Вы находитесь на странице: 1из 76

Vol. 27, No.

1, January/February 2012
A P UB L I CAT I ON OF T HE AS S OCI AT I ON OF CE R T I F I E D F R AUD E X AMI NE R S
THE
Tell-Tale Signs
of
Deception
PLUS Fraud in Houses of Worship, PG. 18 Collegiate Athletics Fraud, PG. 24 Overachieving Fraud, PG. 36 Data Breaches, Part 3, PG. 40
If Every Employee and Supplier
Displayed Model Behavior
ACFE 2010. All Rights Reserved
In a perfect business world, every employee and third-party supplier would display model business behavior, and there
would be little need for anti-fraud programs. But, in the real business world, occupational fraud and abuse are prevalent.
So, businesses must implement anti-fraud programs to protect themselves from financial, legal and reputational harm.
Tips are the leading source of fraud detection and fraud hotlines are a leading source of tips. So, turn to EthicsLine

,
the official hotline of the ACFE.
The EthicsLine package includes:
Hotline (telephone, web, mobile) for report intake
Case Management (web and mobile) for online
investigation management
Analytics for tracking and trending
Communications Campaign Materials to communicate
when and how to report observed business misconduct
EthicsLine is now powered by Global Compliance
888-782-4769 info@ethicsline.com www.EthicsLine.com
* 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Where a fraud hotline was in
place, the average duration of
a fraud scheme was reduced by
7 months, and the median loss
was reduced by 59%.*
1
JANUARY/FEBRUARY 2012 | VOLUME 27 | NO. 1
30
The 10 Tell-Tale Signs of Deception
The Words Reveal
By Paul M. Clikeman, Ph.D., CFE
Suspects and witnesses often reveal more than they
intend through their choices of words. Here are ways
to detect possible deception in written and oral
statements.
COVER STORY
FEATURED ARTICLES
Fraud in Houses of Worship
What Believers Do Not Want to Believe
By Robert M. Cornell, Ph.D., CMA, Educator
Associate; Carol B. Johnson, Ph.D., Educator
Associate; and Janelle Rogers Hutchinson
Houses of worship are particularly vulnerable to fraud,
but most feel they are impervious. The authors provide
reasons why churches feel so bulletproof and seven
practical steps fraud examiners can use to help
churches stop fraud in its tracks.
Fraud in Collegiate Athletics
When Major League Money
Meets Lit tle League Controls
By Herbert W. Snyder, Ph.D., CFE; and
David OBryan, Ph.D., CFE, CPA, CMA
A major, multimillion sports ticket fraud at the
University of Kansas highlights how CFEs can help
convince administrators and boards to reassert control
over their athletics departments. The answer could be
independent oversight.
18
24
2 Fraud-Magazine.com
Overachieving Fraud Wolves
in Sheeps Clothing
Targeting Top-Performing Employees
Gaming the Bonus System
By Jeffrey Horner, CFE, CRCMP
Follow this CFE consultant as he uncovers top collection
reps at a business call center who inated their
performances for more money and job advancement.
Breaking Breach Secrecy, Part 3
Analysis Shows Entities Lack
Strong Data Protection Programs
By Robert E. Holtfreter, Ph.D., CFE, CICA; and
Adrian Harrington
The authors analysis of data-breach statistics shows
that organizations poorly protect personal data. Pos-
sible solution: U.S. federal rules for guidance in devel-
oping comprehensive data protection programs.
36
40
COLUMNS & DEPARTMENTS
4 From the President & CEO
Supporting Our International Chapters
By James D. Ratley, CFE
6 Digital Fingerprints
Anything You Say Can and
Will be Used Against You!
By Jean-Franois Legault
8 Frauds Finer Points
Using an Organizations Credit
to Commit Fraud, Part 1
By Joseph R. Dervaes, CFE, ACFE Fellow, CIA
12 Fraud EDge
Get Involved in Higher Education:
Opportunities for CFEs in Educating
Future Fraud Fighters
By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D.,
CFE, CPA; and Gary Weber, Ph.D. Edited by Richard
Dick A. Riley, Ph.D., CFE, CPA
16 FraudBasics
Check 21 Can Make Fraud Easier:
Be Alert to Changes in Technology
By Linda Lee Larson, DBA, CFE, CPA, CISA
52 Case in Point
He Milked it For All it Was Worth:
A Dairy Farm Bankruptcy Fraud
By Roger W. Stone, CFE
56 Taking Back the ID
Fraudsters Claiming Victims Via
Payday Loan and LinkedIn Scams
By Robert E. Holtfreter, Ph.D., CFE, CICA
58 Global Fraud Focus
Chinese Stock Investment Fraud?
Separating Fact from Fiction
By Tim Harvey, CFE, JP; and Richard Hurley, Ph.D.,
J.D., CFE, CPA
60 Meet the Staff
Improving Members Lives
By Cora Bullock; Photo by Christi Thornton-
Hranicky, CFE
62 ACFE News
70 CPE Quiz
Earn CPE Toward Renewing Your CFE Credential.
January/February 2012 3
EDITORIAL ADVISORY COMMITTEE
Jonathan E. Turner, CFE, CII, chair; Larry Adams,
CFE, CPA, CIA, CISA, CQA, CSP, CCP; Emmanuel
A. Appiah, MBA, CPA, CFE; Richard Brody, Ph.D.,
CFE, CPA; Jean-Pierre Bruderer, Ph.D., CFE; Jeimy
J. Cano, Ph.D., CFE, CAS; Linda Chase, CPA, CFE;
Franklin Davenport, CFE; David J. Clements, CFE;
Craig Ehlen, Ph.D., CFE, CPA; Ellen Fischer, CFE,
CIA; Peter D. Goldmann; Allan F. Greggo, CFE, CPP;
Robert Holtfreter, Ph.D., CFE; Peter Hughes, Ph.D.,
MBA, CFE, CIA, CPA; Cheryl Hyder, CFE, CPA,
CVA; Robert Kardell, CFE, CPA; Thomas Cheney
Lawson, CFE, CIA; Philip C. Levi, CFE, CPA, FCA;
Larry Marks, CFE, CISA, PMP, CISSP, CSTE; Michael
A. Pearson, D.B.A., CFE, CPA, CMA; Marilyn
Peterson, CFE, CCA; Laura M. Preston, CFE; Herbert
Snyder, Ph.D., CFE; Scott Strain, CFE; Karen Forrest
Turner, Ph.D., Educator Associate
2011-2012 BOARD OF REGENTS
Johnnie R. Bejarano, DBA, CFE, CPA; Lt. Col. Robert
J. Blair, CFE, CGFM; Cynthia Cooper, CFE, CISA;
Bruce Dorris, J.D., CFE, CVA, CPA; Joseph L. Ford,
CFE; John Warren, J.D., CFE
Fraud Magazine (ISSN 1553-6645) is published bimonthly
by the Association of Certied Fraud Examiners, 716 West
Avenue, Austin, TX 78701-2727, USA 2012 All rights
reserved. Periodical Postage Paid at Austin, TX 78701
and at additional mailing ofces.
POSTMASTER: Please send address changes to:
Fraud Magazine
ACFE World Headquarters The Gregor Building
716 West Avenue Austin, TX 78701-2727, USA
(800) 245-3321 +1 (512) 478-9000
Fax: +1 (512) 478-9297
Subscriptions: ACFE members: annual membership dues
include $20 for a one-year subscription. Non-members in
U.S.: one year, $55. All others: one year, $75. Member-
ship information can be obtained by visiting ACFE.com
or by calling (800) 245-3321, or +1(512) 478-9000.
Change of address notices and subscriptions should be
directed to Fraud Magazine. Although Fraud Magazine
may be quoted with proper attribution, no portion of
this publication may be reproduced unless written per-
mission has been obtained from the editor. The views
expressed in Fraud Magazine are those of the authors
and might not reect the ofcial policies of the Associa-
tion of Certied Fraud Examiners. The editors assume
no responsibility for unsolicited manuscripts but will
consider all submissions. Contributors guidelines are
available at Fraud-Magazine.com. Fraud Magazine is a
double-blind, peer-reviewed publication.
To order printed or electronic reprints, visit
fraud-magazine.com/reprint-request.aspx or
email reprints@fraud-magazine.com.
ADVERTISING COORDINATOR
Ross Pry
(800) 245-3321 rpry@ACFE.com
Association of Certied Fraud Examiners, ACFE, Certied Fraud
Examiner (CFE), the ACFE Seal and Fraud Magazine

are trade-
marks owned by the Association of Certied Fraud Examiners Inc.
Dick Carozza
Editor-in-chief
Cora Bullock
Assistant Editor
Katie Ford
Contributing Editor
Helen Pryor
Art Director
Aimee Jost
Circulation Manager
Mark Scott, J.D., CFE
Legal Editor
Journal of the Association of Certied Fraud Examiners
Volume 27, No. 1, January/February 2012
John D. Gill, J.D., CFE
Publisher
23rd Annual Fraud & Exhibition
Juhe 17-22 , 2012 Orlahdo, FL
Advanced Fraud Examination
Techniques
Scptc|c| 21-2o, 2012 /ust|r, I/
Auditing for Internal Fraud
/uust 7-8, 2012 |cw Yc||, |Y
CFE Exam Review Course
Scc p. 27 lc| ccu|sc datcs
Conducting Internal Investigation
|c||ua|] 28-29, 2012 C|a||cttc, |C
Ju|] 2012 Was||rtcr, DC
Contract and Procurement Fraud
Jarua|] 2J-21, 2012 ||ccr|, /Z
NEW! Data Analytics
Va|c| 19, 2012 |cw Yc||, |Y
Digital Forensics Tools &
Techniques
Va] 7-8, 2012 C||cac, |l
Financial Institution Fraud
/uust 2012 las Vcas, |V
Financial Statement Fraud
/p||| 2o-27, 2012 Cc|u||a, SC
Fraud Prevention
|c||ua|] 29, 2012 Ba|t|c|c, VD
Fraud Related Compliance
Va|c| 5, 2012 lcu|sv|||c, KY
/uust o, 2012 |cw Yc||, |Y
NEW! Fraud Risk Management
|c||ua|] 2-J 2012 lcs /rc|cs, C/
/uust 1J-11, 2012 ||||adc|p||a, |/
Healthcare Fraud
Va|c| o-7, 2012 lcu|sv|||c, KY
Interviewing Techniques for Auditors
|c||ua|] 27-28, 2012 |t. laudc|da|c, |l
Ju|] 2o-27, 2012 Dcrvc|, C0
Scptc|c| 2012 /t|arta, C/
Introduction to Digital Forensics
|c||ua|] 1J-11, 2012 |cw 0||cars, l/
Investigating Conicts of Interest
|c||ua|] 1, 2012 lcs /rc|cs, C/
Investigating on the Internet
Va|c| 20-21, 2012 |cw Yc||, |Y
Legal Elements of a Fraud
Examination
|c||ua|] 27, 2012 C|a||cttc, |C
Money Laundering: Tracing Illicit
Funds
Va|c| 1-2, 2012 Ba|t|c|c, VD
Mortgage Fraud
Va] 10-11, 2012 Sar D|cc, C/
Principles of Fraud Examination
/p||| J0 - Va] J, 2012 /ust|r, I/
Professional Interviewing Skills
Va] 10-11, 2012 ||cv|dcrcc, R|
/uust 9-10, 2012 Sar ||arc|scc, C/
UPCOMING CONFERENCES
2012 ACFE European
Fraud Conference
25-27 March 2012 Lohdoh
TRAINING
EVENTS
Register at ACFE.com/Training
UPCOMING COURSES
COMBO EVENT
SAVE $100 by registering for both events!
'Evcrts su|jcct tc c|arc.
4 Fraud-Magazine.com
t the end of October and beginning of November, I
spent a whirlwind two weeks attending our Asia-
Pac Conference in Singapore and meeting with
our chapters in Singapore, Jakarta, Hong Kong,
Shanghai, Beijing and Mexico City. I thor-
oughly enjoyed getting to know many of you and learning about
your unique fraud-related issues.
HOPPING CONTINENTS
International chapter members put Southern hospitality to
shame. Everywhere I went I met extremely gracious people who
did everything they could for us. My job was to listen carefully
to their suggestions for improving our services.
The rst stop was to vibrant and beautiful Singapore my
rst visit and also the rst time the city has hosted our 2011
Asia-Pacic Fraud Conference (formerly known as the ACFE
Pacic-Rim Fraud Conference). Nearly 200 attendees net-
worked and attended workshops and panel discussions. (Please
see page 68 for more on this exciting conference.)
I enjoyed meeting Gatot Trihargo, CFE, president of the In-
donesia Chapter (established in 2002), who provided the same
generous hospitality I encountered with other chapters. He was
appreciative of the ACFEs effort to send me there. I presented
to nearly 80 members and public- and private-sector guests.
Chapter activity has become very intense since 2010, by
us conducting monthly discussions/workshops for the members
and other practitioners, Trihargo said. The chapter also suc-
cessfully conducted two annual congresses and seminars in 2010
and 2011, which gathered more than 200 participants for each
session, with both domestic and international speakers.
After Jakarta, I jetted off to Hong Kong, with its exotic mix
of the old and new., Were excited that the ACFE is turning its
attention to Asia, said Hong Kong chapter president Penny Sui-
Ping Fung, CFE. Jims visit to Hong Kong no doubt has helped
to reinforce this message and reminded people of the role of pro-
fessional fraud examiners in a robust and sustainable economy.
Prof. Yiu Wai Andy Kwok, CFE, vice president of the Shang-
hai Chapter and also president of the Beijing Chapter, called my
visit a stunning pleasure. He had this to say about Chinas grow-
ing pains: Chinas high growth rates have encouraged foreign
investment, which have in turn helped fund Chinas incredible
growth, he said. However, such large capital inows are bound
to give way to sector imbalances and fraudulent behavior.
I told the attendees at the rst Corporate Anti-Fraud Semi-
nar in China, how fraud can occur in any industry and at any
level. I also gave suggestions on how CFEs can advise their cli-
ents in their battles against fraud, including setting the proper
tone at the top. Mr. Ratley mentioned that anti-fraud measures
do not get proper attention since they cost money while the
benets cannot be seen in a short-term period, Kwok said. As
a consequence, most companies are not willing to make any
expenditure regarding this issue. However, establishing efcient
and effective anti-fraud mechanisms will generate huge benets
from the long-term perspective.
The ACFE is striving to do all it can to help our interna-
tional chapters grow and thrive. We are excited to announce our
plan to open a regional call center in Singapore and host a CFE
Exam Review Course there March 26 - 29. Chapters, acting as
local ACFE representatives, provide continued support for mem-
bers worldwide through networking opportunities, CPE training,
leadership development and promoting local fraud awareness.
As always, please let me know how we can help you
support our all-important mission. (And please check out
Fraud-Magazine.com/LetterFromthePresident for more photos.)
James D. Ratley, CFE, President and CEO of the Association of
Certied Fraud Examiners, can be reached at: jratley@ACFE.com.
From the PRESIDENT AND CEO
By James D. Ratley, CFE
Supporting Our
International Chapters
A
6 Fraud-Magazine.com
uring an investigation, we scour the web and
social networks for employment backgrounds,
contacts, education history, past behavior
and so on. However, we should be concerned
about information we are posting that the bad
guys can use against us.
Arthur Hulnick, a former CIA ofcer, estimates that open-
source intelligence (a form of intelligence collection manage-
ment that involves nding, selecting and acquiring information
from publicly available sources) accounts for as much as 80
percent of the entire intelligence database. (See Sailing the
Sea of OSINT in the Information Age, by Stephen C. Merca-
do, http://tinyurl.com/2sj5vy.) This is possible, in part, because
organizations and their employees freely publish information
online they probably should keep to themselves. And those
loose lips can lead to outright fraud. (Also see NATO Open
Source Intelligence Reader, http://tinyurl.com/7crt7ug.)
JOB POSTINGS
Before you continue reading this, look at your organiza-
tions job postings and ask, What are we telling the
competition about us?
Imagine a software company with a strong presence in
Asia Pacic that posts a public job offer for a sales manager
in North America. What are they telling the competition?
Think of the recruiting process in your organization and how
long it can take to staff a position. Is that enough time for the
competition to adjust to the arrival of this new sales manager?
Your competitors nd or infer from your job postings
the technologies your organization uses, expansion into new
areas and territories, market growth, change in structure,
structural growth, etc.
What does this mean for fraud examiners? Make sure
you run proper background checks on potential hires! Why?
Because some job descriptions are so detailed that someone
wishing to be hired for fraudulent purposes can customize
his or her rsum. I just worked a case in which a candidate
found a company he believed would be a good target and
redesigned his rsum to boost his employment chances. The
company hired him, and he then proceeded to steal intellec-
tual property during his employment.

WEB 2.0 AND SOCIAL NETWORKS
Employees are likely to reveal valuable information to the
competition on professional or personal networking sites.
Fraudsters can make conclusions about a companys expan-
sion by studying comments about new connections and
relationships plus repeated trips to a city or country.
Through investigations, I have found nurses sharing
concerns about care in neo-natal intensive care units, law en-
forcement personnel sharing sensitive assignments and sales
managers claiming their stakes on new territories. Profes-
sional social networking sites tell the world about new hires
and those who are leaving employers.
Employees posting information online is nothing new.
In one case I worked nearly 12 years ago, a call-center
employee leaked sensitive information on a web forum. This
employee, who was privy to upcoming promotions offered
by a telecommunication provider, would repost information
online prior to a promotion launch. The companys call cen-
ter then would be ooded with requests for promotions and
packages that did not exist yet.
Did this employee access highly sensitive documents?
Did he gain access to someones email account? No. He sim-
ply reposted information he learned in training sessions. We
had a difcult time tracking him down because back then we
did not log everything. Even today, we nd organizations that
do not store online access information, which would allow
them to adequately investigate leaks.
MARKETING DOCUMENTATION
Documents that an organization provides its clients to market
its services often end up in competitors hands. Find ways to
Anything You Say Can and
Will Be Used Against You!
By Jean-Franois
Legault
Digital Fingerprints
A Closer Look at Technology and Fraud
D
January/February 2012 7
securely communicate information that you
do not want the competition obtaining.
I was involved in a recent case in
which a competitor was able to reverse-
engineer a product (take it apart and
analyze it) by simply using the information
in product brochures and documenta-
tion. Imagine your competition not only
knowing your products but how you are
manufacturing them. That is a serious loss
of competitive advantage!
I have also been involved in cases in
which individuals used marketing infor-
mation to create fake companies to try to
defraud possible clients. The schemes were
simple: reuse information to make the com-
panies look legitimate, solicit clients, get
paid and then never deliver anything.
AS AN EXPERT WITNESS
Whatever you write, post and/or commu-
nicate may allow you to build eminence
as an expert. However, opposing counsel
could also use that public information to try
to disqualify you as an expert or to cross-
examine you in court.
AS AN INVESTIGATOR
Open-source intelligence can help you
discover valuable information about play-
ers in an investigation. In one case, I found
some undocumented aliens involved in
a fraud scheme because they gave some
prime evidence via their social media pro-
les, including their geographic locations.
In another example, we tracked down
vehicles purchased with embezzled funds
simply based on suspects photos that had
been posted online.
When I begin a background investiga-
tion into a company, one of the rst things I
do is seek information through press releases
and trade publications. Companies love to
tell the world about what they are doing
right. However, the competition will always
seek out this valuable market intelligence.
If you want to know more about
leveraging business intelligence techniques
in your fraud examinations, I strongly
encourage you to check out anything
fellow ACFE faculty member Cynthia
Hetherington teaches.
WHAT TO DO
So do you cut yourself off from the world
and go off grid? Absolutely not. But make
sure your organizations policies strictly
control information that its employees can
release through all open-source channels
but especially online. When it comes to
social media, establish a think before you
post mentality.
Jean-Franois Legault is a senior manager
with Deloittes Forensic & Dispute Services
practice in Montreal. Canada. His email
address is: jlegault@deloitte.ca.
Digital Fingerprints
A Closer Look at Technology and Fraud
I was involved in a recent
case in which a competitor
was able to reverse-engineer
a product (take it apart and
analyze it) by simply using
the information in product
brochures and documenta-
tion. Imagine your competi-
tion not only knowing your
products but how you are
manufacturing them. That is
a serious loss of competitive
advantage!
Google search directives will add
power to your searches.
Searching for a specic phrase
using quotations:
nd this specic phrase
Searching a specic domain or
website:
site:targetdomain.com or
site:www.targetdomain.com
Searching for specic le type:
letype:extension
You can use the minus sign (-) as an
exclusion operator. For example, you
can use this search directive to exclude
a specic website from your search:
-site:www.excludeddomain.com
Here are some Google searches
that you can run against yourself to see
what could be available to fraudster.
Finding PowerPoint documents on
your site:
site:www.yoursite.com letype:ppt
site:www.yoursite.com letype:pptx
Finding Word documents on your
site:
site:www.yoursite.com letype:doc
site:www.yoursite.com letype:docx
Finding condential documents on
your site:
site:www.yoursite.com condential
site:www.yoursite.com not for
distribution
Use These Queries to Examine Your Online Exposure
8 Fraud-Magazine.com
raud by using an organizations credit is a type of
ctitious expense scheme. In the ACFEs fraud tree,
the crime is a subset of fraudulent disbursements,
which is a subset of cash schemes.
There are many types of fraud involving an employees
use of the organizations credit to purchase assets (i.e., goods
and services) for personal benet. Unauthorized use of the
organizations general credit cards, purchasing credit cards,
travel credit cards or business charge accounts are some of the
most common fraud schemes I have encountered during my
career. Unscrupulous employees cause victim organizations
to order and pay for assets they do not really need. Obviously,
the damage to a victim organization is the money lost in
purchasing these unnecessary items.
The individuals who commit these crimes are usually
responsible for approving and processing transactions for pay-
ment. They may rely on the inexperience of their supervisors
(or their organizations governing bodies) to unknowingly
process their fraudulent transactions in the disbursement
cycle. Victimized organizations then issue checks for un-
authorized business purposes, and the wayward employees
receive personal benets.
We begin this three-part series with employee abuses of
general organization credit cards.
GENERAL ORGANIZATION CREDIT CARDS
Commercial banks issue credit cards to organizations (and
individuals) to aid them in conducting ofcial business.
Banks and organizations enter into agreements specifying the
terms of use for the credit cards. Some banks charge an an-
nual fee; others do not. Banks make their money for process-
ing your transactions by charging a fee to vendors who accept
the cards and by charging you an interest rate on the unpaid
account balance when the full amount due is not paid each
month. The primary responsibility for charges on these credit
cards rests with the organizations.
THE BUSINESS OF CREDIT CARDS
An organization that authorizes company credit cards for its
employees use should maintain formal logs of all cards issued
and require all employees to sign agreements stating that they
have received a copy of the organizations usage policies and
have been trained on the proper procedures for using the cards.
These agreements provide the foundation that employees un-
derstand that they can use the cards for ofcial business only.
Written company policies should require employee
training, prohibit cash advances, restrict purchases of un-
authorized items (such as alcohol), require receipts for all
charge transactions and specify disciplinary actions for any
unauthorized or personal use of the cards. Organizations
never should pay for employee charges shown on the banks
monthly statement without accompanying receipts. It is the
descriptions of the items shown on the receipts that deter-
mine if the expenses are for ofcial business purposes.
UNAUTHORIZED CARDS
Employees who have stolen company credit cards or who
have obtained unauthorized company credit cards through
other means (such as ordering them directly from banks
without approval) will circumvent organizations incoming
mail to snag the monthly credit card statements. They usually
make personal payments on the credit card account balances
to conceal their unauthorized purchases.
However, if employees submit unauthorized expenses
for payment by their companies, management and audi-
tors will have at least some documents they can review to
Using an Organizations
Credit to Commit Fraud
Part 1
By Joseph R. Dervaes,
CFE, ACFE Fellow, CIA
Frauds Finer Points
Case History Applications
F
January/February 2012 9
Frauds Finer Points
Case History Applications
detect fraud. While the supporting documents for credit card
payments should include the statement and all purchase re-
ceipts, fraudsters who choose this latter process usually only
submit statements for payment purposes. In many cases, their
supervisors or the governing bodies of the organizations may
unknowingly approve these fraudulent payments.
Employees may periodically use an organizations credit
card for unauthorized purposes or personal benet, but man-
agers who are assigned to monitor the credit card program
can resolve these minor infractions promptly according to
policies and procedures.
Companies should publicize employee disciplinary ac-
tions in their internal publications to deter future problems.
Unfortunately, even this method is not fraud-proof because
often the very managers who are charged with monitor-
ing the system are the ones who abuse it. These individuals
may be able to hide their unauthorized activities from other
employees and their supervisors, but most of the time they
should not be able to conceal their actions from organi-
zations governing bodies and their internal or external
auditors. However, when their misdeeds are detected, the
fraudsters usually attempt to get organizations to pay from
monthly credit card statements by indicating that receipts for
individual transactions were not available or were inadver-
tently misplaced or lost.
Case No. 1 Personal use of an authorized
general organization credit card
In the November/December 2009 Frauds Finer Points, I
discussed a credit card case that involved missing support-
ing documents. This concept emphasized why organizations
should never pay the balance due on monthly credit card
statements without seeing the supporting receipts for the
purchases rst.
Sarah was the clerk-treasurer responsible for processing
all of the citys disbursement transactions, including all pur-
chases on its credit card. The city rst detected irregularities
in accounts receivable and contacted its external auditor to
investigate the case.
The subsequent audit detected multiple fraud schemes,
which totaled $49,894.88 in losses over 2 years. These
schemes included payroll fraud, accounts receivable fraud,
municipal court revenue fraud, unauthorized use of the citys
business charge account and overpayments to a cleaning
contractor. The clerk-treasurer performed many tasks in a
variety of functions at the city, and no one monitored her
work to ensure the citys expectations were being met.
The clerk-treasurer purchased $5,319.16 in assets for
personal benet using the citys credit card. I detected this
scheme by scanning the citys disbursement les to deter-
mine other risks. I quickly noted that the city was making
its monthly credit card payments using only the statements.
There were very few purchase receipts available for review
and audit. For example, credit card purchases from a local
computer store were almost always missing from the les. I
contacted the citys computer consultant who was responsi-
ble for all information technology issues. However, he wasnt
aware of any ofcial purchases from the computer store.
A computer store representative faxed documents to
me that showed Sarah had signed for a computer, monitor,
software and games on many occasions through the period of
this loss. City staff members conducted a search of city hall
but were unable to locate any of these assets.
Sarah had made all credit card payments on time, but
she had destroyed all the supporting documents that listed
the details of the purchases from the computer store. She
hoped that retaining only the monthly credit card statements
on le for the citys governing body and its external auditors
would be sufcient to conceal her irregular activities. She
was wrong. The governing body did not notice this irregu-
larity, but her fraud did not escape the watchful eye of the
external auditors. In my experience dealing with fraud cases
in state agencies and local governments in the state of Wash-
ington, governing bodies rarely detect fraud in the transac-
tions they are reviewing and approving, primarily because no
one took the time to properly train them for this task.
The clerk-treasurer demanded a trial to resolve the is-
sues in this case. She hired a prominent regional lawyer for
her defense and agreed to a bench trial. (There was no jury.)
After all the evidence was heard during a week of testimony,
the judge rendered a guilty verdict in the case and ordered
Sarah to make restitution of the loss amount, plus audit
costs. He also sentenced her to three months in a work-
release program.
Case No. 2 Personal use of an unauthorized
general organization credit card
A small water district in the state of Washington had three
employees, operated on an annual budget of $466,000 and
served approximately 1,000 customers. Jackson, the ofce
manager, was responsible for practically all nancial opera-
tions; his supervisor, the district superintendent, did not
monitor his work. These are the two most common internal
control weaknesses I have found in small organizations.
While Jackson had no prior criminal history, he appar-
ently came to work for the district with ill intentions. He
sent a memorandum on ofcial letterhead to the districts
bank shortly after being hired requesting that the bank issue
10 Fraud-Magazine.com
a credit card in the districts name and assign it to him. The
credit limit on the card was initially set at $5,000, but Jack-
son subsequently sent a facsimile to the bank one month later
requesting an increase to $20,000. Of course, the districts
governing body did not authorize either of these requests.
Later, when the case was under investigation, the district
stated that someone had forged the authorizing signatures on
the documents.
As the ofce manager, Jackson was responsible for open-
ing the mail and processing invoices for payment. Thus, he
was able to remove the monthly bank credit card statements
from the incoming mail before anyone else saw them. One of
the interesting facts of this case is that Jackson did not submit
any of the credit card statements to the district superinten-
dent or the governing body for approval or payment. Perhaps
Jackson was not quite bold enough. While it would have
been prudent to do so, Jackson did not make any personal
payments to the bank on the card balance either. Because
neither the organization nor Jackson made any payments on
the credit card balance, the monthly expenses and interest
charges continually increased until the balance became delin-
quent and approached the credit limit on the card.
Jackson misappropriated $19,454.84 from the district
in 3 months, with $18,284.03 of this amount representing
his unauthorized use of the districts credit card for personal
benet. Personal charges included the purchase of a used
pickup truck, frequent stays at a motel while traveling to his
favorite casino, thousands of dollars in cash advances at the
casino, Internet and telephone use and other miscellaneous
purchases. Jackson also misappropriated $1,170.81 in utility
revenue from the district.
The district rst detected irregularities in its checking
account and petty cash fund and requested an external audit.
Jackson was placed on administrative leave and subsequently
terminated for a wide variety of managerial shortcomings.
Shortly thereafter, the district received a monthly statement
for the unauthorized credit card. In a plea-bargaining agree-
ment, the court ordered Jackson to make restitution for the
loss amount plus audit costs. It also sentenced him to less
than one year in county jail for this crime.
Case No. 3 More personal use via an unauthorized
credit card
James, the chief of a small re district in the state of Wash-
ington, obtained an unauthorized credit card in the districts
name. He circumvented the districts internal controls by
intercepting the mail, removing the monthly credit card
statement and making personal payments on the account to
conceal his unauthorized purchases. He basically used the
districts credit card as his own by charging $7,797 in personal
purchases for more than a year. He used the card to make
unauthorized cash advances and also incurred nance charges
when he did not make monthly payments on time.
When the district nally discovered the unauthorized
card, there was a $1,599 unpaid balance on the account.
The district found out about the card while making a change
in signatories on all of its bank accounts after the re chief
resigned for unrelated personal reasons. The chief reimbursed
the district for this amount when questioned about the
unauthorized purchases on the credit card. The district paid
the balance due on the account and canceled the credit card.
The county prosecutor declined to criminally prosecute the
case because the district had been made whole.
LESSONS LEARNED
Let us review some of the ner points of fraud detection from
these general organization credit card fraud schemes.
Organizations should:
Establish written policies and procedures for credit card use
and train their employees to ensure they use the cards only
for ofcial business purposes.
Always obtain purchase receipts from employees and never
pay bills using only the monthly credit card statements.
Properly train employees and governing bodies on the
authorization and approval procedures for all
disbursements.
Appropriately segregate employee duties and periodically
monitor the work of key employees to ensure its
expectations are being met.
Once fraud examiners detect fraud, they should assess
what else is at risk of loss within an organization.
MORE CREDIT CARD MISUSE
In part two of this series, we will discuss the use of purchasing
credit cards and travel credit cards. Stay tuned.
Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE
Fellow, is retired after more than 42 years of government service.
He is the president of the ACFEs Pacic Northwest Chapter. His
email address is: joeandpeggydervaes@centurytel.net.
Frauds Finer Points
Case History Applications
2012 CFE Exam Prep Course

