WinterSeminar 22January2015 - AGA Boston Chapter ·...

Par$cipant Handout Materials

Winter Seminar 22 January 2015

DAVID L. COTTON, CPA, CFE, CGFM COTTON & COMPANY LLP CHAIRMAN

Dave Cotton is chairman of Cotton & Company LLP, Certified Public Accountants. Cotton & Company is headquartered in Alexandria, Virginia. The firm was founded in 1981 and has a practice concentration in assisting Federal and State government agencies, inspectors general, and government grantees and contractors with a variety of government program-‐related assurance and advisory services. Cotton & Company has performed grant and contract, indirect cost rate, financial statement, financial related, and performance audits for more than two dozen Federal inspectors general as well as numerous other Federal and State agencies and programs. Cotton & Company’s Federal agency audit clients have included the U.S. Government Accountability Office, the U.S. Navy, the U.S. House of Representatives, the U.S. Capitol Police, the U.S. Small Business Administration, the U.S. Bureau of Prisons, the Millennium Challenge Corporation, the U.S. Marshals Service, and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Cotton & Company also assists numerous Federal agencies in preparing financial statements and improving financial management, accounting, and internal control systems. Dave received a BS in mechanical engineering (1971) and an MBA in management science and labor relations (1972) from Lehigh University in Bethlehem, PA. He also pursued graduate studies in accounting and auditing at the University of Chicago, Graduate School of Business (1977 to 1978). He is a Certified Public Accountant (CPA), Certified Fraud Examiner (CFE), and Certified Government Financial Manager (CGFM). Dave served on the Advisory Council on Government Auditing Standards (the Council advises the United States Comptroller General on promulgation of Government Auditing Standards—GAO’s yellow book) from 2006 to 2009. He served on the Institute of Internal Auditors (IIA) Anti-‐Fraud Programs and Controls Task Force and co-‐authored Managing the Business Risk of Fraud: A Practical Guide. He served on the American Institute of CPAs Anti-‐Fraud Task Force and co-‐authored Management Override: The Achilles Heel of Fraud Prevention. He is the past-‐chairman of the AICPA Federal Accounting and Auditing Subcommittee and has served on the AICPA Governmental Account-‐ing and Auditing Committee and the Government Technical Standards Subcommittee of the AICPA Professional Ethics Executive Committee. He authored the AICPA’s 8-‐hour continuing professional education course, Joint and Indirect Cost Allocations—How to Prepare and Audit Them. He is presently serving on the AICPA’s Performance Audit Standards Task Force and the Fraud Risk Guide Task Force, sponsored by COSO and the ACFE. Dave served on the board of the Virginia Society of Certified Public Accountants (VSCPA) and on the VSCPA Litigation Services Committee, Professional Ethics Committee, Quality Review Committee, and Governmental Accounting and Auditing Committee. He is member of the Greater Washington Society of CPAs (GWSCPA). He is a member of the Association of Government Accountants (AGA) and past-‐advisory board chairman and past-‐president of the AGA Northern Virginia Chapter. He is also a member of the Institute of Internal Auditors and the Association of Certified Fraud Examiners.

Dave has testified as an expert in governmental accounting, auditing, and fraud issues before the United States Court of Federal Claims and other administrative and judicial bodies. Dave has spoken frequently on cost accounting, professional ethics, and auditors’ fraud detection responsibilities under SAS 99, Consideration of Fraud in a Financial Statement Audit. He has been an instructor for the George Washington University masters of accountancy program (Fraud Examination and Forensic Accounting), and instructs for the George Mason University Small Business Development Center (Fundamentals of Accounting for Government Contracts). Dave was the recipient of the AGA’s 2006 Barr Award (“to recognize the cumulative achievements of private sector individuals who throughout their careers have served as a role model for others and who have consistently exhibited the highest personal and professional standards”) as well as AGA’s 2012 Educator Award (“to recognize individuals who have made significant contributions to the education and training of government financial managers”).

dco$on@co$oncpa.com 1


Using CAATs to Find Fraud

◆  Perspectives ◆  What are CAATs? ◆  Data Analysis Techniques using IDEA

and ACL ◆  A Generic Approach to Data Analysis ◆  Benford’s Law ◆  Does It Work?

