Create your luck to fight fraud

Fraud examiners often stumble upon unsought information. Here’s how to train yourself to find that info so you can detect other potential frauds, obtain evidence, recover fraud-related losses, identify and correct deficiencies, and more.

Marcus, the new CFO for a charter school group, is settling into his job overseeing multiple schools. He’s a CFE and a CPA with 15 years of public accounting experience. He’s audited charter schools for the last five years, which helped him land this new position. Steve, the CEO, is charismatic and seemingly intelligent, dedicated and supportive. Marcus accepted the job because he was convinced that Steve would be good to work with, and the budget for these schools was significantly higher than anywhere else Marcus had worked. He viewed this opportunity as a huge promotion with the potential to open up even bigger positions.

Everything changed for Marcus on Christmas Eve of 2015. On that day, he attended a holiday party at Steve’s house. The party was packed with teachers, staff and administrators. The event was catered with an open bar around a huge swimming pool. Steve took Marcus on a tour of the house, and everything was top of the line. Marcus was impressed with the 10-car garage that housed Steve’s sports cars.

Marcus enjoyed the party, but he wondered how Steve could afford his luxuries. Marcus knew how much money Steve made and quickly realized that things didn’t add up. But he’d only been in his job for about six weeks, so he didn’t want to jump to any conclusions. After the holidays, he began to do some digging.

Marcus eventually discovered multiple instances in Steve’s life of what appeared to be fraud. He went to the FBI and showed the white-collar crime special agent his evidence. The agent immediately opened an investigation. Marcus ended up wearing a wire for the next three months as he collected information about Steve and many others for the FBI. Three years later, Steve pleaded guilty to multiple state and federal charges and is now awaiting sentencing.

Would Marcus have found any of this evidence had he not attended the Christmas party? He clearly experienced some type of serendipity by stumbling on information he hadn’t sought while many others who received the same info failed to take any action whatsoever.

The story of Marcus and Steve, which is based on fact, illustrates how valuable serendipity might be for the fraud examiner who learns not only how to increase the probability of encountering unsought information but also how to properly manage such encounters.

Learning these skills might be especially important because organizations still don’t detect a significant number of material frauds, and about half of those they detect are because of unsought information obtained:

• From tips (40 percent).
• By accident (7 percent).
• When notified by law enforcement (2 percent).
• From confessions (1 percent).

(See the 2018 ACFE Report to the Nations on Occupational Fraud and Abuse)

Consequently, here we’ll attempt to teach about serendipity by defining it, explaining how it works and offering suggestions for managing it.

Serendipity defined

In the fraud context, serendipity is defined as fraud examiners accidentally stumbling upon unsought information that they successfully use to 1) detect a potential fraud 2) obtain evidence relating to a suspect’s innocence or guilt 3) build a case to assist an attorney with either a criminal or civil trial (or both) against a fraudster 4) recover fraud-related losses from insurance companies or fraudsters and/or 5) identify and correct control deficiencies to prevent future frauds. These consequences might depend heavily on how the fraud examiners process unsought information, which itself might depend on the nature of that unsought information.

Unsought information is defined as material for which a fraud examiner isn’t specifically looking for. Because looking for information is what fraud examiners do, some might argue that all information is sought information. However, a serendipity theorist has addressed this criticism by breaking serendipity down into four types: Walpolian, Mertonian, Bushian and Stephanian (Yaqub, 2018). [See "Types of Serendipity" at the end of this article.]

How serendipity works

When you encounter unsought information (whether you’re looking for information or not) you might 1) stop what you’re doing 2) focus your attention on the unsought information and consider if it’s relevant 3) pull out the big ideas and store them for later or share them with others 4) return to what you were previously doing (Erdelez 2000; Erdelez, 2004).

We saw this process in Marcus’ case. He was attending the holiday party when he judged Steve’s very nice house and high-end items to be relevant information that suggested Steve was living beyond his means. Marcus stored this red flag in his memory and decided to follow up on it later. Thus, the unsought information gave Marcus the predication needed to begin an investigation when he was back at work.