How the course works:


The program provides typical exam questions, in-
forms you whether your answer is correct, provides a
detailed explanation of the correct answer and offers
an alternative study reference where you can learn
more about the topic.
The CFE Exam Prep Course focuses on the four
testing areas of the CFE Exam:
Legal Elements
Fraud Prevention and Deterrence
Financial Transactions
Fraud Investigation
Create a personalized study plan tailored to your individual strengths
and weaknesses with an optional 100 question Pre-Assessment
Pick the sections and topics most relevant to your exam preparation
by creating custom review sessions
Learn more from your Practice Exam sessions by reviewing the ques-
tions you missed, anything your results by subsection and tracking
your progress over time
Focus on the areas where you need the most work with enhanced
review of results and progress by exam section, subsection and topic
Stay on track to earning your CFE credential by measuring your
progress towards your target dates for certication and using helpful
checklists within the Prep Course software
The CFE Exam Prep Course Allows You To:
The 2012 CFE Exam Prep Toolkit is Also Available
Including the CFE Exam Prep Course, Fraud Examiners Manual
(Printed Edition), Corporate Fraud Handbook and the Encyclopedia
of Fraud (CD-ROM), the CFE Exam Prep Toolkit includes valuable
materials to aid in your CFE Exam preparation.
Visit ACFE.com/Prep to order your copy today
Arm yourself with the most effective tool
available to help you pass the CFE Exam.
12 Fraud-Magazine.com
By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D., CFE, CPA; and Gary
Weber, Ph.D. Edited by Richard Dick A. Riley, Ph.D., CFE, CPA
tudents at the collegiate level learn best about
business through a combination of theory and
practice. College professors are well equipped to
present the theory side of a particular topic, but
they frequently look to business professionals
who have hands-on, practical experience to help apply
those theories to real-world situations. This teaching method
works especially well in anti-fraud education, in which fraud
cases, whether real or ctitious, can help bring to life the
fraud theories and procedures introduced in the classroom.
However, it is not quite so clear exactly how to struc-
ture the interactions between CFEs and higher education to
encourage this method of learning. Many CFEs, for example,
believe that the only way to participate in collegiate fraud
education is to lead a class lecture based on their fraud expe-
riences, which could not be further from the truth.
In this column, we identify and explain a variety of ways
in which CFEs can foster and develop mutually benecial rela-
tionships with college faculty and students to help educate and
prepare future anti-fraud and forensic accounting professionals.
INVITE FACULTY AND STUDENTS TO LOCAL FRAUD CONFERENCES
One of the easiest and least time-consuming ways for CFEs to
get involved with higher education is to invite college faculty
and students to attend local fraud conferences. Spokane
ACFE Chapter member Lenore Romney, CPA, CFE, CVA,
has invited both students and faculty to attend the local
ACFE conference for the past few years.
The chapter leaders recognize that more can be accom-
plished in the ght against fraud if professionals from differ-
ent disciplines network with each other. We see the chapter
as being an ideal facilitator for such a network, Romney said.
Conferences typically provide numerous and varied
opportunities through which students and faculty can learn
about both actual instances of fraud, as well as the work of
CFE professionals. Kris Ryan, a student at Gonzaga Univer-
sity who has attended the local ACFE conference for the past
two years, can attest to this.
Both years that I attended the conference, a wide range
of topics was offered, including health care fraud, a critique
of software that helps businesses protect themselves against
fraud, gang activity (which is surprisingly more correlated
to the fraud problem than I would have thought), mortgage
fraud and different fraud topics covered by local law enforce-
ment and the FBI, Ryan said.
I found all of the topics interesting and also learned
fraud detection and investigation skills that I could put to use
immediately, she said.
Since graduation, Ryan has gone on to earn her CFE
credential and has joined the fraud-ghter ranks.
BECOME A PROFESSIONAL MENTOR TO STUDENTS
Professors at Gonzaga University frequently refer students
who have an interest in forensic accounting to local CFEs for
advice on potential career paths, professional certications, in-
terviewing and networking. Students benet directly from the
wisdom and experience these mentors have gained from many
years of work in fraud and forensic accounting. Mentors also
share their knowledge of the skills and abilities necessary to be
successful in the forensic accounting profession. These inter-
actions also are great networking opportunities for students.
Many universities also have formal mentoring programs
through which students are matched with professional men-
tors based on factors such as eld of study, geographic prefer-
ence and gender. These more formal relationships span the
majority of a students time in college, which allow mentors to
help identify curriculum paths, internship opportunities and
employment opportunities when the student nears graduation.
Get Involved in Higher Education
Opportunities for CFEs in Educating
Future Fraud Fighters
Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
S
January/February 2012 13
A more interactive albeit more time-intensive
method of mentoring students is for CFEs to arrange and
coordinate student internships with their employers. Stu-
dents participating in these internships benet not only from
professional workplace mentoring but also from working in
actual forensic accounting situations.
ASSIST WITH CASE STUDIES AND RESEARCH PAPERS
Higher-education faculty are always searching for case stud-
ies with the richness of detail, ambiguity and issues that are
similar to those that students will encounter in their profes-
sional careers. Faculty and highly experienced CFEs jointly
produce the most detailed, complex cases.
Cindy Durtschi, Ph.D., associate professor at DePaul
University, invites CFEs to help in the classroom in several
ways. She recently had a full-time forensic accountant help
her judge student case presentations.
The students presented their work from the view of the
prosecution, and then the CFE showed them how some-
one working for the defense would have responded to their
cases, Durtschi says. It was a wonderfully enriching experi-
ence for the students.
Durtschi also had a local CFE help her with a fraud case
she developed. The CFE provided her with encouragement,
valuable feedback and suggestions that improved the case.
CFEs also frequently partner with faculty on forensic
accounting research papers. Frank Perri, J.D., CFE, CPA, has
co-authored several research papers with Rich Brody, Ph.D.,
CFE, an associate professor at the University of New Mexico.
They have written on topics ranging from the relationship
between workplace violence and fraud to identication of
organizational weaknesses at the Securities and Exchange
Commission. These partnerships between academics and
professionals foster balanced approaches to research and
ensure that publications are valuable not only for academics,
but also for practitioners who can use the results in the eld.
COORDINATE FORENSIC ACCOUNTING INVESTIGATIONS
Romney and Marie Rice, CFE, CIA, CICA, president of the
Spokane ACFE Chapter, assist students at Gonzaga Univer-
sity as part of their Justice for Fraud Victims Project. (See
the July/August 2011 Fraud EDge.) Through a cooperative
partnership with law enforcement and local CFEs, Gonzaga
students provide free fraud examination services to small
businesses or nonprot organizations that have been victims
of fraud. The students gain experience while simultaneously
giving back to their communities.
Last year, Romney worked with students on a case that
eventually led to the projects rst conviction.
Working all semester with my student team was
personally rewarding, she says. My team of students was
incredibly bright and diligent and really took ownership in
our investigation. They were like sponges soaking up the
practical knowledge I was trying to share with them in only
one semesters time together. I was proud of my teams effort
the day they gave their nal class presentation, the day I
submitted our report to law enforcement and especially the
day I was notied that charges were led.
Obtaining a guilty plea and restitution within a year of
submitting our case was the icing on the cake, she says.
Romney and Rice play a number of critical roles in this
class by:
1. Assisting the students in developing theories of how the
fraud may have occurred.
2. Helping the students develop a plan for determining how
to test those theories.
3. Providing weekly guidance to students as their
investigations progress.
4. Reviewing the nal report that students complete at the
end of the term and that law enforcement may use to
prosecute the fraud.
5. Serving as expert witnesses if a case goes to trial.
Reaching out to help local organizations with poten-
tially fraudulent situations is a noble idea with obvious
benets, but usually the largest obstacle is that college faculty
members often lack required specic training for competent
forensic accounting investigations. Faculty also often lack
contacts with those in communities who are most likely to
refer cases, such as law enforcement and prosecuting attor-
neys. CFEs often have such connections and, thus, can refer
cases and supervise the investigations.
SERVE AS AN ADJUNCT INSTRUCTOR OR GUEST SPEAKER
CFEs who want a more substantive role in higher education
can pursue teaching courses as adjunct instructors. Adjunct
instructors typically teach one or two courses during a semes-
ter, but they do not have other academic commitments, such
as research or service, to the institution. Colleges frequently
seek professionals, like CFEs, to teach more specialized
courses, such as forensic accounting, because full-time faculty
often do not have this expertise.
Not long after she began mentoring, Gonzaga University
approached CFE mentor Rice to see if she was interested in
teaching a fraud examination class as an adjunct instructor.
She jumped at the chance.
It had been my long-term goal to adjunct, and I was
thrilled by the prospect, Rice said.
Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
14 Fraud-Magazine.com
She has taught three courses over the past two years and
has enjoyed the experience. She sees many benets to having
professionals, like CFEs, in the classroom.
As a student, I always appreciated the professors who
had both real-world and research experience. CFEs are for-
tunate in that we have so many stories and experiences that
can help shape our future anti-fraud professionals.
CFEs considering this option should be aware that the
weekly time commitment is somewhat greater than the time
teaching in the classroom. Adjunct instructors also will spend
several hours each week planning lectures, grading student
work and answering emails from students. In addition, most
colleges expect adjunct instructors to be available on cam-
pus for an hour or two each week to meet with students and
answer questions.
CFEs who cannot commit to teach an entire course can
serve as guest speakers. This may involve preparing a short
case study or other relevant topical material and leading a
class in a discussion of the material. Departments and
instructors are generally receptive to such arrangements,
provided there is a good match between the course goals
and the proposed topic.
Guest speaking opportunities for CFEs are not limited to
forensic accounting courses. For example, CFEs could present
internal control cases to an accounting information systems
class. They also could discuss evidentiary or legal aspects of
CFE work in criminal justice or psychology classes. Given
the diversity and complexity of fraudulent activities and the
motivations of those who commit fraud, there are many other
disciplines in which CFEs could provide valuable insights
and enrich the classroom experience.
FOSTERING STUDENT INTEREST
The ACFE Handbook and Guidelines for Local Chapters en-
courages close relationships with schools and universities to
foster student interest in the fraud-ghting profession. CFEs
unique skill sets and training create multiple opportunities
across college campuses. We have described a number of
ways that CFEs have participated in higher education. Inter-
ested CFEs should contact program directors or chairpersons
at nearby colleges. Universities, and especially business
schools, are always looking for adjunct instructors and guest
speakers with practical experience. Students love to hear
from professionals who can describe their eld experiences
and how they can pursue careers in specialty elds, such as
forensic accounting.
Rice wants to see more CFEs in college classrooms.
As professionals, we need to strive to make the anti-
fraud movement more real for students, who often believe
they will never encounter a fraudster or become a victim of
fraud, Rice said.
Matching the expertise and interest of CFEs with the
needs of higher education can result in relationships that are
enriching and rewarding for all parties involved.
Gerhard Barone, Ph.D., is an assistant professor of accounting
at Gonzaga University. He teaches classes in nancial
accounting and accounting information systems. His email
address is: barone@jepson.gonzaga.edu.
Sara Melendy, Ph.D., CFE, CPA, is an associate professor of
accounting at Gonzaga University. She teaches auditing and fraud
examination, including a hands-on laboratory called the Justice
for Fraud Victims Project. Her email address is:
melendy@jepson.gonzaga.edu.
Gary Weber, Ph.D., is an associate professor of accounting and
coordinator of accounting programs/director of the master of
accountancy program at Gonzaga University. His email address
is: weber@gonzaga.edu.
Richard Dick A. Riley Jr., Ph.D., CFE, CPA, is a
Louis F. Tanner distinguished professor of public accounting in
the College of Business and Economics at West Virginia
University in Morgantown. He is chair of the ACFE Higher
Education Advisory Committee and the vice president of
operations and research for the Institute for Fraud Prevention.
His email address is: richard.riley@mail.wvu.edu. Riley
served as editor on this column.
Fraud EDge
A Forum for Fraud-Fighting Faculty in Higher Ed
Given the diversity and complexity of fraudulent
activities and the motivations of those who commit
fraud, there are many other disciplines in which
CFEs could provide valuable insights and enrich
the classroom experience.
REGISTER NOW
Fraudsters are continually creating, perfecting and
executing new schemes. Gain the knowledge you
need to stay one step ahead.
Join anti-fraud professionals in London for the
2012 ACFE European Fraud Conference to
exchange insights and develop cutting-edge skills
in the global ght against fraud. In addition to
informative sessions offering practical techniques
and tips, youll network with leaders of Europes
anti-fraud community and earn up 23 CPE
credits.
Register online at ACFE.com/European
by 24 February to SAVE GBP 100!
2012 ACFE European
Fraud Conference
London 25-27 March 2012 The Cumberland Hotel
James D. Ratley, CFE
President and CEO,
Association of Certied
Fraud Examiners
Stephen Harrison
Chief Executive
National Fraud Authority
FEATURED KEYNOTE SPEAKERS
16 Fraud-Magazine.com
FraudBasics
ob, an internal auditor for ABC Company, is con-
ducting a routine cash receipts controls review.
The procedure calls for the days checks to be
deposited remotely in a company bank account
daily. Susan, the clerk who processes customer
checks, had gone home sick on Monday. Before she left, she
completed the remote deposit procedure, which involves
scanning each check and electronically sending those scans
to the bank. Then she put the checks she had just scanned in
her work-in-process le and went home, intending to proper-
ly le them away the next day. Unfortunately, when Betty
who had done Susans job years ago was assigned to cover
Susans desk on Tuesday, she came across the previous days
checks. Without asking anyone, Betty prepared a deposit
slip as she had done in the past and took the checks to
the nearby bank branch and made the deposit. When Susan
came in on Wednesday, she noticed that the stack of checks
she had processed on Monday were not where she had put
them and immediately asked Betty where they were. Oops ...
The checks had been deposited twice. They immediately con-
tacted the bank. The bank manager explained that the banks
duplicate check detecting software had caught the error and
that all was well. If the bank had not had the duplicate check
software working properly or if Susan and Betty had conspired
to modify the original paper checks before re-depositing them,
the bank could have been liable for some big bucks. This cti-
tious example could easily have happened.
Banking industry experts report that check processing
is moving rapidly away from the traditional paper methods
and toward the processing of electronic images of checks. As
of August 2011, almost 70 percent of all institutions are now
receiving check images, according to CheckImage Central.
(See www.checkimagecentral.org.) With the implementation
in 2004 of the Check Clearing for the 21st Century Act, or
Check 21, auditors and CFEs cannot afford to ignore the new
risks and challenges associated with processing of increasingly
larger volumes of electronic check images.
Even with so many more consumers and businesses pay-
ing their bills electronically, checks are still the standard for
many. The major impetus for banks moving to check images
is that electronic processing costs much less than paper check
processing. Historically, paper processing had been a cumber-
some procedure that required physically moving millions of
paper checks through the banking system.
Before Check 21 processing, when a person deposited
a paper check in his bank, that person would be credited
for the amount of the deposit. Then, at the end of the day,
the bank would sort that days processed paper checks and
forward them to the Federal Reserve or another check-
clearing entity where the checks would be cleared. The
paper checks then would be sorted and sent back to the banks
the checks were drawn on (and in some cases returned to the
check writer). Grounded planes following the terrorist attacks
of 9/11 caused major delays in check processing and brought
increased awareness to antiquated paper-check procedures.
A number of electronic payment processing technologies are
now in wide use, including Check 21 technology.
Under Check 21 processing, paper checks are scanned,
and the images are used to process the checks. Alternatively,
banks that desire to continue receiving and processing paper
checks may print and process copies of the images, called sub-
stitute checks. The substitute checks are the legal equivalent
of the original checks and can be used to document payments
in the same way that cancelled scanned checks would.
Although compliance with Check 21 is not manda-
tory, most banks are expected to invest in check imaging
technology eventually to take advantage of the projected
costs savings. So far, the adoption from paper to digital has
been slower than expected as the banking world upgrades its
Check 21 Can Make Fraud Easier
Be Alert to Changes in Check-Imaging Technology
By Linda Lee Larson,
DBA, CFE, CPA,
CISA
B
January/February 2012 17
FraudBasics
technology for image processing. The underlying cause of
the delay has been the signicant investment in the technol-
ogy required to both create and process check images and
substitute checks. Sources in the banking world in 2004
estimated a cost of $1.5 billion to $2.5 billion to fully imple-
ment Check 21 technology in the U.S. [See The Domino
Effect of Check 21, by J.D. (Denny) Carreker, http://tinyurl.
com/7yuxjrc.] The Federal Reserve expects that the use of
substitute checks should decline as more banks have the
technological capability to process check images directly.
THE CRUX OF THE PROBLEM
Check truncation the process of digitally scanning paper
checks greatly increases the chances of a check being
processed twice, either accidentally or fraudulently. Dupli-
cate check processing occurs when a business uses remote
processing to scan incoming checks and also drops the paper
checks off at a bank branch. The branch then forwards the
paper check to the Federal Reserve to be processed. Thus, as
in the opening case, checks can be processed twice.
Before Check 21, duplicate check processing rarely hap-
pened. However, American Banker magazine now estimates
that duplicate check processing is a $500 million problem,
which accounts for about half of the total check fraud in the
U.S. (See Seeing Double, by Glen Fest in American Banker,
Nov. 1, 2010, http://tinyurl.com/7dkt8jx.)
Whether done by accident or fraudulently, duplicate
check processing is becoming increasingly more expensive
to weed out. Many believe that the new technology creates
a unique opportunity for fraudsters. The problem is expected
to increase as the remote deposit capture continues, especial-
ly as consumers are using smartphones to capture deposits.
(That has to be the subject of another column.)
The banking industry, recognizing this problem, has
developed software to identify checks that are deposited
twice, but it is not foolproof. It tends to create false positives
because the software only identies checks that are identical
in amount and payee. Complicating the situation further is
when fraudsters get involved and change the payee and/or
the amount of the check. The duplicate identication soft-
ware is not designed to identify this type of fraudulent check.
Reformed con man Frank Abagnale has said that banks
are generally liable for ordinary care, according to U.S.
Uniform Commercial Code (UCC) 4-103, and the bank that
accepts a fraudulent check paper or electronic image is
liable for any losses. Therefore, the banking industry has a
real stake in doing what it can to reduce these losses. (See
UCC provisions at http://tinyurl.com/725p8zv and Check
Fraud: A National Epidemic, by Frank Abagnale, New Jer-
sey CPA, May/June 2010.) This is where CFEs can help.
High-tech fraudsters are always looking for new ways
to access and manipulate digitized information. Basically,
substitute checks may be altered, counterfeited, duplicated
and/or created from scratch. If a payment is in question, only
the substitute check image can be accessed. The result is that
proving alterations and forgeries becomes even more difcult
because many of the traditional security features so evident
on paper checks are lost when the originals are scanned in
the clearing process. In addition, with no actual cancelled
paper checks to examine, evidence of counterfeiting, forgery
and alterations (such as ngerprints) are not available for the
auditor or CFE.
Systems controls need to be in place and working prop-
erly to prevent unauthorized persons from accessing elec-
tronic check processing data and to protect private customer
information. CFEs can help implement these controls. Also,
CFEs must keep current on changes in check-imaging technol-
ogy and auditing electronic payment controls. Multiple lines of
defense are needed to prevent problems. CFEs need to monitor
controls to prevent/detect duplicate check processing.
VIGILANT WATCHDOGS
Electronic check processing technologies may make check
fraud crimes harder to prove, especially if a jury is involved.
It is important that consumers, businesses and banks are
aware of the possible risks and take appropriate steps to
protect themselves and their sensitive data. Electronic check
processing is here to stay, and auditors and CFEs need to
be ready to meet the challenges. Unless the watchdogs are
vigilant, the community has to deal with increasingly more
sophisticated fraudsters trying to commit electronic check
fraud using altered substitute checks or check images.
Linda Lee Larson, DBA, CFE, CPA, CISA, is
an associate professor of accounting at Central Washington
University Lynnwood Center in Lynnwood, Wash. Her
email address is: LarsonL@cwu.edu.
Before Check 21, duplicate check processing
rarely happened. However, American Banker
magazine now estimates that duplicate check pro-
cessing is a $500 million problem, which accounts
for about half of the total check fraud in the U.S.
18 Fraud-Magazine.com
Fraud In
Houses Of Worship
What Believers
DO NOT
Want to
BELIEVE
By Robert M. Cornell, Ph.D., CMA, Educator Associate; Carol B. Johnson,
Ph.D., Educator Associate; and Janelle Rogers Hutchinson
Cara Bresette-Yates/iStockphoto
January/February 2012 19
n accounting professor who teaches a fraud investigation class re-
cently told a story about a student in her class who approached
her for help on a personal project. The students church had
asked the student to attempt to determine the dollar amount of damages
in a recent embezzlement. The perpetrator, a former church secretary, had
been defrauding the 200-member church for 18 months by writing herself
duplicate paychecks, stealing cash from donation deposits and taking out
credit card accounts in the church name, among other schemes.
The church discovered the fraud when the secretary was called away
for a family emergency, and the previously inattentive manager received
a phone call about an unpaid credit card bill. The manager did not know
the credit card existed. Because the church had not segregated employee
duties, the secretary had free rein over all aspects of church nances: she
kept the books, paid all the bills, handled cash receipts, managed the pay-
roll, issued paychecks and reconciled the bank account. The sky was the
limit for her fraud. A simple search of public records would have revealed
that the secretary was in nancial trouble a serious red ag for fraud.
But the church did not conduct that search until it was too late.
The professor was not surprised by such a common scheme. However,
she was taken aback when she opened the students work le to review
the case. She recognized the name of the perpetrator as a secretary in her
church and conrmed this identity by questioning the student investiga-
tor. Internal controls in the professors church were a bit better it had
segregated some accounting duties but were still insufcient. In fact,
internal controls were bad enough that no one could ever know if the
secretary stole from the professors church.
It was quite common for people to drop cash and checks by the
church ofce during the week and leave them with the secretary for use
in special funds, such as one to aid local homeless people. It would have
been easy for the secretary to simply pocket some of the funds, and no
one would have been the wiser. The secretary eventually resigned; it is
unknown if she stole from the professors church during her tenure there.
She was replaced with another secretary who had her own nancial prob-
lems her home was in foreclosure within six months of taking the job.
The professor advised church ofcials that they needed to improve
internal controls, but the staff members believed that no one would ever
do such a thing here. Indeed, fraud examiners who deal with nances,
fraud and internal controls in houses of worship may be labeled over-
reacting conspiracy theorists when they tell church staffs they may have
fraudsters in their midst. However, fraud examiners know that houses of
Houses of worship are particularly vulnerable to
fraud, but most feel they are impervious. The authors
provide reasons why churches feel so bulletproof and
seven practical steps fraud examiners can use to help
churches stop fraud in its tracks.
A
20 Fraud-Magazine.com
FRAUD IN HOUSES OF WORSHIP
worship churches, synagogues, temples, mosques etc. are
among the most vulnerable entities.
WHY are CHURCHES SO VULNERABLE?
Churches typically emphasize the importance of good acts and
deeds, so we might expect their tone at the top would protect
them from fraud. Not so. A variety of factors lead to the op-
posite situation. Donald Cresseys research on the fraud triangle
showed that pressure, opportunity and rationalization are pres-
ent in almost all frauds. (See pages 10 through 14 of Occupa-
tional Fraud and Abuse, by Dr. Joseph T. Wells, CFE, CPA.)
However, some forms of these three elements are more preva-
lent in houses of worship.
PRESSURES AND RATIONALIZATION
In many cases, ministers, secretaries and other staff members in
houses of worship are expected to work long hours on paupers
wages for the love of a deity, while mingling with the wealthi-
est of society. These working conditions can create resentment,
desperation and rationalization, such as they owed it to me.
Church staff and volunteers can also face nancial prob-
lems from feeding vices and addictions. A pastor or church mem-
ber with a serious vice likely will feel that any resulting nancial
pressure is highly non-shareable. Cressey emphasized that the
non-shareable aspect of a pressure made it a particular impetus
for fraud.
OPPORTUNITY
Churches might be the poster child for fraud opportunity for a
variety of reasons. First, they tend to be small organizations. The
ACFEs 2010 Report to the Nations found that fraud happens
most frequently in entities with less than 100 employees a
category that would include most houses of worship. Because
of their small size, churches tend not to be willing or able to
hire professionals who have signicant nancial expertise or are
knowledgeable about internal controls. Also, by default, small
organizations nd it difcult to adequately segregate duties or
install independent checks.
Secondly, trust among employees and volunteers fuels
church engines. Unfortunately, church cultures foster the belief
that trust is an adequate control a fallacy that can create af-
nity frauds, such as the $78 million fraud that Daren Palmer, a
pillar of his church, perpetrated against members. (http://tinyurl.
com/4xae883) Because of the tight-knit culture, it is common
for churches to hire family members and close friends, which
increases opportunities for collusion.
Also, churches often do not create the perception of con-
sequences that is necessary to deter fraud. History and human
nature show that when a fraud does occur in a church, staff
members often hide the crime so they will not upset members
and other potential donors. In the opening case of the embez-
zling church secretary, the fraud at the rst church was never
publicized or prosecuted because a close relative of the secretary
was a signicant donor to the church and a powerful member of
the church board. In addition, U.S. nonprots generally are not
tightly regulated. State attorneys general and the Internal Reve-
nue Service (IRS) are the only entities in a position to provide regu-
latory oversight to churches. Attorneys general are typically preoc-
cupied with other issues. And churches are exempt from the rule
that nonprots must le informational tax returns with the IRS. So
only parent denominations, church governing boards and possibly
church members are likely to be privy to nancial information.
DO THEY REALLY BELIEVE IT CANNOT
HAPPEN IN THEIR CHURCH?
To get a feel for churches perceived fraud invincibility, we in-
terviewed individuals who provided nancial oversight in 132
U.S. houses of worship. Our survey included a broad variety
of denominations (primarily Christian) of differing member-
ships, annual budgets and numbers of employees. Memberships
ranged from 25 to 37,500, with an average of 1,168 and a medi-
an of 425. Annual budgets ranged from $10,000 to $30 million,
with an average budget of $1,089,045 and a median budget of
$430,000. Figure 1 illustrates the distribution of church bud-
gets. Most of these churches had at least a few paid employees,
and some were afliated with national or international denomi-
nations providing some oversight role.
Fraud had indeed reared its ugly head with 13.4 percent of
the church leaders acknowledging they had experienced a fraud
in their organizations within the previous ve years. The esti-
mated sizes of the frauds ranged from a few dollars to $35,000.
We suspect that the actual frequency and dollar amount of fraud
were seriously underreported for two reasons.
First, our interviews indicated that churches generally
lacked proper internal accounting controls, including segrega-
tion of duties, and that even if those controls were in place, the
churches did not consistently follow them. The reported levels
of controls in most of these institutions were so poor that they
probably harbored many undetected frauds. For example, most of
the churches we surveyed did not separate record keeping from as-
36%
$0 $250,000
17%
$250,000
$500,000
12%
$500,000
$750,000
7%
$750,000 $1 million
28%
Over $1 million
Figure 1: Budget Range of Churches Surveyed
January/February 2012 21
FRAUD IN HOUSES OF WORSHIP
set custody, particularly with respect
to the payment of expenses. Also,
in most cases, the same person who
wrote the checks also reconciled the
bank statements. Figure 2 illustrates
the frequency of various control vio-
lations that we found in churches.
The second reason we suspect
underreporting is that it is likely
that some interviewees were un-
willing to admit frauds, or their
churches did not tell them about
discovered crimes. Ministers and
church elders are accustomed to
holding the sins of their ocks
close to the chest, and this empha-
sis on condentiality may prevail
even in the case of white-collar
sins. The cloak of secrecy may mean that the right hand does
not know what the left hand is doing within the church. Also, in
the same way that those who have been scammed are often too
embarrassed to admit their victimhood, church ministers and oth-
er nancial leaders may be hesitant to reveal their vulnerability.
We asked interview participants how vulnerable they
thought their organizations were to employees or members il-
legal or unethical nancial actions. Despite generally poor levels
of controls, none of the respondents even those in organi-
zations that had experienced fraud felt their organizations
were extremely vulnerable. Almost a fourth said they were not
vulnerable at all to fraud, and nearly two-thirds said they were
only slightly vulnerable. Table 1 on page 22 presents the percep-
tions of vulnerability to fraud within churches that experienced
a fraud within the last ve years and those that had no report-
ed fraud over the same period. Overall, most believed that it
wasnt going to happen here.
WHY DO THEY FEEL SO BULLETPROOF?
The lack of a realistic perception of vulnerability is driven by
several psychological mechanisms including overcondence, ig-
noring base rates and conrmation biases.
Overcondence
Overcondence is a particularly difcult psychological barrier
to overcome, even among those with high levels of education.
Psychologists and economists, who have studied the overcon-
dence phenomenon since the 1960s, nd that this mindset re-
sults from two factors. One might be called the Lake Wobegon
effect (from Garrison Keillors A Prairie Home Companion):
we all think we are above average.
1
Secondly, we tend to have
an illusion of control over circumstances.
2
The combination of
these two factors leads to unrealistic optimism. Researchers nd
that people are more overcondent when they are faced with
difcult or very difcult tasks. The hard-easy effect suggests
that they are more vulnerable to fraud when 1) it is difcult to
assess the likelihood of fraud, and 2) they lack the skills to ap-
propriately safeguard their most valuable assets.
Ignoring Base Rates
Cognitive researchers nd that even when people are provided
information on the likelihood of fraud, they tend to ignore
base rates. (A base rate can be dened as the average num-
ber of times an event occurs divided by the average number of
times on which it might occur.) Consequently, if we were to tell
a group of church leaders that 20 percent of all houses of wor-
ship (a hypothetical number) are likely to be victims of fraud
within the next ve years, their over-optimism will lead almost
all of them to conclude that they will not be victims of fraud.
In other words, people tend to place themselves into the group
that is not affected by frauds instead of accurately assessing if
their particular situation is more reective of the group that
will experience a fraud.
Conrmation Bias
Auditors and fraud examiners do not tend to conclude that as-
sets are safe unless they have assessed the quality of the controls
in place. The average Joe, however, suffers from a conrma-
tion bias. In other words, Joe will rely too much on conrm-
ing evidence, such as we have never had a fraud before. At
the same time, he will dismiss contradictory arguments, such as
we do not have adequate controls in place. This bias increases
with the amount and strength of conrming evidence. It will
decrease with contradictory evidence but at a much slower rate.
3
Walt Pavlo, the perpetrator of a multi-million dollar fraud
at MCI and WorldCom, expressed conrmation bias well. At the
Oklahoma State University 2008 Financial Reporting Conference,
he was asked where the auditors were while he was committing his
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
No checking references
No criminal background checks
Related parties on board of directors
Same person deposits receipts and
reconciles bank statements
No financial expert on board
No term limits for financial volunteers
Same person records and
deposits receipts
No credit checks for employees
No required vacations
No surprise audits
Figure 2: Control Problems in Churches
87%
80%
78%
72%
67%
51%
48%
47%
20%
13%
22
FRAUD IN HOUSES OF WORSHIP
crime, which involved overstatement of receivables. His response:
No one wants to question good news. In the for-prot world, the
evidence has shown that excessively high revenues are a much big-
ger red ag for fraud than excessively low revenues.
HOW TO HELP
Based on our survey ndings and observations, we offer seven
steps fraud examiners can take to help churches avoid fraud:
1. Freely lend your expertise to small nonprots and church
boards to help them understand and implement the concept
of separation of duties and independent checks.
2. Help them understand that checks are cash only more
vulnerable. You could explain this by saying, If someone
steals a $1 bill from you, the most they have stolen is $1. If
they steal a $1 check from you and then add a few zeroes,
they have stolen much more.
3. Combat overcondence through education and training.
Church boards must understand that trust is never an effec-
tive internal control.
4. To achieve adequate perception of detection and conse-
quences, encourage church boards to be open and forth-
coming about problems and consequences and to prosecute
when appropriate. Such prosecutions could have prevented
the secretary in our opening story from moving to the next
church to possibly do the same thing.
5. While churches may be in the business of bringing the good
news, it is a good idea to remind them that at least when it
comes to nancial affairs, they should always question news
that is too good to be true.
6. Church leaders are becoming aware of the need (and some-
times the legal requirement) to conduct background checks
to specically nd sex-related crimes. Help them understand
that they also can use criminal and credit checks to protect
the churchs nancial assets and help ensure that donors
wishes are honored by applying donor funds to good deeds,
rather than using them to feather the fraudsters pockets.
7. While we have a psychological tendency to ignore base rates,
we tend to respond to stories. These stories help bring the
reality home; so share stories about church frauds. And if you
are feeling really brave, leave a few copies of Fraud Magazine
in the church library.
Individuals who contribute to religious institutions or other
nonprots do so with the intent that their sacrices will help the
institution and/or the parties it serves. Fraud examiners can help
these institutions ensure good stewardship over these resources
and prevent the unintended distribution of resources to the pock-
ets of fraudsters. An essential element of providing this help in-
volves convincing them that yes, it can happen here.
Robert M. Cornell, Ph.D., CMA, ACFE Educator
Associate, is an assistant professor of accounting in the Oklahoma
State University Spears School of Business. His email address is:
robert.cornell@okstate.edu.
Carol B. Johnson, Ph.D., ACFE Educator Associate, is the
Masters of Science coordinator and Wilton T. Anderson Professor
of Accounting in the Oklahoma State University Spears School of
Business. Her email address is: carol.johnson@okstate.edu.
Janelle Rogers Hutchinson is a Masters in Accounting student
at Oklahoma State University. Her email address is:
janelle.rogers@okstate.edu.
1
Alicke, M. D., & Govorun, O. (2005). The better-than-average
effect. In M. D. Alicke, D. Dunning & J. Krueger (Eds.), The self in
social judgment. 85-106. New York: Psychology Press.
2
Gino, F., Sharek, Z., & Moore, D. A. (2011). Keeping the illusion
of control under control: Ceilings, oors, and imperfect calibration.
Organizational Behavior & Human Decision Processes, 114, 104-114.
3
Juslin, P., Winman, A., & Olsson, H. (2000). Naive empiricism and
dogmatism in condence research: A critical examination of the hard-
easy effect. Psychological Review, 107, 384-396.
Fraud Occurred
in Last 5 Years
Perception of Vulnerabilit y to Fraud
Not Vulnerable
Slightly
Vulnerable
Vulnerable Very Vulnerable
Extremely
Vulnerable
Grand Total
Yes 24% 53% 17% 6% 0% 100%
No 25% 66% 6% 3% 0% 100%
Total 24% 64% 9% 3% 0% 100%
Table 1
Help them understand
that checks are cash
only more vulnerable.
Sue Colvil/iStockphoto
January/February 2012 23
Example 1
A husband and wife served as treasurer and assistant treasurer
in a small church in North Carolina. When their business began
failing, they stole several thousand dollars from the church by
simply writing checks to themselves over a three-year period. The
fraud was discovered when a contractor complained that he had
not been paid for work on the church property. (http://tinyurl.
com/2e2gm2w)
Example 2
Three unrelated individuals who served as ofce manager, facilities
manager and a volunteer in a California church colluded to steal
$500,000 from the church coffers to fund extravagant lifestyles.
The threesome carried out their thefts by issuing fraudulent checks
and making inappropriate use of credit cards. The theft was discov-
ered when the church pastor became suspicious and reported the
theft to the nance committee. (http://tinyurl.com/66cqchg)
Example 3
The pastor of a large Ohio church commingled funds, laundered
money, tampered with records, forged documents and sold 19
acres of church land to steal more than $1 million from his church
and cover his tracks. The proceeds were used to buy cars, a boat,
a pool and hair treatments in addition to funding private-school
tuition for his children. When a church employee reported that
funds were missing, it took two years to investigate the crime before
charges were led. (http://tinyurl.com/6dpnvch)

