Fraud Prevention, Detection and Investigation in the Payday Advance Industry
1. Fraud Prevention, Detection and
Investigation in the Payday Advance
Industry
D. Michael Costello, CPA•ABV,
CFE
2008 CFSA Annual Meeting and Conference
Las Vegas, Nevada
March 6, 2008
2. Overview
 What are fraud and embezzlement?
 How do fraud and embezzlement happen in the
payday advance industry?
 What steps can be taken to prevent fraud and
embezzlement in our business?
 How is fraud detected?
 How do we investigate fraud?
3. Who is committing fraud?
Other Employees
Outsiders <$100,000
Managers <1 Year $100,000–$1 million
Managers 1+ Years >$1 million
5. Fraud and Embezzlement Defined
 Fraud: a misrepresentation or false statement
knowingly made to a victim who relies on it and
incurs detriment or harm as its result to the
benefit of the perpetrator
 Embezzlement: ―the fraudulent appropriation of
property by one lawfully entrusted with its
possession‖ (Black’s Law Dictionary)
6. The Nature of Fraud
 Schemes are always hidden or concealed—
absence of fraud can never be absolutely proven
 Courts (juries) are the final arbiter of whether or
not a fraud has occurred
 Certified Fraud Examiners can only conclude
that there is an appearance of fraud
7. Categories
 Means of concealment
– Lack of documents
– Creation of fake documents
 Basic classes of fraud
– Internal
– External
 Relation to accounting
– On-book
– Off-book
8. External Fraud
 Committed by people outside the business, or by
the business itself against a third party
– Bank fraud
– Investor/securities fraud
– Health care fraud
– Defense contracting fraud
– Bankruptcy fraud
9. Internal Fraud
 Committed against an entity by its own
employees, officers, or directors
– Embezzlement
– Theft of petty cash
– Misappropriation of inventory
– Payroll fraud
– Expense account schemes
10. On-book Fraud
 Money is diverted from regular accounts, or the
books are manipulated
 The books and records provide evidence
11. Off-book Fraud
 Diverted money or assets never reach the
financial statements
 Very hard to discover/prove
 When evidence does turn up, intent is
convincingly established
12. Fraud in the Payday Industry—
Case Study
 A remote location of a chain had a lack of oversight and
of internal controls
 Manager’s authority:
– sign checks
– make computer entries
– make deposits
– keep customer records
– prepare and sign payroll checks
– receive and reconcile bank statements
 What’s wrong with this picture?
13. Concentration of Duties
 When one person has certain combinations of
responsibilities, he can cover his own tracks
 The manager had been there several years—
ownership, to its cost, trusted him
 Manager pocketed cash while entering the
payments as being made
 Thus, bank and customer records differed—but
no one reconciled them
14. Other Lapses of Oversight
 Bookkeeper never questioned checks being
cashed instead of deposited, commission
advances not being repaid, bad checks from the
manager not followed up on—was too busy
dealing with many locations
 Management dismissed the branch’s poor
performance as ―to be expected for a small
town‖
15. Endgame
 New bookkeeper quickly noticed something was
wrong
 But by the time management had it checked out,
all the records had been destroyed
16. Other ―War Stories‖
 Employee ―Hotline‖ used to detect fraud
 Performance of ―Fraud Risk Assessment‖
procedures
 Investigation of ―trusted‖ bookkeeper
17. Fraud Prevention
 TEEAM
– Timely
– Effective
– Efficient
– Accurate
– Mobile
18. Timely
 Especially in a cash-intensive business like
check advance, timely data is critical
 Be ahead of the situation—err on the side of
overprotection
 Analyze data daily to find anomalies, and act on
them immediately
– Problems are caught quickly
– The tone discourages illegal activity
19. Effective and Efficient
 Use information that is relevant and correlated
with the problem
– Daily deposit totals are a critical variable
– Count of checks held v. internal or industry norms
can be useful
 If data’s not relevant, don’t bother with it—
you’ll just waste time you could use on
something more important
20. Accurate
 The data used must properly reflect what it
appears to
 Test the accuracy of counts regularly (e. g. by
physically counting held checks)
21. Mobile
 Managers should visit stores regularly
 Each should have just a few stores, and should
know and closely observe those stores
22. Operating Procedures
 Communicate to employees by way of a manual
 Routine ―surprise‖ audits of centers
 Weekly management audits of center results
 Monthly full audits
– Review held checks
– Sample-test petty cash
– Verify that appropriate reports are being used