During or after an initial encounter with unsought information, you might have a conversation, learn something or observe something that triggers your processing of the big ideas you stored (Cunha, 2005; McCay-Peet and Toms, 2010). However, the impact of this trigger might depend on how you’ve been taught to behave by family, social groups, schools, bosses, colleagues, etc.; what else you know; how hard you’re willing to work; what resources are available in your work environment; what you’re currently working on and/or what other people are willing to do to help or hinder your efforts (McCay-Peet, 2011).

Marcus was in the right place at the right time, and his prior knowledge and experience with internal controls alerted him to potential fraud or at least got him thinking that something didn’t seem right. Furthermore, Marcus’ professional identity as a CFE and CPA motivated him to act with integrity by collecting additional information to determine if predication existed. After his meeting with the FBI, he then assisted with an investigation into the potential fraud despite the risk to his career with the charter school group and, potentially, with any future employer.

Once you begin processing stored information, you can combine it with additional information you possess (Cunha, 2005; McCay-Peet and Toms, 2010; Workman et al., 2014). If you don’t possess enough additional info, you might search for more. In fact, fraud examiners are used to asking the “who, what, when, where, why, how and how much” questions about frauds and suspects (Piper, 2014, p. 54). However, you might increase your ability to detect frauds, close fraud cases and prevent future frauds by also asking “who else, what else, when else, where else, why else, how else and how much else” questions (Piper, 2014, p. 77). These “else” questions encourage you to think big picture, view your fraud cases from different angles and use what you learn from cracking one fraud case to solve others.

Even if you don’t ask these “else” questions, you might yield the same kinds of insights when you’re working on fraud examinations that trigger your processing of stored information from similar or related cases (Cunha, 2005; McCay-Peet and Toms, 2010; Workman et al., 2014).

For example, Marcus identified a potential problem when he began to wonder how Steve could afford his lavish lifestyle. He reframed this question into wondering whether Steve had legitimate sources of income or, alternatively, was engaged in illegal activities (i.e., committing fraud). That new question led to a fraud examination that asked the “who, what, where, when, why, how and how much” questions about Steve’s crimes.

Yet merely arriving at these insights isn’t enough to benefit fraud examiners. You must also correctly recognize how you can use these insights to solve cases (Lawley and Tompkins, 2008; Makri and Blandford, 2012a), predict how much the outcome of relying on these insights will benefit you (Lawley and Tompkins, 2008; Makri and Blandford, 2012a) and decide whether to act on these insights (McCay-Peet, 2011).

For example, Marcus clearly presented a persuasive case for the FBI because the agency decided to expend resources to investigate Steve’s alleged frauds. Later, the FBI was able to convince prosecutors in the U.S. attorney’s office to pursue a criminal case against Steve.

On becoming serendipitous

Like Marcus, you can’t rely on blind luck if you wish to experience serendipity. Instead, you need to learn how to create serendipity. The first step involves learning how to increase your probability of encountering unsought information by doing one or more of the following.

Get into the habit of browsing information rather than always searching for specific information (Heinström, 2006). Unlike searches that force you to narrow the scope of the information you discover, browsing could give you unsought information that you could use now or in the future. For example, learning online about a rise in home mortgage default rates might make you wonder why mortgage-backed securities aren’t falling in value. Is there some fraud at play?

Introduce randomness into your life by avoiding strict routines that govern your days (Makri et al., 2014). While a strict routine would narrow the scope of your daily experiences, improvising what you’ll do from day to day gives you a chance to try new things, explore new places, meet new people, etc. For example, grab coffee at a different coffee shop each day to overhear different people conversing. One of those conversations might contain unsought information relevant to a case (e.g., my boss never takes a vacation).

Spend more time getting to know other types of people, especially those who are different from you and your circle of friends and acquaintances (Dantonio et al., 2012). Expand your social networks and access new perspectives, information sources and social opportunities to encounter unsought information. For example, befriend an art critic and you might hear gossip about the discovery of art forgeries.

Invest time and effort into expanding your knowledge about the world by actively learning new, unplanned material (Heinström, 2006). Some of what you learn might end up as stored information that a fraud examination triggers. For example, a fraud examiner who learns how cars work and break might recognize when a suspect lies about a specific type of car trouble.

The second step involves learning how to properly manage your encounters with unsought information by doing one or more of the following.

