FraudandForensicAccounting InaDigitalEnvironment

WhitePaperfor TheInstitutefor FraudPrevention

ConanC.Albrecht MarriottSchoolofManagement BrighamYoungUniversity conan@warp.byu.edu

FraudandForensicAccounting InaDigitalEnvironment

ABSTRACT Thispaperdiscussesfouraspectsofcomputeraidedfrauddetection thatareof primaryinteresttofraudinvestigatorsandforensicaccountants:dataminingtechniques forthedetectionofinternalfraud,ratioanalysisfor thedetectionoffinancialstatement fraud,theissuessurroundingexternalinformationsources,andcomputerforensicsduring fraudinvestigations. Itprovidesaninformativebackgroundandthendetailsthecurrent statusofresearchineacharea.Itdescribeswhatiscurrentlyunknown,anditproposes futureresearchtopics.

Keywords:Fraud,ComputerForensics,ProactiveFraudDetection,DigitalAccounting

1 INTRODUCTION Themoderndigitalenvironmentoffersnewopportunitiesforbothperpetrators andinvestigatorsoffraud.Inmanyways,ithaschangedthewayfraudexaminers conductinvestigations,themethodsinternalauditorsusetoplanandcompletework,and theapproachesexternalauditors taketoassessriskandperformaudits.Whilesome methods,suchasonlineworkingpapers,aremerely computerizedversionsoftraditional tasks,others,suchasriskanalysisbasedonneuralnetworks, arerevolutionizingthefield. Manyauditorsandresearchersfindthemselvesworkingamidaneverchanging workplace,withcomputerbasedmethodsleadingthecharge. Perhapsthemostdifficultaspecttocomputerbasedtechniquesistheapplication ofasingletermtoawidevarietyofmethodslikedigitalanalysis,electronicevidence collection,datamining,andcomputerforensics. Indeed,computerbasedfrauddetection involvesaplethoraofdifferenttechnologies,methodologies,andgoals.Sometechniques requireastrongbackgroundincomputerscienceorstatistics,whileothersrequire understandingofdataminingtechniquesandquerylanguages. In theauthorsexperience,discussionsaboutcomputerbasedfrauddetection techniquesinmostaccountingcirclesarerevolvearound theuseof BenfordsLawto discoverfalseinvoicesorotherfraudulentamountsincorporatedatabases. Analysisof dataagainstBenfordsdistributionisuseful,butitisonlyoneofmanycomputerbased frauddetectiontechniquesthatshouldbeusedbyprofessionalsandresearchedby academics.

Thispaperreviewsthedifferentaspectsofcomputeraidedfrauddetection.In particular,itdescribeseachtopicalarea,itsresearchtodate,andneededresearchforboth professionalsandacademics. 1.1 TypesofFraudDetection Frauditselfcomprisesalargevarietyofactivitiesandincludesbribery,political corruption,businessandemployeefraud,consumertheft,network hacking,bankruptcy anddivorcefraud,andidentitytheft.Businessfraudoftencalledoccupationalfraud isusuallymostinterestingtoaccountingprofessionalsandfacultyandistheprimary subjectofthispaper(ACFE,2008). Withintheareaofbusinessfraud,manyfindit helpfultoseparatebetweeninternalandexternalfraud(Albrecht,et.al.,2008). Internal businessfraudinvolvesschemesagainstacompany(i.e.tostealmoneyfroma company).Internalfraudincludesschemeslikeemployeeembezzlementandkickback relationships.Internalfraudisusuallyfoundbyinternalauditorsordedicatedfraud detectionteamsthrough hotlines,dataminingefforts,andinternalaudits. Externalbusinessfraud,orfinancialstatementfraud,involvesschemesonbehalf ofacompany.Thisismostoftendonebymisrepresentationof thefinancialstatementsto improvecompanyimageandmisleadstockholdersandotherinterestedparties.Common externalschemesinvolverevenueandinventoryoverstatements,liability understatements,inadequatedisclosurefraud,andothermanipulationstothefinancial statementsandcompanyrecords(Wells,2002). Theactoffraudinvestigationiscomprisedofseveralactivities,includinginitial discovery,publicrecordsearch,interviewsofvarioustypes,documentrecoveryand search,legalprosecution,andcomputerforensics.Thetypicalfraudinvestigatoris

