Misappropriation of Assets

Ask the Authors

Charles Owens
Executive Director
Ernst & Young LLP
+1 404 817 4464

Vincent Walden
Senior Manager
Ernst & Young LLP
+1 214 754 3941

This interview is part of an ongoing series of interviews with the authors

of the AICPAs The Guide to Investigating Business Fraud. This installment
focuses on chapter two of the book: Misappropriation of Assets.
Q. In chapter two, you point out the
substantial increase in the percentage
of occupational frauds detected due to
a tip in 2008 versus 2006. What can
companies do to increase the number
of tips received to detect occupational
fraud and to what do you attribute the
increase from 2006 to 2008?
A. We believe individuals are more likely
to report occupational fraud if a
company has an ethical reputation and
management has set a proper tone at
the top, where potential misconduct will
be aggressively investigated and remedial
action taken; while at the same time,
protections are given to those who report
such misconduct. As a result of corporate
scandals, corporate conduct has been a
focus of regulators and law enforcement,
as well as boards of directors. Companies
are expected to develop compliance
programs based on ethical conduct, and
take appropriate action when misconduct
is suspected. Increasingly, companies
recognize this need and are taking
steps to develop effective corporate
compliance programs. These efforts help
individuals recognize the importance of
reporting occupational fraud.
Q. Many companies are experiencing
fraudulent attempts at asset
misappropriation by outside parties
who present counterfeit checks for
payment. Why is this so prevalent and
what should companies do if they learn
of such fraudulent attempts, even if
they do not sustain losses?

A. Counterfeit check fraud continues to

be a significant problem for companies
and it represents a substantial challenge
for law enforcement. Many criminals
use sophisticated computer software
to produce counterfeit checks on a
large scale, making it unnecessary to
steal legitimate checks. Fraudsters use
various schemes to utilize those checks
to steal assets. The schemes include
cashing counterfeit checks at a bank or
check cashing agency to more complex
schemes where fraudsters attempt to
procure goods using counterfeit checks.
Companies should work with banks that
are equipped with programs designed to
prevent payment of checks not written
by the company. Whether or not losses
are sustained, companies should report
these types of fraudulent attempts to
law enforcement. By routinely receiving
such information, law enforcement can
look for patterns that may assist in the
identification of the fraudsters.
Q. Sometimes smaller companies do not
have the resources to perform due
diligence on vendors. What can they do
to minimize the risk of vendor fraud?
A. The principle that needs to be followed
when paying vendor invoices is to
know that the vendor is legitimate and
payment is being made for goods or
services actually received. All employees
who are involved in the approval and
payment of invoices should be keenly
aware of the internal control procedures
for approving invoices and paying

invoices. With appropriate internal

controls around the procurement of
goods and services, receipt of goods and
services, and payment of invoices, the
likelihood of falling victim to a fictitious
vendor scheme is substantially reduced.
Q. Of all the asset misappropriation
schemes you describe in Chapter 2,
what are the most common fraud
detection tests requested by your
clients?
A. The tests that we help design for our
clients are determined using industry- or
company-specific, risk-based approaches
to fraud detection. To deal with the wide
variety of risks and fraud schemes faced
by our clients, we maintain a library of
over 300 fraud detection tests, most of
which focus on asset misappropriation,
but also include corruption, bribery and
fraudulent misstatements. Our most
commonly requested tests include the
following areas:
1. Payment stream analysis: Altered
invoices, goods not received,
duplicate invoices, inflated prices,
excess quantities purchased
2. Vendor master/employee master
comparisons: Fictitious vendors,
vendor risk ranking, conflicts of
interest between employees and
vendors
3. Employee and P-card expenses:

