Managerial Auditing Journal

Accountants' perceptions regarding fraud detection and prevention methods

James L. Bierstaker Richard G. Brody Carl Pacini
Article information:
To cite this document:
James L. Bierstaker Richard G. Brody Carl Pacini, (2006),"Accountants' perceptions regarding fraud
detection and prevention methods", Managerial Auditing Journal, Vol. 21 Iss 5 pp. 520 - 535
Permanent link to this document:
http://dx.doi.org/10.1108/02686900610667283
Downloaded on: 19 April 2015, At: 09:02 (PT)
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

References: this document contains references to 34 other documents.

To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 8242 times since 2006*
Users who downloaded this article also downloaded:
Rocco R. Vanasco, (1998),"Fraud auditing", Managerial Auditing Journal, Vol. 13 Iss 1 pp. 4-71 http://
dx.doi.org/10.1108/02686909810198724
Philmore Alleyne, Michael Howard, (2005),"An exploratory study of auditors responsibility for
fraud detection in Barbados", Managerial Auditing Journal, Vol. 20 Iss 3 pp. 284-303 http://
dx.doi.org/10.1108/02686900510585618
Harold Hassink, Roger Meuwissen, Laury Bollen, (2010),"Fraud detection, redress and
reporting by auditors", Managerial Auditing Journal, Vol. 25 Iss 9 pp. 861-881 http://
dx.doi.org/10.1108/02686901011080044

Access to this document was granted through an Emerald subscription provided by 300350 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for
Authors service information about how to choose which publication to write for and submission guidelines
are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company
manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as
providing an extensive range of online products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee
on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive
preservation.

*Related content and download information correct at time of download.

 The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0268-6902.htm

MAJ
21,5 Accountants perceptions
regarding fraud detection and
prevention methods
520
James L. Bierstaker
Department of Accountancy, College of Commerce and Finance,
Villanova University, Villanova, Pennsylvania, USA
Richard G. Brody
School of Business, University of South Florida, St Petersburg, Florida,
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

USA, and
Carl Pacini
Department of Accounting and Finance, College of Business,
Florida Gulf Coast University, Ft Myers, Florida, USA

Abstract
Purpose The purpose of this study is to examine the extent to which accountants, internal auditors,
and certified fraud examiners use fraud prevention and detection methods, and their perceptions
regarding the effectiveness of these methods.
Design/methodology/approach A survey was administered to 86 accountants, internal auditors
and certified fraud examiners.
Findings The results indicate that firewalls, virus and password protection, and internal control
review and improvement are quite commonly used to combat fraud. However, discovery sampling,
data mining, forensic accountants, and digital analysis software are not often used, despite receiving
high ratings of effectiveness. In particular, organizational use of forensic accountants and digital
analysis were the least often used of any anti-fraud method but had the highest mean effectiveness
ratings. The lack of use of these highly effective methods may be driven by lack of firm resources.
Practical implications Organizations should consider the cost/benefit tradeoff in investing in
highly effective but potentially underutilized methods to prevent or detect fraud. While the costs may
seem prohibitive for small organizations, substantial cost savings from reduced fraud losses may also
be significant.
Originality/value By identifying methods that work well for fraud detection and prevention,
prescriptive information can be provided to accounting practitioners, internal auditors, and fraud
examiners.
Keywords Internal auditing, Fraud, Accountants
Paper type Research paper

Managerial Auditing Journal
Vol. 21 No. 5, 2006
pp. 520-535
q Emerald Group Publishing Limited
0268-6902
DOI 10.1108/02686900610667283
Introduction
Recent corporate financial accounting scandals (e.g. Enron, WorldCom, Global
Crossing, Tyco, etc.) have increased concerns about fraud, wiped out billions of dollars
of shareholder value, and led to the erosion of investor confidence in financial markets
(Peterson and Buckhoff, 2004; Rezaee et al., 2004). Globally, the average estimated
loss per organization from economic crimes is $2,199,930 over a two-year period
(PriceWaterhouseCoopers (PWC), 2003). In the USA, the Association of Certified Fraud
Examiners (ACFE) estimates that about six percent of firm revenues, or $660 billion, is
 lost per year as the result of occupational fraud (Association of Certified Fraud Fraud detection
Examiners, 2004). and prevention
Although larger businesses are more likely to experience economic crime, fraud
may be more costly for small businesses (Thomas and Gibson, 2003; method
PriceWaterhouseCoopers (PWC), 2003). The average small business fraud amounted
to $98,000 per occurrence compared to $105,500 per incident for large companies
(Association of Certified Fraud Examiners, 2004). On a per employee basis, losses from 521
fraud can be as much as 100 times greater at small firms than large firms (Association
of Certified Fraud Examiners, 2004; Wells, 2003). In addition, the damage inflicted by
fraud goes beyond direct monetary loss. Collateral damage may include harm to
external business relationships, employee morale, firm reputation, and branding
(PriceWaterhouseCoopers (PWC), 2003). In fact, some of the collateral effects of fraud,
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

such as damage to firm reputation, can be long-term (PriceWaterhouseCoopers (PWC),

2003). Despite the increased incidence of fraud and enactment of new anti-fraud laws,
many organizational anti-fraud efforts are not current and are somewhat superficial
(Andersen, 2004). Hence, many entities are trying new and different steps to combat
fraud (KPMG Forensic, 2003; PriceWaterhouseCoopers (PWC), 2003).
One reason that entities of all types are taking more and different steps to fight
fraud is that the traditional red flags approach is not considered effective. The
well-known red flags approach involves the use of a checklist of fraud indicators.
The existence of red flags does not portend the presence of fraud but represents
conditions associated with fraud; they are cues meant to alert an auditor to the
possibility of fraudulent activity (Krambia-Kardis, 2002). Numerous commentators
have cast doubt on the red flags approach as it suffers from two limitations:
(1) red flags are associated with fraud, but the association is far from perfect, and
(2) since it focuses attention on specific cues it might inhibit internal and external
auditors from identifying other reasons that fraud could occur (Krambia-Kardis,
2002).

