Fraud Management

RSM 306
CHARTERED INSTITUTE OF RISK AND SECURITY MANAGEMENT
PROFESSIONAL DIPLOMA IN RISK & SECURITY MANAGEMENT
STRATEGIC FRAUD MANAGEMENT
Module RSM 306
• Published by: Chartered Institute of Risk and Security Management

12 Highfields Road
Southerton
Harare, Zimbabwe
Chartered Institute of Risk and Security Management is a distance teaching and open learning
institution.
© Chartered Institute of Risk and Security Management: All rights reserved. No part of this publication
may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise, without the prior permission of the CIRSM.
RSM 306
To the student
This module contains information obtained from authentic and
highly regarded sources. Reasonable efforts have been made to
publish reliable data and information, but the compiler and
institution cannot assume responsibility for the validity of all
materials or the consequences of their use. The compiler and
institution have attempted to acknowledge the authors of all
material reproduced in this module.
RSM 306
CHARTERED INSTITUTE OF RISK AND SECURITY MANAGEMENT
"The Six Hour Tutorial Sessions"
As you embark on your studies with the Chartered Institute of Risk and Security Management (CIRSM)
by open and distance learning, we need to advise our students so that they can make the best use of our
modules and other learning materials, your time and the lecturers who attend to you virtually. The most
important point that students need to note is that in e-learning, there are no lectures like those found in
conventional face-to-face learning. Instead, there are learning packages that may comprise written
modules, audio recordings, video recordings and other referral materials for extra reading. All these
including WhatsApp, Telegram, Twits, Blogs, Skype, telephone and email can be used to deliver
learning to students. As such, at CIRSM, we expect the lecturers to lecture to students virtually on the
stipulated six-hour tutorials designed to give students robust introductory knowledge to their
programmes. We believe that the teaching and learning task is accomplished by the learning package
that students receive at registration.
What then is the purpose of the six-hour tutorial for each course on offer?
At CIRSM, like any other e-learning programmes, the students are at the core of learning. After they
receive the learning packages and other learning materials, it is obvious that they will come across
concepts/ideas that may not be that easy to understand or that are not so clearly explained. They may
also come across issues that they do not agree with, that actually conflict with the practice that they are
familiar with. Through interaction and discussion groups, friends can bring ideas that are totally
different and new and arguments may begin. Students may also find that an idea is not clearly explained
and they may remain with more questions than answers. They need someone to help them in such
matters. This is where the six-hour tutorial comes in.
For it to work, you need to know that:
 This is one requirement in e-learning
 The lecturer has to introduce the course adequately for students to progress on their
own.
Page 4 of 109 CIRSM
RSM 306
 The student should prepare questions, queries, clarifications, for the topics to the
discussed. For the lecturer to help you effectively, give him/her the concerns beforehand
so that in cases where information has to be gathered, there is sufficient time to do so. If
the questions can get to the lecturer at least two weeks before the tutorial, that will
create enough time for thorough preparation.
In the tutorial, the students are expected and required to take part all the time through contributing in
every way possible. They can give their views, even if they are wrong, (many students may hold the
same wrong views and the discussion will help correct the errors), they still help them learn the correct
thing as much as the correct ideas.
There is also need for both students and the lecturer to be open-minded, frank, inquisitive and should
leave no stone unturned as they analyze ideas and seek clarification on any issues. It has been found
that if tutorials are done correctly, students do better in assignments and examinations because their
ideas are streamlined. By introducing the six-hour tutorial, CIRSM hopes to help students come in
touch with the lecturers who mark their assignments, assess them, and guide them in preparing for
writing examinations and assignments and who run students’ general academic affairs. This helps
students to settle down in their course having been advised on how to go about their learning.
Professional networking with students is, therefore, upheld by CIRSM.
The six-hour tutorials should be so structured that the tasks for each session are
very clear. Work for each session, as much as possible, follows the structure
given below.
Session I (Two Hours)

Session I should be held at the beginning of the semester. The main aim of this session is to guide you,
the student, on how you are going to approach the course. During the session, you will be given the
overview of the course, how to tackle the assignments, how to organize the logistics of the course and
formation of study groups that you will belong to. It is also during this session that you will be advised
on how to use your learning materials effectively.
Session II (Two Hours)

This session comes in the middle of the semester to respondto the challenges, queries, experiences,
Page 5 of 109 CIRSM
RSM 306
uncertainties, and ideas that students are facing as they go through the course. In thissession, difficult areas
in the module are explained through thecombined effort of the students and the lecturer. It should also give
direction and feedback where students have not done well in thefirst assignments as well as reinforce
those areas where performance in the first assignments is good.
Session III (Two Hours)

The final session, Session III, comes towards the end of the semester. In this session, students polish
up any areas that they still need clarification on. The lecturer gives students feedback on the
assignments so that they can use the experiences for preparation for the end of semester examination.
Note that in all the three sessions, students identify the areas that their lecturer should
give help. They also take a very important part in finding answers to the problems posed.
As students, you are the most important part of the solutions to your learning challenges.
Conclusion
In conclusion, we should be very clear that six hours is too little for lectures and this does not limit, in
view of the provision of fully self-contained learning materials in the package, to look for
supplementary sources to augment this module. We, therefore, urge students not only to attend the six-
hour tutorials for this course, but also to prepare oneself to contribute in the best way possible so as to
maximize beneficiation.
BEST WISHES IN YOUR STUDIES.

CIRSM
Page 6 of 109 CIRSM

RSM 306
FUNDAMENTAL CONCEPTS
Definition of fraud
Any person who makes a misrepresentation;
(a) Intending to deceive another person or realizing that there is a real risk or possibility
of deceiving another person; and
(b) Intending to cause another person to act upon the misrepresentation to his or her
prejudice, or realizing
that there is a real risk or possibility that another person may act upon the misrepresentation to
his or her prejudice; shall be guilty of fraud if the misrepresentation causes actual prejudice to
another person or is potentially prejudicial to another person. [Criminal law (Codification and
Reform) Act Chapter 9:23 Section 136]
Or
Fraud consist of unlawfully and intentionally making a misrepresentation which causes potential
and actual prejudice to another.
Characteristics of a Fraudsters
A Fraud report of 2013-14 added that 53% of fraudsters are in the C-Suite meaning its people like
the CEO, the CFO, the COO, the CIO and divisional operational leaders. This is so because these
people control service delivery and income generation.
 Most fraudsters act alone and do not talk to anyone about their intention to commit the
offence of fraud
 More than half of the fraudsters attended or graduated from college or university
Losses tend to increase when the fraudster has a postgraduate qualification
 The largest percentage of fraudsters consist of males between the age to 31 and 45 years. At
manager and senior executive level, men are 25 % more likely to commit fraud than females.
At owner and top executive level, men are 40% more likely to commit fraud than females.
 Employees who commit fraud have typically been with the organisation for more than five
years. The longer the employees stays in the company, the higher the value of the fraud is
likely to be.
Page 7 of 109 CIRSM

RSM 306
 They either verbally instruct, or sweet-talk employees to process irregular transactions and
to turn a blind eye to irregular activities.
 They act in their own personal interests, regardless of what is in the best interest of the
organisation. These people tend to be high fliers and amongst the best performers and have
a high opinion of their own importance and superiority.
 They are totally opposed to policies and procedures and contend that corporate governance
and the promotion of integrity are a waste of time and resources. They manipulate internal
controls via regular management override and apply creative techniques to hide this or
ensure that, once discovered, they can pass the buck to more junior managers and staff.
 They argue that one should rely almost entirely on the personal integrity of people and that
income generation, profits and service delivery are paramount and must be delivered “at any
cost”
 They condone related-party transactions, argue in favor of conflicts of interest and the
acceptance and offering of gifts and other business courtesies, and support private work and
personal business interests.
 They are habitual liars and are able to explain away blatantly irregular transactions to the
board, fellow executives, auditors and other oversight bodies. In the face of nonperformance,
they are defensive, presenting deceitful, complicated and false explanations, regardless of
the negative impact of this non-performance on the sustainability of the organisation.
 They never acknowledge their shortcomings or wrong doings due to their lack of humility and
are able to manage the stress of carrying out their deceitful activities and hiding it.
 They never praise the progress and good performance of executive-level peers and other
managers. Instead they jealously oppose and try to sabotage the progressive actions of
colleagues, regardless of the detrimental effects of their behavior.
 Internal vs external fraud

Internal fraud includes employees undertaking any of the following actions:
• Theft of cash or stock.
• Theft from other employees.
• Not charging friends, family or accomplices.
• Allowing accomplices to use bad credit.
• Supplying receipts for refunds.
• Allowing friends to steal, or • Participating in delivery scams.
Sometimes employees will rationalize the fraud by:

• Trivialising the offence. They can afford it”, “No harm done”, “Everyone does it”.
• Claiming unfair treatment as a justification. – Missing out on promotion.
– Feeling remuneration is inadequate.
– Unfair treatment compared to colleagues.
Page 8 of 109 CIRSM

RSM 306
– Disciplinary action.
– Resentment at lack of appreciation.
The risk of internal fraud includes:

• Stolen, embezzled or ‘discounted’ stock.
• Loss of cash or securities.
• Loss of company funds or critical information, and/or
• Loss or damaged business reputation and custom.
You may be at risk of internal fraud by employees who:

• Work long hours.
• Return to work after hours.
• Are unusually or overly inquisitive about the company’s payment system.
• Resist taking annual or sick leave.
• Avoid having others assist or relieve them.
• Resign or leave suddenly.
• Have a large number of voids.
• Have a low number of transactions.
How to reduce the risk of internal fraud
Step 1: Develop clear policies that cover: Step 2: Have clear transaction procedures,
• Serving or processing transactions for including:
family and friends. • A pre-determined ‘float’.
• Personal purchases/transactions. • Petty cash limits.
• Personal use of equipment such as • Daily banking – by two people if
telephones, lap-top computers, video cameras possible.
etc. • Dual signatures on cheques.
. Authorised delegations • Provision of receipts and
acknowledgment of transactions.
• Limited access to safe by staff.
• Keeping registers closed unless in use,
and • Segregating purchasing, receipting and
paying.
Page 9 of 109 CIRSM

RSM 306
Step 3: Provide strong, consistent supervision Step 4: Regularly review and monitor your
of staff : register of assets and your transactions:
• Have supervisors monitor delegations. • Record all transactions.
• Supervise employee • Conduct regular stock takes.
compliance with procedures. • Keep a register of your tools,
• Regularly review cash shortages and equipment and assets.
report instances where an explanation is • Wherever possible, engrave your
unsatisfactory. business property with an identifying number
• Have supervisors check receipts and (such as your ABN).
documentation.
• Challenge suspicious transactions.
Step 5: Establish strong audit procedures: Step 6: Maintain security of information:

• Reconcile bank deposits with register • Limit access to confidential
totals regularly. information.
• Acquit all claims and allowances to • Enforce the use of employee ID.
avoid duplicate or multiple payments. • Regularly change passwords for
• Audit IT systems regularly. computers, alarms etc.
• Conduct regular and random audits of • Review and investigate security
all processes. violations. • Cancel access promptly when
• Randomly check wages and people transfer or leave.
allowances for overpayments.
Step 7: Establish strong human resource

management procedures:
• Undertake pre-employment screening.
• Implement equitable remuneration
system.
• Provide job descriptions that
segregate duties.
• Provide adequate training and
education. • Communicate policies,
expectation of compliance, audit regime and
consequences of non-compliance.
How to reduce the

Fraud by customers
External fraud by customers
Please refer to section on credit card and cheque fraud.

External Fraud –
Page 10 of 109 CIRSM
RSM 306
External fraud by suppliers includes:

• Short or inferior supply of goods.
• Payment for services and goods not supplied.
• Kickbacks for biased selection of suppliers.
• Payments to bogus vendors for false claims.
• Cheques written for cash only or not property authorised.
• Purchase of goods for private use.
Fraud by suppliers can be prevented by:
• Ensuring staff are appropriately trained in accounts payable and stores functions.
• Ensure that supervision occurs over processing receipts and payments for expenditure.
• Ensure that purchasing, receipting and payment functions are segregated so that no single
person performs all three duties.
• Ensuring there are guidelines for relationships between your business members and suppliers
to avoid bias and inducements from suppliers (gifts).
• Ensuring audits are conducted on all areas of purchasing including petty cash, non-receipted
items and all invoices.
 Offender profiles
Offender profiling, also known as criminal profiling, is an investigative tool used by law
enforcement agencies to identify likely suspects (descriptive offender profiling) and analyze
patterns that may predict future offenses and victims (predictive offender profiling).[1] Offender
profiling dates back to 1888 and the spree of Jack the Ripper, and the profiling theory describes
how profiling will ideally work. It is a tool that is believed to have been originally adapted and
utilized by the FBI. Current applications include predictive profiling, sexual assault offender
profiling, and case linkage (using profiling to identify common factors in offenses and to help with
suspect identification. Profiling is criticised as "racial stereotyping" or political targeting, where
political and ethnic differences have bearing.
Goals of criminal profiling include providing law enforcement with a social and psychological
assessment of the offender; providing a "psychological evaluation of belongings found in the
possession of the offender” and offering suggestions and strategies for the interviewing process.
Ainsworth (2001) identified four main approaches to offender profiling: geographical,
investigative psychology, typological, and clinical profiling.
Five steps in profiling include analyzing the criminal act and comparing it to similar crimes in the
past, an in-depth analysis of the actual crime scene, considering the victim's background and
activities for possible motives and connections, considering other possible motives, and
developing a description of the possible offender that can be compared with previous cases

RSM 306
The Human Element of Fraud
This chapter looks at one critical set of data in defining who commits fraud. There is some
disparity in the findings of several research studies on how much of total fraud is committed by
insiders compared with external perpetrators. The chapter describes various element of fraud
along with the category and their consequences. External fraudsters are a varied and
demographically diverse group, which makes it difficult for fraud fighters to profile these
criminals. The best approach to detecting and preventing external fraud against financial
institutions is to understand the red flags of these crimes. Internal fraudsters do have common
behavioral and personality traits, which helps to detect suspicious activity before it is too late. Up
to 80 percent of employees are either totally honest or honest to the point that they will not steal
except in situations in which the opportunity to do so presents itself. And even then, these “fence
sitters” may err on the side of honesty. The remaining 20 percent of your organization's
employees are fundamentally dishonest and will go out of their way to commit fraud. Internal
fraud can be divided into two categories: employee level and management at which fraud is
committed and the amount of financial loss resulting from frauds at each level. Thus, while
management-level frauds are committed less frequently than employee-level frauds, the
financial loss resulting from the former is almost always significantly greater than the amount
lost from the latter. The Fraud Triangle (Pressure, Opportunity, and Rationalization) helps fraud
fighters identify and stop potential fraudsters from carrying out crimes that could result in
financial losses to the organization.
 Studies
Past research has shown that anyone can commit fraud.1 Fraud perpetrators usually cannot be
distinguished from other people by demographic or psychological characteristics. Most fraud
perpetrators have profiles that look like those of other honest people. Several years ago, the
author was involved in a study of the characteristics of fraud perpetrators. In this study, fraud
perpetrators were compared with prisoners incarcerated for property offenses and a noncriminal
sample of college students. The personal backgrounds and psychological profiles of the three
groups were compared, and the results indicated that incarcerated fraud perpetrators are very
different from other incarcerated prisoners. When compared to other criminals, they are less
likely to be caught, turned in, arrested, convicted, and incarcerated. They are also less likely to

RSM 306
serve long sentences. In addition, fraud perpetrators are considerably older. Although only 2
percent of the property offenders are female, 30 percent of fraud perpetrators are women. Fraud
perpetrators are better educated, more religious, less likely to have criminal records, less likely
to have abused alcohol, and considerably less likely to have used drugs. They are also in better
psychological health. They enjoy more optimism, self-esteem, self-sufficiency, achievement,
motivation, and family harmony than other property offenders. Fraud perpetrators also
demonstrate more social conformity, self-control, kindness, and empathy than other property
offenders.
When fraud perpetrators were compared with college students, they differed only slightly. Fraud
perpetrators suffer more psychic pain and are more dishonest, more independent, more sexually
mature, more socially deviant, and more empathetic than college students. However, fraud
perpetrators are much more similar to college students than they are to property offenders. It is
important to understand the characteristics of fraud perpetrators because they appear to be
much like people who have traits that organizations look for in hiring employees, seeking out
customers and clients, and selecting vendors. This knowledge helps us to understand two things
(1) most employees, customers, vendors, and business associates and partners fit the profile of
fraud perpetrators and are probably capable of committing fraud and (2) it is impossible to
predict in advance which employees, vendors, clients, and customers will become dishonest. In
fact, when fraud does occur, the most common reaction by those around the fraud is denial.
Victims can’t believe that individuals who look and behave much like them and who are usually
well trusted can behave dishonestly.
 Why good people become fraudsters
Although there are thousands of ways to perpetrate fraud, Dennis Greer’s fraud in the chapter
opening vignette illustrates three key elements common to all of them. His fraud includes (1) a
perceived pressure, (2) a perceived opportunity, and (3) some way to rationalize the fraud as
acceptable. These three elements make up what we call the fraud triangle.
After moving into an apartment, Greer could not pay the second month’s rent. Faced with having
to choose between dishonesty or living in his car, he chose to be dishonest. Every fraud
perpetrator faces some kind of perceived pressure. Most pressures involve a financial need,
although nonfinancial pressures (such as the need to report results better than actual
performance, frustration with work, or even a challenge to beat the system) can also motivate
fraud. In Greer’s case, he had a real pressure, not a perceived one. We may look at fraud
perpetrators and say “they didn’t have a real pressure.” But it doesn’t matter what we think—it
is only what is in the fraud perpetrator’s mind that matters.
Greer found a way to commit fraud by repeatedly writing bad checks to give the impression that
he was depositing real money in his accounts. He didn’t need access to cash, to use force, or even
to confront his victims physically. Rather, he simply wrote checks to himself in the privacy of his
own apartment and deposited them in two different banks. His weapons of crime were a pen and
checks from the financial institutions. Whether or not Greer could actually get away with the

RSM 306
crime didn’t matter. What mattered was that Greer believed he could conceal the fraud—in other
words, he had a perceived opportunity.
Fraud perpetrators need a way to rationalize their actions as acceptable. Greer’s rationalizations
are twofold (1) he didn’t believe what he was doing was illegal, although he recognized it might
be unethical and (2) he believed he would get an inheritance and be able to pay the money back.
In his mind, he was only borrowing, and, although his method of borrowing was perhaps
unethical, he would repay the debt. After all, almost everyone borrows money. Perceived
pressure, perceived opportunity, and rationalization are common to every fraud. Whether the
fraud is one that benefits the perpetrators directly, such as employee fraud, or one that benefits
the perpetrator’s organization, such as management fraud, the three elements are always
present. In the case of management fraud, for example, the pressure may be the need to make
earnings look better to meet debt covenants, the opportunities may be a weak audit committee
or weak internal controls, and the rationalization may be that “we’ll only cook the books until we
can get over this temporary hump.”
Fraud resembles fire in many ways. For a fire to occur, three elements are necessary (1) oxygen,
(2) fuel, and (3) heat. These three elements make up the “fire triangle,” as shown below. When
all three elements come together, there is fire. Firefighters know that a fire can be extinguished
by eliminating any one of the three elements. Oxygen is often eliminated by smothering, by using
chemicals, or by causing explosions, as is the case in oil well fires. Heat is most commonly
eliminated by pouring water on fires. Fuel is removed by building fire lines or fire breaks or by
shutting off the source of the fuel. Lets have a look at the fire triangle below.
As with the elements in the fire triangle, the three elements in the fraud triangle are also
interactive (Figure 2.3). With fire, the more flammable the fuel, the less oxygen and heat it takes

RSM 306
to ignite. Similarly, the purer the oxygen, the less flammable the fuel needs to be to ignite. With
fraud, the greater the perceived opportunity or the more intense the pressure, the less
rationalization it takes to motivate someone to commit fraud. Likewise, the more dishonest a
perpetrator is, the less opportunity and/or pressure it takes to motivate fraud. The scale shown
illustrates the relationship between the three elements.
As we show in later chapters, people who try to prevent fraud usually work on only one of the
three elements of the fraud triangle—opportunity. Because fraud-fighters generally believe that
opportunities can be eliminated by having good internal controls, they focus all or most of their
preventive efforts on implementing controls and ensuring adherence to them. Rarely do they
focus on the pressures motivating fraud or on the rationalizations of perpetrators.

RSM 306
It is interesting to note that almost every study of honesty reveals that levels of honesty are
decreasing. Given the interactive nature of the elements in the fraud triangle, society’s retreat
from this value presents a scary future for companies combatting fraud. Less honesty makes it
easier to rationalize, thus requiring less perceived opportunity and/or pressure for fraud to occur.
Rationalizations and varying levels of honesty, as well as fraud opportunities, are discussed later
in this chapter. We now turn our attention to the pressures that motivate individuals to commit
fraud.
THE FIRST ELEMENT: PRESSURE
Fraud is perpetrated to benefit oneself or to benefit an organization, or both. Employee fraud, in

which individuals embezzle from their employers, usually benefits the perpetrator. Management
fraud, in which an organization’s officers deceive investors and creditors (usually by manipulating
financial statements), is most often perpetrated to benefit an organization and its officers. In this
section we will discuss the different pressures that motivate individuals to perpetrate fraud on
their own behalf. Most experts on fraud believe these pressures can be divided into four types
(1) financial pressures, (2) vices, (3) work-related pressures, and (4) other pressures.
Financial Pressures
Studies conducted by the author show that approximately 95 percent of all frauds involve either
financial or vice-related pressures. What were Greer’s financial pressures? He was living in his
car, he didn’t have furniture or other necessities, and he was broke. Here are the six most
common financial pressures associated with fraud that benefits perpetrators directly:
1. Greed.
2. Living beyond one’s means.

RSM 306
3. High bills or personal debt.