Over limits, unusual expenses,
miscellaneous/sundry expenses,
unusual payments to consultants or
charities
4. Payroll: Ghost employees, unusual
payments, payments outside the
normal pay cycles, no deductions/
evaluations, duplicative direct
deposit account analysis
5. Bribery and corruption: Bid rigging,
conflicts of interest, contract
compliance, kickbacks, payments to
outside consultants and government
organizations
Q. Chapter two describes a unique way of
matching key words to components of
the Fraud Triangle. Can you describe
this methodology in more detail and
provide examples of the key words or
phrases you use for incentive/pressure,
opportunity and rationalization?
A. For years, the Fraud Triangle has been
a subjective framework for a fraud
investigation in order to obtain a
subjective viewpoint of the incentive/
pressures a suspect was under, the
available opportunities to commit
the fraud, and the rationalization
the suspect used to justify his
behavior. Given the explosion of email
communications in the past 15 years,
email has became a popular investigative

source of data to help identify the who,

what and when of key business events
or issues. However, email analysis and
the well-established Fraud Triangle
theory have never integrated until
now! In 2008, a team of Ernst & Young
executives teamed with the Association
of Certified Fraud Examiners (ACFE) to
develop a library of keyword terms and/
or phrases that seek to identify and
essentially provide an objective score
with respect to ones incentive/pressure,
opportunity and rationalization, based
on the keyword frequency of the terms
used in ones email or instant message
communications. This library contains
thousands of terms that describe:
Incentive/pressure: This list includes
such terms as under the gun, meet
the deadline, make the number,
not comfortable, stressed,
concerned and risk.
Opportunity: This list will change
based on the fraud scheme, but
can include terms such as off the
books, backdate, cookie jar funds,
smooth earnings, reserves, bribe
and facilitation payment.
Rationalization: This list can include
such terms as therefore, its OK,
I deserve, gray area, fix it later,
not hurting anyone, find out and
everyone does it.
By evaluating the keyword hits as a
percentage of the total documents for
a given set of email, investigators can
objectively rank a group of individuals.
Plotting keyword hits over time also
can be a powerful tool to spot the
components of the Fraud Triangle in
email communications. We are seeing a
lot of utility in Foreign Corrupt Practices
Act investigations, as we have translated
this list into eight languages where local
idioms and language-specific slang is
incorporated.
Have a question?
Click here to email Charles Owens.
Click here to email Vincent Walden.
About the book
Developed by the seasoned fraud
investigation team at Ernst & Young in
cooperation with the
AICPA, The Guide
to Investigating
Business Fraud
provides a clearly
defined framework
for approaching a
fraud investigation
from start to finish.
Each chapter in
this practical,

comprehensive resource is written by

subject matter experts on the issue under
discussion. The chapters are designed
so that they may be read individually as
self-contained reference guides for specific
topics of interest, or together as a holistic
overview of a fraud investigation.
About the editors
Click here for bios of the Ernst & Young
professionals who contributed to this book.

About Ernst & Young

Ernst & Young is a global leader in assurance,
tax, transaction and advisory services.
Worldwide,our 144,000 people are united
by our shared values and an unwavering
commitment to quality. We make a difference
by helping our people, ourclients and our
wider communities achieve their potential.
Ernst & Young refers to the global organization
of member firms of Ernst & Young Global
Limited, each of which is a separate legal
entity. Ernst&Young Global Limited, a
UK company limited by guarantee, does
not provide services toclients. For more
information, please visit www.ey.com
Ernst & Young LLP is a client-serving
member firm of Ernst&Young Global and of
Ernst&Young Americas operating in the US.
Fraud Investigation & Dispute Services
Dealing with complex issues of fraud,
regulatory compliance and business
disputes can detract from efforts to
achieve your companys potential. Better
management of fraud risk and compliance
exposure is a critical business priority
no matter the industry sector. With our
more than 1,000 fraud investigation and
dispute professionals around the world, we
assemble the right multidisciplinary and
culturally aligned team to work with you
and your legal advisors. And we work to
give you the benefit of our broad sector
experience, our deep subject matter
knowledge and the latest insights from our
work worldwide. Its how Ernst& Young
makes a difference.
This publication contains information in summary form
and is therefore intended for general guidance only. It
is not intended to be a substitute for detailed research
or the exercise of professional judgment. Neither
EYGM Limited nor any other member ofthe global
Ernst&Young organization can accept any responsibility
for loss occasioned to any person acting or refraining
from action as a result of any material in this publication.
Onany specific matter, reference should be made tothe
appropriate advisor.

www.ey.com/us/fids
2010 Ernst & Young LLP
All Rights Reserved.
SCORE no. WW0189
0910-1094697