– Report to audit committee, senior managers, and (for serious issues) to the
full board of directors
– Follow up immediately
 Twice/year collections audits
 Employee ―Hotlines‖
23. Internal Control
 Main Categories
– Financial Reporting
– Safeguarding of Assets
 Five Components
– Control Environment
– Risk Assessment
– Information/Communication
– Control Activities
– Monitoring
24. Control Environment
 ―Tone at the top‖
 Integrity/ethics
 Commitment to competence
 Role of board and audit committee
 Philosophy and operating style
 Organization structure
 Assigning authority and responsibility
 HR policies and procedures
25. Risk Assessment
 Operating environment
 Information systems
 Growth of products/customers/employees
 New technology
 New accounting pronouncements
26. Information and Communication
 Refers to all of the operations performed on
transactions and conditions to maintain
accountability for assets, liabilities, and equity
28. Monitoring
 Assessment of the quality of internal control
over time
 May be ongoing activities, discrete evaluations,
or a mix
29. Opportunity to Commit Fraud
 Assets susceptible to misappropriation
 Lack of internal control
30. Symptoms of Misappropriation
 Accounting—Suspicious  Analytical—Unusual
items in the records relationships/events
– Manipulated source – Odd time or place
documents – Participants who wouldn’t
– Journal entries that are normally be involved
somehow not normal – Odd policies/procedures/
– Disagreement between practices
records and physical – Excessive (or deficient)
counts (or other records) frequency
31. Fraud Detection Interviews
 Conduct with all employees—not a sign of a
specific suspicion of a person
 Establish rapport and get basic facts first
 Then move on to the fraud-related questions
32. Questions to ask:
 Do you understand the purpose of this
interview?
– Again, note this is not an accusation
 Do you think fraud is a problem for business in
general?
 Do you think this company has a problem with
fraud?
 If employees or managers are stealing from the
company, why do you think they would do it?
33. More Questions
 If you knew another employee was stealing from
the company, what would you do?
 Do you know anyone that might be stealing or
taking unfair advantage of the company?
 Suppose someone who worked at the company
decided to steal or commit fraud. How could he
or she do it and get away with it?
34. Even More Questions
 In your opinion, who is beyond suspicion when
it comes to committing fraud at this company?
 Did you ever think about stealing from the
company even though you didn’t go through
with it?
 Is there any information you wish to furnish
regarding possible fraud in this company?
35. Investigation of Probable Fraud
 Undercover police work
 Physical/electronic surveillance
 Informants
 Lab analysis
 Interviews
 Public records checks
– County recorder’s office
– Subscription database
 Checks of other databases
 Analytical procedures
36. The Forensic Accountant (CFE)
 After a hypothesis or allegation has been made,
the forensic accountant seeks to support or refute
it
 Goals:
– Independent confirmation
– Presentation of conclusive evidence
– Determine motive, co-conspirators
– Trace funds to their final location
37. Methods of Investigation
 Documents and Records of the Victim
– How the scheme was devised
– What areas were compromised/corrupted
 Witness Interviews
– How it was carried out
– Why it was done
 Public and Business Sources
– Can provide a variety of data
38. Financial Analysis for Fraud Detection
 Horizontal analysis—trends in like items over time
 Vertical analysis—relations between items of the same
set financial statements
 Actual v. Budget
 Compare to competitors or trade-group data
 Double-entry analysis
 Review G/L, journal entries
 Review contracts, agreements
39. ―To Do‖ List
 Implement a ―Fraud Risk Management‖ program
covering Prevention, Detection and Response
 Where are you at risk for fraud?
 Consider internal and external opportunities
 Develop a written Plan of Ethics and Code of Business
Conduct that is communicated ―from the top‖
40. ―To Do‖ List
 Basic things to implement –
– Segregate financial and accounting duties
– Duplicate sensitive tasks, such as requiring two
signatures on checks over a certain amount
– Require employees to take annual vacations
– Reconcile all bank accounts
41. ―To Do‖ List
 Basic things to implement –
– Use passwords and IDs on computer files
– Restrict unauthorized access to offices and computer
– Train supervisors and managers to spot fraud, and
– Perform internal and external audits that include
fraud prevention measures