Professional Documents
Culture Documents
Hiker R Us
Hiker R Us
Hiker R Us
Topics
Objectives
Overview
Analytic procedures
Exercises
Continuous auditing
Summarization and wrap-up
This is a case study regarding a fictitious mail order company where an allegation of
fraud has been received. A SAS 99 brainstorming session was held, and 11 critical
expectations were developed during that brain storming session. The case study can
generally be completed in about four hours.
All of the course materials are available on-line. These are included as links in the
course material.
The final module at the end of the course also includes a number of links to other
references of possible interest.
The online course material consists of simulated vendor and employee data suitable
for audit testing. The data is contained on a cloud server in a database. In order to
access this data, a proper user id and password must be provided. The user id for the
Fraud Detection course is "hru1" with a password of "hru1". The name of the
database to be specified is "hru". All of this information is provided without the
quotes and is case sensitive.
AR (customer receivables)
Call_Center (Call Center transactions)
Customer_Service (Customer Service authorizations)
Employee (Employee master file)
Refunds (Refunds issued)
Revenue (Sales transactions)
Treasury (Authorizations by the Treasury department
Case study exercises
"I hear and I forget. I see and I remember. I do and I understand." - Confucius
Overview
Performing exercises reinforces the concepts taught and better ensures that the auditor
will be able to apply the concepts learned in future audits.
Structure
Concepts are presented and discussed. Then an example of how to apply the concept
is presented. Following this an example exercise with instructions is presented in
order to test the participant's understanding of the concepts. Finally, the answer to the
exercise is also presented in order to compare the results obtained by the participant
with the suggested procedure.
When tutorials are presented, they may be accompanied by a video. These videos
have a control bar at the bottom of the video to navigate and control how the video is
presented. Click on the link below to view the process to control the videos using the
control bar.
Narration (2:03)
Fraud_Detection_Exercises_video.mp4
Case study overview
Hikers 'R Us Narrative
Overview
Founded in 1978, Hikers ‘R Us is the premier mail order firm supplying a wide range of quality
hiking and camping supplies and equipment. Almost all of the items are sold through mail order
to customers in the United States and Canada. The goods are imported from China. Hikers ‘R Us
has been profitable for some time. They have transitioned from doing business on paper through
several computer based systems.
Refund Policy
Hikers ‘R Us has a very liberal return policy so they will accept returns for almost any reason.
Returns have historically been low at around 1% of sales. A recent routine audit of sales returns
did not disclose any weaknesses or errors. Although revenues have been flat, returns have been
steadily increasing.
System Operations
The company uses the enterprise software from the Mexican software company “Sapo”. (Sapo
means toad in Spanish). Controls over cash refunds are very tight. First, the software system
itself performs extensive checking and cross-checking at every step in the refund process. The
computer system is housed in a highly secured area and physical access is severely limited.
The refund process begins when a customer contacts the call center in Leland, North Carolina.
Call center hours are 8:00 a.m. to 5:00 p.m. on business days – typically Monday through Friday
and excluding holidays. Calls come through an automated voice recording system where the
customer enters their account number. When a call center representative takes the call, the
customer’s account is brought up immediately in the Sapo system and the representative can
verify that the purchase was made. The call center representative then completes a form 2134 –
“Customer Refund Quest”. The original is a white page, which is filed in the Call Center in
numerical order. The yellow copy is forwarded to the Customer Service center where it is filed in
the customer’s account file. The third copy, pink, is sent to the Treasury Department. Sapo
includes a state of the art “work flow” system. The system logs all of the activity.
The work flow system assigns the call center information randomly to one of twenty customer
service center representatives. (Customer service center representatives are separate from the call
center staff). Each customer service center representative logs onto the Sapo system and
examines their work queue which consists of customer refund requests. The customer service
center representative then pulls the yellow copy of the refund request from the customer’s file,
verifies that the customer information is correct and then checks that the order refund request is
appropriate considering the purchase date and amount. The Sapo system maintains a history of
account activity for each customer.
