Cloud Accounting

Fraud in the Cloud

Written by Randy Johnston

Fraud is costing American businesses billions of dollars each year. The breadth and depth of fraud in the United States is documented in the latest Association of Certified Fraud Examiners (ACFE) biennial report. ACFE’s findings clearly demonstrate a need for more efficient and effective techniques for preventing and detecting fraud, which continues to drain profits and productivity from the U.S. economy.

Randy Johnston will present the session, FRAUD IN THE CLOUD: NEW RISKS IN A NEW ENVIRONMENT, at Accountex 2017.

The ACFE defines occupational fraud as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.”

These frauds have four common characteristics:

  1. The activities are clandestine.
  2. The activities violate the perpetrator’s fiduciary responsibilities and positions of trust within the employing organization.
  3. The activities are committed for personal enrichment, either directly or indirectly.
  4. The activities exact a cost on the employing organization.

Based on the latest estimates reported in the 2016 ACFE Report to the Nations on Occupational Fraud and Abuse, occupational fraud costs organizations 5% of their annual revenues, or about $3.7 trillion worldwide. The average loss amounts to $150,000 per instance, with 23% of all fraud losses exceeding $1 million.

Small businesses are disproportionally affected, both in incidence of fraud and in losses relative to earnings. Fraud schemes lasted a median of 18 months before discovery, with 32% lasting 24 months or more. More than 75% of frauds are committed within one of seven key departments – accounting, operations, sales, executive management, customer service, purchasing, and finance. Perpetrators in the accounting department are responsible for more than 16% of all frauds committed.

Occupational fraud falls into three broad categories:

  • Misappropriation of assets,
  • Corruption, and
  • Financial statement fraud.

In the 2016 ACFE report, misappropriation of assets was the leading source of fraud, representing 83% of cases, but it was also the least costly, causing a median loss of $125,000. Financial statement fraud was costliest, with a median loss of more than $975,000, but it made up less than 10% of the frauds identified in the report. Corruption schemes fell in the middle, comprising just under 35% of cases and causing a median loss of $200,000.

Behaviorally, fraud perpetrators often display warning signs that they may be engaging in fraudulent activity. The red flags most often exhibited are an individual or individuals living beyond their means (44% of all cases), and experiencing financial difficulties (38%). Quite often, multiple symptoms are present. Among the symptoms are divorce or other family problems (14%), drug or alcohol addiction (10%), never taking vacations (7%), or having past employment problems (7%). However, only 12% of fraudsters had ever been previously charged or convicted of a fraud-related offense.

Accounting System Controls

Don’t overlook the degree to which internal control can be achieved through commercially available accounting solutions. These solutions have many preventive and detective internal control measures that can reduce the risk of fraud.

Effective controls that can be implemented include the following:

  • Establishment of user IDs and passwords to control access to the system
  • Assignment of user rights and permissions to control access to functionality within the system
  • Identification of errors or irregularities through account reconciliations
  • Comparison of actual to budget variances to reveal irregularities or overspending
  • Generation of exception reports to reveal errors or irregularities
  • Identification of errors and irregularities through review of system-generated audit trails
  • Establishment of prices and price levels to ensure that sales are recorded at authorized levels with restrictions on price overrides in some systems
  • Restrictions on purchase order approval amounts by user
  • Automatic reorder functions to optimize inventory stocking levels

One of the most fundamental internal control procedures that should be employed by all organizations utilizing accounting solutions is the assignment of user IDs and passwords to individual users to control access to the system. The assignment of rights and permissions to each user imposes restrictions on the application areas and functionality that can be accessed.

The underlying principle is to give users the access needed to fulfill their job responsibilities and nothing more. For example, a warehouse clerk would be given access to shipping and receiving functionality but not be given access to payroll functions.

The degree to which controls can be enforced depends on the granularity of security settings within the system. This is especially true in the entry-level accounting market, where some solutions have very granular user security settings, and others do not.

For example, users can be prohibited from issuing credit memos (to cover up a fraud or defalcation) in some solutions but not in others. Similarly, the audit trails in some solutions record successful attempts to gain access to the accounting system while others log both successful and failed attempts to gain access to the system. The latter provides evidence of possible attempted fraudulent activity.

More sophisticated solutions use a role-based security model in which users or groups of users are assigned to predefined or customized roles within the accounting system. This method of managing rights and permissions works well in organizations where multiple users require the same system privileges.

For example, accounts payable clerks could be assigned to a predefined accounts payable (AP) role. Later, if the rights and permissions for AP clerks need to be updated, the system administrator can simply modify the role itself rather than the rights and permissions of individual users. Proper management and maintenance of each role is essential for this control procedure to be effective.

Tools and Techniques

There are a number of techniques and tools to detect fraud. Excel can be used to run general purpose

Online support. Toolbox with tools on laptop. 3d

analyses, including horizontal and vertical analysis, trend analysis, statistical measures and summarizations, stratifications, and regression analysis. Further, some Excel features look at large amounts of data easily. We can access data using Open Database Connectivity (ODBC), PowerBI, Queries, and PivotTables to analyze bonus and commission fraud, payments to fictitious vendors, and billing schemes including duplicate invoices.

As you learn more about fraud detection techniques, you can apply Benford’s law, apply common ratios in your analytical procedures and ratio analysis, and step up your game even further with tools like ActiveData, ACL, and IDEA.

We hope you never have fraud in your business, but the probability of both large and small fraud is high. Shouldn’t you be taking steps to detect and prevent fraud?

Note: Have you noticed the fraud reports? Have you taken any action? If your firm needs guidance on fraud prevention strategies, Accountex can connect you with resources to help you make the right decisions.

About the author

Randy Johnston

Randolph P. (Randy) Johnston, MCS has been a top rated speaker in the technology industry for over 40 years. He was inducted into the Accounting Hall of Fame in 2011. He was selected as a Top 25 Thought Leader in Accounting from 2011-2018. His influence throughout the accounting industry is highlighted once again this year by being a recipient of the 2017 Accounting Today Top 100 Most Influential People in Accounting award for the 14th consecutive year. Among his many other awards he holds the honor of being one of nine technology stars in the U.S. by Accounting Technology Magazine. Randy writes a monthly column for The CPA Practice Advisor, articles for the Journal of Accountancy, and creates articles for both accounting and technology publications, as well as being the author of numerous books. He has started and owns multiple businesses including K2 Enterprises in Hammond, Louisiana and Network Management Group, Inc. (NMGI) in Hutchinson, Kansas. NMGI has supported CPA firms for 30+ years and is the largest managed service provider serving the CPA profession in North America. His wife and four children enjoy many experiences together including theatre, music, travel, golf, skiing, snorkeling and model trains. Randy's experience as a college instructor, management and technology consultant, and advisor to the profession will be obvious to attendees at his conference presentations.

Leave a Comment