September 2006

Computer and Human Intelligence: A Winning Audit Combination

A combination of computer and human intelligence can be the missing ingredient needed to solve cases involving fraud, as an internal auditor working for an insurance company discovered.

Chetan Dalal, CIA, CISA, FCA, CFE
Investigation Specialist

Computers have invaded every sphere of life to such an extent that it is said even criminals need IT skills. Undeniably, in a world of exponentially increasing information, people lack the speed and accuracy of a computer's complex data processing capabilities. Regardless of their speed and capabilities, there are many activities computers cannot do. Computers cannot make any decisions other than what they are programmed to do. In addition, computers cannot deceive, lie, or fabricate data, and they cannot spot or recognize deceit. The inability of computers to spot deceit is a major limitation during fraud investigations, because to identify a fraudster, it is necessary to think like one. Hence, computers and people are indispensable.

The need of the day is a combined computer-human effect or comp-human effect. This comp-human effect is even more pronounced for internal auditors who, in their quest to find the truth, must gather evidence to support their conclusions. For instance, thanks to digital tools such as computer-assisted audit techniques (CAATs), auditors can go through increasingly high volumes of data a lot faster. However, the real value of the audit report lies in the judgment and experience of the internal auditor who must give meaning to the data. The following case study of a reported cash theft in a retail company illustrates how an auditor's comp-human effort revealed an astonishing finding.

THE CASH THEFT

A retail store in Northern India was robbed on Jan. 5, 2006. According to the police report, the culprits broke into the store through a rear fire exit at approximately 2 a.m. when the store's security guards were making their rounds in another area of the store. The thieves made their way to the second floor, where the store manager's room and cash room were located. On the way to the cash room, the intruders stole a couple of mobile phones in one of the display cases. The burglar alarm was deactivated, a fact the thieves knew ahead of time, in addition to knowing where the cash safe and cash room keys were kept — in a locked drawer in the store manager's room.

After breaking into the store manager's room, the thieves opened his drawer, retrieved the safe's keys to open the cash room, unlocked one of the two cash safes, and emptied all of the safe's cash contents — a little less than US $100,000. After retrieving the money, the intruders escaped from the same fire exit they used to enter the building. Given the time constraints, the thieves only could open and empty one of the safes. When the guards inspected the rear fire exit area again at around 2:25 a.m., they saw the open fire exit door and raised the alarm.

The police were called to investigate the robbery. The investigation consisted of interviews with the security guards, cashiers, housekeeping staff, and other store employees, as well as a fingerprint expert analysis that didn't find anything noteworthy. An insurance claim was made with the insurance company.

The police investigation reported that the theft was well planned and executed. The burglar alarm was deactivated prior to the theft with the help of a store employee, and the culprits could have been anyone - from any of the 15 senior staff members and former senior employees to an outsider. In addition, the day of the theft was a Sunday, the busiest day of the week. The police also deduced the robbery took approximately 20 minutes to complete - one patrol round took 25 minutes — leaving the thieves sufficient time to make their escape and be a safe distance away from the store before the patrol guards reappeared.

Because the investigation did not reveal any specific clues or leads and there had been a spate of robberies in the vicinity by an elusive gang, the police concluded the store was the gang's latest victim, gave up the chase, and put the case in a dormant file. The company was advised to write off the loss, reinforce its security arrangements, and use better security tools.

FRAUD INVESTIGATOR USES COMP-HUMAN APPROACH

Although the police investigation had ended, the insurance company had to conduct its own investigation. The insurance company's fraud investigation expert instantly noticed two abnormalities. First, why did the thieves steal two cheap mobile phones when there were many other small-sized, high-value items on display that could have fetched more money and could have been carried out easily as well? Second, he noticed the messy and disorderly state of the entire cash room, which had loose papers, boxes, and cartons strewn all over the place. If the thieves planned the theft with such a degree of precision, they must have known exactly where to get the keys to the safe, what to look for, and what to take away. They would not have had the time or need to search for anything at all. It was unlikely that within approximately 12 minutes in the cash room, the thieves could have searched through 25 boxes and bags containing old gift coupons and vouchers. Considering these anomalies, the fraud expert decided to adopt a comp-human approach that used CAATs and his investigative skills.

According to the store's point of sales (POS) system report for January 5, the total cash on hand minus the cash intact in the unopened safe was US $99,550. The POS system at the store was a stand-alone computerized system for sales and collections. The company's headquarters only received summarized sales and collections data for this location on a daily sales report sent by the store's chief cashier. As a measure of internal control, barring the chief cashier, all cashiers had limited privileges in the POS system. In addition, only the chief cashier had a computer, which consisted of a hard disk drive uploaded with Microsoft Office, to facilitate the preparation and sending of daily management information system (MIS) reports to the corporate headquarters. The investigator decided to use the chief cashier's terminal to examine the POS sales and collection data, as well as check the exact amount stolen.