4. Poor credit.
5. Personal financial losses.
6. Unexpected financial needs.
This list is not exhaustive, and these pressures are not mutually exclusive. However, each pressure
in this list has been associated with numerous frauds. We know of individuals who committed
fraud because they were destitute. We know of perpetrators who were living lifestyles far beyond
that of their peers. When one perpetrator was caught embezzling over $1.3 million from his
employer, investigators discovered that he spent the money on monogrammed shirts and gold
cuff links, two Mercedes Benz cars, an expensive suburban home, a beachfront condominium,
furs, rings, and other jewelry for his wife, a new car for his father-in-law, and a country club
membership. Most people would say he didn’t have real financial pressures. But to him, the
pressures from his desire to acquire these luxuries were enough to motivate him to commit fraud.
Financial pressures can occur suddenly or can be long-term. Unfortunately, very few fraud
perpetrators inform others when they are having financial problems. As an example, consider
Susan Jones. Susan had worked at the same company for over 32 years. Her integrity had never
been questioned. At age 63, she became a grandmother—and immediately thereafter, a
spendaholic. She bought everything she could get her hands on for her two grandchildren. She
even became addicted to the Home Shopping Network, a cable TV channel. During the three
years prior to her retirement, Susan stole over $650,000 from her employer. When caught, she
was sentenced and served one year in prison. She also deeded everything she and her husband
owned to her former employer in an attempt to pay the employer back. By giving her employer
her home, her retirement account, and her cars, she repaid approximately $400,000 of the
$650,000 she stole. She also entered into a restitution agreement to pay back the remaining
$250,000 she still owed. And, because she hadn’t paid income taxes on the $250,000 of
fraudulent “income,” the IRS required her to make monthly tax payments after she got out of
prison. In the Adelphia case, it was the personal financial problems of John Regas (personal debt
of $66 million), including the need to meet margin calls and fund poorly performing closely-held
companies, that led to his alleged frauds.
The fact that someone has been an “honest” employee for a long time (32 years in Susan’s
example) appears to make no difference when severe financial pressures occur or an individual
perceives that such pressures exist. One study found that whereas approximately 30 percent of
frauds are perpetrated by employees during their first three years of employment, 70 percent
are committed by employees with 4-35 years of experience. The age group with the highest rate
of fraud is between the ages of 35 and 44.5
Financial pressure is the most common pressure that drives people to commit fraud. Usually
when management fraud occurs, companies overstate assets on the balance sheet and revenues
and income on the income statement. They usually feel pressured to do so because of a poor

RSM 306
cash position, receivables that aren’t collectible, a loss of customers, obsolete inventory, a
declining market, or restrictive loan covenants that the company is violating. Regina Vacuum’s
management committed massive financial statement fraud. The main pressure that drove them
to fraud was that their vacuum cleaners were defective—parts melted—and thousands were
being returned. The large number of returns reduced revenues significantly and created such
income pressures that management intentionally understated sales returns and overstated sales.
Closely related to financial pressures are “vices”—addictions such as gambling, drugs, and
alcohol—and expensive extramarital relationships. As an example of how these vice problems
motivate a person to commit fraud, consider one individual’s confession of how gambling led to
his dishonest acts:
As I sat on the stool in front of the blackjack table I knew I was in trouble. I had just gambled away
my children’s college fund. I stumbled to my hotel room, hoping to wake up and realize this
evening was nothing more than a nightmare. While driving back to San Jose from Reno Sunday
morning, I could not face the embarrassment of telling my wife. I had to come up with the money.
I was sure that if I had only $500, I could win the money back. But how could I get $500?
A short time later at work, an accounts payable clerk came to my office seeking assistance with a
problem. The clerk was matching invoices with purchase orders. He had found an invoice for
$3,200 that did not match the purchase order. Immediately, I realized how I could get the $500
“loan.” My company was a fast-growing microchip producer whose internal controls were quite
good on paper but were often not followed. The company had a policy of paying, without
secondary approval, any invoice of $500 or less. I decided to set up a dummy company that would
issue invoices to my employer for amounts up to $500. I was confident my winnings from these
“borrowings” would not only allow me to replace the college fund, but would also allow
repayment of the “loan.” I couldn’t believe how easy it was to “borrow” the money. The first check
showed up in a P.O. box I had opened a few days earlier. I called my wife with the bad news.
Together with the controller, I would have to fly to Los Angeles over the weekend to meet with
lawyers over a company matter. Within minutes, I was on my way to Reno. Upon arrival, I went
straight to the craps tables. By 4:00 A.M., I was not only out of money but was in the hole over
$600. I was concerned about the losses, but not as worried as before. I would just submit more
fictitious bills to the company. Over the next few months, my fraud progressed to the point where
I had set up two more dummy companies and insisted that accounts payable clerks not verify any
invoice of less than $750. No one questioned my changing the policy because I had worked for the
company for over 14 years and was a “trusted” employee. After one year, I had replaced the
college fund and purchased a new automobile; I had stolen over $75,000. I was caught when the
internal auditors matched addresses of vendors and found that my three dummy vendors all had
the same P.O. Box. Vices are the worst kind of pressure—out-of-control lifestyles are frequently
cited as the trigger that drives previously honest people to commit fraud. We know of female
employees who embezzled because their children were on drugs and they couldn’t stand to see
them go through withdrawal pains. We also know of “successful” managers who, in addition to

RSM 306
embezzling from their companies, burglarized homes and engaged in other types of theft to
support their drug habits. To understand the addictive nature of these vices, consider the following
confessions from reformed gamblers:
• “Gambling was the ultimate experience for me—better than sex, better than any drug. I had
withdrawal tortures just like a heroin junkie.”
• “I degraded myself in every way possible. I embezzled from my own company; I conned my
sixyear-old out of his allowance.”
• “Once I was hooked, any wager would do. I would take odds on how many cars would pass
over a bridge in the space of 10 minutes.”
• “I stole vacation money from the family sugar jar. I spent every waking hour thinking about
getting to the track.”
• “After I woke up from an appendectomy, I sneaked out of the hospital, cashed a bogus check,
and headed for my bookie. I was still bleeding from the operation.”
• “I’ll never forget coming home from work at night, looking through the window at my family
waiting for me, and then leaving to place a couple more bets. I was crying the whole time, but I
had simply lost all control. If someone will steal from his six-year-old child or sneak out of a
hospital still bleeding from an operation to feed his addiction, he will certainly steal from his
employer or commit other types of fraud. The number of embezzlers who trace their motivation
for embezzlement to alcohol, gambling, and expensive extramarital relationships is high.
However, the number who steal for drugs may even be higher. Consider these confessions of
former addicted drug users:
• “I began living with a man who was a heavy drug user. We had a child, but the relationship
didn’t last. By the time it ended, I was high on drugs and alcohol so much of the time I could barely
manage to make it to work every day.”
• “I was the branch manager of a large bank. But secretly I was shooting up in my office all day
and stealing money from my employer to finance it.”
• “One day my daughter stretched out her little arms in front of me. She had made dots with a
red pen on each of the creases in her arms. ‘I want to be just like my
Daddy,’ she said proudly.”
• “My wife and I literally whooped for joy at the sight of our newborn son. A seven pound baby
with big eyes and rosy cheeks—normal and healthy looking. But we both knew the moment we
had been dreading was now just hours away. The baby would be going through withdrawal. We
didn’t want him to suffer because of our awful habit. And we had to keep the doctors from finding
out he had drugs in his system, or he would be taken from us and placed in foster care. We felt

RSM 306
we had no choice. When the nurses left the room, I cradled our baby in my arms and slipped a thin
piece of heroin under his tongue.”
• “I lost my job. I was robbing and stealing every day to support my habit, which cost $500 per
day.” Someone who will slip a piece of heroin under a newborn baby’s tongue or burglarize homes
to support her habit will surely look for ways to embezzle from employers or commit other types
of fraud.
Work-Related Pressures
Whereas financial pressures and vices motivate most frauds, some people commit fraud to get
even with their employer. Factors such as not enough recognition for job performance,
dissatisfaction with the job, fear of losing one’s job, being overlooked for a promotion, and feeling
underpaid motivate many frauds. Here is an example:
I began my career at the XYZ Company as a staff accountant. I am a religious person. In fact, I
spent a year volunteering with a nonprofit agency that provided relief to people in need of food
and shelter. Because of this experience and because of my six years with the company, I was
considered a person of impeccable character and a very trusted employee. The president of XYZ is
a workaholic and considers an eight-hour day to be something a part-time employee works. As a
result, I spent six years working in my finance position, putting in between 12 and 14 hours per
day. During this period, I was paid a salary, with no overtime compensation. Early in my career,
the extra hours didn’t bother me;
I considered them an investment in my future. Soon, I was named manager of the purchasing
department. After two years in that position, I realized that the 12- to 14-hour days were still an
expected way of life at the company. I was becoming bitter about the expectation of overtimes
and felt that the company “owed me” for the time I had worked for “nothing.” I decided to get my
“pay” from the company. Working with a favored vendor, I accepted kickbacks to allow over $1.5
million in overcharges to the company. I figured the $80,000 I received in kickbacks was
compensation that I deserved.
Other Pressures
Once in a while, fraud is motivated by other pressures, such as a spouse who insists on an
improved lifestyle or a desire to beat the system. One perpetrator, for example, embezzled over
$450,000 so that her husband could drive a new car, enjoy a higher lifestyle, and eat steak instead
of hamburger. One famous computer consultant who is now retained by major companies to help
them deter and detect computer fraud once felt personally challenged to “commit the perfect
crime.” After purchasing and taking delivery of over $1.5million in inventory that was paid for by
accessing a large company’s computer records, he was caught when one of his inventory
managers figured out what was going on.

RSM 306
All of us face pressures in our lives. We have legitimate financial needs, we make foolish or
speculative investments, we are possessed by addictive vices, we feel overworked and/or
underpaid, or we simply want more than we have. We sometimes have a difficult time
distinguishing between wants and needs. Indeed, the objective of most people in capitalistic
societies is to obtain wealth. We often measure success by how much money or wealth a person
has. If you say you have a very successful relative, you probably mean that he or she lives in a big
house, has a cabin or a condominium, drives expensive automobiles, and has money to do
whatever he wants. But most of us don’t put our success ahead of our honesty and integrity.
To some people, however, being successful is more important than being honest. If they were to
rank the personal characteristics they value most in their lives, success would rank higher than
integrity. Psychologists tell us that most people have a price at which they will be dishonest.
Individuals with high integrity and low opportunity need high pressure to be dishonest. Most of
us can think of scenarios in which we, too, might commit fraud. If for example, we were starving,
and we worked in an environment where cash was abundant and not accounted for, and we really
believed that we would repay the money taken to feed ourselves, we might commit fraud. The
U.S. president most famous for his honesty, Abraham Lincoln, once threw a man out of his office,
angrily turning down a substantial bribe. When someone asked why he was so angry, he said,
“Every man has his price, and he was getting close to mine.”7 One thing is for certain—eliminating
pressures in the fraud triangle has an effect similar to removing heat from the fire triangle.
Without some kind of pressure, fraud rarely occurs.
THE SECOND ELEMENT: OPPORTUNITY
A perceived opportunity to commit fraud, to conceal it, or to avoid being punished is the second
element in the fraud triangle. In this section we discuss opportunity. First, we examine controls
that increase opportunities for individuals to commit fraud in organizations. Then, we provide a
number of scenarios to illustrate non-control issues that should be considered when deciding
whether a fraud opportunity is present. At least six major factors increase opportunities for
individuals to commit fraud in organizations. The following list is not exhaustive, but it does show
system weaknesses that create opportunity.
1. Lack of or circumvention of controls that prevent and/or detect fraudulent behavior.
2. Inability to judge quality of performance.
3. Failure to discipline fraud perpetrators.
4. Lack of access to information.
5. Ignorance, apathy, and incapacity.
6. Lack of an audit trail.
Control Factors: Controls That Prevent and Detect Fraud

RSM 306
Having an effective control structure is probably the single most important step organizations can
take to prevent and detect employee fraud. There are three components in a company’s control
structure (1) the control environment, (2) the accounting system, and (3) control procedures or
activities. The accounting profession and the Committee of Sponsoring Organizations (COSO)
have defined these components; here we discuss only those components that are most effective
in deterring fraud.
The Control Environment
The control environment is the work atmosphere that an organization establishes for its
employees. The most important element in an appropriate control environment is management’s
role and example. There are numerous instances in which management’s dishonest or
inappropriate behavior was learned and then modeled by employees. In the famous Equity
Funding case, management wrote insurance policies on individuals who didn’t exist and sold
them to other insurance companies. Seeing this dishonest behavior, one employee said to
himself, “It doesn’t make sense to have all these fictitious people live forever. I’ll knock a few of
them off and collect death proceeds. My actions won’t be any different from those of the
management of this company.” In another case, employees realized top management was
overstating revenues. In response, the employees began overstating expenses on their travel
reimbursement forms, billing for hours not worked and perpetrating other types of fraud. Proper
modeling (being an example) and proper labeling (communication) are some of the most
important elements in effective control environments. When management models unacceptable
behavior, the control environment is contaminated. Similarly, if management models a behavior
that is inconsistent with good control procedures, the effectiveness of the control system is
eroded. When a manager says, “Don’t loan keys or share passwords with others,” and then shares
her password or keys, she sends mixed signals and her inappropriate behavior may eventually be
copied by other employees. In other words, “actions speak louder than words.” Management’s
example is the most critical element of the control environment when it comes to preventing
fraud. Inappropriate behavior by management encourages others to justify overriding and
ignoring control procedures.
The second critical element in the control environment is management’s communication.
Communicating what is and is not appropriate is crucial. Just as parents who are trying to teach
their children to be honest must communicate often and openly with them, so must organizations
clearly label what is and is not acceptable. Codes of conduct, orientation meetings, training,
supervisor/employee discussions, and other types of communication that distinguish between
acceptable and unacceptable behavior should be routine activities.
To be an effective deterrent to fraud, communication must be consistent. Messages that change
based on circumstances and situations serve not only to confuse employees but also to
encourage rationalizations. One reason so many frauds occur in “crash” projects is that the
regular control procedures are not followed. Inconsistent messages relating to procedures and

RSM 306
controls abound. Strikes, mergers, bankruptcies, and other dramatic events often result in
inconsistent communication and increase fraud.
The third critical element in creating the proper control structure is appropriate hiring. Research
shows that nearly 30 percent of all people in the United States are dishonest, another 30 percent
are situationally honest (honest where it pays to be honest and dishonest where it pays to be
dishonest), and 40 percent are honest all the time. Although most organizations are convinced
that their employees, customers, and vendors are among the 40 percent who are honest, this
usually isn’t the case. When dishonest individuals are hired, even the best controls will not
prevent fraud. For example, a bank has tellers, managers, loan officers, and others who have daily
access to cash and can steal. Because it is impossible to deter all bank fraud, banks hope that
personal integrity, together with preventive and detective controls and the fear of punishment,
will deter theft.
As an example of the consequences of poor hiring, consider the case of a famous country singer
who was raped a few years ago. The singer checked into a well-known hotel. A few hours after
her arrival, there was a knock on her door, accompanied by the words “Room Service.” She hadn’t
ordered anything but thought that maybe, because she was famous, the hotel was bringing her a
basket of fruit or some complimentary wine. When she opened the door, a hotel custodian burst
into her room and raped her. She later sued the hotel for $2.5 million and won. The basis of her
lawsuit was that locks on the door were inadequate, and the hotel had inadequate hiring
procedures because the custodian had previous arrest records and had been fired from previous
jobs because of rape.
If an organization does not screen job applicants carefully and hires dishonest individuals, it will
be victimized by fraud, regardless of how good its controls are. To understand how sound hiring
practices help prevent fraud and other problems, consider a company that decided to take extra
precautions in its hiring practices. They first trained all persons associated with hiring decisions to
be expert interviewers and secondly required them to thoroughly check three background
references for each prospective employee. Because of these extra precautions, over 800
applicants (13 percent of the applicant pool) who would have been hired were disqualified. These
applicants had undisclosed problems, such as falsified employment information, previous arrest
records, uncontrollable tempers, alcoholism, drug addiction, and a pattern of being fired from
previous jobs. The effects of poor hiring practices are illustrated in the following excerpt from an
article in Business Week Online:
Summary of the Controls That Prevent or Detect Fraud
The control environment, the accounting system, and the many variations of the five control
procedures work together to eliminate or reduce the opportunity for employees and others to
commit fraud. A good control environment establishes an atmosphere in which proper behavior
is modeled and labeled, honest employees are hired, and all employees understand their job
responsibilities. The accounting system provides records that make it difficult for perpetrators to

RSM 306
gain access to assets, to conceal frauds, and to convert stolen assets without being discovered.
Together, these three components make up the control structure of an organization.) The table
below summarizes these components and their elements.
Unfortunately, many frauds are perpetrated in environments in which controls that are supposed
to be in place are not being followed. Indeed, it is the overriding and ignoring of existing controls,
not the lack of controls, which allow most frauds to be perpetrated.
THE THIRD ELEMENT: RATIONALIZATION
So far, we have discussed the first two elements of the fraud triangle (1) perceived pressure and
(2) perceived opportunity. The third element is rationalization. To see how rationalization
contributes to fraud, let’s look at the infamous case of Jim Bakker and Richard Dortch. These men
were convicted on 23 counts of wire and mail fraud and one count of conspiracy to commit wire
and mail fraud. As a result of their conviction, the perpetrators of one of the largest and most
bizarre frauds in U.S. history were sent to jail. In his remarks to the court prior to Jim Bakker’s
sentencing, prosecutor Jerry Miller summarized this PTL (Praise-the-Lord) fraud with the
following comments:
The biggest con man to come through this courtroom, a man corrupted by power and money and
the man who would be God at PTL, is a common criminal. The only thing uncommon about him
was the method he chose and the vehicle he used to perpetrate his fraud. He was motivated by
greed, selfishness, and a lust for power. He is going to be right back at it as soon as he gets the
chance. Mr. Bakker was a con man who in the beginning loved people and used things, but he
evolved into a man, a ruthless man, who loved things and used people.
How did Jim Bakker, the beloved TV minister of the PTL network, rationalize the committing of
such a massive fraud? Here is his story:

RSM 306
PTL had a modest beginning in 1973 when it began operating out of a furniture showroom in
Charlotte, North Carolina. By October 1975, it had purchased a 25-acre estate in Charlotte, North
Carolina, and had constructed Heritage Village, a broadcast network of approximately 70
television stations in the United States, Canada, and Mexico on which the PTL ministry’s show
was aired.
PTL’s corporate charter stated that the religious purposes of the organization were (1)
establishing and maintaining a church and engaging in all types of religious activity, including
evangelism, religious instruction, and publishing and distributing Bibles, (2) engaging in other
religious publication, (3) missionary work, both domestic and foreign, and (4) establishing and
operating Bible schools and Bible training centers. Over the following 11 years, PTL built a
multimillion-dollar empire that consisted of PTL and a 2,300 acre Heritage USA tourist center
valued at $172 million. Specific activities of the organization included Heritage Church with a
weekly attendance of over 3,000; Upper Room prayer services where counselors ministered to
people; Prison Ministry, with a volunteer staff of over 4,000; Fort Hope, a missionary outreach
house for homeless men; Passion Play, a portrayal of the life of Christ in an outdoor
amphitheater; a dinner theater; a day care center; Heritage Academy; a summer day camp; the
Billy Graham Home; workshops; and a Christmas nativity scene that had been visited by over
500,000 people.
PTL also had a wide range of activities that were ultimately deemed by the IRS to be commercial.
In one such venture, PTL viewers were given an opportunity to become lifetime partners in a
hotel for $1,000 each. Bakker promised that only 25,000 lifetime partnership interests would be
sold and that partners could use the hotel free each year for four days and three nights. In the
end, however, 68,412 such partnerships were sold. Through this and similar solicitations, Jim
Bakker’s PTL had amassed gross receipts of over $600 million, much of which had been used to
support the extravagant lifestyle of Bakker and other officers of PTL. Time and time again, Bakker
misled worshippers, investors, and his faithful followers by misusing contributions, overselling
investments, evading taxes, and living an extravagant lifestyle.
How could a minister perpetrate such a large and vicious fraud in the name of religion? Most
people believe that Jim Bakker’s ministry was initially sincere, inspired by a real desire to help
others and to teach the word of God. He believed that what he was doing was for a good purpose
and rationalized that any money he received would directly or indirectly help others. He even
recognized at one time that money might be corrupting him and his empire. In 1985, he said, “I
was going to say to listeners, ‘Please stop giving.’ But, I just couldn’t say that.”What started out
as a sincere ministry was corrupted by money. Jim Bakker stated on a television program, “I have
never asked for a penny for myself.
. . God has always taken care of me.” His rationalizations increased to the point that one trial
attorney, in her closing argument, stated, “You can’t lie to people to send you money—it’s that
simple. What unfolded before you over the past month was a tale of corruption— immense
corruption. . . . What was revealed here was that Mr. Bakker was a world-class master of lies and

RSM 306
half-truths.” Jim Bakker rationalized his dishonest acts by convincing himself that the PTL network
had a good purpose and that he was helping others. In a similar way, folklore has it that Robin
Hood defended his dishonest acts by arguing that he “stole from the rich and gave to the poor.”
Nearly every fraud involves rationalization. Most perpetrators are first-time offenders who would
not commit other crimes. Rationalizing helps them hide from the dishonesty of their acts. Here
are some common rationalizations used by fraudsters:
• The organization owes it to me.
• I am only borrowing the money—I will pay it back.
• Nobody will get hurt.
• I deserve more.
• It’s for a good purpose.
• We’ll fix the books as soon as we get over this financial difficulty.
• Something has to be sacrificed—my integrity or my reputation. (If I don’t embezzle to cover my
inability to pay, people will know I can’t meet my obligations and that will be embarrassing
because I’m a professional.)
Certainly, there are countless other rationalizations. These, however, are representative and
serve as an adequate basis to discuss the role rationalization plays in fraud. It is important to
recognize that there are very few, if any, people who do not rationalize.
We rationalize being overweight. We rationalize not exercising enough. We rationalize spending
more than we should. Most of us rationalize being dishonest. Here are two
Examples:
A wife works hard, saves her money, and buys a new dress. When she puts it on for the first time,
she asks her husband, “How do you like my new dress?”
Realizing that the wife worked hard for the money and that she must really like the dress or she
wouldn’t have purchased it, the husband says, “Oh, it’s beautiful,” even though he really doesn’t
like it. Why did the husband lie? He probably rationalized in his mind that the consequence of
telling the truth was more severe than the consequence of lying. “After all, if she likes it, I’d better
like it, too,” he reasons.
Unfortunately, not wanting to hurt his wife’s feelings resulted in lying, which is dishonest. In fact,
the husband will pay for his dishonesty. His wife will continue to wear the dress because she
believes her husband likes it. What the husband could have said is, “Honey, you are a beautiful
woman and that is one reason I married you. I like most of the clothes you buy and wear, but this
dress is not my favorite.” You go to your mother-in-law’s for dinner. For dessert, she bakes a cherry
pie. Even though you don’t like pie, you lie and say, “This pie is delicious.” Why did you lie? Because

RSM 306
you rationalized that you didn’t want to hurt your mother-in-law feelings and that, in fact, it would
make her feel good if you complimented her cooking. As in the dress example, you will pay for
your dishonesty because your mother-in-law, believing you like her cherry pie, will serve it again
the next time you visit. Dishonesty could have been avoided by remaining silent or by saying,
“Mom, you are an excellent cook, and I really like most of the food you cook. However, cherry pie
is not my favorite.”
We rationalize dishonesty by our desire to make other people feel good. The same sort of
rationalization often enables fraud to be perpetrated. Sometimes it’s lying to oneself. Sometimes
it’s lying to others. For example, the following rationalization allows us to break the law: You get
in your car and start down the freeway. You see a sign that says, “65 miles per hour.” What do
you do? Most likely you will go faster than 65, justifying your speeding by using one or more of
the following rationalizations:
• Nobody drives 65. Everyone else speeds.
• My car was made to go faster. • Sixty-five miles per hour is a stupid law. Going faster is still safe.
• I must keep up with the traffic or I’ll cause an accident.
• It’s all right to get one or two speeding tickets.
• I’m late.
• The speed limit is really 72 or 73.
Is it OK to break the law and speed just because “everyone else is doing it”? What if everyone else
were committing fraud? If so, would that make it right for you to commit fraud?
Take income tax evasion. Many people underpay taxes with the following rationalizations:
• I pay more than my fair share of taxes.
• The rich don’t pay enough taxes.
• The government wastes money.
• I “work” for my money.
To understand the extent of income tax fraud, consider that, in 1988, for the first time, the IRS
required taxpayers who claimed dependents to list social security numbers for their dependents.
In 1987, 77 million dependents were claimed on federal tax returns. In 1988, the number of
dependents claimed dropped to 70 million. Fully one-tenth of the dependents claimed—7 million
dependents—”disappeared.” The IRS determined that in 1987 and probably in previous years,
over 60,000 households had claimed four or more dependents who didn’t exist, and several
million had claimed one or more who didn’t exist.
Claiming dependents who don’t exist is one of the easiest-to-catch income tax frauds.
Yet, rationalizations were strong enough to drive millions of citizens to blatantly cheat on their
tax returns. When interviewed, most fraud perpetrators say things like, “I intended to pay the
money back. I really did.” They are sincere. In their minds, they rationalize that they will repay
the money, and since they judge themselves by their intentions, and not their actions, they do
not see themselves as criminals. Their victims, on the other hand, tend to take an entirely
different view!

RSM 306
FINANCIAL CRIME
What is financial crime?
FA financial crime is any non-violent offense that is committed by or against an individual or

corporation and results in a financial loss. When a financial institution is involved, the crime is
referred to as a financial sector crime over the last 30 years has increasingly become of concern
to governments throughout the world. This concern arises from a variety of issues because the
impact of financial crime varies in different contexts. It is today widely recognised that the
prevalence of economically motivated crime in many societies is a substantial threat to the
development of economies and their stability.
It is possible to divide financial crime into two essentially different, although closely related,
types of conduct.
First, there are those activities that dishonestly generate wealth for those engaged in the conduct
in question. For example, the exploitation of insider information or the acquisition of another
person’s property by deceit will invariably be done with the intention of securing a material
benefit. Alternatively, a person may engage in deceit to secure material benefit for another.
Second, there are also financial crimes that do not involve the dishonest taking of a benefit, but
that protect a benefit that has already been obtained or to facilitate the taking of such benefit.
An example of such conduct is where someone attempts to launder criminal proceeds of another
offence in order to place the proceeds beyond the reach of the law.
If you’re considering developing your career in anti-money laundering, find out more about
joining ICA’s global community here. Becoming a member today will give you access to a wealth
of knowledge, tools, resources and practical support to help develop your career. Being a
member of ICA also demonstrates a commitment to the highest standards of practice and
conduct and enhances your professional reputation and employability.
Who commits Financial Crime?