heavilyinvolvedwithmanyoftheseactivities,butheorshegenerallyworkswithlegal counselorinformationsecurityprofessionalsformorespecializedtasks. Evenwithintherelativelynarrowfieldofcomputerbasedfrauddetection, significantdifferencesintaskperformanceandknowledgerequirementsexist.For example,computerforensicsrequiresknowledgeofdiskcloning,operatingsystems,file andgraphicsformats,andscriptingforautomation.Incontrast,datatheftpreventionand investigationrequiresknowledgeofdatabases,security,intrusiondetection,hacking principles,andencryption. 1.2 PaperScope Thispaperfocusesonfourcentralthemesthatrunthroughthetopicsdescribed above.Theseareoutlinedasfollows: 1. Dataminingforfraud:Techniquesandmethodologiesfordiscovering fraudincorporatedatabases. 2. Financialstatementfraud: Ratioanalysisandothermethodsoffinding financialstatementmanipulation. 3. Externalinformationsources:Informationaboutperpetratorfinancesand otherdata,usuallyfoundinwebsites. 4. Computerforensics:Investigatingbysiftingthroughcomputerharddrives andotherinformationdevices. Thispaperdoesnotcoveranumberofperipheraltopicsthatmightbetermed computeraidedfrauddetection.ITauditinginvolvesthereviewoftechnicalsystems, suchasERPapplicationsanddatabases,forrisksandcontrolweaknesses.Computer aidedauditriskassessmentistheprocessofusingexpertsystems,neural networks,or othercomputerbasedprogramstoassessvariousauditandinherentrisksduringthe planningphasesofaudits.ITcontrolandsecurityplanninginvolvesrequirements

definitiononpermissionsandsecurityinacorporatesystems.Evidencecollection techniquesareusefulinlargefraudcasestheirassociatedsoftwarehouseslargesetsof documents,data,andotherinformationinfraudinvestigations.Finally,deepforensics topicssuchasencryptioncrackingandintrusiondetectionarebettersuitedtocomputer sciencejournals. Theaforementionedtopicsarebeyondthescopeofthispaperandare notincluded. 1.3 StructureofthePaper Thispaperprovidesasectionforeachofthefourtopicsnotedabove.Because thesetopicsareminipapersin theirownright,thesectionsaresplitintothreeareas:a detailedintroductionanddescriptionofthetopic,aliteraturereviewandcurrentstatus, andasummaryofareasstillunknownandresearchpossibilities. 2 DATAMININGFORFRAUD In2002,GeneMorsefoundaround$500milliondebittoaPP&Eaccountat WorldCom.Hediscoveredtheanomalythroughsearchesinacustomdatawarehousehe haddevelopedintheEssbasemultidimensionaldatabase.WorldComwouldnotgive Morseaccesstofullfinancial systems,sohecreatedhisownwarehouseandusedbasic dataminingtechniquestosearchit.UsingasmallscriptandMicrosoftAccess,Morse followedtheaccountthroughthefinancialreportingsystemandultimatelydiscovereda $1.7billionentryof capitalizedlinecostsin2001(Lamoreaux,2007). TheWorldComfrauddiscovery isoneexampleof usingcomputertechnologyto searchfullpopulationsofdataforanomalies,trends,andfraud.Traditionalauditinguses techniqueslikediscovery,stratified,orrandomsamplingtodeterminewhethera populationcontainserrors(AlbrechtandAlbrecht,2002).Thisapproachworkswell

