Recognizing Fraud Patterns in Accounting Data

By Ronald L. Clark and Gary D. Zeune

E-mail Story
Print Story
APRIL 2007 - The AICPA’s 2002 release of Statement on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, has led auditors to adopt new, innovative approaches to analyzing accounting data in order to detect errors and fraud. SAS 99 now requires auditors to perform risk analysis, test journal entries, and examine disaggregated data such as sales. An effective way to search for fraud is to follow a four-step approach:
  • Develop expectations
  • Remove “distractors”
  • Build up a data set
  • Look for unusual patterns in the data, and perform tests.

The best way to explain this approach is to illustrate it with a case study. The authors have developed spreadsheet tools to make users more effective and efficient in detecting fraud during an audit.

Case Study

FastWay, Inc., is a successful local trucking business. FastWay owners decided to expand into a regional carrier by building two new terminals during 2006. During the planning session for the 2006 year-end audit, the auditors developed expectations for FastWay’s operating results. They concluded that while the company has had an adequate operating cash flow, it would require the use of either debt or additional equity investment to finance expansion plans. Given the auditors’ knowledge of FastWay, their expectations for the 2006 year-end are as follows:

  • Increase in sales with moderate increase in net income;
  • Increase in fixed assets; and
  • Increase in long-term debt and/or increase in capital stock.

Early in 2007, the auditors visited FastWay and were given a draft copy of its 2006 financial statements. They were especially interested in the relationships among fixed assets, long-term debt, and equity. Exhibit 1 shows a graph of these accounts along with sales, total assets, and net income.

The auditors’ expectations were not met after reviewing the financial statements. The auditors did not understand how the additions to fixed assets were financed: The increase in long-term debt did not appear sufficient to finance the additions, especially given that equity remained almost unchanged. They were also perplexed by the significant increase in net income that resulted from such a small increase in sales. Where did the funds come from to finance additional assets? And, how did income increase significantly given the small changes in sales and total assets?

The auditors decided to investigate the fixed assets and associated accounts. The traditional approach when examining fixed assets is to start with the aggregated numbers in the general ledger account and trace back through the journals to the source documents (the “trace-back” method). Tracing transactions backward through the system is an acceptable and, in some cases, the most desirable way to test a particular account. In the FastWay case, because actual results deviated from the auditors’ expectations, they decided to start with disaggregated data.

The risk of starting with disaggregated data (individual entries) is that normal entries will distract an auditor from finding abnormal entries. The question becomes how one can work through the data to find items of interest or potential fraud patterns. SAS 99 directs auditors to understand the difference between normal and abnormal journal entries. Auditors should temporarily set aside those normal, expected entries that might distract them from focusing on the abnormal or unexpected. For FastWay, the auditors would expect to see entries to fixed assets with related entries to debt or cash if the company raised building funds through additional issues of stock.

Using Technology for Analysis

Auditors must focus on small amounts of data that are part of a large, sometimes enormous, database. To manage disaggregated or individual transactions, it is helpful to follow these steps:

  • Decide which subset of transactions to examine.
  • Capture those specific transactions into a spreadsheet.
  • Remove distractors from the subset of transactions.
  • Put the remaining transactions in a format that can help identify patterns.

All commercial general ledger systems allow the downloading of data into a spreadsheet format. For some programs the process is as easy as clicking a button, telling the system which transactions to extract, and then opening the spreadsheet. Each commercial general ledger package handles the downloading a little differently. The help menus in the spreadsheet and general ledger package will describe the specific steps necessary to download data into a spreadsheet.

Remove the Distractors

Once the data is captured, an auditor must remove the distractors. In the case study, the auditors downloaded all of the transactions with debits to fixed assets and their related credits to a spreadsheet. Exhibit 2 shows a few sample transactions from that data set imported into a Microsoft Excel spreadsheet. Examination reveals that some of the increases to fixed assets have liability-related credits (account 201 is a liability) and some have expense-related accounts (on the chart of accounts, expenses start at 400). The auditors assume that the purchases of fixed assets from debt represent a normal entry. What is of interest in the FastWay case is why there are debits to fixed assets and credits to expense accounts.

There appears to be an unexpected pattern in the data. The auditors expected to find debits to fixed assets and credits to a liability account, so they filtered out those transactions for further audit procedures. Spreadsheets have a feature for filtering a list of data. In Excel, position the cursor within the list of data, then click on “Data” from the taskbar and select “AutoFilter.”

