Bradley Preber, CPA/CFF, CGMA, likes to invoke the initials C-S-I when describing the ideal approach to investigating a possible case of financial fraud. A partner with Grant Thornton LLP based in Phoenix, Preber sees clear parallels between a CPA’s work in a fraud investigation and the work processes and procedures depicted in the former television series CSI: Crime Scene Investigation.
“On CSI, you can tell what happened by looking at the facts surrounding the body and the crime scene,” he said. “We do the same thing but with numbers—looking at the accounting books and records.”
Preber and co-presenter Steven Richards, CPA, senior managing director of Washington, D.C.-based Ankura, shared approaches to fraud investigations in a session Monday at the AICPA’s Forensic and Valuation Services Conference in Las Vegas, which happens to be where the original CSI series was set.
Fraud is a huge problem for businesses worldwide. The Association of Certified Fraud Examiners’ 2016 Report to the Nations on Occupational Fraud and Abuse examined more than 2,410 cases of fraud in 114 countries. The cumulative losses for those cases was more than $6.3 billion, with almost one-fourth of the frauds resulting in losses of $1 million or more. The median loss was $150,000, an amount that could sink a smaller business.
With so much at stake, it’s understandable that CPAs called in to investigate potential fraud would want to focus on stopping and catching the perpetrator. That approach, however, is the wrong one in many cases, Preber said.
“An automatic inclination, especially for inexperienced fraud investigators, is to catch someone committing a crime and punish them,” Preber said. “This may seem counterintuitive, but you’re actually going into the situation to determine what the facts are and see if those facts bear out any sort of criminal activity. We are seeking the truth.”
If the facts do indicate criminal activity, then CPAs and organizations should pursue the culprit with three characteristics in mind: opportunity, pressure, and rationalization, said Preber, describing a common fraudster mindset as “‘I can do it, I need to do it, and whom am I harming?’”
Perpetrators are often in a dire financial situation or have an insatiable desire to get rich quickly. The opportunity then presents itself, often in the form of poor controls, or as Richards put it, “Someone isn’t minding the cookie jar.”
But, of course, the ideal is to prevent this from happening, which is why CPAs need to move quickly to make sure evidence isn’t compromised.
Fraudsters also are adept at rationalizing that their activities are a victimless crime. While they understand that fraud hurts people financially, fraudsters treat the crime as an impersonal matter. “The victim is the empty seat at the table: the investor,” Richards said. “It’s not a violent crime where the victim is right in front of you.”
Want to avoid scams? Do your homework
Cyberattacks represent a growing—and dangerous—channel for fraud. Cyberfraud can be perpetrated any number of ways, from email phishing scams that seek out bank account or personal financial information (including account passwords) to criminals posing as a co-worker or friend asking for money to be transferred to a bank account. In the latter scenario, fraudsters will use the legitimate email address of a person in the text of the email. The common denominator is that people will either hide their identities or pose as someone else.
One of the most nefarious examples came in April, when a Lithuanian man, posing as a vendor, conned two companies out of more than $100 million. Proving that no one is immune to such fraud, those companies just happened to be Facebook and Google. (Nearly all of the money was eventually recovered, and the perpetrator was charged with wire fraud.)
It’s important for CPAs to know what these schemes look like and keep abreast of the news. “These days, people more clearly understand the need to be ready for a cybersecurity breach,” Preber said. “It’s about being prepared.”
Then there are those frauds in which people sell something that isn’t theirs to trusting individuals. Richards, who worked as an investigator on the case of Bernie Madoff’s $65 billion Ponzi scheme, said investors lured by charismatic fraudsters suffer from what he called “unconscious bias.”
“They want to believe that they’re getting a deal and that other people have their best interests at heart,” he said. “But the regulatory framework that has developed over the last 80 years is ‘buyer beware.’ It’s about providing information to the investor, and if they choose to make that investment, that’s up to them—as long as they’re not misled.”
For CPAs, Richards suggested that they exercise their fiduciary duty with a stockbroker or investment adviser and “evaluate what they say objectively. Ask questions, do your diligence, and make sure the numbers add up. If you do these things, even a sophisticated fraud will be harder to perpetrate.”
Prevention is the best medicine
Organizations that hire a CPA to investigate possible fraud need to have a clear idea of what they hope the engagement will accomplish.
“Most of the time when I begin an investigation, I sit down with the key stakeholders—anyone from the CEO to the general counsel to the chief audit executive—and ask, ‘When we complete the investigation, what do you consider success?’” Preber said. “You’d be surprised how hard it is to answer that. I define it as finding nothing.”
That’s right, nothing. As in, the examination found no evidence of financial losses from fraud.
And the best way to end up with nothing (the good kind) is to do something, everything to be prepared for a fraud investigation. Recognize that the fraudster in your midst will move quickly—so you must be prepared to move quicker. “With anyone who thinks they’re a suspect accused of a bad act, their immediate response is to destroy the evidence, wipe down their hard drives, or shred documents,” Preber said. “You need to preserve that—to confiscate a laptop right away, for example—and use it to your benefit.”
Still, many financial leaders who should know better may still get caught off guard. “As common sense as all that sounds, it’s like going to the dentist on a preventive basis,” Preber noted. “People don’t do it because they don’t want to go through the pain. It sounds great and you know you should do it, but it’s distasteful most of the time and you put that off.”
—Lou Carlozo is a freelance writer based in Chicago. To comment on this article or to suggest an idea for another article, contact Jeff Drew, a JofA senior editor, at Jeff.Drew@aicpa-cima.com or 919-402-4056.