Forensic Accounting &Fraud Detection

🔍

Section 1 — Basic Concepts of Forensic Accounting

Definition, scope, types, India context, and comparison with regular audit

+

What is Forensic Accounting?

Forensic accounting is a specialised field that explores fraud and examines historical financial data which can be used in legal proceedings. It is a sensible blend of accounting, auditing, and investigative skills to conduct financial fraud enquiries — useful for court action and analytical accounting.

1. Litigation Support Services

Providing assistance in cases that involve existing or anticipated disputes or litigation. Forensic accountants assist lawyers in preparing financial claims, calculating damages, and providing expert testimony in court.

2. Investigative / Fact-Finding Services

Look for evidence of unusual developments in accounting and financial systems
Design accounting processes for verifying important premises and data
Perform audit-type processes on a routine schedule to reduce transaction processing risks
Conduct surveillance across broad business locations to monitor all transaction processing systems

Scope of Work — Forensic Accountants

Almost every accounting firm today has a forensic accounting section. Sub-specialisations include: insurance applications, personal injury declarations, fraudulence investigation, construction audits, and royalty audits.

Unique to India: There is a specific category of forensic accountants known as Certified Forensic Accounting Professionals (CFAP). Forensic accountants may also offer services in retrieving profits from crime and in relation to appropriation proceedings relevant to proceeds of crime or suspicious transfer of funds.

Forensic Accounting in India

Given the nature and types of fraud in India, the Reserve Bank of India (RBI) has made forensic accounting audit mandatory for all banks. The establishment of the Serious Fraud Investigation Office (SFIO) has been the turning point for forensic accountants in the country.

📈 Growing online criminal offences 🏦 Cyber-security fraud detection failures 🏛️ Co-operative banks going bust

Forensic Accounting vs. Regular Audit

Dimension	Forensic Accounting	Regular Audit
Mindset	Investigative mentality — looks for fraud	Professional scepticism — verifies accuracy
Corroboration	Requires more extensive corroboration of evidence	Standard evidence-gathering procedures
Materiality	May focus on seemingly immaterial transactions	Focuses on material misstatements
Scope	Looks for fraud indicators beyond financial statements	Limited to financial statement scope
Output	Evidence suitable for legal proceedings	Audit opinion on financial statements
Legal use	Directly used in court as evidence	Not primarily designed for court use

⚠️

Section 2 — What is Fraud? Types & Legal Definitions

Companies Act definition, SA 240, 7 types of fraud, digital fraud categories

+

Definition of Fraud

General Definition

Fraud is a type of criminal activity defined as: abuse of position, false representation, or prejudicing someone’s rights for personal gain. Simply put — an act of deception intended for personal gain or to cause a loss to another party.

Companies Act, 2013

Any act, omission, concealment of any fact, or abuse of position committed by any person — with intent to deceive, to gain undue advantage, or to injure the interests of the company, its shareholders, creditors, or any other person — whether or not there is any wrongful gain or wrongful loss.

SA 240 — ICAI (Para 11a)

An intentional act by one or more individuals among Management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.

7 Types of Fraud

1. Trojan Horse Fraud

Frauds submitted in two stages. In the first stage, the fraudster tests the flexibility and quality of a control. If controls are weak, the actual fraud is executed in the second stage. Named after the Greek mythological wooden horse used to infiltrate Troy.

2. Disaster Fraud

Intentional deception to defraud individuals and the government following a natural disaster. Includes: charitable solicitation fraud, price gouging, insurance fraud, and forgery of loss documents.

3. Achilles Heel Fraud

The fraudster identifies the weakest link in a control system and exploits it. Named after the legendary warrior Achilles, who was invincible except for his heel — which was ultimately the cause of his defeat. Requires sharp analytical skills and attention to detail.

4. Corporate Espionage (Spying)

Includes: trespassing on competitor property, posing as a competitor’s employee, wiretapping, hacking into computer systems, attacking competitor websites with malware. Referenced in films: Inception, Duplicity

5. Technical Fraud

Fraud that happens in plain sight but goes undetected because technical aspects are outside the understanding of management. Example: A vendor mixes 10% scrap with raw material, pocketing the savings — amounting to ₹25 lakhs/year — while still meeting quality specifications.

6. Bank Fraud

Highest potential fraud area — the raw material is money itself. Insiders: manipulate funds, loans, teeming and lading. Outsiders: fabricated/duplicated demand drafts, altered cheques, bills of exchange. Borrowers: inflate inventories in hypothecation agreements.

7. Digital Fraud

Fraud committed using digital means and technology. Includes multiple sub-categories:

BEC — Business Email Compromise

Bogus Invoice Scheme — attackers pose as foreign suppliers requesting fund transfers
CEO Fraud — pose as CEO, email finance team to transfer funds
Account Compromise — hack executive email, request vendor invoice payments
Data Theft — target HR/accounts for PII and tax data for future attacks

EAC — Email Account Compromise

Attacker actually IS you — compromises your real email account via phishing/malware. Two victims always: account owner + person who receives the fraudulent request.

