Fraud Cases identifiedby means of “Data Trends”

By : G. KABBARA,cisaDate: 18/03/2008

The following Frauds that we will go through were all discovered during my position as an IS/IT Manager in the Dealerships I worked for.

Having access to the application database, was the key means that enabled me to identify and confirm the following frauds.

Simply by

Observing unusual trends in the Transactional Database as well..

Frauds-In 3 Car Dealerships Cashier in Dealership 1 Cashier in Dealership 2 Used Car Dept in Dealership 2 Rental Clerk in Dealership 3 Mileage manipulation Rental in

Dealership 3

Cashier in Dealership 1

Cashier in Dealership 1 There was no Computer Daily Cash

Collection Report that Accounts could use as a summary to reconcile Invoices / Job cards with the Cash received.

So as a first measure, I Introduced an application to the Service Cashier, whereby upon receiving Payment from the customer he would enter the JC number prior to giving invoice to customer. This would link the JC with the invoice .And end of day prepare summary report to send to Accounts.

Cashier in Dealership 1 The Service Department had a

practice to prepare the Invoice before the Customer would come to collect his car. This was prepared by an Invoice Clerk.

The Accounting Department would receive on a daily basis the Invoices along with the Cash amounts. Along with a hand written Summary of cash collected.

Cashier in Dealership 1 Upon introduction of the new

application. I noticed that the cashier was not utilizing the application as instructed and trained.

The cashier Complains the system was not working, and that he had inputted the required info, and hence the daily cash report was not producing correct results.

Cashier in Dealership 1 This provided me with a lead after

analyzing the Data, that the cashier was not sincere.

So I conducted a physical count on the number of vehicles on the lot, and compared that to the number of outstanding Invoices that were with the cashier waiting for customer payment.

Cashier in Dealership 1 Findings

The Number of invoices with the cashier did not match the vehicles in the lot. Some invoices were with cashier but the car was not on the lot. I cross referenced with the gate passes that were issued as well.

The amount of Cash invoices with the cashier were approximately KD 30,000 over than the actual Amount for all the cars on the lot.

Many invoices were still with the cashier, but those cars were already delivered to the customer.

Cashier in Dealership 1 The Fraud

The Cashier confessed that he would receive the cash from the customer, pocket it and put the invoice copy in his drawer. (that is not send the copies to the Accounts dept)

At the end of the day he would only send those invoice copies along with the cash payments that he wanted to send.

In order that the accounting department would not suspect, he would pick the old invoices and send them a week or so later.

This way the cashier was able to keep in his custody KD 30,000.

Cashier in Dealership 1 Weaknesses in the System

Preparing Invoices prior to customer coming to collect the Vehicle which preventing the utilization of the system Invoice Summary report.

If the cashier was invoicing on the fly, and providing to accounts the system summary report every day then this fraud might have been mitigated.

As the system had a built in daily cash report.

Cashier in Dealership 2

Cashier in Dealership 2 In Service job Cards are invoiced

three ways:- Cash (where customer pays) Internal (where company pays) Warranty (where manufacturer

pays the dealership)

Cashier in Dealership 2 In a remote location, one person

was assigned the job of creating the costing the job card and creating the invoice.

The creation of the job card involves issuing parts to a job card whether they ( are c, w, i) and adding/amending/deleting Job codes.

Cashier in Dealership 2 Fact:

The Accounting department did not have a control in place to monitor Internal Invoices that had a total values of Zero KD.

The Job Card was created by the Receptionist, whereby the Controller/cashier would assign create job codes to the job card.

However he could not issue parts or return parts to a job card as this was controlled by the Parts controller.

Cashier in Dealership 2 Initial Findings:

I conducted an extraction of Internal Invoice Summary and came across Internal Invoices that had zero value.

This was triggered to complaints from Service manager at remote location that the cashier system was not working.

Cashier in Dealership 2 Conducting further analysis on the

database, I noticed a trend of Internal Invoices with Zero values that would show up, and there would be no corresponding Cash or Warranty invoices.

This was strange as to why the company would create a job card and invoice internally Zero value

Cashier in Dealership 2 Action taken:-

I instructed the programmers to introduce an audit trail to monitor the changes of job type (C,I,W) with the amounts for parts and Job codes.

I had a hunch that the cashier was up to something.

Cashier in Dealership 2 Finding after introduction of audit

trail After a period of time I review the

audit report and came across interesting results.

I noticed that the job cards were initially created as “c” type by the receptionist and after a while the job type was changed to “I” and the amount of the job card was Zero.

Cashier in Dealership 2 The trend was that those job cards that

were converted from “c” type to “i” type never had any parts issued to them.

So I further extracted data for the last six months for all those job cards that had zero value, no parts issued and were internal invoices.

This showed another interesting trend. The dates of these invoices mostly occurred on thursdays. This was half a working day at the dealship.

A further common was that the Cashier was the same person.

Cashier in Dealership 2 Fraud:

I presented my finding to our internal auditor and we discussed the case.

I explained to him the possible scenario that was taking place, where by the job card would be created as “cash” for an amount as shown on the reports, and then the cashier would cancel the job codes thereby removing the amounts. And convert the job card to an internal one.