Example 4
The business manager of an Oklahoma church was accused of
embezzling $140,000 to pay her personal expenses. The alleged
theft was discovered when the bank notied the church of an over-
drawn account. The suspect said she could not have stolen that
much money because the church was audited every year.
(http://tinyurl.com/6bpqblr)
It Can Happen in Your Neighborhood
Theres so much to learn in order to be an effective fraud ghter where do
you start? Right here, with Principles of Fraud Examination. This course is the
foundation of the ACFEs curriculum and is recommended for all anti-fraud
professionals. Whatever industry or area of specialization you end up in, you
will benet from a solid understanding of the fundamentals of the four key
areas of fraud examination:
Fraud Prevention and Deterrence
Legal Elements of Fraud
Fraudulent Financial Transactions
Fraud Investigation
Solid Fundamentals for All Anti-Fraud Professionals
Learn from the experts at
Principles of Fraud Examination
Austin, TX
|
April 30 - May 3, 2012
Build your anti-fraud career on a solid foundation
register online at ACFE.com/POFE by March 30 to save an additional $200!
A major, multimillion sports ticket fraud at the Universit y of Kansas
highlights how CFEs can help convince administrators and boards
to reassert control over their athletics departments. The answer
could be independent oversight.
By Herbert W. Snyder, Ph.D., CFE; and David OBryan, Ph.D., CFE, CPA, CMA
n June 30, 2009, David Freeman pleaded guilty to
conspiracy to commit bank fraud as part of a federal
bribery case. Anxious to please the judge prior to
his sentencing, he provided investigators with in-
formation about theft and resale of football and basketball
tickets at the University of Kansas (KU). Freeman ngered
two individuals, one of whom was exonerated while the
other proved to be central to the case.
Freeman had his sentence reduced from 24 to 18
months, which his attorney said was an inadequate re-
ward for the information he had provided, according to
Developer source in KU ticket scandal, by Steve Fry,
in The Topeka Capital-Journal, April 22, 2010. (http://
tinyurl.com/24wwss9)
Federal authorities contacted KU ofcials in late 2009.
Under increasing pressure, KU announced in March 2010
that it had retained the services of the Wichita ofce of
Foulston Siefkin LLP to conduct an internal investigation.
Assisted by a forensic accounting rm, Foulston Siefkin
found that six employees had conspired to improperly sell
or use approximately 20,000 KU athletic tickets mostly
to basketball games, including the Final Four tournament
from 2005 through 2010. The sales amounted to more
than $1 million at face value and could range as high as
$3 million at market value. Even worse, the investigators
were unable to determine how many of the tickets were
sold directly to brokers because the employees disguised
these distributions into categories with limited account-
ability, such as complimentary tickets, according to Uni-
versity of Kansas athletic tickets scam losses may reach
$3M, in the Kansas City Business Journal, May 26, 2010.
(http://tinyurl.com/3nvaf76)
The investigation did not examine years prior to 2005
because the athletics department did not retain those re-
cords. The investigation of KUs ticket sales and fundrais-
ing operations by federal authorities continued throughout
2010 and 2011.
KUs internal investigation, which was released May 26,
2010, implicated the associate athletic director for develop-
ment, the associate athletic director for the ticket ofce, the
assistant athletic director for development, the assistant ath-
letic director for sales and marketing, the assistant athletic
director for ticket operations and the husband of the associ-
ate athletic director for the ticket ofce who had been work-
ing for KU as a paid consultant.
WHAT ACTUALLY HAPPENED?
The accused allegedly abused the complimentary ticket
policies of the university in three ways:
First, ofcial policy allowed for certain athletic ofce
employees to receive two complimentary tickets for each
athletic event provided they would not resell them. In-
stead, the athletic department routinely gave each of these
employees more than two tickets for each event and tacitly
permitted, if not overtly encouraged, reselling.
Second, the development/fundraising arm of the ath-
letic ofce was permitted to use complimentary tickets to
cultivate relationships with prospective donors. However,
these ofcials helped themselves to many more complimen-
tary tickets than they could have reasonably needed.
Third, athletic department members improperly used
or resold complimentary tickets reserved only for chari-
table organizations.
The culprits concealed these thefts by simply charg-
ing tickets to such ctitious accounts as RJDD Rod-
ney Jones Donor Discretionary and not recording the
ultimate recipients. (Jones was the assistant athletic di-
rector for development and one of the two persons the
informant identied.)
By 2009, a cover-up compounded the original
schemes. When the 2008-2009 basketball ticket sale re-
cords could not be reconciled, Charlotte Blubaugh told
Brandon Simmons and Jason Jeffries to move documents
from the athletic ofce to the football stadium where she,
Ben Kirtland and Tom Blubaugh would destroy them on a
weekend and then attribute their absence to construction at
the stadium, according to Foulston Siefkins nal report to
the KUs general counsel.
In a separate scheme, the husband of the associate
athletic director for the ticket ofce, who was supposedly em-
ployed as a consultant to the athletic department, received
payments totaling $116,500, all approved by the associate
athletic director for development. Apparently, the husband
did not provide any services in exchange for these payments.
Importantly, no allegations or evidence suggested
that any players, coaches or university administrators out-
side athletics were involved in these crimes. The athletic
director was not involved in the scheme but accepted re-
sponsibility for the lax oversight that contributed to its
extent and duration. Athletics ofce employees solely
perpetrated these frauds.
o
Daniel Padavona and Charles Mann/iStockphoto
26 Fraud-Magazine.com
So how did the frauds go undetected for at least ve years?
And what can anti-fraud professionals do to prevent situations
like this?
WHY COLLEGE ATHLETIC PROGRAMS
ARE VULNERABLE TO FRAUD
The KU ticket scandal is not unique. It is merely the most recent
and largest among nancial scandals in college athletic depart-
ments that have included the University of Louisville, the Uni-
versity of Colorado and the University of Miami. What happened
at KU is a combination of separate, but related, problems that
have become increasingly common in college athletic programs:
Major athletic programs generate and spend huge sums of money.
These programs frequently lack transparency in their nances.
Athletic programs often operate independently of university
oversight.
As we have seen, the frauds at KU were not particularly so-
phisticated. (For example, the associate athletic director for the
ticket ofce used multiple dummy accounts for ticket purchasers
with business locations that matched her home address.) The
difculty anti-fraud professionals face is not designing or imple-
menting nancial controls; the challenge is convincing senior
administrators and oversight boards to reassert control over their
athletic departments so that existing controls will be effective.
A higher-education institution often uses a top-down, com-
mand-and-control structure on the eld or in the gym to build
successful sports programs. However, that school might inappro-
priately use that same approach to administer the business side
of athletic programs. Fraud examiners who deal with intercol-
legiate athletics should be aware of the following factors, which
may predispose athletic programs to fraud:
College sports are a lucrative target for frauds
Part of the difculty in dealing with ticket sale frauds in col-
lege athletics is that the sheer volume of money invites theft.
According to most recent gures available from the National
Collegiate Athletic Association (NCAA) and compiled by
ESPN (The money that moves college sports, March 3, 2010,
by Paula Lavigne, http://tinyurl.com/yf5d9vw), the 120 schools
that comprise the Division I Football Bowl Subdivision gener-
ate more than $1.1 billion from ticket sales each year. Of these,
the top ve schools raise between $30.6 million and $44.7 mil-
lion. (By comparison, KU is large but not exceptional. During
the same period, the KU athletic programs spent more than $65
million and generated more than $17 million in ticket sales.)
College sports increasingly value winning over good
nancial stewardship
The inherent risk that surrounds such large sums of money is
compounded by the intense pressure athletic programs face to
win games and increase their television exposure. As the Knight
Commission observed in its 2009 report on college athletics:
The growing emphasis on winning games and increasing
television market share feeds the spending escalation because of
the unfounded yet persistent belief that devoting more dollars
to sports programs leads to greater athletic success and thus to
greater revenues. (Restoring the Balance: Dollars, Values and
the Future of College Sports, http://tinyurl.com/yjvr9kp)
This situation, albeit in different contexts, is common to
many businesses that experience fraud. High revenues combined
with a focus on growth at all costs often lead to situations in
which organizations outstrip their own control structures and
invites unscrupulous employees to siphon funds.
Sports tickets are inherently valuable and easily convertible to cash
Athletic departments maintain an inventory of valuable, readily
exchangeable assets in the form of tickets. An active secondary
market, including ticket brokers, scalpers and casual sales among
ticket holders, facilitates the unauthorized, difcult-to-trace re-
sale of these tickets. This is exacerbated when the market value
of the tickets frequently exceeds their considerable face value by
a wide margin.
Also, custodians of complimentary tickets can wield great
power and inuence over those who want these coveted assets.
Otherwise good people may turn a blind eye to wrongdoing if
tempted, for example, by free tickets to the Final Four or a BCS
bowl game.
College athletic departments frequently lack transparency
in their operations
Lack of access to information is a classic condition for facilitat-
ing fraud. The nancial reporting that university athletic de-
partments require varies widely in the amount and quality of
information that they make publicly available. The U.S. Equity
in Athletics Disclosure Act, for example, requires colleges to
FRAUD IN COLLEGIATE ATHLETICS
Part of the difficulty in dealing with ticket
sale frauds in college athletics is that
the sheer volume of money invites theft.
Jon Helgason/iStockphoto
Melinda Wilp, CPA
Make an investment in yourself.
Become a Certied
Fraud Examiner.
Great job! Well organized, very engaging and I learned a
lot. Very worthwhile class. I did not feel a minute of my time
was wasted.

