Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
MIS5208 – Data Analyt ics for IT Audi tors and Cybersecur i ty
EdFerrara,MSIA,[email protected]
Lecture02:TheNatureofFraud
Learn ing Outcomes
§ Fraudisaseriousissue§ Whatisfraud?§ Differenttypesoffraud§ Understandfraudagainstandonbehalfofanorganization§ Criminalandcivilfraud§ Fraudfightingcareers
FraudTheintenttodeceivetoobtainanunearnedbenefit.
Fraud:• Isanillegalactoracts(intentionalwrongdoing thatviolatesalaworlaws)• Includestheconcealmentoftheactoracts• Resultsinthe perpetratorsgaining financialbenefitfromtheact(monetizingthe
gains- cashoranothervaluablecommodity)
Examples:• Borrowingmoneyusingsomeoneelse’sidentity• Misrepresenttheprofitabilityofapubliclytradedcompanytoartificiallyinflatethe
company’sstockprice• Misrepresenttheprofitabilityofaprivatelyheldcompany,whensellingthe
company,tomakethebuyerbelievethecompanyisworthmorethanitactuallyis• Plantsmallquantitiesofvaluableoreonlandforsaletodeceivepotentialbuyers
aboutthevalueoftheland• Usingastolencreditcardtopurchasegoodsandorservices
• Oftenseeninconjunctionwithmoneylaunderingtohidetheproceedsofthefraud
FraudOther ExamplesFraudthatbenefits AnOrganization Fraudthatharms anorganizationImpropertransferpricingbetweenrelatedentities
Stealingmoney,property orfalsifyingfinancialrecordstocoverupatheft
Intentional improperrelated-partytransactionswhereonepartyreceivessomebenefitnotobtainableinanormalarm’slengthtransaction.
Intentionally misrepresentingorconcealingeventsordata
Legallytransferring(assignment)fictitiousormisrepresentedassetsor sales
Submitting claimsforservicesorgoodsnotactuallyprovidedbytheorganization.
Deliberatemisrepresentingorvaluingassets,liabilitiesorsalesinafinancialtransaction
Conductingbusinessactivities thatviolategovernmentstatutes,rules,regulations,orcontracts
Misrepresentingthefinancial statusofanorganizationtooutsidepartiesbyintentionallyfailingtodisclosesignificantinformation.
Assoc iat ion of Cert i f ied FraudExaminers§ Theworld'slargestanti-
fraudorganizationandpremierproviderofanti-fraudtrainingandeducation.
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
FraudCosts
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
FraudCosts
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
FraudCosts
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”
TheWizard of L ies
“Therearenoinvestments,”hesayswithchillingsimplicity.“Imadethemup.Itooksome
moneyfromsomepeopleandgaveitotherpeople.There’s
nothingleft.”
Fraud,Greed,DeceptionandConfidence
Source:Rorke, R. (2017). HBO’s Madoff movie is a powerful character study. New York Post. Retrieved from https://nypost.com/2017/05/19/hbos-madoff-movie-is-a-powerful-character-study/
Ponz i Schemes
Source: http://www.investologic.in/wp-content/uploads/2014/03/Ponzi-Schemes.jpg
Source: http://thelabeconomics.blogspot.com/2013/01/our-whole-economy-is-ponzi-scheme.html
Types of Fraud
Victim Thetargetorganization
Perpetrator Employeeoroutsiderwho“cons”employees
Victim(s) Shareholders
Perpetrators Corporate officers
AgainstanOrganizationorIndividual OnBehalfofanOrganization
Secur i t ies Fraud§ Pennystockfraud§ Stockpricerisesdueto
brokerbuyingthestockartificiallyinflatingtheprice
§ Usingfalsereportingandmanipulativebusinessactivities
§ http://www.fbi.gov/cleveland/press-releases/2014/penny-stock-fraud-nets-millions
§ http://www.wsj.com/articles/sec-charges-two-with-penny-stock-fraud-1405716923
FraudC lass i f i cat ionOccupationalFraud- AFCE Description
Assetmisappropriation Misuseofanorganization’sassets
Corruption Influencewrongfullyusedtochangetheoutcomeofabusinesstransactionforthebenefitoftheperpetrator
Fraudulentfinancialstatements Adulteration offinancialstatementstohideoroverstatefinancialperformance– fraudulentlyinfluencinginvestorinterest.