whenauditorsaresearchingforanomaliesunintentionalerrorsusuallycausedby weaknessesincontrolsbecauseanomaliesoccuratregularintervalsthroughoutthedata set.Incontrast,fraudintentionalerrorscausedbyintelligenthumanbeingscanoccur inonlyafewtransactions.Whileasampleofapopulationcontaininganomaliesshould berepresentative,asampleofapopulationcontainingfraudmaynotberepresentative. Assumingafraudisrecordedinonlyafewtransactions,asamplingrateof5percent resultsina95percentriskthefraudwillnotbesampledandwillbemissed. Fraud detectionmethodsshouldusefullpopulationswheneverpossible,andsincefull populationscanbevoluminous,theyalmostalwaysrequirecomputersanddatamining techniques. 2.1.1 Methodology Oneoftheassumptionsthatunderlietraditionalauditingmethodsisthepresence ofanintelligenthumanbeing.Whenanauditorchecksitemsinasample,heorsheis abletoapplyhumanreasonandcommonsensetotransactions.Fraudinvestigations oftenstartwiththeauditorconductingaroutineaudittask,lookingatatransaction,and saying,thatdoesntmakesense. Thisapproachcanbeseenasaninductiveapproach theauditorinvestigatesfurtherwhenanomaliesarefound. Dataminingroutinesrunbycomputerdonothavethisinnatesenseof normality.Queriesandscriptsdoexactlywhattheyareprogrammedtodo.Theydonot digdeeperunlesstheuserspecificallyprogramsthemtodoso.Toaccommodate this limitation,thefraudhypothesistestingapproachhasbeenproposed(Albrecht,et.al., 2000).Thisapproachhasalsobeenlabeledthedeductiveorproactiveapproachtofraud detectionitinvolvesthefollowingsixstepapproach:

1. Auditorsgainasolidunderstandingofthebusinessprocesses,controls, andenvironment.Thisunderstandingallowsthemtoproactivelypredict thefraudsthatmightbeoccurring. 2. Theteambrainstormsthepossiblefraudsthatcouldexistinthe environmenttheyareauditing.Thismightresultin50potentialschemes. 3. Oncepotentialschemesareidentified,theteamoutlinesthewaysthese schemeswouldshowupindata.Theseindicators,orredflags,arethe primaryindicatorsthatthefraudmaybeoccurring. 4. Foreachindicator,theteamsearchescorporatedatabasesusingqueries, scripts,anddataminingtechniques.Anyanomaloustransactionsare pulledforfurtherinvestigation.Thiscouldbeseenasasample(albeit notinthetraditionalsense)thatshouldbelookedatmoreclosely. 5. Auditorsanalyzethequeryresultstodeterminepossibleexplanationsfor theanomalies,whichcouldbefraud,weakcontrols,orotherreasons. 6. Theteamfollowsuponthoseindicatorsthatmaybecausedbyfraud. Thesefurtherinvestigationsemployadditionalqueriesortraditional meanstodeterminethetruecauseoftheanomalies. Thehypothesistestingapproachhasbeenusedsuccessfullyinseveralcase studies,includingliquorsales(LoftusandVermeer,2003), universityenvironments (DailyTarHeel,2007),andhealthcareinIndia(Albrecht,2008). 2.1.2 ContinuousAuditing Oncecomputerqueriesandscriptsarewritten,continuousauditingispossible. Ratherthantestingonhistoricaldata(thenormalauditprocess),testscanbeprogrammed intolivecorporatesystemstoprovidecontinuousmonitoringoftransactions. Continuous monitoringusinginformationtechnologyhasbeensuccessfullyusedatanumberof companies(Hermanson,2006).Forafullliteraturereview,seethepaperbyRezaee,et. al.(2002)which proposesageneralizedapproachtoaudittestingandanalysis.The methodissimilartothehypothesistestingapproach desecribedearlier.

