Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 11: Fraud and Forensic Accounting Investigation
Mar 28, 2015
Computer ForensicsPrinciples and Practices
by Volonino, Anzaldua, and Godwin
Chapter 11: Fraud and Forensic Accounting Investigation
© Pearson Education Computer Forensics: Principles and Practices 2
Objectives
Understand the challenges of fraud investigations
Describe the common types of fraud committed against and on behalf of companies and organizations
Explain the characteristics and symptoms of fraud
© Pearson Education Computer Forensics: Principles and Practices 3
Objectives (Cont.)
Identify the role of computer forensics in fraud detection and deterrence
Understand the purposes of forensic accounting investigations and how to participate in them
© Pearson Education Computer Forensics: Principles and Practices 4
Introduction
In crimes of fraud, the intent or conscious desire to deceive is essential to prosecuting these types of white collar crimes. This chapter helps you understand fraud and forensic accounting cases, what they are about, and how to utilize tools to help collect e-evidence in these cases.
Corporate Fraud (Criminal Cases & Charging Documents of the President’s Corporate Fraud Task force).
© Pearson Education Computer Forensics: Principles and Practices 5
Challenges of Fraud Investigations
Has fraud been committed?
Is fraud still going on? Who might have done it? Who might have been
involved? Did someone break into
the network?
Did an employee gain access to a system beyond the level of their authority? How?
Has someone overridden the controls in a financial system? How?
How do we prevent what has happened from happening again?
Questions to ask when fraud is suspected:
© Pearson Education Computer Forensics: Principles and Practices 6
Challenges of Fraud Investigations (Cont.) Scope of fraud
Fraud is on the rise both in scope and scale Corporate and occupational fraud Examples illustrate the complexity and challenges
of investigating these types of fraud cases Bank Fraud and Conspiracy – Kenneth J. Flury, Oct 2005
Multinational fraud case involving 19 computers in 18 countries
Accounting fraud at Cisco Systems Corporate fraud at Prudential Insurance Co. Fraud and corruption among San Diego city employees
© Pearson Education Computer Forensics: Principles and Practices 7
Challenges of Fraud Investigations (Cont.)
Fraud to trial process Most investigations of fraud originate from one of
six sources: Internal audits Outside or external audits Regulatory inquiries, primarily by the SEC Shareholder actions, such as class action lawsuits Complaints from customers or vendors Anonymous tips
Note: Fifth Amendment Right Against Self-Incrimination
© Pearson Education Computer Forensics: Principles and Practices 8
Challenges of Fraud Investigations (Cont.)
Special protection considerations Occupational investigations must be kept secret
to avoid harming an employee’s reputation Investigation team must understand law of
privilege and how it relates to contemporaneous documents and work product of the case
A work product may not be released, even through subpoena
© Pearson Education Computer Forensics: Principles and Practices 9
Challenges of Fraud Investigations (Cont.)
Legal elements of fraud Fraud depends on intentional (willful) acts of
misrepresentation Specific elements required to prove fraud:
A material false statement An intent to deceive A victim’s reliance on the statement Damages to the victim
© Pearson Education Computer Forensics: Principles and Practices 10
Investigator Independence
Forensics experts are needed in fraud investigations because of their specialized experience and objectivity
Their reports carry an impartiality that might not be true of reports from an internal audit
© Pearson Education Computer Forensics: Principles and Practices 11
Challenges of Fraud Investigations (Cont.)
Intent is usually proven circumstantially Ways to help prove intent include:
Motive Opportunity Repetitive acts Concealment
Showing the victim relied on the false statement and was harmed There is no fraud if victim is not damaged
© Pearson Education Computer Forensics: Principles and Practices 12
Challenges of Fraud Investigations (Cont.)
Fraud claims have to meet tougher requirements than many other civil actions
A fraud plaintiff has to detail: What misrepresentations were made To whom the misrepresentations were made How they were false Why the plaintiff relied on them
© Pearson Education Computer Forensics: Principles and Practices 13
Challenges of Fraud Investigations (Cont.) Handling a fraud suspect
Make copies of all suspicious paper documents secretly and keep the copies in a secured location
Don’t tell the suspect that she is going to be interviewed to avoid destruction of evidence
Do not interview the suspect in his office or other familiar “comfortable” location
Don’t show the suspect the evidence, unless necessary for a confession
Have a verbal confession converted into a written statement and then signed
© Pearson Education Computer Forensics: Principles and Practices 14
In Practice: Bank Fraud and Conspiracy In 2004, Kenneth J. Flury obtained stolen
CitiBank debit card account numbers, PINs, and personal identifier information
He encoded blank cards with the stolen information
He was indicted by a federal grand jury in the Shadowcrew investigation, a long-term online undercover investigation
© Pearson Education Computer Forensics: Principles and Practices 15
In Practice: Fifth Amendment Right Against Self-Incrimination Fifth Amendment to the Constitution
guarantees that one cannot be compelled to be a witness against himself
Fourteenth Amendment applies that guarantee to state courts
Refusing to testify based on this guarantee is called “taking the Fifth”
The right does not apply in all situations
© Pearson Education Computer Forensics: Principles and Practices 16
Types of Fraud
Fraud can be categorized based on who committed the fraud and who was victimized Internal fraud is committed by someone within an
organization External fraud is committed by an outside party When fraud is committed against a company, the
company is the victim When fraud is committed on behalf of a company,
the victims may be shareholders or employees
© Pearson Education Computer Forensics: Principles and Practices 17
Types of Fraud (Cont.)
Fraud Category Examples
Computer crime Hacking
Phishing
Insider fraud (e.g., employees and managers)
Theft of intellectual property
Payroll fraud
Extortion
Expense account abuse
Misappropriation of assets
External fraud (e.g., vendors or customers)
Bribery
Kickbacks
Conflicts of interest
(Continued)
© Pearson Education Computer Forensics: Principles and Practices 18
Types of Fraud (Cont.)
Fraud Category Examples
Misconduct Conflict of interest
Corruption
Insider trading
Customer fraud Check fraud
Credit card fraud
Fraudulent merchandise returns
Identity theft
© Pearson Education Computer Forensics: Principles and Practices 19
Types of Fraud (Cont.)
Types of fraud committed against a company Operating-management corruption Misappropriation of assets Conflict of interest Bribery Extortion Kickbacks Theft of trade secrets
© Pearson Education Computer Forensics: Principles and Practices 20
In Practice: Kickback and Embezzlement Red Flags Red flags of kickbacks require a closer look
at suspect’s activities Red flags include not taking time off, personal
financial problems, extravagant lifestyle Behavior that could indicate embezzlement
may also be zealous actions of dedicated employee Red flags include missing documents, delayed
bank deposits, large drop in profits
© Pearson Education Computer Forensics: Principles and Practices 21
Types of Fraud (Cont.)
Three main types of fraud committed for a company Senior management financial reporting fraud Accounting cycle fraud Bribery
Healthcare fraud defined as Misrepresentation of fact for payment of a claim Theft of money or property belonging to a health
plan or health insurance company
© Pearson Education Computer Forensics: Principles and Practices 22
Common Types of Healthcare Fraud
Fraud Description Perpetrated By
Phantom billing Charging for services not performed
Billing or healthcare provider
Upcoding Charging for a more expensive service
Billing or healthcare provider
Doctor shopping Visiting multiple doctors to get multiple prescriptions
Patient
Unnecessary care Giving unnecessary surgeries, tests, or other procedures
Healthcare provider
Misrepresenting services
Performing uncovered services but billing insurance companies for different services
Billing or healthcare provider
(Continued)
© Pearson Education Computer Forensics: Principles and Practices 23
Common Types of Healthcare Fraud (Cont.)
Fraud Description Perpetrated By
Unbundling Charging separately for procedures that are actually part of a single procedure
Billing or healthcare provider
Masquerading as health-care professionals
Delivering healthcare services without proper licenses
Fraudster
Identity theft Using another person’s health insurance card or identification to obtain health care or to impersonate that individual
Patient
© Pearson Education Computer Forensics: Principles and Practices 24
Types of Fraud (Cont.)
Relationship of job level and type of fraud committed Senior management—financial statement fraud Operating management—bribery and corruption Administrative management—asset
misappropriation Employees—embezzlement Nonemployees—conflict of interest Medical doctors or healthcare providers—
phantom billing, upcoding, unnecessary care
© Pearson Education Computer Forensics: Principles and Practices 25
In Practice: Fraudulent Dossier about Saddam’s Regime British government maintained that trusted
intelligence sources had produced a report on Saddam Hussein
Analysis of document revealed report was created by Foreign Office and Downing Street staffers http://www.number10.gov.uk/Page271 http://www.joeant.com/DIR/info/get/10381/118599 http://www.computerbytesman.com/privacy/blair.htm
© Pearson Education Computer Forensics: Principles and Practices 26
Types of Fraud (Cont.)
Why fraud is not reported Insufficient police resources to investigate it Concern that a lengthy investigation will be
expensive and not worth the cost Concern that the news will harm the brand image
or business reputation and scare away customers
© Pearson Education Computer Forensics: Principles and Practices 27
Characteristics and Symptoms of Fraud Three factors common in all fraud:
Pressure Opportunity Rationalization
© Pearson Education Computer Forensics: Principles and Practices 28
Characteristics and Symptoms of Fraud (Cont.) Pressures that most commonly drive people
to commit fraud are financial Financial pressures include
Greed or living beyond one’s means High bills, personal debt, or poor credit Personal financial losses or unexpected financial
needs Vices or addictions Expensive extramarital relationships
© Pearson Education Computer Forensics: Principles and Practices 29
Characteristics and Symptoms of Fraud (Cont.) Weaknesses in organizations that create
opportunities to commit fraud include: Lack of controls that prevent or detect fraud Overriding of internal controls Failure to search out and discipline fraud
perpetrators Lack of access to information Lack of an audit trail, of which the perp is aware
© Pearson Education Computer Forensics: Principles and Practices 30
Characteristics and Symptoms of Fraud (Cont.) Rationalization for fraud
Most difficult to investigate because it cannot be seen
Certain questionable behaviors can be rationalized and eventually escalate into massive fraud Case of Jack Abramoff –Formerly Powerful republican lobbyist
© Pearson Education Computer Forensics: Principles and Practices 31
In Practice: Jack Abramoff
Abramoff’s e-mails indicated that he blatantly deceived Indian tribes and did business with people linked to the underworld
Choctaw Indians gave Abramoff more than $80 million between 2000 and 2003
Abramoff pleaded guilty to engaging in conspiracy involving corruption of public officials, fraud, and tax evasion http://www.npr.org/templates/story/story.php?storyId=5081540
© Pearson Education Computer Forensics: Principles and Practices 32
Fraud Investigation and Deterrence
Perception of detection can be an effective deterrent to fraud
Companies need to educate employees that computer forensics experts can find out everything they do and tie it to a particular person
© Pearson Education Computer Forensics: Principles and Practices 33
Digital Forensic Accounting
Forensic accounting involves identifying, collecting, analyzing, and interpreting financial data with reports and expert opinions that will stand up in legal actions
Three high-profile forensic accounting cases: Adelphia Global Crossing Tyco
© Pearson Education Computer Forensics: Principles and Practices 34
Digital Forensic Accounting (Cont.)
General purposes of forensic accounting investigations Fraud investigation Dispute analysis or litigation Data recovery
SEC Relaxes Policy on Routine E-mail Inspection
© Pearson Education Computer Forensics: Principles and Practices 35
Reasons for Forensic Accounting InvestigationsReasons Forensics Investigator Hired By
To investigate suspicions that fraud has occurred
Management
To provide expert witnesses in court to help quantify damages from a contract that has gone bad or some other business dispute
Lawyer
To investigate a company before entering into a contract
Investors, venture capitalists, potential business partners
To investigate a company before contemplating a merger
Investors, venture capitalists, potential business partners
(Continued)
© Pearson Education Computer Forensics: Principles and Practices 36
Reasons for Forensic Accounting InvestigationsReasons Forensics Investigator Hired By
To investigate a company before contemplating a merger
Investors, venture capitalists, potential business partners
To investigate a company before investing in their stock
Financial services
To determine whether a company problem was due to error or fraud
Lawyers, prosecutors
© Pearson Education Computer Forensics: Principles and Practices 37
Comparison of Forensic Accounting Fraud and InvestigationForensic Accounting Fraud Examination
A broad discipline applying accounting skills to legal matters in a wide range of issues
A focused discipline relating entirely to the issue of fraud
Addresses a past event Addresses past, present, and future events
Uses financial information Uses financial and nonfinancial information
Produces information about finances Produces information about finances, people, and their actions
For use in judicial proceedings For use in business and government internal proceedings and private and judicial proceedings
© Pearson Education Computer Forensics: Principles and Practices 38
Summary
More and more frauds are perpetrated using computers and networks
Fraudster could be disgruntled employee, greedy executive, or unethical business partner
Pressure, opportunity, and rationalization are elements of every fraud Cybercrime.gov Behavioral Red Flag
© Pearson Education Computer Forensics: Principles and Practices 39
Summary (Cont.)
Prosecutor must show intent and deceit in order to prove fraud
E-evidence can show intent and deceit “Forensic” in financial investigations implies
that the information can be used in court Forensic accounting is the investigation and
analysis of financial evidence Requires proper procedures and detailed
evidence to ensure admissibility
Fraud Video Links
Fraud Investigation & Dispute Services
Forensic Accountant-David Malamed James Bierstaker Forensic
Jonathan Barnett - WTC7 forensic engineer – REVISITED DELOITTE FINANCIAL ADVISORY SERVICES ESTABLISHES DELOI
http://deloitte.com/dtt/section_node/0,1042,sid%253D148425,00.html
The Profiles Series - Association of Certified Fraud Examine
Princeton University Exposes Diebold Flaws
© Pearson Education Computer Forensics: Principles and Practices 40