Victim Perpetrator
Companyor Organization Employeeembezzlement – employeeistheperpetratorVendorfraud – vendoristheperpetratorCustomer fraud– customeristheperpetrator
Shareholders,debt-holders oftheorganization
Management
Investor(Stock,Bond,RealEstate)
Dishonest brokerages,individuals
Miscellaneous Probablytoo manytoname,counterfeitRolexwatches,PokeMoncards,etc.
Types of FraudTypeofFraud Perpetrator Victim Explanation
Employeeembezzlement Employees Employer Employeesusetheirpositionstotakeordivertassetsbelongingtotheiremployer.Thisisthemostcommontypeoffraud.
Vendorfraud Vendors Theorganizationtowhichthevendorssellgoodsorservices
Vendorseitheroverbillorprovidelowerqualityorfewergoodsthanagreed.
Customerfraud Customer Theorganizationwhichsellstothecustomers
Customersdon'tpay,paytoolittle,orgettoomuchfromtheorganizationthroughdeception.
Managementfraud(Financialstatementfraud)
Management Shareholdersand/ordebt-holdersandregulators(taxingauthorities,etc.)
Managementmanipulatesthefinancialstatementstomakethecompanylookbetterthanitis.Thisisthemostexpensivetypeoffraud.
Investmentscamsandotherconsumerfrauds
Fraudperpetrators(all)
Investors ThesetypesoffraudsarecommittedontheInternetandinpersonandobtaintheconfidenceofindividualstogetthemtoinvestmoneyinworthlessschemes
Other(Miscellaneous)typesoffraud
Fraudperpetrators(all)
Allkinds—dependsonthesituation
Anytimeanyonetakesadvantageoftheconfidenceofanotherpersontodeceivehimorher.
EmployeeEmbezz lement
§ Occupationalfraud(mostcommon)§ Employeesstealcompanyassets§ Isdirectorindirect
§ Direct:employeedirectlystealscompanycash,inventory,tools,supplies,orotherassets
§ Indirect:employeetakesbribesorkickbacksfromvendors,customers,orothersforlowersalesprices,higherpurchaseprices,nondelivery ofgoods,orthedeliveryofinferiorgoods
§ Example:CVCConstruction(direct)
Vendor Fraud
§ Twomainvarieties:§ throughvendorsalone§ throughcollusionbetweenbuyersandvendors
§ Usuallyresultsin:§ overchargeforpurchasedgoods§ shipmentofinferiorgoods§ Nonshipment ofpurchasedgoods
§ Example:Halliburton
Customer Fraud
§ Whencustomers§ donotpayforgoods§ paytoolittle§ getsomethingfornothing§ deceiveorganizationsintogivingthemsomethingtheyshould
nothave§ Example:ChicagoBank
§ $525KCashier’sCheck§ $70MtoSwissBankAccounts
Management Fraud
§ Financialstatementfraud§ Topmanagementdeceptivelymisstatesfinancialstatements§ Examples:
§ Enron§ WorldCom§ Sunbeam
© 2016
InvestmentandConsumerFraud§ Worthlessinvestmentssoldtoinvestors§ Examples:
§ Ponzischemes§ Telemarketingfraud§ Nigerianletterormoneyscams(419)§ Identitytheft§ Advancefeescams§ Redemption/strawman/bondfraud§ Letterofcreditfraud§ Internetfraud
© 2016 Cengage Learning. All Rights Reserved. May not be scanned, copied, or duplicated, or posted to a publicly accessible website, in whole or in part.
