David Coderre - Computer Aided Fraud Prevention and Detection: A Step by Step Guide

The auditors had identified sales commissions as a particularly risky area. First, there were known cases of fraud having been committed at ABC and in other insurance companies. Second, the inherent risk was high since commissions were closely tied to compensation, and even job security. Finally, the control framework was not as tight as it should be; there were weaknesses in the timing of commissions and in the determination of valid sales. So, while the project was treated as more of a preventive fraud measure, it was also given the same diligence and planning as an investigation of a suspected fraud.

Sales staff have defrauded the company by claiming for insurance policies that were fictitious or by delaying the reporting of policies to manipulate sales levels.

To ensure sales commissions are based on valid sales levels and accounted for in the period in which they were generated.

Lisa Marges will be the team leader and will be supported by Sam Bedford (financial auditor). Dave Crowley will provide CAATTs support and will interface with the systems people to obtain the necessary data.

All team members will cease other projects effectively immediately to concentrate on the investigation. An interim report will be presented to the audit committee on August 29 and a final report should be prepared for signature by the audit committee chairman on September 12.

The Administrative Manual (Chapter VI, Section 2.a) clearly states ABCs regulations regarding the reporting of policies in the period in which they are signed. As well, Section 6.d outlines the criteria for the payment of commissions on new policies.

The CAATTs cell within the audit department will create extracts of the data from the customer master, policy, and account receivable databases. The extracted data will be downloaded to the departmental server. The required fields are:

• Customer masterpolicy number, policyholder name and address
• Policy databasepolicy number, policy type, salesperson, policy amount, start date, end date, cancellation date, payment amount, terms
• A/Rpolicy number, payment amount, due date, payment date, payment type

A review will be performed of company polices and regulations related to the basis for commissions and the reporting of policies to determine if any updates have occurred in the last year.

The data analysis will focus on the last completed fiscal year (2008) but will include data from three previous years (2005, 2006, and 2007) for trending purposes.

The customer master and policy data will be used to generate a sample of policies for which confirmation letters will be generated. The responses will be grouped for each salesperson to determine the validity of their policies sold.

The policy data will be used to examine trends in the number of policies soldby salesperson, by month. The aim is to determine if the data suggests that sales staff have adjusted policy dates to inflate sales during contest periods. Additional analysis will be performed on policies raised in months where sales vary by more than 15 percent of expected values.

Policy payments and cancellation data will be used to review the length of time policies were held by policyholders. Additional analysis will be performed on policies where the salesmans average is below the industry standard.

A variety of digital analysis tests will be performed on payment date to look for anomalies.

Additional analysis will be performed as appropriate and detailed in annexes to this plan. In addition, a detailed audit program will be developed.

Audit Team LeaderLisa Marges

Audit DirectorIsabelle French

Date: July 16, 2008

At the beginning of every audit in the sales area, the auditors liked to review the personnel files of the top salespeople.

Bob was fairly new to the company, having started just over one year ago. He had excellent credentials and had brought a lot of his old policyholders with him. He was the only new salesperson to meet the targets for the first year and was continuing to sign up new policyholders. Since Bob had been performing so well, he was on the auditors list for review. The first thing Jane noticed was that Bob had worked as an insurance salesman for three different companies in the last five years. This was not entirely unusual but was worth noting.

The auditors used the computer to select a random sample of policies and create confirmation letters. The confirmation letters were sent to each policyholder asking them to confirm the policy, payments, and terms. In previous years this technique had identified fake policies. Some confirmation letters came back Addressee Unknown, others were returned by the addressee with a note to the effect that they did not have a policy with ABC Insurance Ltd. This year was no exception; six confirmation letters were returned, and the auditors followed up on them. Jane was pleased to see that none of the returned confirmation letters was from Bobs policyholders. He had been around earlier, talking with the auditors and stressing the importance of having good controls. He even shared some of his experience from working in a number of insurance companies over the last 20 years.

ABC was in a very competitive business, and competition among sales staff was encouraged and rewarded by bonuses. Each year the top salesperson received a $10,000 bonus. Another audit test that had been successful in the past was to determine the total number and value of policies sold each month by each person. This provided the auditors with an easy way to determine if there was a sudden increase in policies sold just prior to the close of the sales contest. One year, a salesman claimed 48 policies in the last week before the end of the contest. This placed him first, and he received the bonus. Two weeks later he quit to join another company. One month after that, 44 of the 48 policies defaulted on their second payment. He had generated fake policies just to win the contest. Using a cross-tabulation of the sales staff, summarizing the number and dollar value of the policies by month, the auditors had a better chance at identifying this type of scheme. Also, since this had happened, the identification of the winning sales representative and the payment of the prize had been delayed until after the second month of payments on policies.

The auditors also performed other tests on policies sold, such as calculating (for each salesperson) the number of policyholders who failed to renew their policies after the first year. The rationale behind this test was tied to a risk the auditors identified in the way commissions were paid. The total of commission and expenses were about 105 percent of the total cost of the first years premiums; the company would make money only if the policy was active for more than one year. This was not usually a concern, given that most policyholders maintained their policies for five or more years. However, the auditors surmised that, under the current commission plan, a salesperson could issue a policy, pay the premiums for a few months, and then simply default on the paymentsand still make money. The use of confirmation letters helped to identify this type of scheme, but Jane had heard about one enterprising individual who actually gave away policies to people or sold them for ridiculously low premiums for one year. The salesman could justify the low premiums to the client by saying he would lose his job if he did not meet the quotas. The policyholders were happy with the price, and were told to direct any confirmation letters to the salesman, and he would take care of them. Thus, confirmation letters were not sufficient to identify the problem. When Jane reviewed the results of the test for failure to renew policies, Bob was at the top of the list. More than 65 percent of the policyholders signed by Bob either defaulted on their payments or did not renew their policies.