2.2

CommonTechniques Thetechniquesusedtoperformdataminingforfraudrangefromsimple

statisticalaveragestocomplexneuralnetworksandclusteranalyses.Thissection presentssomeofthemorecommontechniquesfoundinliterature. 2.2.1 DigitalAnalysis In 2000,MarkNigrinipublishedanimportantbookcalledDigitalAnalysis UsingBenfordsLaw(Nigrini,2000). Although BenfordsLawisnowacenturyold andwasdiscussedinfraudliterature(Hill,1995BustaandWeinberg,1998Nigrini, 1999)priortothebook,Nigrinisworkintroducedthetechniquetothelargeaudienceof auditors. BenfordsLawworksbecausenatureproducesmoresmallthingsthanlarge things. Therearemoreinsectsthanlargemammals,moresmallhousesthanlargeones, andmoresmalllakesthanlargebodiesofwater. Similarly,businessesproducemore transactionswithsmallamountsthanwithlargeamounts.BenfordsLawpredictsthat amountswillstartwiththedigit1moreoftenthan thedigit9,anditevenprovidesa mathematicalformuladescribingthelawandpercentages.Thedigit1shouldshowup about30percentofthetime,whilethedigit9shouldoccurlessthan5percentofthe time. Digitalanalysisisattractivebecauseitisdeeplynonintuitiveandintriguing, simpleenoughtobedescribed(ifnotfullyexplained)eventothosewithoutanyformal traininginmath(ChoandGaines,2007).Itcanberunondatawithlittleregardto context.Forexample,whendatafrom acertainvendorareroutinelyoutsidetheexpected percentages,furtherinvestigationisalmostalwayswarranted.

Theprimary limitationtoBenfordsLawisbusinessdatadonotalwaysfollow naturalpatterns thereexistalargenumberofreasonsthattransactionsmaynotmatch BenfordsLaw.Explanationslikerecurringfixedexpenses,unusualbusinesscycles,and assignedamountsareoftenfound.Theauthorhastaughtdigitalanalysistothousandsof professionalauditorsintenyearsofaskingparticipantsabouttheirsuccesswithdigital analysis,onlythreeindividualshavereportedfindingfraudwithBenfordsLaw(others havereportedthatdigitalanalysiscouldhavebeenusedtofindalreadydiscoveredfrauds, buthindsightisnotprediction). Insomeways,theauditfieldmayhaveoverestimated theusefulnessofdigitalanalysis.Butdespiteitslimitations,BenfordsLawremainsone ofthemostpopulardataminingtechniquesforfraud. 2.2.2 OutlierDetection Oneoftheprimarymethodsofdetectingfraudisdiscoveringdatavaluesthatare outsidethenormalcourseofbusiness.Forexample,akickbackschememightbethe reasonpurchasesfromonevendoraretwiceashighassimilarpurchasesfromanother vendor. Thesimplestmethodofoutlierdetectionisthestatisticalzscorecalculation.This formula,givenas(valuemean)/standarddeviation,providesasimpleandcompact methodofmeasuringoutliers.Thenumeratorshiftseachpointtoazerobasedscale,and thedenominatoradjuststhedistributiontoastandarddeviationofone.Oncethedataare transformedintothisstandardizedscale,generalizedstatementscanbemade.Inthe authorsexperience,outlierscoresof5,8,oreven12areoftenfoundinrealworlddata. Attimesthesemaybetheresultofnonnormaldistributions,buteveninthosecases,the scoreprovidesanindicatortopotentialproblems.

Moreadvancedtechniqueshavebeenusedin specializedareas.Forexample, creditcardfraudcanbediscoveredbyidentifyingtransactionsthroughbothunsupervised andsupervisedlearning.BoltonandHand(2001)usedbehavioraloutlierdetectionwith unsupervisedlearningtodetectabnormalspendingbehavioraswellasincreased frequencyofuse.Othershaveusedregressionmodels,DiscreteGaussianExponential, depthbasedtechniques,distancebasedtechniques,andanumberofothertechniquesto identifyoutliers. TheseresearchstreamscanbefoundinAgyemang,et.al.(2005)and Kou,et.al.(2004). 2.2.3 Trending Inaddition tocomparingsameperiodnumbersfromdifferentvendors, employees,orcustomers,fraudcanbediscoveredbycomparingnumbersovertime. Becausealmostallperpetratorsaregreedy(Albrecht,2008),fraudincreases exponentiallyovertime.Auditorscaneasilyspotanincreasingtrendonalinechart computersarenotneededifonlyoneitemisbeingaudited(oneemployee,onevendor, etc.).Theneedforautomationisduringtheinitialphaseofafraudinvestigation.If auditorsdonotknowwhichitemisincreasing,theymustlookthroughthousandsof graphstodeterminewhichitemrequiresadditionalinvestigation.Trendingmethods allowthecomputertodeterminewhichtrendsareincreasingsotheauditorcanfocuson thoseitems. Oneofthemostbasicmethodsofdetermininganincreasingtrendislinear regression.Oncethecomputerfitsalinetothedata, theslopeandgoodnessoffit provideasimplemeasureoftrend.NonlinearregressionandBoxJenkinsanalysis

