Fraud Edge

The Challenge of Teaching Fraud Examination and Forensic Accounting in a Digital World

Please sign in to save this to your favorites.
Written by: Timothy Pearson, Ph.D., CPA Richard A. Riley, Jr., Ph.D., CFE, CPA
Date: November 1, 2011
Read Time: 11 mins
Fraud Investigation and Examination Fraud Prevention and Deterrence

One extremely challenging area in the higher-education classroom is teaching the digital aspects of fraud examination and forensic accounting. Whether it is a series of information technology demonstrations, a singular class project, or an entire course dedicated to information technologies and their impact on fraud, it is imperative to include an examination of digital tools and electronic data.   

Cyberfraud and modern-day technological tricks of the trade require instructors to be on the cutting — if not the bleeding edge — of technology. However, monitoring, studying and obtaining CPEs on the latest and greatest cyber-schemes is only the beginning. The hard aspects of teaching fraud examination and forensic accounting in a digital environment include keeping pace with:  

  • The role of computers (hardware, software, processes and data) in financial crimes and forensic accounting.  
  • Cybercrimes, to include traditional or new schemes adapted to new technology.  
  • Digital evidence issues.  
  • Data extraction and analysis software (data analytics and mining).  
  • Graphical analysis, which includes investigation and communication skills. 
  • Case management software.   

The purpose of this column is to address each of these aspects so instructors can see the full scope of teaching topics and decide what they want to include.

ROLE OF THE COMPUTER IN CRIME  


Donn B. Parker, a cybercrime authority and author, argues that there are four possible functions of a computer in a crime:
  • The computer as a victim — subject to sabotage, theft or destruction.
  • The computer as a facilitator of crime against other computers (i.e., virus attacks, illegal access, etc.).
  • The computer as a facilitator of crime against people (i.e., electronic bank account embezzlement, theft of proprietary information or hacking).
  • The computer as a source of unfounded credibility (i.e., to lure victims into a pyramid scheme or another traditional fraud scheme that has been adapted to the digital environment).

In many cases, fraudsters have found that old schemes can yield more ill-gotten gains by utilizing the speed, power and global access of computers and other digital devices. For example, Ariana Eunjung Cha reported in "Thieves Find Exactly What They're Looking for on EBay," from the Jan. 6, 2005, issue of The Washington Post, that thieves earn 76 percent gross margins when selling stolen goods on eBay, versus 10 percent when selling those same goods on the street. Just about every traditional scam can be facilitated or perpetrated over the Internet. Some examples of traditional schemes adapted to technology include identity theft, online gambling, securities fraud, theft of trade secrets and industrial or economic espionage.

Additionally, cybercrime has led to new opportunities for criminal activity. Examples include hacking, spamming, theft of electronic intellectual property, unauthorized access (i.e., defeating access controls), malicious code (i.e., computer viruses), denial-of-service attacks, theft of service (i.e., telecom fraud) and investment and financial frauds. Some cybercrimes, such as information warfare, have national security implications. In fact, the U.S. government has deemed certain types of cyber-attacks as acts of war that can result in retaliation.

According to the National White Collar Crime Center (NW3C) 2010 Internet Crime Report, the top 10 Internet schemes, as of December 2010, were:

  • Non-delivery payment/merchandise, 14.4 percent.
  • FBI-related scams, 13.2 percent.
  • Identity theft, 9.8 percent.
  • Computer crimes, 9.1 percent.
  • Miscellaneous fraud, 8.6 percent.
  • Advance fee fraud, 7.6 percent.
  • Spam, 6.9 percent.
  • Auction fraud, 5.9 percent.
  • Credit card fraud, 5.3 percent.
  • Overpayment fraud, 5.3 percent.

The Federal Trade Commission accumulated a list based on complaints it received for 2010. (See Figure 1 to the left.) Almost every scheme can be facilitated by computer mischief. Computers also play a role in money laundering. Criminals are trying to disguise the origins of money obtained through illegal activities so it looks like it was obtained from legal sources.

