Uncovering a complex fraud scheme.

This is part two of a blog post series examining a worked exampled using fraud data analytics on a complex fraud scheme. Click here to access the first article.


In this post, we will look at how to use fraud data analytics designed to uncover the complex fraud scheme and the fraud audit procedures designed to provide credible evidence that the scheme is being perpetrated by the budget owner.

The fraud audit starts with using fraud data analytics to identify purchase orders and corresponding invoices that match the profile of the described fraud scheme. Once the sample is created, the auditor performs fraud audit testing procedures to determine if there is credible evidence to recommend an investigation.

Since the scheme starts with corrupting the bid process, as seen in part one, you can exclude all purchase orders below the dollar threshold for bidding. You might wonder what about splitting the purchase orders to stay below the bid level? Simple. That’s a different scheme. You can add the scheme to your list, but our approach is one scheme at a time.

The fraud data analytics should create two homogenous data files:

  • Purchase orders with no change to the total amount.

  • Purchase orders with changes to total amount.

Whether you create two physical files or one conceptual file is a matter of style. The next step is to link the invoices to each purchase order file.

The Importance of Smaller Files in Fraud Data Analytics

There’s a need to stress this point. We suggest creating smaller homogenous data files for three reasons:

  1. It is easier to see an anomaly in a smaller population.

  2. It is easier to see an anomaly when all transactions have high-degree of commonality.

  3. The human mind has a limited capacity to review reports and see an anomaly. Imagine if you created a report with no filtering, you might have a 1,000 page report. Enough said.

Fraud Data Analytics: Step-by-step

  1. Starting with the purchase order with no changes, you first need to summarize the quantity on the invoice, by purchase order number by invoice line item.

  2. Next, match invoices by line item to the purchase order line item.

  3. Create a report by budget owner by purchase order by line item. The report should calculate the difference in quantity both as a number and as a percentage. The report should also summarize total dollars by line item. The ease of this comparison will depend on the quality of the line item descriptions. Note: this may require some manual efforts to make the comparison.

  4. Now that you have made the comparison review the data for the suggested pattern that is identified in the fraud risk statement. I would suggest that you establish an arbitrary dollar change or percentage change for sample selection purposes.  A few notes:
    • Since the scheme is focusing on a budget owner, you will need general ledger information. If the person committing the scheme is a procurement officer, then you will need that identifying number.

    • The selected purchase orders should reflect both higher and lower quantities consistent with the scheme.

    • The sole purpose of the analysis is to identify purchase orders with changes to quantity or mix consistent with the fraud scheme.

    • Remember, fraud data analytics is about finding transactions that have a data pattern consistent with the fraud risk statement. The fraud auditor will need to perform fraud audit procedures to determine whether there is credible evidence to suggest the scheme occurred.

Enhanced Fraud Data Analytics

Other enhancements to the fraud data analytics include:

  1. Within the data file selected for sample, you should use the first record and last record feature by line item to search for unit price changes. The scheme does not usually have a unit price change online items, but you should look for the change regardless.

  2. For purchase orders with change, use speed of change analysis by comparing the original purchase order date to first purchase order change date. It is a glaring red flag when the purchase order change occurs in close proximity to the original date.

  3. For purchase orders with change, compute the number of changes. The number of changes may assist in establishing the intent factor.

  4. Also, compute speed of change by comparing the original purchase order date to last purchase order change date. The use of purchase order extensions may allow the scheme to occur for a long time.

Fraud Data Analytics: Continued

Next, we move onto the purchase orders with changes. Start with computing the dollar value of the change from the original purchase order amount to the final change order and the percentage of change.

Using the arbitrary amount, filter out the purchase orders with lower total dollar change or low percent of change. Now perform the same analysis as for purchase order with no change to the total amount.

If you have read my books, you will know that detection of the fraud scheme requires a multitude of strategies. You will first use specific identification to identify purchase orders and invoices; then internal control avoidance to identify changes and eventually data interpretation to select the sample.

Audit Process

The fraud auditor will need to determine the reason for the change in existing documentation. Most likely you will need to interview the budget owner about the changes.

The fraud auditor will also need to obtain independent evidence to support a conclusion of whether the change was foreseeable or whether the change was truly not foreseeable. If the change was foreseeable, you need to determine whether the budget owner was negligent or caused the change with intent to corrupt the bidding process.

As to overbilling, the fraud auditor should recreate all the vendors’ bids to determine if the lowest cost was selected based on the actual quantities versus the projected quantities. The following example illustrates the outcome of one our projects, we have simplified the analysis by only reflecting two vendors and three items. As you can see, the overbilling was significant. This analysis alone typically convinces management of the seriousness of the scheme.

Screen Shot 2018-08-29 at 2.35.06 PM

To learn more from Leonard, be sure to attend one of his upcoming seminars such as Fraud Audit School as well as Integrating Fraud Detection into your Audit Program. 

This article was previously published on Fraud Auditing Inc.'s blog.

Christin Hume