Audimation Services has been acquired by CaseWare International Learn More.


Blog Image

Prime Areas for Fraud Schemes

Where to Look and How to Find Them

Fraud is on the rise. And if you don’t know what fraud looks like, you’re not likely to find it. While most occupational frauds are detected through tips, only 14.4% are detected by internal audit. There are more frauds uncovered by accident than by an external audit.1

Whether you’re an internal or external auditor, you realize there is little tolerance when errors and fraud go undetected, which is why many auditors are using data analysis to help identify issues within the organization’s data. The use of data analysis can help uncover fraud schemes and reduce the company’s fraud risk exposure – you just need to know where to look.

The typical organization loses 5% of its revenues to fraud each year.

– Source: Association of Certified Fraud Examiners (ACFE) 2013 Report to the Nations

Relevant information resides in financial files within the organization. The larger and more detailed the data files are, the more useful data analysis becomes. It can handle limitless amounts of data, and analysis can be performed while maintaining data integrity. Plus, most tools can track, record and provide a history of all actions performed, which is often required for court evidence.

Fraud Risk Assessment Steps

  1. Build a profile of potential frauds to be tested
  2. Analyze data for possible indicators of fraud
  3. Automoate the detection process through continuous auditing/monitoring of high-risk business functions to improve controls
  4. Investigate and drill down into emerging patterns
  5. Expand scope and repeat as necessary
  6. Report

So let’s start with a simple question: Why do people rob banks? Because that’s where the money is kept. The same is true for where to apply data analysis to uncover or prevent fraud. Here are some key areas where data analysis can be used to identify and get to the root cause of simple or sophisticated fraud schemes:


Payroll Fraud Schemes


While most payroll frauds are found by accident, data analysis can be used on a regular basis to analyze payments and search for outliers simply by matching payments to the payroll master file. Often fictitious or "ghost" employees are set up on a salary system to receive automatic payments.

Data to Gather:

  • Payroll master file with cumulative totals and static data
  • Monthly transactions file
  • Employee data including Social Security numbers, address, employee number

Data Analysis Tests to Perform:

  • Test for duplicate employees on the entire payroll file (appending or joining payroll files if necessary) using the employees’ SSNs as a unique employee identifier
  • Check for duplicate bank accounts [Note: False positives may include family accounts where more than one family member is employed by the organization]
  • Identify employee accounts with excessive credit memos, or large deposits
  • Match master information from the payroll file with the organization’s personnel file to determine whether there are "ghost" employees on the payroll
  • Compare the payroll file using two dates (beginning and end of the month) to determine whether new hires and terminations are represented as expected, and if any employees have received unusually large salary increases
  • View employee salaries by minimum and maximum by position and/or level. Also test allowances by position and level
  • Check for excessive overtime and allowance claims
  • Compare holidays/vacation and sick leave against limits by position/level
  • Match termination dates against the final few paychecks – look for scheme where extra checks were issued and diverted to the clerk’s account

"One of the key elements of fraud is concealment of the evidence. Our ability to aggressively and completely analyze the data we recover from suspect hard drives using IDEA has made the search for evidence much easier and more cost effective."

– Philip Levi, CFE, FCA, CPA/CFF, CA•IFA Partner, Levi & Sinclair, LLP


Purchase Frauds


Purchase frauds are prevalent, mainly because there are so many ways a potential fraudster can work the system to their advantage. Dummy invoices, reuse of valid invoices and withholding of credit notes are just a few examples of purchasing frauds. Many frauds involve the manipulation of the payments information on personal accounts within the AP system.

Examples of this include:

  • Creation of a fictitious supplier in the general ledger
  • Creation of a fictitious branch within a genuine supplier
  • Reactivating a dormant account

Miscellaneous accounts are particularly vulnerable, and don’t overlook frauds perpetuated on a genuine suppliers account without their knowledge. Accounts with high levels of transactions are susceptible to fraud because fictitious items can easily be buried.

Data to Gather:

Complex purchasing systems with automatic reordering capabilities are also a target. Once a supplier has been set up, or a requisition is input, payments are processed automatically. CaseWare IDEA® can be used on multiple files to test for fraud including:

  • Supplier master
  • Purchase ledger
  • Payments history
  • Purchase invoices


Supplier Master File


  • Using the first 5-6 characters of the name, match supplier names against a list of employee surnames from the payroll or personnel file
  • Test for accounts without VAT numbers or duplicate VAT numbers
  • Examine purchase ledger transactions for entries at or just below the management approval level – if the system finds the approving authority for a transaction, examine the value distribution for each manager
  • Test to see if amounts are being approved just above or below break points in authority level by a value distribution across the whole ledger
  • Search for split invoices to enable approvals by an individual
  • Extract all invoices within 90% of an approved limit and search for all invoices from that supplier. Next, sort by approving manager, department, and date to identify possible split invoices or summarize payments by invoice number to determine how many partial payments have been made for each invoice.
  • Test for duplicate invoices using value and supplier codes as key fields for one test, and purchase order number for another. The 2nd processing of invoices can be used to establish a value on the purchase ledger to make a fraudulent payment.




  • Compare employee home addresses, SSNs, telephone numbers and bank routing/account numbers to the vendor master file
  • Identify invoices without a valid purchase order or from unapproved vendors
  • Find invoices with more than one purchase order authorization
  • Identify multiple invoices with the same item description
  • Extract vendors with duplicate invoice numbers
  • Find invoice payments issued on non-business days, such as weekends or holidays
  • Identify multiple invoices just under approval cut-off levels




  • Search the payments file for payees without "Inc", "LLC" and LTD" in their names to identify payments to individuals
  • Stratify the size of payments to extract any exceptionally high payments
  • If payments are made by electronic transfers, extract lists of bank codes and account numbers from both the P/L payments files and the payroll – compare to see if any accounts match
  • Compare voucher or invoices posted against purchase order amounts




  • Identify the number and value of purchase journals, particularly those transferring amounts into minor accounts

Preventing fraud and consequently minimizing financial losses, is a task that internal audit is ideally positioned to perform. IDEA can be highly effective in identifying unusual and suspect transactions within large data sets. In fact, the majority of IDEA users recover the cost of the software within the first year of use by finding duplicate payments and undetected frauds. It also saves time by automating repeatable tasks without programming.


Achieving Maximum Efficiency

Proactive fraud detection requires moving from ad-hoc analysis towards continuous monitoring (CM). Here are some considerations for how to establish and sustain a successful CM program:
  1. Governance: Does the culture support the CM approach? Do we have the right capabilities?
  2. Incident Response: How will fraud be handled once it’s found?
  3. Event & Risk Assessment: What does fraud look like within your organization?
  4. Controls Testing: How effective are the internal controls? Are we handling ongoing changes?

Proactive Fraud Detection Cycle Infographic

Best Practices , CaseWare IDEA , Fraud

Posted By

By Sarah Palombo
Sarah Palombo founded Avery Public Relations in 2007 and took on Audimation Services as her first client. She has more than 20 years of experience developing communications programs and creating content.

Related Posts
No Image
Sep 07 Healthcare providers, including hospitals and physician groups, must effectively manage a broad network of direct and indirect contractual agreements. If perfor...
The Numbers Never Lie
Jul 20 An Audit Division That Has Mastered Its Use Employee fraud costs the U.S. $300 billion a year. Fraudsters are becoming more sophisticated and clever in their...
Gaining an IDEAScript Advantage
Sep 25 CPA Firm's Journey in Becoming Data-Analytics Driven   A group of data analytics enthusiasts at Schneider Downs & Co. asked staff and senior-level ...

This website has been designed for modern browsers. Please update. Update my browser now