Fraud Patterns in Accounting Data
L. Clark and Gary D. Zeune
APRIL 2007 -
The AICPA’s 2002 release of Statement on Auditing Standards
(SAS) 99, Consideration of Fraud in a Financial Statement Audit,
has led auditors to adopt new, innovative approaches to analyzing
accounting data in order to detect errors and fraud. SAS 99 now
requires auditors to perform risk analysis, test journal entries,
and examine disaggregated data such as sales. An effective way to
search for fraud is to follow a four-step approach:
up a data set
for unusual patterns in the data, and perform tests.
way to explain this approach is to illustrate it with a case study.
The authors have developed spreadsheet tools to make users more
effective and efficient in detecting fraud during an audit.
Inc., is a successful local trucking business. FastWay owners
decided to expand into a regional carrier by building two new
terminals during 2006. During the planning session for the 2006
year-end audit, the auditors developed expectations for FastWay’s
operating results. They concluded that while the company has had
an adequate operating cash flow, it would require the use of either
debt or additional equity investment to finance expansion plans.
Given the auditors’ knowledge of FastWay, their expectations
for the 2006 year-end are as follows:
in sales with moderate increase in net income;
in fixed assets; and
in long-term debt and/or increase in capital stock.
2007, the auditors visited FastWay and were given a draft copy
of its 2006 financial statements. They were especially interested
in the relationships among fixed assets, long-term debt, and equity.
1 shows a graph of these accounts along with sales, total
assets, and net income.
expectations were not met after reviewing the financial statements.
The auditors did not understand how the additions to fixed assets
were financed: The increase in long-term debt did not appear sufficient
to finance the additions, especially given that equity remained
almost unchanged. They were also perplexed by the significant
increase in net income that resulted from such a small increase
in sales. Where did the funds come from to finance additional
assets? And, how did income increase significantly given the small
changes in sales and total assets?
decided to investigate the fixed assets and associated accounts.
The traditional approach when examining fixed assets is to start
with the aggregated numbers in the general ledger account and
trace back through the journals to the source documents (the “trace-back”
method). Tracing transactions backward through the system is an
acceptable and, in some cases, the most desirable way to test
a particular account. In the FastWay case, because actual results
deviated from the auditors’ expectations, they decided to
start with disaggregated data.
of starting with disaggregated data (individual entries) is that
normal entries will distract an auditor from finding abnormal
entries. The question becomes how one can work through the data
to find items of interest or potential fraud patterns. SAS 99
directs auditors to understand the difference between normal and
abnormal journal entries. Auditors should temporarily set aside
those normal, expected entries that might distract them from focusing
on the abnormal or unexpected. For FastWay, the auditors would
expect to see entries to fixed assets with related entries to
debt or cash if the company raised building funds through additional
issues of stock.
Technology for Analysis
must focus on small amounts of data that are part of a large,
sometimes enormous, database. To manage disaggregated or individual
transactions, it is helpful to follow these steps:
which subset of transactions to examine.
those specific transactions into a spreadsheet.
distractors from the subset of transactions.
- Put the
remaining transactions in a format that can help identify patterns.
general ledger systems allow the downloading of data into a spreadsheet
format. For some programs the process is as easy as clicking a
button, telling the system which transactions to extract, and
then opening the spreadsheet. Each commercial general ledger package
handles the downloading a little differently. The help menus in
the spreadsheet and general ledger package will describe the specific
steps necessary to download data into a spreadsheet.
data is captured, an auditor must remove the distractors. In the
case study, the auditors downloaded all of the transactions with
debits to fixed assets and their related credits to a spreadsheet.
2 shows a few sample transactions from that data set imported
into a Microsoft Excel spreadsheet. Examination reveals that some
of the increases to fixed assets have liability-related credits
(account 201 is a liability) and some have expense-related accounts
(on the chart of accounts, expenses start at 400). The auditors
assume that the purchases of fixed assets from debt represent
a normal entry. What is of interest in the FastWay case is why
there are debits to fixed assets and credits to expense accounts.
to be an unexpected pattern in the data. The auditors expected
to find debits to fixed assets and credits to a liability account,
so they filtered out those transactions for further audit procedures.
Spreadsheets have a feature for filtering a list of data. In Excel,
position the cursor within the list of data, then click on “Data”
from the taskbar and select “AutoFilter.”
