Working Capital Management
Fraud and Forensic Accounting In a Digital Environment
White Paper for The Institute for Fraud Prevention
Conan C. Albrecht Marriott School of Management Brigham Young University conan@warp.byu.edu
Fraud and Forensic Accounting In a Digital Environment
ABSTRACT This paper discusses four aspects of computeraided fraud detection that are of primary interest to fraud investigators and forensic accountants: data mining techniques for the detection of internal fraud, ratio analysis for the detection of financial statement fraud, the issues surrounding external information sources, and computer forensics during fraud investigations. It provides an informative background and then details the current status of research in each area. It describes what is currently unknown, and it proposes future research topics.
Keywords: Fraud, Computer Forensics, Proactive Fraud Detection, Digital Accounting
1 INTRODUCTION The modern digital environment offers new opportunities for both perpetrators and investigators of fraud. In many ways, it has changed the way fraud examiners conduct investigations, the methods internal auditors use to plan and complete work, and the approaches external auditors take to assess risk and perform audits. While some methods, such as online working papers, are merely computerized versions of traditional tasks, others, such as risk analysis based on neural networks, are revolutionizing the field. Many auditors and researchers find themselves working amid an everchanging workplace, with computerbased methods leading the charge. Perhaps the most difficult aspect to computerbased techniques is the application of a single term to a wide variety of methods like digital analysis, electronic evidence collection, data mining, and computer forensics. Indeed, computerbased fraud detection involves a plethora of different technologies, methodologies, and goals. Some techniques require a strong background in
White Paper for The Institute for Fraud Prevention
Conan C. Albrecht Marriott School of Management Brigham Young University conan@warp.byu.edu
Fraud and Forensic Accounting In a Digital Environment
ABSTRACT This paper discusses four aspects of computeraided fraud detection that are of primary interest to fraud investigators and forensic accountants: data mining techniques for the detection of internal fraud, ratio analysis for the detection of financial statement fraud, the issues surrounding external information sources, and computer forensics during fraud investigations. It provides an informative background and then details the current status of research in each area. It describes what is currently unknown, and it proposes future research topics.
Keywords: Fraud, Computer Forensics, Proactive Fraud Detection, Digital Accounting
1 INTRODUCTION The modern digital environment offers new opportunities for both perpetrators and investigators of fraud. In many ways, it has changed the way fraud examiners conduct investigations, the methods internal auditors use to plan and complete work, and the approaches external auditors take to assess risk and perform audits. While some methods, such as online working papers, are merely computerized versions of traditional tasks, others, such as risk analysis based on neural networks, are revolutionizing the field. Many auditors and researchers find themselves working amid an everchanging workplace, with computerbased methods leading the charge. Perhaps the most difficult aspect to computerbased techniques is the application of a single term to a wide variety of methods like digital analysis, electronic evidence collection, data mining, and computer forensics. Indeed, computerbased fraud detection involves a plethora of different technologies, methodologies, and goals. Some techniques require a strong background in
References: ACFE (2008). 2008 Report to the Nation. The Association of Certified Fraud Examiners. Agyemang, M., Barker, K., & Alhajj, R. (2006). A comprehensive survey of numeric and symbolic outlier mining techniques. Intelligent Data Analysis, 10, 521538. AICPA (2002). SAS No. 99: Consideration of Fraud in a Financial Statement Audit Summary. Albrecht, C. C., Albrecht, W. S., & Dunn, J. G. (2000). Conducting a ProActive Fraud Audit: A Case Study. Journal of Forensic Accounting, II, 203218. Albrecht, C. C. (2008). Detectlets: A New Approach to Fraud Detection. In European Academy of Management at Ljubljana, Slovenia. Albrecht, W. S., & Albrecht, C. C. (2002). Root Out Financial Deception. Journal of Accountancy, 3033. Albrecht, W. S., Albrecht, C., & Albrecht, C. C. (2008). Current Trends in Fraud and its Detection. Information Security Journal: A Global Perspective, 17(1). Albrecht, W. S., Albrecht, C. C., Albrecht, C. O., & Zimbelman, M. (2009). Fraud Examination (3). SouthWestern Cengage Learning. Beasley, M. S., & Jenkins, J. G. (2003). The Relation of Information Technology and Financial Statement Fraud. Journal of Forensic Accounting, 4, 217232. Bell, T. B., & Carcello, J. V. (2000). Research Notes, A decision aid for assessing the likelihood of fraudulent financial reporting. Auditing: A Journal of Theory and Practice, 19(1), 169175. Benish, M. (1999). The Detection of Earnings Manipulation. Financial Analysts Journal, 55, 2436. Black, J. (2002). Public Records in Public ViewOnline?. Business Week Online. Bolton, R. J., & Hand, D. J. (2001). Unsupervised profiling method for fraud detection. In Conference of Credit Scoring and Credit Control VII, Edinburgh, UK. Busta, B. (1998). Randy Weinberg. Using Benford 's law and neural networks as a review procedure, 13(6), 356366. Cameron, P. (2001). You Can 