RSM 306
There are essentially seven groups of people who commit the various types of financial crime:
• Organized criminals, including terrorist groups, are increasingly perpetrating large-scale frauds to
fund their operations.
• Corrupt heads of state may use their position and powers to loot the coffers of their (often
impoverished) countries.
• Business leaders or senior executives manipulate or misreport financial data in order to
misrepresent a company’s true financial position.
• Employees from the most senior to the most junior steal company funds and other assets.
• From outside the company, fraud can be perpetrated by a customer, supplier, contractor or by a
person with no connection to the organisation.
• Increasingly, the external fraudster is colluding with an employee to achieve bigger and better
results more easily.
• Finally, the successful individual criminal, serial or opportunist fraudsters in possession of their
proceeds are a further group of people who have committed financial crime.
TYPES OF FINANCIAL CRIMES.

The following are some of the types of financial crimes and their definitions;
Identity Theft
Identity theft involves using someone else’s personal information for financial gain. This could
involve stealing another individual’s credit card, Social Security Number (SSN) or banking
information to make unauthorized purchases. It could also involve using another person’s
identity to apply for a loan or credit card. Identity theft is considered a felony crime, and the
degree of felony usually depends on the amount of money taken and the number of offenses
committed.
Insurance Fraud
When an individual tries to make an insurance claim for an incident that never occurred, this is
considered a fraud crime. Likewise, grossly misstating the amount of damage in order to receive
more money also constitutes fraud. Insurance fraud can happen with nearly any type of policy,
including workers compensation to automobile coverage. It is also considered a felony that can
result in stiff fines along with extended prison time.
Credit Card Fraud
Credit card abuse or fraud involves using someone else’s card to make purchases without their
permission. The card does not have to be stolen in order for credit card fraud to happen.
According to the Texas Penal Code, this crime is also considered to be a felony, and it can include
a prison term of up to 10 years.
Embezzlement

RSM 306
Embezzlement charges involve people misusing or misappropriating funds that are entrusted to
them. Embezzlement normally occurs in businesses, government agencies or nonprofit
organizations. It can also occur whenever someone is named the administrator of an estate. This
crime could be charged as a misdemeanor or a felony depending upon the circumstances. It can
result in jail or prison time and fines in addition to the perpetrator being required to pay the
money back.
Tax Fraud
Tax fraud can be either a state or federal offense depending on the circumstances. Some
examples of tax fraud include failing to file a return, non-payment of taxes, failing to report
certain income or taking deductions that are not authorized. Being found guilty of tax fraud will
result in severe fines and penalties being added on to the original tax bill. The Internal Revenue
Service (IRS) can also seize property or garnish wages.
All of these crimes are very technical in nature, and they usually have a mountain of evidence
attached to them. The services of a skilled white-collar crimes attorney are needed in order to
sift through this evidence and look for discrepancies that could prove one’s innocence.
General fraud
This is deliberate deception to secure unfair or unlawful gain, or to deprive a victim of a legal
right.
COMMON FINANCIAL CRIMES.
The common financial crimes world over includes but not limited to;
• Fraud -cheque fraud, credit card fraud, mortgage fraud, medical fraud, corporate fraud,
securities fraud (including insider trading), bank fraud, insurance fraud, market
manipulation, payment (point of sale) fraud, health care fraud);
• Money Laundering
• Theft;
• Scams or confidence tricks;
• Tax evasion;
• Bribery;
• Embezzlement;
• Identity theft;
• Money laundering;
• Forgery and counterfeiting, including the production of Counterfeit money and consumer
goods.
Financial crimes may involve additional criminal acts, such as computer crime, elder abuse,
burglary, armed robbery, and even violent crime such as robbery or murder. Financial crimes may

RSM 306
be carried out by individuals, corporations, or by organized crime groups. Victims may include
individuals, corporations, governments, and entire economies.
FRAUD ANALYSIS
What is fraud analysis?

A fraud analyst is someone who investigates forgery and theft within customers’ accounts and
transactions on behalf of a bank or a financial institution. They track and monitor the bank’s
transactions and activity that comes through the customers’ accounts. It is their job to identify
and trace any suspicious or high-risk transactions, determine if there is improper activity
involved, and determine if there is any risk to the bank or its customers.
What does a Fraud Analyst do?
A fraud analyst is responsible for observing various customer transactions to flag or identify
suspicious activity. Most accounts and customers have banking patterns that typically do not
change over the long term. Any transactions or series of transactions that do not fit the expected
activity generate a 'red flag', and will be looked at by a fraud analyst.
If any suspicious transactions are found, the fraud analyst will flag the account and keep it
suspended until it can be checked and verified. Transactions can be looked at for any number of
reasons: transaction type, transaction amount, unusual transfers to unlikely partners, places
where transactions originate, or a flurry of activity beyond the accepted norm for the account.
For any suspicious transactions, the fraud analyst (typically an officer of the bank) will try to
obtain information that can support the origin of the transaction. For fraudulent items, this
information can bear out who perpetrated the fraudulent item and is responsible for the criminal
activity in question. The analyst will contact the bank branch, the account holder, and any other
intermediate parties that may have come in contact with or handled the questionable item. They
are responsible for keeping any collected information confidential while working to catch the
criminal(s) who may have committed the felony.
The fraud analyst must also keep models for analyzing fraud within the bank’s regions. This can
help determine patterns of fraud over certain areas, and break down larger criminal rings
responsible for fraud activity. This can also help to identify certain holes in security that can be
targeted over time, so that the bank can identify system improvements that can be made to
eliminate the risk of fraud or reduce the ways in which it can occur. The analyst may even have a
say in software tools that can work towards detecting fraud and preventing it from occurring, or
reporting security threats and suspicious activity quickly.

RSM 306
Fraud analysis is therefore examination of the business functions of the organization so as to

ascertain the probable regions of fraud. He also studies the research findings and looks for the
right answers that will help to evade the fraudulent issues from the organization.
5 ANALYSIS METHODS TO USE
• Data mining to classify, cluster, and segment the data and automatically find associations
and rules in the data that may signify interesting patterns, including those related to
fraud.
• Expert systems to encode expertise for detecting fraud in the form of rules.
• Pattern recognition to detect approximate classes, clusters, or patterns of suspicious
behavior either automatically (unsupervised) or to match given inputs.
• Machine learning techniques to automatically identify characteristics of fraud.
• Neural networks that can learn suspicious patterns from samples and used later to detect
them.
DATA ANALYSIS TECHNIQUES AND TIPS FOR DETECTING AND PREVENTING FRAUD
1. Build a profile of potential frauds.
Take a top-down approach to your risk assessment, listing the areas in which fraud is likely to
occur in your business and the types of fraud that are possible in those areas. Then qualify the
risk based on the overall exposure to the organization. Focus on risks that have the greatest
chance of reducing shareholder value — for example, processes that affect the extended supply
chain such as safety, quality, reliability of suppliers and processes.
Develop fraud risk profiles as part of an overall risk assessment and include necessary
stakeholders and decision makers. You’re not likely to make friends throughout the organization
by conducting this on your own. For example, if you think fraud is happening with purchasing
cards, include the p-card manager in the discussions. That way it’s a joint effort that will benefit
both parties and hopefully result in a more comprehensive approach to fraud risks in that area.
2. Test transactional data for possible indicators of fraud.
You must test 100 percent of the data, not just random samples. While sampling may be effective
for detecting problems that are relatively consistent throughout data populations, that isn’t
always the case for fraud. Fraudulent transactions, by nature, do not occur randomly.
Transactions may fall within boundaries of certain standard testing and not be flagged. Further,
using the sampling approach, you may not be able to fully quantify the impact of control failures
and you may not be able to estimate within certain populations. You could miss many smaller

RSM 306
anomalies and sometimes it’s the small anomalies that add up over time to result in very large
instances of fraud.
In order to effectively test and monitor internal controls, organizations need to analyze all
relevant transactions.
3. Improve controls by implementing continuous auditing and monitoring.

Strengthen controls over transaction authorizations and use continuous auditing and monitoring
to test and validate the effectiveness of your controls. Repetitive or continuous analysis for fraud
detection means setting up scripts to run against large volumes of data to identify those
anomalies as they occur over a period of time. This method can drastically improve the overall
efficiency, consistency and quality of your fraud detection processes. Create scripts, test the
scripts and run them against data so you get periodic notification when an anomaly occurs in the
data.
You can run the script every night to go through all those transactions for timely notification of
trends and patterns and exceptions reporting that can be provided to management. For example,
this script could run specific tests against all purchasing card transactions as they occur to ensure
they are in accordance with controls.
4. Communicate the monitoring activity throughout the organization.
A big part of fraud prevention is communicating the program across the organization. The old
adage, “an ounce of prevention equals a pound of cure” rings true for fraud detection. If everyone
knows there are systems in place that alert to potential fraud or breach of controls, and that
every single transaction running through your systems is monitored, you’ve got a great
preventative measure. It lets people know that they shouldn’t bother, because they will get
caught.
5. Provide management with immediate notification when things are going wrong.
It is better to raise any issues right away than explain why they occurred later. Create audit
reports with recommendations on how to tighten controls or change processes to reduce the
likelihood of recurrence. And, don’t forget to quantify the impact to the business. Data analysis
technology can quantify the impact of fraud so you can actually see how much it’s costing the
organization and provide a cost-effective program with immediate returns.
6. Fix any broken controls immediately.
Segregation of duties is important. If you can initiate a transaction, approve the transaction, and
also be the receiver of the goods from the transaction, there is a problem.
7. Expand the scope and repeat.

RSM 306
Re-evaluate your fraud profile, taking into account both the most common fraud schemes and
those that relate specifically to the risks that are unique to your organization, and move your
investigative lens. Use analytics to find out where controls are not working or are ineffective
and don’t forget to look for controls that cannot be governed by application control settings.
Investigate patterns and fraud indicators that emerge from the fraud detection tests and
continuous auditing and monitoring.
SUMMARY
Fraud is a significant business risk that must be mitigated. A well-designed and implemented
fraud detection system, based on the transactional data analysis of operational systems, can
significantly reduce the chance of fraud occurring within an organization. The sooner that
indicators of fraud are available, the greater the chance that losses can be recovered and control
weaknesses can be addressed. The timely detection of fraud directly impacts the bottom line,
reducing losses for an organization. And effective detection techniques serve as a deterrent to
potential fraudsters – employees who know that experts are present and looking for fraud or that
continuous monitoring is occurring are less likely to commit fraud because of a greater perceived
likelihood that they will be caught.
Given increased regulatory requirements and compliance demands, the decision is no longer if
an organization should implement a complete fraud detection and prevention program, but
rather how quickly that program can be put into place. The use of technology is essential for
maximizing the efficiency and effectiveness of a fraud detection and prevention program.
TYPICAL TYPES OF FRAUD AND FRAUD TESTS
Knowing what to look for is critical in building a fraud detection program. The following examples
are based on descriptions of various types of fraud and the tests used to discover the fraud as
found in Fraud Detection: Using Data Analysis Techniques to Detect Fraud.1
Type of fraud: Fictitious vendors
Tests used to discover this fraud:
Run checks to uncover post office boxes used as addresses and to find any matches between
vendor and employee addresses and/or phone numbers
Be alert for vendors with similar sounding names or more than one vendor with the same address
and phone number
Type of fraud: Altered invoices
• Search for duplicates

• Check for invoice amounts not matching contracts or purchase order amounts

RSM 306
Type of fraud: Fixed bidding

• Summarize contract amount by vendor and compare vendor summaries for several years
to determine if a single vendor is winning most bids
• Calculate days between close for bids and contract submission date by vendor to see if
the last bidder consistently wins the contract Type of fraud: Goods not received
• Search for purchase quantities that do not agree with contract quantities
• Check if inventory levels are changing appropriate to supposed delivery of goods Type of
fraud: Duplicate invoices
• Review for duplicate invoice numbers, duplicate date, and invoice amounts
Type of fraud: Inflated prices
• Compare prices across vendors to see if prices from a particular vendor are unreasonably
high
Type of fraud: Excess quantities purchased
• Review for unexplained increases in inventory

• Determine if purchase quantities of raw materials are appropriate for production level
• Check to see if increases in quantities ordered compare similarly to previous contracts or
years or when compared to other plants Type of fraud: Duplicate payments
• Search for identical invoice numbers and payments amounts

• Check for repeated requests for refunds for invoices paid twice
Type of fraud: Carbon copies
• Search for duplicates within all company checks cashed; conduct a second search for gaps
in check numbers

RSM 306
Type of fraud: Duplicate serial numbers

• Determine if high value equipment a company already owns is being repurchased by

checking serial numbers for duplicates and involvement of same personnel in purchasing
and shipping processes
Type of fraud: Payroll fraud
• Find out if a terminated employee is still on payroll by comparing the date of termination
with the pay period covered by the paycheck and extract all pay transactions for
departure date less than date of current pay period
Type of fraud: Accounts payable Tests
used to discover this fraud:
• Reveal transactions not matching contract amounts by linking Accounts Payable files to
contract and inventory files and examining contract date, price, ordered quantity,
inventory receipt quantity, invoice quantity, and payment amount by contract
1 Coderre, David G., Fraud Detection: Using Data Analysis to Detect Fraud, 2nd edition
(Vancouver, BC: Ekaros, 2004)

RSM 306
The analytical process is used to create never-ending accurate analytics. The process begins with
questions, the answers to which inevitably lead back to more questions. So the cycle never ends
but instead continues to spiral in directions where the analysis process is yet to be unmasked.
With proper planning and direction, the process converts raw data and/or information that has
been acquired into precise information that could potentially lead to further analysis.
The analytical process involves substantive issues and concerns related to information that needs
clarification. Analytics is then used to guide the collection strategies and the production of the
appropriate analytical product. Analytics is the process whereby information is obtained from all
sources that are pertinent to the areas of collection, collation, dissemination, evaluation,
description, and analysis.
Professionals in the analytical community absorb incoming information, evaluate it, produce an
assessment of the current state of affairs, and create a strategic methodology.
 Risk areas
Each risk in the overall risk model should be explored to identify how it potentially evolves
through the organisation. It is important to ensure that the risk is carefully defined and
explained to facilitate further analysis. The techniques of analysis include:
• Workshops and interviews
• brainstorming
• Questionnaires
• Process mapping
• Comparisons with other organisations
• Discussions with peers.
Here are five areas in which employee fraud commonly occurs:
Purchase-to-Pay

RSM 306
Potential fraud risks include (a) an employee initiating purchase orders (P.O.) for goods and
services that are diverted for personal use and (b) an employee setting up a “phantom” vendor
account, through which fraudulent invoices are processed and payments are made to the
employee.
In these situations, fraud tests can detect if the same individual both enters and approves a P.O.
or if an individual enters or approves multiple “split” P.O.’s, just under an authorized limit. Other
evidence that can be discovered includes whether the delivery address for goods or services is
the same as an employee’s, whether the goods being purchased are typically consumer items, or
whether the vendor master file information (address, bank account, etc.) is the same as that of
an employee.
Corporate Credit Cards
A common fraud risk is an employee using a corporate credit card for personal gain instead of
legitimate corporate purchases or travel and entertainment expenses.
Fraud tests can detect purchasing cards (P-Cards) being used to acquire goods and services from
vendors with suspect merchant codes (e.g., home supplies, personal entertainment, etc.) and
corporate cards being used by employees on weekends or while the employee is on vacation.
Additionally, tests can determine whether fuel is purchased in unusually large quantities, mileage
charges are made in the same period as rental-car charges, and corporate-card transactions are
approved by the card holder.
Payroll
Payroll fraud can consist of (a) “phantom” employees being set up on payroll systems; (b)
excessive overtime payments; and (c) employees remaining on the payroll after death or
termination.
Tests can detect if there is more than one employee with the same bank account details or the
same address. In addition, they can find invalid address information for employees, invalid social
security numbers, unusually high overtime amounts, and payroll payments made to employees
who were terminated or deceased according to HR records.
Sales and receivables
Some potential frauds include (a) employee collusion with vendors and (b) sales representatives
inflating sales to achieve higher commissions and bonuses.
Fraud tests can detect customer accounts with exceptional credit terms; customer accounts that
have unusually large or frequent credit memos; customers receiving unusually large discounts;
customers returning goods without corresponding adjustments to sales representatives’
commissions; and sales shipment addresses that are the same as an employee’s address.
Information systems and critical data

RSM 306
This kind of fraud includes (a) employee theft of critical data and (b) employees providing
corporate data to external individuals.
The right tests can discover databases accessed by individuals without appropriate authorities
and reports generated by individuals without appropriate authorization. Similarly, fraud tests can
detect customer accounts with exceptional credit terms and network logs that indicate
unauthorized copying and movement of data files. Tests can also help discover if email
attachments include sensitive data.
What to look for
Types of Red Flags and Fraud

Now that we have discussed what red flags and fraud are, it is time to talk about the types of red
flags and fraud that, unfortunately, are common in the workplace today.
General Red Flags

What are the red flags that are common to most types of fraudulent activity?
Red flags that are common to most types of fraudulent activity can be categorized as employee
and management red flags. Before we give you examples of employee and management red
flags, it is important to understand more about employee and organizational profiles of fraud
perpetrators. According to the 2006 ACFE survey of more than 1,100 occupational fraud cases,
perpetrators have the following characteristics:
Fraud Perpetrator Profile:

• The majority of occupational fraud cases (41.2 percent) are committed by employees.
• However, the median loss for fraud committed by managers was $218,000, which is
almost three times greater than the loss resulting from an employee scheme.
• Approximately 61 percent of the fraud cases were committed by men. The median loss
resulting from fraud by males was $250,000, which is more than twice the median loss
attributable to women.
• Most fraud perpetrators (87.9 percent) have never been charged or convicted of a crime.
This supports previous research which has found that those who commit occupational
fraud are not career criminals.
• Nearly 40 percent of all fraud cases are committed by two or more individuals. The
median loss in these cases is $485,000, which is almost five times greater than the median
loss in fraud cases involving one person.
• The median loss attributable to fraud by older employees is greater than that of their
younger counterparts. The median loss by employees over the age of 60 was $713,000.
However, for employees 25 or younger, the median loss was $25,000.
• Organizational Profile:
• Most costly abuses occur within organizations with less than 100 employees.
RSM 306
• Management ignores irregularities.

• High turnover with low morale. Staff lacks training.
Employee Red Flags
• Employee lifestyle changes: expensive cars, jewelry, homes, clothes
• Significant personal debt and credit problems
• Behavioral changes: these may be an indication of drugs, alcohol, gambling, or just fear
of losing the job
• High employee turnover, especially in those areas which are more vulnerable to fraud
• Refusal to take vacation or sick leave
• Lack of segregation of duties in the vulnerable area
Management Red Flags

• Reluctance to provide information to auditors
• Managers engage in frequent disputes with auditors
• Management decisions are dominated by an individual or small group
• Managers display significant disrespect for regulatory bodies
• There is a weak internal control environment
• Accounting personnel are lax or inexperienced in their duties
• Decentralization without adequate monitoring
• Excessive number of checking accounts
• Frequent changes in banking accounts
• Frequent changes in external auditors
• Company assets sold under market value
• Significant downsizing in a healthy market
• Continuous rollover of loans
• Excessive number of year end transactions
• High employee turnover rate
• Unexpected overdrafts or declines in cash balances
• Refusal by company or division to use serial numbered documents (receipts)
• Compensation program that is out of proportion
• Any financial transaction that doesn’t make sense - either common or business
• Service Contracts result in no product
• Photocopied or missing documents
Changes in Behavior “Red Flags”

The following behavior changes can be “Red Flags” for Embezzlement:
• Borrowing money from co-workers
• Creditors or collectors appearing at the workplace
• Gambling beyond the ability to stand the loss
• Excessive drinking or other personal habits
RSM 306
• Easily annoyed at reasonable questioning

• Providing unreasonable responses to questions
• Refusing vacations or promotions for fear of detection
• Bragging about significant new purchases
• Carrying unusually large sums of money
• Rewriting records under the guise of neatness in presentation
Red Flags in Cash/Accounts Receivable

Since cash is the asset most often misappropriated, local government officials and auditors should
pay close attention to any of these warning signs.
• Excessive number of voids, discounts and returns
• Unauthorized bank accounts
• Sudden activity in a dormant banking accounts
• Taxpayer complaints that they are receiving non-payment notices
• Discrepancies between bank deposits and posting
• Abnormal number of expense items, supplies, or reimbursement to the employee
• Presence of employee checks in the petty cash for the employee in charge of petty cash
• Excessive or unjustified cash transactions
• Large number of write-offs of accounts
• Bank accounts that are not reconciled on a timely basis
Red Flags in Payroll

Red flags that show up in payroll are generally worthy of looking into. Although payroll is usually
an automated function, it is a vulnerable area, especially if collusion is involved.
• Inconsistent overtime hours for a cost center
• Overtime charged during a slack period
• Overtime charged for employees who normally would not have overtime wages
• Budget variations for payroll by cost center
• Employees with duplicate Social Security numbers, names, and addresses
• Employees with few or no payroll deductions
Red Flags in Purchasing/Inventory

• Increasing number of complaints about products or service
• Increase in purchasing inventory but no increase in sales
• Abnormal inventory shrinkage
• Lack of physical security over assets/inventory
• Charges without shipping documents
• Payments to vendors who aren’t on an approved vendor list
• High volume of purchases from new vendors
• Purchases that bypass the normal procedures
• Vendors without physical addresses

RSM 306
• Vendor addresses matching employee addresses

• Excess inventory and inventory that is slow to turnover
• Purchasing agents that pick up vendor payments rather than have it

RSM 306
Unit Six
TYPES OF FRAUD
Method Detailed description
1 Fraudulent financial  Posting of fraudulent accounting entries

misstatement  Manipulation of accounting systems to conceal or establish fictitious
venders
 Diversion of restricted and confidential data
2 Misappropriation of  Theft of assets such as cash, inventory and fixed assets Fraudulent
assets  manipulation of vendor master file.
 Fictitious invoicing
 Manipulation of intangible assets like piracy of software or other
copyright material
3 Corruption  Collusive hacking of systems to access employee, customer or trading
partner data
 4Identity theft to collusively obtain lo5ans, credits or capital funding
 Col6lusion involving the payment of brib7es to staff
 Syndicated corruption amongst suppliers via manipulation of digital
and other social media.
 Kickbacks relating to industrial sabotage, for instance, disinformation
being spread about business plans and strategies.
4 Regulatory and legal  Conflict of interest relating to personal financial interests in public
misconduct contracts
 Insider trading
 Price fixing
 Peddling influence in exchange for gifts or other gratuities.