Perspectives

◆ Marwick, Mitchell & Company--1908 audit of the Northern Shoe Company of Duluth, Minnesota



Ten Reasons Why My 1967 Computer Is Better Than Any Computer Made Today

10. Came preloaded with all the software needed 9. Doesn’t need a power cord or batteries 8. Has unlimited RAM and storage 7. Has never needed an upgrade 6. Was fully Y2K compliant, even in 1967

Ten Reasons Why My 1967 Computer Is Better Than Any Computer Made Today

5. Can be used on airplanes during take-off and landing

4. Has never needed to be returned for service 3. Doesn’t need a mouse, keyboard, or external

monitor 2. Bill Gates has not derived, does not derive, and

will not derive any revenue from it

1. Has never said “This program has performed an illegal operation and will be closed.”



What Are CAATs? ◆  Computer-based tools that permit auditors to

increase their personal productivity as well as that of the audit function. [CAATTs & Other BEASTS for Auditors, by David G. Coderre; 1998, Global Audit Publications]

◆  The power of CAATs: The U.S. Department of Redundancy Department has 135,000 employees. How long would it take auditors to manually search payroll records to identify duplicate payments by searching based on duplicate social security numbers?

Types of CAATs ◆  Word processing ◆  Spreadsheet ◆  Database ◆  Statistical sampling ◆  Data mining ◆  Real time testing programs (continuous

auditing) ◆  Integrated audit software ◆  Data analysis ◆  Benford’s Law



Data Analysis Software

◆ Useful for identifying misappropriation of assets and fraudulent financial reporting

◆ Allows limitless number of analytical relationships to be assessed – within large databases – comparing large databases

◆  Identifies anomalies ◆ Further (human) investigation is almost

always needed

Data Analysis Software

◆ Access and Excel ◆  Interactive Data Extraction and

Analysis (IDEA) ◆ Audit Command Language (ACL)

Ø Windows based and user friendly Ø Require creativity and imagination Ø Supplements--but does not replace--

intelligent audit work



Valuable Resources ◆ Fraud Detection Using Data Analysis

Techniques to Detect Fraud, David G. Coderre, Global Audit Publications, 1999.

◆ CAATTs and Other BEASTs for Auditors, 3rd Edition, David G. Coderre, Ekaros Analytical Inc., 2005

◆  Internal Audit—Efficiency through Automation, David G. Coderre, John Wiley & Sons, 2009.

David G. Coderre

h"p://www.caats.ca



ACL Data Analysis Techniques

v  Filters v  Sorts v  Statistics v  Gaps v  Duplicates v  Aging v  Confirmations v  Samples

v  Classification v  Summarization v  Stratification v  Join and Define

Relationships v  Trend Analysis v  Regression

Analysis v  Parallel Simulation v  Digital Analysis

Filters ◆ Show me only certain transactions that I might

be interested in ◆  I.e. filter out the “static” inherent in large

databases ◆  Show me all invoices approved and paid on days when

the boss was not in the office ◆  Show me all transactions initiated on Sundays and

holidays ◆  Show me all journal entries initiated on the last three

days of the quarter



Sorting ◆ Put the data into an order that is easier to

analyze ◆  E.g. aged accounts payable ◆  Sort by vendor name;

– Or sort by vendor address; – Or sort by vendor telephone number; – Or EFT account number

◆  Sort by policy number…

Statistics

◆ Average value, standard deviation, highest/lowest value, etc.

◆  Show me all vendor payments that are more than two standard deviations from the mean

◆  Show me every unit price for product A that is more than 1 standard deviation from the mean

◆  Show me the ratio of total hours to standard hours by department



Gaps

◆ Used when we have pre-numbered forms or transactions

◆  Show me all missing checks ◆  Show me missing health insurance claims ◆  Show me missing purchase orders ◆  Show me missing vouchers for benefits ◆  Show me all work days with zero cash receipts ◆  Show me NON-gaps where gaps should be

Duplicates ◆ Used in situations when duplicates should not

occur ◆  Show me all payroll transactions in the pay period that

have duplicate: – Payees –  SSN – Payment addresses – EFT transfer destinations

◆  Show me duplicate PO#, invoice #, receipt #, check #, etc.