In fact, critics of SAS 99 Consideration of Fraud in a Financial Statement

Audit point to its heavy reliance on the red flags approach (Kranacher and Stern,
2004).
A second reason that organizations are trying more and different ways to attack
fraud is that most entities have used an impractical strategy of fraud detection (Wells,
2004). Fraud prevention is a more viable strategy since it is often difficult to recover
fraud losses once they are detected (Wells, 2004). Many companies and their auditors
deal with fraud on a case-by-case basis rather than implement a long-term plan. Also,
recent legislation such as the Sarbanes-Oxley Act of 2002 (SOX) does not do much in
terms of fraud prevention; instead, the law focuses on punishment and accountability
(Andersen, 2004).
In the Fall 1997 issue of the Auditors Report, the American Accounting Association
(AAA) encouraged research directed toward assisting auditors and investigators in
preventing and detecting fraud. The growth in fraud cases indicates that a strong need
exists for research approaches that better enable auditors and investigators to prevent
and detect potential fraud. Thus, the purposes of this study are to analyze and
understand accountants perceptions of the myriad techniques used to combat fraud,
shed light on whether the techniques actually used by firms are considered the most
 MAJ effective and offer suggestions to practitioners as to what prevention and detection
techniques are the best. Organizational management attempting to comply with SOX
21,5 and similar laws by launching new anti-fraud programs, as well as external and
internal auditors, will benefit from this studys findings, when considering which
anti-fraud methods to pursue. The benefits consist of less time spent on the use of
ineffective techniques and reduction of fraud risk through earlier implementation of
522 more effective fraud prevention and detection techniques.
The remainder of this paper is organized as follows. The next section reviews past
research addressing fraud detection and prevention methods. The third section
discusses various techniques for combating fraud. The fourth section presents the
design of the study. The fifth section analyzes the results and the last section concludes
the paper.
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

Literature review
Much prior research addressing fraud prevention and detection methods has
addressed red flags. For example, Albrecht and Romney (1986) found in a survey of
practicing auditors that 31 flags related to internal control were considered better
predictors of fraud. The survey contained a list of 87 red flags. Loebbecke and
Willingham (1988) offered a model that considers the probability of material financial
statement misstatement due to fraud as a function of three factors:
(1) the degree to which those in authority in an entity have reason to commit
management fraud;
(2) the degree to which conditions allow management fraud to be committed; and
(3) the extent to which those in authority have an attitude or set of ethical values
that would facilitate their commission of fraud.

Loebbecke and Willingham (1989) used the red flags approach to develop another
conceptual model to evaluate fraud probability. A survey instrument was used to
query 277 audit partners of a big 6 firm. These researchers concluded that an auditors
assessment of the clients internal controls is significant in evaluating the probability
of fraud. Pincus (1989) found that auditors who did not employ red flag checklists
outperformed those who did in an experimental setting. In another study, auditors
were found to hold different opinions concerning the degree of fraud risk indicated by
various red flag indicators. Auditors with different client experience were found to
possess different perceptions of the importance of a given red flag indicator
(Hackenbrack, 1993).
Other researchers have investigated the effectiveness of various audit procedures in
detecting fraud. Hylas and Ashton (1982) performed an empirical study of 281 errors
requiring financial statement adjustments on 152 audits. These researchers found that
analytical review procedures and discussions with clients predicted a large percentage
of errors. Wright and Ashton (1989) investigated the fraud detection effectiveness of
client inquiry, expectations based on prior years, and analytical reviews from a sample
of 186 engagements involving 368 proposed audit adjustments. These researchers
discovered that about half of the errors were signaled by the three procedures noted.
Blocher (1992) determined that only four out of 24 fraud cases were signaled by
analytical procedures. Calderon and Green (1994) found that analytical procedures
were the initial signal in 15 percent of 455 fraud cases. Kaminski and Wetzel (2004)
 performed a longitudinal examination of various financial ratios on 30 matched pairs Fraud detection
of firms. Using chaos theory methodology, metric tests were run to analyze the and prevention
behavior of time-series data. These researchers found no differences in the dynamics
between fraudulent and non-fraudulent firms providing evidence of the limited ability method
of financial ratios to detect fraud.
Apostolou et al. (2001) surveyed 140 internal and external auditors on the fraud risk
factors contained in SAS 82. They document management characteristics as the most 523
significant predictor of fraud followed by client operating/financial stability features,
and industry conditions. Chen and Sennetti (2005) apply a limited, industry-specific
strategic systems auditing lens and a logistic regression model to a matched sample of
52 computer firms accused of fraudulent financial reporting by the SEC. The model
achieved an overall prediction rate of 91 percent for fraud and non-fraud firms.
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

Moyes and Baker (2003) conducted a survey of practicing auditors concerning the
fraud detection effectiveness of 218 standard audit procedures. Results indicate that
56 out of 218 procedures were considered more effective in detecting fraud. In general,
the most effective procedures were those yielding evidence about the existence and/or
the strength of internal controls.

Methods to combat fraud

Both fraudulent financial reporting and asset misappropriation have become major
costs for many organizations. Numerous fraud prevention and detection techniques are
now utilized to reduce the direct and indirect costs associated with all forms of fraud.
These various techniques include but are not limited to: fraud policies, telephone hot
lines, employee reference checks, fraud vulnerability reviews, vendor contract reviews
and sanctions, analytical reviews (financial ratio analysis), password protection,
firewalls, digital analysis and other forms of software technology, and discovery
sampling (Carpenter and Mahoney, 2001; Thomas and Gibson, 2003). Organizations
that have not been fraud victims tend to rely more on intangible prevention tools such
as codes of conduct or fraud reporting policies while those that have suffered fraud
have implemented more tangible measures such as whistle-blowing policies and fraud
prevention and detection training (PriceWaterhouseCoopers (PWC), 2003).