Once the customer service center representative has completed the review, the yellow copy is
signed, dated and initialed and then returned to the customer file. The work queue is marked
complete and the Sapo system then assigns the request to a random employee in the Treasury
department for review and final approval.
The Treasury department is located in Ocracoke, North Carolina. They receive the pink copy of
the customer refund request, which is faxed from Leland. When each employee in Ocracoke logs
on the Sapo system, they review their work queue to see the customer refund requests that have
been assigned to them by the system. Each request in the system is then matched against the
faxed pink copy and the amounts are verified against the Sapo customer history file. They then
initial and date the fax form and file it in sequential order. When complete, they approve the
refund request in the work queue system. The next business day after the refund request has been
approved, checks are printed, burst, stuffed and mailed from the data center in Charlotte, North
Carolina.
Hot Line
The company has a “hot line” and recently received a number of calls (all but one were
anonymous) that an inside ring was stealing fairly significant amounts of money using the refund
process. Hikers ‘R Us recently implemented their “Window to the World” policy that all fraud
allegations would be detailed and publicized so that their shareholders, employees and vendors
would be able to see all allegations. This would serve as a deterrent to any fraudsters.
You contacted the one identified person making the allegation and found that he is now
completely uncooperative. All he would say is that as an employee, he is unhappy because
despite working hard, he has not gotten a raise in years. He also said he has spotted two Porsches
and three Hummers in the company parking lot that were not there before and wonders how
employees can afford these.
Refund Supervisor
The supervisor of refunds informs you that there is no problem. With the economy in bad shape,
people are cutting back on camping, but now seem less reluctant to ask for a refund. He said
some customers are definitely taking advantage of the liberal refund policy. He is also annoyed
that you are even asking about this, stating that he was just audited by Poe, Pollock and
Cartwright, a small regional auditing firm. The audit proved there were no problems. Due to
forced cutbacks his staff is now working overtime. With all that is going on he asks that any
further questions be cancelled or deferred.
Management Request
Management also doesn’t think there is a problem, but they would like for you to take a look.
You’ve decided to set up a “brain storming” session using the guidelines of SAS 99 and
suggested brainstorming approaches such as those recently published (selected articles on CD).
The brain storming sessions have been fruitful and identified a number of potential fraud risk
areas:
As a result of those brain storming sessions, the following expectations have been set out:
1. Because call center contacts are assigned randomly, each call center employee should
have roughly the same number of customer authorizations
2. The refund process typically takes 4 – 6 days from start to finish. There should be few
instances where the timeline is different
3. There should be few refunds made to employees
4. The Sapo system log of check numbers issued should contain no gaps
5. Because the refund amounts are based on actual sales, they should follow the pattern
expected using Benford’s law
6. There should be no duplicate refunds
7. There should be no refunds which exceed the purchase costs
8. Because refunds are based on actual sales, there should be few round number amounts
9. Since the call center is only open during regular business hours there should be no
approvals outside those hours
10. There should be a close correlation between sales and refunds
11. The separation of duties system is working as intended
IT Department
The computer division has a special group of analysts - Online Sales Consultants (OSC) who
routinely monitor the Sapo transactions in order to identify marketing trends, business
opportunities, etc. They have provided you with all the data for the last quarter. This data
consists of about 10,000 transactions which have been loaded into an Excel workbook and
broken out into five work sheets as follows:
1. Cusromer Refund
2. Call Center
3. Treasury
4. Accounts Receivable
5. Employee
Mission
Your mission, should you decide to accept it, is to look at these transactions and provide an
independent assessment to management regarding fraud risk.
Tasks – using the data provided, go through the risk areas identified. Determine if there are any
fraud indicators which might merit a further investigation.
CallDate
Call Time
Call Employee
Customer
Amount
Customer
Refund amount
Call Employee
Customer Balance
Treasury – information from the refund disbursements log, combined with customer refund
information
Customer
Refund amount
Authorization
Check Date
Check Number
Customer last name
Customer first name
Customer street address
Customer City
Customer State
Customer
Refund amount
Authorizer
Authorization date
Authorization time
Customer last name
Customer first name
Customer street address
Customer City
Customer State
Refunds – All of the information above (except employee information) has also been combined
onto a single worksheet, should you wish to work with one worksheet instead of many.
Getting Started
For each of the eleven expectations, design a test to determine if the expectation has been met or
not. For example, the first expectation is that because the calls are assigned randomly in the call
center, there will be about the same number of calls handled by each employee.
Whether this is, in fact, the case, could be determined by preparing a summary of refunds by
employee.
Each of the other expectations can be checked using one or more of the tools discussed during
the session.
Expectation 1
1. Because the call center uses an automated system, each employee should be handling roughly
the same number of customer calls over the period of review.
Expectation 2
2. The refund process typically takes 4 – 6 days from start to finish. There should be few
instances where the timeline is different
One approach is to prepare a data stratification based upon the number of elapsed days contained
in each transaction. This can be done either as a single step or as a two step process.
The two step process would involved having the system make a calculation as to the number of
days elapsed. The second step would be to do a data stratification using this calculated amount.
The single step process involves doing a data stratification on the calculated amount.
Expectation 3
This test can be performed by doing a match on last name and first name between the employee
master and the treasury log of checks issued. This will require the use of a macro and SQL code
to perform the match.
The SQL code should match up the work sheets Employee and Treasury in order to identify any
instances where two rows exist which meet the following conditions:
Expectation 4
4. The Sapo system log of check numbers issued should contain no gaps
A simple check is to run a gap test on the checks issued by the Treasury department. The check
would be made using the check number.
Expectation 5
5. Because the refund amounts are based on actual sales, they should follow the pattern expected
using Benford’s law
This test can be performed using Benford’s law on the refund amounts. It may also be instructive
to run a pattern analysis using Benford’s law, be employee to determine if any employees have
refunds whose Benford pattern differs significantly from that which is expected.
Expectation 6
Potential duplicates can be identified by specifying the names of the columns to be tested. For
example, customer, refund amount. Another example might be customer, check date.
Expectation 7
The refund amount (column “E” on the Combined work sheet) should always be less than the
customer balance (column “F”).
Expectation 8
8. Because refunds are based on actual sales, there should be few round number amounts
This can be tested using the round number analysis. Also, a pattern test can be used for
differences in round number amounts between customer service representatives. This test will
identify if any employee has a pattern of round number refunds which differs significantly from
those of all other employees.
Expectation 9
9. Since the call center is only open during regular business hours there should be no approvals
outside those hours
One check that can be performed is to look for transaction approvals outside normal business
hours. Several tests are available, such as population statistics and data extraction.
Expectation 10
Possibly the first step is to simply plot the aggregate sales and refunds by day or week to
determine the overall trend, and correlation, if any.
This step can be refined by looking at individual employees, possibly focusing on those with the
largest dollar amount of refunds.
Expectation 11
One test that could check for separation of duties is to check for any of the following conditions:
Expectation - 1
Because the call center uses an automated system, each employee should be handling
roughly the same number of customer calls over the period of review.
Expectation - 2
As the refund process is largely automated, the length of time from when the call
comes in until the refund is issued will be 4 - 6 business days.
Expectation - 3
Most employees can purchase hiking goods at a substantial discount through a payroll
deduction plan. Because these terms are very attractive, refunds are not made to
employees. It is expected that very few, if any, employees will receive refunds.
Expectation - 4
Because the disbursement system is almost 100% automated, the check register
should be complete with no gaps in check numbers of refunds issued.
Expectation - 5
Because the refund amounts are the result of computations, their distribution should
generally follow that expected using Benford's Law.
Expectation - 6
Because of all the validation controls in the system, there should be no duplicate
refunds issued to customers.
Expectation - 7
As the system is automated, there should be no instances where a customer is
refunded an amount greater than the amount the customer actually paid for the goods.
Expectation - 8
because of the pricing amounts and sales tax, it should be quite unusual for there to be
round numbers in refund amounts.
Expectation - 9
As the business is open only during standard business hours, there should be few, if
any, approvals outside of normal business hours.
Expectation - 10
As refunds tend to lag sales, there should be a general correlation between sales and
refunds, particularly as to trends.
Expectation - 11
The key control of separation of duties is enforced by the system and should be
operating as intended.
Performing Analytical Procedure
1. Refunds
2. Accounts Receivable
3. Call Center Employees
4. Treasury (Paid refund checks)
5. Call Center activity
6. Customer Service
7. Revenue
Refunds
Field Type Null Key Default Extra
Call_Date date Date the call came in
Call_Time time Time the call came in
Initials of the call center
Call_Center_Employee varchar(50)
employee
Customer varchar(50) Customer number
Amount decimal(10,2) Amount of refund
Balance on customer's
Customer_Balance decimal(10,2)
account
Treasury_Auth varchar(50) Approval id in Treasury
Check_Date date Date of refund check
Check_Number int(11) Refund check number
Lastname varchar(50) Customer last name
Firstname varchar(50) Customer first name
Address varchar(50) Customer street address
City varchar(50) Customer City
CSState varchar(5) Customer State
Customer Service
Cust_Serv_Auth varchar(50)
Approver
CS_Auth date Date of authorization
Auth_Time time Time of authorization
Sales_date date Date of sale
Accounts Receivable
Field Type Null Key Default Extra
Customer varchar(20) Customer number
Refund_Amount decimal(10,2) Refund Amount
Customer account
Customer_Balance decimal(10,2)
balance
Call Center Employees
Field Type Null
LASTNAME varchar(50) Employee last name
FIRSTNAME varchar(50) Employee first name
MIDNAME varchar(50) Employee middle initial
DOB date Date of birth
ADDRESS varchar(50) Address
CITY varchar(50) City
ESTATE varchar(50) State
ZIP varchar(50) Zip Code
Phone varchar(50) Telephone number
Call Center Activity
Field Type Null Key Default Extra
Call_Date date Date call came in
Call_Time time Time call came in
Call_Employee varchar(20) Employee initials
Customer varchar(20) Customer number
Amount decimal(10,2) Refund amount
Sales_Date date Sales dates
Customer Service
Field Type Null Key Default Extra
Customer varchar(20) Customer number
Refund_Amount decimal(10,2) Refund amount
Auth varchar(20) Approver id
Auth Date date Approval date
Auth Time time Approval time
Revenue
Field Type Null Key Default Extra
Customer varchar(20) Customer number
Invoice_Amount decimal(10,2) Invoice amount
Auth varchar(20) Approver
Sales_Date date Invoice date
Invoice_Number integer Invoice number
Last_Name varchar(20) Last name
First_Name varchar(20) First name
Address varchar(20) Address
City varchar(20) City
State varchar(20) State
ZIP varchar(20) Zip Code
Phone varchar(20) Phone number
Treasury
Field Type Null Key Default Extra
Customer varchar(20) Customer number
Refund_Amount decimal(10,2) Refund amount
Auth varchar(20) Approver
Check_Date date Refund check date
Check_Number int(11) Refund check number
Last_Name varchar(20) Customer last name
First_Name varchar(20) Customer first name
Address varchar(20) Customer address
City varchar(20) Customer city
State varchar(20) Customer State
ZIP varchar(20) Customer zip code
Phone varchar(20) Phone number
Summarization as an analytical tool
Data summarization can be an effective analytical tool which is very useful in fraud
investigations. There is one investigation objective which can be met using
summarization:
Expectation - 1
Because the call center uses an automated system, each employee should be handling roughly the
same number of customer calls over the period of review.
Click on the video link below to see an overview of the process to summarize data
Length 3:00
Fraud_Detection_Summarization_su1.mp4
Click on the video link below to see a demonstration of the process to summarize
data Length 4:39
Fraud_Detection_Summarization_su2.mp4
Data extraction as an analytical tool
Data extraction is a powerful analytical tool which is very useful in fraud
investigations. It allows for the testing of specified conditions on a 100% basis. There
are three expectations which can be tested using data extraction.
Expectation 2
As the refund process is largely automated, the length of time from when the call comes in until
the refund is issued will be 4 - 6 business days.
Expectation 3
Most employees can purchase hiking goods at a substantial discount through a payroll deduction
plan. Because these terms are very attractive, refunds are not made to employees. It is expected
that very few, if any, employees will receive refunds.
Expectation 7
Length 4:16
Fraud_Detection_Data_extraction_de2.mp4
Selection of round numbers
Round numbers are often an indication of estimates, which may or may not be
appropriate, depending upon the circumstances. In some cases, round number
amounts are a "red flag" There is one investigation objective which can be met by
testing for round numbers.
Expectation - 8
Because of the pricing amounts and sales tax, it should be quite unusual for there to be
round numbers in refund amounts.
Click on the video link below to see audit uses for round number tests.
Length 2:19
Fraud_Detection_Selection_of_round_number_transactions_rn.mp4
Click on the video link below to see a demonstration of the process to identify round
numbers.
Length 3:17
Fraud_Detection_Selection_of_round_number_transactions_rn2.mp4
Trend line analysis - spotting the unusual (2:57)
Trend lines indicate the norm or expectation. Fluctuations, "spikes" etc. can indicate a
"red flag" which should be investigated. There is one investigation objective which
can be met using trend lines:
Expectation - 10
As refunds tend to lag sales, there should be a general correlation between sales and refunds,
particularly as to trends.
Trend line analysis can be done by first summarizing data by date using the ageing function and
then comparing and plotting that data using Excel.
Click on the video link below to see a demonstration of the process to summarize data.
Length 2:27
Fraud_Detection_Trend_analysis_spotting_the_unusual_2_57_tr0.mp4
Because the disbursement system is almost 100% automated, the check register should be
complete with no gaps in check numbers of refunds issued.
Click on the video link below to see a demonstration of the process to identify missing document
numbers through the use of the numeric sequence gaps function.
Length 2:29
Fraud_Detection_Gaps_what_you_see_is_interesting_what_you_DON_T_see_is_crit
ical_2_29_gp0.mp4
Odd hour transactions
Transactions performed at odd hours should also be investigated, in many cases.
There is one investigation objective which can be met using tests based upon
transaction times:
Expectation - 9
As the business is open only during standard business hours, there should be few, if any,
approvals outside of normal business hours.
Click on the video link below to see a demonstration of the process to check for specific
transaction times.
Length 3:34
Fraud_Detection_Odd_hour_transactions_3_34_time.mp4
Identify the five largest and smallest invoices. Secondarily, narrow the test to invoices
originating from vendors in California.
Click on the video link below to see a demonstration of the process of identifying the largest
amounts from a population of transactions or other data.
Length 4:00
Fraud_Detection_Liars_and_outliers_4_00_ol.mp4
Benford's Law - looking out for number one
Benford's law is a classic approach to the identification of "made up" amounts. There
is one investigation objective which can be met using Benford's Law:
Expectation - 5
Because the refund amounts are the result of computations, their distribution should generally
follow that expected using Benford's Law.
Click on the video link below to see a an overview of Benford's law.
Length 8:29
Fraud_Detection_Benford_s_Law_looking_out_for_number_one_8_29_ben.mp4
Click on the video link below to see a demonstration of the process to test the
application of Benford's law.
Length 2:51
Fraud_Detection_Benford_s_Law_looking_out_for_number_one_8_29_ben1.mp4
EXERCISE 1 - SUMMARIZATION
The first expectation was that the number of refunds issued would be roughly the
same per customer service representative because the system has an automated system
for assignment of calls to representatives and each representative would spend
approximately the same time with each customer, on average.
This expectation can be tested by summarizing the refund amounts by call center
representative and looking at the results obtained. In order to do this, the following
steps should be taken:
Which employee had the largest number of transactions and dollar amount of
transactions?