Techniques include transferring money through several countries in order to obscure money transfers using a series of Internet-accessible bank accounts, wagering on Internet gaming sites, artificial purchases on auction sites and the traditional organized-crime practice of mixing legitimate businesses with illegal transactions. Since the beginning of criminal enterprise, the bad guys have used banks as a means to launder money. Online and mobile banking only makes following the money trail more difficult than ever.

THE NATURE OF DIGITAL EVIDENCE  

Just as fraudsters can perpetrate their crimes faster with technology, so can fraud examiners be more expeditious in their investigations. Analyzing digital evidence versus a paper trail can be more efficient, especially when large amounts of evidence are concerned. In a May 26 article, "Small Businesses Fight IRS Over Data," by Laura Saunders, The Wall Street Journal reported that the IRS now is telling companies it is auditing that it wants digital images of those taxpayers' bookkeeping and accounting records and also providing guidelines to its employees on using those records.

The IRS recognizes that hard copies of tax documents can create verification problems, and the need for digital evidence and audit techniques is increasingly important as turnaround times shorten, audit engagement budgets tighten and cost-benefit considerations become more important in litigation decisions.

In the context of fraud examinations, controls testing must be handled and examined with speed and accuracy. Electronic imaging allows fraud examiners to scan evidence and case documents into an electronic format for easy storage and retrieval. This process normally entails significant coding to facilitate ease of access. Once done, however, fraud examiners can capture, sort, analyze and retrieve the data with ease.

Computer forensics in a digital environment involves using specialized tools to capture evidence housed on computer hardware and embedded in software applications so that the evidence's integrity and chain of custody are protected and can be admitted into a court of law. (By the way, electronic evidence refers to any evidence captured in digital format found on computers and similar electronic media devices. As such, electronic evidence can be retrieved from desktop computers, notebook computers, network servers, backup storage medium, mobile phones, personal digital assistants, handheld computers, CDs, DVDs, digital cameras, stick drives, GPS devices or virtually any other electronic device or storage medium. Email is a particularly rich source of digital evidence.)

The initial acquisition of evidence in a digital environment continues to be a major concern in the field. Auditors, fraud auditors and forensic accountants may attempt to do too much when they first encounter digital evidence. For example, the simple act of turning on a confiscated computer, digital camera or mobile phone may make the evidence on that device inadmissible in a courtroom. As soon as a device is turned on, it starts writing logs, overwriting temporary files and performing other activities that alter the structure of the data on the storage drive. In such cases, the defense can argue that the digital evidence has been corrupted or at least tampered with. Without a forensically solid approach, it may not be proven beyond a reasonable doubt what the data looked like before the device was taken into custody and imaged.

Consistent with other aspects of the fraud and forensic accounting engagement, fraud examiners should maintain good working papers and be able to demonstrate the foundations of their work. In an electronic world, audit trails and comprehensive logs are best practices. As an example, if the data extraction and analysis require multiple steps, each step and its result should be documented. Forensic software can help fraud professionals with this process.

EXTRACTING DATA   

Data mining and knowledge discovery software are generally classified by their functionality. Tools include wizards to ease the import of file types, and they typically have "point and click" functions to carry out various tests. Software options include: ACL, IDEA Data Analysis Software, Picalo, SAS and SPSS, among many others.  

A more extreme approach is to install employee-monitoring software, such as Awareness Technologies' InterGuard, which literally monitors all employee-generated IT activity.

PROTECTING DIGITAL EVIDENCE  

Instructors should be familiar with various tools to gather and protect digital evidence. Road MASSter is a portable computer forensics lab that examiners use to acquire and analyze electronic data and preview and image hard drives. EnCase is another tool for the digital imaging of hard drives and other storage medium. EnCase acquires data in a forensically sound manner that generally is accepted in courtrooms. Newer tools permit imaging hard drives without removing them from the computer and also allow for triage to discard irrelevant, memory-hogging data.

Guidelines for forensically sound hard-drive imaging tools are:

  • The tool makes a bit-stream duplicate or an image of an original disk or partition.
  • The tool will not alter the original disk.
  • The tool is able to verify the integrity of a disk image file.
  • The tool logs I/O (input/output) errors.
  • The tool's documentation is correct.

"E-discovery rules" require organizations to provide email and other electronic files that go back in time in a manner similar to that of paper files; this increases the chance of successfully recovering emails and other deleted files. Text-mining tools then can applied to anomalous communication patterns.