Maintain a fraud policy

Every organization should create and maintain a fraud policy for guiding employees.
A corporate fraud policy should be separate and distinct from a corporate code of
conduct or ethics policy. A model or sample fraud policy is available from the ACFE.
Such a fraud policy should be clearly communicated to employees. Various avenues of
communication include use in orientation of new hires, employee training seminars,
and annual performance evaluations. Written acknowledgment by each employee that
the policy has been read and understood should be required.

Establish a telephone hotline

A rather novel fraud approach that is becoming more common is the use of anonymous
telephone hotlines (Holtfreter, 2004). It is a very cost effective means for detecting
occupational fraud and abuse. A hotline allows employees to provide confidential,
inside information without the fear of reprisal that accompanies being a whistleblower
(Pergola and Sprung, 2005).
 MAJ Hotlines may be supported in-house or provided by a third party. An example of a
21,5 third-party hotline is a subscription service offered by the ACFE. The annual
subscription rate may be quite modest. The results of all calls are provided to the client
within two or three days. A hotline is not only an effective detection tool but it also
enhances deterrence. Potential perpetrators will likely have second thoughts when
considering the risks of being caught.
524
Employee reference checks
Organizations should conduct employee reference checks prior to employment. An
employee with a history of perpetration of fraud schemes may move from one
organization to another. When employee references are not checked, a dishonest person
may be hired. A dishonest employee can defraud an unsuspecting organization of
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

thousands of dollars and move on to a new job before the fraud is discovered. Resumes
should be scrutinized and information verified to determine that the information
provided is legitimate. An organization should not rely on the telephone numbers listed
on the resume for prior employers, as they may be false. Employer phone numbers
should be obtained by the organization independently.
Organizations should conduct a second reference check six months after an
employee starts work. The reason for a dishonest employees recent dismissal from a
previous job may not have had time to become part of the employees record during the
initial search. This may be discovered by a second check.

Fraud vulnerability reviews

A fraud vulnerability review that investigates the organizations exposure to fraud
should be performed. This includes an assessment of what assets are held and how
they could be misappropriated. For those organizations involved in electronic
commerce, a vulnerability review should also include an assessment of exposure to
employee misappropriation or destruction of such non-balance sheet items as
confidential customer data and financial information. The purpose of such a review is
to outsmart the crooks. A vulnerability review can help to direct an internal audit
plan and, in particular, to highlight the most vulnerable assets. The review is
considered a proactive step in fraud prevention and detection. Consideration of each
class of asset and the evaluation of the exposure to loss helps the auditor or accountant
to see what the thief sees. Steps then should be taken to eliminate, minimize, or at least
control the exposures.

Perform vendor contract reviews

Review of company contracts and agreements can provide an indication of possible
contract fraud, including kickbacks, bribery, or conflicts of interest by an
organizations employees. Contract fraud can occur when a trade supplier
fraudulently takes advantage of a contract to make illegal profits. Contract fraud
may involve a conspiracy between entity personnel and a trade supplier or conspiracy
among two or more vendors.
Analyzing contract files for the same contractor routinely bidding last, bidding
lowest, or obtaining the contract may detect this type of contract fraud. Awarded
contracts may also be scrutinized for evidence of a supplier regularly being awarded
contracts without indication of a legitimate reason for the constant receipt of contract
 awards. Such a review may reveal that bribes or kickbacks are the reason for the Fraud detection
awards. A review of various public records may reveal whether an employee has a and prevention
covert ownership interest in the contractor.
method
Use analytical review
Fraud can affect financial statement trends and ratios. Accounts that are manipulated
to conceal a fraud may manifest unusual relationships with other accounts that are not 525
manipulated. Also, erratic patterns in periodic account balances may occur because the
fraudster may engage only sporadically in fraudulent activity. Financial analysis
conducted by an accountant or investigator may reveal existing relationships that are
not expected or the absence of relationships that are expected to be present.
It may behoove the accountant or investigator to analyze several years of financial
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

statement data using different techniques to obtain a clear picture of the financial
impact of any fraud scheme. Various analytical review techniques which the
accountant or investigator may employ include: trend (horizontal) analysis, ratio
analysis (vertical analysis or common size statements), budgetary comparisons,
comparisons with industry averages, and review of general ledger and journal entries.
Unusual items should be pursued to determine if fraud could be the cause of an
aberration.

Password protection
The growth of the internet and e-commerce has led to a rise in the number of dial-in ports
to computer networks thus increasing the exposure to fraud. Accountants and
investigators should assure that only legitimate users have access to the computer
network and associated data. Although passwords are the oldest line of computer
defense, they still constitute the most effective and efficient method of controlling access.
The difficulty with passwords is that there is an inverse relationship between
making the password effective and usable. If password requirements are too complex,
users will write the password down, placing it at risk (Gerard et al., 2004). Therefore,
every organization needs to evaluate the tradeoffs. Passwords should be six to eight
characters long with a mix of letters, numbers and special symbols. Users should be
required to change their password often, for example, every 30-60 days. Additionally,
users should have to cycle through 6-12 different passwords before being allowed
to reuse a password (Gerard et al., 2004). Also, employees should not be allowed to
display their passwords in any location where unauthorized individuals may see them.
Lockout procedures should be implemented if a user fails to input a correct password
after three attempts.
Technology has advanced to create new forms of password protection using
biological features of the user (i.e. biometrics) such as voiceprints, fingerprints, retina
patterns, and digital signatures. New forms of password protection are likely to
become cost effective in the near future.

Firewall protection
One necessary technique for controlling unauthorized access is the use of firewalls.
Firewalls can be used at the software or hardware level. At the software level, there are
specific programs (e.g. ZoneAlarm from zonelabs.com) that can be coordinated with
internet-related software programs (browsers, e-mail, etc.) to protect the data being
 MAJ passed through them. Hardware firewalls/routers basically prevent people from
21,5 finding an organizations connection to the internet. The internet connection is known
as an IP address. The hardware firewall/router basically hides the IP address so that
hackers cannot find and access it (Gerard et al., 2004).

