TrimSize:6inx9in Vona186793 ffirs.tex V1-11/29/2016 9:35am Pagei (cid:2) Fraud Data Analytics Methodology (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Vona186793 ffirs.tex V1-11/29/2016 9:35am Pageii (cid:2) The Wiley Corporate F&A series provides information, tools, and insights to corporateprofessionalsresponsibleforissuesaffectingtheprofitabilityoftheir company,fromaccountingandfinancetointernalcontrolsandperformance management. Foundedin1807,JohnWiley&Sonsistheoldestindependentpublishing companyintheUnitedStates.WithofficesinNorthAmerica,Europe,Asia,and Australia,Wileyisgloballycommittedtodevelopingandmarketingprintand electronicproductsandservicesforourcustomers’professionalandpersonal knowledgeandunderstanding. (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Vona186793 ffirs.tex V1-11/29/2016 9:35am Pageiii (cid:2) Fraud Data Analytics Methodology The Fraud Scenario Approach to Uncovering Fraud in Core Business Systems LEONARD W. VONA (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Vona186793 ffirs.tex V1-11/29/2016 9:35am Pageiv (cid:2) Copyright©2017byJohnWiley&Sons,Inc.Allrightsreserved. PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey. PublishedsimultaneouslyinCanada. Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,or transmittedinanyformorbyanymeans,electronic,mechanical,photocopying, recording,scanning,orotherwise,exceptaspermittedunderSection107or108ofthe 1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthe Publisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetothe CopyrightClearanceCenter,Inc.,222RosewoodDrive,Danvers,MA01923,(978) 750-8400,fax(978)646-8600,orontheWebatwww.copyright.com.Requeststo thePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,John Wiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201) 748-6008,oronlineathttp://www.wiley.com/go/permissions. LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveused theirbesteffortsinpreparingthisbook,theymakenorepresentationsorwarranties withrespecttotheaccuracyorcompletenessofthecontentsofthisbookand specificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessfora particularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentatives orwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbe suitableforyoursituation.Youshouldconsultwithaprofessionalwhereappropriate. Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyother commercialdamages,includingbutnotlimitedtospecial,incidental,consequential,or otherdamages. (cid:2) (cid:2) Forgeneralinformationonourotherproductsandservicesorfortechnicalsupport, pleasecontactourCustomerCareDepartmentwithintheUnitedStatesat(800) 762-2974,outsidetheUnitedStatesat(317)572-3993orfax(317)572-4002. Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand. Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincluded ine-booksorinprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthat isnotincludedintheversionyoupurchased,youmaydownloadthismaterialat http://booksupport.wiley.com.FormoreinformationaboutWileyproducts,visit www.wiley.com. LibraryofCongressCataloging-in-PublicationData: Names:Vona,LeonardW.,1955-author. Title:Frauddataanalyticsmethodology:thefraudscenarioapproachto uncoveringfraudincorebusinesssystems/LeonardW.Vona. Description:Hoboken,NewJersey:JohnWiley&Sons,[2017]|Includesindex. Identifiers:LCCN2016036161|ISBN9781119186793(cloth)| ISBN9781119270348(ePDF)|ISBN9781119270355(epub) Subjects:LCSH:Auditing.|Forensicaccounting.|Fraud—Prevention.| Auditing,Internal. Classification:LCCHF5667.V6592017|DDC658.4/73—dc23 LCrecordavailableathttps://lccn.loc.gov/2016036161 Coverdesign:Wiley Coverimage:©kentoh/Shutterstock PrintedintheUnitedStatesofAmerica 10 9 8 7 6 5 4 3 2 1 (cid:2) TrimSize:6inx9in Vona186793 ffirs.tex V1-11/29/2016 9:35am Pagev (cid:2) Thisbookisdedicatedtomyfamily,Patricia,Amy,David,andJeffrey, forsupportingmeinmyquesttoexplainfraudauditing.Inthe memoryofmydad,whotoldmetogotocollege,andthememory ofthewomenwhoshapedmylife. (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Vona186793 ffirs.tex V3-11/23/2016 8:49am Pagevii (cid:2) Contents Preface ix Acknowledgments xi Chapter1:IntroductiontoFraudDataAnalytics 1 Chapter2:FraudScenarioIdentification 17 Chapter3:DataAnalyticsStrategiesforFraudDetection 41 (cid:2) (cid:2) Chapter4:HowtoBuildaFraudDataAnalyticsPlan 81 Chapter5:DataAnalyticsintheFraudAudit 109 Chapter6:FraudDataAnalyticsforShellCompanies 127 Chapter7:FraudDataAnalyticsforFraudulent Disbursements 149 Chapter8:FraudDataAnalyticsforPayrollFraud 183 Chapter9:FraudDataAnalyticsforCompany CreditCards 205 Chapter10:FraudDataAnalyticsforTheftofRevenue