Answer to exercise
Next exercise
Exercise 1 - Data Summarization (answer)
Click the video below to see the answer to this exercise. Length 3:12
Fraud_Detection_Answer_Exercise_1_3_12_ex1.mp4
Exercise 2 - Data extraction
Data extraction can be used to check several of the expectations. The first of these
expetctations are that the number of elapsed business days is 4 - 6 for refund checks to
be issued once the refund request has come in.
This expectation can be checked by having the system examine the elapsed days
between the date the check is issued and the date that initial request was received and
approved in a phine call.
In order to determine the number of elapsed days between two dates, the built in
MySQL function "datediff" can be used.
To make this determination use the menu item "Numeric Functions|Statistics" and
enter the following information into the "where (criteria) box:
datediff(Check_Date,Call_Date) not between 4 and 6.
This statement, in English, means summarize all the refund amounts where the
difference between the check date and the call date were not between 4 and 6.
After you have run this test, provide the following information.
How many transactions did not have a check issued within 4 - 6 days after the call
date?
Length 4:59
Fraud_Detection_Answer_Exercise_2_4_59_ex2.mp4
Exercise 3 - Round numbers
There was an expectation that refund amounts should generally not be round numbers
because the amount of the refund is based on the actual sales price plus tax and
shipping.
Length 2:20
Fraud_Detection_Answer_Exercise_3_2_20_ex3.mp4
Exercise 4 - Trend Analysis
One of the expectations was that there should be a general correlation between the
number and amount of refunds and the amount of sales. This is based upon the
reasoning that the percentage of refunds will tend to remain constant.
One of the tests for this is to simply see what the trend has been for sales over the
recent period and then compare that trend with refunds which have been issued.
This can be accomplished using the ageing function and the following steps:
Because the company uses an automated system to issue refund checks, they have the
expectation that the refund checks are issued using sequentially numbered checks.
Thus, one of the expectations is that a test of the check numbers for refund checks will
not disclose any missing check numbers. This can be tested by using the following
procedure:
Length 2:04
Fraud_Detection_Answer_Exercise_5_2_04_ex4.mp4
Exercise 6 - Identify "odd" hour transactions
Exercise 6 - Identify "odd" hour transactions
Did your analysis confirm that there are no authorizations outside of regular business
hours?
If there were authorizations outside of normal business hours, during what time did
they occur?
Fraud_Detection_Answer_Exercise_6_4_27_ex6.mp4
Exercise 7 - Liars and Outliers
For this exercise determine the five largest refunds issued overall as well as the five
largest refunds approved by the call center representative "CF". This can be
accomplished by performing the following steps:
To find the five largest refunds issued by the call center representative "CF" it will be
necessary to provide criteria which limits the test to just those transactions handled by
"CF". That criteria would be specified as follows:
`Call_Center_Employee` = 'CF'
Note that the column name for call center employee contains blanks so therefore it
must be enclosed by opening apostrophes - this character is found in the upper left
portion of the keyboard just to the left of the number "1" key. The initials of the
employee should be enclosed in a single apostrophe.
Take care in entering this criteria information, otherwise an error will occur. (You
may want to copy and paste this text into the Criteria box on the form).
What was the largest refund amount approved and issued by this employee?
Length 7:32
Fraud_Detection_Answer_Exercise_7_7_32_ex7.mp4
Exercise 8 - Looking out for #1
The purpose of this exercise is to test the expectation that refund amounts will
generally conform with the amounts predicted by Benford's Law. The reason for the
expectation is that refund amounts are based on actual sales amounts which have a
fairly high range from low to high and are based upon calculated amounts. Also, there
is no single "best seller" that would tend to skew the dollar amounts.
The test of this expection can be performed using the following steps:
Does it appear that the refund amounts do in fact follow Benford's Law?
The short video narratives in this section walk through the process used to develop
and implement an electronic audit program for the specific program steps in this
exercise to investigate and detect fraud.
Click on the link below to see an overview of the process
Length: 2:04