Digital analysis
526 Digital analysis, which is based on Benfords Law, tests for fraudulent transactions
based on whether digits appear in certain places in numbers in the expected
proportion. A significant deviation from expectations occurs usually under two
conditions. The first condition is that a person has added observations on a basis that
does not conform to a benford distribution. The second condition is that someone has
deleted observations from a data set that does not adhere to a benford distribution
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

(Durtschi et al., 2004).

Tax cheats, check forgers, and embezzlers simply cannot consciously generate
random numbers. Forensic accountants and auditors have depended on this human
quirk for years and various types of digital analysis software, including DATAS, have
proven themselves capable of pinpointing this habit (Lanza, 2000). A list of examples of
data sets where digital analysis software may be used includes investment
sales/purchases, check registers, sales and price histories, 401 (k) contributions,
inventory unit costs, expense accounts, wire transfer information, life insurance policy
values, bad debt expenses, and asset/liability accounts.
Other types of fraud exist that cannot be detected by digital analysis because the
data sets under examination are not appropriate for such analysis. For example,
duplicate addresses or bank accounts cannot be uncovered, yet two employees with
similar addresses might signal a shell company. Digital analysis will not detect such
frauds as contract rigging, defective deliveries, or defective shipments.

Discovery sampling
Discovery sampling is a form of attribute sampling. The latter is a statistical means of
estimating the percentage of a population that possesses a particular characteristic or
attribute. Discovery sampling is based on an expected error rate of zero. It is employed
when the accountant needs to know whether a population contains any error indicative
of fraud. If a single case of significant error or fraud is found in a sample, the sampling
process is stopped and the error or fraud is investigated.
Let us consider an example. An account should not include any payments made out
to a vendor name that is known to be fictitious unless there is that type of fraud in the
account. If there is no such fraud in the account, there should be no payments to
fictitious vendors. If an auditor were to test some of the payments in an account and
were to find a payment made out to a fictitious vendor, the auditors would know that
fraud existed but would not know the extent of the fraud. Conversely, if an accountant
examined some account payments and did not find any illegitimate payments, he or
she would not conclude that no fictitious payments existed in the account.
We now turn to a discussion of the studys participants.

Study participants
The participants of this study consist of 86 accountants, internal auditors and certified
fraud examiners with a mean (standard deviation) of 13.94 (10.97) years of experience[1].
 In an attempt to obtain as many responses as possible, multiple methods were used to Fraud detection
collect the information. Of the 86 usable responses, approximately 40 percent were and prevention
received via a mail survey sent to practicing accountants in the USA, 15 percent were
obtained from individuals in an executive MBA program at a New England university, method
15 percent were completed by volunteers recruited from the IIA and ACFE websites and
30 percent were collected from two participating IIA chapters[2]. Sixty-eight percent of
the participants are male, 32 percent are female. Sixty-two percent hold a bachelors 527
degree, thirty-four percent have a masters degree, and four percent have education
beyond a masters degree. Twenty-nine percent of the participants are certified public
accountants, 22 percent are certified internal auditors, 16 percent are certified fraud
examiners, 8 percent are certified managerial accountants and eight percent are certified
information systems auditors. The remaining participants did not provide their
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

certification, if any. Forty percent of the accountants work at firms whose revenues
exceed one billion dollars, about 28 percent work at firms with revenues between
250 million and one billion dollars, 22 percent work at firms with revenues below
250 million dollars, and 10 percent did not respond. Participants come from a wide range
of industries including: insurance (13 percent), health care (7 percent), banking
(5 percent), retail (5 percent), utilities (5 percent), manufacturing (5 percent), government
(5 percent), pharmaceuticals (5 percent) financial services (4 percent), education
(4 percent) and many others. None of the participants worked at a CPA firm.
In terms of the entities scope of operations, 34 percent of survey participants are
from local organizations, 22 percent are from national organizations, and 41 percent are
from international organizations, and 3 percent did not indicate the scope of operations.
Fifty-three percent of participants are from publicly held companies (44 percent listed
on the New York Stock Exchange), while 47 percent work at privately held companies.
About 4 percent of survey participants come from companies without an internal
audit department, 47 percent have an internal audit department with 1-8 members,
20 percent have an internal audit department with 10-19 internal auditors, and 29
percent have departments with 20 or more internal auditors. Overall, participants are
diverse in terms of their years of experience, certifications held, industry background,
scope of operations, and internal audit department size. A summary of these results is
contained in Table I.

Results
Fraud victimization and funding for prevention
About 56 percent of the survey participants indicated their company had been a
victim of fraud, with 24 percent indicating their company had not been a victim of
fraud and 20 percent indicating they did not know whether or not their company
was a fraud victim. Fifty-two percent of participants expected fraud to increase in
the future, while 30 percent did not expect fraud to increase and 18 percent did
not know.
Forty-eight percent of participants indicated funding for fraud prevention training
had increased over the last three years, while 45 percent said it remained the same and
only 8 percent said it decreased. Similarly, 56 percent indicated funding for the internal
audit department had increased over the past three years, while 39 percent indicated
internal audit funding had remained the same and only five percent stated it had
decreased.
 MAJ
Number Percentage
21,5
Panel A: Professional certifications
Certifications
CPA 22 29
CIA 18 22
528 CFE 13 16
CISA 7 8
CMA 7 8
Panel B: Education
Degree
Bachelors 50 62
Masters 27 34
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

Beyond masters 3 4
Panel C: Operations
Size
Table I. Local 29 34
Participants National 18 22
demographic information International 34 41