Learn how to be in the moment by using your five senses to observe what’s going on around you and identify the interesting and unusual (Makri et al., 2014). You could pick up on clues that others might miss. For example, you might pay extra attention to a person at a client’s site whose body language indicates a desire to hide what they’re doing (e.g., checks to see that nobody is watching them).

Learn how to more effectively store information not immediately germane but possibly relevant in the future if you store it effectively (Makri et al., 2014). Construct a storage system — whether in your memory, digitally or on paper — that allows you to retrieve bits of related information simultaneously and combine them with new material that could help form an insight. For example, you might accidentally learn that a division controller (i.e., the prime suspect) might be having a romantic relationship with the office manager (i.e., a potential accomplice) and file that sensitive information away mentally (or in a separate file from investigation folders) with other random details about the division controller (Pedneault, 2010).

Learn how to take down artificial boundaries that prevent you from combining seemingly unrelated pieces of information to obtain an insight (Makri et al., 2014). Once you give yourself permission, you might find yourself transferring what you’ve learned from one case to other cases, seeing new avenues of investigation that might not have otherwise occurred to you and thinking about your cases more broadly. For example, you might be looking into two separate frauds at two separate local companies when you realize that the frauds are identical. You accidentally notice that one company has a main suspect whose sibling works in the other company. It’s time to investigate that sibling, too.

Learn how to use your pattern-recognition skills to find how different pieces of information either support an unexpected pattern or break an expected pattern (Makri et al., 2014). If you do this, you’ll more effectively combine stored information with other information to develop valuable insights. For example, a company might have told you that it has separated duties between the person who handles cash and the person who records cash transactions. But then you accidentally observe the same person performing both duties, and you question if this control deficiency has allowed fraud.

You can learn how to clear your mind of thought, stress and emotion so you can be more open to experience external events consciously or internal events subconsciously (Makri et al., 2014). This open state, which some achieve via mindfulness meditation, could help you better observe, assess, identify, record and process key pieces of information. For example, if you have a clear mind while driving home from work on a normal day, you might notice a full parking lot at an underperforming store whose manager is being investigated for a small fraud. You might then wonder if the magnitude of the actual fraud is bigger than you thought. However, you might have missed out on this insight if your mind was distracted by, for example, mentally reviewing your to-do list while you drove past that store.

Learn how to take calculated risks that enable you to benefit from serendipity (Makri et al., 2014). In other words, experience with serendipity can help you develop better judgment about when and how best to invest your time, money and/or other resources into following up on a tangential lead that has the potential — yet isn’t guaranteed — to produce a highly desirable outcome.

For example, you might realize that a single, immaterial potential fraud you’re investigating is just the tip of the iceberg. So, you might have to take the risk of attempting to persuade corporate counsel to approve a broader investigation that involves multiple suspected frauds, which could make a sizeable, material dent in the company’s financial statements.

At first, you won’t find yourself easily changing your habits and behaviors to create your own serendipitous luck, but attaining these skills can improve your effectiveness and efficiency.

Don’t leave serendipity up to chance

We began by sharing the story of how Marcus, a new CFO, accidentally detected a red flag that suggested his CEO might be involved in a fraud. Marcus, who initiated a fraud examination, discovered enough evidence for prosecutors to build a strong case against the CEO, which secured Steve’s conviction.

This sequence of events, and other examples here, illustrates how serendipity might help a fraud examiner successfully detect fraud. Serendipity might prove too important in a fraud examiner’s professional life to leave it up to chance. You’ll become a better fraud examiner, and possibly deter and prevent more fraud, if you can learn how to create serendipity and use it.

Richard G. Brody, Ph.D., CFE, is the Douglas Minge Brown Professor of Accounting at the University of New Mexico in Albuquerque. Contact him at brody@unm.edu.

Elena Klevsky, Ph.D., CPA, is an assistant professor of accounting at the University of New Mexico in Albuquerque. Contact her at eklevsky@unm.edu.

Ryan Knight, is an instructor of accounting at the University of New Mexico in Albuquerque. Contact him at rcknight@unm.edu.

Sources

Association of Certified Fraud Examiners. “Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse,” Austin, Texas.

Cunha, M. P. e., “Serendipity: Why Some Organizations are Luckier than Others,” 2005, Universidade Nova de Lisboa, Faculdade de Economia.

Dantonio, L., Makri, S., & Blandford, A., “Coming across academic social media content serendipitously,” Proceedings of the American Society for Information Science and Technology, volume 49, issue 1, pages 1-10, 2012.

Erdelez, S. (2000). “Towards Understanding Information Encountering on the Web,” in Proceedings of the ASIS Annual Meeting, volume 37, pages 363-71, 2000.

Erdelez, S., “Investigation of information encountering in the controlled research environment,” Information Processing & Management, volume 40, issue 6, November 2004, pages 1013-1025.

Heinström, J., (2006). “Psychological factors behind incidental information acquisition,” Library and Information Science Research, volume 28, issue 4, Winter 2006, pages 579 to 594.

Lawley, J., & Tompkins, P., “Maximising Serendipity: The art of recognising and fostering unexpected potential - A Systemic Approach to Change,” 2008.

Makri, S., & Blandford, A., “Coming across information serendipitously – Part 1: A process model,” Journal of Documentation, volume 68, issue 5, 2012, pages 684-705.

Makri, S., Blandford, A., Woods, M., Sharples, S., & Maxwell, D., “ ‘Making my own luck’ ”: Serendipity strategies and how to support them in digital information environments,” Journal of the Association for Information Science and Technology, March 5, 2014.

McCay-Peet, L. “Exploring Serendipity’s Precipitating Conditions,” Human-Computer Interaction–INTERACT 2011, pages 398-401, Springer Berlin Heidelberg.

McCay-Peet, L., & Toms, E. G., “The process of serendipity in knowledge work,” Proceedings of the third symposium on Information interaction in context, August 2010, pages 377-382, ACM.

Pedneault, S., “Anatomy of a Fraud Investigation: From Detection to Prosecution,” February 2010, John Wiley and Sons.

Piper, C. (2014). “Investigator and Fraud Fighter Guidebook: Operation War Stories,” April 2014, John Wiley and Sons.

Workman, T. E., Fiszman, M., Rindflesch, T. C., & Nahl, D. (2014). "Framing Serendipitous Information‐Seeking Behavior for Facilitating Literature‐Based Discovery: A Proposed Model,” Journal of the Association for Information Science and Technology, volume 65, issue 3, March 2014, pages 501-512.

Yaqub, O. (2018), “Serendipity: Towards a taxonomy and a theory,” Research Policy, volume 47, issue 1, February 2018, pages 169-179.

Types of serendipity

We’ll use the investigation of an embezzlement by a division controller of a nonprofit (Pedneault, 2010) to describe each type of serendipity (Yaqub, 2018):

Walpolian serendipity (named after Horace Walpole who coined the word “serendipity” in 1754) can occur when a fraud examiner searching for evidence of a particular fraud (e.g., the division controller using one of the nonprofit’s credit cards for personal purchases) finds evidence of another previously undetected fraud (e.g., another employee at that division using a different company credit card, also issued by the nonprofit, for personal purchases).

Mertonian serendipity (named after Robert K. Merton who studied the history of the word “serendipity”) can occur when a fraud examiner searching for one type of evidence about a particular fraud (e.g., credit card statements showing how much of the nonprofit’s company money was used for non-business purposes) finds another type of evidence about that particular fraud (e.g., bank statements showing where the money used for non-business purposes came from).

Bushian serendipity (named after Vannevar Bush, engineer and author of “Science, The Endless Frontier: A Report to the President,” 1945) can occur when a fraud examiner not searching for anything in particular comes across a red flag or evidence of a fraud (e.g., a whistleblower tip about the division controller using one of the nonprofit’s credit cards for personal purchases that comes with a copy of one month’s credit card statement).

Stephanian serendipity (named after Paula Stephan, economist and author of “How Economics Shapes Science,” 2012) can occur when a fraud examiner not searching for anything in particular comes across evidence of control deficiencies that might leave the company open to certain types of fraud that may be found in the future (e.g., no reconciliations of member payment records and bank deposits of member payments).

Based on these examples, we could argue that fraud examiners and their clients might encounter multiple types of serendipity related to a single fraud examination. So, it’s important and beneficial that fraud examiners learn how to properly deal with serendipity.