See more information about the CFE Exam Review Course at ACFE.com/CFE-Exam
UPCOMING COURSES:
January 30 February 2, 2012
Dallas, TX
NEW LOCATION!
March 26 29, 2012
Singapore
April 16 19, 2012
Las Vegas, NV
July 23-26, 2012
Boston, MA
August 27 30, 2012
Chicago, IL
September 17 20, 2012
Washington, DC
October 15 18, 2012
New York, NY
November 5 8, 2012
Austin, TX
Benets of Attending the CFE Exam Review Course:
Structured Learning Learn how to prepare for the CFE Exam
Fast Track Immerse yourself in an intense, 3 day
preparation period
Instructor-Led Receive guidance from experienced instructors
Interactive Sessions Participate in open discussions on a
variety of topics in fraud prevention
Team Environment Meet others preparing for the CFE
Exam and practicing CFE instructors to help you organize study
sessions to review materials, and provide you with tips and
processes designed for the working professionals busy schedule
When you are able to set some time aside and take away all the distractions, its
amazing what you can learn. The CFE Exam Review Course offers you four days of
guidance from experienced instructors, giving you all the tools you need to
prepare for and pass the CFE Exam.
According to the 2010/2011 Compensation Guide for Anti-Fraud Professionals,
CFEs earn nearly 22% more than their non-certied colleagues.
Distinguish yourself as an expert in the eld by attending our CFE Exam Review Course.
28 Fraud-Magazine.com
le annual reports with the U.S. Department of Education.
However, compliance requires only six areas of expense an
overly broad set of categories that allows wide variation among
institutions. The situation is a bit ironic when we consider that
many Division I schools such as The University of Texas with
yearly athletic revenues of $44 million, or Alabama, with an an-
nual athletic budget of $126 million rival or exceed for-prot
rms but without the same reporting requirements imposed by
the U.S. Securities and Exchange Commission or IRS, accord-
ing to Lavignes 2010 ESPN article.
Frequently, a single individual controls the daily nancial man-
agement of an athletic department and is not subject to nancial
controls and oversight normally found in prot-making entities.
This trend to place all the power in one person often be-
gins at schools with highly successful coaches. According to the
Knight Commissions 2009 review of college presidents, a ma-
jority believes that the inuence of outside money has eroded
their ability to control coaches and their programs. (Quantita-
tive and Qualitative Research with Football Bowl Subdivision
University Presidents on the Costs and Financing of Intercol-
legiate Athletics, http://tinyurl.com/yjvr9kp)
The trend has continued from coaches to omni-competent
athletic directors. John Gasaway, in his blog, Basketball Prospec-
tus, has gone so far as to christen this effect, the Lew Perkins
Fallacy. (He takes the name from the former KU athletic director,
who resigned in the wake of the ticket scandal, but the phenome-
non is by no means limited to the KU program.) The fallacy is that
presiding over an operation that generates an enormous amount of
revenue justies an enormous salary: $65 million and $4 million
for KU and Lew Perkins, respectively. (Jayhawks see through the
Lew Perkins Fallacy. Will others? http://tinyurl.com/3vrok9d)
Apart from the pressure that large salaries place on univer-
sity nances, they create two additional but related problems.
Winning athletic events does not necessarily translate into
managerial or nancial competence. Winning may actually con-
tribute to nancial mismanagement because it promotes an aura
of invincibility, which could lead to lax oversight. Who wants
to kill the proverbial goose that is laying the golden eggs? KUs
athletic director, according to Gasaway, lost millions of dollars
in potential revenue for the university.
A second problem is that private sources often pay the large
salaries. A number of college presidents noted in the Knight
Commission study that they are losing control over athletics as
schools are accepting more outside sources of income, such as
television contracts or private fundraising, to pay athletic salaries.
Ticket audits may require specialized testing
Most colleges provide free or reduced-price tickets to major or
prospective donors. That group changes from game to game. So,
athletic departments need to test internal controls and reconcile
actual game attendance with revenues to ensure that the ticket
ofce is not overly generous with its donor tickets.
As the KU scandal illustrates, it is absolutely critical that
someone independent from the athletic department perform
timely reconciliations after each event to ensure adequate seg-
regation of duties.
Schools that provide free tickets to employees need addi-
tional controls and tests. In most cases, complimentary tickets
should be reported as part of employees taxable income. Simi-
larly, controls need to be in place to make sure that employees
do not receive more tickets than they are allowed by their em-
ployment contracts. (Regardless, it seems to be more than a lack
of specialized training that caused Kansas auditors to overlook
the scandal during their periodic reviews of the ticket sales as
shown by the multiple front organizations using the ticket direc-
tors home address.)
REASSERTING CONTROL OVER COLLEGE ATHLETICS
Whether big-money sports are appropriate for universities is a
topic beyond the scope of this article. However, large revenue
streams are likely to remain an integral part of intercollegiate
FRAUD IN COLLEGIATE ATHLETICS
Winning may actually contribute to
financial mismanagement because it
promotes an aura of invincibility,
which could lead to lax oversight.
Brandon Laufenberg/iStockphoto
January/February 2012 29
athletics. The obvious course for universities, barring reducing
sports, is to become better stewards of their athletic resources.
More specically, the same aspects of college sports that spawned
the scandal at KU and other universities should be the focus of
improvements, including better transparency and oversight.
Transparency
Public disclosure of an organizations nances is a powerful de-
terrent to numerous types of fraud. Although the U. S. Depart-
ment of Education requires universities to report some data for
athletic programs, it is difcult to compare these disclosures
among institutions because the law requires reporting only in
very broad categories. The NCAA requires reporting with great-
er detail. However, the public rarely sees such data. Moreover,
the NCAA allows much leeway on the ways universities can
categorize such data.
A uniform system of accounts and reporting would promote
comparability and consistency among programs. To increase ac-
curacy and reliability, information provided to external parties
should come from universities central nancial administrations,
not directly from their athletic programs. A university inter-
nal audit function should be actively involved to enhance the
quality of reported information. The external agencies receiv-
ing these reports should post them on the Internet to promote
openness and transparency and so independent watchdogs can
scrutinize them for evidence of wrongdoing.
Oversight
As with any other organization, simply installing better anti-
fraud controls is not sufcient to deter fraud. A standard of fraud
prevention is that controls are only as effective as the people
who use them. A lesson from the KU case is that athletic depart-
ments require independent oversight.
If it is true, as the Knight Report suggests, that university
presidents feel they are unable to do this directly, then universi-
ties must seek other bodies to provide the oversight. Potential
candidates include private university accrediting bodies, state
boards of higher education or a universitys board of governors.
Together with improved reporting standards, the move to inde-
pendent review would remove the process from the more political
atmosphere of university presidents and their competing needs to
run their schools, raise funds and have winning athletic programs.
KU EPILOGUE
Since the scandal broke at KU, federal and state authorities
have continued their investigation, which as of press time has
thus far resulted in seven indictments and seven guilty pleas:
Jason Jeffries, assistant athletic director for ticket opera-
tions, pled guilty to one count of misprision and was sentenced
to two years of probation and $56,000 restitution.
Brandon Simmons, assistant athletic director for sales and
marketing, pled guilty to one count of misprision and was sen-
tenced to two years of probation and $157,840 restitution.
Both Jeffries and Simmons cooperated in the investigation
from an early stage and received relatively light sentences.
Kassie Liebsch, athletic department systems analyst, pleaded
guilty to one count of conspiracy to commit wire fraud and was
sentenced to 37 months and $1.2 million restitution. Liebsch was
not identied as a co-conspirator in the spring 2010 investiga-
tion. She continued to work at KU until the day of her indict-
ment, Nov. 18, 2010.
Rodney Jones, assistant athletic director for development,
pleaded guilty to one count of conspiracy to commit wire fraud
and was sentenced to 46 months and $1.2 million restitution.
Charlette Blubaugh, associate athletic director for the ticket
ofce, pleaded guilty to one count of conspiracy to commit bank
fraud and was sentenced to 57 months and $2.2 million restitution.
Tom Blubaugh, paid consultant to KU and husband of
Charlette Blubaugh, pled guilty to one count of conspiracy to
commit wire fraud and was sentenced to 46 months and nearly
$1 million restitution.
Ben Kirtland, associate athletic director for development,
pleaded guilty to one count of conspiracy to commit wire fraud.
He was sentenced to 57 months and nearly $1.3 million resti-
tution, including about $85,000 to the U.S. Internal Revenue
Service and the balance to Kansas athletics.
After the story broke, Athletic Director Perkins announced
he would retire in September 2011 and then abruptly retired on
Sept. 7, 2010. KU has since replaced him with a new athletic
director who makes roughly 10 percent of his predecessor.
An Aug. 10, 2011, court ling indicates that the U.S. attor-
neys ofce had collected only $81,025 from the ve individuals
convicted of conspiracy.
As Ben Franklin was quoted as saying, It takes many good
deeds to build a good reputation, and only one bad one to lose
it. It may be easier to recover the money than the damaged
reputation. Supporters of college athletics have asserted that the
KU ticket fraud represents a crime by employees and not a fail-
ure of college athletics. However, any enterprise that generates
millions and has so little internal control is inviting fraud.
Effective control of intercollegiate athletics will require
broader social and cultural changes that include good student
outcomes over a win-at-all costs mentality. Until that occurs,
anti-fraud professionals can best serve universities by helping
them ensure they receive the revenue they are entitled to for all
athletic events for advancing the institutions goals.
Herbert Snyder, Ph.D., CFE, is a professor of accounting in
the Accounting, Finance and Information Systems Department
at North Dakota State University in Fargo. His email address is:
herbert.snyder@ndsu.edu.
David OBryan, Ph.D., CPA, CFE, CMA, is a professor in the
Department of Accounting and Computer Information Systems in
the College of Business at Pittsburg (Kansas) State University. His
email address is: obryan@pittstate.edu.
FRAUD IN COLLEGIATE ATHLETICS
THE
Tell-Tale Signs
of
Deception
The Words Reveal
Suspects and witnesses often reveal more than they intend through their choices of
words. Here are ways to detect possible deception in written and oral statements.
By Paul M. Clikeman, Ph.D., CFE
January/February 2012 31
he manager of a fast food restaurant calls the po-
lice late at night to report that an armed robber
had entered the restaurant while the manager was alone
in the ofce nishing some paperwork. The manager said
the gunman had stolen the entire days cash receipts
a little more than $4,000. The manager had reported a
similar robbery at the restaurant about six months earlier.
No other witnesses were present at either alleged robbery.
The restaurant owner learns from police investigators that
armed robbery is extremely unusual in the surrounding
neighborhood. Also, the owner knows that the managers
wages have been garnished for the last year for nonpay-
ment of child support. The owner hires you, a CFE, to in-
vestigate whether the manager is ling false police reports
to cover his thefts. You begin your investigation by asking
the manager to write a description of the evenings events.
Detecting Anomalies
Linguistic text analysis involves studying the language,
grammar and syntax a subject uses to describe an event to
detect any anomalies. Experienced investigators are accus-
tomed to studying interview subjects nonverbal behavior,
such as eye contact and hand movement. Text analysis,
on the other hand, considers only the subjects verbal be-
havior. Because text analysis evaluates only the subjects
words, investigators can apply it to written as well as oral
statements. In fact, many investigators prefer to analyze
suspects written statements for signs of deception before
conducting face-to-face interviews.
Text analysis is based on research originating in the
1970s. Psychologists and linguists studied the language and
word choices of subjects in controlled experiments and
found predictable differences between truthful and decep-
tive statements. Susan Adams, an instructor who taught
text analysis (which she called statement analysis) at the
FBI Academy for many years, described it as a two-part
process (Statement Analysis: What Do Suspects Words
Really Reveal? FBI Law Enforcement Journal, October
1996). First, investigators determine what is typical of a
truthful statement. Secondly, they look for deviations from
the norm.
The following section describes deviations that sug-
gest a subject may be withholding, altering or fabricat-
ing information.
Ten Signs of Deception
1. Lack of self-reference
Truthful people make frequent use of the pronoun I to
describe their actions: I arrived home at 6:30. The phone
was ringing as I unlocked the front door, so I walked
straight to the kitchen to answer it. I talked to my mother
for 10 minutes before noticing that my TV and computer
were missing from the living room. This brief statement
contains the pronoun I four times in three sentences.
Deceptive people often use language that minimizes
references to themselves. One way to reduce self-referenc-
es is to describe events in the passive voice.
The safe was left unlocked rather than I left the safe
unlocked.
The shipment was authorized rather than I autho-
rized the shipment.
Another way to reduce self-references is to substitute
the pronoun you for I.
Question: Can you tell me about reconciling the
bank statement?
Answer: You know, you try to identify all the out-
standing checks and deposits in transit, but sometimes
when youre really busy you just post the differences to the
suspense account.
In oral statements and informal written statements,
deceptive witnesses sometimes simply omit self-referenc-
ing pronouns. Consider this statement by a husband who
claims his wife was killed accidently: I picked up the gun
to clean it. Moved it to the left hand to get the clean-
ing rod. Something bumped the trigger. The gun went off,
hitting my wife. The husband acknowledges in the rst
sentence that he picked up the gun. But the second sen-
tence is grammatically incomplete; I has been omitted
from the beginning of the sentence. In the third sentence,
something rather than I bumped the trigger. The state-
ment also contains few personal possessive pronouns. The
witness refers to the gun and the left hand where we
might expect my to be used.
2. Verb tense.
Truthful people usually describe historical events in the
past tense. Deceptive people sometimes refer to past
events as if the events were occurring in the present. De-
scribing past events using the present tense suggests that
people are rehearsing the events in their mind. Investiga-
tors should pay particular attention to points in a narra-
tive at which the speaker shifts to inappropriate present
tense usage. Consider the following statement made by an
employee claiming that a pouch containing $6,000 in cash
was stolen before she could deposit it at the bank (I have
emphasized certain words.):
After closing the store, I put the cash pouch in my
car and drove to the Olympia Bank building on Elm Street.
It was raining hard so I had to drive slowly. I entered the
parking lot and drove around back to the night depository
slot. When I stopped the car and rolled down my window,
T
32 Fraud-Magazine.com
a guy jumps out of the bushes and yells at me. I can see
he has a gun. He grabs the cash pouch and runs away.
The last I saw him he was headed south on Elm Street.
After he was gone, I called the police on my cell phone
and reported the theft.
The rst three sentences describe the employees
drive to the bank in the past tense. But the next three
sentences describe the alleged theft in the present
tense. An alert investigator might suspect that the
employee stole the days cash receipts, then drove to
the bank and called the police from the bank parking
lot to report a phony theft. (See another example in
Antics with Semantics on page 35.)
3. Answering questions with questions
Even liars prefer not to lie. Outright lies carry the risk
of detection. Before answering a question with a lie, a deceptive
person will usually try to avoid answering the question at all.
One common method of dodging questions is to respond with a
question of ones own. Investigators should be alert to responses
such as:
Why would I steal from my own brother?
Do I seem like the kind of person who would do something
like that?
Dont you think somebody would have to be pretty stupid to
remove cash from their own register drawer?
4. Equivocation
The subject avoids an interviewers questions by lling his or her
statements with expressions of uncertainty, weak modiers and
vague expressions. Investigators should watch for words such
as: think, guess, sort of, maybe, might, perhaps, approximately,
about, could. Vague statements and expressions of uncertainty al-
low a deceptive person leeway to modify his or her assertions at a
later date without directly contradicting the original statement.
Noncommittal verbs are: think, believe, guess, suppose, g-
ure, assume. Equivocating adjectives and adverbs are: sort of,
almost, mainly, perhaps, maybe, about. Vague qualiers are: you
might say, more or less.
5. Oaths
Although deceptive subjects attempt to give interviewers as lit-
tle useful information as possible, they try very hard to convince
interviewers that what they say is true. Deceptive subjects often use
mild oaths to try to make their statements sound more convincing.
Deceptive people are more likely than truthful people to sprinkle
their statements with expressions such as: I swear, on my honor,
as God is my witness, cross my heart. Truthful witnesses are more
condent that the facts will prove the veracity of their statements
and feel less need to back their statements with oaths.
6. Euphemisms
Many languages offer alternative terms for almost any action or
situation. Statements made by guilty parties often include mild
or vague words rather than their harsher, more explicit synonyms.
Euphemisms portray the subjects behavior in a more favorable
light and minimize any harm the subjects actions might have
caused. Investigators should look for euphemistic terms such
as: missing instead of stolen, borrowed instead of took,
bumped instead of hit, and warned instead of threatened.
7. Alluding to actions
People sometimes allude to actions without saying they actually
performed them. Consider the following statement from an em-
ployee who was questioned about the loss of some valuable data:
I try to back up my computer and put away my papers every
night before going home. Last Tuesday, I decided to copy my les
onto the network drive and started putting my papers in my desk
drawer. I also needed to lock the customer list in the ofce safe.
Did the employee back up her computer? Did she copy her les
onto the network drive? Did she put her papers in the desk draw-
er? Did she lock the customer list in the ofce safe? The employ-
ee alluded to all these actions without saying denitively that
she completed any of them. An attentive investigator should not
assume that subjects perform every action they allude to.
8. Lack of Detail
Truthful statements usually contain specic details, some of
which may not even be relevant to the question asked. This
happens because truthful subjects are retrieving events from
long-term memory, and our memories store dozens of facts about
each experience the new shoes we were wearing, the song
that was playing in the background, the woman at the next table
who reminded us of our third-grade teacher, the conversation
that was interrupted when the re alarm rang. At least some of
these details will show up in a truthful subjects statement.
Those who fabricate a story, however, tend to keep their
statements simple and brief. Few liars have sufcient imagination
10 TELL-TALE SIGNS OF DECEPTION

S
t
e
p
h
a
n

Z
a
b
e
l
/
i
S
t
o
c
k
p
h
o
t
o
January/February 2012 33
to make up detailed descriptions of c-
titious events. Plus, a deceptive person
wants to minimize the risk that an inves-
tigator will discover evidence contradict-
ing any aspect of his or her statement;
the fewer facts that might be proved
false, the better. Wendell Rudacille, the
author of Identifying Lies in Disguise
(Kendall/Hunt, 1994), refers to seeming-
ly inconsequential details as tangential
verbal data and considers their presence
to be prime indicators that subjects are
telling the truth.
9. Narrative balance
A narrative consists of three parts: pro-
logue, critical event and aftermath. The
prologue contains background informa-
tion and describes events that took place
before the critical event. The critical
event is the most important occurrence
in the narrative. The aftermath describes
what happened after the critical event. In
a complete and truthful narrative, the bal-
ance will be approximately 20 percent to
25 percent prologue, 40 percent to 60 per-
cent critical event and 25 percent to 35
percent aftermath. If one part of the narra-
tive is signicantly shorter than expected,
important information may have been
omitted. If one part of the narrative is
signicantly longer than expected, it may
be padded with false information. The fol-
lowing statement, led with an insurance
claim, is suspiciously out of balance:
I was driving east on Elm Street
at about 4:00 on Tuesday. I was on my
way home from the A&P supermarket.
The trafc light at the intersection of
Elm and Patterson was red, so I came to
a complete stop. After the light turned
green, I moved slowly into the intersec-
tion. All of a sudden, a car ran into me.
The other driver didnt stop, so I drove
home and called my insurance agent.
The subjects statement contains
four sentences of prologue, only one sen-
tence describing the critical event, and
only one sentence of aftermath. The
prologue contains a credible amount of
detail: the day and time of the accident,
the drivers destination, and the location
JUNE 17- 22, 2012
For more information or to register,
visit FraudConference.com.
ACFE Fraud
Conference
and Exhibition
23
rd
ANNUAL
ORLANDO, FL
Gaylord Palms Resort & Convention Center
Dont Miss 2012s Largest Anti-fraud Event.
Join forces with thousands of anti-fraud
professionals at the 23rd Annual ACFE Fraud
Conference and Exhibition in the ght against
fraud. You will address the challenges and
critical issues faced by anti-fraud professionals
during top-level educational sessions and
participate in unmatched networking
opportunities with the premier practitioners
and thought leaders from all over the world.
34 Fraud-Magazine.com
of the accident. But the description of the critical event (i.e.,
the alleged accident) is suspiciously brief. The claimant did not
describe the other vehicle, which direction it came from, how
fast it was going, whether the driver braked to try to avoid the
accident or how the two vehicles made contact.
The aftermath is also shorter than one would expect from a
complete and truthful account of a two-car accident. The claimant
does not say which direction the other vehicle went after leaving
the scene of the accident. He does not mention getting out of his
vehicle to inspect the damage nor does he say whether he spoke
to any people in the area who may have witnessed the accident. A
claims adjuster receiving such a statement would be wise to inves-
tigate whether the policyholder concocted a phony hit-and-run
story to collect for damages caused by the drivers negligence.
10. Mean Length of Utterance
The average number of words per sentence is called the mean
length of utterance (MLU). The MLU equals the total number
of words in a statement divided by the number of sentences:
Total number of words / Total number of sentences = MLU
Most people tend to speak in sentences of between 10 and
15 words (ACFE Self-Study CPE Course, Analyzing Written
Statements for Deception and Fraud, 2009). When people feel
anxious about an issue, they tend to speak in sentences that are
either signicantly longer or signicantly shorter than the norm.
Investigators should pay particular attention to sentences whose
length differs signicantly from the subjects MLU.
The Words Reveal
Complete and accurate descriptions of actual events are usually
stated in the past tense and tend to have a predictable balance of
prologue, critical event and aftermath. Truthful statements gener-
ally contain numerous self-referencing pronouns and include at
least a few seemingly inconsequential details. Truthful statements
rarely contain oaths, equivocation or euphemisms. Investigators
should apply extra scrutiny to written or oral statements that de-
viate from these norms. Suspects and witnesses often reveal more
than they intend through their choices of words.
Paul M. Clikeman, Ph.D., CFE, is an associate professor in the
Robins School of Business at the University of Richmond. His email
address is: pclikema@richmond.edu.
10 TELL-TALE SIGNS OF DECEPTION
NEW COURSE!
Using Data Analytics
to Detect Fraud
Using Data Analytics to Detect Fraud will introduce
students to the basics of using data analytics techniques to
uncover fraud. Taking a software-independent approach,
this one-day course provides attendees with numerous
data analytics tests that can be used to detect various
fraud schemes. Attendees will also discover how to
examine and interpret the results of those tests to identify
the red ags of fraud.
March 19, 2012
New York, NY
For more information or to register, visit ACFE.com/DataAnalytics.
This event is held in conjunction with
Investigating on the Internet, March 20-21, 2012.
CPE Credit: 8
Course Level: Basic
Prerequisite: None
January/February 2012 35
10 TELL-TALE SIGNS OF DECEPTION
t may happen that you inherit a case that someone else
opened. Besides nancial documents, all you have are the
written statements from witnesses and suspects. Can you tell
enough from words alone to detect evasion, lack of cooperation
and the intent to deceive? Yes, you can.
Semantics is a discipline concerned with the meaning of
words and the ways that words combine to form meanings in sen-
tences. The noun rock, for example, can indicate a stone or a
type of music. As a verb, to rock indicates the action of causing
something to rock (rock the cradle) or to rock oneself in a chair
(rocking on the front porch) or a form of party-time behavior (we
were rocking last night).
Anytime you interpret someones words during a conversa-
tion, or as part of your professional duties you are practicing
semantics. Here is one example of semantic analysis:
Use of Present Tense when Describing a Past Occurrence
Sometimes deceptive individuals display a reluctance to refer to
past events as past, particularly if the past event is the subject of
investigation. They refer to past events as if they were occurring in
the present. You should pay particular attention to those points in
the narrative at which the speaker shifts to this inappropriate pres-
ent tense usage, as in the following example.
How many times in this written statement does this person
switch to the present tense? What seems signicant about the
points at which the switch occurs?
On December 15, 2009, in the late afternoon hours, Don L.
Harrington, wife Wanda, and friends Amy Barr, Judy Partin and
Myself, Bob Boone, went to Taylors to pick up some layaway
items. We used two cars because there was some bulky merchan-
dise such as bicycles and a battery-operated car. Don had just
gotten his paycheck so instead of making a trip to the bank he
would pay the balance of the layaway with his check. Wanda
usually handles the nances, so she had Dons check in her purse.
So Wanda hands Don his check, which in turn he gives it to the
layaway clerk. The clerk look at the check and said that she
couldnt accept it but it was obvious that clerk was inexperienced,
because in fact it was the other clerk working in layaway that
told the clerk that she would have to check with the manager rst.
So the clerk takes the check over to the manager, and we all see
the manager shake her head no. By this time Don sees that he
cant use his check, which was a surprise to us because it was a
payroll check instead of a personal check. But instead of causing
chaos, Don decided to pay for it in cash, which Wanda had in her
purse. So Don asked her for the money, gave it to the clerk, the
clerk gave him the receipt, and we went to the back to pick up the
merchandise. In all the confusion, Don thought that Wanda had
the check, and Wanda thought that Don had it, and by this time
we had gotten to Dons house. So Don called ABC Company and
told the payroll dept. that his check was lost.
Bob Boone uses the present tense in three sentences:
So Wanda hands Don his check which in turn he gives it to
the layaway clerk.
So the clerk takes the check over to the manager, and we all
see the manager shake her head no.
By this time Don sees that he cant use his check, which
was a surprise to us because it was a payroll check instead of a
personal check.
It is remarkable that the switch to the present tense occurs at
key moments in the exchange: as the check is handed over, as the
manager refuses to accept the check and as Don becomes aware
he will not be able to use the payroll check. This indicates the
person is sensitive about those moments.
Often, people use the present tense for past events when they
are rehearsing the events in their mind. It is a device for keeping
things straight. Maybe the person is just being careful, or maybe
he is being deceptive.
As an investigator, you should note the switches to the present
tense, and the point of the narrative at which these occur. From
there, you will decide how to explore the issues further.
Excerpted and adapted from the ACFE Self-Study CPE
Course, Analyzing Written Statements for Deception and Fraud,
2009. This excerpt is by Don Rabon, CFE.
Further Reading
Analyzing Written Statements for Deception and Fraud,
ACFE Self-Study CPE Course, 2009 (ACFE.com/
products.aspx?id=2809).
Investigating Discourse Analysis, by Don Rabon, CFE
(Carolina Academic Press, 2003).
Identifying Lies in Disguise, by Wendell Rudacille
(Kendall/Hunt, 1994).
I Know You Are Lying, by Mark McClish (The Marpa
Group, 2001).
Statement Analysis: What Do Suspects Words Really
Reveal? by Susan H. Adams, FBI Law Enforcement
Journal (October 1996).
Antics with Semantics
I
36 Fraud-Magazine.com
SOMETIMES WE FIND FRAUDULENT ACTIVITY OCCURRING
IN THE MOST UNSUSPECTING PLACES. What started out
as a routine examination into a tip from an anonymous
call-center employee who was concerned with the large
number of suspicious credit card payments a few fellow
employees were processing, turned out to be the discovery
of a whole new area of call center fraud operating right
under the noses of management, compliance, internal au-
dit, quality assurance and even fraud committee members.
A call center environment can foster many credit
card processing scams. The most popular is for call cen-
ter agents to retain credit card account numbers, expira-
tion dates and security codes for themselves or to sell to
fraudsters. We also see this scam in restaurants and other
retail industries. Fortunately, in this case, the employee
who called the hotline supplied the locations and names
of the suspicious employees and claimed that the number
of payments they processed was far beyond the norm.
As an outside consultant, I rst had to become famil-
iar with the work of the business unit and the group in
which the suspected employees worked. That unit han-
dles inbound and outbound phone calls with customers
who are past due on delinquent accounts. The collectors,
who use dened call scripts, process payments through
a number of payment options for consumers, including
mailing payments, self-performed Internet payments,
check by phone, automatic account debit and, naturally,
credit card and debit card payments processed over the
phone. The company provides exceptional training ser-
vices for the employees and monitors their work so they
comply with company policies, procedures and applicable
federal, state and even some local statutes. An automated
account management system documents all work, and the
company records all phone calls.
Next, I zeroed in on the accused employees because
the tipster had not provided specic details of the al-
leged fraudulent conduct. I listened to call recordings,
reviewed the corresponding accounts associated with
calls and sat in on some blind monitoring of the col-
lectors live calls. Nothing seemed out of the ordinary.
The targeted collection representatives were very pro-
fessional, positive and helpful to consumers.
I expanded the investigation to several previous
months and increased the sampling of calls and ac-
counts. I reviewed consumer complaints containing
allegations of unauthorized charges to see if these col-
lectors had handled them. I still found no question-
able conduct. As a nal part of the examination, I in-
terviewed the entire business unit staff to uncover any
other employee suspicions of fraudulent activities. I im-
mediately saw that the group members were extremely
competitive, but management encouraged this through
bonuses and advancement to high achievers.
After six or eight interviews, I believed I discovered
the employee who led the anonymous report to the ho-
tline. She made remarks that those who know how to
work the system are the ones who make bonuses and ad-
vance, while those who play by the rules are stuck, live
paycheck to paycheck and are passed over for promotions.
She struck me as either a disgruntled employee or some-
one tired of seeing cheaters prosper. After a few additional
probing questions, I had what I needed to develop a theory
for what may be the most unsuspecting fraudulent activity
I have ever uncovered. I tore into the historical perfor-
mance measurements, metrics, reports and employee les
of the business unit. What I found was shocking.
Overachieving Fraud Wolves
in Sheeps Clothing
Targeting Top-Performing Employees Gaming the Bonus System
Follow this CFE consultant as he uncovers top collection reps at a business call center who inated their
performances for more money and job advancement. Lesson? Do not always follow the money.
By Jeffrey Horner, CFE, CRCMP
January/February 2012 37
My interviews with the business units
management and review of historical docu-
mentation showed clearly that the top col-
lection representatives processed over the
phone as much as two to three times the
number of credit card and debit card pay-
ments as the average collector. Incentives for
the number of credit card payments allowed
representatives to earn bonuses.
After I traced the payments to the ac-
counts, I noticed that some collection rep-
resentatives would set up customers on pay-
ment plans to charge their credit cards once
or even twice a week, instead of the typical
payment plan for once every two weeks or
monthly. The total amount the customer
paid was the same, but it was broken down
into smaller amounts and processed regu-
larly to increase the number of payments
per week. Ironically, these top-performing
employees appeared to be the most talented,
dedicated, hardest-working phone represen-
tatives in the business unit.
As I reviewed the employment records
and performance reviews of the current and former supervisors
and managers of the business unit, I found it crystal clear that
they had all worked their way up in similar fashion. They rou-
tinely outscored their peers at the performance metrics. I ex-
panded my investigative analysis to other call center business
units and found the same conduct.
DRIVING EMPLOYEES TO CHEAT
Much has been written, preached and practiced in the area of em-
ployee motivation, especially for those directly interacting with
customers. Management drives them to shatter sales and service
records, surpass customer satisfaction standards, hit key perfor-
mance indicators, out-hustle the competition and nd ways to
do more with less. We set goals and budgets, apply performance
metrics, and offer various bonuses and creative incentives.
Organizations monitor and evaluate employee performance,
and top achievers climb up corporate ladders. If you are passed
over too many times you are branded as stale, and you may lose
all hope to advance. Those who earn promotions then study the
playing elds and develop their strategies to move up the next
rungs of corporate ladders.
Capitalism through competition. So what is there to worry
about? Plenty. Let us take a deeper look into this activity.
Typically, CFEs, internal auditors, external auditors, and
risk and compliance managers will search for fraudulent em-
ployee activity by focusing on employee theft, embezzlement,
expense account fraud, larceny, fraudulent check writing or
cashing, vendor contracts and countless other schemes. They
follow the money and focus on nancial transactions and report-
ing as sources for discovery. But signicant fraudulent employee
activity can be occurring in the open, and we fail to recognize it
or the severity of the risks and potential losses.
We are familiar with criminologist Dr. Donald R. Cresseys
fraud triangle that denes fraud as the convergence of three
factors to set the climate for fraud: pressure, opportunity and
rationalization. CFEs are trained to focus their sights on the
business resources, processes, procedures, employee activities
and personnel to detect the potential for, and existence of, the
fraud triangle factors. Nevertheless, many fraud examiners do
not recognize the existence of these factors in the out-in-the-
open business environment because we are diligently sleuthing
for the not-so-obvious, hidden schemes buried deep in the orga-
nization. Is it possible that fraudulent activity is fully accepted
and expected? If so, where, and how do we identify it?
THE NUMBERS CAN LIE
In this case, the use of data was essential to steer the investi-
gation in the proper direction. Looking at the total payment
processed by the representatives in the group in Figure 1 (on
page 38), we see no signicant variance. In fact, the highest pro-
ducers of total payments are reps 112 and 117. However, drilling
into the number of debit card and credit card payments pro-
cessed quickly reveals a statistical anomaly. Reps 114 and 118
clearly processed a disproportionately higher number of these
payments than the others in the group. Because the company
incents reps with bonuses and awards to obtain these payments,
Reps 114 and 118 benetted.
This information caused us to review the details of payments
and customer accounts. We were alarmed to see that these reps
were breaking policy by processing payments as often as two
times per week on the same customer account to articially in-
ate the number of payments and earn bonuses. The consumers
agreed to this practice when the reps told them it was necessary
Juan Darien/iStockphoto
38 Fraud-Magazine.com
to keep activity occurring on their accounts so
no additional collection action was taken.
In another group, we found that manage-
ment was looking at a standard call center Key
Performance Indicator (KPI) to identify any em-
ployee that may not be in line with performance
standards. Figure 2 below shows that the average
handle time seems consistent across all employ-
ees. However, upon closer examination, we no-
tice that Reps 223 and 226 have extremely short
rst contact and inbound call times.
We decided to monitor calls and found that
these reps would not thoroughly and adequately
address customers questions, disputes or requests
for documentation, as required by company pol-
icy. They were cutting corners to handle more
calls. You will not be surprised to learn that the
monthly incentives in the group were based on
the average number of calls handled per day. By
cutting these calls short and telling customers
that someone would get back to them on their
issues or concerns, they were able to make more
calls than other reps.
RISK AND COMPLIANCE
According to The Committee of Sponsoring
Organizations of the Treadway Commission
(COSO), Everyone in an organization has re-
sponsibility for internal control. (http://tinyurl.
com/4y24k9n) It starts with the CEO, who
should ultimately assume ownership of the
system, COSO states. However, management
devises goals, targets, budgets and service stan-
dards and drives them to the production level. A
close examination of the conduct and behavior
at that level may reveal potential fraudulent ac-
tivity that standard business processes and pro-
cedures have cloaked.
We know that certain areas are ripe for em-
ployee fraud, such as expense accounts, com-
mission reports and vendor contracts. But does the denition
of fraud and Cresseys fraud triangle apply to activity and con-
duct related to employee performance metrics? We can build
the case that it does.
Employees, supervisors or managers who intentionally in-
ate performance metrics in daily job duties, or omit negative
information or activities, meet the rst part of the denition for
fraud. But what about the requirement for a victim suffering loss
by these actions? Again, the victim here is the employer organiza-
tion through the receipt of invalid performance metrics, delivery
and data, or the absence of these values from negative data that
could be used to improve the organization and its outcomes.
And nally, does the perpetrating employee receive gain?
This is where we make a critical mistake and overlook the ob-
vious. Up to this point, we are dismissing these acts and omis-
sions by employees as harmless, just seeking to look good to the
boss, avoid the consequences of missteps or failure, earn that
bonus or climb the ladder in the organization. Employees who
are evaluated by performance measurements, metrics, data,
etc. who manipulate these values are in essence causing their
performances to appear to be better/higher/more valuable to
OVERACHIEVING FRAUD WOLVES IN SHEEPS CLOTHING
0
20
40
60
80
100
120
140
160
Total
Debit Card
Credit Card
Rep 118 Rep 117 Rep 116 Rep 115 Rep 114 Rep 113 Rep 112 Rep 111
Figure 1: Employee Performance Anomoly
25
31
21
46
22
18
32
55
23
29
18
39
28
20
31
44
125
135
115
129
113
125
134
129
N
u
m
b
e
r