THE COMP-HUMAN EFFECT PAYS DIVIDENDS

The POS sales database contained plenty of financial and nonfinancial data on sales and collections, including the start and end time of each transaction. The fraud investigator was able to download sales data for the last three months, obtaining nearly 75,000 transactions. He then conducted a multi-dimensional data analysis to identify abnormal trends, using appropriate querying facilities in the audit software.

Because his initial effort failed to reveal anything new, the investigator decided to make one more effort to examine the data using a time-dimension analysis. His effort paid off. The investigator found abnormal sales during late night, nonworking hours, on the day before the theft, which had unusually large values. This was a strange finding, because the store did not have the license to remain open after 11 p.m. He pursued this investigation by using a data extraction query and found that the total of these late-night transactions, all of which took place under the chief cashier's identification number, was US $99,550, which happened to be the exact amount of the cash theft.

THE REALITY BEHIND THE CASH THEFT

Suspecting the cashier's involvement, the investigator obtained management's permission to conduct a forensic analysis of the cashier's terminal. He used a forensic tool to recover deleted Word and Excel files. The recovered files provided him with sufficient information to understand the truth behind the cash theft — there was no cash theft at all. The theft was an internal embezzlement scheme made to appear as one of the local robberies. The cashier and store manager were involved in inventory manipulations that resulted in accumulated stock shortages of US $99,550. These shortages built up over a period of time by paying inflated suppliers' bills for lesser quantities received or under billing customers for greater quantities in exchange for personal favors. To cover up the stock shortages, the fraud duo recorded fictitious stock sales after 11 p.m. on the day before the mock theft. However, this left them with a fictitious cash collection for which they skillfully staged a robbery.

Because the MIS report did not indicate the specific time of the sale, there was no risk of spotting the fictitious sale. The day chosen was a clearance-sale day, so the abnormally large cash balance was camouflaged easily. The only problem was the police investigation. However, because the store manager had good contacts with the local police station, he was able to focus the police's attention on the local robberies and get the investigation completed quickly.

The duo also took all the necessary steps to make it appear as though there was a robbery. The two safes had the real and artificial cash balance, respectively, and only the safe with the artificial balance of US $99,550 was made to appear as though it was robbed. The theft of mobile phones, clearing the safe of all items, and the disorderly appearance of strewn boxes in the cash room were merely cosmetic touches to lend more credibility to the theory of a robbery. The cashier remained in the vicinity of the store near the rear fire exit until 2 a.m. When the security patrol passed by, the chief cashier opened the rear fire exit lock, simulating a break in attempt. During the ensuing investigation, the store manager and chief cashier drew the police's attention to a previously dismissed cashier as the red herring.

THE COMP-HUMAN EFFECT AND INTERNAL AUDITING

Thanks to the comp-human approach, the retail store was able to identify the culprits and recover part of the money stolen. Without the use of computers, the performed data analysis, data recovery, and advanced digital tests on 75,000 transactions across 25 fields would have been unthinkable: Late night sales and recovery of deleted files that furnished all the information would not have been found.

On the other hand, the computer itself would not have known or realized that late night sales of high value were abnormal. A person was needed to understand the value of all this information. The human element complemented the computer's phenomenal capability to furnish the hidden reality.

As part of their duties, internal auditors identify physical, financial, and IT controls during audit investigations. Each control has its own place and indispensability and complements the others. No audit finding will be complete without the other two. To accomplish the best results in such an environment, the comp-human approach is essential.

Chetan Dalal, CIA, CISA, FCA, CFE, is a practicing chartered accountant, investigation specialist, and information systems auditor in India. He has authored several publications, including Detection of Frauds, Audit Procedures and Reporting in Circumstances of Incomplete Records, Case Studies on Detection of Frauds, and Audit Practice and Procedures with Special Emphasis on Detection of Frauds. Dalal also runs workshops on fraud detection for the Institute of Chartered Accountants in India, is the director of the India Chapter of the Association of Certified Fraud Examiners, and is a member of the Bombay Chartered Accountants Society's Research Committee.

 


Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.

Name:

Email:

Subject:

Comment:

To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>

April 2012 IA Online Cover

CCH 2012-2

 

 Write for Gaming Auditorium

Write for FSA Times

 

 Twitter

facebook IAO 

IA APP