Cashier in Dealership 2 We set a plan where we would hint to the cashier

that an internal audit would take place in the next couple of days.

This way we would monitor him to see his activities on month end.

The next evening while the month end process, one user was still logged on. The cashier. He was producing invoices after working hours. Apparently trying to cover his tracks, trying to account for the amount he pocketed by producing computerized invoices . This provided us with more evidence to now confront the cashier.

Cashier in Dealership 2 Upon further investigation with the

cashier he confessed that he would do the same as we suspected. However when ever a customer would come to pick his car up and make payment, he would tell him the computer is down and provide him with a “Manual Cash Invoice” that was created by him.

He would collect the cash and pocket it. Accounts would not be able find out. And

he could only do this fraud on job cards that had no parts issued to it.

Used Car Dept / Trade In I came across this by accident. Whilst I

was one day March 14th one day before a long weekend holiday sitting at the Used car sales desk with the UC Manager have a casual chat.

A salesman approached the UC Manager and told him a customer wished to trade-in his BMW with one of our new luxury cars and if the trade-in value was acceptable to us. He said he would get back to him in a few minutes.

Used Car Dept / Trade In After the salesman left I told the

UC Manager why the Used car appraisal system that we had developed was not being used. As I noticed the system was switched off.

His excuse was that it was one day before a holiday and that some of the evaluators were not at work.

Used Car Dept / Trade In After the holiday I decided to look into

this trade-in and I discovered the following.

The Details of the BMW trade in were not correct. The model & year number was not as per what the salesman mentioned. And the trade-in amount of the BMW was off by KD 3,000. (As per the market value of the car, as I came to find out later)

Used Car Dept / Trade In The computer showed that the BMW

was in our used lot for sale. So in order to reconfirm the Model and year and mileage, I went to the used car lot.

But the car was not there. I checked on the computer the next day

and the car was showing sold for an amount that didn’t make sense. It was KD 3,000 below the market value as I came to know later.

Used Car Dept / Trade In Doing further analysis I noticed that the Vin

number did not match the model number inputted by the used car staff. I checked this on the Internet.

The model in our system was 740i but the car was in-fact 740iL. The L meant more specs and an extra cost of KD 1,000. The year of the vin did not match the model year as well. I was two-three years below what the sales man had mentioned. And I would not be surprised if the mileage captured was overstated, but I could not prove that as the car had disappeared.

Used Car Dept / Trade In The Findings The company received only a KD 300

profit on the car. Our cost and our sales price reflected this.

The wholesale traders and the “inside staff” on the take received a approximately a total of KD 3,000, on an outside deal.

I contacted the new owner of the BMW where by I received his number from Traffic Dept. Confirmed that he bought the BMW from a trader at approx KD 3,000 over the price we sold it.

Used Car Dept / Trade In Management did not wish to

investigate this further as they feared it would create too much damage to the dealership.

We decided however to introduce more controls in the system. (and assign someone to maintain the market value of the cars, along with eliminated manual forms, etc)

Used Car Dept / Trade In And if you are probably wondering,

I did in fact conduct a more through data analysis on historic transactions.

Similar trends of Data Inconsistency were noticed.

Rental Clerk

Rental Clerk In one of the dealerships the

Rental Counter clerk who was responsible for issuing rental cars and receiving them was manipulating the system and pocketing money.

I conducted an monitor of the screen activities.

Rental Clerk For one week of monitoring it was

observed that one of the methods was to change the Tariff rates using his superior’s login ID, by providing discount to the clients.

But by collecting more than the discounted amount, by means of issuing a manual receipt to the customer.

Mileage manipulation Rental

Mileage manipulation Rental Doing an internal audit of the

system, I came across inconsistencies in the mileage data for many vehicles.

This was conveyed to the Rental Manager along to the FC. Where by the Rental clerks had to input the correct mileage.

Mileage manipulation Rental A few weeks later, I audited the

mileage data once more, only to find that the same problem of wrong mileages were being fed.

I further cross referenced those findings with our service application module.

Mileage manipulation Rental There was no excuse that the

users would not input the correct mileage.

The case was referred to the Accounts Department for further audit and review.

Mileage manipulation RentalFindings:

The Accounts Department conducted a physical count of the vehicles on premise.

The number of cars on the lot were short of 3 – 4 cars.

These were being used by the Rental Staff.

Conclusion

If the dealerships would have utilized the systems as they were meant to be used, some of the frauds might have been averted.

If the dealerships conducted regular audits as well.

If the dealership enforced strict penalties for system abuse.

My recommendation And Software application should provide

a comprehensive audit trail of all the Database.

I would go far to say that for every table their should be an audit table that keeps track of each and every changes that occurs on every field.

A periodic review of audit exception reports should be made, by IT, Audit, Accounts and Key Business Users.

Falling back on backups of the database to conducts audits serves very little help as a means to track data manipulation.

Thank you for your time. Disclaimer: This presentation was compiled only to

share the knowledge with the audience. By all means it is not meant to discredit

any dealership accounting control processes or put shame to any of the Business departmental heads in any of the dealerships.