o
f

P
a
y
m
e
n
t
s

P
r
o
c
e
s
s
e
d
Representative
0:00
1:37
2:74
4:12
5:49
6:86
8:24
Average
Inbound
2nd Contact
1st Contact
Rep 229 Rep 228 Rep 227 Rep 226 Rep 225 Rep 224 Rep 223 Rep 222
Figure 2: Employee Performance Anomoly
6
:
2
6
2
:
4
1
7
:
0
2
6
:
3
2
3
:
0
7
6
:
1
2
6
:
2
1
6
:
5
4
3
:
3
5
1
:
4
1
3
:
4
84
:
0
4
2
:
1
2
3
:
5
74
:
0
8
3
:
5
9
3
:
5
8
3
:
5
9
3
:
5
5
4
:
1
1
3
:
5
5
4
:
2
1
4
:
1
1
4
:
3
1
3
:
5
7
3
:
1
2
4
:
1
9
4
:
2
5
3
:
2
6
4
:
2
8
4
:
2
8
4
:
3
8
C
a
l
l

H
a
n
d
l
e

T
i
m
e

(
m
i
n
:
s
e
c
)
Representative
Figure 1
Figure 2
January/February 2012 39
the organization than they would actually be otherwise. What
is the motivation? Clearly, for those who are compensated by
commission and bonuses the answer is obvious: money. But job
retention or advancement also constitutes personal gain.
The totality of the denition has been met in the descrip-
tion of employees who purposefully skew performance metrics.
It is not hard for frontline employees to cut corners, force orders,
shorten calls, bury complaints, etc., day after day to put up some
impressive numbers.
This environment is ripe with employee incentive/pres-
sure. The opportunity is present for front-liners to manipulate
the input, statistics, calls, paperwork and other job functions.
And rationalization is a personal psychological characteristic
that has been found to be present in 40 percent of employees,
according to Managing the Business Risk of Fraud: A Practical
Guide. And according to Freud, rationalization is a defensive
mechanism that seeks to offer acceptable reasons to others, or
ourselves, for unacceptable behavior. As stated by ACFE found-
er and Chairman, Dr. Joseph T. Wells, CFE, CPA, in his Corpo-
rate Fraud Handbook, For the purpose of detecting and deter-
ring occupational fraud, it does not matter whether employees
are actually justied, but whether they perceive that they are.
Now that we have seen that frontline employee conduct
may be an undetected area primed for fraud, we need to assess
the risk to the enterprise. According to the International As-
sociation of Risk and Compliance Management Professionals,
the risk and harm sustained by an organization are not limited to
the losses from employees who work the system to advance and
earn more money. Risk, cost and liability from damage to cus-
tomer goodwill, brand and exposure to regulatory actions may
be signicant once the missteps are revealed. When company
management is unable to obtain valid data from operations, the
impact can be devastating.
HELP THE COMPANY HELP THEMSELVES
The environments most susceptible to transparent frontline
fraud are those you would not normally suspect: service centers
within the enterprise with high-volume, measurable workload
functions. These include call center operations, inside order
processing, lead generation, online agent help desks, billing
and collection, telemarketing, mail processing, customer service
centers and back-ofce operations.
Once you recognize conduct as potentially fraudulent and
know where to focus efforts to discover the activity, you must ex-
amine what can be done to mitigate that risk. Often, process and
compliance reviews originate inside the same departments that
breed the culture of fudging the numbers. You must address it,
or it will continue. Because pressure from management to hit
the numbers will always be a source of temptation for all to look
the other way, the answer is to expand our reach to areas of the
enterprise that possess the resources and skill sets necessary for
independent examination.
In our case, once we showed executives the data for em-
ployee performance anomalies, management culture and per-
formance-based compensation and advancement history, it was
clear that change was required. After we developed and imple-
mented training programs to expose and address the conduct
as fraudulent behavior, we devised measurements and reporting
to display such activity to serve as deterrents. In a short period
of time, performance metrics reected true and clean data for
employee call statistics. With this information, we were able to
accurately identify problem employees and quash the culture
of working the system for bonuses and advancement. In just
three months we gained a 14 percent increase in KPIs and cus-
tomer satisfaction ratings! Only employees playing by the rules
earn bonuses for the right reasons.
Clearly the solutions are very simple, and if you take one
thing away from this article, this is it: The targets, goals, incen-
tives and bonuses are not the problem. We must focus investi-
gative principles and techniques on performance anomalies be-
cause they are ripe for frontline, transparent fraudulent activity.
It is critical that we segment employee production by tenure,
skill and past achievement variances.
A business environment probably already has all the neces-
sary tools, resources and historical data to assess the accuracy,
or lack thereof, of job performances at any level. Management
will need to develop controls, checks and balances, monitoring,
reporting, ethics training, employee hotlines and preventative
measures to reduce the risk for fraud.
We may nip and tuck around the edges to modify behavior,
and still the crafty employees nd ways to hit their numbers
and get the prizes. If we are not diligent in reviewing, reconcil-
ing and building operations-oriented analysis tools to identify
performance anomalies and investigate them unrecog-
nized fraudulent activity will occur before our eyes.
Jeffrey Horner, CFE, CRCMP, is chief development ofcer and
senior vice president of the Government Services Division of UCB
Inc. His email address is: jwhorner@ucbinc.com.
OVERACHIEVING FRAUD WOLVES IN SHEEPS CLOTHING
Risk, cost and liability from damage to customer goodwill, brand and exposure
to regulatory actions may be signicant once the missteps are revealed.
Data Breaches, a 3-Part Series
BREAKING BREACH
SECRECY, Part 3
BY ROBERT E. HOLTFRETER, PH.D., CFE, CICA; AND ADRIAN HARRINGTON
PN_Photo/iStockphoto
41
here are data breaches and then there
are data breaches. Hold on as we look
at two enormous cases reported by the
Privacy Rights Clearinghouse (PRCH)
in its Chronology of Data Breaches.
Even though the number of records compromised
in these two cases is atypical, it does illustrate the
problems consumers face when their personal data
is not protected by organizations that use it.
On Jan. 20, 2009, Visa and MasterCard
alerted Heartland Payment Systems, a credit and
debit card processor, of suspicious activity related
to card transactions. After the company inves-
tigated, it found evidence of malicious software
that compromised data on more than 130 million
cards. The incident may have been the result of a
global cyberfraud operation.
On June 16, 2005, hackers inltrated the net-
work of CardSystems a third-party processor of
payment card transactions and exposed names,
card numbers and card security codes of more
than 40 million card accounts, including 68,000
Mastercard accounts, 100,000 Visa accounts and
30,000 accounts from other card brands. On Feb.
26, 2006, CardSystems agreed to settle charges
with the Federal Trade Commission that it failed
to have in place the proper security measures to
protect sensitive personal information. CardSys-
tems notied affected consumers and offered them
one year of credit monitoring services.
Data breaches that lead to identity theft
have affected the lives of individual consumers,
businesses, nonprot organizations and govern-
ments at all levels throughout the world, espe-
cially in the past decade. Security companies are
constantly working to develop better products for
individuals and organizations to protect personal
information. Many organized cybercriminals work
as successful prot-making businesses, constantly
developing new fraudulent schemes to look for
system weaknesses and collect personal identi-
able information (PII).
However, as our new report and analysis in
this article show, it is not just blatant hacker ef-
forts that cause data breaches. Organizations and
individuals who do a horrible job protecting per-
sonal data, of course, create conditions that lead
to the majority of data breaches.
TRACKING THE PESKY BREACHES
Though not all organizations report data breaches
publicly, at least three independent groups track
and analyze breaches and publish them in reports:
the Privacy Rights Clearinghouse (PRCH), Veri-
zon and the Identity Theft Resource Center

.
Privacy Rights Clearinghouse
PRCH describes itself as a nonprot consumer edu-
cation and advocacy project whose purpose is to ad-
vocate for consumers privacy rights in public policy
proceedings. From Jan. 1, 2005, through press time,
it has tracked, analyzed and classied 2,752 data
breaches and more than 542 million compromised
records for inclusion in its Chronology of Data
Breaches, which is updated daily (www.privacy-
rights.org/data-breach) from these sources:
The Open Security Foundations DATALOSSdb.
(www.datalossdb.org)
Databreaches.net, a spinoff from www.PogoWas-
Right.org, has compiled a wide range of breach
reports since January 2009.
Personal Health Information Privacy (www.
phiprivacy.net/), afliated with Databreaches.
net, is a database that compiles only medical
data breaches. Many of these are obtained from
Analysis Shows Entities Lack Strong
Data Protection Programs
The authors analysis of data-breach statistics shows that organizations
poorly protect personal data. Possible solution: U.S. federal rules for
guidance in developing comprehensive data protection programs.
42 Fraud-Magazine.com
the U.S. Department of Health and Human Services medical
data breach list.
National Association for Information Destruction Inc. (www.
naidonline.org) provides monthly newsletters that include a
number of data breaches largely resulting from improper docu-
ment destruction.
The PRCH classies data breaches as:
Unintended disclosure: sensitive information posted publicly
on a website, mishandled or sent to the wrong party via email,
fax or mail.
Hacking or malware: electronic entry by an outside party.
Payment card fraud: fraud involving debit and credit cards
that is not accomplished via hacking. For example, skimming
devices at point-of-service terminals.
Insider: someone with legitimate access such as an employee
or contractor intentionally breaches information.
Physical loss: lost, discarded or stolen non-electronic records,
such as paper documents.
Portable device: lost, discarded or stolen laptops, PDAs,
smartphones, portable memory devices, CDs, hard drives,
data tapes, etc.
Stationary device: Lost, discarded or stolen stationary electronic
devices such as a computer or server not designed for mobility.
Unknown.
Verizon Business
For the past six years, the Verizon Business Risk Team, in con-
junction with the U.S. Secret Service (since 2009) and the
Dutch National High Tech Crime Unit (starting in 2010), has
prepared the annual Data Breach Investigations Report (http://
tinyurl.com/3votjlj) based on its analysis of more than 900 data
breaches representing more than 900 million compromised re-
cords. The Verizon study classies the breach types as from ex-
ternal agents, insiders, business partners and multiple parties.

Identit y Theft Resource Center

The Identity Theft Resource Center

(ITRC) (www.idtheft-
center.org) describes itself as a nonprot, nationally respected
organization dedicated exclusively to the understanding and
prevention of identity theft.
The ITRC list is a compilation of data breaches conrmed
by various media sources and/or notication lists from state
governmental agencies. The group updates the list weekly. To
qualify for the list, breaches must include PII that could lead
to identity theft, especially SSNs. Since Jan. 1, 2005, and up
to press time, the ITRC has tracked and analyzed 2,852 data
breaches and more than 496 million compromised records.
The ITRC classies its types of data breaches as from: data
on the move, accidental exposure, insider theft, subcontractors
and hacking.
These organizations use differing methodologies to select
and classify data breaches, which allow us to view the data from
different perspectives. Data breaches are not all alike, accord-
ing to the ITRC. Security breaches can be broken down into a
number of categories. What they all have in common is that they
usually contain personal identifying information in a format eas-
ily read by thieves, in other words, not encrypted. That is true,
but a lot of personal information included in data breaches is
encrypted. If organizations use the 56bit Data Encryption Stan-
dard rather than the 128-bit Advanced Encryption Standard,
then hackers can normally break key codes and return encrypted
data to plain text so they can use it for identity theft.
HOLTFRETER/HARRINGTON DATA BREACH ANALYSIS REPORT
We decided we wanted to compile a data breach report for the
public and anti-fraud professionals using a different classica-
tion system to provide additional breadth and depth.
Methodology
We analyzed 2,278 data breaches and 512,289,000 compromised
records reported by the PRCH for a six-year period of 2005
through 2010 Jan. 1, 2005 through Dec. 31, 2010. (Beth
Givens, PRCHs director, granted us permission to use its data.)
We developed our classication system by conducting an
analysis of a large sample of 300 data breaches to initially clas-
sify each of them into three broad categories: internal, external
and non-traceable. We used this initial broad approach because
data breaches and related comprehensive data protection legis-
lation are typically viewed by the public and identity theft ex-
perts from an internal/external perspective. Internal and exter-
nal data breaches are dened, simply, as those originating from
within or outside an organization, respectively.
In the second phase of our analysis we examined all the
sampled breaches included in the internal and external catego-
ries to look for useful patterns for determining specic subtypes.
BREAKING BREACH SECRECY
Gualtiero Bof/iStockphoto
Te ACFE Career Center
More than just a Job Board.
The ACFE Career Center has resources and advice for
anti-fraud professionals at every stage of their career, from
entering the workforce to mentoring the next generation.
Even if youre currently employed, the Career Center can
help you chart your path with:
Career advice from HR experts, hiring managers,
self-employed fraud examiners and more.
Proles of ACFE members who share how they charted their
career path, what worked and what didnt.
Valuable web resources including checklists, articles and
career-planning tools.
The ACFE Job Board, where job seekers go to nd job
postings targeted to their skill set.
Dont forget to check out job listings and network with
colleagues on the ACFE LinkedIn group.
Invest in your career. Visit the ACFE Career Center at ACFE.com/Career.
44 Fraud-Magazine.com
We then completed the classication process by placing all
2,278 data breaches for the six-year period into the following
subtype categories, which we dened and used for the analysis:
IIPD: Internal improper protection or disposal of data:
For example, on Sept. 4, 2007, the University of South Caro-
lina exposed online a number of les containing Social Security
numbers, test scores and course grades.
ITF: Internal theft of data by a current or former em-
ployee with absolute or high probability of fraudulent intent:
For example, on Feb. 5, 2009, a Mooresville, N.C., dry cleaner
skipped town with her clients credit card numbers.
ITNF: Internal theft of data by a current or former
employee with low or no probability of fraudulent intent:
For example, on April 27, 2007, an employee at the Caterpillar
Corporation stole a laptop computer containing personal data of
employees, including SSNs, banking information and addresses.
IH: Internal hacking or unauthorized intrusion of
a network by a current/former employee: For example, on
March 21, 2010, a 21-year-old former Evergreen Public School
employee Vancouver, Wash., pulled off a computerized payroll
security breach that put more than 5,000 current and former
Vancouver district school employees at risk for identity theft.
IL: Internal loss of data: For example, on Oct. 15, 2009,
the Virginia Department of Education reported that a ash drive
containing 103,000 student names, SSNs, and employment and
demographic data was misplaced.
XP: External partner/third-party theft or loss of data
by improper exposure or disposal: For example, on April 27,
2007, the Long Island Railroad reported that, while in transit,
its delivery contractor, Iron Mountain, lost data tapes contain-
ing names, addresses, SSNs and salary gures of virtually all the
employees who worked for the company.
XTF: External theft of data by a non-employee with ab-
solute or high probability of fraudulent intent: For example, on
Feb. 2, 2009, a school volunteer at the Irving Independent School
District in Texas, stole information including SSNs and birth
dates of school employees and tried to buy tires at a local Sears
store after opening up a line of credit using the name of one of the
school teachers. A suspicious, alert employee called the police.
XTNF: External theft of data by a non-employee with
low or no probability of fraudulent intent: For example, on
Aug. 1, 2009, Williams Companies Inc., in Tulsa, Okla., report-
ed that a laptop containing personal information of 4,400 cur-
rent and former employees was stolen from a workers car.
XH: External hacking or unauthorized intrusion of
network by a non-employee: For example, on June 23, 2010,
Anthem Blue Cross WellPoint of California reported that
hackers may have compromised customers personal informa-
tion after gaining access to the companys web-based tool for
tracking pending insurance applications.
NA: Non-traceable unable to determine as internal or
external: For example, on June 22, 2009, numerous folders con-
taining medical records and SSNs from Baptist Medical Center
were found in a landll.
Results? Entities Have Some Explaining to Do
Bear with us on the detailed results. Getting through these sta-
tistics will pay off. Figure 1, Record Breach Sum (above), shows
the percentage of the 581,289,000 compromised records for the
six-year period. As shown, approximately 13 percent were traced
to the internal category, 86 percent to external and 1 percent
to non-traceable. Most individuals believe that the majority of
compromised records and related breaches are externally driven
an opinion probably shaped by media outlets, which tend
to focus their reporting on data breaches of large organizations.
Figure 2, Record Breach Types (above), shows the percent-
ages of the total compromised records traced to each of the
ve internal (IIPD, ITF, ITNF, IH, IL), four external (XP, XTF,
XTNF, XH) and non-traceable (NA) subtype categories.
In the internal subtype categories, IIPD or the improper
protection or disposal of data, accounted for approximately 3
percent of the total compromised records; ITF or theft of data
by a current or former employee with absolute or high prob-
ability of fraudulent intent, accounted for about 6 percent; IH
or hacking or unauthorized intrusion of network by a current/
former employee, was about 1 percent; IL or loss of data, was
about 4 percent, and ITNF or theft of data by an employee
with low or no probability of fraudulent intent theft, was about
BREAKING BREACH SECRECY
1%
Non-traceable
86%
External Sum
13%
Internal Sum
Figure 1: Record Breach Sum
2%
External-XTF
0%: Internal-IH
0%: Internal-ITNF
0%: Non-traceable
59%
External-XH
18%
External-XP
8%
External-XTNF
6%
Internal-ITF
4%
Internal-IL
3%
Internal-IIPD
Figure 2: Record Breach Types
January/February 2012 45
1 percent. There is no dominant internal breach type, but this
is somewhat expected because the total compromised records
in this area accounted for only 13 percent of the overall total
compromised records.
In the external subtype categories, XP or partner/third party
theft or loss of data by improper exposure or disposal, accounted
for approximately 18 percent of the total compromised records;
XTF or theft of data by a non-employee with absolute or high
probability of fraudulent intent, accounted for about 2 percent;
XH or hacking or unauthorized intrusion of network by a non-
employee, was about 59 percent; XTNF or theft of data by a
nonemployee with low or no probability of fraudulent intent,
was 8 percent, and NA or non-traceable unable to trace to
internal or external, accounted for approximately 3 percent.
External hackers caused most of the compromised records,
which is expected because they get more bang for the buck by
gaining access to more data when inltrating the networks of
larger organizations. But another serious problem exists with
some partners and third-party contractors who seem to be ir-
responsible when entrusted with the data of other organizations.
Figure 3, Case Breach Sum (above), shows the percent-
ages of data breaches for the general internal, external and
non-traceable categories. Of the 2,278 data breaches, internal
accounted for 39 percent, external for 56 percent and 5 percent
for non-traceable. These results are quite different when com-
pared to the number of compromised records for internal, ex-
ternal and non-traceable categories, which were noted above at
13 percent, 86 percent and 1 percent, respectively. This strongly
indicates that the external hackers are getting access to more
records per breach than those stealing internal records.
Figure 4, Case Breach Types (left), shows the percentage of
the 2,278 data breaches for the ve internal (IIPD, ITF, ITNF,
IH, IL), four external (XP, XTF, XTNF, XH) and non-traceable
(NA) subtype categories. For internal, XP or the improper pro-
tection or disposal of data, accounted for approximately 24 per-
cent; XTF or theft of data by a current or former employee with
absolute or high probability of fraudulent intent, accounted for
about 8 percent; XH or hacking i.e. unauthorized intrusion of
network by current or former employee, was about 1 percent;
XL or loss of data was 7 percent, and XTNF or theft of data
by a current or non-current employee with low or no probability
of fraudulent intent, was about 1 percent.
Improper protection or disposal of data dominates this sub-
category, which again shows that some organizations need to
tighten up their controls.
In the external subtype categories, IIPD or partner/third
party theft or loss of data by improper exposure or disclosure,
accounted for approximately 7 percent of the total data breaches;
XTF or theft of data by a non-employee with absolute or high
probability of fraudulent intent, accounted for about 6 percent;
XH or hacking or unauthorized intrusion of network by a non-
employee, was about 18 percent; XTNF or theft of data by a
non-employee with low or no probability of fraudulent intent,
was 24 percent, and NA or non-traceable unable to determine
as internal or external, accounted for approximately 5 percent.
The pattern that exists among the total compromised re-
cords and data breaches for the general internal, external and
non-traceable categories seems to be true for the subtypes. For
internal types, NC or the improper protection or disposal of re-
cords, accounted for about 24 percent of the total breaches but
3 percent of the total compromised records. XTF, or the theft of
data by a current or non-employee with absolute or high prob-
ability of fraudulent intent, accounted for about 8 percent of
the data breaches and about 6 percent of the compromised re-
cords. In addition, the subtype IL, or the internal loss of data,
accounted for about 5 percent of the total data breaches but only
4 percent of the total compromised records.
The above results are similar for the external subtypes. For
example, XP, or the partner/third party loss of data by improper
exposure or disposal, accounts for about 18 percent of the to-
tal compromised records but only 7 percent of the total data
breaches. XH, or hacking or unauthorized intrusion of network
by a non-employee, accounts for 18 percent of the data breach-
es but a whopping 59 percent of the total compromised records.
XTF, or the theft of data by a non-employee with absolute or
high probability of fraudulent intent, accounted for nearly 6
BREAKING BREACH SECRECY
5%
Non-traceable
56%
External Sum
39%
Internal Sum
Figure 3: Case Breach Sum
2%
Internal-IH
5%
Non-traceable
0%: Internal-ITNF
24%
External-XTNF
24%
Internal-IIPD
18%
External-XH
8%
Internal-ITF
7%
External-XTF
7%
External-XP
5%
Internal-IL
Figure 4: Case Breach Types
ACFE BOOKS AND MANUALS
Fraud Fighter: My Fables and Foibles
By Dr. Joseph T. Wells, CFE, CPA
At a period when dishonesty at top U.S. companies is
dominating public attention, Fraud Fighter: My Fables
and Foibles is a surprisingly frank and gripping mem-
oir from an unsurprisingly effective fraud ghter. This
autobiography forms a full tapestry of a life, displaying
wit, intrigue, trepidation, regret and nally, victory (342
pages).

$25 Members / $39 Non-Members
Visit ACFE.com/FraudFighter for more details.

Internet Fraud Casebook (Audio CD Set)
This popular ACFE casebook is now available in a con-
venient audio CD set. Featuring 13 CDs with more than
10 hours of captivating fraud cases, the Internet Fraud
Casebook CD set allows you to listen to the war sto-
ries of more than 40 fraud examiners and learn from
their real-life investigations. Each case study walks
through the investigation step-by-step, presenting les-
sons learned and recommendations for preventing fu-
ture occurrences of fraud.
To download a sample chapter, visit ACFE.com/
FraudCD.