Use and effectiveness of fraud prevention methods and software

Based on a review of the fraud literature for types of fraud procedures (Carpenter and
Mahoney, 2001; Coderre, 1999; KPMG, 1998; Albrecht et al., 2002), auditors were asked
to indicate whether their firms used the following fraud prevention and detection
procedures and software: corporate code of conduct/ethics policy, internal control
review, reference checks, employment contracts, fraud auditing, fraud reporting policy,
fraud vulnerability reviews, fraud hotline, whistle-blowing policy, operational audits,
forensic accountants, fraud prevention training, ethics training, surveillance
equipment, increased attention of management, code of sanctions against suppliers,
increased role of audit committee, surveillance of electronic correspondence, staff
rotation, security department, employee counseling programs, cash reviews, inventory
observation, bank reconciliations, ethics officer, discovery sampling, data mining,
digital analysis, continuous auditing, financial ratios, virus protection, password
protection, firewalls, and filtering software (Appendix 1). In addition, auditors were
asked to rate the effectiveness of anti-fraud procedures and software used in their
organization on a scale from 1 (completely ineffective) to 7 (completely effective).
As shown in Table II, fraud procedures and software are ranked from the most
frequently used (virus protection, firewalls, password protection, internal control
review, and improvement) to the least frequently used (forensic accountants, digital
analysis, staff rotation, employment contracts, data mining). Differences clearly exist
between the use of fraud procedures and software. Firewalls, virus protection,
password protection, and internal control review are the most common (97-99 percent)
and organizational use of forensic accountants is the least common (14 percent).
Differences also exist for participants ratings of effectiveness. Organizational use of
forensic accountants received the highest mean rating (5.86) while staff rotation
received the lowest mean rating (3.84). It is interesting to note that organizational use of
forensic accountants was the least often used method to combat fraud (14 percent), but
received the highest rating of effectiveness (5.86). These findings suggest that firms
 Fraud detection
Fraud procedure Percentage Effectiveness
and prevention
1. Virus protection 99 5.66 (2) method
2. Firewalls 97 5.65 (3)
3. Password protection 97 5.35 (6)
4. Internal control review and improvement 97 4.96 (13)
5. Operational audits 94 4.83 (17) 529
6. Corporate code of conduct/ethics policy 94 4.83 (18)
7. Reference checks on employees 85 4.75 (23)
8. Bank reconciliations 84 5.22 (9)
9. Increased attention of senior management 79 4.85 (16)
10. Filtering software 78 5.38 (4)
11. Fraud hotline 75 4.63 (26)
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

12. Cash reviews 74 4.83 (19)

13. Whistle-blowing policy 73 4.58 (28)
14. Fraud reporting policy 72 4.73 (24)
15. Employee counseling programs 70 4.00 (32)
16. Increased role of audit committee 70 4.98 (12)
17. Ethics training 69 4.76 (22)
18. Inventory observation 66 4.68 (25)
19. Security department 65 4.26 (30)
20. Fraud auditing 64 5.28 (8)
21. Surveillance of electronic correspondence 62 4.52 (29)
22. Financial ratios 57 4.81 (20)
23. Continuous auditing 52 5.35 (7)
24. Fraud prevention and detection training 52 4.92 (15)
25. Fraud vulnerability reviews 50 4.59 (27)
26. Surveillance equipment 48 4.78 (21)
27. Code of sanctions against suppliers/contractors 43 5.08 (11)
28. Ethics officer 42 3.90 (33)
29. Discovery sampling 42 4.96 (14)
30. Data mining 41 5.37 (5) Table II.
31. Employment contracts 37 4.23 (31) Percentage of
32. Staff rotation policy 32 3.84 (34) accountants who use
33. Digital analysis 23 5.22 (10) fraud prevention method
34. Organizational use of forensic accountants 14 5.86 (1) or software and mean
(rank) effectiveness
Note: Software in italic ratings

may wish to consider investing in forensic accountants in the future if they have not
already done so.
In addition, other methods of combating fraud that involve software, such as
discovery sampling, data mining, continuous auditing, and digital analysis were not
commonly used. Mean effectiveness ratings, however, were relatively high, ranging
from 4.96 for discovery sampling to 5.37 for data mining. While none of these fraud
software applications were used by the majority of the participants organizations,
three of them ranked in the top ten for effectiveness (digital analysis, continuous
auditing, and data mining) and a fourth ranked in the top fifteen (discovery sampling).
Therefore, while firms may be reluctant to invest in anti-fraud technology, the
perceived benefits of the software may outweigh the cost given their apparent
effectiveness.
 MAJ Firm revenues
21,5 Accountants use of effective but infrequently used anti-fraud methods was also analyzed
based on the amount of firm revenues. It was expected that firms with greater revenues
would have more resources to devote to technology and fraud prevention, thus
accountants use of these methods should be greater at larger firms. As shown in Table III,
one clear pattern that emerges is that accountants at firms with revenues of more than
530 $1 billion did use discovery sampling, data mining, digital analysis, continuous auditing,
and forensic accountants more than smaller firms. These results support the notion that
smaller companies are reluctant to invest in anti-fraud technology because of concerns
about cost. Nevertheless, smaller entities may be the most in need of fraud detection and
prevention technology, since fraud may be more costly for small businesses than large ones
(Thomas and Gibson, 2003; Association of Certified Fraud Examiners, 2002; Wells, 2003).
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

An alternative explanation is that larger firms are more likely to be publicly held and
may be investing more to combat fraud in response to Sarbanes-Oxley. While it is true that
the majority of firms with revenues over $1 billion are publicly held (80 percent), the
majority of firms with revenues between $250 million and 1 billion are also publicly held
(57 percent), yet their use of discovery sampling, digital analysis, continuous auditing, and
forensic accountants was quite similar to smaller firms. Therefore, it would appear that
firm resources appears to be the primary driver behind investments in highly effective
anti-fraud methods such as organizational use of forensic accountants and digital analysis.