RSM 306
5 Sales and accounts  Overstated Sales

receivables  Fictitious Customers
6 Accounts payable  Pricing manipulation
 Duplicate payment
 Diversion of payments
7 Human Resources  False qualifications

and payroll  Ghost employees
8 Inventory and  Falsifies delivery notes
storage/warehousing  Falsified stock balancing figures
 Falsified inventory classification
9 Capital and ICT  Theft of ICT assets

infrastructure  Inflated professional service hours
disbursement  Collusion in signing off of incomplete works orders
 Diversion of grants/funding to fictitious projects
 Fictitious subcontractors
10 Revenue and income  Advance revenue recognition from unsigned contracts Overstated
recognition  billings

PROCESS OF DETECTION
1. Build a profile of potential frauds.
Take a top-down approach to your risk assessment, listing the areas in which fraud is likely to
occur in your business and the types of fraud that are possible in those areas. Then qualify
the risk based on the overall exposure to the organization. Focus on risks that have the
greatest chance of reducing shareholder value — for example, processes that affect the
extended supply chain such as safety, quality, reliability of suppliers and processes.
Develop fraud risk profiles as part of an overall risk assessment and include necessary
stakeholders and decision makers. You’re not likely to make friends throughout the
organization by conducting this on your own. For example, if you think fraud is happening
with purchasing cards, include the p-card manager in the discussions. That way it’s a joint
effort that will benefit both parties and hopefully result in a more comprehensive approach
to fraud risks in that area.
2. Test transactional data for possible indicators of fraud.
You must test 100 percent of the data, not just random samples. While sampling may be
effective for detecting problems that are relatively consistent throughout data populations,

RSM 306
that isn’t always the case for fraud. Fraudulent transactions, by nature, do not occur
randomly. Transactions may fall within boundaries of certain standard testing and not be
flagged. Further, using the sampling approach, you may not be able to fully quantify the
impact of control failures and you may not be able to estimate within certain populations.
You could miss many smaller anomalies and sometimes it’s the small anomalies that add up
over time to result in very large instances of fraud.
In order to effectively test and monitor internal controls, organizations need to analyze all
relevant transactions.
3. Improve controls by implementing continuous auditing and monitoring.
Strengthen controls over transaction authorizations and use continuous auditing and
monitoring to test and validate the effectiveness of your controls. Repetitive or continuous
analysis for fraud detection means setting up scripts to run against large volumes of data to
identify those anomalies as they occur over a period of time. This method can drastically
improve the overall efficiency, consistency and quality of your fraud detection processes.
Create scripts, test the scripts and run them against data so you get periodic notification when
an anomaly occurs in the data.
You can run the script every night to go through all those transactions for timely notification
of trends and patterns and exceptions reporting that can be provided to management. For
example, this script could run specific tests against all purchasing card transactions as they
occur to ensure they are in accordance with controls.
4. Communicate the monitoring activity throughout the organization.
A big part of fraud prevention is communicating the program across the organization. The old
adage, “an ounce of prevention equals a pound of cure” rings true for fraud detection. If
everyone knows there are systems in place that alert to potential fraud or breach of controls,
and that every single transaction running through your systems is monitored, you’ve got a
great preventative measure. It lets people know that they shouldn’t bother, because they will
get caught.
5. Provide management with immediate notification when things are going wrong.
It is better to raise any issues right away than explain why they occurred later. Create audit
reports with recommendations on how to tighten controls or change processes to reduce the
likelihood of recurrence. And, don’t forget to quantify the impact to the business. Data
analysis technology can quantify the impact of fraud so you can actually see how much it’s
costing the organization and provide a cost-effective program with immediate returns.
6. Fix any broken controls immediately.
Segregation of duties is important. If you can initiate a transaction, approve the transaction,
and also be the receiver of the goods from the transaction, there is a problem.

RSM 306
7. Expand the scope and repeat.

Re-evaluate your fraud profile, taking into account both the most common fraud schemes
and those that relate specifically to the risks that are unique to your organization, and move
your investigative lens. Use analytics to find out where controls are not working or are
ineffective and don’t forget to look for controls that cannot be governed by application
control settings. Investigate patterns and fraud indicators that emerge from the fraud
detection tests and continuous auditing and monitoring.
Summary
Fraud is a significant business risk that must be mitigated. A well-designed and implemented
fraud detection system, based on the transactional data analysis of operational systems, can
significantly reduce the chance of fraud occurring within an organization. The sooner that
indicators of fraud are available, the greater the chance that losses can be recovered and
control weaknesses can be addressed. The timely detection of fraud directly impacts the
bottom line, reducing losses for an organization. And effective detection techniques serve as
a deterrent to potential fraudsters – employees who know that experts are present and
looking for fraud or that continuous monitoring is occurring are less likely to commit fraud
because of a greater perceived likelihood that they will be caught.
Given increased regulatory requirements and compliance demands, the decision is no longer
if an organization should implement a complete fraud detection and prevention program, but
rather how quickly that program can be put into place. The use of technology is essential for
maximizing the efficiency and effectiveness of a fraud detection and prevention program.
 COMMON FRAUD TECHNIQUES
Knowing what to look for is critical in building a fraud detection program. The following
examples are based on descriptions of various types of fraud and the tests used to discover
the fraud as found in Fraud Detection: Using Data Analysis Techniques to Detect Fraud.1
1. Type of fraud: Fictitious vendors

• Run checks to uncover post office boxes used as addresses and to find any matches
between vendor and employee addresses and/or phone numbers
• Be alert for vendors with similar sounding names or more than one vendor with the same
address and phone number
2. Type of fraud: Altered invoices
• Search for duplicates

RSM 306
• Check for invoice amounts not matching contracts or purchase order amounts
Type of fraud: Fixed bidding
• Summarize contract amount by vendor and compare vendor summaries for several
years to determine if a single vendor is winning most bids
• Calculate days between close for bids and contract submission date by vendor to see
if the last bidder consistently wins the contract
3. Type of fraud: Goods not received
• Search for purchase quantities that do not agree with contract quantities
• Check if inventory levels are changing appropriate to supposed delivery of
goods Type of fraud: Duplicate invoices
• Review for duplicate invoice numbers, duplicate date, and invoice amounts
4. Type of fraud: Inflated prices
Compare prices across vendors to see if prices from a particular vendor are
unreasonably high
5. Type of fraud: Excess quantities purchased.
• Review for unexplained increases in inventory

• Determine if purchase quantities of raw materials are appropriate for production level
• Check to see if increases in quantities ordered compare similarly to previous contracts
or years or when compared to other plants
6. Type of fraud: Duplicate payments
• Search for identical invoice numbers and payments amounts

• Check for repeated requests for refunds for invoices paid twice

RSM 306
7. Type of fraud: Carbon copies

Search for duplicates within all company checks cashed; conduct a second search for
gaps in check numbers
8. Type of fraud: Duplicate serial numbers
Determine if high value equipment a company already owns is being repurchased by

checking serial numbers for duplicates and involvement of same personnel in
purchasing and shipping processes
9. Type of fraud: Payroll fraud

Find out if a terminated employee is still on payroll by comparing the date of termination
with the pay period covered by the paycheck and extract all pay transactions for
departure date less than date of current pay period
10. Type of fraud: Accounts payable

• Reveal transactions not matching contract amounts by linking Accounts Payable files to
contract and inventory files and examining contract date, price, ordered quantity,
inventory receipt quantity, invoice quantity, and payment amount by contract.
Coderre, David G., Fraud Detection: Using Data Analysis to Detect Fraud, 2nd edition
(Vancouver, BC: Ekaros, 2004)
 DEALING WITH FRAUDULENT EMPLOYEES
What's the best approach for stopping fraud and corruption?
The key deterrent of fraud and corruption is awareness and prevention. Some of the
processes which are deemed most effective involve denial of opportunity, effective
leadership and oversight, auditing and pre-employee screening.
Denial of opportunity may be translated in the form of internal controls and consistently
adhering to clearly defined procedures established by the University's leadership.
What's wrong with just trusting people?
Nobody wants to doubt co-workers and their honesty.

RSM 306
In fact, most people will not engage in fraudulent and corrupt conduct. However, we must
understand and accept the reality that fraud is possible and some people will be corrupt!
All too often in the past, "trusted employees" in organisations have been given the "keys to
the kingdom" with little or no oversight and control, leaving the door wide open for
fraudulent or corrupt behaviour.
Trust is important … but trust is not an internal control! Relying on trust alone is asking for
trouble particularly in those areas of an organisation where this is a greater risk of that trust
being breached.
If you do not believe that fraud and corruption is possible in the workplace, you will never
identify it, even if it is clearly evident. Very often may be viewed as administrative errors
because individuals cannot conceive of the existence of fraud or corruption particularly
where there is a long time affiliation with co-workers.
Why isn't it enough to just sanction someone once such behaviour is identified?
Remember the fraud triangle? Simply punishing a person who has been caught committing a
fraud is not a totally effective way to deter fraud. Some of the reasons are as follows:
 A fraudster will only commit fraud when there is a perceived opportunity to solve their
problems in secret. They don't anticipate getting caught, so the threat of sanctions
doesn't really carry any weight i.e. they don't expect to face them.
 If a fraudster rationalizes their conduct, to them it is legal or justified. Thus, they don't see
their actions as something that should be sanctioned.
 Fraudsters greatly fear that their behaviour will be detected. The threat of sanctions is
only ever a secondary consideration.
What can I do to deter fraudulent and corrupt behaviour?
To effectively deter fraud and corruption, you need to:

 Be aware of where fraud and corruption is likely i.e. understand and manage the areas of
risk under your control;
 Have a good understanding of why people may engage in fraudulent or corrupt activity
i.e. understand the components of the fraud triangle and be on the lookout for red flags;
and
 Always "do the right thing", and encourage others to do the same.
What is "doing the right thing"?
For all staff, doing the right thing means living the University's values, and working and
behaving in accordance with the Code of Conduct, Staff Enterprise Agreement/Employment
Contracts, University policy framework and all relevant laws and regulations.
RSM 306
As a manager, it means "leading by example" (i.e. setting the right tone, walking the talk) and
taking appropriate steps to ensure that your internal controls are adequate and operating
effectively to:
 prevent fraud and corruption from occurring; and
 Detect and appropriately respond (as soon as possible) to any incidences should they be
found or suspected.
Regardless of who you are, what you do, or what you're responsible for, it also means:
 Saying NO! to anything that sounds or looks suspicious, improper or illegal; and
 Having the courage to speak out and speak up when you see something that just doesn't
look or feel right.
What are some essential internal controls for deterring fraudulent and corrupt behaviour?
The following basic internal controls are a good starting point for ensuring a low fraud and
corruption working environment:
 Segregation of duties, to prevent one person from undertaking an entire transaction
alone.
 Clearly established lines of delegated authority and responsibility.
 Position descriptions that clearly represent the jobs people actually do.
 Compulsory clearance of overdue accumulated leave, particularly for those in key
positions of trust.
 Job rotation (wherever possible), again for those in key positions of trust.
 Staff awareness, education and training to ensure all staff are aware of and can recognize
the signs of possible fraudulent or corrupt behavior.
 Adequate protective measures for safeguarding, assets, processes and data.
 Documentation retained and managed in accordance with records management policy.
 A work environment where people feel comfortable in raising concerns and are not
penalized for doing so.
 Ongoing management oversight / monitoring of work functions to verify that controls are
operating effectively e.g. reconciliations, confirmations, exception reports.

RSM 306
7
Unit Seven
IDENTITY THEFT
What is identity theft?
Identity theft is the deliberate use of someone else's identity, usually as a method to gain a
financial advantage or obtain credit and other benefits in the other person's name, and perhaps
to the other person's disadvantage or loss. The person whose identity has been assumed may
suffer adverse consequences, especially if they are held responsible for the perpetrator's actions.
Identity theft occurs when someone uses another's personally identifying information, like their
name, identifying number, or credit card number, without their permission, to commit fraud or
other crimes. The term identity theft was coined in 1964.[Since that time, the definition of
identity theft has been statutorily prescribed throughout both the U.K. and the United States as
the theft of personally identifying information, generally including a person’s name, date of birth,
social security number, driver’s license number, bank account or credit card numbers, PIN
numbers, electronic signatures, fingerprints, passwords, or any other information that can be
used to access a person’s financial resources.
Determining the link between data breaches and identity theft is challenging, primarily because
identity theft victims often do not know how their personal information was obtained, and
identity theft is not always detectable by the individual victims. Identity fraud is often but not
necessarily the consequence of identity theft. Someone can steal or misappropriate personal
information without then committing identity theft using the information about every person,
such as when a major data breach occurs.
Types of identity theft
• Criminal identity theft (posing as another person when apprehended for a crime)
• Financial identity theft (using another's identity to obtain credit, goods and services)
• Identity cloning (using another's information to assume his or her identity in daily life)
• Medical identity theft (using another's identity to obtain medical care or drugs)

RSM 306
• Child identity theft.

Identity fraud
Identity fraud is the use by one person of another person's personal information, without
authorization, to commit a crime or to deceive or defraud that other person or a third person.
Most identity fraud is committed in the context of financial advantage, such as accessing a
victim's credit card, bank or loan accounts. False or forged identity documents have been used in
criminal activity (such as to gain access to security areas) or in dealings with government agencies,
such as immigration. Often today, the identities of real persons are used in the preparation of
these false documents.
A person's personal information may be surreptitiously obtained, commonly described as identity
theft, in a variety of ways. A fraudster may use another person's basic personal details (such as
name, address, username and PIN) to access the victim's online accounts, including banking
accounts, email, and social media accounts. Such access may be for the purpose of obtaining
further personal information on the target. More seriously, the information may then be used in
truly fraudulent activities, such as opening a credit card account in the victim's name, and then
charging purchases to that account, or the entering into a loan agreement in the victim's name.
Identity fraud may be committed without identity theft, as in the case of the fraudster being given
someone's personal information for other reasons but uses it to commit fraud, or when the
person whose identity is being used is colluding with the person committing the fraud.[1] There
have been numerous cases of organisations being hacked to obtain personal information. One
case of identity theft was the 2011 hacking of the PlayStation Network, when personal and credit
card information of 77 million accounts were stolen.
The unauthorised use of a stolen credit card is commonly not considered identity fraud, but may
be considered consumer fraud. The use of fake names, ID cards, falsified or forged documents,
and lying about his or her own age to simply "hide" his or her true identity is sometimes also
regarded as identity fraud. Reasons for this type of identity fraud may include wanting to
purchase tobacco or alcohol as a minor as well as to continue playing on a certain sports team or
organization when that person is really too old to compete.
HOW TO PREVENT IDENTITY THEFT
11. Use strong passwords and PINs.
Your passwords and PINs shouldn't be something anyone could guess, even if they had access to
some of your personal information. Avoid names, addresses, and birth dates.
• If you use words or numbers that are familiar to you, disguise them with hard-to-guess
code, like the Vigènere Cipher.
• You also might try online programs, available for free, that provide virtually
unbreakable randomly generated passwords.

RSM 306
• Make sure all passwords you use include both lower-case and capital letters, numbers,
and other characters such as hyphens or asterisks.
• Avoid using the same password for multiple accounts. Each of your passwords should
be unique so that if one of them is compromised, the thief does not have access to
anything else.
12. Keep passwords and PINs safe.
Never store passwords or sensitive information unencrypted on your computer. If you have a
physical "cheat sheet" of log-in information, keep it locked up.
• If you need to keep passwords in a digital format, store them in a password manager
program that is encrypted. You also can store them on an external hard drive that is
only attached to your computer for offline backups.
• Avoid using autofill, particularly for banking or credit card websites, unless your
computer is secure or never leaves your house.
13. Turn on two-factor authentication.
Many email services and popular social media platforms allow you to log on using two-factor
authentication, or 2FA. This enhanced security protocol adds an extra step to confirm your
identity even after you enter your username and password.
• Typically you will get a text message with a code that you have to enter. Once you enter
the code, you'll be able to access your account on the site.
• With 2FA, a hacker would not be able to access your account, even if they gained your
username and password.
• Regardless of whether you enable 2FA or not, make sure you completely log out of any
service you're not using – don't just close the window or tab on your browser.
14. Create log-in passwords for all your devices.
Whether you plan to take a device outside your home, all should have log-in passwords so the
information cannot be accessed in the event someone gets ahold of the device.
• On most computers, you also can set up security so that the computer is completely
disabled or the hard drive erased after a certain number of incorrect password
attempts.
• Change your log-in passwords on a regular basis, and don't write them down anywhere
near your computer. For example, don't write the log-in password on a sticky note
affixed to your computer case.
15. Protect your computer.
Identity thieves use complex software such as spyware and key loggers to obtain sensitive
information. A strong and regularly updated firewall, anti-virus program and anti-spyware
program will provide most of the protection you need.

RSM 306
• These programs often are provided as software-as-a-service, in which you download

the application online and pay a monthly fee for updates.
• If you're not sure what is best for your computer, contact your local computer retailer
for advice.
16. Beware of phishing scams.
You may receive a seemingly harmless email asking you to verify certain things such as your
password, account number, or personal identification information. Any email seeking this sort of
information should be an immediate red flag for you. The best response is to contact the service
provider directly and ask what's up.
• Keep in mind that most banks and credit card companies will not send unsolicited emails
of this sort, or emails with internal links asking you to verify information. Save the email
(the bank or credit card company may want to see it) and contact the company directly
using a customer service number or by going directly to their website – do not click on
any links in the email.
• Other phishing scams include false lottery wins, requests for money to "help" people who
have lost money/tickets/house, etc. and claims from Nigerian princes on-the-run.
• Check the website of your country's government department that is responsible for
updating on regular scams (consumer affairs and security agencies usually). Some
nonprofit consumer watchdog agencies also have similar information available online.
17. Restore old computers to factory settings.
Whether you're selling an old computer, recycling it, or throwing it away, make sure you get rid
of it safely. Restoring it to factory settings ensures all of your information is gone. Do the same
with mobile devices.
• Keep in mind that a tech-savvy person can even recover information that has been
deleted from a hard drive. You can download free scrubbing programs online, or ask a
trusted computer retailer or tech-savvy friend to help.
• Information on how to restore your computer to its factory settings should be included in
the manual that came with your computer, or you may be able to find a step-by-step
guide online.
18. Encrypt your hard drive.
Most Apple- and Windows-based computers have an option that allows you to easily encrypt the
information on your hard drive. Check the security tab in your settings and follow the prompts to
activate encryption.
• If your hard drive is encrypted, the information on it cannot be used even if it is accessed
by a hacker or would-be identity thief.

RSM 306
• Observe the same caution when transmitting information online. You should see a little
lock icon if the website you're using is secure. Don't enter personal information unless
you see that symbol
19. Take care when posting on social media.
Check your security settings on your social media accounts, and avoid posting personal
information publicly, or publicly "checking in" to places. Identity thieves as well as burglars can
use this information to identify targets.
• If you're going on a vacation, wait until after you return to post any pictures or stories
about your trip online.
• Avoid "friending" anyone you don't know "in real life." They may not be who they claim
they are, and may be using your posts to gain information about you so they can exploit
you or steal your identity.
20. Check security when shopping online.
When shopping online, verify security symbols and encryption before entering any credit or
identification details. You also want to check the URL and make sure it's legit – avoid using links
from an unsolicited email.
• Don't store information on any store's website. It may be convenient but it's also a
possible loss to you if the site is hacked.
• Keep a separate credit card just for online purchases. That way if your information is
compromised, you can easily cancel that card and your bank account or other credit
cards won't be affected. Never use a debit card linked to your bank account online.
WHAT TO DO IF YOU ARE A VICTIM OF IDENTITY THEFT
FIRST-close the accounts that you know or believe have been tampered with or opened
fraudulently.
SECOND-file a police report with your local police or the police in the community where the theft
took place.

RSM 306
8
Unit Eight
Correlation, Trend Analysis
Fraud and money laundering correlation

Money laundering is a process which aims to disguise the existence, nature, source, control,
beneficial, ownership, location, and disposition of property derived from criminal activity. In this
context property assumes the wider definition of that which is physical, intangible or represented
in the form of rights or obligations such as a pension funds or trust fund.
Money laundering is big business. According to the International Monetary Fund it is estimated
that between US$500 billion and US$15 trillion is laundered each year, through the international
financial system. The international body charged with dealing with money laundering is the
Financial Action Task Force (FAFT). It is composed of many of the world’s leading governments
through their financial centers. Its objectives include establishing a world-wide anti-money
laundering and anti-terrorist policy which it pursues through pronouncing on a series of best
practices and typologies, which are formed as “Recommendations” on how the governments
should best regulate financial services. These Recommendations are not binding on member
countries, although sanctions may be used against an offending country and non-member
countries are finding it increasingly difficult to operate independently of FAFT members.
Money Laundering Methods
The “Washing” includes all forms of illegal activities. In most instances the goal is to conduct
transactions in cash in such a way as to conceal the true nature of transactions. Problems occur
regarding large volumes of cash-transporting it, converting small denomination bills to larger
denomination bills, and converting cash into assets which can be invested and/or spent. The
Money Laundering Process
Placement
Placement of funds into a financial institution is the initial step in the process. It is at this step
that legislation has been developed to prevent launderers from depositing or converting large
amounts of cash at financial institutions or taking cash out of the country. Money laundering

RSM 306
schemes are most often detected at this stage. Placement can take any number of forms. If the
money launderer has a large amount of cash, he can move the money out of the country in a
suitcase and deposit it in an offshore bank. Another choice is to break up the money into smaller
amounts and deposit it into bank accounts or Purchase cashier’s cheques, travelers’ cheques, or
money orders. The process of breaking transactions up into smaller amounts to evade the
reporting requirements is known as smurfing. A sophisticated smurfing operation might involve
hundreds of bank accounts in dozens of cities.
Layering
If the Placement of the initial funds goes undetected, financial transactions can be designed in
complex Patterns in order to disguise the source of the money. This stage of the process is
referred to as layering and represents the most difficult area of detection. Once the funds have
been deposited into a financial institution, a launderer can move the funds around by using layers
of financial transactions designed to confuse the audit trail. The money can even be transported
out of the country through wire transfers.
Integration
A money laundering scheme cannot be successful until the paper trail is eliminated or made so
complex that the flow of illegal income cannot be easily traced. The final stage in the laundering
process is the integration of the money back into the economy in such a way as to make it appear
to be a legitimate business transaction. This stage of the process is also difficult to detect;
however, if the integration process creates a paper trail such as deeds for real estate, invoices,
and loan documents. A greater number of steps increases the complexity of tracing the funds,
but it also increases the length of the paper trail and the chance that the transaction will be
reported. The object of money laundering is not only to disguise the source of illegal funds, but
also to convert large stores of currency into other assets. In some cases, illegal funds are spent
on personal assets: homes, cars, jewellery, furniture, etc. But the typical money launderer will
not dispose of all his illegal currency in this manner; he will want to have a certain amount of
liquid reserves for spending. Keeping large bundles of cash is inefficient because they are difficult
to hide and transport. Therefore, money launderers will often convert substantial portions of
their currency into negotiable instruments such as cashiers cheques and money orders, which
are routinely issued by financial institutions. Criminals prefer these negotiable instruments for
two reasons. First, cashier’s cheques and money orders are bearer instruments and the holder
can use them or deposit them without having to prove the source of the funds. Second they are
liquid assets because the holder may use them immediately
Using a Legitimate Business to Launder Funds
One of the most common methods of laundering funds is to filter the money through a legitimate
business (also known as a “front” business). A front business can be very effective way to launder
money because it provides a safe place for organizing and managing criminal activity. A front
doing legitimate business provides cover for delivery and transportation related to illegal
activities. In addition, such a business provides an unsuspicious venue for the comings and goings