providemoreadvancedmethodsofmeasuringtrend. StatisticalpackageslikeSASand SPSSprovidefulltrendingmodulesfortheinterestedauditor. 2.3 AdvancedStatisticalTechniques Workhasbeendoneinstatisticalandcomputersciencefieldonadvanced methodsforfrauddetection.ThesemethodsincludeBayesianNetworks,genetic algorithms,statetransitionanalysis,rulematching,andclusteranalysis.SeeAgyemang, et.al.(2005)andKou,et.al.(2004)foradetailedreviewoftheseandothermethods. Thereadershouldnote,though,thatmostoftheseadvancedtechnicalmethodologiesare notgenerallyusedintypicalbusinesssystems(suchaspayroll,sales,purchasing databases).Theyaremostoftenusedinhighlyspecializedareaslikecreditcardfraud, healthcareclaims,andvoterfraud. 2.4 Applications Whileacademicoutletsgenerallypublishmethodologiesandtechniques, professionalpublicationshighlightthecommonfraudorienteddataminingplatforms (Nigrini,1999CoglitoreandMatson,2007 Lehman,2008 SecurityProcedure.com, 2008).ThemostpopularapplicationsaregeneralpurposeauditprogramslikeACLand IDEA.Specializedfrauddetectionsoftwareismakinganentryintothemarket,with fraudmodulereleasesfrombothACLandIDEA,fraudcomponentsinSASandSPSS, andadedicatedfrauddetectionprograminPicalo. 2.5 FutureResearch Inthepasttenyears,researchershavepublishedmanymethodsandtechniques forfrauddetection.However,thesetechniquesareeithernotdevelopedsufficiently or

tootechnicalforthetypicalauditor.Researchontechniquesisneededintwoareas. First,thefieldneedsabetterunderstandingofwhatsimpletechniquesforoutlier detection,trending,linkanalysis,andfulltextanalysisareusefulforfrauddetection.To date,onlyBenfordsLawhasseenwideuse,andwhileitisinteresting,itseffectiveness foractuallyfindingfraudisnotwellprovenespeciallyondiscoveringfraudsthathave nototherwisebeendiscoveredwithothertechniques.Second,alargebodyofadvanced statisticalandcomputerscienceliteratureisavailable.Applicationofthesetechniquesto thefraudareahasbeendoneinafewpapers,butsignificantworkstill remains. The literatureprovideslittleclarityonwhichtechnologiescanbeusedtodiscoverfraud. Bothempiricalandcasestudyresearchisneededtodeterminehowthesetechniquescan besuccessfullyimplemented. Beyondthetechniquesthemselves,auditorshavelittletrainingincomputer programming,querylanguages,andstatistics.Inaddition,theydonothavesufficient timetoperformthesealgorithmsintypicalaudits.Detectletsareonemethodofencasing theknowledge,routine,andalgorithmintoawizardlikeinterface(Albrecht,2008). Theymaybeabletosolveboththetrainingandtimeproblem.Developmentofdetectlets oranothersolutionisneededbeforetheauditfieldcanrealizesuccesswiththese advancedtechniques.Thisisaprimaryareathatinformationsystemsandtechnically savvyaccountingresearcherscanaddvaluableknowledgetotheauditfield. Itisoftensaidthatthepreparationofdataismoredifficultthantheanalysisofit. Researchisneededintothebesttools,techniques,andmethodologiesthatauditorscan usetopreparedataforanalysisfromsourcebusinessdatabases. Cutoffpoints,missing values,abnormaltrends,andotherdifficultiesariseduringpreparation.Oneexciting

