MIS 5208 –Data Analytics for IT Auditors and Cybersecurity€¦ · MIS 5208 –Data Analytics for...

MIS5208 – Data Analyt ics for IT Audi tors and Cybersecur i ty

EdFerrara,MSIA,[email protected]

Lecture02:TheNatureofFraud

Learn ing Outcomes

§ Fraudisaseriousissue§ Whatisfraud?§ Differenttypesoffraud§ Understandfraudagainstandonbehalfofanorganization§ Criminalandcivilfraud§ Fraudfightingcareers

TheManyFacesofFraud

Fraud

Theft(Misappropriation)

CorruptionDeceptiveStatements

FraudTheintenttodeceivetoobtainanunearnedbenefit.

Fraud:• Isanillegalactoracts(intentionalwrongdoing thatviolatesalaworlaws)• Includestheconcealmentoftheactoracts• Resultsinthe perpetratorsgaining financialbenefitfromtheact(monetizingthe

gains- cashoranothervaluablecommodity)

Examples:• Borrowingmoneyusingsomeoneelse’sidentity• Misrepresenttheprofitabilityofapubliclytradedcompanytoartificiallyinflatethe

company’sstockprice• Misrepresenttheprofitabilityofaprivatelyheldcompany,whensellingthe

company,tomakethebuyerbelievethecompanyisworthmorethanitactuallyis• Plantsmallquantitiesofvaluableoreonlandforsaletodeceivepotentialbuyers

aboutthevalueoftheland• Usingastolencreditcardtopurchasegoodsandorservices

• Oftenseeninconjunctionwithmoneylaunderingtohidetheproceedsofthefraud

FraudOther ExamplesFraudthatbenefits AnOrganization Fraudthatharms anorganizationImpropertransferpricingbetweenrelatedentities

Stealingmoney,property orfalsifyingfinancialrecordstocoverupatheft

Intentional improperrelated-partytransactionswhereonepartyreceivessomebenefitnotobtainableinanormalarm’slengthtransaction.

Intentionally misrepresentingorconcealingeventsordata

Legallytransferring(assignment)fictitiousormisrepresentedassetsor sales

Submitting claimsforservicesorgoodsnotactuallyprovidedbytheorganization.

Deliberatemisrepresentingorvaluingassets,liabilitiesorsalesinafinancialtransaction

Conductingbusinessactivities thatviolategovernmentstatutes,rules,regulations,orcontracts

Misrepresentingthefinancial statusofanorganizationtooutsidepartiesbyintentionallyfailingtodisclosesignificantinformation.

Assoc iat ion of Cert i f ied FraudExaminers§ Theworld'slargestanti-

fraudorganizationandpremierproviderofanti-fraudtrainingandeducation.

FraudCosts

© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified Fraud Examiner,”

TheMovies

In t roduct ion to Fraud

Source: © 2016 Cengage Learning. All Rights Reserved.

TheWizard of L ies

“Therearenoinvestments,”hesayswithchillingsimplicity.“Imadethemup.Itooksome

moneyfromsomepeopleandgaveitotherpeople.There’s

nothingleft.”

Fraud,Greed,DeceptionandConfidence

Source:Rorke, R. (2017). HBO’s Madoff movie is a powerful character study. New York Post. Retrieved from https://nypost.com/2017/05/19/hbos-madoff-movie-is-a-powerful-character-study/

Ponz i Schemes

Source: http://www.investologic.in/wp-content/uploads/2014/03/Ponzi-Schemes.jpg

Source: http://thelabeconomics.blogspot.com/2013/01/our-whole-economy-is-ponzi-scheme.html

Types of Fraud

Victim Thetargetorganization

Perpetrator Employeeoroutsiderwho“cons”employees

Victim(s) Shareholders

Perpetrators Corporate officers

AgainstanOrganizationorIndividual OnBehalfofanOrganization

Secur i t ies Fraud§ Pennystockfraud§ Stockpricerisesdueto

brokerbuyingthestockartificiallyinflatingtheprice

§ Usingfalsereportingandmanipulativebusinessactivities

§ http://www.fbi.gov/cleveland/press-releases/2014/penny-stock-fraud-nets-millions

§ http://www.wsj.com/articles/sec-charges-two-with-penny-stock-fraud-1405716923

FraudC lass i f i cat ionOccupationalFraud- AFCE Description

Assetmisappropriation Misuseofanorganization’sassets

Corruption Influencewrongfullyusedtochangetheoutcomeofabusinesstransactionforthebenefitoftheperpetrator

Fraudulentfinancialstatements Adulteration offinancialstatementstohideoroverstatefinancialperformance– fraudulentlyinfluencinginvestorinterest.