United States Fraud StatutesStatute Title&Code Description
BriberyofPublicOfficialsandWitnesses
Title18,USCode§201 Briberyispunishable byuptofifteenyearsinprison,threetimesofthevaluegivenorreceived,anddisqualificationoftheofficerinvolved.
Anti-kickbackActof1986 Title41, USCode§51to58 Thegiving orreceivinganythingofvaluebyasubcontractor,toaprimecontractorinUSgovernmentcontractsisillegal.Violationsarepunishablebyafineandupto10yearsinprison.
MailFraud Title18, USCode§1341 The useofthemailsystemtodefraudanotherindividualororganizationisillegal.Violationsarepunishablebybothfinesandimprisonment.
BankFraud Title18,USCode§1344 Protects banksfromfraudbycustomers,officers,employees,andownersofabank,creditunionandotherorganizationsinsuredbyaUSfederalagency.
RacketeerInfluencedandCorruptOrganizations(RICO)Statute
Title 18,USCode§1961 Prohibits“racketeeringactivity”– twoormoreenumerated criminalviolationsthatcrossstatelines.
ComputerFraud Title18,USCode§1030 Punishestheintentional unauthorizedusetoa“protectedcomputer”forthepurposeofobtainingrestricteddatapertainingtonationalsecurity,confidentialfinancialinformation,committingfraud,damaging,ordestroyinginformationcontainedinthecomputer.
Securities Fraud Rule10(b)5Securities Actof1934,§17(a) Theuse ofmaterialinsideinformationtoinfluencethepurchaseorsaleofcompanysecuritieseitherdirectlyorthroughanexchangeisillegal.
ForeignCorruptPracticesAct(FCPA) Title15,USCode§78m,78a(b),78dd-1,78dd-2,78ff
Itisillegaltobribeforeignofficials
TaxEvasion Title26,USCode§7201
Chinese Fraud Statutes§ Chinahastwosetsoflawsrelatedtobribery:
§ Onesetoflawsdealswithpaymentsgiventostateofficials,andadifferentsetappliestocommercialbriberybetweenprivatepersons.Lawsthatcriminalizeofficialcorruption,definedaspaymentstostateofficials,includeArticles389–95ofthePRCCriminalLaw.
§ Aseparatesetoflawsdealswithcommercialbribery.CommercialbriberyisprohibitedbyArticle8oftheAnti-UnfairCompetitionLaw(AUCL)andbyArticle163ofthePRCCriminalLaw.
§ PRCCRIMINALLAW,supranote18,atarts.389–95(amended1997).Article389provides:§ Anyone,whoviolatesthestateregulationsbyofferingmoneyorpropertytoa
statefunctionarywhileengaginginabusinesstransaction,wheretheamountinvolvedisrelativelylarge,orviolatesthestateregulationsbyofferinganykickbacksortransactionfeestoastatefunctionarywhileengaginginabusinesstransaction,shallbetreatedashavingcommittedthecrimeofbribery.
Source: Chow, D. (2012). The Interplay Between China’s Anti-Bribery Laws and the Foreign Corrupt Practices Act. Ohio State Law Journal, 73:5.
Cr imina l and C iv i l F raud Laws
Various claims may be joined in one actionOnly one claim at a timeClaims
Parties may stipulate to a less than unanimous verdict
Unanimous verdictVerdict
Filing of a claim by a plaintiffDetermination by a grand jury that sufficient evidence exists to indict
Initiation
May consist of fewer than 12 personsJury must have 12 peopleJury
"Preponderance of evidence""Beyond a reasonable doubt"Burden of Proof
Restitution and damage paymentsJail and/or finesConsequences
To obtain a remedyTo right a wrongPurpose
CIVIL CASECRIMINAL CASE
Civ i l Law§ ThecivillawsystemisderivedfromtheRomanCorpusJurisCivilus ofEmperor
JustinianI;itdiffersfromacommon-lawsystem,whichreliesonpriordecisionstodeterminetheoutcomeofalawsuit.MostEuropeanandSouthAmericancountrieshaveacivillawsystem.Englandandmostofthecountriesitdominatedorcolonized,includingCanadaandtheUnitedStates,haveacommon-lawsystem.However,withinthesecountries,Louisiana,Quebec,andPuertoRicoexhibittheinfluenceofFrenchandSpanishsettlersintheiruseofcivillawsystems.