RSM 306
of large numbers of people. Expenses from illegal activity can be attributed to the legitimate
enterprise, and the illegal revenues can be easily placed into the enterprise.
Three methods most commonly used to hide assets or launder money through a front business
are: overstatement of reported revenues, overstatement of reported expenses, and balance
sheet laundering.
Overstatement of reported revenues
Overstating revenues, also known as income statement laundering occurs when the money
launderer records more income on the books of a business than is actually generated by that
business. The fictitious revenue accounts for the illegal funds that are secretly inserted into the
company.
EXAMPLE
ABC used cars encourages customers to pay with cash. If the customer pays in cash he receives a
discount which might be as high as 25%. The invoice however makes no mention of the cash
discount. The company reports the full sales amount as income. Depending on the number of cars
sold, the company can launder thousands of dollars in illegal income.
Overstatement of reported expenses
The disadvantage of overstating revenues is that taxes will be clue on the income reported.
Therefore, if a company overstates its revenue, it will also want to overstate its expenses to offset
its tax liability. The fictitious expenses also enable the perpetrator to siphon money back out of
the business in order to make payoffs, buy illegal goods, or invest in other criminal ventures.
Overstating expenses can be accomplished very easily by reporting payments for supplies never
received, professional services never rendered, or vi-‘ages for fictitious employees.
EXPLMPLE
ABC used cars reports wages for three mechanics and an assistant manager who do not exist. The
company also reports payment of over $200 000 a year to several lawyers, accountants and other
consultants who do little if any actual work.
Income statement laundering which includes both overstated revenues and expenses, can be
difficult to detect. When artificial price inflation is applied in moderate Percentages to goods and
services whose market value is difficult to establish [e.g., artwork, used cars, consulting fees,
advertising expenses), detection is difficult without inside information. On the other hand,
complete fabrication of transactions or creation of “ghost” employees is somewhat easier to
spot. Depositing Cash and Writing Cheques in Excess of reported Revenues and Expenses
(Balance Sheet Laundering)
Rather than attempting to disguise money as normal business revenue, excess funds can simply
be deposited into the bank account of the business. This technique is known as balance sheet
laundering because it is independent of the money that flows in and out of the business. This
RSM 306
type of scheme can be detected by examining the revenue records of the business. Every
legitimate asset in the company’s Possession has come from somewhere if not from revenues
then from a limited number of other credible alternatives. The basic alternative sources include:
loans, sale of Property or equipment, and capital investments from shareholders. All of these
transactions require significant documentary evidence, which the examiner should seek out to
explain any suspicious infusion of cash into a suspect business.
FAVORITE BUSINESSES FOR HIDING OR LAUNDERING MONEY
In general terms, the businesses chosen for money laundering possess one or more of the
following characteristics:
Revenue: A revenue base is difficult to measure because most revenue comes from cash
transactions with a highly variable amount per customer. This allows extra money to be brought
into the business and disguised as revenue.
Expenses: Expenses that are variable and difficult to measure can enable the launderer to extract
money from the front business without giving rise to undue suspicion.
History: Historical ties are generally with the ethnic base of a Particular Criminal group, or with
industries that have traditionally served as a base for criminal activity.
Bars, Restaurants and Night Clubs
Businesses that are commonly used to front money laundering operations include bars,
restaurants, and nightclubs. These businesses charge relatively high prices, and customers vary
widely in their Purchases. Sales are generally in cash, and it is notoriously difficult to match the
cost of providing food, liquor, and entertainment with the revenues they produce. Fast food
restaurants are also frequently used to front for money laundering operations. Although they
tend to charge lower prices than other types of restaurants, most of their sales are made in cash,
and expenses can be easily inflated.
Vending machines
Vending machine operations also possess many characteristics favorable to a money laundering
operation. They have a highly variable and difficult to measure volume of cash receipts, and in
large operations there is a fair amount of flexibility with various transportation, installation, and
promotion expenses, providing cover for the withdrawal of laundered funds.
Wholesale Distribution
Wholesale distribution businesses have historically been a prominent part of money laundering.
The revenues in a wholesaling business are not typically as flexible as in food service and vending
machine operations, but with a diverse product line and falsified invoices, it is still possible to
inject a good deal of illegal cash into the business. More importantly, the industry is ideal for
money laundering from the standpoint of expenses. The activities required to run this kind of
business are so diverse and difficult to measure that expenses are easy to inflate. Furthermore,
RSM 306
a wholesale business; buildings, Warehouses, transportation fleet, and its contact with retail
establishments are all attractive factors. Many of the classic criminal activities (drugs, fencing,
and contraband) are themselves nothing more than distribution operations and can hide behind
this type of business cover. Real Estate Purchases
Real estate purchases are also attractive because (at least historically) real estate increase in
value. In addition, rental income can be altered on the books to launder more funds.
ATMs
Law enforcement officials are also reporting an increasing use of ATMs to launder money. ATMs
can be purchased for as little as $3000. Money launders purchase the machines and place them
either in establishments they control or in legitimate businesses. The machines work the same as
any other ATM machines and all transactions are legitimate. The money launders simply fills the
machine with cash from illegal activities. The customers uses the machines and never realizes the
source of the funds.
The ATM banking system debits the cardholders account and credits the ATM owner’s bank
account. At the end of the month, the launderer receives a bank statement showing funds being
deposited from a legitimate financial institution. This option is attractive for money launderers
because there are currently no regulations governing the use and operation of privately owned
ATM. There is no requirement to check the backgrounds of purchasers of the machines, and there
are no mandatory reporting procedures and no rules for maintaining ATM sales records.
Calling in a Specialist
Converting ill-gotten gains into cashier’s cheques or money orders is not particularly difficult for
even the most unsophisticated criminal. However because many launderers fear detection, they
turn to more sophisticated specialists. Couriers arrange for the transportation of money to a
site where it is converted into another form of currency. For instance drug traffickers will
physically transport money to a foreign jurisdiction where it is deposited into a bank account or
converted directly to cheques or money orders. Since the courier has no apparent connection
with the true owner of the funds, the money launderer retains his anonymity.
White-collar professionals such as attorneys, accountants, and brokers, might also serve to
launder illegal funds. Through investments, trust accounts, fund transfers, and tax avoid schemes
these professionals can manipulate the financial, commercial, and legal systems to conceal the
origin and ownership of assets.
ENFORCEMENT AND PREVENTION STRATEGIES
Financial institutions, brokers, and insurance companies should be aware and should make their
employees aware of situations which could indicate money laundering activity.
Policy Statement

RSM 306
All entities covered under the reporting and record-keeping laws and regulations should have a
written Policy against handling the Proceeds of drug trafficking or other criminal activity. The
statement should provide that the institution requires its employees to operate with the highest
moral and ethical principles. It should include refusing to do business with criminals and money
launderers; a commitment to conduct business only with legitimate business organizations;
refusing to do business with businesses that refuse to Provide Proper documentation of their
identity and purpose; referring all suspicious transactions to the appropriate department who
will then decide whether to refer the case to law enforcement; and a commitment to comply
with the spirit of and the specific provisions of the law.
“Know Your Customer” Programs
Many financial institutions have “Know Your Customer” programs. Such programs should provide
for effective customer identification, account monitoring, and appropriate action in suspicious
circumstances
New Deposit Accounts
For individual deposit accounts, minimum identification standards should be established. The
information to be obtained should include:
 Name
 Address
 Date of birth
 Government issued ID number
 Current employer
 Business and residence telephone numbers

The person should be required to submit some form of identification that includes a photo such
as a driver’s licence or passport, and a copy should be made and kept in the customer’s file. If
there are any doubts or inconsistencies about the information provided, the employee should be
instructed to notify the appropriate department.
Minimum standards for new business accounts should include:
 Business name and address
 Telephone number
 Taxpayer identification number
 Documents establishing the formation of the business entity (articles of incorporation,

partnership agreement, etc.)

RSM 306
 Copies of all assumed name filings or d/b/a s
 A full description of the operations of the business
 Credit and banking references

 The identity of the officers, directors, or other principals.
The account representative should also consider making a Personal visit to the customer’s place
of business. Besides promoting good customer relations, a Personal visit will help identify
whether the business is legitimate or simply a front. The representative can also use this
opportunity to get to know the Principals of the business.
New Loan Accounts
An institution should perform due diligence in establishing a new loan account becau.se if the
customer is engaged in money laundering, there is a risk of forfeiture of collateral pledged on the
loans. Real or Personal Property that is traceable to drug sales or that is purchased with laundered
funds is subject to seizure by the government. If the Property seized is pledged as collateral, the
financial institution must prove that it was an innocent lienholder of the property who had no
knowledge of the illegal activity.
Minimum standards regarding the information to be gathered should include:
 Reliable identifying information similar to that required for new deposit accounts;
 Reliable financial information such as financial statements and copies of tax returns;
 The Purpose of the loan;
 Credit history and prior banking references;
 Verifiable, legitimate means of repayment; and
 Assurance that the loan amount is consistent with the Purpose of the loan and the nature
of the business.
Service for No-Accountholders
Banks often issue cashier’s cheques, money orders, and traveler’s cheques and perform currency
exchanges, wire transfers, or cheque cashing services. Strict identification requirements should
be established for transactions with Persons who are not regular bank customers. In fact,
regulations require that in some instances banks keep a record of the identity of Persons who are
not established customers. Such regulations usually require at a minimum the person’s name and
address, driver’s licence number (or other number of identifying document produced), and social
insurance number or employer identification number.
Monitoring Accounts

RSM 306
While identification of customers is important, it is equally important to monitor the activity of

accounts. The institution should identify unusual transactions that might not be consistent with
the normal business of the customer. Unusual and dramatic changes in Wire transfer, monetary
instrument, and cheque transactions are important to identify. If unusual transactions or
activities are noted, the institution should take some action to protect itself. The appropriate
action in some cases might be to discuss the changes with the customer to find out the reasons
therefore. Increased transactions might be the result of an increase in sales or the result of a
promotional activity. However, if the discussion leads to a reasonable suspicion that the
transactions are illegitimate, the institution might be required to notify the appropriate
government agencies.
Special Problems for Insurance Companies
Although financial institutions such as banks are primarily associated with money laundering
activities, insurance companies have become major targets of money laundering operations
because of the variety of services and investment vehicles that can be used to conceal the source
of funds.
The most common form of money laundering that insurance company’s face involves single
premium contracts or policies. Examples include purchase of annuities, lump sum top-ups to an
existing life insurance contract, and lump sum contributions to personal pension contracts. These
investments may be one part of a complex system of transactions involving other institutions.
Insurance companies, like other financial institutions, should educate their employees to look out
for transactions that appear to be inconsistent with a customer’s known, legitimate business or
personal activities or the normal transactions for that type of account. Therefore, insurance
companies should institute “Know Your Customer” Programs such as those described above.
Red Flags
The following transactions may indicate money laundering is taking Place. The list should be used
to identify those transactions and customers which may require further investigation.
 Large Purchase of a lump sum contract where the customer typically Purchases small,
regular payment contracts;
 Use of a third-party cheque to make a purchase or investment;
 Lack of concern for the Performance of an investment but great concern for the early
cancellation of the contract;
 Use of cash as Payment for a transaction which is typically handled by cheques or other
forms of payment;
 Makes lump sum payments by Wire transfer or with foreign currency;

Detection
RSM 306
Incoming and outgoing wire transfer logs can help companies identify possible patterns
suggestive of money laundering. Account activity repairs generally show weekly and/or monthly
balances, deposits, and withdrawals. Review of these statements can identify those accounts
with large increases in average balances and numbers of transactions. Policy cancellations reports
should identify policies cancelled within a specific time period. Report details should include the
amount of the cash surrender value, the identity of the sales agent, and the actual term of the
policy.
The chapter on “Tracing Illicit Transactions” in the Investigation section provides more
information about techniques for detecting illicit income and payments. Included in that chapter
are details about analyzing financial records, financial and behavioral profiles, and net worth
analysis.
Hawala, Hundi Chitti, Fei Chien, Al Barakat and Similar Money Transfer Systems Hawala, often
referred to as hundi, is an informal remittance system primarily exploited in Asia and the Middle
East. Because the system is unregulated and leaves virtually no paper trail, it is ripe for money
laundering. To transfer funds via the Hawala system, the Person wishing to send the money
consults a Hawala broker in his own city or town. The customer gives the money to be transferred
to his local broker and tells the broker where and to whom the funds are to be transferred, almost
always in a foreign city.
The Hawala broker then telephones a colleague Ln that city, tells him who to pay and how much;
then promises to settle up at a later date. The broker in the recipient’s city then pays the amount
of the transfer to the person intended to receive the funds, (minus a commission). An advantage
to the parties making and receiving the transfer is that “normal” money transfer services charge
10-15% of the amount to be sent, whereas Hawalas charge only 1-3%. In addition the funds are
available immediately, and very flexible hours, where banks may take up to a week to process a
transfer. No documents or other promissory instruments are exchanged; the transactions
operate entirely on the honor system. Records are not kept, only a running tally of the amount
owed one broker by the other is maintained, often Ln a private code.
Settlements between Hawala brokers often do not take the form of direct cash transactions, in
that there is no direct movement of funds. Even if the brokers do decide to directly exchange
funds only the balance owing from one to another would move. Because there is always network
of brokers involved, a system of complex swaps is employed, which use commodities such as
food, fuel, electronics, precious metals, gemstones and other commodities as a Way of balancing
the books among the Hawaladas in the various countries involved in the network.
A great advantage to the system is that because it does not depend on the legal system to enforce
its claims, it operates perfectly in countries where the local or regional legal and banking systems
have broken down due to war, insurrection, natural disaster, etc.
The savings to the customer are greatest where the receiving country has imposed exorbitant
exchange regulations. Customers with tax or currency control issues find the system very useful.

RSM 306
Millions of foreign Workers all over the World use this quick, cheap efficient method of funds
transfer to send money to their families.
However governments, not unexpectedly detest the system as it is un-regulated and hence
untaxed, and all are eager to introduce regulations into the system in order to bring it into line
with banking systems and subject the transfer to official exchange rates and taxation.
Tens, Perhaps hundreds of billions are moved across borders annually using the Hawala system.
This accounts for a good Percentage of the world trade and maintains the economies of various
third and fourth world countries.
International Anti-Money Laundering Organizations and Initiatives
While there are a number of anti-money laundering organizations, this section briefly examines
four international organizations that are contributing to the fight against money laundering
The Financial Action Task Force
As discussed in greater detail below, the Financial Action Task Force (FATF) is the world’s
preeminent international anti-money laundering organization whose purpose is the
development and Promotion of standards in the fight against money laundering.
The United Nations
As the first international organization to undertake significant steps to combat money laundering
with the 1988 Vienna Convention against Illicit Traffic in Narcotic Drugs and Psychotropic
Substances, the United Nations plays an important role in anti-money laundering efforts for
several reasons. First, the UN has a broad range of membership with 191 member states. Also,
the UN operates the Global Programme against Money Laundering, which was established in
1997. Finally, the UN has the ability to adopt international agreements between countries that
are legally binding to the contracting states.
International Monetary Fund /World Bank
Created to revive international trade in the post-world War II era, the International
Monetary Fund and the World Bank were designed to enhance international commerce by
creating a system supported bf; global monetary cooperation. Today, the IMF and the World Bank
actively participate in global anti-money laundering efforts through financial sector assessments,
technical assistance in the financial sector, and policy development.
The Egmont Group of Financial Intelligence Units
In 1995, a number of government agencies responsible for receiving, analyzing, and disseminating
suspicious transaction reports submitted by financial institutions, known as Financial Intelligence
Units (F1Us), formed the Egmont Group of Financial Intelligence Units. The purpose of the group

RSM 306
is to provide a forum for FIUs to quickly exchange information and to facilitate international
cooperation in the fight against money laundering.
The Financial Action Task Forces
The Financial Action Task Force on Money Laundering (FATF), a 34- member inter-Governmental
body established at the G-7 Economic Summit in Paris in 1989, is an inter- governmental bod
whose purpose is to develop international standards and promote policies aimed at combating
money laundering and the financing of terrorism.
In June 2003, membership in the PATF expanded from 31 to 33 jurisdictions-with the addition of
South Africa and Russia and includes two regional organizations. FATF members collectively
represent the major financial centers of North America, South America, Europe, Africa, Asia, and
the Pacific.
In addition, the International monetary Fund and the World Banks agreed to include assessments
of compliance with relevant FATF “Forty Recommendations on Money Laundering” and the
“Special Recommendations on Terrorist Financing” in their Financial Sector Assessment Programs
to assist in the monitoring of the progress of countries’ adherence to international standards.
Recommendations against money Laundering and Terrorist Financing
The FATF originally was given the responsibility of examining money laundering techniques and
trends, evaluating anti-money laundering measures, and recommending additional steps to be
taken. In 1990, PATF first is sued its “Forty Recommendations on Money Laundering” (AML)
The recommendations were designed to prevent Proceeds of crime from being used in future
criminal activities and affecting legitimate economic activity. They cover the following broad
areas:
 Criminalize the laundering of the Proceeds of serious crimes and enact laws to seize and
confiscate the proceeds of crime.
 Obligate financial institutions to identify all clients, includi.ng any beneficial owners of
property, and keep appropriate records.
 Require financial institutions to report suspicious transactions to the competent national

authorities, and implement a comprehensive range of internal control measures.
 Adequate systems for the control and suspension of financial institutions.
 The need to enter into international treaties or agreements and to pass national
legislation, which will allow countries to provide prompt and effective international
cooperation at all levels.
In October 2001 the FATF expanded its mandate to deal with the issue of the financing of
terrorism, and tools the important step of creating the Eight Special Recommendations on

RSM 306
Terrorist Financing. These recommendations contain a set of measures aimed at combating the
funding of terrorist acts and terrorist organizations, and are complementary to the Forty
Recommendations.
The Forty Recommendations were revised in 1996, and most recently in 2003, to reflect changes
in money laundering patterns. These recommendations, along with the FATF “Nine Special
Recommendations on Terrorist Financing,” which was revised on October 22, 2004, are widely
acknowledged as the international standards in these areas.
• FRAUD AND GAMBLING
Research has indicated that problem gambling is strongly associated within criminal activity. The
prevalence of disordered gambling is greater among offenders than in the general population.
There is a clear need to screen those who commit criminal acts for gambling problems and to
address problem gambling among offending populations, as they may be at increased risk, and
most in need of treatment.
• Roughly 50.0% of problem gamblers commit crimes

• The majority of crimes committed by problem gamblers are fueled by their gambling (either
to obtain money to gamble with or to pay gambling debts).
Over two-thirds of pathological gamblers who committed crimes reportedly did so as a direct
result of gambling: 40.4% reported only committing crimes related to their gambling “80 to 90
percent of people in Gamblers Anonymous will tell you they did something illegal in order to get
money to gamble. A lot of them do white collar crimes, fraud, credit card and employee theft.”
(Looney, 1998)
• More severe gambling problems are associated with increased criminal activity 68.8% of
offenders assessed as severe problem gamblers reported stealing or obtaining money illegally
to pay for gambling/gambling debts, compared to 26.3% of moderate problem gamblers
• Lifetime correctional costs of problem gamblers in the current Georgia population have been
estimated at $249,159,000. Lifetime correctional costs averaged across all disordered
gamblers have been estimated at $2,950 per pathological gambler and $2,210 per problem
gambler
• Costs of property crimes related to gambling are in the millions
-Of nearly 400 Gamblers Anonymous members: the majority (57.0%) reported having stolen to
finance gambling, together they stole $30 million (of money and/or property)
-This equates to an average amount stolen by each person who reported stealing of $135,000
• Offending populations have the highest prevalence of pathological or problem gamblers of any
population: among incarcerated felons 73% were assessed as probable problem gamblers

RSM 306
• Most crimes committed by problem gamblers were white-collar and non-violent, and were
intended to obtain money for purposes related to gambling
-These crimes most often include: fraud, forgery, embezzlement, larceny, selling drugs or stolen
items, shoplifting, burglary, and petty theft or robbery
-63.0% of Gamblers Anonymous members reported writing bad checks and 30.1% reported
stealing from the workplace
• Pathological and problem gamblers are arrested over three times more often than low-risk
gamblers and over seven times more often than non-gamblers
-Pathological gamblers are imprisoned at nearly twice the rate of problem gamblers, and at nearly
six times the rate of low-risk gamblers
www.GeorgiaGamblingHelp.org
• High rates of co-morbidity, which may be related to offending
-Incarcerated felons with an alcohol/drug problem were more likely to have a gambling problem
-Over 80% of pathological gamblers were at risk for alcohol or drug abuse/dependency
-Pathological gamblers who also have a substance abuse problem were significantly more likely
than those without a co-morbid condition (problem gambling or substance abuse) to report
having assaulted someone, stolen, or sold drugs within the past year
• Those most in need of treatment rarely get help:
-Only 5.4% of offenders assessed as having a gambling problem reported having ever been in
treatment or attending a self-help group for gambling
-Among those incarcerated who were aware that they had a gambling problem, between 74%
and 60% reported wanting help, yet only about 25% of them sought assistance
• The more severe the gambling problem, the less likely offenders are able to quit without help
-Only 21% of probable pathological gamblers reported they were able to stop gambling by
without help, compared to 44% of problem gamblers
• Lack of awareness on the part of the individual that they have a gambling problem
-Only 21% of incarcerated individuals assessed as having a gambling problem were aware of it.
FRAUD MOTIVATION
Motivation from Need
The pressure that arises from a financial need is both the most common motivator and the easiest
for most people to sympathize with and understand. While analyzing this topic in Corporate

RSM 306
Compliance Insights, John Hanson wrote, “motivation generally relates to an ‘unshareable need’
that arises within a person’s life (Hanson, 2012).” Hanson further explains that as the particular
“unshareable need” increases in the person’s life, their risk of committing fraud increases as well.
Most financial needs are quite easy to relate to. Common financial needs arise from financial
hardships such as unemployment, divorce, medical expenses, and business or investment losses.
In his study of what motivates individuals to commit fraud, Ben Hunter observed that rational
analysis of cost versus benefit to the perpetrator of fraud “fails to identify the complex interplay
of wants, needs, and perceptions that potentially go into a single decision (Hunter, 2010).”
Interestingly, all of the research I assessed on the subject of grouping or “profiling” fraud
offenders was in consensus that almost all perpetrators of employee fraud have no criminal
record and do not come from a certain racial or economic demographic. Hunter further asserts,
“One of the more intriguing ideas in relation to fraud is that, rather than fraud serving the end of
acquiring resources, those who commit fraud do so to avoid losing what they already have and
have usually acquired quite legitimately (Hunter, 2010).” In fact for many individuals, the
potential “intangible” losses of their valued reputation or status and the perceived
embarrassment from failure can be more convincing motivators to commit fraud than the actual
“tangible” financial pressures.
Motivation from Greed
The motivation to commit fraud from greed is a bit more complex in my opinion. Certainly there
is overlap from the “need motivation” to the “greed motivation.” I have read and analyzed many
fraud cases where an employee originally commits fraud motivated by a common perceived
financial need. The employee commits the fraud without being caught, satisfies the original
financial need, and then continues to commit the fraud (sometimes for years) out of greed. This
seems to be a common fraud scenario.
In analyzing the topic of motivation from greed, I feel it is necessary to look at the broader issue
of societal pressures within our environment. Many individuals are driven by the desire and
ambition to succeed financially. Societal perceptions of success are focused around status and
power derived from wealth and fortune. This point is exemplified by the common expressions
“keeping up with the Jones’” or “I have arrived.”
In his study on identifying the motivation behind fraud, Ben Hunter (2010) states: In considering
the fear of failing as a motivation to commit fraud, we acknowledge implicitly the role of wider
cultural goals and definitions of success and their impact upon behavior. In most commercialized
societies, we can identify the trappings of having “made it” as the ability to own one’s home,
having a car (or preferably two), being able to move in particular circles and present a particular
image. Such cultural norms could, we might argue, exert a powerful pull on individuals. (p.2)
Addictions & Vices
In my experience, motivations which result from addictions and vices are very closely linked to
greed motivators. I assert that just like “NEED” feeds the motivation for “GREED,” greed also

RSM 306
feeds the motivation for “VICES.” These motivators become a vicious cycle for the individual,
often one leading to the next as their criminal behavior escalates. I have designed the following
illustration to visually demonstrate my point.
Some common vices and addictions are drugs, alcohol, gambling, and expensive extramarital
relationships. When an individual is struggling from an addiction (or addictive behavior) they
often lose their ability to reason making their perceived rationalization of the crime more real
and legitimate to them.
The Fraud triangle
Summary
Employee fraud represents a longstanding and growing problem facing businesses in our society.
The focus for many accounting professionals examining the topic of fraud is fraud prevention.
However, it is important to examine the “perceived pressures” element of the “fraud triangle” as
well, as it represents the hardest area for management to control and assess in fraud prevention.
I have identified and analyzed three main areas of “pressures” that motivate individuals who
commit fraud- need, greed, and addictions or vices. From my research and experience, I have
determined that these three areas of fraud motivation are linked and often progressive, each
area leading to the next area, creating a vicious cycle of fraud motivation.
Albrecht, W. Steve, Albrecht, Chad O., Albrecht, Conan C, & Zimbelman, Mark F. (2014). Fraud
Examination, 5th Edition. Cengage Learning.