Victim Perpetrator

Companyor Organization Employeeembezzlement – employeeistheperpetratorVendorfraud – vendoristheperpetratorCustomer fraud– customeristheperpetrator

Shareholders,debt-holders oftheorganization

Management

Investor(Stock,Bond,RealEstate)

Dishonest brokerages,individuals

Miscellaneous Probablytoo manytoname,counterfeitRolexwatches,PokeMoncards,etc.

Types of FraudTypeofFraud Perpetrator Victim Explanation

Employeeembezzlement Employees Employer Employeesusetheirpositionstotakeordivertassetsbelongingtotheiremployer.Thisisthemostcommontypeoffraud.

Vendorfraud Vendors Theorganizationtowhichthevendorssellgoodsorservices

Vendorseitheroverbillorprovidelowerqualityorfewergoodsthanagreed.

Customerfraud Customer Theorganizationwhichsellstothecustomers

Customersdon'tpay,paytoolittle,orgettoomuchfromtheorganizationthroughdeception.

Managementfraud(Financialstatementfraud)

Management Shareholdersand/ordebt-holdersandregulators(taxingauthorities,etc.)

Managementmanipulatesthefinancialstatementstomakethecompanylookbetterthanitis.Thisisthemostexpensivetypeoffraud.

Investmentscamsandotherconsumerfrauds

Fraudperpetrators(all)

Investors ThesetypesoffraudsarecommittedontheInternetandinpersonandobtaintheconfidenceofindividualstogetthemtoinvestmoneyinworthlessschemes

Other(Miscellaneous)typesoffraud

Fraudperpetrators(all)

Allkinds—dependsonthesituation

Anytimeanyonetakesadvantageoftheconfidenceofanotherpersontodeceivehimorher.

HowOccupat iona l Fraud i s Committed

Occupat iona l Fraud – Percentageof Cases

26

Occupat iona l Fraud – Median Loss

27

Occupat iona l Fraud – In i t ia l Detect ion

28

EmployeeEmbezz lement

§ Occupationalfraud(mostcommon)§ Employeesstealcompanyassets§ Isdirectorindirect

§ Direct:employeedirectlystealscompanycash,inventory,tools,supplies,orotherassets

§ Indirect:employeetakesbribesorkickbacksfromvendors,customers,orothersforlowersalesprices,higherpurchaseprices,nondelivery ofgoods,orthedeliveryofinferiorgoods

§ Example:CVCConstruction(direct)

Vendor Fraud

§ Twomainvarieties:§ throughvendorsalone§ throughcollusionbetweenbuyersandvendors

§ Usuallyresultsin:§ overchargeforpurchasedgoods§ shipmentofinferiorgoods§ Nonshipment ofpurchasedgoods

§ Example:Halliburton

Customer Fraud

§ Whencustomers§ donotpayforgoods§ paytoolittle§ getsomethingfornothing§ deceiveorganizationsintogivingthemsomethingtheyshould

nothave§ Example:ChicagoBank

§ $525KCashier’sCheck§ $70MtoSwissBankAccounts

Management Fraud

§ Financialstatementfraud§ Topmanagementdeceptivelymisstatesfinancialstatements§ Examples:

§ Enron§ WorldCom§ Sunbeam

© 2016

InvestmentandConsumerFraud§ Worthlessinvestmentssoldtoinvestors§ Examples:

§ Ponzischemes§ Telemarketingfraud§ Nigerianletterormoneyscams(419)§ Identitytheft§ Advancefeescams§ Redemption/strawman/bondfraud§ Letterofcreditfraud§ Internetfraud

© 2016 Cengage Learning. All Rights Reserved. May not be scanned, copied, or duplicated, or posted to a publicly accessible website, in whole or in part.