prospectistheautomaticconversionofdatabasesfromoneschematoanother(currently beingworkedonindatabasecircles).Ifprogramscouldautomaticallyinterpretdatabase columntypesandrelationships,theycouldtransformthedatabasefromanycompany intoastandardschema.Algorithmswrittentothestandardschemacouldthenberunon thestandardschemawithoutworryingaboutdifferencesbetweencompaniesand locations. Thisconversioncouldbethebasisforanofftheshelf,frauddetection solution. Finally,manyauditorssimplydonotknowhowtoincorporatedatamininginto theirwork. SoftwarecompanieslikeACLandIDEAprovideworkbooksthatcanbe usedincourses,buttheseworkbookshavefewexamplesofdirectfrauddetection especiallywithadvancedtechniques. Methodologieslikethehypothesistestingapproach areafirststepin providingmethodologyresearch,butsignificantadditionalresearch bothempiricalandfieldareneededtovalidateandextendtheexistingmethodologies. Thesemethodologiescanthenbetaughtinuniversitycoursestofutureauditors. 3 FINANCIALSTATEMENTFRAUD StatementonAuditingStandards(SAS)No.99,ConsiderationofFraudina FinancialStatementAudit(AICPA2002),requiresauditorstoassesstheriskthatfraud maymateriallymisstatefinancialstatements.DespiteSAS99beinganimportant requirementtowardsincreasedfrauddetection,asurveybyMarczewskiandAkers (2005)revealedthatCPAsdontanticipatethatSAS99willsubstantiallyincreaseaudit effectiveness.AnotherstudyfoundthatwhileSAS99increasedauditorresponsibility, mostauditorshaddifficultyidentifyingfraudanditsrisks(BeasleyandJenkins2003).

Notwithstandingthesedifficulties,failuretodetectfraudulentfinancialreporting notonlyplacestheauditfirmatrisk,butalsoexposestheauditprofessiontoincreased publicandgovernmentalcriticism.Cecchini,etal.(2006)presentevidencethatresearch aidingauditorsinassessingtheriskofmaterialmisstatementduringtheplanningphase ofanauditcanhelpreduceinstancesoffraudulentreporting. 3.1 RatioAnalysis Traditionalmethodsforthedetectionoffinancialstatementfraud,suchasvertical andhorizontalanalysis,tiplines,analysisofrelationshipsbetweenmanagementand others,comparisonswithindustry,andanalyticalsymptoms,arewelldocumentedin textbooks(Albrecht,et.al.,2009). Morerecently,researchhasfocusedonratioanalysis forthedetectionoffinancialstatementfraud. Ratioanalysisinvolvescalculatingbothtraditionalandnontraditionalfinancial ratios,suchasaccrualstoassets,assetquality,assetturnover,dayssalesinreceivables, deferredchargestoassets,depreciation,grossmargin,increaseinintangibles,inventory growth,leverage,operatingperformancemargin,percentuncollectibles,salesgrowth, SGEexpense,andworkingcapitalturnover.Sinceratiosstandardizefirmsforsizeand otherfactors,onewouldexpectfirmswithinanindustrytofollowsimilartrends. Earlystudiesusestatisticaltechniqueslikeprobitandlogisticregression,while laterstudieshavebranchedouttoneuralnetworks,classificationschemes,andrule ensembles.Studiesthatusebothinternalandexternaldatahaveprovenmoresuccessful, butthegoalofmostoftheresearchistouseonlyexternallyavailabledataforanalysis (limitingtheresearchtodataavailabletomoststakeholders). Areviewofmanyofthese studiesfollows.

Inanexploratorystudy,Loebbecke,etal.(1989)refinedanearliermodeldevelopedby LoebbeckeandWillingham(1988)using77fraudcasesandtestedthemappingsof variousredflagstocreateclassificationsinthreemainareas:conditions,motivation,and attitude.Theyfoundatleastonefactorfromeachareapresentin86percentofthefraud cases. Hansen,etal.(1996)developedageneralizedqualitativeresponsemodeltoanalyze managementfraudusingthesetofcasesdevelopedfrominternalsourcesbyLoebbeke,et al.(1989).Themodelwasinitiallytestedassumingsymmetricmisclassificationcosts betweentwoclassesoffirms(fraudulentandnonfraudulent).Usingover20cross validationtrialsoffivepercentholdoutcases,anoverall89.5percentpredictiveaccuracy wasrealizedbutaccuracyinpredictingfraudwasonly62.8percent.Asecondmodel adjustedforasymmetriccoststoreflectthegreaterimportanceofpredictingfraud.While theoverallaccuracydroppedto85.3percenttheaccuracyinpredictingfraudulent companiesincreasedto88.6percent.Thecorrespondingreductioninpredictionaccuracy fornonfraudulentfirmswasfrom95.5percentto84.5percent. GreenandChoi(1997)usedaneuralnetworktoclassifyalargesetoffraudulentand nonfraudulentdata.Theresearchersusedfiveratios(allowancefordoubtfulaccounts/net sales,allowancefordoubtfulaccounts/accountsreceivable,netsales/accountsreceivable, grossmargin/netsales,andaccountsreceivable/totalassets)andthreeaccountvariables (netsales,accountsreceivable,allowancefordoubtfulaccounts)toidentifyrisk.The selectionofthesevariablesbiasedtheirresultstowardcertaintypesofrevenuefraudsbut theirmethodshowedpotentialforneuralnetworksasfraudinvestigativeanddetection tools.