Conclusion
This study investigated the extent to which accountants, internal auditors, and
certified fraud examiners use various fraud prevention and detection methods and
software, as well as their perceptions about the effectiveness of those techniques. The
results suggest that firewalls, virus and password protection, and internal control
review and improvement are quite commonly used to combat fraud. However,
continuous auditing, discovery sampling, data mining, forensic accountants, and
digital analysis software are less often used, despite receiving the high ratings of
effectiveness. In particular, organizational use of forensic accountants was the least
often used of any anti-fraud method but had the highest mean effectiveness rating.
Smaller firms (less than $1 billion in revenues) appear to be the most reluctant to invest
in fraud prevention and detection methodology. This may be due to concerns about

Overall use Revenues between $250

percentage Revenues . $1 million and 1 billion Revenues , $250
Fraud tool (percent) billion (percent) (percent) million (percent)

Continuous
auditing 52 71 39 36
Discovery
sampling 42 68 27 31
Data
Table III. mining 41 72 31 8
Percentage of Digital
accountants who use analysis 23 41 8 8
anti-fraud methods by Forensic
firm revenues accountants 14 20 7 8
 cost, even though a fraud occurrence may be more costly for small businesses than Fraud detection
large ones (Thomas and Gibson, 2003; Association of Certified Fraud Examiners, 2002; and prevention
Wells, 2003). The results indicate that even at larger firms, anti-fraud methods and
software may by under-utilized. method
This study has practical implications for accounting practitioners, internal auditors,
and fraud examiners. It provides prescriptive information on what fraud detection and
prevention methods work best, and suggests that many of the most effective methods are 531
often not being used. Accounting practitioners and management may wish to consider
investing in these methods in order to prevent costly frauds in their organizations and
respond to the demands of regulatory agencies and legal requirements such as those
imposed by the Sarbanes-Oxley Act of 2002. Regulators may also find these results of
interest. For example, codes of conduct and whistleblower programs are now required by
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

SOX. The cost/benefit tradeoff in mandating organizational use of forensic accountants

may be an issue worthy of consideration by regulators.
Future research could explore the use of fraud prevention and detection methods by
other members of the accounting profession such as external auditors and tax
practitioners. In addition, future research could gather data on practitioners suggestions
for improving the usefulness of fraud prevention and detection methods, and the reasons
why firms are reluctant to invest in anti-fraud technology and forensic accountants. For
example, firms may be concerned about the costs of these methods, but may underestimate
the potential benefits in terms of cost savings from reduced losses related to fraud.

Notes
1. Participants level of experience was not correlated with the results of interest.
2. The method of data collection did not affect the statistical significance of the results at
conventional levels.

References
Albrecht, W.S. and Albrecht, C.C. (2002), Root out financial deception: detect and eliminate fraud
or suffer the consequences, Journal of Accountancy, April, pp. 30-34.
Albrecht, W.S. and Romney, M.B. (1986), A red-flagging management fraud: a validation,
Advances in Accounting, Vol. 3, pp. 323-33.
Andersen, S. (2004), Despite more rigorous compliance programs, corporate fraud still thrives,
Corporate Legal Times, April, pp. 1-6.
Apostolou, B., Hassell, J., Webber, S. and Sumners, G. (2001), The relative importance of
management fraud risk factors, Behavioral Research in Accounting, Vol. 13, pp. 1-24.
Association of Certified Fraud Examiners (2002) Report to the Nation: Occupational Fraud and
Abuse, Austin, TX.
Association of Certified Fraud Examiners (2004) Report to the Nation: Occupational Fraud and
Abuse, Austin, TX.
Blocher, E. (1992), The Role of Analytical Procedures in Detecting Management Fraud, Institute of
Management Accountants, Montvale, NJ.
Calderon, T.G. and Green, B.P. (1994), Signaling fraud by using analytical procedures, Ohio
CPA Journal, Vol. 53 No. 2, pp. 27-38.
Carpenter, B.W. and Mahoney, D.P. (2001), Analyzing organizational fraud, Internal Auditor,
April, pp. 33-38.
 MAJ Chen, C. and Sennetti, J. (2005), Fraudulent financial reporting characteristics of the computer
industry under a strategic-systems lens, Journal of Forensic Accounting, Vol. VI No. 1,
21,5 pp. 23-54.
Coderre, D. (1999), Computer-assisted techniques for fraud detection, The CPA Journal, August,
pp. 57-63.
Durtschi, C., Hillison, W. and Pacini, C. (2004), Effective use of Benfords law in detecting fraud
532 in accounting data, Journal of Forensic Accounting, Vol. V No. 1, pp. 17-34.
Gerard, G., Hillison, W. and Pacini, C. (2004), Identity theft: the US legal environment and
organisations related responsibilities, Journal of Financial Crime, Vol. 12 No. 1, pp. 33-43.
Hackenbrack, K. (1993), The effect of experience with different sized clients on auditor
evaluations of fraudulent financial reporting indicators, Auditing: A Journal of Practice &
Theory, Vol. 12, pp. 99-110.
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

Holtfreter, K. (2004), Fraud in US organisations: an examination of control mechanisms,