Fraud’s Impact

United States Fraud StatutesStatute Title&Code Description

BriberyofPublicOfficialsandWitnesses

Title18,USCode§201 Briberyispunishable byuptofifteenyearsinprison,threetimesofthevaluegivenorreceived,anddisqualificationoftheofficerinvolved.

Anti-kickbackActof1986 Title41, USCode§51to58 Thegiving orreceivinganythingofvaluebyasubcontractor,toaprimecontractorinUSgovernmentcontractsisillegal.Violationsarepunishablebyafineandupto10yearsinprison.

MailFraud Title18, USCode§1341 The useofthemailsystemtodefraudanotherindividualororganizationisillegal.Violationsarepunishablebybothfinesandimprisonment.

BankFraud Title18,USCode§1344 Protects banksfromfraudbycustomers,officers,employees,andownersofabank,creditunionandotherorganizationsinsuredbyaUSfederalagency.

RacketeerInfluencedandCorruptOrganizations(RICO)Statute

Title 18,USCode§1961 Prohibits“racketeeringactivity”– twoormoreenumerated criminalviolationsthatcrossstatelines.

ComputerFraud Title18,USCode§1030 Punishestheintentional unauthorizedusetoa“protectedcomputer”forthepurposeofobtainingrestricteddatapertainingtonationalsecurity,confidentialfinancialinformation,committingfraud,damaging,ordestroyinginformationcontainedinthecomputer.

Securities Fraud Rule10(b)5Securities Actof1934,§17(a) Theuse ofmaterialinsideinformationtoinfluencethepurchaseorsaleofcompanysecuritieseitherdirectlyorthroughanexchangeisillegal.

ForeignCorruptPracticesAct(FCPA) Title15,USCode§78m,78a(b),78dd-1,78dd-2,78ff

Itisillegaltobribeforeignofficials

TaxEvasion Title26,USCode§7201

Chinese Fraud Statutes§ Chinahastwosetsoflawsrelatedtobribery:

§ Onesetoflawsdealswithpaymentsgiventostateofficials,andadifferentsetappliestocommercialbriberybetweenprivatepersons.Lawsthatcriminalizeofficialcorruption,definedaspaymentstostateofficials,includeArticles389–95ofthePRCCriminalLaw.

§ Aseparatesetoflawsdealswithcommercialbribery.CommercialbriberyisprohibitedbyArticle8oftheAnti-UnfairCompetitionLaw(AUCL)andbyArticle163ofthePRCCriminalLaw.

§ PRCCRIMINALLAW,supranote18,atarts.389–95(amended1997).Article389provides:§ Anyone,whoviolatesthestateregulationsbyofferingmoneyorpropertytoa

statefunctionarywhileengaginginabusinesstransaction,wheretheamountinvolvedisrelativelylarge,orviolatesthestateregulationsbyofferinganykickbacksortransactionfeestoastatefunctionarywhileengaginginabusinesstransaction,shallbetreatedashavingcommittedthecrimeofbribery.

Source: Chow, D. (2012). The Interplay Between China’s Anti-Bribery Laws and the Foreign Corrupt Practices Act. Ohio State Law Journal, 73:5.

Cr imina l and C iv i l F raud Laws

Various claims may be joined in one actionOnly one claim at a timeClaims

Parties may stipulate to a less than unanimous verdict

Unanimous verdictVerdict

Filing of a claim by a plaintiffDetermination by a grand jury that sufficient evidence exists to indict

Initiation

May consist of fewer than 12 personsJury must have 12 peopleJury

"Preponderance of evidence""Beyond a reasonable doubt"Burden of Proof

Restitution and damage paymentsJail and/or finesConsequences

To obtain a remedyTo right a wrongPurpose

CIVIL CASECRIMINAL CASE

Civ i l Law§ ThecivillawsystemisderivedfromtheRomanCorpusJurisCivilus ofEmperor

JustinianI;itdiffersfromacommon-lawsystem,whichreliesonpriordecisionstodeterminetheoutcomeofalawsuit.MostEuropeanandSouthAmericancountrieshaveacivillawsystem.Englandandmostofthecountriesitdominatedorcolonized,includingCanadaandtheUnitedStates,haveacommon-lawsystem.However,withinthesecountries,Louisiana,Quebec,andPuertoRicoexhibittheinfluenceofFrenchandSpanishsettlersintheiruseofcivillawsystems.