§ IntheUnitedStates,thetermcivillawhastwomeanings.OnemeaningofcivillawreferstoalegalsystemprevalentinEuropethatisbasedonwrittencodes.Civillawinthissenseiscontrastedwiththecommon-lawsystemusedinEnglandandmostoftheUnitedStates,whichreliesonpriorcaselawtoresolvedisputesratherthanwrittencodes.Thesecondmeaningofcivillawreferstothebodyoflawsgoverningdisputesbetweenindividuals,asopposedtothosegoverningoffensesthatarepublicandrelatetothegovernment—thatis,civillawasopposedtoCriminalLaw.
Source: https://legal-dictionary.thefreedictionary.com/civil+law
USCr imina l vs . C iv i lCriminal Civil
Purpose ToRightaWrong Toobtain aremedy
Consequences Jailandorfines Restitutionanddamagepayments
BurdenofProof Beyondareasonabledoubt Preponderanceofevidence
Jury Jurymusthave12people Mayconsistoffewerthan 12persons
Initiation Determinationbyagrandjurythatsufficientevidenceexiststoindict
Filingaclaim bytheplaintiff
Verdict Unanimousverdict Parties maystipulatetoalessthanunanimousverdict
Claims Onlyoneclaimatatime Variousclaimsmaybejoinedinoneaction
Fraud Invest igat ion Careers
§ AnalyticalSkills§ Examinedataforsymptomsof
fraud§ CommunicationSkills
§ Effectivelyinterviewwitnessesandsuspects
§ Communicatefindingstowitnesses,courtsandothers
§ TechnologicalSkills§ Searchforfraudbyeffectively
usinginformationsystems
§ AccountingandBusinessSkills§ LegalSkills
§ Civilandcriminallaw§ Criminology§ Privacyissues§ Employeerights§ Fraudstatutes§ Otherlegalfraud-relatedissues
§ Languageandculturalskills§ Theabilitytospeakandwritein
aforeignlanguage§ Aknowledgeofhumanbehavior
Skills
Becomea Cert i f ied FraudExaminer
§ BeanassociatememberoftheACFEingoodstanding§ Meetminimumacademicandprofessionalrequirements:
§ Bachelor’sDegree§ Twoyearsofprofessionalexperiencedirectlyorindirectly
relatedtofraudexamination§ Beofhighmoralcharacter§ PasstheCFEExamination§ AgreetoabidebytheBylawsandCodeofProfessionalEthics
oftheACFE
USFraud- f ight ing Careers
© 2016 Cengage Learning. All Rights Reserved. May not be scanned, copied, or duplicated, or posted to a publicly accessible website, in whole or in part.
Lawyers provide litigation and defense work for companies and individuals being sued for fraud and provide special investigation services when fraud is suspected.
Law firms
Serve as an independent consultant in litigation fraud work, serve as expert witness, consult in fraud prevention and detection, and provide other fee-based work.
Consulting
Prevent, detect, and investigate fraud within a company. Includes internal auditors, corporate security officers, and in-house legal counsels.
Corporations
Conduct investigations, support firms in litigation, do bankruptcy-related accounting work, and provide internal audit and internal control consulting work.
CPA firms
FBI, postal inspectors, Criminal Investigation Division of the IRS, U.S. marshals, inspector generals of various governmental agencies, state investigators, and local law enforcement officials.
Government and law enforcement
TYPE OF CAREERTYPES OF EMPLOYERS