RSM 306
9
Unit Nine
The Fraud Management Process

 FIVE STEP MANAGEMENT PROCESS
All risk management processes follow the same basic steps, although sometimes different jargon
is used to describe these steps. Together these 5 risk management process steps combine to
deliver a simple and effective risk management process.
Step 1:
Identify the Risk.
You and your team uncover, recognize and describe risks that might affect your project or its
outcomes. There are a number of techniques you can use to find project risks. During this step
you start to prepare your Project Risk Register.
Step 2:
Analyze the risk.
Once risks are identified you determine the likelihood and consequence of each risk. You develop
an understanding of the nature of the risk and its potential to affect project goals and objectives.
This information is also input to your Project Risk Register.
Step 3:
Evaluate or Rank the Risk.
You evaluate or rank the risk by determining the risk magnitude, which is the combination of
likelihood and consequence. You make decisions about whether the risk is acceptable or whether
it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk
Register.
Step 4:
Treat the Risk.

RSM 306
This is also referred to as Risk Response Planning. During this step you assess your highest ranked
risks and set out a plan to treat or modify these risks to achieve acceptable risk levels. How can
you minimize the probability of the negative risks as well as enhancing the opportunities? You
create risk mitigation strategies, preventive plans and contingency plans in this step. And you add
the risk treatment measures for the highest ranking or most serious risks to your Project Risk
Register.
Step 5:
Monitor and Review the risk.
This is the step where you take your Project Risk Register and use it to monitor, track and review
risks.
 FRAUD RISK GOVERNANCE
In the context of this Fraud Governance Review, the following components derived from the
COSO Framework were considered:
1. Creating a Control Environment (Fraud Risk Governance);

2. Performing Fraud Risk Assessments;
3. Designing and Implementing Antifraud Control Activities;
4. Sharing Information and Communication; and
5. Monitoring
 FRAUD RISK ASSESSMENT
What is Fraud Risk Assessment?
Fraud risk assessment is the evaluation of potential instances of fraud that could impact the
organization’s ethics and compliance standards, business practice requirements, financial
reporting integrity, and other objectives. This is typically performed as part of a broader
organization-wide risk assessment, and involves subject matter experts from key business
functions where fraud could occur (e.g., procurement, accounting, and sales) as well as forensic
specialists e.g. Certified Fraud Examiners (CFEs)
Types of Risk Assessments
6. Strategic risk assessment.
Evaluation of risks relating to the organization’s mission and strategic objectives, typically
performed by senior management teams in strategic planning meetings, with varying degrees of
formality.
7. Operational risk assessment.

RSM 306
Evaluation of the risk of loss (including risks to financial performance and condition) resulting
from inadequate or failed internal processes, people, and systems, or from external events.
8. Compliance risk assessment.
Evaluation of risk factors relative to the organization’s compliance obligations, considering laws
and regulations, policies and procedures, ethics and business conduct standards, and contracts,
as well as strategic voluntary standards and best practices to which the organization has
committed. This assessment is typically performed by the compliance function with input from
business areas.
9. Financial statement risk assessment.
Evaluation of risks related to a material misstatement of the organization’s financial statements

through input from various parties such as the controller, internal audit, and operations.
10. Customer risk assessment.
Evaluation of the risk profile of customers that could potentially impact the organization’s
reputation and financial position. This assessment weighs the customer’s intent,
creditworthiness, affiliations, and other relevant factors. This is typically performed by account
managers, using a common set of criteria and a central repository for the assessment data.
11. Product risk assessment.
Evaluation of the risk factors associated with an organization’s product, from design and
development through manufacturing, distribution, use, and disposal. This assessment aims to
understand not only the revenue or cost impact, but also the impact on the brand,
interrelationships with other products, dependency on third parties, and other relevant factors.
This type of assessment is typically performed by product management groups.
FRAUD RISK ASSESSMENT
Involves asking questions such as:
•How might a fraud perpetrator exploit weaknesses in the system of controls?
•How could a perpetrator override or circumvent controls?
•What could a perpetrator do to conceal the fraud?
•What has happened in the past?
•Can we prevent it?
•Can we catch it right away?
•Can we handle it?

RSM 306
10 Unit Ten
BRIBERY AND CORRUPTION
 BRIBERY
Generally, bribery and corruption are off-book frauds that occur in the form of kickbacks, gifts, or
gratuities to government employees from contractors or to private business employees from
vendors. At its heart, a bribe is a business transaction, albeit an illegal or unethical one. A person
“buys” something with the bribes he pars. What he buys is the influence of the recipient.
Bribery schemes can be difficult and expensive. Though they are not nearly as common as other
forms of occupational fraud such as asset misappropriations, bribery schemes tend to be much
more costly.
There are two basic reasons why a bribe occurs:
Because the transaction is not in the interests of the organisation for whom the person being
bribed acts. Therefore, if the other party wants the transaction to be effected, it is necessary to
bribe that person.
Although the person receiving the bribe may be acting in the best interests of his organisation by
agreeing/approving the transaction, he may refuse to act until he has received the bribe. This
may be the convention of the industry/country in which he is operating and accepted by the
person offering the bribe not as immoral but as a necessary expense and in the interests of his
own organisation. Bribery is often defined as the offering, giving, receiving, or soliciting anything
of value to influence an official act. The term official act means that bribery only encompasses
payments made to influence the decisions of government agents or employees.
Many occupational fraud schemes, however, involve commercial bribery which is similar to the
traditional definition of bribery except that something of value is offered to influence a business
decision rather than an official act of government. Commercial bribery may or may not be a
criminal offense. For example, in the United States there is no general federal law prohibiting
commercial bribery in all instances. However, there are statutes prohibiting bribery of employees
of financial institutions to influence a loan. Therefore, the law of your particular jurisdiction and
the facts of the case will determine whether bribery in the private sector may be prosecuted
RSM 306
criminally. Commercial bribery can often be pursued in the civil courts as breach of fiduciary duty
or conflict of interest.
Bribery schemes generally fall into two broad categories: kickbacks and bid-rigging schemes.
Kickbacks are undisclosed payments made by vendors to employees of purchasing companies.
The purpose of a kickback is usually to enlist the corrupt employee in an overbilling scheme.
Sometimes vendors pay kickbacks simply to get extra business from the purchasing company.
Bid-rigging schemes occur when an employee fraudulently assists a vendor in winning a contract
through the competitive bidding process.
Kickback Schemes
Kickbacks in the commercial sense, are the giving or receiving anything of value to influence a
business decision without the employer’s knowledge and consent. Kickback schemes are usually
very similar to the billing schemes described in the Asset Misappropriation section. They involve
the submission of invoices for goods and services that are either overpriced or completely
fictitious. (See “Kickbacks” flowchart)
Kickbacks are classified as corruption schemes rather than asset misappropriations because they
involve collusion between employees and vendors. In a common type of kickback scheme, a
vendor submits a fraudulent or inflated invoice to the victim organisation and an employee of
that organisation helps make sure that a payment is made on the false invoice.
For his assistance, the employee-fraudster receives a payment from the vendor. This payment is
the kickback. Kickback schemes almost always attack the purchasing function of the victim
company, so it stands to reason that these frauds are often undertaken by employees with
purchasing responsibilities. Purchasing employees often have direct contact with vendors and
therefore have an opportunity to establish a collusive relationship.
EXAMPLE
A purchasing agent redirected a number of orders to a company owned by a supplier with whom
he was conspiring. In return for the additional business, the supplier paid the purchasing agent
over half the profits from the additional orders.
Diverting Business to Vendors
In some instances, an employee-fraudster receives a kickback simply for diverting excess business
to a vendor. There might be no overbilling involved in these cases, the vendor simply pays the
kickbacks to ensure a steady stream of business from the Purchasing company.
If no overbilling is involved in a kickback scheme, one might wonder where the harm lies assuming
the vendor simply wants to get the b11yer’s business and does not increase his Prices or bill for
undelivered goods and services, how is the buyer harmed? The Problem that, having bought off
an employee of the purchasing company, a vendor is no longer subject to the normal economic
Pressures of the marketplace. This vendor does not have compete with other suppliers for the
RSM 306
Purchasing Company’s business, and so has no incentive to provide a low price or quality
merchandise. In these circumstances the purchasing company almost always ends up overpaying
for goods or services.
EXAMPLE
A travel agency provided free travel and entertainment to the purchasing agent of a retail
company. In return, the purchasing company agreed to book all corporate trips through the travel
agent. The victim company established that it paid $10,000 more for air fare over a two year
period by booking through the corrupt travel agency than if it had used a different company.
Once a vendor knows it has an exclusive Purchasing arrangement, its incentive is to raise prices
to cover the cost of the kickback. Most bribery schemes end up as overbilling schemes even if
they do not start that way. This is one reason why most business codes of ethics Prohibit
employees from accepting undisclosed gifts from vendors. In the long run, the employee’s
company is sure to pay for his unethical conduct.
Overbilling Schemes
EMPLOYEES WITH APPROVAL AUTHOR1TY
In most instances, kickback schemes begin as overbilling schemes in which a vendor submits
inflated invoices to the victim organisation. The false invoices either overstate the cost of actual
goods and services, or reflect fictitious sales. The vendor in a kickback scheme generally seeks to
enlist the help of an employee with the authority to approve payment of the fraudulent invoices.
This authority assures payment of the false billings without undue hassles.
EXAMPLE
A manager was authorized to purchase fixed assets for his company as part of a leasehold
improvement. The materials he ordered were of a cheaper quality and lower price than what was
specified but the contract he negotiated did not reflect this. Therefore, the victim company paid
for high quality materials but received low quality materials. The difference in price between the
true cost of the low-quality materials and what the company paid was diverted back to the
manager as kickback.
The ability of the employee to authorize purchases (and thus to authorize fraudulent purchases]
is usually a key to kickback schemes. If the fraudster can authorize payments himself, he does not
have to submit purchase requisitions to an honest superior who might question the validity of
the transaction.
FRAUDSTERS LACKING APPROVAL AUTHORITY
While the majority of kickback schemes involve persons with authority to approve purchases, this
authority is not an absolute necessity. When an employee cannot approve fraudulent purchases

RSM 306
himself, he can still orchestrate a kickback scheme if he can circumvent accounts payable
controls. In some cases, all that is required is the filing of a false purchase requisition. If a trusted
employee tells his superior that the company needs certain materials or services, this is
sometimes sufficient to get a false invoice approved for payment. Such schemes are generally
successful when the person with approval authority is inattentive or when he is forced to rely on
his subordinate’s guidance in purchasing matters.
Corrupt employees might also prepare false vouchers to make it appear that fraudulent invoices
are legitimate. Where proper controls are in place, a completed voucher is required before
accounts payable will pay an invoice. One key is for the fraudster to create a purchase order that
corresponds to the vendor’s fraudulent invoice. The fraudster might forge the signature of an
authorized party on the purchase order to show that the acquisition has been approved. Where
the payables system is computerized, an employee with access to a restricted password can enter
the system and authorize payments on fraudulent invoices.
In less sophisticated schemes, a corrupt employee might simply take a fraudulent invoice from a
vendor and slip it into a stack of prepared invoices before they are input into the accounts payable
system. A more detailed
Kellogg Brown & Root
This Company, now known as KBR, Inc., was spun off from a subsidiary of Halliburton. It is one of
the largest engineering and construction firms in the world and has been connected to large U.S.
military contracts. According to the New York Times, in 2009, the Department of Justice charged
the company with offenses under the FCPA, including paying hundreds of millions of dollars to
secure a natural gas plant construction contract to Nigerian officials. KBR pleaded guilty, as did
its CEO Albert Jack Stanley, and paid $402 million in fines, as well as $177 million to the SEC.
Stanley was sentenced to 2.5 in prison, beginning in 2012.
Siemens AG
Foreign companies that do business onshore in the U.S. also fall under the provisions of the FCPA.
According to reports from the New York Times and the SEC, Siemens AG, a German engineering
firm, ran afoul of the law in 2008 when it was charged for paying $16 million to the president of
Argentina to secure a contract for making Argentinean identity cards. The contract was worth $1
billion to Siemens AG. In total, the company was accused of paying more than $100 million in
total to government officials. Eight former employees and contractors continue to face charges
in the scheme. Siemens settled with the Department of Justice and paid $1.6 billion in fines in the
U.S. and Germany.
BAE Systems
The British aerospace company has been under investigation by British authorities since 1989,
making it one of the longest fraud investigations in history. The main concern surrounded a deal
between Britain and Saudi Arabia to supply fighter jets. The investigation spread to BAE's dealings

RSM 306
in South Africa, Tanzania, Chile, Romania, the CzechRepublic and Qatar. The investigation focused
on payments made by BAE through a "go-between" company to foreign officials. The British
version of the Department of Justice dropped most of the investigations, citing national security
concerns, but U.S. authorities picked up the ball in 2007. According to the Telegraph, BAE settled
with U.S. courts and paid a $400 million fine.
Kerry Khan and Michael Alexander.
Individuals can also find themselves charged for bribery and fraud. According to the Lubbock
Online, in October 2011, two U.S. Army Corps of Engineers employees were arrested and charged
with fraud for taking kickbacks, estimated at over $20 million. Kerry Khan and Michael Alexander
are accused of taking bribes from contractors in exchange for being awarded lucrative
government contracts, and of inflating invoices to the government and skimming the difference.
Khan and Alexander remain in jail pending trial and face maximum sentences of 25 to 40 years.
Alcatel-Lucent
At the end of 2010, Bloomberg reported that Alcatel-Lucent, the largest landline phone network
company in the world, settled its bribery case with the Department of Justice in 2010 by agreeing
to pay $137 million, including $45 million to the SEC. The case revolves around a complex series
of money transfers between shell companies and to consultants, resulting in payments being
made to foreign officials. Alcatel-Lucent admitted to making improper payments in many African
and South American companies.
 CORRUPTION
Definition of corruption
a. Dishonest or illegal behavior especially by powerful people (such as government officials

or police officers)
b. Inducement to wrong by improper or unlawful means (such as bribery)
There is no silver bullet for fighting corruption. Many countries have made significant progress in
curbing corruption, however practitioners are always on the lookout for solutions and evidence
of impact. Here are five ways that citizens and governments can make progress in the fight against
corruption:
1. End impunity
Effective law enforcement is essential to ensure the corrupt are punished and break the cycle of
impunity, or freedom from punishment or loss.
Successful enforcement approaches are supported by a strong legal framework, law enforcement
branches and an independent and effective court system. Civil society can support the process
with initiatives such as Transparency International’s Unmask the Corrupt campaign.
2. Reform public administration and finance management

RSM 306
Reforms focusing on improving financial management and strengthening the role of auditing
agencies have in many countries achieved greater impact than public sector reforms on curbing
corruption.
One such reform is the disclosure of budget information, which prevents waste and
misappropriation of resources. For example, Transparency International Sri Lanka promotes
transparent and participatory budgeting by training local communities to comment on the
proposed budgets of their local government.
3. Promote transparency and access to information
Countries successful at curbing corruption have a long tradition of government openness,

freedom of the press, transparency and access to information. Access to information increases
the responsiveness of government bodies, while simultaneously having a positive effect on the
levels of public participation in a country.
Transparency International Maldives successfully advocated for the adoption of one of the
world’s strongest rights to information law by putting pressure on local MPs via a campaign of
SMS text messages.
4. Empower citizens
Strengthening citizens’ demand for anti-corruption and empowering them to hold government
accountable is a sustainable approach that helps to build mutual trust between citizens and
government. For example, community monitoring initiatives have in some cases contributed to
the detection of corruption, reduced leakages of funds, and improved the quantity and quality of
public services.
To monitor local elections, Transparency International Slovenia produced an interactive map that
the public populated with pictures and reports of potential irregularities in the election. As a
result, cases of public funds being misused to support certain candidates were spotted.
5. Close international loopholes
Without access to the international financial system, corrupt public officials throughout the world
would not be able to launder and hide the proceeds of looted state assets. Major financial centers
urgently need to put in place ways to stop their banks and cooperating offshore financial centers
from absorbing illicit flows of money.
The European Union recently approved the 4th Anti-Money Laundering Directive, which requires
EU member-states to create registers of the beneficial owners of companies established within
their borders. However, the directive does not require these registers to be made public.
Similarly, the Norwegian, UK, and Ukrainian governments have all approved legislation requiring
companies to disclose information about their owners, although these have yet to come into
force.

RSM 306
Basic Types of Corruption

The types of corruption are strictly linked to the theoretical view on corruption. Economic theory
has developed two basic views of corruption. One view is set within the framework of the
principle-agent theory. This approach is based on the assumption that there is an asymmetry of
information between principals (politicians or decision makers) and agents (civil servants or
bureaucracy). Accordingly, benevolent politicians are not informed about the misdemeanors of
their subordinates. This approach is analytically very clear, it is very well developed, and the
models of theoretical models of corruption based on this approach are analytically rich, as they
can explain a wide range of behavior of civil servants, including administrative corruption.
However, this approach cannot explain political corruption. According to the main assumption,
the state is benevolent, so there is no possibility for political corruption. Only administrative
corruption (corruption of civil servants) can be explained and predicted.
Since the list of corrupted politicians and associated political scandals is lengthy in virtually all
countries of the world, it seems that not only are the assumptions of the model unrealistic, but
also its predictions regarding political corruption are wrong. Political corruption simply cannot be
explained within this methodological framework. The crucial feature of this approach is that
corruption is exogenous to the political process; hence principal agent relations (and the scale
and scope of asymmetry of information) are not as influenced by the political process and political
constellations as by the outcomes of that process. In other words, corruption is not
institutionalized.
Nonetheless, if corruption is considered endogenous to the political process, corruption is
institutionalized and its level and pattern depend on the political constellation, i.e. the political
regime in the country. Corruption is nothing but a consequence of the political process. The
methodological breakthrough of that kind has been recently achieved by
Charap and Harms. The methodological approach is based on the recent contributions to
literature on the economics of conflict and appropriation, the economics of organized crime, and
the political economy of dictatorship.
Within such a framework, corruption is considered as a form of rent appropriation by the ruler.
Corruption is the answer to the problem of internal cohesion of predatory teams. Corrupt civil
servants are created to satisfy ruler desire to foster loyalty through patronage. Corrupt civil
service is nothing but the extension of efficient rent appropriation by the ruler. The rent is
extracted through sales of a limited number of permits and licenses for economic activity.
Furthermore, endowing only a few civil servants with the power to grant licenses enables the
diversion of the licensing proceeds from the budget towards private gain. Finally, civil servants
are cooperative because they have their share in the spoils.
Corruption serves as a hostage mechanism to minimize the probability of defection or
insurrection by lower level insiders of corrupted civil servants; they are effectively constrained,
due to their own participation, from turning to the public to denounce the system. Dictators can,

RSM 306
when and if necessary, find a reason why an uncooperative civil servant is found guilty of
corruption. Hence, there is both the carrot and the stick to strengthen loyalty.
This approach is tempting because it provides grounds for understanding and explaining the
relationship between corruption and the political process. Nonetheless, this methodological
approach does not provide a clear analytical framework for consideration, given the level and
structure of corruption. The main problem is that the structure of incentives to the political
decision makers and the change of that structure are not explained, hence we have no
information on the driving force of the change, although the model provides information on the
structure of incentives for rent appropriation.
In general, within one or the other theoretical views, three basic types of corruption are identified
The first one is corruption for achieving or speeding-up materialization of some specific right that
the citizen or legal entity is entitled to – corruption without theft, as suggested by Shleifer and
Vishney. If a person bribes a civil servant in charge of issuing a passport that a briber/corruptor
is entitled to, i.e. there is no legal barrier for his passport to be issued, that is exactly the first type
of corruption. Its specific and more aggressive version is bribing officials for jumping the queue
for providing the service that is thoroughly legal. In other words, civil servants are corrupted to
do their job or to do it more quickly than they usually do, instead of not doing it. The frequency
of this type of corruption is a good indicator of the capacity and effectiveness of a country’s
administration, i.e. its poor administrative capacities or poor supply of administrative services.
One should bear in mind that the shortage of supply of administrative services can be deliberately
produced, aimed at creating the rent and its redistribution via corruption.
The second type of corruption is a corruption that violates the legal rules, or a very biased
enforcement of the rules. This is administrative corruption and is the most modelled type of
corruption – the vast majority of theoretical contributions in the field are about administrative
corruption. This is due to very clear motives and incentives for each economic agent and very
clear relations between them. This type of corruption corresponds to the principle-agent model
of corruption, as the total supply of corruption (demand for the bribe for violating the rules) is
provided by the civil servants.
The most significant direct consequence of this type of corruption is that legislation and public
policies are not justly enforced. A cynical approach to the issue within countries with widespread
corruption is that some public policies are so bad, it is actually better for the society that they are
not enforced. Accordingly, corruption is considered to be the second best solution. It would be
better if these policies were not enforced at all. Nonetheless, since the political process resulted
in bad policies (and no alternatives to that political process are feasible in the foreseeable future),
corruption is seen as a solution for bad public policies, whatever the source of these bad public
policies. Nonetheless, one should take into account the costs of corruption as such, particularly
the costs of corruption as a method for circumventing bad public policies.
Finally, there is “state capture” – corruption that is aimed at changing the rules and regulations
into rules and regulations that favor the interests of the corruptor.

RSM 306
The concept of state capture was developed by the World Bank primarily for explaining the reality
of political life in transitional economies. The underlying assumption is that legislation and public
policies are decisively influenced by the bribing of legislators by a few oligarchs – very powerful
business people. In other words, public policies are inevitably formulated to favor the oligarchs,
not the public. Although there is no doubt that such a process exists, and that this type of
corruption can explain some elements of public policy in many countries (not only transitional
ones), the concept of “state capture” lacks analytical clarity. The main problem is that interest
groups influence legislators’ decision making in all countries. Strong lobbying is an entirely legal
and legitimate activity in mature democracies.
The crucial analytical problem of the “state capture” concept is specifying a cut-off line between
legitimate political lobbying and “state capture” created by corruption. The state can be captured
both by aggressive lobbying and by effective corruption.
Subsequently, the crucial question is to what extent are the outcomes regarding public policies
from legitimate lobbying and illegal corruption different, and more specifically are the public
policies designed by lobbying superior to the ones designed through corruption? Additionally,
the question is whether the social costs (in terms of the opportunity costs of resources used) of
lobbying are greater or less compared with the social costs of corruption. In brief, although the
type of corruption that influences public policy is very important to consider, the analytical
framework of “state capture” should be substantially improved in order to better explain its
mechanisms and for an enhanced understanding of the process.
The other important distinction in the case of corruption is its industrial organization, as Shleifer
and Vishney thoroughly analyzed the phenomenon, emphasizing centralized (monopolized) vs.
decentralized patterns of corruption. The crucial prerequisite for centralized corruption is the
ability to enforce joint profit in bribe collection. It is closely related to the problem of enforcing
collusion in oligopoly. It has been pointed out that when governments have an effective policing
machine to monitor the action of civil servants, such as the KGB in the former Soviet Union,
corruption in the country is centralized. Within the methodological framework of a benevolent
state, the analysis of industrial organization cannot answer why some (benevolent) governments
are equipped with agencies like the KGB while others are not. Apart from the prerequisites for
distinctive industrial organization of corruption, the crucial distinction is the one of transaction
costs. In decentralized corruption, a single corruptor is dealing with multiple, rather than single,
corruption contracts (transactions), hence the transaction costs are multiplied. In other words, a
monopolized corruption pattern is superior to a decentralized one regarding the scale of
transaction costs.

