The role of the forensic accountant is rather like that of the detective: piecing together small threads of detail from disparate sources to build up as full a picture of an event as possible. Treasury Today talks to an experienced practitioner.
If a company knows or suspects that there is something very wrong with its books and internal audit and investigation cannot uncover the truth, an external forensic accounting expert may be required. Although it is estimated that the majority of fraudulent activity goes unnoticed, 53% of all organisations claim they have been subjected to an attack according to the 2015 Kyriba/UK Association of Corporate Treasurers (ACT) annual treasury survey. Fraud is an unwelcome part of everyday business and shows no signs of subsiding. In fact, in the UK alone, KPMG noted a 14% increase in 2014.
When something is amiss, because preliminary work will have been carried out internally to ascertain if there has merely been an accounting error, it is more often the case that a forensic expert will be called in to untangle a deliberate act of fraud, says Richard Abbey, Head of Global Forensic Accounting for Stroz Friedberg. Of course, not every case is one of fraud: he recalls some circumstances where financial record keeping has been so poor that company accounts have just become a mess and it has taken all the skill of the forensic expert to straighten up the books.
Call the experts
Where fraud has taken place, sums of money will often have been moved out as a very discrete set of seemingly insignificant micro-transactions. “When a company discovers money has gone missing it is the job of the forensic accountant to discover at what point it went missing and how that moment was accounted for,” explains Abbey. The key to solving the mystery lies in why this movement was not discovered straight away. In broad terms this will either be because the true purpose of where it went was recorded differently or it was disguised. Forensic accounting is thus all about piecing together information contained in both internal and external financial records in order to recreate the chain of events.
When fraud is suspected, unwinding transactions is like “reverse engineering,” says Abbey, starting as far forward as possible and moving backwards step-by-step to be able to tell when a payment was made, where it went, how it was described in the system and what it was that triggered it (such as an invoice or payment instruction, and who authorised it, which cost centre did it go to and so on). But other than the knowledge that something is not right, Abbey notes that there are few immediate warning signs with which a forensic investigation can commence; it can require a long and patient trawl through relevant data by skilled practitioners.
Of course, prevention is better than detection, but Abbey believes that it is becoming less effective for businesses to rely fully on internal networks and control mechanisms, such as segregation of duties, to protect financial assets. He argues that organisations need to run regular monitoring and analytics on all their transactions to be sure they have not been compromised. However, the issue is not now just one of fraud prevention and detection, but also one of regulatory compliance, as rulings around AML, bribery and corruption and fraud hit the stature books demanding that companies prove they have adhered to the rules.
Monitoring of all transactions would be exceptionally difficult for most large firms and internal audit tends to cover selected transactions and then only at certain periods in a year. Today however, technology is on hand in the form of ‘transaction monitoring’ which can help uncover anomalies across an entire group’s financial activity. Stroz Friedberg has developed its own analytical engine that uses complex algorithms to detect and flag up any irregular transaction patterns. Both this and systems such as FISCAL Technologies’ APForensics (which focuses on the procure-to-pay environment) provide real-time oversight of all transactions that internal audit alone could never achieve. The output of these systems, known as ‘red flags’, may not all be evidence of fraud but they are exceptions warranting further investigation drawn with reason from the mass of internal and external data (such as SWIFT transfers) as they happen.
Keep both eyes wide open
From a forensic accounting professional’s perspective, the level of fraud has remained fairly stable over the past couple of decades. Abbey notes that some larger organisations are tending to build out their own internal investigations and risk functions, so it is possible the need for forensic accounting teams are not being called into as many isolated situations where fraud is suspected as maybe were ten or fifteen years ago. “Where we are being called in, we are certainly seeing a larger variety of the types of threat that businesses are facing,” he adds. The role of the forensic accountant is very much intertwined with the detection and prevention of these threats.
In the last 18 months, for example, he notes a lot more use of ‘social engineering’ by external fraudsters. This, he explains, is a technique used to build up detailed profiles of individual employees, then using that information to trick them into making transactions. At a stroke this can side-step all the usual protective measures and prove difficult to spot until it’s too late. This might see a request to a remote treasury department from the CFO’s office or treasury HQ asking for an urgent payment to be made.
It may sound immediately suspicious reading it here, but the fraudsters will have obtained enough detail of all personnel involved, and current business operations, to be able to accurately spoof necessary electronic documentation, and appear credible to the unfortunate recipient. These communications often take place late in the day when the local individual’s instinct to double check is frustrated by time constraints. This is perhaps one of the few places where technology has a serious downside. Indeed, says Abbey, centralisation of functions ought to enable better control over those functions, “but having it highly digitised opens up a whole new raft of cyber-crime and the common lack of face-to-face communication makes it even easier to deceive people.”
It can’t happen here
Although many organisations still think fraud will not happen to them, and thus they prefer not to spend time and resources trying to prevent it, Abbey believes that the current push for financial regulation is starting to drive a response. Businesses have spent a lot of money in the past few years taking advice on internal control frameworks to ensure regulatory compliance, he notes. The next challenge is going to be in proving that these controls are working and being adhered to. “The most obvious way to do that is to carry out regular transaction monitoring, and if you’re not doing that then you have to query whether you really have implemented adequate controls.” Whilst he concedes that real-time monitoring of every transaction may be too much to ask, he feels it is “inevitable” that the regulators will eventually expect some kind of regular, retrospective design to control and capture compliance infringements. It is highly likely that the nature of fraud will change accordingly because locking down a business completely is never going to happen. The financial detectives will be needed for a while yet.