$59 Members / $79 Non-Members

NEW!
Corporate Fraud Handbook:
Prevention and Detection, Third Edition
By Dr. Joseph T. Wells, CFE, CPA
Fraud continues to be a serious and costly problem
for businesses. Now in its third edition, the Corporate
Fraud Handbook, written by the founder and Chairman
of the ACFE, is lled with real-world cases and statis-
tics on the various types of fraud and their real cost to
organizations.
It reveals the incredibly creative fraud schemes used by
employees, owners, managers and executives to de-
fraud their companies. Auditors, fraud examiners and
criminal investigators will discover how to spot the red
ags of fraud and prevent it from happening in the rst
place (456 pages).
$49 Members / $75 Non-Members
Social Engineering: The Art of Human
Hacking
By Christopher Hadnagy and Paul Wilson
From elicitation and pretexting to inuence and manipu-
lation, all aspects of social engineering are picked apart,
discussed and explained by using real world examples,
personal experience and the science behind them to un-
ravel the mystery of social engineering. This indispens-
able book examines a variety of maneuvers that are
aimed at deceiving unsuspecting victims, while it also
addresses ways to prevent social engineering threats
(408 pages).

$24 Members / $35 Non-Members
NEW!
A Guide to Forensic Accounting
Investigation, Second Edition
By Steven Skalak; Thomas Golden, CFE, CPA;
Mona Clayton, CFE, CPA; Jessica Pill
Recent catastrophic business failures have caused
some to rethink the value of the audit, with many de-
manding that auditors take more responsibility for fraud
detection. This book provides new coverage on the
latest PCAOB Auditing Standards, the Foreign Corrupt
Practices Act and on options fraud, as well as on fraud
in China and its implications. This book equips auditors
with the necessary practical aids, case examples and
skills for identifying situations that call for extended
fraud detection procedures (622 pages).
$129 Members / $175 Non-Members
NEW!
The Fraud Audit: Responding to the
Risk of Fraud in Core Business Systems
CBy Leonard W. Vona, CFE, CPA
The 2010 Report to the Nations found that the typical
organization loses 5 percent of its annual revenue to
fraud and abuse. Discover fraud within your business
before yours becomes another fraud statistic. The Fraud
Audit provides a proven fraud methodology that allows
auditors to discover fraud versus investigating it (378
pages).

$54 Members / $75 Non-Members
ACFE.com/Shop
(800) 245-3321 / +1 (512) 478-9000
CFE Exam Prep Course | Books and Manuals | Self-Study CPE | Software | Merchandise | Toolkits
Ordering is Easy!
Course
Formats
CD DVD Online Workbook
NEW!
NEW!
NEW!
NEW!
NEW!
NEW!
E-Workbook
Interviewing and Interrogation Toolkit
Unfortunately, Interviewing Techniques 101 is not a course most of
us took in school. As a fraud examiner, however, you are challenged
with the task of interviewing on a regular basis. This toolkit includes
four resources to help you improve your interviewing skills and ensure
you become a more effective interviewer:

Finding the Truth: Effective Techniques for Interview and
Communication (20 CPE Credits)
Fraud-Related Interviewing
Interviewing and Interrogation, Second Edition
Report Writing Manual
Regular Price: $254 Members / $270 Non-Members
Bundle Price: $179 Members / $229 Non-Members
NEW!
FCPA Investigations: Combating
Corruption in International Business
(Online Self-Study)
Course Level: Intermediate
Prerequisite: None
FCPA Investigations: Combating Corruption in International Business
provides you with important information to help you, your company
and its employees avoid adverse consequences and combat bribery
in international business. This course offers an overview of the FCPA,
discusses how you should respond to evidence of corruption, presents
a roadmap that will help you conduct investigations of suspected cor-
ruption and discusses how to conclude an investigation.

NEW!
Fraud Risk Management
Course Level: Intermediate
Prerequisite: None
The eld of risk management has attracted in-
creased attention in the wake of the economic
meltdown as the public comprehends the negative effects of uncon-
tained risk. This course explains why managing fraud risk is important for
organizations and the steps to develop an effective fraud risk manage-
ment program.
Highlights Include:
The business case for managing fraud risk
Objectives of a fraud risk management program
The components of a fraud risk management program
A discussion of COSO and other risk management frameworks
BEST SELLER!
Making Crime Pay: How to
Locate Hidden Assets
Course Level: Basic
Prerequisite: None
Every anti-fraud professional needs the tools to
pursue an investigation that involves a search for
concealed assets. This course gives you insight
on how to locate hidden assets and how to iden-
tify and trace hidden payments and sources of
income. Hear from fraudsters about how to hide
assets and from anti-fraud experts on how to nd
them.
NEW!
Ethical Issues for Fraud
Examiners (Online Self-Study)
CPE Credit: 2
Course Level: Basic
Prerequisite: None
Ethical Issues for Fraud Examiners will help you understand what con-
stitutes an ethical dilemma and develop an awareness of ethical is-
sues faced by fraud examiners. The course also presents six ctional
scenarios that illustrate potential ethical situations that pertain to fraud
examinations. The purpose of these scenarios is not to provide you
with solutions, but rather to familiarize you with some types of ethical
dilemmas that might arise in a fraud examination.
NEW!
Inside the Fraudsters Mind
(Fullls 2 hours ethics CPE requirement)
CPE Credit: 8 (Fullls 2 hours of required Ethics CPE)
Course Level: Basic
Prerequisite: None
Understanding the thoughts and feelings of a
fraudster can provide valuable insight to enhance
an organizations anti-fraud efforts. This course
will explore psychological information that is key
to the successful development of a fraud preven-
tion and detection program. In the accompanying
training video you will hear ten convicted fraudsters explain directly
what they were thinking when they decided to commit fraud and how
they nally got caught.
Order online at ACFE.com/Shop
Where the Experts Shop.
SELF-STUDY CPE
The ACFE has the highest quality CPE
of any organization that I belong to!
Avery Hudson, CFE, CPA
Internal Auditor, Liberty Bank

CPE Credit: 16
$59 M
$79 NM
$139 M
$159 NM
$159 M
$179 NM
CPE Credit: 16
$59 M
$79 NM
$109 M
$129 NM
$129 M
$179 NM
CPE Credit: 4
$119 M
$159 NM
CPE Credit: 2
$59 M
$79 NM
CPE Credit: 3
$89 M
$109 NM
48 Fraud-Magazine.com
percent of the total data breaches but only 2 percent of the total
compromised records. Lastly, XTNF, or the theft of data by a
non-employee with low or no probability of fraudulent intent,
accounted for only 8 percent of the total compromised records
but an amazing 24 percent of the total data breaches.
Analysis? Numerous Data Compromises Without Controls
The results strongly indicate that the organizations experi-
encing these data breaches lack strong comprehensive data
protection programs. As a result, the personal data that or-
ganizations should control and safeguard more easily is being
compromised in many ways.
For example, 26 percent of the total breaches result from
the internal improper protection and disposal of data. Exam-
ples include posting data online including SSNs on mailing
labels giving documents or hard drives to recyclers that in-
clude personal information (how about destroying them inter-
nally?) and leaving documents containing personal data unat-
tended in the workplace.
Do we know if any of the compromised records in this cat-
egory of data breaches were used for identity theft purposes? No,
but the opportunity exists. As we know, closing the door on op-
portunity is one of the best methods for fraud prevention.
The protection and disposal of data category is also direct-
ly linked to two other internal data breach and three external
subtype categories. For example, if companies properly protect-
ed and/or disposed data by securing physical facilities, software
and hardware, then less data, such as employee SSNs, would be
lost or misplaced. And employees or non-employees would be
stealing less internal and external data, such as customer debit
card numbers and other personal data. Also, as we wrote earlier,
organizations could better control internal and external hacking
and resulting identity theft if they were required to encrypt all
sensitive data with the use of the 128-bit encryption standard.
SELF-REGULATION NOT WORKING
It is obvious that many organizations need guidance in develop-
ing comprehensive data protection programs. Self-regulation has
not worked; maybe federal rules might help. Because of recent na-
tional exposure on data breaches, the U.S. Congress is considering
legislation on this topic. But do not hold your breath because they
have been considering legislation on notication of data breaches
for the past three sessions and have not passed any law. (The 2007
U.S. Red Flags Rule does require many business and organiza-
tions to implement a written identity theft prevention program
designed to detect the warning signs of identity theft in their daily
operations. See http://tinyurl.com/d6de4y.)
The state of Massachusetts, on the other hand, has re-
cently passed a comprehensive data protection law (201 CMR
17.00) containing standards and requirements directly related
to the types of internal and external data breaches described
and analyzed in this article.
The Massachusetts law is considered one of the strictest
in the U.S. The standards and precise requirements that are
paraphrased and listed below might be a model for other U.S.
states, the U.S. Congress and perhaps some foreign countries
for developing comparable legislation. They will also provide
valuable guidance for organizations and consultants who advise
them about specic elements that should be addressed in setting
up a comprehensive data protection program.
The law states that every person that owns or licenses per-
sonal information about a resident of the Commonwealth shall
develop, implement, and maintain a comprehensive informa-
tion security program. That includes the following standards
and requirements briey outlined by InstantSecurityPolicy on
its website at: http://tinyurl.com/4xnnoky.
In the section of the Massachusetts law, 17.03: Duty to
Protect and Standards for Protecting Personal Information, ev-
ery comprehensive information security program shall include,
but not be limited to:
a. Designating one or more employees to maintain a compre-
hensive information security program.
b. Identifying risks to the security, condentiality, and/or integrity
of records containing personal information, and improving cur-
rent safeguards where necessary, including 1) ongoing employee/
contractor training, 2) employee compliance with policies, and
3) means for detecting and preventing security system failures.
c. Developing policies relating to the storage, access, and trans-
portation of personal information outside of business premises.
d. Imposing disciplinary measures for violations of the security
policy.
e. Preventing terminated employees from accessing records
containing personal information.
f. Oversee service providers by 1) selecting and retaining service
providers capable of securing personal information and 2) re-
quiring service providers by contract to implement and main-
tain appropriate security measures for personal information.
BREAKING BREACH SECRECY
For example, if
companies properly
protected and/or
disposed data by
securing physical
facilities, software
and hardware, then
less data, such as
employee SSNs,
would be lost or
misplaced.
Ivelin Radkov/iStockphoto
January/February 2012 49
g. Placing restrictions on physical access to records containing
personal information and securely storing of this information.
h. Regular monitoring to ensure the security program is op-
erating in the intended manner and upgrading safeguards
where necessary.
i. Reviewing security measures at least annually or whenever it
is reasonably necessitated by a change in business practices.
j. Documenting actions taken in response to any incident in-
volving a breach of security, and a post-incident review of
events and actions taken. 17.04
Computer System Securit y Requirements
(1) Secure user authentication protocols including:
a. Control of user IDs and other identiers.
b. A reasonably secure method of assigning and selecting pass-
words or other unique identiers.
c. Control passwords to ensure that the location and/or format
does not compromise data security.
d. Restricting access to active user accounts only.
e. Blocking access after multiple unsuccessful logon attempts.
(2) Secure access control measures that:
a. Restrict access to les containing personal information to
those who need such access.
b. Assign non-vendor-supplied, unique identications and pass-
words to each person with computer access that are designed
to maintain the integrity of the security of the access controls.
(3) Encryption of all transmitted les containing personal
information when traveling across a public network or a wireless
connection.
(4) Monitoring of systems for unauthorized use of or access
to personal information.
(5) Encryption of all personal information stored on laptops
or portable devices.
(6) Use rewall protection and reasonably up-to-date
patches on Internet-connected systems that contain personal
information.
(7) Use anti-virus/anti-malware software with reasonably up-
to-date patches and virus denitions on Internet-connected systems
that contain personal information.
(8) Education and training of employees of the proper
use of the computer security system and the importance of
information security.
Earn 10 fraud-related credits with
Fraud Magazine

CPE Quizzes!
Time running out
to earn your CPE?
Is your deadline for CPE fast-approaching? All Certied Fraud Examiners must earn
the required 20 Continuing Professional Education (CPE) credits to remain in good
standing. If you are a CFE and want to make sure you have your 10 required fraud-
related credits, then take advantage of ACFEs Fraud Magazine CPE quizzes.
Take this issues Fraud Magazine CPE Quiz on pg. 70,
or download archived quizzes at Fraud-Magazine.com/CPE-Quiz-Archive.aspx
Fraud Magazine

is a trademark owned by the Association of Certied Fraud Examiners, Inc.


50 Fraud-Magazine.com
A new federal comprehensive data
protection law should also include the
requirement that all government agen-
cies, nonprots and businesses conduct
periodic audits by teams of experts to
determine if they are compliant with the
requirements set forth in any mandated
comprehensive data protection plan.
Each organization should include a sec-
tion that includes an opinion on the re-
sults of the audit in its annual report, if
required, or on its website, if not.
Organizations that lack strong com-
prehensive data protection plans would
be substantially penalized.
RESTORING TRUST
Never-ending data breaches have seri-
ously jeopardized our national security
and trust in organizations to protect per-
sonal data. In the same way that the U.S.
Sarbanes-Oxley Act has restored the
publics condence in our nancial mar-
kets, the federal government would do
well to pass a similar law to restore the
publics condence and trust in transact-
ing business electronically.
Robert E. Holtfreter, Ph.D., CFE,
CICA, is distinguished professor of
accounting and research at Central
Washington University in Ellensburg, Wash.
His email address is: holtfret@cwu.edu.
Adrian Harrington graduated from
Central Washington University in
Ellensburg, Wash., in June 2011 with a
Bachelors Degree in Economics. His email
address is: aaharrington87@gmail.com.

(Robert E. Holtfreter thanks co-author
Adrian Harrington, a former student in his
fraud examination class, who volunteered to
work for him as an unpaid research assistant.
He has worked hundreds of hours over the
past 18 months providing outstanding intel-
lect, leadership and work ethic in helping to
conduct research and investigate the data
breach area, develop our data breach clas-
sication model, analyze the data and write
this article and work on others. He has a se-
rious interest working in the fraud area and
will make a great investigator. ed.)
BREAKING BREACH SECRECY
Attention CFEs
Fulll Your Annual Ethics CPE Requirement
with this new course from the ACFE Bookstore
NEW! Ethical Issues for Fraud Examiners
(Online Self-Study)
CPE Credit: 2
Course Level: Basic | Prerequisite: None
In your work to resolve allegations of fraud, you might encounter
ethical issues that require you to look beyond the technical require-
ments of your job and toward the moral dimensions. But ethical
issues can be perplexing. What is the right thing to do?
Ethical Issues for Fraud Examiners will help you to understand
what constitutes an ethical dilemma and help you to develop an
awareness of ethical issues faced by fraud examiners.
What you will learn:
Ethical values that you are expected to honor when carrying out your
fraud examination duties.
Understandintg ethical decisions
Considerations to keep in mind as you work toward your own
resolutions of ethical dilemmas. Imperative, utilitarian and
generalization ethical principles
How to locate resources that might be useful to you in resolving
ethical dilemmas.
Order your copy today at
ACFE.com/EthicalIssues
Te CFE credential is known and respected
around the world.
Will White, Jr., CFE
ACFE Member Since 2007
Certied Fraud Examiner
Chief Anti-Fraud Ofcer
Ofce of Fraud Deterrence and
Detection, NAVSEA
The CFE credential has proven to be
a great benet to my career, as I have
been selected to lead the Anti-Fraud
Program for the Department of
Defenses largest Systems Command
as the Chief Anti-Fraud Ofcer. As the
Chief Anti-Fraud Ofcer, I have the
responsibility of providing oversight
(prevention and detection of fraud,
waste and abuse) for the Naval Sea
Systems Commands 55K personnel
and $40 billion annual budget.