Aging ◆ We all use aged A/P and A/R listings ◆ AGE function can calculate the number of days

between two date fields ◆  Show me the time elapsed between bid received and bid

opening ◆  Show me the time elapsed between the time an item is

added to inventory and when that item is declared “scrap” or disposed of “due to obsolescence”

◆  Show me the elapsed time between receipt of an invoice and the payment date; and compare to “discount taken” values

Expressions and Calculations ◆ Can be used to test for and detect errors in

accounting software ◆ But, can also be used to detect outside intervention

into an otherwise okay system ◆  Recalculate units x unit price and show me all cases where the

result does not equal the value in the extended amount field ◆  Recalculate each item’s beginning inventory quantity +

purchased quantity; compare to ending inventory quantity ◆  Recalculate vacation accruals for every payroll transaction

and show me every case where the result differs from what was recorded



Classify ◆ Counts the number of unique values in a

selected character field(s) and the corresponding totals of other numeric fields

◆  Show me how many hysterectomy procedures have been performed, by sex: – Female: 127 – Male: 3 –  [sex field blank]: 12

◆  Show me travel expense reimbursements by employee

Summarize ◆ Similar to CLASSIFY, but sorts data by

specified field and provides a detailed listing of transaction information for all records in that classification

◆  Show me all transactions for vendor A, B, C ◆  Show me all payroll transactions for employee A, B, C ◆  Show me all employee expenses transactions for

employee A, B, C



Stratify ◆ Groups transactions into specified ranges of values

(strata) ◆  Show me numbers of contracts and values within certain

strata –  $0 - $45,000: 27 ($609,336) –  $45,001 - $49,500: 12 ($543,216) –  $49,501 - $50,000: 425 ($21,241,925) –  $50,001 - $100,000: 5 ($442,895) –  $100,001 - $1,000,000: 3 ($619,764)

Join and Define Relation ◆  JOIN combines data from two databases into a single

database ◆  DEFINE lets you specify the relationship of interest ◆  Show me employee expense claims by employees who were

on vacation/sick/holiday leave on the day the expense was incurred

◆  Show me vendor addresses that match employee addresses ◆  Show me all instances in which a person made a DNC/

RNC campaign contribution within 60 days of getting a Federally-guaranteed loan



Trend/Regression Analysis ◆ Trend analysis looks at historical trends that

data exhibit ◆ Regression analysis uses historical data to

predict what future values will be ◆  Looking at electricity or water usage trends will show

anomalous changes—investigate any spikes ◆  Regression analysis of electricity or water usage will

predict what the usage should be in the current or future periods—investigate any variances

Data Analysis--A Generic Approach

1)  Identify all available databases ü  Internal to the organization ü  External to the organization

2)  List record fields in all available databases 3)  Formulate hypotheses about record field

relationships based on specific audit objectives 4)  Program analytical tests for each hypothesis



Data Analysis--A Generic Approach 5)  Run tests (output is your “hit list”) 6)  Evaluate initial hit list and refine the tests 7)  Re-run refined test to produce shorter, more

meaningful hit list (repeat steps 5-7, as needed) 8)  Evaluate (via record analysis, interview, or other

technique) every item on the refined hit list 9)  Dispose of every hit:

ü  Valid explanation found ü  Probable improper transaction--full investigation

needed

Data Analysis--A Generic Approach

10)  Identify control problems and corrective actions needed



Data Analysis

◆ Keep the programs developed and refined over time

◆ Run as batch programs as frequently as resources allow

◆ Explore feasibility of real-time tests of transactions: continuous auditing

Real-Time Transaction Tests—Continuous Auditing

◆ Add a loop to the existing accounting system transaction process

◆ Loop goes through the internal or external audit organization

◆ Transactions that fail the audit organization’s [secret] tests get stopped for further analysis



Real-Time Transaction Tests—Continuous Auditing

◆ Can be very rigorous—apply data analysis tests to every transaction

◆ Can be less rigorous—only focus on some high-risk types of transactions (for example, notify the auditors whenever there is a JE greater than $50,000)

Does data analysis really work? ◆  C&C audits Federal agency financial

statements ◆  We’ve made data analysis a routine part of

these audits ◆  Once various testing algorithms are

defined, the testing is easy and inexpensive ◆  But, the results can be significant



A data analysis success story

◆  In a Federal agency audit, tests for duplicate payment to funding recipients identified two duplicate payments: one for $289,499 and another for $36,216

◆  The agency recovered $325,715 (an amount equal to approximately half of our audit fee)

◆  Just as important were the internal control improvements that resulted from this finding

32

Data Analysis Case Study: Daewoo v United States of

America



33 Daewoo v United States

n  Daewoo Engineering and Construction Co., Ltd., was awarded an $88 million contract to build a 2-lane highway around Babeldaop Island, Republic of Palau

n  Daewoo encountered weather-related delays n  The road was supposed to have been completed in

2001 n  The road was finally completed in the fall of 2007 n  Daewoo submitted a $64 million claim to the

Army Corps of engineers

34 Daewoo v United States



35

Daewoo v United States

ü DOJ hired Cotton & Company to help defend against the claim

ü We spent 3 weeks in Palau auditing the claim ü Daewoo’s claim contained equipment costs

(about 85% of the claim), labor costs, and other costs, including the “kitchen sink”

36

A true “kitchen sink” claim



37

A true “kitchen sink” claim

38

Convoluted claim presentation

ü  300+ pages ü  Costs for Daewoo as well as Daewoo’s 6

subcontractors ü  Different formats and bases



39 Convoluted claim presentation—equipment

costs

40

Auditing the Claim n  We asked for the Excel spreadsheets that

generated the many pages of equipment cost schedules

n  We “unhid” the hidden columns n  We rearranged the columns so that they were

consistent for all spreadsheets n  We merged the spreadsheets into a single

spreadsheet n  We performed a “data sort” on the “Chassis No.”

column



41

42

Auditing the Claim n  We sought Daewoo’s explanation for the

duplicated equipment n  To “prove” that they had certain items of

equipment, Daewoo’s equipment manager revealed a previously undisclosed spreadsheet



43

44

Auditing the Claim n  We used this newly discovered spreadsheet to

identify scrapped equipment in the claim n  Duplicated and scrapped equipment in the claim

totalled at least $2,020,252.



Auditing the Claim Ø  More significant than scrapped and duplicated

equipment, was the impact on the claim of the equipment rates Daewoo used

Ø  Daewoo claimed equipment using a COE rate schedule manual (EP 1110-1-8, Construction Equipment Ownership and Operating Expense Schedule)



Auditing the Claim Ø  The COE Rate Manual uses very complex

algorithms to compute operating and standby rates for hundreds of pieces of equipment

Ø  We used Excel to replicate the COE algorithms, inserting Daewoo’s actual costs in place of new equipment cost information

Ø  Daewoo’s actual equipment rates were significantly lower than the COE rates



Daewoo’s Explanations

Ø  Duplicated and scrapped equipment were insignificant errors in their claim

Ø  The Army had agreed to allow them to use COE equipment rates



FRAUD

opportunity

Motive Pressure

Attitude rationalization

The Army had agreed to allow them to use COE equipment rates in an earlier, much smaller

change order

FRAUD

opportunity

Motive Pressure

Attitude rationalization

The Army had agreed to allow them to use COE equipment rates in an earlier, much smaller

change order



A Compelling Trial Exhibit

A Compelling Trial Exhibit



Fraud Counterclaims by the Government

Ø  At the conclusion of Daewoo’s case presentation, DOJ requested and was granted leave to file fraud counterclaims

Ø  The fraud provisions of the Contract Disputes Act

Ø  The False Claims Act

Ø  The Special Plea in Fraud (Fraud Forfeiture)

Ø  Fraud in the Inducement (bait & switch)




We noted that all Daewoo’s “errors” in the claim increased the amount of the claim; no errors had the effect of reducing the claim. This would be a remarkable coincidence in a random review of claim elements, or any means of “sampling” by auditors. See, e.g., DX 1015 (Cotton Report); DX 1015 (Cotton Supplemental Report); Tr. 17303 (McGeehin). The possibility that the inflationary effects of Exponent’s and Daewoo’s errors resulted from innocent mistakes is remote.

--The Honorable Robert Hodges




Defendant showed that Daewoo had equipment acquisition and maintenance costs in its records, but no one chose to compare the records with the Manual to see if the acquisition costs were less than those set out in the manual. If they did, they discovered that the manual rates were higher and ignored the records. In other words, plaintiff purposely avoided looking at its own acquisition costs in favor of the higher manual numbers. This intentional inflation of the claim is fraud.


