First some mood music to set the theme:
I’ve Got Your Number ~ Journal of Accountancy
Frank Benford made a simple observation while working as a physicist at the GE Research Laboratories in Schenectady, New York, in the 1920s. He noticed that the first few pages of his logarithm tables books were more worn than the last few and from this he surmised that he was consulting the first pages—which gave the logs of numbers with low digits—more often. The first digit of a number is leftmost—for example, the first digit of 45,002 is 4. (Zero cannot be a first digit.) Benford extrapolated that he was looking up the logs of numbers with low first digits more frequently because there were more numbers with low first digits in the world.
OK, I know those of you that are not mathematically inclined are scratching their heads wondering what the heck I am talking about so here goes. This morning Dixygirl left a comment on the Mississippi Department of Marine Resources post quoted above which described “Fictitious Vendor Embezzlement” aka “Ghost Vendors”. Chubb, the world’s leading good faith insurer (as opposed to the bad faith variety) has put out a resource on this topic for their business insureds that is well worth quoting that described the scheme:
Toni, a human resources manager for ABC Company, has authority over an annual training budget of $3.5 million. She routinely contracts with new vendors for training programs and approves payments to those vendors. Toni asks Accounts Payable to establish a new vendor account for “XYZ Consulting Services” and authorizes payments to XYZ amounting to $300,000 over a six-month period. A subsequent inquiry about XYZ results in discovery that:
- XYZ Consulting Services is a shell vendor operating out of a mail drop address. Toni is the only person associated with XYZ Consulting Services.
- XYZ Consulting Services never provided goods or services of any kind to ABC Company. The invoices provided to Accounts Payable by Toni were never challenged, even though the service description was vague and no service agreement, nor any other documentation, was present in the company files.
“Ghost” vendors represent a common fraud device used by company insiders who have the abilities to approve new vendors to receive payments and to authorize such payments. In these types of schemes, a dishonest employee may establish a phony vendor account(s) that he or she controls and then direct fraudulent payments to that account(s).
So how does an auditor or a fraud examiner find this kind of fraud? Two ways and the first is via a practical application of Benford’s Law via the Journal of Accountancy article linked above:
Because human choices are not random, invented numbers are unlikely to follow Benford’s law. Here are some divergent signs that Benford’s law would have drawn attention to:
- As is often the case in fraud, the embezzler started small and then increased dollar amounts.
- Most of the amounts were just below $100,000. It’s possible that higher dollar amounts received additional scrutiny or that checks above that amount required human signatures instead of automated check writing. By keeping the amounts just below an additional control threshold, the manager tried to conceal the fraud.
- The digit patterns of the check amounts are almost opposite to those of Benford’s law. Over 90% have 7 , 8 or 9 as a first digit. Had each vendor been tested against Benford’s law, this set of numbers also would have had a low conformity, signaling an irregularity.
- The numbers appear to have been chosen to give the appearance of randomness. Benford’s law is quite counterintuitive; people do not naturally assume that some digits occur more frequently. None of the check amounts was duplicated; there were no round numbers; and all the amounts included cents. However, subconsciously, the manager repeated some digits and digit combinations. Among the first two digits of the invented amounts, 87 , 88 , 93 and 96 were all used twice. For the last two digits, 16 , 67 and 83 were duplicated. There was a tendency toward the higher digits; note that 7 through 9 were the most frequently used digits, in contrast to Benford’s law. A total of 160 digits were used in the 23 numbers. The counts for the ten digits from 0 to 9 were 7, 19, 16, 14, 12, 5, 17, 22, 22, and 26, respectively. A CPA familiar with Benford’s law could have easily spotted the fact that these numbers—invented to seem random by someone ignorant of Benford’s law—fall outside expected patterns and thus merit closer examination.
IMHO every auditor worth their salt should have a Benford’s law Excel spreadsheet through which the entirety of the non payroll disbursements of the auditee should be run and analyzed. This type of “data mining” is surprisingly easy and highly effective in determining fraud risk. The one I use generates the graphs like the one included with the JoA article I linked which I have reproduced here for illustrative purposes. The “ugly bumps” in the data really stick out and to the extent they are typically small in frequency of occurrence such lends itself to quick examination.
So, are the investigators at the Auditors office and the CFE’s that work for the FBI doing Benford’s law analysis at DMR? The answer is most likely no for the auditor’s office and certainly yes for the FBI folks but it never hurts to get the word out for practical application. 😉
Benford’s law is what I would term a basic procedure and is one that should be used on every audit engagement. The next data mining procedure is specialized in that it is designed to detect the exact type of fraud Dixygirl described:
A wealth of information resides within the accounting system and the databases maintained to support any business operation. While much of this information is accessible through standard reports, many of the important relationships that can take business decision making to the next level are not readily apparent……..
Example 2: By comparing all addresses in an employee human resource file with all vendor addresses, companies can quickly determine if a “ghost supplier” may have been set up by an employee, with checks remitted to the employee’s address. This is only one test, but a relatively simple procedure that may lead to detection of a very common type of employee fraud.
A subset of this test is to identify all venders with the same remittance address. These procedures which I am describing are indeed relatively simple and my experience is they are highly effective. We’ll see how much of this type stuff bubbles up at DMR because we know it is there.