Using Software to Sniff Out Fraud
In the 1920s, Frank Benford, a physicist at General Electric (GE), discovered an astonishing mathematical law: In just about any given set of numerical data, numbers occur as the first or second digit at a predictable rate. For example, “1” will appear as the first digit 31% of the time, but “9” will appear first only 5%. While that sounds unlikely, Benford tested lists of numbers from many different sources accounting ledgers, geographic data, even magazine articles — and found that the same probability persisted.
Applied to accounting, Benford's Law makes for a great way to check to see if numbers are fabricated (since when liars make up figures, they usually don't follow the same statistical pattern Benford identified). The law is now enjoying booming popularity as the basis for a fairly easy, routine test that's used to uncover accounting fraud. Easy, that is, if you have a sophisticated software package and enough high-powered computers to crunch numbers from reams of documents.
In 2002, Darrell Dorrell, a principal at accounting firm Financial Forensics in Lake Oswego, Ore., used a computer program to apply Benford's Law to more than 21,000 payroll records of a health-care company accused of defrauding investors. He found that the number “0” turned up as the second digit in the payroll records twice as often as it should have, and “5” showed up 60% more often than would be expected. With that information, plus lots more evidence from other tests, he reported to the company's receiver that the records “appear to be contrived.”
Fueled by fear
Benford's Law provides just one small example of the way in which technology used to uncover accounting fraud has been growing in both sophistication and popularity. The growth hasn't really been stimulated by technological innovation, which has mostly amounted to fine-tuning sleuthing programs so that they issue fewer false alarms, customizing such programs for use with new industries, and upping raw computing power so the programs can crunch more data. Instead, the boom is being fueled by accounting scandals, terrorism threats, and new regulations such as the Sarbanes-Oxley financial-disclosure law and the Patriot Act, which both require companies to be more vigilant about avoiding financial fraud and about keeping employees honest.
All of those threats “have made businesses more aware of the potential catastrophic damage to organizations that fraud presents,” says Toby Bishop, president of the Association of Certified Fraud Examiners. “In the past, companies were unwilling to spend money on solutions until they had a bad experience,” he adds. But over the past couple of years, “financial-statement fraud has risen to the top of the agenda.”
Partly, that's because of the weak economy, says Carolyn Newman, president and co-founder of Houston-based Audimation Services, which sells software that's used by forensic accountants. “When individuals have a financial need, or a need to protect their jobs, they're more likely to commit or participate in fraud,” she says.
Eye-grabbing results
However, despite the high-profile instances of malfeasance that have plagued Corporate America lately, the companies leading the charge to find fraud are trying to root out dishonest customers more than crooked executives. In the last 10 years, credit-card companies have cut their losses due to card theft in half using programs like Fair Isaac's (FIC) Falcon Fraud Manager, which flags potentially bogus transactions at checkout based on analysis of past spending patterns by cardholders. And software that's used to spot insurance fraud typically delivers a return on investment of more than 300%, says Bishop. “Those are figures that will grab the eye of any chief financial officer,” he adds.
Returns are so high because fraud-finding software, including programs used by auditors to check a company's financial records, is better than ever. While auditors typically sample small portions of data to check that accounting policies are being followed, now they can easily check every transaction, a capability identified by the oxymoron “100% sampling.”
“We're in a complex business environment where the number of transactions companies have to monitor has increased in conjunction with more regulation,” says Harald Will, chief executive of Vancouver (B.C)-based ACL Services, a leading provider of software for internal audits. ACL will debut its “Continuous Monitor” suite of software tools in mid-October. “Companies need to manage the risks, ensure that controls are working properly, monitor the integrity of transactions — and they need to do it continuously,” Will says. “The only way they can do that is with technology.”
Conflict checkers
Increasingly, companies are also using outside databases to look for relationships between potential new hires and business units, with an eye to uncovering conflicts of interest or illegal activity. The latest systems will scroll through payment information looking for suppliers that aren't listed in any online commercial database — a possible sign that they aren't legit — or that operate from addresses that have been associated with fraud in the past.
From its Springfield (Va.) home base, a company called I2 sells the “Analyst's Notebook,” a program developed for law-enforcement agencies but becoming more widely used in corporate settings. One of its corporate tasks is to check for conflicts of interest on a company's board of directors. The software will troll through open databases, like D&B (DNB) or LexisNexis, to look for connections between individuals and companies. Then it will illustrate the connections graphically, with lines connecting people and organizations.
“We can take three feet of written documents and turn them into a picture that shows relationships,” claims Jack Reis, I2's president. He has noted increasing demand from forensic accountants — those who look for fraud. “I expect we're going to see more,” he says.
Eliminate opportunities
Large accounting firms tend to develop their own, proprietary software for forensic accounting that performs many of the same checks as off-the-shelf programs. And internal auditors at companies that want to do detective work on the cheap often use basic desktop applications such as Microsoft Excel and Access (a database management program) to hunt for fraud. For example, they might use those programs to identify duplicate payments to the same vendor.
Eventually, says the ACFE's Bishop, basic accounting software will incorporate many of the tools that now come in Yorkanti-fraud programs. Even as that happens, companies that specialize in accounting technology will develop many more ways to either prevent fraud or find and close loopholes before they can be exploited. “Frauds that are possible will happen,” says Bishop. “The key is to minimize the opportunity.” And for the good guys, that's a never-ending task.
© Copyright © 2003 The McGraw-Hill Cos. All Rights reserved.