RSM 306
11
FRAUD SOLUTIONS
 The importance of knowing your employees
Employee fraud is a significant problem faced by organizations of all types, sizes, locations
and industries. While we would all like to believe our employees are loyal and working for the
benefit of the organization (and most of them probably are), there are still many reasons why
your employees may commit fraud and several ways in which they might do it. According to
the 2014 Report to the Nation on Occupational Fraud and Abuse (copyright 2014 by the
Association of Certified Fraud Examiners, Inc.), research shows that the typical organization
loses 5% of its annual revenue each year due to employee fraud. Prevention and detection
are crucial to reducing this loss. Every organization should have a plan in place as preventing
fraud is much easier than recovering your losses after a fraud has been committed.
Types of Fraud
Fraud comes in many forms but can be broken down into three categories: asset
misappropriation, corruption and financial statement fraud. Asset misappropriation,
although least costly, made up 90% of all fraud cases studied. These are schemes in which an
employee steals or exploits its organization’s resources. Examples of asset misappropriation
are stealing cash before or after it’s been recorded, making a fictitious expense
reimbursement claim and/or stealing non-cash assets of the organization.
Financial statement fraud comprised less than five percent of cases but caused the most
median loss. These are schemes that involve omitting or intentionally misstating information
in the company’s financial reports. This can be in the form of fictitious revenues, hidden
liabilities or inflated assets.
Corruption fell in the middle and made up less than one-third of cases. Corruption schemes
happen when employees use their influence in business transactions for their own benefit
while violating their duty to the employer. Examples of corruption are bribery, extortion and
conflict of interest.

RSM 306
FRAUD PREVENTION STRATEGIES
It is vital to an organization, large or small, to have a fraud prevention plan in place. The fraud
cases studied in the ACFE 2014 Report revealed that the fraudulent activities studied lasted
an average of 18 months before being detected. Imagine the type of loss your company could
suffer with an employee committing fraud for a year and a half. Luckily, there are ways you
can minimize fraud occurrences by implementing different procedures and controls.
1. Know Your Employees
Fraud perpetrators often display behavioral traits that can indicate the intention to commit
fraud. Observing and listening to employees can help you identify potential fraud risk. It is
important for management to be involved with their employees and take time to get to know
them. Often, an attitude change can clue you in to a risk. This can also reveal internal issues
that need to be addressed. For example, if an employee feels a lack of appreciation from the
business owner or anger at their boss, this could lead him or her to commit fraud as a way of
revenge. Any attitude change should cause you to pay close attention to that employee. This
may not only minimize a loss from fraud, but can make the organization a better, more
efficient place with happier employees. Listening to employees may also reveal other clues.
Consider an employee who has worked for your company for 15 years that is now working
65 hours a week instead of 40 because two co-workers were laid off. A discussion with the
employee reveals that in addition to his new, heavier workload, his brother lost his job and
his family has moved into the employee’s house. This could be a signal of a potential fraud
risk. Very often and unfortunately, it’s the employee you least expect that commits the crime.
It is imperative to know your employees and engage them in conversation.
2. Make Employees Aware/Set up Reporting System
Awareness affects all employees. Everyone within the organization should be aware of the
fraud risk policy including types of fraud and the consequences associated with them. Those
who are planning to commit fraud will know that management is watching and will hopefully
be deterred by this. Honest employees who are not tempted to commit fraud will also be
made aware of possible signs of fraud or theft. These employees are assets in the fight against
fraud. According to the ACFE 2014 Report, most occupational fraud (over 40%) is detected
because of a tip. While most tips come from employees of the organization, other important
sources of tips are customers, vendors, competitors and acquaintances of the fraudster. Since
many employees are hesitant to report incidents to their employers, consider setting up an
anonymous reporting system. Employees can report fraudulent activity through a website
keeping their identity safe or by using a tip hotline.
3. Implement Internal Controls

RSM 306
Internal controls are the plans and/or programs implemented to safeguard your company’s
assets, ensure the integrity of its accounting records, and deter and detect fraud and theft.
Segregation of duties is an important component of internal control that can reduce the risk
of fraud from occurring. For example, a retail store has one cash register employee, one
salesperson, and one manager. The cash and check register receipts should be tallied by one
employee while another prepares the deposit slip and the third brings the deposit to the
bank. This can help reveal any discrepancies in the collections.
Documentation is another internal control that can help reduce fraud. Consider the example
above; if sales receipts and preparation of the bank deposit are documented in the books,
the business owner can look at the documentation daily or weekly to verify that the receipts
were deposited into the bank. In addition, make sure all checks, purchase orders and invoices
are numbered consecutively. Use “for deposit only” stamps on all incoming checks, require
two signatures on checks above a specified dollar amount and avoid using a signature stamp.
Also, be alert to new vendors as billing-scheme embezzlers setup and make payments to
fictitious vendors, usually mailed to a P.O. Box.
Internal control programs should be monitored and revised on a consistent basis to ensure
they are effective and current with technological and other advances. If you do not have an
internal control process or fraud prevention program in place, then you should hire a
professional with experience in this area. An expert will analyze the company’s policies and
procedures, recommend appropriate programs and assist with implementation.
4. Monitor Vacation Balances
You might be impressed by the employees who haven’t missed a day of work in years. While
these may sound like loyal employees, it could be a sign that these employees have
something to hide and are worried that someone will detect their fraud if they were out of
the office for a period of time. It is also a good idea to rotate employees to various jobs within
a company. This may also reveal fraudulent activity as it allows a second employee to review
the activities of the first.
5. Hire Experts
Certified Fraud Examiners (CFE), Certified Public Accountants (CPA) and CPAs who are
certified in Financial Forensics (CFF) can help you in establishing antifraud policies and
procedures. These professionals can provide a wide range of services from complete internal
control audits and forensic analysis to general and basic consultations.
6. Live the Corporate Culture
A positive work environment can prevent employee fraud and theft. There should be a clear
organizational structure, written policies and procedures and fair employment practices. An
open-door policy can also provide a great fraud prevention system as it gives employees open
lines of communication with management. Business owners and senior management should

RSM 306
lead by example and hold every employee accountable for their actions, regardless of
position.
Fraud Detection
In addition to prevention strategies, you should also have detection methods in place and
make them visible to the employees. According to Managing the Business Risk of Fraud: A
Practical Guide, published by Association of Certified Fraud Examiners (ACFE), the visibility of
these controls acts as one of the best deterrents to fraudulent behavior. It is important to
continuously monitor and update your fraud detection strategies to ensure they are effective.
Detection plans usually occur during the regularly scheduled business day. These plans take
external information into consideration to link with internal data. The results of your fraud
detection plans should enhance your prevention controls. It is important to document your
fraud detection strategies including the individuals or teams responsible for each task. Once
the final fraud detection plan has been finalized, all employees should be made aware of the
plan and how it will be implemented. Communicating this to employees is a prevention
method in itself. Knowing the company is watching and will take disciplinary action can hinder
employees’ plans to commit fraud.
Conclusion
Those who are willing to commit fraud do not discriminate. It can happen in large or small
companies across various industries and geographic locations. Occupational fraud can result
in huge financial loss, legal costs, and ruined reputations that can ultimately lead to the
downfall of an organization. Having the proper plans in place can significantly reduce
fraudulent activities from occurring or cut losses if a fraud already occurred. Making the
company policy known to employees is one of the best ways to deter fraudulent behavior.
Following through with the policy and enforcing the noted steps and consequences when
someone is caught is crucial to preventing fraud. The cost of trying to prevent fraud is less
expensive to a business than the cost of the fraud that gets committed.
 Set up a reporting system and
raise awareness
 Internal control implementation
Two Basic Types of Controls Control Types Description
Preventive Controls Prevent undesirable events from occurring

Facilitate desirable events
Detective Controls Identify/Detect undesirable events

RSM 306
Control Control Description Example

Categories
Category Legend
Authorization Approval of transactions executed Authorization limits.
and access to assets and records
only in accordance with
management's general or specific
policies and procedures.
Configuration/ Account "Switches" to secure data against Screen layouts with
Mapping inappropriate processing. required fields.
Exception/ Edit Reports Reports are generated to monitor Reports of transactions
something and exceptions are exceeding limits.
followed up to resolution.
(Exception - a violation of a set
standard, Edit - a change to a master
file).
Interface/ Conversion Controls Controls over moving data between Interface between AP
computer systems. Process used to system and GL system.
migrate data from a legacy system.
Key Performance Indicators Financial and non-financial A/R over 90 days.

quantitative measurements that
are collected by the entity and used
to evaluate progress toward
meeting objectives.
Management Review A person different from the Manager review
preparer analyzing evidence and of reconciliations.
performing oversight of the
activities performed.
Reconciliation Check whether two items (account Reconciliation of A/R to
balances, computer systems) are G/L.
consistent. Items must be from
different systems or records.
Segregation of Duties Separation of duties and Staff who bill accounts
responsibilities for receivable do not post
authorizing transactions, cash collections.
recording transactions
and maintaining custody.

RSM 306
System Access Capabilities that individual users or Password protection

groups of users have within a linked to level of access.
computer information system as
determined by access rights are
configured in the system.
 Monitor employees leave

 Plan preventative strategy
 Plan detection strategy

RSM 306
12
BANK FRAUD
What is Bank Fraud?
The criminal offense of bank fraud is deliberately engaging in a secret scheme or deception
intended to defraud a bank or financial institution, to obtain money or property owned by the
bank or financial institution. Bank fraud is considered to be a white collar crime. In the United
States, a criminal charge of bank fraud generally applies when an individual knowingly executes,
or attempts to execute, at act (1) in order to defraud a financial institution, or (2) to receive
money, assets, credits, securities, or property from a bank or financial institution using false
information, pretenses, or insincere promises.
Types of Bank Fraud
There are dozens of ways in which an individual can commit bank fraud. Some of these schemes
are more complex, and affect more people or institutions, garnering harsher penalties than
others do. Common types of bank fraud include:
 Bank Impersonation – one or more individuals act as a financial institution, often by
setting up fake companies, or creating websites, in order to lure people into depositing
funds.
 Stolen Checks – fraudsters may obtain jobs that provide access to mail, such as the post
office, mailbox stores, a tax authority, or corporate payroll company. After stealing
checks, they open a bank account using an assumed name, and deposit the checks.
 Forgery – forgery occurs when a person alters a check by changing the name or some
other information on the face. Altering the amount of the check, such as adding a zero to
the end of a number, can turn a $20 check into a $200 check, putting more cash into the
forger’s pocket. Forging a person’s signature in order to cash or deposit a check also falls
under this category.
 Fraudulent loans – an individual who takes out a loan, knowing that he will immediately
file bankruptcy, has committed bank fraud. The same is true if the borrow uses a false
identity in order to become approved for a loan, or forges information on a loan
application.

RSM 306
 Internet Fraud – as it relates to bank fraud, internet fraud occurs when someone creates
a website for the purpose of posing as a bank or other financial institution, to fraudulently
obtain money deposited by other people.
Bank Fraud Investigations
Although many financial institutions employ their own brank fraud investigators, and local law
enforcement is often involved in investigating such crimes, it is the U.S. Secret Service that is
responsible for maintaining stability and integrity of the country’s financial framework and
payment systems. In its role as bank fraud investigator, the Secret Service investigates such
crimes as:
 Counterfeiting
 Identity Theft
 Check Fraud
 Automated Payment Systems Fraud
 Direct Deposit Fraud
 Check Forgery and Alterations
 Conducting fieldwork
Bank Fraud Prevention
It is very important to look after your money so that nobody can steal it from you! Criminals are
always coming up with new ways to try and get their hands on your hard-earned cash, but you
can help keep your money safe and reduce your chances of becoming a victim by following these
hints and tips:
At shops or ATMs:
• Don’t carry too much cash around. If you do have cash, don’t show it to other people!
• If you think somebody is following you, go straight to the nearest police station.
• Don’t talk to strangers in ATM queues or let strangers help you at an ATM. They could be
trying to see your card number or PIN.
• If you feel worried, or if you don’t think the ATM is working properly, cancel the
transaction IMMEDIATELY and report it to the bank.
• Register for SMS notifications on your bank account so you can keep track of your
transactions.
On the computer:

RSM 306
Make sure your passwords include both small letters and capital letters, as well us numbers and
other characters – and change your password often.
NEVER give your usernames, passwords or PIN to anyone via email, by fax or by phone.
Never enter your email username and password on any link you receive via email. Criminals can
create emails which seems to be from the actual company, tricking you.
Don’t use public computers for banking.
Ensure you have a reliable anti-virus software on your computer. Always log out of Internet
banking or other accounts and do not leave the computer while you’re logged on.
IMPORTANT: To make sure your cards and other banking details are safe, don’t let your cards out
of your sight, and NEVER tell your PIN to anyone. Always check your bank statements regularly,
and if you suspect any type of fraud on your account, report it to your bank immediately!
Internal Controls needed to prevent bank fraud in government institutions
• Conduct periodic surprise audits and annual reviews of procedures.

• Provide for the physical security of all checks.
o Maintain check images in preference to paper copies.
o Keep check stock in a locked and secure location with a formal inventory listing
maintained. Secure check stock daily. Remove continuous check stock from printers. Lock
and secure check specific printers. Consider the use of blank or unprinted check stock with
inventory control numbers. The actual check number may be generated through the
financial accounting system.
o Physically void returned checks and check copies, and retain in a locked and secure
location or destroy on a schedule.
o Provide for the temporary physical security of electronically deposited checks, including
storage in a secure facility, timely destruction such as secure shredding. (The depositing
government is liable for any fraudulent usage of these checks.) Ensure appropriate
security over signature plates, cards, and software.
• Require additional review process for all checks over a specified amount.
• Consider using a Controlled Disbursement account, to the extent permitted by law, for all
payroll and Accounts Payable disbursements to provide additional control. It is preferable to
make payments via batch ACH (direct deposit) for both Payroll and Accounts Payable as
opposed to checks to reduce fraud potential and payment expenses.

RSM 306
• Require two party authorizations (initiation and release) on all wires and ACH files.
• Require daily staff reconciliation of wires and ACH releases.
• Ensure proper segregation of duties among staff initiating, authorizing, preparing, signing,
and mailing payments and reconciling bank statements.
• Review signature cards and authority levels whenever any changes occur and annually at a
minimum. Remove individuals from bank transaction authority immediately upon resignation
or termination.
• Review all bank accounts at least annually. Consolidate or eliminate bank accounts that are
not frequently utilized.
• Depending on the complexity, size and volume, consider segregating cash inflow and outflow
in separate accounts to allow for placement of appropriate fraud prevention practices and
products. When appropriate (i.e. if no restrictions exist) these types of separate accounts
should be maintained as Zero Balance Accounts (ZBAs) that are swept into the governmental
entity’s concentration account.
• Ensure that controls exist for the storage and destruction of all documents that contain
account and other related information.
• Determine that appropriate controls are present if employees access the government’s
financial and banking systems from remote sites (i.e., restrict the sharing of files).
• On at least an annual basis, request the government’s legal counsel to research changes in
laws that shift liability for fraudulent transactions to the government.
 General Hints on Fraud prevention
1. Spot imposters.
Scammers often pretend to be someone you trust, like a government official, a family
member, a charity, or a company you do business with. Don’t send money or give out
personal information in response to an unexpected request — whether it comes as a text,
a phone call, or an email.
2. Do online searches.
Type a company or product name into your favorite search engine with words like
“review,” “complaint” or “scam.” Or search for a phrase that describes your situation, like
“IRS call.” You can even search for phone numbers to see if other people have reported
them as scams.
3. Don’t believe your caller ID.

RSM 306
Technology makes it easy for scammers to fake caller ID information, so the name and
number you see aren’t always real. If someone calls asking for money or personal
information, hang up. If you think the caller might be telling the truth, call back to a
number you know is genuine.
4. Don’t pay upfront for a promise.
Someone might ask you to pay in advance for things like debt relief, credit and loan offers,
mortgage assistance, or a job. They might even say you’ve won a prize, but first you have
to pay taxes or fees. If you do, they will probably take the money and disappear.
5. Consider how you pay.

Credit cards have significant fraud protection built in, but some payment methods don’t.
Wiring money through services like Western Union or MoneyGram is risky because it’s
nearly impossible to get your money back. That’s also true for reloadable cards like
MoneyPak, Reloadit or Vanilla. Government offices and honest companies won’t require
you to use these payment methods.
6. Talk to someone.
Before you give up your money or personal information, talk to someone you trust. Con
artists want you to make decisions in a hurry. They might even threaten you. Slow down,
check out the story, do an online search, consult an expert — or just tell a friend.
7. Hang up on robocalls.
8. If you answer the phone and hear a recorded sales pitch, hang up and report it to the
FTC. These calls are illegal, and often the products are bogus. Don’t press 1 to speak to a
person or to be taken off the list. That could lead to more calls.
9. Be skeptical about free trial offers. Some companies use free trials to sign you up for
products and bill you every month until you cancel. Before you agree to a free trial,
research the company and read the cancellation policy. And always review your monthly
statements for charges you don’t recognize.
10. Don’t deposit a check and wire money back.
By law, banks must make funds from deposited checks available within days, but
uncovering a fake check can take weeks. If a check you deposit turns out to be a fake,
you’re responsible for repaying the bank.
11. Sign up for free scam alerts from the FTC at ftc.gov/scams. Get the latest tips and
advice about scams sent right to your inbox.

RSM 306
13
The Investigative Process
 FRAUD RISKS FOR COMPANIES
The most recent study by the Association of Certified Fraud Examiners (ACFE), The Report to the
Nations – 2010, indicates that, on average, an organization loses 5 percent of top-line revenue to
internal fraud alone.
In these uncertain economic times, have you done everything reasonably prudent to prevent or
detect fraud? How susceptible is your organization? A fraud risk assessment might be the next
logical step to lower the potential for fraud against your organization. You cannot afford to be
losing money to controllable factors.
Elements of the risk assessment
A fraud risk assessment is a tool that organizations can utilize to determine their exposure to
internal and external fraud. The assessment reviews the operations and controls, including
policies and procedures, of an organization to determine where gaps exist that could allow a
person or group of persons to carry out a fraud against the organization.
The fraud assessment looks at key areas of the organization to determine if actions have been
taken that would alert management to a fraud or to effectively deter the execution of a fraud.
Each organization has different levels of risk and mitigation techniques depending on their
industry.
A manufacturing firm with valuable inventory has different risks than a software technology
company with valuable intellectual property. A retail establishment with stores has a different
set of risks than a professional services firm. Each risk assessment needs to be tailored for the
organization and the specific risks faced by that organization.
Elements of the risk assessment
The risk assessment team begins by determining the scope of the assessment so that critical areas
are prioritized in order to analyze the risks and implement the most effective prevention tactics.
The next step identifies the organization’s risks of fraud in the key areas determined in the first
step. This is dependent upon the prior fraud risk assessment efforts and industry sector.
Understanding the severity of the risks and/or gaps in the control environment is done by ranking,
from high to low, the documented risks and control gaps.

RSM 306
An analysis of the specific findings will generate the potential of a fraud, possible impact of the
fraud, and recommendations on how to reduce risk. The final and most critical step is for
management to implement the advised action steps throughout the organization to reduce the
threat of a fraud.
 THE 5 STEP PROCESS
All risk management processes follow the same basic steps, although sometimes different jargon
is used to describe these steps. Together these 5 risk management process steps combine to
deliver a simple and effective risk management process.
Step 1:
Identify the Risk.
You and your team uncover, recognize and describe risks that might affect your project or its
outcomes. There are a number of techniques you can use to find project risks. During this step
you start to prepare your Project Risk Register.
Step 2:
Analyze the risk.
Once risks are identified you determine the likelihood and consequence of each risk. You develop
an understanding of the nature of the risk and its potential to affect project goals and objectives.
This information is also input to your Project Risk Register.
Step 3:
Evaluate or Rank the Risk.
You evaluate or rank the risk by determining the risk magnitude, which is the combination of
likelihood and consequence. You make decisions about whether the risk is acceptable or whether
it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk
Register.
Step 4:
Treat the Risk.
This is also referred to as Risk Response Planning. During this step you assess your highest ranked
risks and set out a plan to treat or modify these risks to achieve acceptable risk levels. How can
you minimize the probability of the negative risks as well as enhancing the opportunities? You
create risk mitigation strategies, preventive plans and contingency plans in this step. And you add
the risk treatment measures for the highest ranking or most serious risks to your Project Risk
Register.
Step 5:

RSM 306
Monitor and Review the risk.

This is the step where you take your Project Risk Register and use it to monitor, track and review
risks.
Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively
de-risk your project. And that means you can move much more confidently to achieve your
project goals. By identifying and managing a comprehensive list of project risks, unpleasant
surprises and barriers can be reduced and golden opportunities discovered. The risk management
process also helps to resolve problems when they occur, because those problems have been
envisaged, and plans to treat them have already been developed and agreed. You avoid impulsive
reactions and going into “fire-fighting” mode to rectify problems that could have been
anticipated. This makes for happier, less stressed project teams and stakeholders. The end result
is that you minimize the impacts of project threats and capture the opportunities that occur.
What are the keys to fraud prevention and detection?
While it is not possible to eliminate fraud entirely from an organization, the right prevention and
detection measures can significantly mitigate fraud risks. This section of the new guidance
emphasizes that fraud prevention is the first line of defense in reducing fraud risk. Organizations
can increase their fraud prevention efforts through continuous communication and
reinforcement. The guide also reminds us that “one of the strongest fraud deterrents is the
awareness that effective detective controls are in place.” In our experience, common
improvement opportunities in fraud prevention and detection include:
 Improving employee fraud awareness training
 Re-prioritizing fraud detection efforts onto key fraud risks
 Greater use of technology to enhance fraud detection and deterrence
 Benchmarking fraud helplines/hotlines to uncover performance issues
Executives charged with fraud risk management are often unsure where to start or are simply
overwhelmed by the task ahead of them. One of the outcomes of a fraud risk assessment is a
prioritization of fraud risks.
Figuring out where you are and where you need to be is half the battle.
Too often, companies fail to put a fraud allegation investigative response plan in place and are
caught off guard at a time when prompt action is needed.
 Who to include in the investigative team

What are the leading practices in fraud investigation and corrective action?
Recognizing that no system of internal control can completely eliminate fraud, the guidance
includes recommendations for conducting investigations and corrective actions. The guidance
suggests that the board of directors take responsibility for seeing that the organization develops
a system for prompt, competent, and confidential review and investigation of allegations
involving potential fraud or misconduct. The new guidance also shares leading practices for

RSM 306
receiving, responding to, and evaluating allegations of fraud. Furthermore, it recommends

specific tasks for conducting an investigation, including interviewing, evidence collection,
computer forensic examinations, and evidence analysis.
We believe that most organizations could benefit from incorporating leading practices into their
investigative response plans including:
 Establishing and documenting fraud investigation protocols
 Identifying fraud investigation resources, especially global response teams, in advance of a
crisis
 Implementing a case management system to track and log the resolution of fraud allegations
Implementing processes and control improvements enterprise-wide to gain efficiencies and

prevent recurrences
Fraud Examination and Forensic Accounting
Although fraud examination shares certain characteristics with forensic accounting, they are not
the same discipline.
Forensic accounting is the use of professional accounting skills in matters involving potential or
actual civil or criminal litigation. The word forensic is defined by Black’s Law Dictionary as “used
in or suitable to courts of law or public debate.” Therefore, forensic accounting is actually
litigation support involving accounting.
Accordingly, most fraud examinations involve forensic accounting, but not all forensic accounting
is fraud examination. For example, an individual hired to value the property in a minority
shareholder derivative suit would engage in forensic accounting even if the engagement does not
involve fraud.
While fraud examinations can be conducted by either accountants or non-accountants, forensic
accounting work can only be performed by accountants. In addition, while forensic accounting is
litigation support work that involves accounting, fraud examinations only involve anti-fraud
matters.
Most fraud examinations will generally fall under the category of forensic accounting because the
majority of fraud examinations, investigations, and reports regarding fraud are done with “an eye
toward litigation.” This is because fraud examiners are taught to conduct fraud examinations with
the assumption that they will end in litigation.
Forensic accounting can include many professional services. Typically, forensic accountants
perform assignments involving:
• Computer forensics
• Electronic discovery
• Bankruptcies, insolvencies, and reorganizations
• Workplace fraud investigations
RSM 306
• Calculations of economic losses Business valuations

• Professional negligence
• Fraud Examination Methodology
• Fraud examination is a methodology of resolving signs or allegations of fraud from inception
to disposition. The fraud examination methodology establishes a uniform, legal process for
resolving signs or allegations of fraud on a timely basis. It provides that fraud examinations
should move in a linear order, from the general to the specific, gradually focusing on the
perpetrator through an analysis of evidence.
• Fraud examinations involve efforts to resolve allegations or signs of fraud when the full facts
are unknown or unclear; therefore, fraud examinations seek to obtain facts and evidence to
help establish what happened, identify the responsible party, and provide recommendations
where applicable.
• When conducting a fraud examination to resolve signs or allegations of fraud, the fraud
examiner should assume litigation will follow, act on predication, approach cases from two
perspectives, move from the general to the specific, and use the fraud theory approach.
• Assume Litigation Will Follow
• Each fraud examination should begin with the proposition that the case will end in litigation.
Thus, when a fraud examiner begins a fraud examination, he must assume that the case will
end in litigation, and this assumption must be maintained and considered throughout the
entire examination. If the fraud examiner assumes that litigation will occur, he will conduct
the examination in accordance with the proper rules of evidence and remain well within the
legal guidelines established by the legal systems.
• Act on Predication
• Fraud examinations must adhere to the law; therefore, fraud examiners should not conduct
or continue fraud examinations without proper predication. Predication is the totality of
circumstances that would lead a reasonable, professionally trained, and prudent individual to
believe that a fraud has occurred, is occurring, and/or will occur. In other words, predication
is the basis upon which an examination, and each step taken during the examination, is
commenced.
A fraud examiner acts on predication when he has a sufficient basis and legitimate reason to take
each step in an examination.
Accordingly, fraud examiners should begin fraud examination only when there are circumstances
that suggest fraud has occurred, is occurring, and/or will occur, and they should not investigate
beyond the available predication. If a fraud examiner cannot articulate a factual basis or good
reason for an investigative step, he should not do it. Therefore, a fraud examiner should
reevaluate the predication as the fraud examination proceeds. That is, as a fraud examination
progresses and new information emerges, the fraud examiner should continually reevaluate
whether there is adequate predication to take each additional step in the examination.