It is also possible to use tools like Wireshark with CACE Pilot, which capture packets of transmitted data to see what folks are sending through networks.

DETECTION AND INVESTIGATION IN A DIGITAL ENVIRONMENT  

Business software helps companies keep track of customers, suppliers, vendors and employees and to analyze performance trends and other important company attributes. These programs also can be configured to identify control weaknesses in business processes and anomalies in accounting records. Fraud examiners and auditors often use data analysis software as the ultimate systems for detecting potential fraud that otherwise would prove extremely difficult to discover.

Risk assessment software can be utilized to scan company databases for red flags. Most software packages use a combination of functions, including:

  • Sorting.  
  • Descriptive statistics and characteristics.  
  • Record selection and extraction.  
  • Joining files and looking for mismatches. 
  • Multiple file processing.  
  • Correlation analysis.  
  • Verifying multiples of a number (examining the relationship between quantities and prices).  
  • Compliance verification.  
  • Gap and duplicate searches.  
  • Vertical ratio analysis. 
  • Horizontal ratio analysis.  
  • Date functions. 
  • Recalculations. 
  • Transactions and balances exceeding expectations.  

A PICTURE IS WORTH A THOUSAND PROSECUTIONS  


One of the most important enhancements to data analysis programs is to provide pictorial representations of the data. Some software tools are specifically geared for transforming raw data into visual representations. Graphics have at least four distinct roles in an investigation. First, they can be used as an investigative tool, helping the investigator to "see" the case in ways that he or she had not previously considered. Secondly, graphics can help the investigator identify holes in the case or problem areas. Visuals also can identify questions that need to be answered to wrap up a case. Lastly, graphics can be useful to communicate investigative findings, conclusions and results to supervisors, clients, judges and juries. Case outcomes often hinge on the fraud professional's ability to take complex ideas, relationships and findings and express them in a more accessible, meaningful manner.  

With graphics, fraud examiners can answer who, what, when, where, why and how of a case; address the fraud triangle to the extent that evidence is available; show the elements of fraud (the act, the concealment and the conversion); and illustrate the perpetrator's motivation (money, ideology, coercion or ego — also known as MICE).

CASE MANAGEMENT SOFTWARE  

Fraud examiners use case management software to manage cases and case data, organize evidence and present information for use in reports or during testimony. Case management software is particularly helpful when investigating:

  • Money laundering.
  • Activities spread out across time and geography.
  • Compliance issues.
  • Complex financial statement fraud.
  • Organized crime.
  • Drug trafficking.
  • Terrorism financing.

Two examples of case management software are Analyst's Notebook i2 and Lexis-Nexis CaseMap.

SIMPLIFYING THE CHALLENGE  

Understanding fraud schemes and financial crimes in the context of information technology and exposing anti-fraud students to digital tools and techniques are critical elements toward creating well-rounded professionals. We encourage every academic to reach out to their alumni and area professionals to begin dialogues on how to partner to incorporate the necessary skill sets. These practicing professionals and their technology vendors also can provide demonstrations of their tools to expose students to what is possible.  

(Editor's note: The authors have no relationships with the companies that sell the products included in this column. The authors mention the products only as possibilities among many others.)

Timothy A. Pearson, Ph.D., CPA, is the coordinator of accounting graduate programs and past chair of the Department of Accounting and Management of Information Systems at West Virginia University in Morgantown. He is executive director of the Institute for Fraud Prevention, an industry-supported research center founded by the ACFE, which was featured in the cover story of the January/February 2010 edition of Fraud Magazine. 

Richard "Dick" A. Riley Jr., Ph.D., CFE, CPA, is a Louis F. Tanner Distinguished Professor of Public Accounting in the College of Business and Economics at West Virginia University in Morgantown. He is chair of the ACFE Higher Education Advisory Committee and the vice president of operations and research for the Institute for Fraud Prevention.  

 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.fraud-magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be e-mailed to: FraudMagazine@ACFE.com. 

Ad

Begin Your Free 30-Day Trial

Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.

Learn More Already a member? Sign In

You May Also Like