Journal of Financial Crime, Vol. 12 No. 1, pp. 88-95.
Hylas, R.E. and Ashton, R. (1982), Audit detection of financial statement errors, The
Accounting Review, Vol. 57 No. 4, pp. 751-65.
Kaminski, K. and Wetzel, T.S. (2004), Financial ratios and fraud: an exploratory study using
chaos theory, Journal of Forensic Accounting, Vol. V No. 1, pp. 147-72.
KPMG (1998), KPMG 1998 Fraud Survey, available at: www.us.kpmg.com
KPMG Forensic (2003), Fraud Survey 2003, Montvale, NJ.
Krambia-Kardis, M. (2002), A fraud detection model: a must for auditors, Journal of Financial
Regulation and Compliance, Vol. 10 No. 3, pp. 266-78.
Kranacher, M.J. and Stern, L. (2004), Enhancing fraud detection through education, The CPA
Journal, November, pp. 66-67.
Lanza, R. (2000), Using digital analysis to detect fraud, Journal of Forensic Accounting, Vol. I
No. 2, pp. 291-6.
Loebbecke, J.K., Eining, M.M. and Willingham, J.J. (1989), Auditors experience with material
irregularities: frequency, nature, and detect-ability, Auditing: A Journal of Practice &
Theory, Vol. 9, pp. 1-28.
Loebbecke, J.K. and Willingham, J.J. Jr (1988), Review of SEC Accounting and Auditing
Enforcement Releases, working paper, University of Utah, Utah.
Moyes, G. and Baker, C.R. (2003), Auditors beliefs about the fraud detection effectiveness of
standard audit procedures, Journal of Forensic Accounting, Vol. IV No. 2, pp. 199-216.
Pergola, C.W. and Sprung, P.C. (2005), Developing a genuine anti-fraud environment, Risk
Management, Vol. 52 No. 3, p. 43.
Peterson, B.K. and Buckhoff, T.A. (2004), Anti-fraud education in academia, Advances in
Accounting Education: Teaching and Curriculum Innovations, Vol. 6, pp. 45-67.
Pincus, K. (1989), The efficacy of a red flags questionnaire for assessing the possibility of fraud,
Accounting, Organizations, and Society, Vol. 14, pp. 153-63.
PriceWaterhouseCoopers (PWC) (2003), Global Economic Crime Survey 2003, available at: www.
pwcglobal.com/extweb/ncsurvers.nsf
Rezaee, Z., Crumbley, D.L. and Elmore, R.C. (2004), Forensic accounting education, Advances in
Accounting Education: Teaching and Curriculum Innovations, Vol. 6, pp. 193-231.
Thomas, A.R. and Gibson, K.M. (2003), Management is responsible, too, Journal of
Accountancy, April, pp. 53-55.
 Wells, J.T. (2003), Protect small business, Journal of Accountancy, March, pp. 26-32. Fraud detection
Wells, J.T. (2004), New approaches to fraud deterrence, Journal of Accountancy, Vol. 197, pp. 72-6. and prevention
Wright, A. and Ashton, R. (1989), Identifying audit adjustments with attention-directing
procedures, The Accounting Review, Vol. 64 No. 4, pp. 710-28.
method

Appendix 1. Fraud questionnaire

Purpose
533
The purpose of this survey is to gather data relating to the use of fraud detection and prevention
techniques. It should take approximately 10 minutes to complete. Thank you in advance for your
voluntary participation. It indicates your willingness to contribute to the enhancement of our
profession. All responses you provide are confidential and will be published only in summary,
statistical form. You or your firm will not be identified in any way. Accordingly, there are no
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

foreseeable risks to you or your firm.

Respondent profile
Job Title _____________________________________________________________________
Gender __________ Age __________
Highest educational level obtained: Bachelor Degree__ Masters Degree__ Coursework
beyond Masters ________
Years of accounting experience________
Certification: ________ ________ ______ ______ ______ __ __ __ __
CIA CPA CISA CMA CFE CFP Other
Number of Auditors in Internal Audit Department:________
Primary Industry ____________________________
Revenue for 2002: , 250 mm______ . 250 mm-1 billion______ . billion ____
Operations: Local______ National______ International______
Is your company publicly held? Yes______ No______
If yes, which of the following exchanges is your company listed on? NYSE__ AMEX__
NASDAQ__ OTC__ Other__ (please identify__).
Fraud questions: Please answer the questions below to the best of your ability. All answers
will be held in confidence.
1. Do you expect fraud to increase in the future? Yes______ No______ Dont know______
If so, why?
2. Has your firm been a victim of fraud? Yes______ No______ Dont know______
If so, for how long? ______years What were the amount of the damages? $________
3. If you have an internal audit department, whom do they report to? __Board of Directors
__Controller __CFO __CEO __Other (Please identify__) Dont know__
4. Is management at your firm accountable to the same fraud standards as non-management
employees? __Yes __No Dont know__
5. How important would you say your external auditors are for fraud detection?
1 2 3 4 5 6 7
Not very important Somewhat important Very important
6. How much pressure would you say is placed on employees at your organization to meet
firm objectives?
1 2 3 4 5 6 7
Little Some A great deal
7. If you have an internal audit department, how has the funding for this department changed
over the past three years?
1 2 3 4 5 6 7
Decreased Same Increased
 MAJ 8. How has the funding for fraud prevention training changed over the past three years?
1 2 3 4 5 6 7
21,5 Decreased Same Increased
9. How would you assess the likelihood of fraud in your organization? ______percent.
10. How many times does your audit committee meet per year? ______ Dont know______
Fraud detection techniques. Please indicate below what steps you have taken to reduce the
534 possibility of fraud in your organization and the perceived effectiveness of each step for
preventing/detecting fraud from 1 (completely ineffective) to 7 (completely effective).

Fraud detection techniques (continued). Please indicate below what steps you have taken to
reduce the possibility of fraud in your organization and the perceived effectiveness of each step
for preventing/detecting fraud from 1 (completely ineffective) to 7 (completely effective).
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

Fraud technology: Please indicate below what technology you use to reduce the possibility of fraud in
your organization and the perceived effectiveness of each application for preventing/detecting fraud
from 1 (completely ineffective) to 7 (completely effective). In the case of software, indicate the name of
the software and whether it was internally or externally developed.

Thank you!

Fraud procedure Yes/No Effectiveness

Corporate code of conduct/ethics policy Yes/No 1 2 3 4 5 6 7

Internal control review and improvement Yes/No 1 2 3 4 5 6 7
Reference checks on employees Yes/No 1 2 3 4 5 6 7
Employment contracts Yes/No 1 2 3 4 5 6 7
Fraud auditing Yes/No 1 2 3 4 5 6 7
Fraud reporting policy Yes/No 1 2 3 4 5 6 7
Fraud vulnerability reviews Yes/No 1 2 3 4 5 6 7
Fraud hotline Yes/No 1 2 3 4 5 6 7
Whistle-blowing policy Yes/No 1 2 3 4 5 6 7
Operational audits Yes/No 1 2 3 4 5 6 7
Organizational use of forensic accountants Yes/No 1 2 3 4 5 6 7
Fraud prevention and detection training Yes/No 1 2 3 4 5 6 7
Ethics training Yes/No 1 2 3 4 5 6 7
Surveillance equipment Yes/No 1 2 3 4 5 6 7
Increased attention of senior management Yes/No 1 2 3 4 5 6 7
Code of sanctions against suppliers/contractors Yes/No 1 2 3 4 5 6 7
Table AI. Increased role of audit committee Yes/No 1 2 3 4 5 6 7