Daewoo v United States The Government proved by any standard that Daewoo’s $64 million claim was fraudulent. Plaintiff made the claim for purposes other than a good faith belief that the Government owed Daewoo that amount. Plaintiff in fact did not believe that the Government owed it $64 million as a matter of right. The Project Manager testified at one point that Daewoo filed at least $50 million of the claim to indicate “the seriousness of the situation” and to get the Government to “pay attention” so it would agree to a cheaper method of constructing embankments. … If so, this is further evidence of bad faith. It means that Daewoo submitted a certified claim as a negotiating ploy; that is, for a reason other than an attempt to recover money for which Daewoo believed the Government is liable.





We made an effort to warn plaintiff of the dangers developing in it case, and to urge that counsel resolve the matter with defendant rather than forcing an Opinion of this nature. Rarely does a case of this magnitude provide evidence of fraud so clearly.


Daewoo v United States Ø  ALL of Daewoo’s $64 million claim was denied

Ø  The Court entered judgment in the Government’s favor under fraud counterclaims pertaining to:

§  The fraud provisions of the Contract Disputes Act

§  The False Claims Act

§  The Special Plea in Fraud (Fraud Forfeiture)

§  Fraud in the Inducement (bait & switch)

Ø  Daewoo was ordered to pay the Government $50,639,855.88 plus costs of the investigation

Ø  Daewoo (and three key managers) remained on the EPLS while it appealed the decision rather than pay the USG the $51 million

Ø  Daewoo’s appeal was ruled on in February 2009



SCOTUS Appeal Outcome



65 Daewoo v United States n  ALL of Daewoo’s $64 million claim was denied n  The Court entered judgment in the Government’s favor under

fraud counterclaims pertaining to:

n  The fraud provisions of the Contract Disputes Act n  The False Claims Act n  The Special Plea in Fraud (Fraud Forfeiture) n  Fraud in the Inducement (bait & switch)

n  Daewoo was ordered to pay the Government $50,639,855.88 n  Daewoo’s appeal was ruled on in February 2009; SCOTUS

denied cert n  Daewoo FINALLY paid the Government $54+ million to get

removed from the excluded party list

The Compact Road, Fall 2009




We used data analytics to identify material amounts of duplicated and scrapped equipment in the claim

We used data analytics to demonstrate to the Court the inflationary effects of Daewoo’s misuse of the COE Rate Manual

Daewoo v United States Lessons Learned …



In Summary ... ◆  Data mining, data analysis, and artificial

intelligence capabilities--hardware and software--have been improving at an exponential rate.

◆  Current technology is only a hint of what is to come, for both “routine” auditing, and fraud detection.

◆  BUT, the bad guys won’t stand still; they will advance also. All aspects of fraud detection and fraud will change including, perhaps, how we punish those we catch ...

Where to Get More Information ◆  Application of Computer Assisted Audit Techniques

Using Microcomputers, Canadian Institute of Chartered Accountants, 1994 [www.isaca.org]

◆  Internal Audit—Efficiency through Automation, David Coderre, Wiley, 2009

◆  CAATTs & Other BEASTs for Auditors, David Coderre, Global Audit Publications, 1998 [604/669-4225; or www.acl.com]

◆  Fraud Detection: Using Data Analysis Techniques to Detect Fraud, David G. Coderre, Global Audit Publications, 1999 [604/669-4225; or www.acl.com]

◆  Digital Analysis Using Benford’s Law, by Mark Nigrini, 2000, Global Audit Publications



Where to Get More Information ◆  101 ACL Applications: A Toolkit for Today’s

Auditors, Richard B. Lanza, CPA, Global Audit Publications, 1999 [604/669-4225; or www.acl.com]

◆  About Benford’s Law: I’ve Got Your Number, Mark J. Nigrini, Journal of Accountancy, May 1999

◆  About ACL: www.acl.com ◆  About IDEA: www.audimation.com

Where to Get More Information ◆  About Detective Toolkit, Fraud Investigator, and Similarity

Search Engine: www.infoglide.com ◆  About ViCLAS: http://www.rcmp-grc.gc.ca/tops-opst/

viclas-salvac-eng.htm ◆  About Data Mining:

–  www.gartner6.gartnerweb.com –  www.statserv.com/datamining.html –  www.datamining.org/sites.htm –  www.wizsoft.com



Finding Fraud with Computer Assisted Audit

Techniques Dave Cotton, CPA. CFE, CGFM

Cotton & Company, LLP Alexandria, Virginia

[email protected]


WinterSeminar 22January2015 - AGA Boston Chapter ·...

Documents

Transcript of WinterSeminar 22January2015 - AGA Boston Chapter ·...