3 shows how the auditors filtered the data. To filter out
those transactions with credits to liability account numbers (distractors),
click on the down arrow in the “ACCT Credit” column
and enter “is greater than 399” in the Custom AutoFilter
4 shows the filtered data.
first question was: “Why are there debits to fixed assets
and credits to expense accounts?” The answer requires digging
a little deeper; the auditors redefined their data search. They
downloaded all of FastWay’s entries related to fixed assets
and operating expense accounts 404, 405, and 406. Following the
same steps as above to remove any distractors, the auditors filtered
the data to produce Exhibit
5. The auditors were surprised to see related transactions
for additional expense accounts, 407, 408, and 409.
the first thing an auditor might notice from Exhibit
5 is that several entries have the same dollar amount. Is
there a pattern here? One spreadsheet tool for identifying patterns
is the pivot table. The auditors decided to reformat Exhibit
5 to see if a pattern emerges.
“Data” button on the Excel toolbar is a selection
for “Pivot Tables and Pivot Charts.” A pivot table
allows a user to look at data in a different view. One begins
by placing the cursor within the data list and clicking on “Data”
then “Pivot Tables” in the toolbar. Exhibit
6 shows the beginnings of a pivot table. Users simply drag
fields from the Pivot Table Field List box to the column and row
headings in the pivot table form.
7 shows the data transformed into a pivot table. There are
multiple journal entries with the same dollar amount. Closer investigation
reveals a developing pattern. Not only were FastWay’s fixed
assets debited for relatively small amounts, but these dollars
flowed through multiple expense accounts. It would not be unusual
during an audit to see journal entries that reclassify expenses
to fixed assets (or vice versa). What is unusual here is the flow
of the transactions through multiple accounts.
study is derived from one of the WorldCom frauds. Even though
WorldCom represented an $11 billion fraud, the exact same kinds
of techniques are used all the time in small companies (e.g.,
ZZZZ Best Carpet Cleaning). In this example, FastWay capitalized
expenses to improve earnings. To hide this fraud, the company
moved the transactions through multiple accounts to confuse the
Power of Tracing Forward
in the FastWay, Inc., case should examine each of the accounts
shown in the Pivot Table. Something looks amiss! Experienced auditors
might ask: “Can’t these abnormal entries be found
using the trace-back method?” Perhaps, but there are some
real advantages to the trace-forward method that can improve an
auditor’s ability to detect fraud.
advantage of the trace-forward method is the ability to selectively
set materiality thresholds based on particular accounts. A major
flaw of the trace-back method is that auditors set the materiality
level without knowing what the underlying data look like. Using
the trace-back method, auditors can decide on a materiality level
that might have been above the fraudulent entries in our example.
A common strategy for the successful fraudster is to not get greedy
and stay under the radar. That’s why it can be dangerous
for an auditor to tell a client what to do, or to have the client
prepare audit workpapers. The client knows what the auditor is
trace-forward method, auditors do not set materiality levels until
they have examined the underlying data for an account. As shown
7, the individual amounts are relatively small. What piqued
the auditors’ interest in the case study, however, was the
pattern that appears in the dataset. Assuming many more entries
than shown in the example, the auditor could then set a materiality
level to remove distractors, and focus only on the abnormal pattern.
reason for using the trace-forward method is to identify patterns
among different accounts. Starting with the debit entries to fixed
assets, the FastWay auditors noticed credits to certain operating
expense accounts. By expanding the dataset, a pattern started
to appear. A trace-forward approach allows an auditor to follow
his curiosity and design more effective spreadsheets. It is the
building-up of data that gives an auditor the ability to detect
In the case
study above, the authors have introduced a different approach
to analyzing accounts and some useful spreadsheet tools to aid
in the task. Through experience, auditors learn to recognize the
signs of a common fraud like accounts receivable lapping. But
when the fraudster changes his method only slightly, an auditor’s
effectiveness in detecting fraud can drop considerably. Starting
with disaggregated data, establishing expectations then setting
materiality levels, and building up datasets provide an auditor
with a greater chance of detecting errors and fraud.
L. Clark, PhD, CPA, is a professor of accounting at the
Auburn University school of accountancy, Auburn, Ala.
Gary D. Zeune, CPA, is a speaker and writer on fraud
and founder of “The Pros and the Cons,” a speakers
bureau for white-collar criminals (www.TheProsAndTheCons.com).
For a copy of the Excel templates used in the case study above,
please contact the authors at firstname.lastname@example.org email@example.com,
or download the files at www.cpaj.com.