BEC: infobankofbaroda@gmail.com (fake domain)
EAC: info@bankofbaroda.com (real account, compromised)

Digital Attack Types

Data Breach

An incident where information is stolen from a system without the knowledge or authorisation of the owner. Most data breaches are attributed to hacking or malware attacks.

Denial of Service (DoS)

An attack meant to shut down a machine or network by flooding the target with traffic or sending crash-triggering information. Most common type: Buffer overflow attacks.

Malware

Malicious software delivered over a network that infects, explores, steals, or behaves as an attacker wants. Types include viruses, worms, trojans, spyware, and ransomware.

Ransomware

A form of malware that encrypts a victim’s files. The attacker demands a ransom (often in Bitcoin) to restore access. Costs can range from a few hundred dollars to thousands.

Phishing

A social engineering attack where an attacker masquerades as a trusted entity to dupe a victim into opening a malicious email, message, or link — stealing credentials or financial data.

🚩

Section 3 — Red Flags, Green Flags & Detection Rules

9 red flag categories, TGTBT syndrome, 4 rules for discovering red flags

+

What is a Red Flag?

Just as a doctor searches for symptoms of disease (rash, temperature, blood pressure changes) before ordering further tests — an auditor searches for red flags: symptoms of malpractice. When such warnings are noticed, further investigations like forensic analysis, data analytics, and document examination are launched.

9 Key Red Flags

1. Close Nexus with Outsiders

A senior employee maintaining unusually close personal relationships with vendors, borrowers, or external parties — e.g., going on foreign trips with a borrower, accepting gifts. Compromises independence and objectivity.

2. Sudden Losses

A profitable organisation suddenly reporting massive losses. Often indicates that losses were simmering under window-dressed records — caused by diversion of funds, inflated costs, or suppressed income — and the bubble has finally burst.

3. TGTBT — Too Good to Be True (Green Flag)

When something appears so amazing it seems unreal. Example: An employee who is always first to arrive and last to leave, always volunteers for extra work. “All that glitters is not gold.” Extreme green flags become suspicious.

4. Generation of ‘Vagrant’ Reserves

Assets held in a custodial capacity with no accountability — trust funds, cash collection boxes, donations. Neither the contributor nor the recipient actively monitors use. These unaccounted pools are prime targets for fraudsters.

5. Disaster Circumstances

Events where books have been lost or damaged — fires, earthquakes, floods. Such situations provide ideal cover for fraudsters to destroy evidence and claim unavailability of records.

6. Missing Documentation

Files lost during office moves, records inexplicably missing, supporting documents for entries unavailable. The larger the organisation, the greater the chance of genuine losses — but also the greater the opportunity for deliberate destruction.

7. Chaotic Conditions

Records are financially past due, untidy, or unreconciled — often deliberately manufactured. The excuse given is staff shortage, but the chaos conveniently conceals underlying fraudulent entries and unreconciled balances.

8. Irrational Conduct

Employees living “double lives” — different behaviour with different groups. Acting perfectly rational while concealing criminal acts. Signs: sudden lifestyle changes, intense secrecy, unusual stress or irritability during audit periods.

9. Role of the Forensic Accountant

At this stage the forensic accountant steps in: collecting evidence, tracing asset flows, reconstructing records, and preparing a report suitable for legal proceedings.

Red Flags vs. Green Flags

🚩 Red Flags

Deficiencies in stocks
Missing reports or documents
Missing cheques
Shortfall in collections
Unexplained modifications in records

Clear signs that something is wrong and negative to the entity.

🟢 Green Flags (TGTBT)

Signs that suggest everything is fine — a false sense of security. When extreme, they become “Too Good To Be True.”

Employee never takes leave (cannot hand over to others — concealing fraud)
Consistently “above target” performance
Unusually generous or helpful behaviour
Volunteering for tasks outside one’s scope

4 Rules to Discover Red Flags

Rule 1 — Know the Business & Industry

Acquire knowledge of the business and industry in as much detail as possible. Industry knowledge helps identify what is “normal” vs. what is unusual.

Rule 2 — Assess Internal Controls

Evaluate the reasonableness of key internal controls — from both extremes. Controls that are too weak OR too strong can both indicate adverse conditions.

Rule 3 — Apply the COF Test

Clues — Opportunities — Findings. Compare all industry/business facts alongside control irregularities and unusual audit findings. Cross-reference everything.

Rule 4 — Apply Impartial Judgment

Staying late occasionally may be normal. Always staying late, wanting to work beyond one’s authority, spending personal funds for the company — too many of these together are suspicious. Exercise professional caution and remain objective.

🔺

Section 4 — The Fraud Triangle & Fraud Diamond

Cressey’s three-element model and Wolfe & Hermanson’s four-element extension

+

The Fraud Triangle — Cressey (1953)

All three elements must coexist for occupational fraud to occur. Remove any one element and the fraud cannot happen — this principle drives the entire framework of internal controls design.