Exhibit 3 shows how the auditors filtered the data. To filter out those transactions with credits to liability account numbers (distractors), click on the down arrow in the “ACCT Credit” column and enter “is greater than 399” in the Custom AutoFilter window. Exhibit 4 shows the filtered data.

The auditors’ first question was: “Why are there debits to fixed assets and credits to expense accounts?” The answer requires digging a little deeper; the auditors redefined their data search. They downloaded all of FastWay’s entries related to fixed assets and operating expense accounts 404, 405, and 406. Following the same steps as above to remove any distractors, the auditors filtered the data to produce Exhibit 5. The auditors were surprised to see related transactions for additional expense accounts, 407, 408, and 409.

Perhaps the first thing an auditor might notice from Exhibit 5 is that several entries have the same dollar amount. Is there a pattern here? One spreadsheet tool for identifying patterns is the pivot table. The auditors decided to reformat Exhibit 5 to see if a pattern emerges.

Under the “Data” button on the Excel toolbar is a selection for “Pivot Tables and Pivot Charts.” A pivot table allows a user to look at data in a different view. One begins by placing the cursor within the data list and clicking on “Data” then “Pivot Tables” in the toolbar. Exhibit 6 shows the beginnings of a pivot table. Users simply drag fields from the Pivot Table Field List box to the column and row headings in the pivot table form.

Exhibit 7 shows the data transformed into a pivot table. There are multiple journal entries with the same dollar amount. Closer investigation reveals a developing pattern. Not only were FastWay’s fixed assets debited for relatively small amounts, but these dollars flowed through multiple expense accounts. It would not be unusual during an audit to see journal entries that reclassify expenses to fixed assets (or vice versa). What is unusual here is the flow of the transactions through multiple accounts.

This case study is derived from one of the WorldCom frauds. Even though WorldCom represented an $11 billion fraud, the exact same kinds of techniques are used all the time in small companies (e.g., ZZZZ Best Carpet Cleaning). In this example, FastWay capitalized expenses to improve earnings. To hide this fraud, the company moved the transactions through multiple accounts to confuse the audit trail.

The Power of Tracing Forward

The auditors in the FastWay, Inc., case should examine each of the accounts shown in the Pivot Table. Something looks amiss! Experienced auditors might ask: “Can’t these abnormal entries be found using the trace-back method?” Perhaps, but there are some real advantages to the trace-forward method that can improve an auditor’s ability to detect fraud.

The first advantage of the trace-forward method is the ability to selectively set materiality thresholds based on particular accounts. A major flaw of the trace-back method is that auditors set the materiality level without knowing what the underlying data look like. Using the trace-back method, auditors can decide on a materiality level that might have been above the fraudulent entries in our example. A common strategy for the successful fraudster is to not get greedy and stay under the radar. That’s why it can be dangerous for an auditor to tell a client what to do, or to have the client prepare audit workpapers. The client knows what the auditor is looking for.

Using the trace-forward method, auditors do not set materiality levels until they have examined the underlying data for an account. As shown in Exhibit 7, the individual amounts are relatively small. What piqued the auditors’ interest in the case study, however, was the pattern that appears in the dataset. Assuming many more entries than shown in the example, the auditor could then set a materiality level to remove distractors, and focus only on the abnormal pattern.

A second reason for using the trace-forward method is to identify patterns among different accounts. Starting with the debit entries to fixed assets, the FastWay auditors noticed credits to certain operating expense accounts. By expanding the dataset, a pattern started to appear. A trace-forward approach allows an auditor to follow his curiosity and design more effective spreadsheets. It is the building-up of data that gives an auditor the ability to detect patterns.

Improving Fraud Detection

In the case study above, the authors have introduced a different approach to analyzing accounts and some useful spreadsheet tools to aid in the task. Through experience, auditors learn to recognize the signs of a common fraud like accounts receivable lapping. But when the fraudster changes his method only slightly, an auditor’s effectiveness in detecting fraud can drop considerably. Starting with disaggregated data, establishing expectations then setting materiality levels, and building up datasets provide an auditor with a greater chance of detecting errors and fraud.

Ronald L. Clark, PhD, CPA, is a professor of accounting at the Auburn University school of accountancy, Auburn, Ala. Gary D. Zeune, CPA, is a speaker and writer on fraud and founder of “The Pros and the Cons,” a speakers bureau for white-collar criminals ( For a copy of the Excel templates used in the case study above, please contact the authors at, or download the files at




















The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices