<< To Case Study List

Computer Forensics: Financial Audits & Internal SOX Controls

Case Study

By: Michael McCartney, President, DIGITS LLC & Thomas Devereaux, CPA, CFE, Tronconi Segarra and Associates, CPA

What do you do when you suspect one of your employees may be violating the biggest trust given them within your organization - embezzling money.   It is a problem that faces every organization, public or private.  With the economic crisis at a feverish pitch, desperate times can lead to desperate measures by even the most ethical and law abiding employees.  Computer Forensics can add a critical tool in fighting fraud.

According to the Report to the Nation 2010 by the Association of Certified Fraud Examiners[1], Occupational fraud losses are estimated to be at 5% of annual revenues.  When applied to the World Gross Product, that translates to approximately $2.9 Trillion per year.  In addition, the median loss to occupational fraud was $160,000 with about one quarter of those surveyed losing over $1 million.  Most troubling is the fact that most occupational fraud continues for years before they are detected.  On average, the fraud lasted 18 months from the time it began until it was detected by the victim organization.

So what can you do to better protect yourself and mitigate the losses to fraud, waste and abuse in your organization?  Whether you're a private or public company, internal audits focus on specific transaction cycles and may not identify issues through their routine procedures and external audits are not designed to specifically detect fraud.  Consider the follow scenario which occurs regularly throughout corporate America:

A twenty-year employee who works in the finance department of XYZ Corp is responsible for processing all vendor payments.  Over the last couple of years, the company has seen a slight loss in net income even though sales have steadily increased year over year.  This employee has not taken a vacation in over 3 years and is going through a very bitter divorce.  A routine external audit does not specifically identify any potential wrong doing.

Through a random computer forensic examination of the employee's computer, critical electronic evidence is discovered that reveals the scheme.  Numerous deleted and windows temporary files are recovered showing thousands of phony invoices being prepared in the name of existing vendors as well as a ghost vendor established by the employee.  These fake invoices were paid by XYZ Corp even though there were no supporting documents to substantiate the invoices.  The investigation also determined that these checks were being cashed at a different bank than those used by the existing vendors.  The forensic examination also shows that the employee is accessing his ghost vendor bank account over the internet from his corporate laptop.  After presenting this forensic evidence to the auditors and with the assistance of outside investigators, the scheme unravels and the employee confesses to the fraud. 

The case highlights the power of using computer forensics in conjunction with internal and/or external audit committees to completely examine the records of potential fraud. 


[1] 2010 Report To the Nations on Occupational Fraud and Abuse.  Association of Certified Fraud Examiners (ACFE) http://www.acfe.com/rttn-highlights.aspx


Digital Forensics Newsletter