Fraud Detection Resources for Auditors
General Fraud Indicators
General fraud indicators are, as the name implies, applicable to any audit area. During the audit, auditors should always consider the general fraud indicators in addition to indicators specifically related to the audit area under review. The list of general fraud indicators presented below is not meant to be all-inclusive and should not preclude auditors from identifying and considering other indicators.
- Management override of key controls.
- Inadequate or weak internal controls.
- No written policies and procedures.
- Overly complex organizational structure.
- Key employee never taking leave or vacation.
- High turnover rate, reassignment, firing of key personnel.
- Missing electronic or hard copy documents that materialize later in the review.
- Lost or destroyed electronic or hard copy records.
- Photocopied documents instead of originals. Copies are poor quality or illegible.
- “Unofficial” electronic files or records instead of “archived” or “official” files or records.
- Revisions to electronic or hard copy documents with no explanation or support.
- Use of means of alteration to data files.
- Computer-generated dates for modifications to electronic files that do not fit the appropriate time line for when they were created.
- Missing signatures of approval or discrepancies in signature/handwriting.
- Computer report totals that are not supported by source documentation.
- Lengthy unexplained delays in producing requested documentation.
Management Related Fraud Indicators
Management sets the tone of an organization through its control environment. An organization’s control environment is the foundation of all other internal control components. An organization’s control environment includes integrity and ethical values, management philosophy, organizational structure, and self-governance. For a DoD contractor, active participation in a compliance program, integrity reporting, and the DoD Voluntary Disclosure Program are key parts of its control environment. The control environment provides both discipline and structure to the organization; therefore, auditors must consider management characteristics and influence over the control environment not only as fraud risk factors but also as fraud indicators along with the general and audit specific fraud indicators. Sometimes general and management fraud indicators are the same due to the control environment being an integral part of every review. Possible management fraud indicators are listed below. This list is not meant to be all-inclusive and should not preclude the auditor from considering other fraud indicators that they might identify.
- Failure to display and communicate an appropriate attitude regarding the importance of internal control, including a lack of internal control policies and procedures; ethics program; codes of conduct; self-governance activities; and oversight of significant controls
- Displaying through words or actions that senior management is subject to less stringent rules, regulations, or internal controls than other employees
- Significant portion of compensation being incentive-driven based on accomplishment of aggressive target goals linked to budgetary or program accomplishments or stock prices
- High turnover of senior executives or managers
- Hostile relationship between management and internal and/or external auditors. This would include domineering behavior towards the auditor, failure to provide information, and limiting access to employees of the organization
- Failure to establish procedures to ensure compliance with laws and regulations and prevention of illegal acts
- Indications that key personnel are not competent in the performance of their assigned responsibilities
- Adverse publicity concerning an organization’s activities or those of senior executives
- Lack of, or failure to adhere to, policies and procedures requiring thorough background checks before hiring key management, accounting, or operating personnel
- Inadequate resources to assist personnel in performing their duties, including personal computers, access to information, and temporary personnel
- Failure to effectively follow-up on recommendations resulting from external reviews or questions about financial results
- Nondisclosure to the appropriate Government officials of known noncompliances with laws, regulations, or significant contract or grant provisions
- Directing subordinates to perform tasks that override management or internal controls
- Undue interest or micromanagement of issues or projects that most knowledgeable individuals would identify with a substantially lower level manager
- A manager that claims disinterest or having no knowledge about a sensitive or high profile issue in which you would expect management involvement
- Constant over usage or inappropriate use of cautionary markings on management or organizational documents such as “Attorney Client Privilege/Attorney Work Product,” “For Official Use Only,” or other markings indicating an item is business sensitive or has a higher security classification than is appropriate.
General Scenarios and Indicators
The scenarios are meant to get the auditors thinking about how they can identify or discover certain fraud indicators and under what circumstances they should make a fraud referral. While the scenarios and indicators in this guidance are organized by audit types, many of the fraud indicators described in the scenarios are general in nature or management-related and may be found in any type of audit.
Auditors should familiarize themselves with the basic knowledge provided by the scenarios and creatively use it while performing any audit. This process should also help an auditor link or associate certain fraud indicators with specific audit steps or procedures. When auditors are able to consciously relate fraud indicators or risk factors with an audit step or procedure, they should be able to properly plan and execute an audit and adequately document compliance with GAGAS.
The scenarios presented in this guidance are organized by types of audits; however, many of the fraud indicators are applicable to other audits as well. The intent of the scenarios is to build on the auditor’s knowledge and invoke a sufficient level of awareness for auditors to identify fraud indicators and make referrals when appropriate. Many potential fraud indicators are general in nature or are associated with the structure or operations of upper management.