't Hide from Accurint. Law Technology News, 8(9). Causey, B. (2005). How To Respond To Attacks. Certification Magazine. Cecchini, M., Aytug, H., Koehler, G., & Pathak, P. (2005). Detecting Management Fraud in Public Companies. University of Florida Fisher School of Business. Cho, W. K. T., & Gaines, B. J. (2007). Breaking the (Benford) Law: Statistical Fraud Detection in Campaign Finance. The American Statistician, 61(3), 218223. Coglitore, F. J., & Matson, D. M. (2007). The Use of ComputerAssisted Auditing Techniques in the Audit Course: Further Evidence. Journal of Forensic Accounting, VIII, 201226. Daily Tar Heel (2007). Report on Social Security Number Fraud. University of North Carolina at Chapel Hill, April 26. Dixon, P. D. (2005). An overview of computer forensics. IEEE Potentials, 24(5), 710. Eining, M. M., Jones, D. R., & Loebbecke, J. K. (1997). Reliance on Decision Aids: An Examination of Auditors ' Assessment of Management Fraud. Auditing: A Journal of Theory and Practice, 16(2). Freeman, E. H. (2006). Disclosure of Information Theft: The ChoicePoint Security Breach. Information Systems Security, 1115. Frost, M. (2004). Finding Skeletons in Online Closets. Searcher, 12(6), 5460. Gavish, A. (2007). The Hidden Costs of Computer Misconduct. Security. Green, B. P., & Choi, J. H. (1997). Assessing the Risk of Management Fraud Through Neural Netowrk Technology. Auditing: A Journal of Theory and Practice, 16(1). Grove, H., & Cook, T. (2004). Lessons for Auditors: Quantitative and Qualitative Red Flags. Journal of Forensic Accounting, V, 131146. Hansen, J., McDonald, J., Messier, W., & Bell, T. (1996). A Generalized Qualitative Response Model and the Analysis of Management Fraud. Management Science, 42, 10221033. Heel, D. T. (2007). Report on Social Security Number Fraud. University of North Carolina at Chapel Hill. Hermanson, D. R., Moran, B., Rossie, C. S., & Wolfe, D. T. (2006). Continuous Monitoring of Transactions to Reduce Fraud, Misuse, and Errors. Journal of Forensic Accounting, VII, 1730. Hill, T. P. (1995). A Statistical Derivation of the Significant Digit Law. Statistical Science, 10, 354363. Jones, M. W. (2008). Does Google Have Its GeoEye On You. . Electronic document, http://tech.blorge.com/Structure:%20/2008/10/10/doesgooglehaveitsgeoeye onyou/, accessed . Kirkos, E., Spathis, C., & Manolopoulos, Y. (2007). Data mining for the detection of fraudulent financial statements. Expert Systems with Applications, 23. Kou, Y., Lu, C., & Sirwongwattana, S. (2004). Survey of Fraud Detection Techniques. In 2004 International Conference on Networking, Sensing, and Control (pp. 749 754). Kovalerchuk, B., Vityaev, E., & Holtfreter, R. (2007). Correlation of Complex Evidence in Forensic Accounting Using Data Mining. Journal of Forensic Accounting, VIII, 5388. Kuchta, K. J. (2001). Your Computer Forensic Toolkit. Information Systems Security. Lamoreaux, M. (2007). Internal Auditor Used Computer Tool to Detect WorldCom Fraud. Journal of Accountancy, 35. Lehman, M. W. (2008). Join the Hunt. Journal of Accountancy, 4649. Loebbecke, J., Eining, M., & Willingham, J. (1989). Auditors ' Experience with Material Irregularities: Frequency, Nature, and Detectability. Auditing: A Journal of Theory and Practice, 9, 128. Loebbecke, J. K., & J. J. Willingham, J. (1988). Review of SEC Accounting and Auditing Enforcement Releases. University of Utah. Loftus, J. T., & Vermeer, T. E. (2003). ProActive Fraud Auditing: Technology, Fraud Auditing, and Liquor. Journal of Forensic Accounting, IV, 307310. Lovett, R. W. (1955). Looking Around. Harvard Business Review. Marczewski, D., & Akers, M. (2005). CPA 's Perceptions of the Impact of SAS 99. CPA Journal, 75, 3840. Nigrini, M. J. (1999). I 've Got Your Number. Journal of Accountancy. Nigrini, M. J. (2000). Digital analysis using Benford 's Law. Global Audit Publications. Paletta, D. (2005). Regulating ChoicePoint: Whose Job Is It, Anyway?. American Banker. Phua, C., Lee, V., Smith, K., & Gaylor, R. (2005). A comprehensive survey of data miningbased fraud detection research. Working Paper. Procedure, S. (2008). Retrieved November 17, 2008 from http://www.securityprocedure.com/downloadpicaloopensourcealternativeacl audit. Rezaee, Z., Sharbatoghlie, A., Elam, R., & McMickle, P. L. (2002). Continuous Auditing: Building Automated Auditing Capability. Auditing: A Journal of Theory and Practice, 21(1). Samborn, H. V. (2002). No Place To Hide. ABA Journal. Smith, G. S. (2000). Black Tech Forensics: Collection and Control of Electronic Evidence. Journal of Forensic Accounting, I, 283290. Smith, G. S. (2005). Computer Forensics: Helping to Achieve the Auditor 's Fraud Mission. Journal of Forensic Accounting, VI, 119=134. Stafford, A. (2005). Information Brokers: Privacy In Peril. PC World, 101104. Summers, S. L., & Sweeny, J. T. (1998). Fraudulently Misstated Financial Statements and Insider Trading: An Empirical Analysis. The Accounting Review, 73(1), 131 146. Swartz, N. (2004). U.S. States Disagree About Online Access to Court Records. Information Management Journal, 11. Technology Expert (2008). Google 's Street View "Off the Map" at U.S. Military Bases. Retrieved November 17 from http://technologyexpert.blogspot.com /2008/03/googlestreetviewoffmapatus.html. Tyburski, G. (2004). Introduction to Online Legal, Regulatory, and Intellectual Property Research. SouthWestern Educational Pub. Waldrup, B., Capriotti, K., & Anderson, S. C. (2004). Forensic Accounting Techniques: A Defensible Investigatory Process for Litigation Purposes. Journal of Forensic Accounting, V, 116. Wells, J. T. (2002). Occupational Fraud: The Audit as Deterrent. Journal of Accountancy.