🔥 Incentive / Pressure

The motivation to commit fraud

Bonuses tied to a financial metric
Personal financial incentives or greed
Investor and analyst expectations
Fear of job loss or demotion
Personal debt, addiction, gambling

🚪 Opportunity

Weak controls create the opening

Weak internal controls
Poor tone at the top
Inadequate accounting policies
No segregation of duties
No surprise audits

💭 Rationalisation

Internal cognitive justification

“They treated me wrong”
“Upper management is doing it too”
“There is no other solution”
“I’ll pay it back eventually”
“The company owes me this”

The Fraud Diamond — Wolfe & Hermanson (2004)

The Fraud Diamond adds a fourth critical element: Capability. Even with Pressure + Opportunity + Rationalisation, the person must have the skills and position to actually execute and conceal the fraud.

💎 The 4th Element — Capability

Having the right organisational position or function to take advantage of fraud opportunities
Having the appropriate expertise to exploit fraud opportunities
Having the confidence or ego to take advantage of opportunities

Being able to coerce others to participate in fraudulent activities
Being able to deal with the stress associated with committing fraud
Being a convincing liar and maintaining composure under scrutiny

🌳

Section 5 — The Fraud Tree (ACFE Classification)

Corruption, Asset Misappropriation, and Financial Statement Fraud — with all sub-schemes

+

The Fraud Tree, developed by the Association of Certified Fraud Examiners (ACFE), classifies all occupational fraud into three main branches. Research shows that asset misappropriation is the most common type, while financial statement fraud causes the largest losses.

Branch 1 — Corruption (~33% of all frauds)

Conflicts of Interest

The fraudster exerts influence to achieve personal gain that detrimentally affects the company. May not benefit financially but receives an undisclosed personal benefit. Example: a manager approves inaccurate expenses of a personal friend to maintain that friendship.

Bribery

Money or something of value is offered to influence a decision or situation in the fraudster’s favour. Includes kickbacks to procurement officers, payments for contracts, and gifts to officials.

Extortion

The opposite of bribery — money is demanded (rather than offered) in order to secure a particular outcome. The victim pays under coercion or threat.

Branch 2 — Asset Misappropriation (most common)

Sub-Scheme	Definition
Cash Theft	Stealing of physical cash (e.g., petty cash) from company premises
Skimming	Incoming payment is stolen before it is recorded on the company’s books
Cash Larceny	Incoming payment is stolen after it has been recorded on the company’s books
Billing Schemes	Fraudulent invoices submitted for fictitious goods/services, inflated invoices, or personal purchases
Payroll Schemes	Employee makes employer issue payment via bogus claims for compensation (ghost employees)
Expense Reimbursement Schemes	Employee claims reimbursement of fictitious or inflated business expenses
Check Tampering	Person steals funds by intercepting, forging, or altering a cheque or electronic payment
Register Disbursements	Employee makes false entries on a cash register to cover fraudulent removal of cash
Inventory Fraud	Theft of inventory from the company
Misuse of Assets	Employees using company assets for personal benefit

Branch 3 — Financial Statement Fraud (largest losses)

A scheme where an employee intentionally causes a misstatement or omission of material information in the organisation’s financial reports. This is the least common but causes the largest financial losses and reputational damage.

Revenue Inflation

Fictitious sales, channel stuffing, premature revenue recognition, round-trip transactions.

Expense Understatement

Capitalising expenses that should be written off, under-provisioning for bad debts, cookie-jar reserves.

Asset Overstatement

Overstating inventory, inflating intangible assets, not writing down impaired assets.

🛠️

Section 6 — Forensic Accounting Detection Techniques

Benford’s Law, RSF, CAATs, Data Mining, Ratio Analysis — with formulas

+

Forensic accountants use a combination of mathematical tools, computer-assisted techniques, and analytical methods to detect fraud patterns in large volumes of financial data.

i. Benford’s Law

A mathematical tool to determine whether a variable is a case of unintentional errors or deliberate fraud. In naturally occurring data, the digit 1 appears as the first digit ~30.1% of the time.

P(d) = log₁₀(1 + 1/d) Digit 1 → 30.1% | Digit 9 → 4.6% Deviation = possible fabrication

ii. Relative Size Factor (RSF)

A powerful test for detecting errors. Identifies subsets where the largest element is out of line with other elements. Also highlights unusual fluctuations that may originate from fraud or genuine errors.

RSF = Largest Record in Subset ÷ Second Largest Record in Subset High RSF = investigate further

iii. CAATs — Computer Assisted Auditing Tools

Computer programs that help the auditor perform auditing procedures such as:

Testing details and transactions
Identifying inconsistencies in large datasets
Statistical sampling of records
Redoing calculations to verify accuracy

iv. Data Mining Techniques

Computer-assisted techniques designed to automatically mine large volumes of data for new and unexpected patterns. Includes:

Discovery — finding unexpected patterns
Predictive modelling — forecasting fraud likelihood
Deviation analysis — identifying outliers
Link analysis — mapping relationships between entities

v. Ratio Analysis

While financial ratios indicate the financial health of a company, data analysis ratios report on fraud health by identifying possible symptoms of fraud. Key ratios to watch:

Days Sales Outstanding (DSO) Gross Margin % Accruals Ratio Receivables Turnover Cash Conversion Cycle Debt-to-Equity