§ IntheUnitedStates,thetermcivillawhastwomeanings.OnemeaningofcivillawreferstoalegalsystemprevalentinEuropethatisbasedonwrittencodes.Civillawinthissenseiscontrastedwiththecommon-lawsystemusedinEnglandandmostoftheUnitedStates,whichreliesonpriorcaselawtoresolvedisputesratherthanwrittencodes.Thesecondmeaningofcivillawreferstothebodyoflawsgoverningdisputesbetweenindividuals,asopposedtothosegoverningoffensesthatarepublicandrelatetothegovernment—thatis,civillawasopposedtoCriminalLaw.

Source: https://legal-dictionary.thefreedictionary.com/civil+law

USCr imina l vs . C iv i lCriminal Civil

Purpose ToRightaWrong Toobtain aremedy

Consequences Jailandorfines Restitutionanddamagepayments

BurdenofProof Beyondareasonabledoubt Preponderanceofevidence

Jury Jurymusthave12people Mayconsistoffewerthan 12persons

Initiation Determinationbyagrandjurythatsufficientevidenceexiststoindict

Filingaclaim bytheplaintiff

Verdict Unanimousverdict Parties maystipulatetoalessthanunanimousverdict

Claims Onlyoneclaimatatime Variousclaimsmaybejoinedinoneaction

Careers

Fraud Invest igat ion Careers

§ AnalyticalSkills§ Examinedataforsymptomsof

fraud§ CommunicationSkills

§ Effectivelyinterviewwitnessesandsuspects

§ Communicatefindingstowitnesses,courtsandothers

§ TechnologicalSkills§ Searchforfraudbyeffectively

usinginformationsystems

§ AccountingandBusinessSkills§ LegalSkills

§ Civilandcriminallaw§ Criminology§ Privacyissues§ Employeerights§ Fraudstatutes§ Otherlegalfraud-relatedissues

§ Languageandculturalskills§ Theabilitytospeakandwritein

aforeignlanguage§ Aknowledgeofhumanbehavior

Skills

Becomea Cert i f ied FraudExaminer

§ BeanassociatememberoftheACFEingoodstanding§ Meetminimumacademicandprofessionalrequirements:

§ Bachelor’sDegree§ Twoyearsofprofessionalexperiencedirectlyorindirectly

relatedtofraudexamination§ Beofhighmoralcharacter§ PasstheCFEExamination§ AgreetoabidebytheBylawsandCodeofProfessionalEthics

oftheACFE

USFraud- f ight ing Careers

© 2016 Cengage Learning. All Rights Reserved. May not be scanned, copied, or duplicated, or posted to a publicly accessible website, in whole or in part.

Lawyers provide litigation and defense work for companies and individuals being sued for fraud and provide special investigation services when fraud is suspected.

Law firms

Serve as an independent consultant in litigation fraud work, serve as expert witness, consult in fraud prevention and detection, and provide other fee-based work.

Consulting

Prevent, detect, and investigate fraud within a company. Includes internal auditors, corporate security officers, and in-house legal counsels.

Corporations

Conduct investigations, support firms in litigation, do bankruptcy-related accounting work, and provide internal audit and internal control consulting work.

CPA firms

FBI, postal inspectors, Criminal Investigation Division of the IRS, U.S. marshals, inspector generals of various governmental agencies, state investigators, and local law enforcement officials.

Government and law enforcement

TYPE OF CAREERTYPES OF EMPLOYERS

NextLecture:WhyPeopleCommitFraud

MIS 5208 –Data Analytics for IT Auditors and Cybersecurity€¦ · MIS 5208 –Data Analytics for...

Documents

Transcript of MIS 5208 –Data Analytics for IT Auditors and Cybersecurity€¦ · MIS 5208 –Data Analytics for...