Invest in your career. Become a CFE.
Visit ACFE.com/CFE
52 Fraud-Magazine.com
By Roger W. Stone,
CFE
ankruptcy fraud, which is a form of nancial state-
ment fraud, is perpetrated by concealing assets
through misappropriation and/or a misclassica-
tion of accounts. In the following case, we will
show how delayed bankruptcy schedule lings,
inaccurate bankruptcy schedules and incorrect monthly
operation reports can create an opportunity for a dishonest
debtor to misappropriate assets of a bankruptcy estate.
The consequences of this particular bankruptcy fraud
case resulted in $1.5 million in misappropriated assets, neg-
ligence action against the attorney and the convicted debtor
receiving a 10-year prison sentence.
THE DAIRY FARMER CASE
The wayward debtor in this case, a dairy farmer (we will call
him Stan), was suspected of gambling away the majority of
the misappropriated $1,528,502 from the estate at casinos.
Eight months prior to ling bankruptcy, Stan submitted
a signed personal nancial statement showing $5,582,103 of
assets and $4,842,505 of liabilities, which set his net worth
at $739,598.Three months prior to ling bankruptcy, Stan
submitted a signed personal nancial statement showing
$11,607,450 of assets and $4,981,100 of liabilities, which
then made his net worth $6,626,350.
When he nally led, the assets of the farmers bank-
ruptcy estate consisted of farmland, farm equipment, build-
ings, dairy cows, growing crops and crops in storage. The
bankruptcy schedules showed real property of $1,116,000 and
personal property of $574,370, for total assets of $1,690,370.
The farmers liabilities consisted of secured creditors and pri-
ority creditors holding claims of $4,661,866, and unsecured
creditors holding claims of $293,202. This brought the total
claims to $4,955,068.
COURSE OF THE BANKRUPTCY
This bankruptcy was extremely adversarial from the begin-
ning. The bankruptcy estate attorney imposed several delays
that undermined what little trust existed. The attorney ini-
tially led for a Chapter 12 bankruptcy proceeding, which is
a type of bankruptcy for farmers who have less than $1.5 mil-
lion of debt. However, his clients estate had more than $1.5
million of debt, and the attorney admitted during his deposi-
tion that he knew his debtor did not qualify for Chapter 12
at the time he submitted the ling. A plausible explanation
for the attorneys action was that a Chapter 12 ling would
result in future lings to correct the initial ling. Those lings
would delay reporting requirements for the debtor.
The attorney continuously requested extensions to le
bankruptcy schedules, saying that he wanted to ensure their
accuracy. However, the amended bankruptcy schedules were
also inaccurate. Moreover, Stans monthly reports of opera-
tions, when they were led with the U.S. Trustee ofce, were
lled with inaccuracies and misapplications of accounts. The
most cursory review could detect these inaccuracies, so it was
clear that the attorney had not reviewed these reports prior
to their submittal. Lastly, Stans plan for reorganization was
submitted late and was unrealistic in scope. The creditors
attorneys objected to virtually every ling.
Because of these delays, the creditors did not have accurate
information about the estates assets and monthly cash ow, and
Stan was able to maintain control over the estates assets for
2 years, instead of being removed and replaced with a court-
appointed Chapter 7 trustee who would administer the estate.
Almost two years after the initial ling, the bankruptcy court
He Milked it For All it Was Worth
A Dairy Farm Bankruptcy Fraud
Case in Point
Almost two years after the initial ling, the
bankruptcy court established the value of the
farmland at $2,926,000, which differed from the
initial $1,116,000 valuation on the schedules.
B
January/February 2012 53
established the value of the farmland at $2,926,000, which
differed from the initial $1,116,000 valuation on the schedules.
The farmland eventually sold for more than $3 million.
The risk to the creditors was not the farmlands de-
creased value on the schedules, because the farmland itself
was not a liquid asset. The real risk was Stans misappropria-
tion of assets (i.e., dairy cows, farm equipment, etc.) when
he sold those assets outside the normal course of business
without rst obtaining the courts permission. He used the
funds from those sales for his personal gain.
The creditors attempted to deter the debtors liquidation
of assets by taking inventories and by taking court action.
However, the court action was slow and the inventory results
were disputed. Without cooperation from the estate attorney,
the creditors did not accomplish much in trying to thwart
the debtor from liquidating his assets.
The debtor misappropriated the following assets for
these amounts:
Dairy cows ..............................................................$638,925
Grain sales not deposited to estate.........................$308,895
Withdrawals of cash ...............................................$221,775
Farm equipment and vehicles ................................$167,500
Direct payment to debtors ........................................$75,000
Accounts receivables not disclosed on schedules ....$43,341
Preference payments.................................................$62,230
Miscellaneous ...........................................................$10,836
Total ....................................................................$1,528,502
HOW THE ASSETS WERE LIQUIDATED
During a bankruptcy, the law allows inventory held for
sale by the business to be purchased and sold in the normal
course of business as long as the creditors are protected. For
instance, inventory cannot be sold at below-market value,
but it can be sold at market value during the normal course
of business. Also, estate assets that are used to produce in-
come cannot be sold without the courts permission. To apply
these rules to the dairy farm case, the milk produced by the
cows could be sold at market price in the normal course of
business. However, the cows that produce the milk could not
be sold without the courts permission.
There is a gray area within the denition of normal
business operations, and this is where a dishonest debtor can
do harm to creditors, shareholders and the business itself. In
the dairy farm case, Stan perverted the dairy farms normal
operations to his benet and the harm of the creditors. (The
attorney, though not proven to be negligent, caused the
delays that allowed Stan to pervert operations.)
To further explain, in most dairy farm operations, dairy
cows produce less milk over time; therefore, it is normal for a
dairy farm to sell approximately 20 percent to 25 percent of
its herd every year for meat and then replace those animals
with younger dairy cows. A signicant number of calves born
every year can be kept or sold, but these animals typically are
not on the accounting books because they have no basis.
Following are the specic ways the bankruptcy court
liquidated the assets:
1. Dairy cows sold
Depreciation records showed that Stan bought 957 dairy
cows at an average cost of $1,229 per cow in the four years
prior to the bankruptcy. The average useful life of a dairy
cow is ve years, and then it is sold for beef. The bankruptcy
schedules showed 252 cows on hand. Two-and-a-half years
after the initial bankruptcy ling there was a total liquida-
tion of dairy cows that resulted in a sale of 102 cows for
which the estate received $49,574.The bankruptcy estate did
not recover everything else that was sold.
2. Calves sold
It was estimated that there were 957 cows in the herd at
the time of the bankruptcy ling, which would result in a
minimum of 574 calves produced per year. However, there is
no evidence that funds from these sales were deposited in the
bankruptcy estate.
3. Milk production
The dairy farm was making about $240,000 monthly in milk
sales, which was being deposited in the bankruptcy accounts.
Stan made a side deal with his milk buyer, who agreed to pay
less for the milk and then make $8,000 monthly payments
directly to the debtor. This money never came into the
bankruptcy estate.
4. Crop sales
Crops were grown using assets of the bankruptcy estate.
However, during at least one year, Stan sold the crops and
never deposited the receipts and money from the sales in the
bankruptcy estate.
5. Farm equipment
It should be difcult to liquidate farm equipment that is in
a bankruptcy proceeding because of Uniform Commercial
Code lings on the equipment. However, Stan was able to
liquidate his equipment in two ways:
Case in Point
54 Fraud-Magazine.com
Case in Point
The rst was leased farm equipment
that had a signicant residual value
$45,000 more than what he owed on
the lease. It appears that Stan returned
the equipment to the leasing company
with some agreement that he personally
received the residual value. The residual
value never came back to the estate.
The second method involved used farm
equipment as a part of a blanket security
agreement for an operating loan Stan had
obtained prior to the bankruptcy. In this
instance, the equipment was placed for
auction out of the area with the proceeds
going to a relative.
6. Withdrawals of cash
Without adequate supervision and con-
trols, Stan wrote checks to cash totaling
$221,775 out of the bankruptcy estate.
At the pre-ling conference, the estate
attorney counseled the debtor to hoard cash
to prepare for footing the bankruptcy ex-
penses. What the attorney probably meant
was to not pay creditors, lessors and other
accounts payable prior to ling for bankrupt-
cy and the automatic stay (an injunction
that halts the bankruptcys courts actions).
The goal was to keep as much money as pos-
sible in the bankruptcy checking account so
the debtor could continue to operate amidst
the business disruptions associated with
ling for bankruptcy. However, the debtor,
who had dishonest intentions, interpreted
this advice as keeping as much actual cash
in the house as possible and to not report it.
It is suspected that the debtor had in excess
of $100,000 cash on hand at various times
during the course of the bankruptcy.
THE INEXPERIENCED ACCOUNTANT
Approximately one year after the initial
bankruptcy ling, the court appointed an
accountant to prepare the monthly reports
of operation. The inexperienced insolvency
accountant made several errors. When pre-
paring the monthly reports of operation, he:
Did not have copies of checks or deposits.
Did not have a check register.
Relied on descriptions of checks and
deposits provided by Stan.
Did not question Stan about the
appropriateness of deposits made or
checks written.
Did not consider it his responsibility to
question unusual expenses or deposits.
Did not know that Stan was not allowed
to have personal bank accounts other
than the debtor in possession accounts.
If the accountant had been more
experienced or properly instructed prior to
performing his court-appointed duties, it is
reasonable to expect that Stan would have
been deterred. As it stood, Stan was allowed
to liquidate assets and pocket the proceeds.
Two-and-a-half years after the initial
ling, the court nally appointed a Chapter
7 trustee to liquidate the estate. One month
later, the original attorney for the bank-
ruptcy estate resigned.
WHAT THE CREDITORS COULD HAVE DONE
Early on, the creditors realized that Stan
was dishonest, and there was a real risk that
he would misappropriate the assets. The
creditors hired appraisers, took inventories
of the assets and led court documents to
protect their assets during the bankruptcy.
However, these actions failed to deter Stan.
The creditors could have engaged a
forensic accountant/CFE to inspect the
debtors monthly reports of operations. This
person could have:
Veried reconciliations of bankruptcy
accounts.
Veried that all payments were for
appropriate services.
Veried that all deposits were being made
to the appropriate accounts.
If the accountant had been
more experienced or
properly instructed prior
to performing his court-
appointed duties, it is
reasonable to expect that
Stan would have been
deterred. As it stood,
Stan was allowed to
liquidate assets and
pocket the proceeds.
January/February 2012 55
Reviewed prior years purchases and accounts payables to
verify the existence of assets that were in the bankruptcy
schedules or that should be in the schedules.
Notied the creditors of anything that appeared unusual or
inappropriate.
It is true that these services can be costly, so creditors
should only take this route when the expense can be justied
by the risk of loss.
The Chapter 7 trustee engaged me to quantify and prove
the amount of misappropriated assets. There was virtually
nothing left for the creditors, except for a cause of action
against the original bankruptcy attorney.
As is frequently the case in misappropriations, the
involved parties missed many obvious opportunities to stop
or minimize the fraud, prior to and during the bankruptcy.
For example, Stans attorney could have resigned when he
realized his client was dishonest; the U.S. Trustee ofce
could have been more proactive in reporting the level of
extreme inadequacy of the monthly operating reports to
the judge; the court could have appointed a more experi-
enced accountant, etc.
PROFESSIONALS ROLES
Most experienced forensic accountants, and many CFEs, can
review businesses in bankruptcy and determine fairly quickly if
the debtors are following the rules. If a debtor is following the
rules, these professionals will only need to periodically review
operations reports, greatly reducing the cost of the accoun-
tants services. Such reviews will give the creditor the informa-
tion required to force the court to act quickly, either by remov-
ing the debtor in possession or by forcing the individual to
report as required. Either way, the creditor is better protected.
Roger W. Stone, CFE, is the owner and operator of
Management Accounting Services in Champaign, Ill. His
primary business is providing insolvency and forensic accounting
services to businesses and attorneys. His email address is:
rstone@nancialstatements.net.
Case in Point
Here is a summary of the key players in a bankruptcy ling and
their respective interests:
The bankruptcy estate attorney. In most cases, attorneys
in bankruptcy cases will resign when they believe they are
representing individuals who are not adhering to the rules of
bankruptcy. In my opinion, attorneys on these types of cases
are not paid enough to get entangled with dishonest persons;
the amount of the attorneys fees is miniscule compared to the
amount that dishonest persons steal. Attorneys want their insur-
ance to settle the case before it goes to court.
The malpractice insurer. Working for the estate attorney, the
insurer is motivated to settle the case for the minimum if engaged.
The Chapter 7 trustee. The Chapter 7 trustee is torn be-
tween recovering the maximum amount for creditors and doing
something that might upset the U.S. Trustee ofce and jeopardize
the trustees being appointed to future cases. Also, the risk of
going to trial is that the plaintiff could lose, which means there
might not be funds to pay the Chapter 7 trustee.
The U.S. Trustee ofce. The ofce may not want a case to
go to trial because it could be revealed during the trial that the
ofce was not carefully reviewing the debtors monthly operat-
ing reports.
The judge. This player might not have a dog in the hunt.
However, in my opinion, judges seem reluctant to nd lawyers
guilty of negligence.
The creditors. They are motivated to go to trial or settle for
the maximum amount. However, it is the Chapter 7 trustees call
as to whether or not to settle not the creditors. Their primary
recourse is to object to what they perceive as an unreasonable
settlement between the Chapter 7 trustee and the insurer.
The Motivations of the Players in a Bankruptcy Case
56 Fraud-Magazine.com
Fraudsters Claiming Victims Via
Payday and LinkedIn Scams
usie Duke was a fanatic when it came to technol-
ogy. She had all the latest hardware, including a
smartphone, a laptop, an iPad and a Blackberry
all of which she used to communicate with friends
and business associates. However, she was not
sophisticated about protecting herself from fraud in a tech
environment. She ended up falling for a telephone collection
scam related to purported delinquent payday loans.
Payday loans have become more common over the
past few years because of the declining economy. The loans
are short-term xes, usually for two-week periods, to allow
individuals to cover their expenses until the loans become
due the next payday. A recipient normally is required to write
a check for the cash amount of the loan plus the loan fee,
which often is extremely high ranging from 15 percent to
30 percent of the loan. The lender normally deposits the check
in his account when the payday date arrives. If the loan recipi-
ent does not repay the loan, the lender usually extends it at the
same interest rate. The real cost of these loans can easily reach
from 300 percent to 1,000 percent of the loan if the recipient
does not cover it in a reasonable time period.
Susie would occasionally get behind in paying her bills,
so she would go online and apply for a payday loan to tide her
over until she received her next payroll check. She recently
had begun receiveing telephone calls purportedly from a FBI
representative who said he was collecting debts for a cash
advance company. Susie was very upset and confused because
she always paid off her payday loans when they became due.
This fraudster had already obtained Susies personal informa-
tion, including her Social Security, drivers license and bank
account numbers, from an unknown source and was attempt-
ing to use it to bilk her out of money. In the next two weeks,
he harassed her with numerous calls, and he threatened her
with legal action if she did not immediately pay off her debt
of $2,000 by placing that amount on a prepaid Visa gift card
and mail it to him. Susie became confused and overwhelmed
and nally gave in and paid the fraudster.
THE DELINQUENT PAYDAY LOAN SCAM
This identity theft case is ctional, but it represents a fraud
that has gained enough momentum to be reported by the
Internet Crime Complaint Center (IC3) in an Intelligence
Note on Dec. 10, 2010 (Telephone Collection Scam Related
to Delinquent Payday Loan). Like the FBI, the Federal Trade
Commission (FTC) and the Federal Insurance Deposit Cor-
poration, the IC3 alerts the public when it receives numerous
complaints about a new scam.
The IC3 mentioned that fraudsters in this scam typi-
cally purport that they are with either the FBI, the Federal
Legislative Department (whatever that is), other high-level
government agencies or a law rm. They say that they are
calling to collect debts for Internet check-cashing companies,
such as U.S. Cash Net, U.S. Cash Advance and United Cash
Advance. In most cases, the victims are current or former
payday loan recipients.
The fraudsters do their homework before calling their
potential victims. They have the targeted individuals Social
Security numbers, dates of birth, addresses, employer infor-
mation, bank account numbers, and names and telephone
numbers of relatives and friends. How the personal informa-
tion is collected is unknown, but the IC3 said that the vic-
tims often relay that they had completed online applications
for other loans or credit cards before the calls began.
Once a con artist gets a victim on the hook, he will
accelerate the scheme by continually calling that person at
work, at home, and on his or her mobile phone with threats
of physical violence, arrest and legal action. An intended
victim will question the con artist about the particulars of
the loan, but he will refuse to respond, will be abusive and,
in some documented cases, will harass the victims family
and friends. In many cases, this hard-sell strategy overwhelms
the victim, and he or she gives in. Like many telephone and
online schemes, the fraudsters have orchestrated scripts, and
By Robert E.
Holtfreter, Ph.D.,
CFE, CICA
Taking Back the ID
Identity Theft Prevention Analysis
S
January/February 2012 57
they are well trained to listen for victims cues and respond
accordingly to complete sales.
The U.S. Fair Debt Collection Practices Act provides
consumer protection from illegal and unethical debt collec-
tion practices. According to Lawyers.com, the act does not
allow bill collectors to:
Tell people they will be arrested if they do not pay.
Repeatedly call the person to harass or annoy him.
Issue threats of violence or harm.
Falsely claim to be attorneys.
Falsely claim that the person committed a crime.
The website also advises consumers to do the following
if they receive suspicious phone calls about a debt:
Ask the caller to send the loan information in writing.
Refuse to verify any bank account, credit card or personal
information over the phone.
Report any telephone harassment or threats to the FTC,
which enforces the Fair Debt Collection Practices Act.
File a Better Business Bureau complaint to help let others
know about the scam.
Contact the state attorney generals ofce to nd out
about state debt collection and consumer protection
laws that might apply.
In addition, the IC3 says to do the following:
Contact your banking institutions.
Contact one of the three major credit bureaus and request
that an alert be put on your le.
Contact your law enforcement agencies if you feel you are
in immediate danger.
File a complaint at www.IC3.gov.
SCAMS USING LINKEDIN
Recently, there have been reports of con artists culling
personal information from the online business social network
LinkedIn to commit fraud. LinkedIn has more than 120
million members worldwide, and as of June 30, its member-
ship included executives from all 2011 Fortune 500 com-
panies. LinkedIn members share personal information on
the site, including their names, titles and places of business,
which allows them to create opportunities for themselves
and others. LinkedIn can be a great resource for identify-
ing and networking with key people at other companies.
However, some join LinkedIn to gather information on other
members and perpetrate fraud. Many of them will email
spear-phishing messages to LinkedIn members.
Spear Phishing
In a typical phishing scheme, a fraudster casts his net wide by
sending a fraudulent email message to millions of individuals
to try to hook some victims into a scam. However, in a spear-
phishing scheme, the fraudster directs an email to an indi-
vidual or a select group of individuals within a company or
industry. The fraudster wants to convince the recipient that
the message is coming from someone who is in a position
of authority within the company for example, a network
administrator who is asking for condential information.
The message typically includes a request for the persons
username and password, or it will ask the recipient to click
on a link that turns out to be corrupt and allows a banking
Trojan to download onto the victims computer. The bank-
ing Trojan contains a key logger that will harvest the email
recipients business or corporate bank account information.
At that point, the fraudster can masquerade as the legitimate
user and transfer money out of the account.
ZenuS Malware Scheme
Fraudsters also have used LinkedIn to install a malware
called ZenuS on LinkedIn members computers by sending
invitations to accept new contacts. A member clicks on a
link in the email message, the malware becomes embedded
in the members browser and is used to steal personal infor-
mation, including passwords for personal or corporate bank
accounts, depending on whether the message was received
at home or work. The end result is the fraudster can transfer
funds out of the accounts.
A couple of other versions of this scheme recently hap-
pened to me. Over the past four months, I have received ve
suspect emails. The rst four were purportedly from people I
knew who wanted to add me to their LinkedIn network. To
accept, I would have to click on a link provided in the mes-
sage. One of the individuals was a student in one of my sum-
mer classes. I immediately became suspicious and declined
the offer. I then went to the LinkedIn website and entered
Taking Back the ID
Identity Theft Prevention Analysis
TAKING BACK THE ID cont. on page 69
The only explanation I have is that the hacker
stole his Gmail account from the LinkedIn website
and used it to capture a contact list, which
included my email address.
58 Fraud-Magazine.com
By Richard Hurley, Ph.D., J.D., CFE, CPA;
and Tim Harvey, CFE, JP
ccording to a June 5 article, China foreign list-
ings dogged by scandal, by Robert Cookson
in the Financial Times, a spate of scandals at
Chinese companies listed in New York, Hong
Kong and Toronto is unsettling investors.
It seems to have bubbled into a hysteria and creates an
unfortunate overhang over all Chinese companies seeking to
raise capital in the U.S. markets, said William McGovern,
Hong Kong-based partner at Kobre & Kim and former en-
forcer at the U.S. Securities and Exchange Commission. It
has become hard for investors to separate fact from ction.
(http://tinyurl.com/5udkgk3)
And a May 26 article in The New York Times, The
Audacity of Chinese Frauds, by Floyd Norris, explains
how Deloitte Touche Tohmatsu exposed fraud at one of its
long-time clients, the Chinese nancial software company
Longtop Financial Technologies. Apparently, the company
fooled some smart people into buying devalued stock. (http://
tinyurl.com/6axc5ll)
Are these stock scandals legitimate frauds aided by
backdoor investment listings and outsourced by auditing rms?
Or are they works of fabrication initiated by short sellers reap-
ing prots selling on stock price declines either by allegations
or innuendo? The reality is that there is probably a mixture of
everything from fact and fraud to analysis and anxiety within
the perceived red-hot Chinese stock market.
Would-be investors should be aware of the potential
for fraud in any investment no matter its national origin.
The U.S. Public Company Accounting Oversight Board
(PCAOB) released a report on March 14 on the Activ-
ity Summary and Audit Implications for Reverse Mergers
Involving Companies from the China Region (the China
region refers to the Peoples Republic of China, Hong Kong
Special Administrative Region and Taiwan) from Jan. 1,
2007, through March 31, 2010 (Research Note #2011-P1).
The report summarizes the concept of reverse mergers
(also known as backdoor mergers) as: any acquisition
of a private operating company by a public shell company
that typically results in the owners and management of the
private operating company having actual or effective voting
and operating control of the combined company. Through a
reverse merger transaction, although the public shell com-
pany is the surviving entity, the private operating companys
shareholders control the surviving entity or hold shares that
are publicly traded. In a reverse merger transaction, the entity
whose equity interests are acquired (the legal acquiree) is the
acquirer for accounting purposes. The end result is that:
1. The private company has access to the U.S. nancial
markets as a registered SEC reporting company without
ling a registration statement under the Securities Act of
1933 or the Exchange Act of 1934, but the public shell
company must le Form 8-K ling with the SEC.
2. The private company probably incurs a lower
accounting, legal and ling fee and gains faster access
to capital markets than ling an IPO.
3. Investors may perceive added value to the public shell
company. (See http://tinyurl.com/3s8tkq9 and
http://tinyurl.com/3awrx3g.)
Chinese Stock Investment Fraud?
Separating Fact from Fiction
Global Fraud Focus
Examining Cross-Border Issues
The recent wave of accounting issues and
scandals involving Chinese rms has raised
regulatory concern levels from a small crack to
a chasm. Furthermore, short sellers are not
helping to distinguish reality from rumor.
A
January/February 2012 59
The PCAOBs March 11 report on reverse mergers
identied 159 companies, with a market capitalization of
$12.8 billion, that have accessed the U.S. capital markets via
a reverse-merger transaction from Jan. 1, 2007, to March 31,
2010. During that same time, only 56 Chinese companies,
with a market capitalization of $27.2 billion, completed the
initial public offering (IPO) process.
Although Chinese auditors completed 24 percent of the
audits of Chinese reverse mergers, the PCAOB staff takes is-
sue with some U.S. registered accounting rms because they
may not be conducting audits of companies with operations
outside of the U.S. in accordance with PCAOB standards.
On July 12, 2010, the PCAOB issued Staff Audit Practice
Alert No. 6, Auditor Considerations Regarding Using
the Work of other Auditors and engaging Assistants from
Outside the Firm, which highlighted the PCAOBs concerns
with auditors hiring external auditors and staff to perform
audits outside the U.S. including ones in the Chinese region.
(http://tinyurl.com/63wrvpg)
The PCAOB inspection staff observed that in some sit-
uations it appeared that U.S. rms provided audit services by
having most or all of the audit performed by another rm or
by assistants engaged from outside the rm without comply-
ing with PCAOB standards applicable to using the work and
reports of another auditor or supervising assistants. In one
case the U.S. rms personnel did not travel to China region
during the audit, and substantially all of the audit documen-
tation was maintained by the Chinese rm that did the audit
work. (See footnote 37 of http://tinyurl.com/3knf6db.)
SEC Chairman Mary Schapiro is also working with
Chinese regulators to address areas of concern. One key issue
is the PCAOBs inability to inspect the reverse-merger rms
in China. SEC Commissioner Luis Aguilar was a little more
emphatic with his concerns when he addressed attendees of
the Council of Institutional Investors Annual Conference on
April 4, 2011: While the vast majority of these companies
may be legitimate businesses, a growing number of them
have accounting deciencies or are outright vessels of fraud.
The PCAOB also has difculties in inspecting Chinese
audit rms that have registered with the agency. Michael
Rapoport reported in the August 8 article, Progress Cited on
Audits in China, in The Wall Street Journal, that Chinese
authorities have not granted permission to the PCAOB to
enter their country to evaluate audit rms who are registered
with the agency. (http://tinyurl.com/63xzwrl)
On April 4, PCAOB Chairman James Doty said in a
speech to the Council of Institutional Investors that, If
Chinese companies want to attract U.S. capital for the long
term, and if Chinese auditors want to garner the respect of
investors, they need the credibility that comes from being
part of a joint inspection process that includes the U.S. and
other similarly constituted regulatory regimes. In light of
these risks, the PCAOBs inability to inspect the work of reg-
istered rms from China is a gaping hole in investor protec-
tion. (http://tinyurl.com/3dns5eo)
The recent wave of accounting issues and scandals
involving Chinese rms has raised regulatory concern levels
from a small crack to a chasm. Furthermore, short sellers
are not helping to distinguish reality from rumor. Take, for
example, Sino-Forest, a Chinese forestry company listed on
the Toronto exchange. Robert Cookson, reporting in the
June 6 Financial Times article, China foreign listings dogged
by scandal, writes that in a few days Sino lost more than
two-thirds of its market value since Thursday after Muddy
Waters, a research rm founded by short-seller Carson Block,
accused the company of overstating its sales and the value of
its forest land. (http://tinyurl.com/3svmcn4)
Sino denied the allegation and claimed Muddy was
muddying the waters to prot from short selling. However,
another forestry group, China Forestry, had its shares sus-
pended in January, 2011 after its chief executive was arrested
for the alleged embezzlement of $4.6 million.
Cookson, reporting in his June 6 Financial Times article,
writes that in the last six months more than 25 New York-
listed Chinese companies have disclosed accounting discrep-
ancies or seen their auditors resign. Nasdaq and NYSE
Euronext have halted trading in the shares of at least 21
small and micro-cap Chinese companies in the past year, and
kicked ve of them off the exchanges.
Doty is optimistic that the PCAOB can reach an agree-
ment with Chinese regulators on inspections. In the interim,
investors should understand that investing in China has its
own sets of investment risks. Then again, they should realize
that in a post-Enron, Madoff, Paramlat, Satyam, Siemens and
Societe Generale world, fraud has no national boundaries.
Just remember: No nation has a monopoly on stock fraud.
Investors must be diligent and be aware of the risks and act
accordingly. Caveat Emptor Let the buyer beware.
Tim Harvey, CFE, JP, is director of the ACFEs UK Operations,
a member of Transparency International and the British Society of
Criminology. His email address is: tharvey@ACFE.com.
Richard Hurley, Ph.D., J.D., CFE, CPA, is a professor in
the University of Connecticut (Stamford) School of Business.
His email address is: rhurley@business.uconn.edu.
Global Fraud Focus
Examining Cross-Border Issues
60 Fraud-Magazine.com
ember Services Representative Ashly Worsham
enjoys talking to members and helping them,
but the ACFE fullls her in a way she never
anticipated when she accepted the position
her constant quest for self-improvement. She takes as many
classes as the ACFE offers, from speech and nance to personal
safety and business writing. At the ACFE, they want you as a
staff member to further yourself, she said. You feel valued.
COUNTRY LIFE
Ashly was born in the East Texas town of Groves, but imme-
diately moved to La Grange, where she grew up. Her family
includes little sister April, with whom she is extremely close,
and brother David, who is six years younger. Her mother,
Brenda, worked as a seamstress when the kids were young. She
then went on to work for the grocery store chain H-E-B, rst
as a bookkeeper, later as a customer service representative. Her
father, David, was a petro-chemical draftsman when Ashly was
little, then returned to school to earn a certicate in computer
technology. He now is a computer technician with the
Lower Colorado River Authority.
Ashly grew up in the country. She lived off a dirt road, and
they raised Barbado sheep, pigs and cattle. The family had a
stock tank for shing. But Ashly, who calls herself pretty girly,
avoided all of that and stayed inside with her mother, who
taught her to sew and cook. Ashly still takes scraps of fabric and
hand sews dresses. She loved to play dress-up: I remember read-
ing Gone With the Wind really young and then pretending I
was Scarlett in the backyard, she said. I also thought math was
fun when I was a kid. My dad (being a techie) gave me a huge
IBM and installed Math Blasters. I became obsessed with it for
a whole summer until I beat it.
Her father focused on making her independent. He
wanted me to not be reliant on anyone, she said. Like him,
Ashly is a comedian. On her rst day at the ACFE, President
and CEO James Ratley, CFE, told her (falsely and with a
straight face) that he was the custodian and would take care of
trash and small spills. An hour later, she called him to clean up
an imaginary soda spill under her desk, knowing full well who
he really was. Jim was delighted, of course.
Ashlys parents divorced when she was 11, but they
remained friends and still live near one another. Her mother
remarried, and Ashly considers her stepfather, Hunter, like a
second father. (She also has two older stepsisters from the union
with whom she is close.) He sparked her enthusiasm for science
ction so much that she even gave a presentation during the
ACFE speech course about how much she loves the recent
remake of the sci- TV series Battlestar Galactica.
GIFT OF SINGING
Ashly was the good kid and rarely got into trouble, but she
did love to sing, which could be a blessing or a curse, she said,
because she was constantly singing. My parents regretted buy-
ing me The Little Mermaid, she said, laughing. She made
excellent grades and took a lot of dance classes. During high
school, she also sang lead vocals for her churchs praise and
worship band. She was a member of the drill team and business
club, acted in plays and sang in musicals. As if she was not busy
Improving Members Lives
By Cora Bullock
Meet the Staff
ACFE Member Services Representative Ashly Worsham loves to assist
members, but she also works to improve her performance with the ACFEs
continuing education offerings
M
January/February 2012 61
enough, she also took classes her last two years of high school to
become a licensed cosmetologist, which is how she paid her way
through college.
Ashly graduated from high school in 2003 and attended
Texas State University in San Marcos, 30 minutes south of
Austin. It took her a while to gure out her major. She initially
decided on accounting, because she is good at math, but then
Ashly took a speech class, which she loved so much that she
majored in mass communication. She also loves to counsel
people, so she minored in psychology.
Working full time as a hairdresser and attending school full
time meant she took a little longer to earn her Bachelor of Arts
in Mass Communication, which she did in 2009.
SERVING OUR MEMBERS
After she graduated, she was perusing craigslist and saw the
ACFEs posting for a member services representative. She
started in May 2010 and began managing the Fraud Magazine
CPE quiz in January of 2011.
I love to be able to listen to our members and make them
happy and solve their problems, even when they dont know
what their problems are, said Ashly. She might one day return
to school to become a counselor. Despite being a communica-
tions major, I like to listen to people, and over the years, Ive
honed my listening skills.

LEADING A FULL LIFE
When she is not assisting members, Ashly stays incredibly
busy. She has a passion for karaoke and sings with and writes
lyrics for her co-worker Justin Dillons electronic band, GOBI.
She also writes her own music and loves to cook. Her mother
goes through cookbooks from start to nish, trying every
recipe, and Ashly does the same. Her favorite cuisine is
Asian, specically Thai.
Ashly has not had the opportunity to travel much The
rst time I touched or saw the Pacic Ocean was at the 22nd
Annual ACFE Fraud Conference and Exhibition. but she
one day plans to do more, though she does not want to leave
Austin right now. She fell in love with the city, despite the frus-
trating construction the citys growing pains she encoun-
ters every day. She tries to see the beauty in everything. Your
mindset really shapes your world, and I try to keep a positive
perspective, she said. Luckily our members, and the ACFE,
get to benet from this too.
Cora Bullock is assistant editor of Fraud Magazine. Her email
address is: cbullock@ACFE.com.
EthicsLine .............................................. inside front cover
TLO...........................................................................page 5
SAS ................................................................... back cover
This index is provided as a reader service. The publisher doesnt
assume any liability for errors or omissions. For information
about advertising, call Ross Pry at the ACFE, (800) 245-3321,
or email him at rpry@ACFE.com.
Publication of an advertisement in Fraud Magazine

doesnt
constitute an endorsement of the product or service by Fraud
Magazine or the Association of Certied Fraud Examiners Inc.
ADVERTISERS INDEX
Ashly Worsham
P
h
o
t
o

b
y

C
h
r
i
s
t
i

T
h
o
r
t
o
n
-
H
r
a
n
i
c
k
y
,

C
F
E
62 Fraud-Magazine.com
MCFADYEN REVEALS TULSA CHAPTERS SECRETS
OF RITCHIE-JENNINGS SCHOLARSHIP SUCCESS
R. Cameron McFadyen, CFE, longtime Tulsa fraud examiner
and accountant and active ACFE member, recently spoke with
Fraud Magazine about his participation in the ACFEs Ritchie-
Jennings Memorial Scholarship program, the Oral Roberts
University (ORU) scholarship process and his work in the
fraud examination eld. McFadyen is the founding president of
the ACFEs Tulsa Area Chapter and chairman of the Ritchie-
Jennings Memorial Scholarship Committee. (See ACFE.com/
scholarship.aspx.)
How long have you been associated with ORU and how have
you served in the scholarship process?
The Tulsa Area Chapter began participating in the annual
Ritchie-Jennings Memorial Scholarship competition in 1996.
I began as the chapters committee chair and started talking
about the scholarship to professors at local universities. A friend
of mine, Terry Unruh, an assistant professor of accounting at
ORU, expressed real interest. From that point on, we worked
closely together, and, over time, we developed a process, which
has been very successful. Since being named to serve on the
Ritchie-Jennings Memorial Scholarship Committee last year, I
have removed myself from the process at the local level to avoid
any conict-of-interest issues.
ORU has had a number of candidates win the Ritchie-
Jennings Memorial Scholarship through the years.
The Tulsa Area Chapter established the R. Cameron Mc-
Fadyen, CFE, Scholarship Award beginning in the 1999-2000
competition year. This award provides additional scholarship
money to local winners.
How do you attribute ORUs success?
I believe there are four key reasons for the success of this pro-
gram. First, the chapter scholarship chair maintains a close rela-
tionship with ORU professors and ofcials. Second, the chapter
sponsors events throughout the year, such as photo shoots and
congratulatory meetings for the winners and presentations to
recipients of the Fraud Magazine issue containing the scholarship
article. Third, the chapter evaluates students regularly to deter-
mine those who would make the best candidates for endorse-
ment. And fourth, the selection interviews are always in person
and designed to reveal as much as possible about each student:
who they are, what they want to do and how they view their fu-
tures. Those interviews are major components when the chapter
decides who to put forward as Ritchie-Jennings applicants.
What steps can educa-
tors take to help
students submit a
worthy application?
Educators can make all
the difference. They
are on the front lines
and know better than
anyone those students
who would make the best
scholarship applicants.
They can introduce their
students to the scholar-
ship program and tell
them about its back-
ground. Educators can
spur students to work their hardest and, hopefully, steer them to
the fraud examination profession and the CFE credential. Dedi-
cated educators can mentor students through the application
processes and assure that they meet all requirements. Educators
also can help students present themselves in the best possible
way by highlighting achievements, experiences and honors that
differentiate them from the pack.
What motivated you to become a fraud examiner?
During my years as director of corporate internal audit, I came
across inappropriate actions by individuals in various parts of
our global operations. Finding this was a shock because you
just dont start into an audit project expecting to uncover
fraud. Over time, in discussions with other audit professionals,
there was growing concern about fraud and the risks that came
with it. More and more forums about it became part of auditor
meetings to allow a sharing of experiences, and these provided
some education about how to deal with it. The subject matter
really intrigued me, and the interest grew to the point where I
just decided that I wanted to learn as much as possible and then
help others either through education or by helping them deal
directly with these very trying, difcult situations. More to the
point, I hate to see the bad guys win.
Your ACFE number is 300; youve been a member since
1989. Why did you decide to become a member and then a
CFE? What do you enjoy the most about the ACFE?
Prior to the ACFE, there was no authority to specically address
these issues for professionals. When the ACFE began in 1988, I
saw some literature about this new organization. So I contacted
ACFE News
R. Cameron McFadyen, CFE
January/February 2012 63
tacted the Austin headquarters to ask some questions and learn
what I could. I remember sitting in my ofce a few days later
and receiving a call from [now ACFE President and CEO] Jim
Ratley asking if I needed additional information. We had a very
nice conversation during which he said he hoped that with my
accounting background, combined with the interest I expressed
in fraud issues, I would seriously consider membership. And as
they say, that was that!
(Thanks to Lupe DeLeon, ACFE membership coordinator,
for assistance with this interview. ed.)
CFE TAKES THE BLOWS AND GETS BACK UP IN WIPEOUT
Wilson Kennedy holds two distinctions as a City of San Diego
employee: He is the rst to become a CFE and the rst to be a
contestant on ABCs summer Wipeout obstacle course TV
Wilson Kennedy, CFE, swings with gusto during the trials of a
summer Wipeout TV show.
Visit ACFE.com/AutoDues to enroll today.
Automatic Dues Renewal Service
Cost effective. Time saving. Convenient.
The key to saving time and money on your ACFE dues
Receive a 10% discount on your dues
each year you are enrolled in the service.
Get $75 off a live ACFE training event.*
Environmentally friendly - paper state-
ments and postage are eliminated.
Your dues are automatically paid
each year no need to write a
check or pay online.
No interruption of member benets
and services.
*Offer expires December 31, 2012. ACFE webinars, online learning and one-day seminars are excluded.
C fff ii TTii i C i CCCCCCCCCCooooooooosssssssssttttttttt eeeeeeeeeeffffffffffffffffffffeeeeeeeeeeeeccccccccccccctttttttttttttiiiiiiiiivvvvvvvvvveeeeeeeee TTTTTTTTTTTiiiiiiiiiimmmmmmmmmeeeeeeeeee sssssssssssaaaaaaaaaaavvvvvvvvvviiiiiiinnnnnnnnnggggggggggg CCCCCCCCCooooooooonnnnnnnnvvvvvvvvveeeeeeeennnnnnnniiiiiieeeeeeeeennnnnnntttttttttttttt.... Cost effective. Time saving. Convenient Cost effective. Time saving. Convenientt. t.
64 Fraud-Magazine.com
show. The credential has helped his career, and the program has
tested his resolve.
I wanted the opportunity to experience the worlds most
entertaining and challenging obstacle course while appearing
on prime-time TV, said Kennedy, the supervising management
analyst for the San Diego Public Utilities Department.
You have probably seen this wildly popular show when
channel surng: Contestants move through a course of twirl-
ing and thrusting padded plastic wheels, giant balls, platforms
and mazes as they are shot with water cannons, pummeled with
exploding airbags and often ungracefully y into pools of water.
From my couch, being on the show looked like it would be
fun, exciting and easy, Kennedy said. After all he was young,
had played college and semi-pro football and was still relatively
t. It was one of the most physically exhausting things I have
ever done in my life!
He auditioned in four casting calls over 1 years, but he
was ready when he got the call. More than 75,000 applied for
season four, and he nally was in the 1 percent that made the
cut. Now ironically nicknamed Sewer Rat by the shows pro-
ducers he is a self-described germophobe who helps secure
funding for San Diegos water and wastewater projects he
worked out frenetically for three months before the shows tap-
ing in May of last year. He ran, biked, swam, jumped rope and
lifted weights. Still, after completing the qualifying run, it must
have taken almost an hour before my heavy breathing stopped!
During the taped competition, Kennedy fought his way to
the top six of 24 contestants in the seminals, but he just missed
the nal push for the $50,000 prize.
Throughout the ordeal, his family, friends and co-workers
cheered him on. Many of them, including members of his
churchs youth ministry, gathered at a pizza parlor to watch the
show last summer. He had told the church kids during his audi-
tions that he would buy a at-screen TV, an Xbox and a Wipeout
video game for each of the three youth classrooms if he won.
Although I didnt win, I didnt have the heart to not get
them anything after they had been looking forward to celebrat-
ing with me for almost two years, Kennedy said. So at the end
of the viewing party he presented all those fun items for one of
the three classrooms. Then daughter Zaria, 11, Kennedys big-
gest fan, led her Pop Warner cheerleading squad in a cheer.
He is not ready to retire from the punishment. He wants
to appear on future all-star shows with other contestants who
also did not quite make it to the nals. Kennedy denitely is
not wiped out.
Dick Carozza
ACFE News
Major Karl J. Flusche, CFE,
USAF, Ret., passed away on
Nov. 16. He was director
and manager of all elec-
tronic evidence collection
activities for Fios Inc.
ACFE President and
CEO James D. Ratley, CFE,
said, Karl was a true profes-
sional. He personied what
we wanted in a CFE.
Flusche was a federal
agent for the Air Force Of-
ce of Special Investigations
for 25 years, specializing in
computer systems analysis,
computer crime investiga-
tions and forensic analysis of computer systems and associated
storage media. He pioneered innovative ways for conducting
forensic analysis of computer-related evidence and was credited
in 1984 with nding the rst-ever use of a computer to hide a
suicide letter. In U.S. vs. Peri (1989), he was able to successfully
recover hundreds of electronically stored pages of classied war
plans that a defecting U.S. soldier had passed on to the East
German Intelligence Service via electronic media the rst
computer spy case in U.S. history.
His father, Don Flusche, was a sergeant with the Dallas Po-
lice Department when Ratley was a police ofcer with the force.
Ratley said Don Flusche had a profound inuence on him. Don
was the nest man I have ever known, and Karl was a chip off
the old block, said Ratley.
Karl Flusche is survived by his wife, Cindy; a son, Karl Jr.;
and a daughter, Lorrie. He enjoyed spending time with their
three grandchildren, and he loved family genealogy, and stamp
and coin collecting.
In Memoriam
Karl was a true professional. He personied what
we wanted in a CFE.
Karl J. Flusche, CFE
January/February 2012 65
Last summer, the General Forum in the Members Only discus-
sion forums on ACFE.com contained a long conversational
stream on whether CFEs need private investigator licenses to
conduct fraud examinations. The consensus among the discus-
sants was a clear maybe. This unequivocal consensus was
based on the private investigator licensing laws and regulations
applicable in the relevant jurisdictions.
Most licensing laws dene the activities that constitute
private investigative work and state that only licensed persons
can engage in those activities. In the U.S., for example, private
investigator licensing is controlled by each state, and 42 states
and the District of Columbia have licensing requirements for
private investigators. (Alabama, Alaska, Colorado, Idaho,
Mississippi, South Dakota and Wyoming do not have statewide
licensing requirements.)
Basically, in most jurisdictions, the question as to whether
an individual must be licensed as a private investigator depends
on whether the individual engages in private investigative
work. And perhaps the most relevant factors in determining
this are how the relevant jurisdictions dene private inves-
tigative work

