Fraud Indicators
Fraud Detection Resources for Auditors[1]
General Fraud Indicators
General fraud indicators are, as the name implies, applicable to any audit area. During the audit, auditors should always consider the general fraud indicators in addition to indicators specifically related to the audit area under review. The list of general fraud indicators presented below is not meant to be all-inclusive and should not preclude auditors from identifying and considering other indicators.
Management override of key controls.
Inadequate or weak internal controls.
No written policies and procedures.
Overly complex organizational structure.
Key employee never taking leave or vacation.
High turnover rate, reassignment, firing of key personnel.
Missing electronic or hard copy documents that materialize later in the review.
Lost or destroyed electronic or hard copy records.
Photocopied documents instead of originals. Copies are poor quality or illegible.
“Unofficial” electronic files or records instead of “archived” or “official” files or records.
Revisions to electronic or hard copy documents with no explanation or support.
Use of means of alteration to data files.
Computer-generated dates for modifications to electronic files that do not fit the appropriate time line for when they were created.
Missing signatures of approval or discrepancies in signature/handwriting.
Computer report totals that are not supported by source documentation.
Lengthy unexplained delays in producing requested documentation.
Management Related Fraud Indicators
Management sets the tone of an organization through its control environment. An organization’s control environment is the foundation of all other internal control components. An organization’s control environment includes integrity and ethical values, management philosophy, organizational structure, and self-governance. For a DoD contractor, active participation in a compliance program, integrity reporting, and the DoD Voluntary Disclosure Program are key parts of its control environment. The control environment provides both discipline and structure to the organization; therefore, auditors must consider management characteristics and influence over the control environment not only as fraud risk factors but also as fraud indicators along with the general and audit specific fraud indicators. Sometimes general and management fraud indicators are the same due to the control environment being an integral part of every review. Possible management fraud indicators are listed below. This list is not meant to be all-inclusive and should not preclude the auditor from considering other fraud indicators that they might identify.
Failure to display and communicate an appropriate attitude regarding the importance of internal control, including a lack of internal control policies and procedures; ethics program; codes of conduct; self-governance activities; and oversight of significant controls
Displaying through words or actions that senior management is subject to less stringent rules, regulations, or internal controls than other employees
Significant portion of compensation being incentive-driven based on accomplishment of aggressive target goals linked to budgetary or program accomplishments or stock prices
High turnover of senior executives or managers
Hostile relationship between management and internal and/or external auditors. This would include domineering behavior towards the auditor, failure to provide information, and limiting access to employees of the organization
Failure to establish procedures to ensure compliance with laws and regulations and prevention of illegal acts
Indications that key personnel are not competent in the performance of their assigned responsibilities
Adverse publicity concerning an organization’s activities or those of senior executives
Lack of, or failure to adhere to, policies and procedures requiring thorough background checks before hiring key management, accounting, or operating personnel
Inadequate resources to assist personnel in performing their duties, including personal computers, access to information, and temporary personnel
Failure to effectively follow-up on recommendations resulting from external reviews or questions about financial results
Nondisclosure to the appropriate Government officials of known noncompliances with laws, regulations, or significant contract or grant provisions
Directing subordinates to perform tasks that override management or internal controls
Undue interest or micromanagement of issues or projects that most knowledgeable individuals would identify with a substantially lower level manager
A manager that claims disinterest or having no knowledge about a sensitive or high profile issue in which you would expect management involvement
Constant over usage or inappropriate use of cautionary markings on management or organizational documents such as “Attorney Client Privilege/Attorney Work Product,” “For Official Use Only,” or other markings indicating an item is business sensitive or has a higher security classification than is appropriate.