Surveillance of electronic correspondence Yes/No 1 2 3 4 5 6 7

Staff rotation policy Yes/No 1 2 3 4 5 6 7
Security department Yes/No 1 2 3 4 5 6 7
Employee counseling programs Yes/No 1 2 3 4 5 6 7
Cash reviews Yes/No 1 2 3 4 5 6 7
Inventory observation Yes/No 1 2 3 4 5 6 7
Bank reconciliations Yes/No 1 2 3 4 5 6 7
Table AII. Ethics officer Yes/No 1 2 3 4 5 6 7
 Fraud detection
Internally or externally
Fraud software Yes/No developed Effectiveness and prevention
Discovery sampling Yes/No Internal 1 2 3 4 5 6 7
method
External Name of software:
Data mining Yes/No Internal 1 2 3 4 5 6 7
External Name of software: 535
Digital analysis Yes/No Internal 1 2 3 4 5 6 7
External Name of software:
Continuous auditing Yes/No Internal 1 2 3 4 5 6 7
External Name of software:
Financial ratios Yes/No Internal 1 2 3 4 5 6 7
External Name of software:
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

Virus protection Yes/No Internal 1 2 3 4 5 6 7

External Name of software:
Password protection Yes/No Internal 1 2 3 4 5 6 7
External Name of software:
Firewalls Yes/No Internal 1 2 3 4 5 6 7
External Name of software:
Filtering software Yes/No Internal 1 2 3 4 5 6 7
External Name of software:
Other (Please identify other audit 1 2 3 4 5 6 7
applications that are completed with a
software package) Table AIII.

Corresponding author
James L. Bierstaker can be contacted at: James.Bierstaker@villanova.edu

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com

Or visit our web site for further details: www.emeraldinsight.com/reprints
 This article has been cited by:

1. Tyge-F. Kummer, Kishore Singh, Peter Best. 2015. The effectiveness of fraud detection instruments in
not-for-profit organizations. Managerial Auditing Journal 30:4/5. . [Abstract] [PDF]
2. Sawsan Saadi Halbouni. 2015. The Role of Auditors in Preventing, Detecting, and Reporting Fraud: The
Case of the United Arab Emirates (UAE). International Journal of Auditing n/a. [CrossRef]
3. Dongsung Kim, Kitae Kim, Jongwoo Kim, Steve Park. 2014. A Study on the Application of Outlier
Analysis for Fraud Detection: Focused on Transactions of Auction Exception Agricultural Products.
Journal of Intelligence and Information Systems 20, 93-108. [CrossRef]
4. Jacob Peng, Caroline O. Ford. 2014. Fraudulent expense reporting: impact of manager responsiveness and
social presence. Journal of Applied Accounting Research 15:2, 158-174. [Abstract] [Full Text] [PDF]
5. Rashidah Abdul Rahman, Irda Syahira Khair Anwar. 2014. Effectiveness of Fraud Prevention and
Detection Techniques in Malaysian Islamic Banks. Procedia - Social and Behavioral Sciences 145, 97-102.
Downloaded by National Cheng Kung University At 09:02 19 April 2015 (PT)

[CrossRef]
6. Xiaotao Kelvin Liu, Arnold M. Wright, Yi-Jing Wu. 2014. Managers Unethical Fraudulent Financial
Reporting: The Effect of Control Strength and Control Framing. Journal of Business Ethics . [CrossRef]
7. R. Abdul Rahman, I. S. Khair Anwar. 2014. Types of Fraud among Islamic Banks in Malaysia.
International Journal of Trade, Economics and Finance 5, 176-179. [CrossRef]
8. Gladys Lee, Neil Fargher. 2013. Companies Use of Whistle-Blowing to Detect Fraud: An Examination
of Corporate Whistle-Blowing Policies. Journal of Business Ethics 114, 283-295. [CrossRef]
9. Steven Dellaportas. 2013. Conversations with inmate accountants: Motivation, opportunity and the fraud
triangle. Accounting Forum 37, 29-39. [CrossRef]
10. Benita Gullkvist, Annukka Jokipii. 2013. Perceived importance of red flags across fraud types. Critical
Perspectives on Accounting 24, 44-61. [CrossRef]
11. Madan Lal Bhasin. 2013. Corporate Accounting Fraud: A Case Study of Satyam Computers Limited.
Open Journal of Accounting 02, 26-38. [CrossRef]
12. Nousheen Tariq Bhutta, Muhammed Mohtsham Saeed. 2011. Accounting scandals in the context of
corporate social reporting. Journal of Database Marketing & Customer Strategy Management 18, 171-184.
[CrossRef]
13. Andreas Papadopoulos, Graham Brooks. 2011. The investigation of credit card fraud in Cyprus: reviewing
police effectiveness. Journal of Financial Crime 18:3, 222-234. [Abstract] [Full Text] [PDF]
14. Philip Law. 2011. Corporate governance and no fraud occurrence in organizations. Managerial Auditing
Journal 26:6, 501-518. [Abstract] [Full Text] [PDF]
15. Maria KrambiaKapardis, Anastasios Zopiatis. 2010. Investigating incidents of fraud in small economies:
the case for Cyprus. Journal of Financial Crime 17:2, 195-209. [Abstract] [Full Text] [PDF]
16. Dominic Peltier-Rivest. 2010. Prvention et dtection des fraudes : que font les organisations
canadiennes?. Gestion 35, 23. [CrossRef]
17. FenMay Liou. 2008. Fraudulent financial reporting detection and business failure prediction models: a
comparison. Managerial Auditing Journal 23:7, 650-662. [Abstract] [Full Text] [PDF]
18. Ahmad A. AbuMusa. 2008. Information technology and its implications for internal auditing. Managerial
Auditing Journal 23:5, 438-466. [Abstract] [Full Text] [PDF]