(or some variation of this term, such as private
detective business or private investigation service) and if the in-
dividual is an employee of an entity or is independent. (Check
out the thread PI Licensure in the General Forum.)
WHAT CONSTITUTES PRIVATE INVESTIGATIVE WORK?
The denition of private investigative work can vary from state to
state, but generally, private investigative work involves engaging
in the business to, or accepting employment to, obtain or furnish
information with reference to any number of matters, including:
Crime, criminals or rleated information.
The identity, habits, conduct, business, occupation, honesty,
integrity, credibility, knowledge, trustworthiness, efciency,
loyalty, activity, movement, whereabouts, afliations,
associations, transactions, acts, reputation, or character
of any person.
The cause or responsibility for res, libels, losses, accidents, or
damage or injury to persons or to property.
Evidence to be used before a court, board, ofcer or investiga-
tive committee.
Detecting the presence of electronic eavesdropping devices.
The truth or falsity of a statement or representation.
1

The above language, which is typical of some state laws,
is quite broad, meaning that it could encompass almost any
investigative profession, including the anti-fraud profession.
The general frameworks of state private investigation statutes,
however, regulate only those who are holding themselves out as
private investigators or conducting a business to perform those
functions. Indeed, these statutes typically exclude those em-
ployed exclusively and regularly by only one employer insofar as
their acts relate solely to the business of that employer.
DOES CONDUCTING A FRAUD EXAMINATION
CONSTITUTE PRIVATE INVESTIGATIVE WORK?
According to the ACFEs 2010 Fraud Examiners Manual, a
fraud examination is a methodology for resolving fraud allega-
tions from inception to disposition. More specically, fraud
examination involves obtaining evidence and taking state-
ments, writing reports, testifying to ndings, and assisting in the
detection and prevention of fraud.
Investigative work is one of many components in a fraud
examination, but it does not include the fraud prevention com-
ponent. That is, fraud examination involves activities outside
the scope of traditional types of investigative work.
While some types of private investigative work may be
limited to reviewing data and evidence for signs of wrongdoing,
most are much more detailed. They require routine investiga-
tive tasks, such as interviewing victims, witnesses and suspects,
and taking their statements. Typically, the private investigator
collects evidence and maintains a chain of that evidence so that
a court of law will not dismiss it. The private investigator writes
detailed reports indicating the chain of events and often testies
in court about that material.
Independent CFEs Need to Check Their
Jurisdictions on PI Licensure Laws
By James S. Peet, Ph.D., CFE
66 Fraud-Magazine.com
If a fraud examiner engages in the typical activities
of investigative work, a private investigators license
might be required. This is because many jurisdictions
have laws that dene investigative work broadly to
include the activities involved in fraud examinations.
Thus, if a CFE conducts fraud examinations or investi-
gations (separate, but similar activities), then this falls
under the purview of investigative work. It does not
matter if the investigations are of a criminal nature
or not; what matters is that the licensing jurisdiction
views them as investigative work.
But even if you engage in investigative work, it is
not denite that you are required to obtain a private
investigator license. Again, these statutes generally leave
free of regulation those employees acting on behalf of
their employers.
You likely will need a private investigators license
if you are an independent CFE (not a paid employee of a
corporation, organization, agency or any other entity).
An example of how an independent CFE could be
involved in investigative work is when a prospective cli-
ent contacts him or her about a possible case of occupa-
tional fraud. If the CFE speaks with the client, obtains
some cursory evidence that points to a particular employee, and
then decides to interview the employee and his co-workers, this
is the beginning of a formal investigation. If the CFE completes
the interviews, takes statements and collects further evidence,
he or she is now well into an investigation, which may lead to
the employees termination and possible arrest. And the CFE
may then testify in court.
In short, if you are paid as an independent CFE (not
employed by an entity) to investigate a crime, you interview
people, and you collect evidence, which may be used before a
court, you will likely be required to obtain a PI license.
Dr. Joseph T. Wells, CFE, CPA, founder and chairman of
the ACFE Board of Directors expresses his own opinion suc-
cinctly. If there is any chance at all that a state licensing board
could view you as holding out as an investigator, do yourself
a favor and get licensed, Wells said. Many of these state
boards are self-funding and actively look for anyone that can
be construed to be unlicensed because it adds to their coffers.
Moreover, if courts or opposing counsel can brand you as an un-
licensed investigator, your case will likely suffer severe damage.
FINER POINTS
Public employees conducting investigations on behalf of their
governmental organizations are exempt from state private
investigator licensing laws as long as the investigations are in
the performance of their ofcial duties.
Most CPAs are also exempt, as long as the work they do for
their clients does not extend beyond the services traditionally
offered by CPAs and into activities within the scope of tradi-
tional investigative work. In many jurisdictions, once someone
leaves straight accounting and begins forensic accounting, a PI
license may be required. This is most often the case when some-
one begins interviewing victims, witnesses and suspects. The
person is no longer just reviewing data or evidence but is con-
ducting a private investigation, as determined by law. Although
some CPA activities could fall within the broad denitions in
state private investigator licensing laws, the AICPA maintains
that CPAs should be exempt from state private investiga-
tor licensing laws.
2
Regardless of what the AICPA maintains,
though, jurisditional laws always take precedence.
Lawyers are also usually exempt from PI license require-
ments if they are acting in their capacities as attorneys. For
example, Nevada provides that [e]xcept as to polygraphic
examiners and interns, this chapter does not apply [t]o an at-
torney at law in performing his duties as such. Nev. Rev. Stat.
section 648.018.
If a lawyer decides to help another lawyer investigate
fraud who is not in his or her rm, then the exception might
ACFE News
Private Investigator Licensing in Canada and the United States
PI License Required:
Yes No
Note: Hawaii, Puerto Rico and the
District of Columbia require PI licenses,
but Guam and the U.S. Virgin Islands do not.
January/February 2012 67
not apply and that lawyer might need
a PI license.
As mentioned, those conducting
internal audits/investigations for corpo-
rations that employ them are generally
exempt from state private investigator
licensing laws. (These CFEs are usually
internal auditors or internal investiga-
tors.) A couple of jurisdictional excep-
tions mostly in Canada require
corporate CFEs to obtain PI licenses,
but this is not the norm.
What if you do not conduct actual
investigations but work as a consultant
to develop fraud prevention programs
or review materials for others, such as
law enforcement agencies or law rms?
There is a ne line between consult-
ing, reviewing and investigating, so you
should check with your licensing juris-
diction. Most jurisdictions do not require
a license if you are only a consultant and
do not engage in investigative work. Fur-
thermore, if you are a forensic accoun-
tant (one who reviews and analyzes data
for purposes of litigation but does not
collect data or interview individuals) or
a computer forensic consultant, you may
be exempt from licensing. Most state
laws are unclear on this matter. A few
states, such as Texas, specically require
computer forensic professionals to be
licensed as private investigators.
CROSSING JURISDICTIONAL BOUNDARIES
To throw yet another monkey wrench
into the gears, what if your work takes
you over jurisdiction lines? Some states
or countries do not have reciproc-
ity agreements with other states or
countries. A CFE may be legal in one
jurisdiction but not in another. Other
places grant reciprocity to PIs up to 30
days to investigate cases originating in
their home jurisdictions.
2012 Fraud Examiners Manual
NOW AVAILABLE
The essential resource for anti-fraud professionals
has been updated with even more information valuable to fraud
ghters worldwide. Stay up-to-date with latest changes in laws,
statistics, fraud examination techniques, methodology and
procedures with the new 2012 Fraud Examiners Manual. Because
no other works provides such a comprehensive guide for the
anti-fraud professional, every fraud ghter should keep a copy in
their library.
Important updates for 2012 include:
New chapter on Fraud Risk Management
New chapter on Corporate Governance
New coverage of the whistle-blower provisions of the Dodd-Frank Act
Updated Computer and Internet Fraud chapter, including expanded
material on:
Methods fraudsters use to gain unauthorized access to
computer systems
Data manipulation and data destruction, including a discus-
sion on some of the common methods used to destroy and
manipulate data
Ways organizations can prevent unauthorized access to their
computer systems
Log management and analysis as a means to detect unauthorized
access to computer systems
Conducting investigations regarding computer crimes, including
a new eight-step plan for responding to such issues
U.S. Edition Now Available. International Editions Coming Soon.
Visit ACFE.com/Shop to order your copy today
68 Fraud-Magazine.com
KEEP IT LEGAL
If you are an independent CFE, check with your jurisdictions
licensing agency and get its response in writing. Better to be
on the safe side than to have your credibility destroyed in court
because you were not legal.
Useful resources for checking out U.S. private investigator
licensing is the CrimeTime.com website linking all the states
licensing agencies, http://tinyurl.com/kqp6uj, and Michael
Kesslers website on forensic accounting licensing,
http://tinyurl.com/86q7z3s.
See the map on page 66 for those states and provinces in
North America that require PI licenses.
James S. Peet, Ph.D., CFE, is an instructor at Highline
Community College in Des Moines, Wash., and principal manager
at Peet & Associates LLC in Enumclaw, Wash. He is also a licensed
Washington State private investigator. His email address is:
jpeet@peetassociates.com.
1
This denition was taken from the Revised Code of (the state of )
Washington 18.165.10, the law regulating Private Investigators. Some
state statutes contain language that is more vague and open-ended. For
example under Nebraksas statute (Neb. Rev. Stat. 71-3201), a private
investigator is one who engages in the secret service or private policing
business, which shall mean and include: general investigative work,
non-uniformed security services, surveillance services, location of miss-
ing persons and background checks.
2
American Institute of CPAs. (2011). Digest of State Issues: For the CPA
Accounting Profession 2011. Retrieved from http://tinyurl.com/89bkarb.
ACFE Asia-Pacic
Conference a Hit
The rst-ever ACFE Asia-Pacic Conference held Oct. 23-25
in Singapore was a great success, with more than 200 attendees.
Speaker highlights included Aedit Bin Abdullah,
chief prosecutor of both the Criminal Justice Division and the
Attorney-Generals Chambers in Singapore; ACFE President
and CEO James D. Ratley, CFE; and Mark Steward, executive
director, Enforcement Division, of the Securities and Futures
Commission of Hong Kong. Attendees participated in educa-
tional workshops and lively panel discussions covering such
topics as anti-bribery efforts and corruption enforcement.
The ACFE Asia Pacic Fraud Conference in Singapore
was a real eye opener for me, said Kevin Taparauskas, CFE,
ACFEs director of events and marketing, who also attended.
I knew that the ACFE had loyal members in the region. But I
was extremely impressed with the enthusiasm of our attendees
and dedication to truly growing the profession that I witnessed.
I now understand why this has been our fastest-growing region
in the world for the last several years.
For our part, the ACFE intends to fully support and help
facilitate ongoing growth in the Asia Pacic, he continued.
I announced at the conclusion of the conference that the
ACFE would be holding our rst CFE Exam Review Course
in the area March 26-29, 2012. In addition, we are working
on a regional call center, based in Singapore, that will greatly
improve support all of our members in the Asia-Pacic region
and beyond.
ACFE News
Photos by Patrick Ong
January/February 2012 69
the name of the student; up came 25
individuals with the same name, along
with their proles. I contacted the
student and asked him for an explana-
tion. He said he never contacted me via
LinkedIn, but he had used his Gmail
account to email me throughout the
course. The only explanation I have is
that the hacker stole his Gmail account
from the LinkedIn website and used it
to capture a contact list, which included
my email address.
The fth suspect email included
a message, with an embedded link,
that read, Your LinkedIn account was
blocked due to inactivity. Please follow
this link to learn more. Thank you for
using LinkedIn! The LinkedIn Team.
I do not have a LinkedIn account,
so I can only assume it was another
fraudsters attempt to install the ZenuS
malware on my computer. If you receive
a similar message, do not click on the
embedded link. If you know the indi-
vidual, contact that person to see if he
or she sent it, and if they did not, alert
LinkedIn. I am sure that LinkedIn is
doing an excellent job trying to prevent
this type of fraud. However, its website is
a gold mine of personal information for
fraudsters to exploit with their schemes.
MORE FOR THE COMMUNITY
To help prevent identity theft, share
these scams with your friends, family and
colleagues. Contact me if you have any
identity theft issues that I might be able to
research and report back. Stay tuned!
Robert E. Holtfreter, Ph.D., CFE,
CICA, is distinguished professor of ac-
counting and research at Central Washing-
ton University in Ellensburg, Wash. His
email address is: holtfret@cwu.edu.
TAKING BACK THE ID
cont. from page 57
Order your course today at ACFE.com/compliance.
CPE Credit: 4
Course Level: Intermediate
Prerequisite: None
FCPA Compliance:
Creating an Effective Anti-Corruption
Compliance
Program
FCPA Compliance:
Creating an Effective Anti-Corruption
Compliance
Program
NEW! ONLINE SELF-STUDY
Since its enactment, the FCPA has had an enormous impact
on the way organizations around the world conduct business
domestically and abroad. As a result, it is important for you
and your company to understand the intricate and interlocking
network of criminal and civil laws designed to combat
transnational bribery.
FCPA Compliance provides relevant information on the current
legal and regulatory framework of the governments efforts to
combat bribery in international trade. More specically, this
course provides an overview of the FCPA and other international
anti-corruption initiatives, advises how companies can establish
compliance programs to detect and minimize violations of law
and examines bribery risk assessments.
What you will learn:
The principal components of the FCPA
14 essential elements of an effective compliance
program
Creating an FCPA Risk Assessment
The 7 core risk factors of FCPA
CPE QUIZ No. 100 (Vol. 27, No. 1)
Circle the correct answers and mail to the ACFE with four other completed quizzes
published within the last 24 months and the CPE Quiz Payment Form (see next page).
Name
ACFE Member No.
1. According to the opening case in the article, Fraud in Houses
of Worship, the perpetrator:
a. Was a former youth minister.
b. Had been defrauding the 2,000-member church for 36
months.
c. Was in nancial trouble.
d. Admitted everything in a teary confession.
2. According to the opening case in the article, Fraud in Houses
of Worship, the perpetrator had been defrauding the church by:
a. Writing herself duplicate paychecks.
b. Stealing cash from donation deposits.
c. Taking out credit card accounts in the church name.
d. All of the above.

3. According to the KU ticket scandal case in the article, Fraud in
Collegiate Athletics:
a. Ticket sales amounted to more than $2.5 million at face
value and could range as high as $3.7 million in market
value.
b. Athletic department members did not improperly use or resell
complimentary tickets reserved only for charitable organizations.
c. Evidence suggested that several coaches were involved in the
schemes.
d. The culprits concealed these thefts by simply charging tickets
to ctitious accounts and not recording the ultimate recipients.
4. According to the article, Fraud in Collegiate Athletics:
a. Part of the difculty in dealing with ticket sale frauds in
college athletics is that the sheer volume of money invites theft.
b. The U.S. Equity in Athletics Disclosure Act requires colleges to
le annual reports with the U.S. Department of Intercollegiate
Sports.
c. Frequently, two individuals control the daily nancial
management of an athletic department.
d. Winning often contributes to sound nancial management.
5. According to the article, The 10 Tell-Tale Signs of Deception,
linguistic text analysis involves studying the language, grammar
and syntax a subject used to describe an event to detect any
anomalies.
a. True.
b. False.
6. According to the article, The 10 Tell-Tale Signs of Deception:
a. Deceptive people often use language that maximizes
references to themselves.
b. In oral statements and informal written statements, deceptive
witnesses never omit self-referencing pronouns.
c. Truthful people usually describe historical events in the past tense.
d. Deceptive people never refer to past events as if the events
were occurring in the present.
7. According to the article, Overachieving Fraud Wolves in
Sheeps Clothing, the author in the case:
a. Was an in-house consultant.
b. Zeroed in on the accused employees because the tipster had
provided specic details of the alleged fraud conduct.
c. Expanded the investigation to several previous months and
increased the sampling of calls and accounts.
d. After reviewing consumer complaints, he found questionable
conduct.
8. According to the article, Overachieving Fraud Wolves in
Sheeps Clothing, CFEs are trained to focus their sights on the
business resources, processes, procedures, employee activities
and personnel to detect the potential for, and existence of, the
fraud triangle factors.
a. True.
b. False.
9. According to the article, Breaking Breach Secrecy, Part 3:
a. Organizations and individuals who do a horrible job
protecting personal data, of course, create conditions that
lead to the majority of data breaches.
b. The PRCH describes itself as a for-prot consumer education
and advocacy project.
c. The PRCH denes unintended disclosure as electronic entry
by an outside party.
d. For the past seven years, the Verizon Business Risk Team has
prepared the Data Breach Summary Research Report.
10. According to the Holtfreter/Harrington Data Breach Analysis
Report, described in the article, Breaking Breach Secrecy, Part 3:
a. Few individuals believe that the majority of compromised
records and related breaches are externally driven.
b. Internal hackers caused more of the compromised records.
c. The results strongly indicate that the organizations
experiencing these data breaches lack strong comprehensive
data protection programs.
d. Thirty-eight percent of the total breaches result from the
internal improper protection and disposal of data.
Fraud Magazine CPE Quiz Payment Form
READ the feature articles and columns in any ve issues of Fraud
Magazine published within the last 24 months.
CIRCLE the correct answers to the quizzes in the back of the issues.
REGISTER by completing the form below and mailing or faxing in your $69
fee and ve quizzes together.
1
2
3
3
EASY
STEPS:
PLEASE NOTE: The Fraud Magazine CPE Service CPE credits apply only
to the CFE status and not to any other professional designations. Fraud
Magazine CPE Service is not registered with the National Association of
State Board of Accountancy (NASBA).
Once youve passed all ve quizzes (with a score of 70% or better on each quiz), the ACFE will e-mail you a certicate
of completion. You will receive 10 of the 20 hours of CPE credit required annually to maintain your CFE credential.
YES! I want to register for the Fraud Magazine CPE Service to earn 10 hours of CPE for only $69. I have enclosed
payment along with my ve quizzes.
Name, rst and last ( Dr. Mr. Mrs. Ms.) Certied Fraud Examiner? Yes (if yes, member #) No Other designations (CPA, etc.)
Company Title
Home Work Address
City State/Province Zip/Postal Code Country
Phone number ( Home Work) Fax number ( Home Work)
Local Chapter E-Mail Address ( Home Work) Send me your FREE FraudInfo e-newsletter
METHOD OF PAYMENT
Charge my (check one). Cards charged in U.S. dollars. Name on Card Card Number
Expiration Date (month/year) V-Code (on back / front of AMEX)
Billing Address
City State Zip/Postal Code Country
Signature
Check or money order enclosed (made payable to the Association of Certied Fraud Examiners).
ASSOCIATION OF CERTIFIED FRAUD EXAMINERS
vorld Headquarlers The Cregor Building 7!6 vesl Ave Auslin, TX 7370!-2727 USA
|300) 245-332! / ! |5!2) 473-9000 ! |5!2) 473-9297 Fraud-agazine.con nenberservices_ACFE.con
Download archived quizzes and this payment form at
Fraud-Magazine.com/CPE-Quiz-Archive.aspx.
FRAUD MAGAZINE CPE QUIZ PAYMENT FORM
January
sun mon tues wed thurs fri sat
22 23 24 25 26 27 28
February
29 30 31 1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
March
26 27 28 29 1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Legal Elements
of Fraud
Examination:
Charlotte, NC
Conducting Internal Investigations:
Charlotte, NC
Fraud Related
Compliance:
Louisville, KY
Healthcare Fraud:
Louisville, KY
Data Analytics:
New York, NY
Investigating on the Internet:
New York, NY
Fraud
Prevention:
Baltimore, MD
Money Laundering: Tracing Illicit
Funds: Baltimore, MD
Interviewing Techniques for Auditors:
Ft. Lauderdale, FL
2012 ACFE European Fraud Conference: London
Introduction to Digital Forensics:
New Orleans, LA
Investigating
Conicts of
Interest:
Los Angeles, CA
Fraud Risk Management:
Los Angeles, CA
CFE Exam Review: Dallas, TX
Contract & Procurement Fraud:
Phoenix, AZ
ACFE Calendar of Events
For information or to register, visit ACFE.com/Training
April
15 16 17 18 19 25 21
22 23 24 25 26 27 28
May
29 30 1 2 3 4 5
6 7 8 9 10 11 12
June
17 18 19 20 21 22 23
July
22 23 24 25 26 27 28
August
5 6 7 8 9 10 11
12 13 14 15 16 17 19
26 27 28 29 30 31 1
Mortgage Fraud:
San Diego, CA
Early Registration
Savings
Find the events that you
want to attend. Register
and pay before the
Early Registration Dead-
line listed for the event
(generally one month
before event start date)
and SAVE $95 or more
off of the regular price
for the event.
Combo Event Savings
Register to attend two
events being held
consecutively in select
cities and receive $100
in savings! Combo
events are designated
with this icon:
Group Savings
Select the event that
best suits the learning
needs of your group.
Gather a team of at
least three or more
individuals to register
together. Call the ACFE
at (800) 245-3321 or
+1 (512) 478-9000 to
determine your savings.
Three ways
to save!
*Location and/or topic are subject to change.
Financial Statement Fraud:
Columbia, SC
Principles of Fraud Examination:
Austin, TX
CFE Exam Review Course: Las Vegas, NV
Digital Forensics Tools & Techniques:
Chicago, IL
Professional Interviewing Skills:
Providence, RI
23rd Annual Fraud Conference & Exhibition: Orlando, FL
Interviewing Techniques for Auditors:
Denver, CO
CFE Exam Review Course: Chicago, IL
Fraud Related
Compliance:
New York, NY
Auditing for Internal Fraud:
New York, NY
Professional Interviewing Skills:
San Francisco, CA
Fraud Risk Management:
Philadelphia, PA
CFE Exam Review Course: Boston, MA
Scan the QR code* with your mobile device to view a brief customer
video or visit sas.com/bankfraud for the complete success story video.
Stamp out fraud.
With SAS

Analytics, you can score millions of transactions a day in real time to detect fraud faster, reduce
risk, streamline investigations and prevent losses. Decide with confdence.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. 2011 SAS Institute Inc. All rights reserved. S76016US.0711
*Requires reader app to be installed on your mobile device
ANALYTICS