Forensic Accounting and Fraud Investigation

The concept of Forensic Accounting (never mind a fraud investigation) can be tricky if you've never heard of it before. 

We explained on our "What is Forensic Accounting?" page that there were actually many different "things" that an accountant in the forensic field could actually do. 

But fraud investigation is the original and best known area. 

And if you're already working in this field we make no apologies for the level of simplicity we're using here to explain what it's all about.

Most people trying to find out information in this field usually get bamboozled with flowery jargon and big words.

Hopefully we're going to avoid that and give you the following:

  • An example of a simple fraud
  • Explain the concepts of Prevent and Detection Controls
  • Why Controls Fail
  • Why Big Companies = Big Frauds

A Simple Fraud

Let's say you run a company. And you put your trust in your employee - Dave - to run the payroll for you every month. 

That means he has to pay all your employees their monthly salaries. 

You put some controls in place to make sure Dave is doing the right thing.  That could mean Dave supplying you with a sheet of paper showing you which employees are being paid and how much. You review it and sign at the bottom.

Dave then goes off and pays all these employees correctly.

But, unknown to you, he adds in an extra employee to be paid that you don't know about. 

Oh dear. 

And it turns about to be Dave paying himself extra wages. And he ends up doing this for years. 

And then one day Dave doesn't turn up to work and is now living on a beach in South America using his "extra" wages. Nice one Dave.

Prevention & Detection Controls

There's two ways a company could have stopped this happening. 

Welcome to the world of Prevention and Detection Controls. 

Big words but simple meanings. 

And collectively they are sometimes referred to as Internal Controls. 

Prevention Controls: had the company been smart enough they would have implemented controls to stop (i.e. prevent) Dave in the first place. For example, Dave prepares the list of people to be paid but someone else makes the payment. Or two people have to sign the payroll checks (or authorize on internet banking) before they are released. 

Detection Controls: these controls come in after the payroll has been paid. For example, someone different from Dave (i.e. you!) gets the bank statements the following day and you check that the amount that's left the bank account ties back to the sheet of paper that you signed the previous day. 

Hopefully you notice that the two amounts are different and you immediately investigate what's happened. 

That way, you may not have prevented Dave's bad behaviour but you certainly would have detected it very quickly.

Why Controls Fail?

So, if you could have stopped the fraud happening in the first place (or at least limited it) then why do frauds by the truckload continue to happen?

You can design as many controls as you feel like, but if you forgot to stick with them then you have what are known as "control breakdowns"

The main reason is the human factor. 

Or if we weren't being as nice - people are lazy, forgetful, too busy, didn't understand what was needed of them. Whatever the reason - the controls fail. 

And in the worst case - fraud - someone deliberately ignores the control.

Big Companies = Big Frauds

Now, take our simple example and then think about a huge multi-national company with numerous processes around how their cash is spent and collected - which could be payroll, invoicing clients, stock control and operating expenses. 

Imagine the sheer number of controls that need to be implemented to make sure that all the cash paid out or received is accurate and properly accounted for. 

These controls will be a combination of complex computer systems and lots of people. And they can breakdown either unintentionally (system bugs, genuine human error).

Or a person (or a group of persons) can get together and maliciously set out to commit a fraud. That's called collusion.

And if they get away with it....then the numbers can be massive.

So, what is Forensic Accounting?

We're hoping you now have a better understanding of how frauds can be committed in any size of company and the importance of controls. 

And we're now also hoping that our definition of Forensic Accounting will make more sense to you.

Forensic Accountants are usually called in after a fraud has already been committed.

The internal controls have failed. Money has been lost. Particularly in large companies it may not be clear (or they may not have a clue!) what happened. 

The company needs to find out.

And that's when they call in the accountants, the lawyers, the police and other government organisations if things get really nasty.

And the role of the Forensic Accountants is to:

  • Investigate and gather evidence. Interview staff

  • Analyse that information. Review the controls and how they failed. Query the data systems

  • Work with the lawyers, police and anyone else who's involved from outside the company

  • Document their findings in a clear and concise format which is delivered to the Company
  • Prepare further reports/documents that will be used by the Company to launch a legal case against the fraudulent employees.

  • Appear in court to explain the investigation work that they've carried out and the conclusions they reached

In summary, they find out how the fraud happened, who did it, when did they do it, and how much money has been stolen.