andCashReceipts 227 Chapter11:FraudDataAnalyticsforCorruption OccurringintheProcurementProcess 247 vii (cid:2) TrimSize:6inx9in Vona186793 ffirs.tex V3-11/23/2016 8:49am Pageviii (cid:2) ◾ viii Contents Chapter12:CorruptionCommittedbytheCompany 269 Chapter13:FraudDataAnalyticsforFinancialStatements 285 Chapter14:FraudDataAnalyticsforRevenueand AccountsReceivableMisstatement 311 Chapter15:FraudDataAnalyticsforJournalEntries 333 AppendixA:DataMiningAuditProgramforShell Companies 349 AbouttheAuthor 363 Index 365 (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Vona186793 fpref.tex V1-11/23/2016 8:49am Pageix (cid:2) Preface E ven the world’s best auditor using the world’s best audit program cannot detect fraud unless their sample includes a fraudulent trans- action.Thatiswhyfrauddataanalyticsissoessentialtotheauditing profession. Fraudauditingisamethodologytoolusedtorespondtotheriskoffraud incorebusinesssystems.Themethodologymuststartwiththefraudriskiden- tification.Frauddataanalyticsisaboutsearchingforafraudscenarioversus adataanomaly.Ihaveoftenreferredtofrauddataanalyticsascodebreaking. Thefraudauditorisstudyingmillionsoftransactionsintheattempttofindthe needle in the haystack, called the fraud scenario. It is my hope that my years (cid:2) ofprofessionalexperienceinusingfrauddataanalyticswillmovetheauditing (cid:2) professiontobecomethenumber-onereasonforfrauddetection. This book is about the science of fraud data analytics. It is a systematic studyoffraudscenariosandtheirrelationshiptodata.Likeallscientificprin- ciples,thecontinualstudyofthescienceandthepracticalapplicationofthe sciencearebothnecessaryforsuccessinthediscoveryoffraudscenariosthat arehidinginallcorebusinesssystems. Themethodologydescribedinthebookisintendedtoprovideastep-by-step processforbuildingthefrauddataanalyticsplanforyourcompany.Thefirst fivechaptersexplaineachphaseoftheprocess.Laterchaptersillustratehow toimplementthemethodologyinassetmisappropriationschemes,corruption schemes,andfinancialreportingschemes. Thepractitionerwilllearnthatfrauddataanalyticsisbothascienceand an art. In baseball, there is a science to hitting a baseball. The mechanics of swinging a bat is taught to players of all ages. However, you can read all the books in the world about swinging a bat, but unless you actually stand in the batting box and swing the bat, you will never truly learn the art of hittingabaseball.Likewise,thefraudauditorneedstolearntoanalyzedata and to employ the tools to do so in order to be able to find fraud scenarios hidinginyourdatasystems. ix (cid:2) TrimSize:6inx9in Vona186793 flast.tex V1-11/23/2016 8:49am Pagexi (cid:2) Acknowledgments T omyfriendsatAudimationServices:CarolynNewman,JillDavies,and CarolUrsell.ItisbecauseofworkingwithyouthatIdevelopedtheart offrauddataanalytics. ToSheckCho(ExecutiveEditor),whoencouragedmetowritemybooks, andtotheeditorsatWiley,withoutyouIcouldnothavewrittenthisbook. ToNickiHindes,whokeepsmyofficegoingwhileItraveltheworld. Toallthosepeoplewhohaveinspiredme.Thankyou! (cid:2) (cid:2) xi (cid:2) TrimSize:6inx9in Vona186793 c01.tex V2-11/23/2016 8:49am Page1 (cid:2) 1 CHAPTER ONE Introduction to Fraud Data Analytics (cid:2) (cid:2) T he world’s best auditor using the world’s best audit program cannot detect fraud unless their sample includes a fraudulent transaction. This is why fraud data analytics (FDA) is so critical to the auditing profession. Howweusefrauddataanalyticslargelydependsonthepurposeoftheaudit project.Ifthefrauddataanalyticsisusedinawhistleblowerallegation,then the fraud data analytics plan is designed to refute or corroborate the allega- tion.Ifthefrauddataanalyticsplanisusedinacontrolaudit,thenthefraud dataanalyticswouldsearchforinternalcontrolcomplianceorinternalcontrol avoidance.Ifthefrauddataanalyticsisusedforfraudtesting,thenthefraud dataanalyticsisusedtosearchforaspecificfraudscenariothatishiddeninyour database.Thisbookiswrittenforfraudauditorswhowanttointegratefraud testingintotheirauditprogram.Theconceptsarethesameforfraudinvestiga- tionandinternalcontrolavoidance—whatchangesisthescopeandcontextof theauditproject. Interestingly,twoofthemostcommonquestionsheardintheprofession are, “Which fraud data analytic routines should I use in my audit?” and, “What are the three fraud data analytics tests I should use in payroll or disbursements?”Inonesense,therereallyisnowaytoanswerthesequestions 1 Fraud Data Analytics Methodology: The Fraud Scenario Approach to Uncovering Fraud in Core Business Systems, Leonard W. Vona © 2017 John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons Inc. (cid:2)