RSM 306
If a fraud examiner acts without predication, he might expose both himself and his client or
employer to liability.
The requirement for predication, however, does not bar fraud examiners from accepting other
forms of engagements in circumstances where predication is lacking. For example, a fraud
examiner can conduct a fraud risk assessment for consulting purposes even if there is no reason
to believe a fraud has occurred, is occurring, and/or will occur.
Approach from Two Perspectives
Fraud examiners should approach investigations into fraud matters from two perspectives: 1) by
seeking to prove that fraud has occurred and 2) by seeking to prove that fraud has not occurred.
To prove that a fraud has occurred, the fraud examiner must seek to prove that fraud has not
occurred. The reverse is also true. To prove fraud has not occurred, the fraud examiner must seek
to prove that fraud has occurred. The reasoning behind this two-perspective approach is that
both sides of fraud must be examined because under the law, proof of fraud must preclude any
explanation other than guilt.
Move from the General to the Specific
Fraud examinations commence when the full facts are unknown or unclear; therefore, they
should proceed from the general to the specific. That is, fraud examinations should begin with
general information that is known, starting at the periphery, and then move to the more specific
details.
To illustrate, consider the order of interviews in fraud examinations. In most examinations, fraud
examiners should start interviewing at the periphery of all possible interview candidates and
move toward the witnesses appearing more involved in the matters that are the subject of the
examination. Thus, the usual order of interviews is as follows:
• Neutral third-party witnesses, starting with the least knowledgeable and moving to those who
are more knowledgeable about the matters at issue
• Parties suspected of complicity, starting with the least culpable and moving to the most
culpable
• The primary suspect(s) of the examination
Use the Fraud Theory Approach
When conducting fraud examinations, fraud examiners should adhere to the fraud theory
approach. The fraud theory approach is an investigative tool designed to help fraud examiners
organize and direct examinations based on the information available at the time.
The fraud theory approach provides that, when conducting investigations into allegations or signs
of fraud, the fraud examiner should make a hypothesis (or theory) of what might have occurred
based on the known facts. Once the fraud examiner has created a hypothesis, he should test it
through the acquisition of new information (or correcting and integrating known information) to

RSM 306
determine whether the hypothesis is provable. If, after testing a hypothesis, the fraud examiner
determines that it is not provable, he should continually revise and test his theory based on the
known facts until it is provable, he concludes that no fraud is present, or he finds that the fraud
cannot be proven.
Simply put, the fraud theory approach involves the following steps:
• Analyzing available data
• Creating a hypothesis
• Testing the hypothesis
• Refining and amending the hypothesis
The following internal fraud case study illustrates the concepts involved in the fraud examination
process. Although the case study is based on an actual incident, the names and certain other facts
have been changed for purposes of illustration.
Source-2015 Fraud Examiners Manual

RSM 306
14
New Fraud Tools
The dynamic nature of technology threats requires a proactive response. While external auditors
and C-suite executives have long been reluctant to embrace advanced data analytics as a
proactive tool — or even as a reactive tool — to ferret out fraud, the tide seems to be turning
with the increased threat that cybercrime poses.
Advanced data analytics provide the ability to collect and analyze data, both structured (think
transactional data) and unstructured (email, voicemail, internet logs, text messages, social media,
blogs or free text fields in a database), to prevent, detect, monitor and investigate potentially
improper transactions, events or patterns of behavior related to misconduct, fraud or
noncompliance issues.
As fraud examiners, we know a picture says a thousand words — and nothing tells a story better
than data. The use of data visualization tools is on the rise for business intelligence, as well as
detecting patterns and relationships indicative of fraud. With the explosion of electronic data,
data visualization allows for communicating key aspects of complex and voluminous data in a
more intuitive way. Effective visualization — which is both an art and a science — combined with
advanced data analytics helps users identify patterns and relationships.

RSM 306
15
Money Laundering
51.1. What is Money Laundering?
Money laundering is process by which criminals disguise the original ownership and control of
the proceeds of criminal conduct by making such proceeds appear to have derived from a
legitimate source.
The processes by which criminally derived property may be laundered are extensive. Though
criminal money may be successfully laundered without the assistance of the financial sector, the
reality is that hundreds of billions of dollars of criminally derived money is laundered through
financial institutions, annually. The nature of the services and products offered by the financial
services industry (namely managing, controlling and possessing money and property belonging
to others) means that it is vulnerable to abuse by money launderers..
15.2. How is the offence of money laundering committed?
Money laundering offences have similar characteristics globally. There are two key elements to a
money laundering offence:
1. The necessary act of laundering itself i.e. the provision of financial services; and
2. A requisite degree of knowledge or suspicion (either subjective or objective) relating to the
source of the funds or the conduct of a client.
The act of laundering is committed in circumstances where a person is engaged in an

arrangement (i.e. by providing a service or product) and that arrangement involves the proceeds
of crime. These arrangements include a wide variety of business relationships e.g. banking,
fiduciary and investment management.
The requisite degree of knowledge or suspicion will depend upon the specific offence but will
usually be present where the person providing the arrangement, service or product knows,
suspects or has reasonable grounds to suspect that the property involved in the arrangement
represents the proceeds of crime. In some cases the offence may also be committed where a
person knows or suspects that the person with whom he or she is dealing is engaged in or has
benefited from criminal conduct.

RSM 306
Are all crimes capable of predicating money laundering?

Different jurisdictions define crime predicating the offence of money laundering in different
ways. Generally the differences between the definitions may be summarised as follows:
1. Differences in the degree of severity of crime regarded as sufficient to predicate an offence

of money laundering. For example in some jurisdictions it is defined as being any crime that
would be punishable by one or more years imprisonment. In other jurisdictions the
necessary punishment may be three or five years imprisonment; or
2. Differences in the requirement for the crime to be recognized both in the country where it
took place and by the laws of the jurisdiction where the laundering activity takes place or
simply a requirement for the conduct to be regarded as a crime in the country where the
laundering activity takes place irrespective of how that conduct is treated in the country
where it took place.
In practice almost all serious crimes, including, drug trafficking, terrorism, fraud, robbery,
prostitution, illegal gambling, arms trafficking, bribery and corruption are capable of predicating
money laundering offences in most jurisdictions.
Can Fiscal Offences such as tax evasion predicate Money Laundering?

The answer depends upon the definition of crime contained within the money laundering
legislation of a particular jurisdiction.
Tax evasion and other fiscal offences are treated as predicate money laundering crimes in most
of the world’s most effectively regulated jurisdictions.
15.3. Why is money laundering illegal?

The objective of the criminalization of money laundering is to take the profit out of crime. The
rationale for the creation of the offence is that it is wrong for individuals and organisations to
assist criminals to benefit from the proceeds of their criminal activity or to facilitate the
commission of such crimes by providing financial services to them.
Main types of Money Laundering prosecutions
There are 4 types of money laundering prosecution. There are, firstly, those "mixed" cases in
which money laundering can be charged or included on an indictment in which the underlying
proceeds -generating predicate offence is included.
The subsets of this are:
•"Own proceeds" or "self-laundering", where the defendant in a money laundering case may also
be the author of the predicate crime;
•Laundering by a person or persons other than the author of the predicate offence.

RSM 306
Secondly, there are those cases where money laundering is the sole charge capable of proof or
the easiest charge to prove. Again, there are two subsets:
•"Own proceeds" laundering;
•Laundering by a person other than the author of the predicate offence.
Prosecutors are not required to prove that the property in question is the benefit of a particular
or a specific act of criminal conduct, as such an interpretation would restrict the operation of the
legislation. The prosecution need to be in a position, as a minimum, to be able to produce
sufficient circumstantial evidence or other evidence from which inferences can be drawn to the
required criminal standard that the property in question has a criminal origin.
Typically evidence of the criminal origin of proceeds may be provided in money laundering
proceedings by:
• Accomplice evidence;
• Circumstantial evidence and/or other evidence;
• Forensic evidence (e.g. contamination of cash with drugs) from which inferences can be
drawn that money came from drug trafficking;
• Evidence of complex audit trails, from which an accountancy expert may be able to
conclude that the complexity of the transactions indicate that the property was the
proceeds of crime. (Archbold 2006 10-66). While this was not a money laundering
prosecution, by analogy, it would seem permissible for a witness to give expert evidence
that the facts lead him to the conclusion that the property was the proceeds of crime);
• Evidence of the unlikelihood of the property being of legitimate origin - Where the
prosecution proves D has no legitimate explanation for possessing the property in
question a jury may be willing to draw an inference that it is proceeds of crime;
• Criminals often attempt to launder proceeds through a cash intensive business. Where
the cash flows appear too large or the profit margins too high this may be capable of
giving rise to expert evidence that the business will usually give rise to a particular level
of profit and the profits are clearly excessive which together with other available evidence
can be sufficient to prove the underlying criminality. See R. v. Boam 1998 Cr. Law Bulletin.
15.4. How is money laundered?

The processes are extensive. Generally speaking, money is laundered whenever a person or
business deals in any way with another person’s benefit from crime. That can occur in a countless
number of diverse ways.
The 3 Stage Process

RSM 306
Traditionally money laundering has been described as a process which takes place in three
distinct stages.
• Placement, the stage at which criminally derived funds are introduced in the financial
system.
• Layering, the substantive stage of the process in which the property is ‘washed’ and its
ownership and source is disguised.
• Integration, the final stage at which the ‘laundered’ property is re-introduced into the
legitimate economy.
This three staged definition of money laundering is highly simplistic. The reality is that the so
called stages often overlap and in some cases, for example in cases of financial crimes, there is
no requirement for the proceeds of crime to be ‘placed’.
15.5. Common money laundering methods

Money laundering can take several forms, although most methods can be categorized into one
of a few types. These include "bank methods, smurfing [also known as structuring], currency
exchanges, and double-invoicing".
a. Structuring:
Often known as smurfing, this is a method of placement whereby cash is broken into smaller
deposits of money, used to defeat suspicion of money laundering and to avoid anti-money
laundering reporting requirements. A sub-component of this is to use smaller amounts of cash to
purchase bearer instruments, such as money orders, and then ultimately deposit those, again in
small amounts.
b. Bulk cash smuggling:
This involves physically smuggling cash to another jurisdiction and depositing it in a financial
institution, such as an offshore bank, with greater bank secrecy or less rigorous money laundering
enforcement.
c. Cash-intensive businesses:
In this method, a business typically expected to receive a large proportion of its revenue as cash
uses its accounts to deposit criminally derived cash. Such enterprises often operate openly and
in doing so generate cash revenue from incidental legitimate business in addition to the illicit
cash – in such cases the business will usually claim all cash received as legitimate earnings. Service
businesses are best suited to this method, as such enterprises have little or no variable costs
and/or a large ratio between revenue and variable costs, which makes it difficult to detect
discrepancies between revenues and costs. Examples are parking structures, strip clubs, tanning
salons, car washes, and casinos.

RSM 306
d. Trade-based laundering:
This involves under- or over-valuing invoices to disguise the movement of money.
e. Shell companies and trusts:
Trusts and shell companies disguise the true owners of money. Trusts and corporate vehicles,
depending on the jurisdiction, need not disclose their true owner. Sometimes referred to by the
slang term rathole, though that term usually refers to a person acting as the fictitious owner
rather than the business entity.
f. Round-tripping:
Here, money is deposited in a controlled foreign corporation offshore, preferably in a tax haven
where minimal records are kept, and then shipped back as a foreign direct investment, exempt
from taxation. A variant on this is to transfer money to a law firm or similar organization as funds
on account of fees, then to cancel the retainer and, when the money is remitted, represent the
sums received from the lawyers as a legacy under a will or proceeds of litigation. g. Bank capture:
In this case, money launderers or criminals buy a controlling interest in a bank, preferably in a
jurisdiction with weak money laundering controls, and then move money through the bank
without scrutiny.
h. Casinos:
In this method, an individual walks into a casino and buys chips with illicit cash. The individual will
then play for a relatively short time. When the person cashes in the chips, they will expect to take
payment in a check, or at least get a receipt so they can claim the proceeds as gambling winnings.
i. Other gambling:
Money is spent on gambling, preferably on high odds games. One way to minimize risk with this
method is to bet on every possible outcome of some event that has many possible outcomes, so
no outcome(s) have short odds, and the bettor will lose only the vigorish and will have one or
more winning bets that can be shown as the source of money. The losing bets will remain hidden.
j. Real estate:
Someone purchases real estate with illegal proceeds and then sells the property. To outsiders,
the proceeds from the sale look like legitimate income. Alternatively, the price of the property is
manipulated: the seller agrees to a contract that underrepresents the value of the property, and
receives criminal proceeds to make up the difference.
k. Black salaries:
A company may have unregistered employees without written contracts and pay them cash
salaries. Dirty money might be used to pay them.
l. Tax amnesties: For example, those that legalize unreported assets and cash in tax havens.
RSM 306
m. Life insurance business: Assignment of policies to unidentified third parties and for which no
plausible reasons can be ascertained.
15.6. Red flags of money laundering, what to look for
While not all-inclusive, the list does reflect ways that launderers have been known to operate.
Transactions or activities listed here may not necessarily be indicative of money laundering if they
are consistent with a customer’s legitimate business. Also, many of the “red flags” involve more
than one type of transaction.
1. Minimal, vague or fictitious information provided. An individual provides minimal, vague or

fictitious information that the bank cannot readily verify.
2. Lack of references or identification. An individual attempts to open an account without
references or identification, gives sketchy information, or refuses to provide the information
needed by the bank.
3. Non-local address. The individual does not have a local residential or business address, and
there is no apparent legitimate reason for opening an account with the bank.
4. Customers with multiple accounts. A customer maintains multiple accounts at a bank or at
different banks for no apparent legitimate reason. The accounts may be in the same names
or in different names with different signature authorities. Inter-account transfers are
evidence of common control.
5. Frequent deposits or withdrawals with no apparent business source. The customer
frequently deposits or withdraws large amounts of currency with no apparent business
source, or the business is of a type not known to generate substantial amounts of currency.
6. Multiple accounts with numerous deposits under $10,000. An individual or group opens a
number of accounts under one or more names, and makes numerous cash deposits just under
10,000, or deposits containing bank checks or travelers’ checks.
7. Numerous deposits under $10,000 in a short period of time. A customer makes numerous
deposits under $10,000 in an account in short periods of time, thereby avoiding the
requirement to file a Currency Transaction Report. This includes deposits made at an
automatic teller machine.
8. Accounts with a high volume of activity and low balances. Accounts with a high volume of
activity, which carry low balances or are frequently overdrawn, may be indicative of money
laundering or check kiting.
9. Large deposits and balances. A customer makes large deposits and maintains large balances
with little or no apparent justification.
10. Deposits and immediate requests for wire transfers or cash shipments. A customer makes
numerous deposits in an account and almost immediately requests wire transfers or a cash
shipment from that account to another account, possibly in another country. These
transactions are not consistent with the customer’s legitimate business needs. Normally, only
a token amount remains in the original account.
RSM 306
11. Numerous deposits of small incoming wires or monetary instruments, followed by a large
outgoing wire. Numerous small incoming wires and/or multiple monetary instruments are
deposited into an account. The customer then requests a large outgoing wire to another
institution or country.
12. Accounts used as a temporary repository for funds. The customer appears to use an account
as a temporary repository for funds that ultimately will be transferred out of the bank,
sometimes to foreign-based accounts. There is little account activity.
13. Funds deposited into several accounts, transferred to another account, and then
transferred outside of the U.S.. This involves the deposit of funds into several accounts, which
are then combined into one account, and ultimately transferred outside the U.S. This activity
is usually not consistent with the known legitimate business of the customer.
14. Disbursement of certificates of deposit by multiple bank checks. A customer may request
disbursement of the proceeds of a certificate of deposit or other investments in multiple bank
checks, each under $10,000. The customer can then negotiate these checks elsewhere for
currency. He/she avoids the currency transaction reporting requirements and severs the
paper trail.
15. Early redemption of certificates of deposits. A customer may request early redemption of
certificates of deposit or other investments within a relatively short period of time from the
purchase date of the certificate of deposit or investment. The customer may be willing to lose
interest and incur penalties as a result of the early redemption.
16. Sudden, unexplained increase in account activity or balance. There may be a sudden,
unexplained increase in account activity, both from cash and from non-cash items. An account
may be opened with a nominal balance that subsequently increases rapidly and significantly.
17. Limited use of services. Frequent large cash deposits are made by a corporate customer, who
maintains high balances but does not use the bank’s other services.
18. Inconsistent deposit and withdrawal activity. Retail businesses may deposit numerous
checks, but there will rarely be withdrawals for daily operations.
19. Strapped currency. Frequent deposits of large amounts of currency, wrapped in currency
straps that have been stamped by other banks.
20. Client, trust and Escrow accounts. Substantial cash deposits by a professional customer into
client accounts, or in-house company accounts, such as trust and escrow accounts.
21. Large amount of food stamps. Unusually large deposits of food stamps, which may not be
consistent with the customer’s legitimate business.
Methods to stop money laundering
Anti-money laundering (AML) is a term mainly used in the financial and legal industries to
describe the legal controls that require financial institutions and other regulated entities to
prevent, detect, and report money laundering activities. Anti-money laundering guidelines came
into prominence globally as a result of the formation of the Financial Action Task Force (FATF)
and the promulgation of an international framework of anti-money laundering standards. These

RSM 306
standards began to have more relevance in 2000 and 2001, after FATF began a process to publicly
identify countries that were deficient in their anti-money laundering laws and international
cooperation, a process colloquially known as "name and shame".
An effective AML program requires a jurisdiction to criminalise money laundering, giving the
relevant regulators and police the powers and tools to investigate; be able to share information
with other countries as appropriate; and require financial institutions to identify their customers,
establish risk-based controls, keep records, and report suspicious activities.
The role of financial institutions
While banks operating in the same country generally have to follow the same anti-money
laundering laws and regulations, financial institutions all structure their anti-money laundering
efforts slightly differently.[38] Today, most financial institutions globally, and many non-financial
institutions, are required to identify and report transactions of a suspicious nature to the financial
intelligence unit in the respective country. For example, a bank must verify a customer's identity
and, if necessary, monitor transactions for suspicious activity. This is often termed as "know your
customer". This means knowing the identity of the customer and understanding the kinds of
transactions in which the customer is likely to engage. By knowing one's customers, financial
institutions can often identify unusual or suspicious behaviour, termed anomalies, which may be
an indication of money laundering.
Bank employees, such as tellers and customer account representatives, are trained in anti-money
laundering and are instructed to report activities that they deem suspicious. Additionally,
antimoney laundering software filters customer data, classifies it according to level of suspicion,
and inspects it for anomalies. Such anomalies include any sudden and substantial increase in
funds, a large withdrawal, or moving money to a bank secrecy jurisdiction. Smaller transactions
that meet certain criteria may also be flagged as suspicious. For example, structuring can lead to
flagged transactions. The software also flags names on government "blacklists" and transactions
that involve countries hostile to the host nation. Once the software has mined data and flagged
suspect transactions, it alerts bank management, who must then determine whether to file a
report with the government.

RSM 306
READING LIST/SOURCE MATERIAL

Coenen, T (2008). Essentials of corporate fraud. Hoboken, NJ: Wiley; Chichester: John Wiley
[distributor]. (Essentials Series)
Giles.S (2013). Managing Fraud Risk: A Practical Guide for Directors and Managers. Wiley. London
Iyer, N. and Samociuk, M (2006). Fraud and corruption: prevention and detection. Aldershot:
Gower
Luijerink, D (2008). Corporate and financial fraud. Kingston upon Thames: Croner CCH
Pickett, K.H. Spencer (2007). Corporate fraud: a manager’s journey. Hoboken, NJ: Wiley;
Chichester; John Wiley [distributor]
Ramage, S (2006). A comparative analysis of corporate fraud. New York: iUniverse
Ramage, S (2006). Fraud: the company law background. New York: iUniverse
CFE MANUAL 2015 EDITION

Fraud Management

Uploaded by

Copyright:

Available Formats

Fraud Management

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fraud Management

Uploaded by

Copyright:

Available Formats

RSM 306

CHARTERED INSTITUTE OF RISK AND SECURITY MANAGEMENT

PROFESSIONAL DIPLOMA IN RISK & SECURITY MANAGEMENT

STRATEGIC FRAUD MANAGEMENT

Module RSM 306

• Published by: Chartered Institute of Risk and Security Management

CHARTERED INSTITUTE OF RISK AND SECURITY MANAGEMENT

"The Six Hour Tutorial Sessions"

Session I (Two Hours)

Session II (Two Hours)

Session III (Two Hours)

BEST WISHES IN YOUR STUDIES.

Page 6 of 109 CIRSM

Page 7 of 109 CIRSM

 Internal vs external fraud

Sometimes employees will rationalize the fraud by:

Page 8 of 109 CIRSM

The risk of internal fraud includes:

You may be at risk of internal fraud by employees who:

How to reduce the risk of internal fraud

Page 9 of 109 CIRSM

Step 5: Establish strong audit procedures: Step 6: Maintain security of information:

Step 7: Establish strong human resource

How to reduce the

Please refer to section on credit card and cheque fraud.

External fraud by suppliers includes:

Page 11 of 109 CIRSM

The Human Element of Fraud

Page 12 of 109 CIRSM

Page 13 of 109 CIRSM

Page 14 of 109 CIRSM

Page 15 of 109 CIRSM

THE FIRST ELEMENT: PRESSURE

Fraud is perpetrated to benefit oneself or to benefit an organization, or both. Employee fraud, in

Page 16 of 109 CIRSM

3. High bills or personal debt.

Page 17 of 109 CIRSM

Page 18 of 109 CIRSM

Page 19 of 109 CIRSM

Page 20 of 109 CIRSM

Page 21 of 109 CIRSM

Page 22 of 109 CIRSM

Page 23 of 109 CIRSM

THE THIRD ELEMENT: RATIONALIZATION

Page 24 of 109 CIRSM

Page 25 of 109 CIRSM

Page 26 of 109 CIRSM

Page 27 of 109 CIRSM

FA financial crime is any non-violent offense that is committed by or against an individual or

Who commits Financial Crime?

TYPES OF FINANCIAL CRIMES.

Page 29 of 109 CIRSM

Page 30 of 109 CIRSM

What is fraud analysis?

Page 31 of 109 CIRSM

Fraud analysis is therefore examination of the business functions of the organization so as to

5 ANALYSIS METHODS TO USE

Page 32 of 109 CIRSM