED DELOITTE FINANCIAL ADVISORY SERVICES ESTABLISHES DELOI

http://deloitte.com/dtt/section_node/0,1042,sid%253D148425,00.html

The Profiles Series - Association of Certified Fraud Examine

Princeton University Exposes Diebold Flaws


Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 11: Fraud and Forensic Accounting Investigation.

Documents

scope of fraud fraud

investigations of fraud

fraud suspect

crimes of fraud

fraud plaintiff

legal elements of fraud

fraud detection

fraud claims