Eining,etal.(1997)examinedhowthefollowingthreetypesofdecisionaidshelped auditorsfindfraud:checklists,logisticregressionmodels,andexpertsystems.Theexpert systemusedaredflagapproachtoidentifyhighriskareasandprovedtobethemost effectiveofthethree. SummersandSweeney(1998)investigatedtherelationshipbetweeninsidertrading andfraudulentcompanies. Usinglogisticregression,aninitialmodelwasdeveloped basedsolelyonfirmspecificfinancialdata.Overallpredictionaccuracywiththismodel was60percent,with68percentaccuracyachievedinpredictingfraudulentcompanies.A secondmodelthatincorporatedbothfirmspecificfinancialdataandinsidertrading factorswasabletoimproveoverallclassificationaccuracyto67percent,with72percent accuracyinpredictingfraudulentcompanies. Beneish(1999)developedaprobitmodelandconsideredseveralquantitativefinancial variablesforfrauddetection.Fiveoftheeightvariablesinvolvedyeartoyearvariations. Thestudyconsidereddifferinglevelsofrelativeerrorcost.With40:1asymmetriccosts, 56percentofthemanipulatorswerecorrectlyidentifiedinaholdoutsample.Results showedthattheDaysReceivableIndexandtheSalesGrowthIndexweremosteffective inseparatingthemanipulatorsfromthenonmanipulators.Mostoftheratiosusedinour researchwereadaptedfromthisstudy. BellandCarcello(2000)constructedalogisticregressionmodeltopredictthe likelihoodoffraudulentfinancialreporting.Thisanalysisreliedonriskfactorsidentified asweakinternalcontrolenvironment,rapidcompanygrowth,inadequateorinconsistent relativeprofitability,managementplacingundueemphasisonmeetingearnings projections,managementlyingtotheauditorsorbeingoverlyevasive,theownership

status(publicvs.private)oftheentity,andaninteractiontermbetweenaweakcontrol environmentandanaggressivemanagementattitudetowardfinancialreporting.The modelwastestedonthesamesampleof77fraudengagementsand305nonfraud engagementsusedbyHansen,etal.(1996).Fraudwaspredictedwith81percent accuracy,andnonfraudwasdetectedwith86percentaccuracy.Themodelscoredbetter thanauditingprofessionalsinthedetectionoffraudandperformedaswellasaudit professionalsinpredictingnonfraudoutcomes. Morerecently,researchhasfocusedonratioanalysiswithmoreadvanced statisticalandcomputersciencemethodsorwithmoreratios.GroveandCook(2004) testtheviabilityofnewratiosasredflags.Foradetailedreviewofstatisticaltechniques usedtoanalyzeratios,seePhua,et.al.(2005)andKirkos,et.al.(2007). 3.2 FutureResearch Comparingfinancialratiosbetweencompanies,industries,andgeneratedmodels stillrequiresmuchresearch.Todate,themostsuccessfultechniques(usingexternaldata andholdoutsthroughtheentirelearningprocess)haveachievedonly70percentsuccess. Since50percentsuccesscanbeachievedwithrandomguessing,moreresearchisneeded toimprovethemodels. Severalpotentialareasofimprovementshouldbenoted.First,traditional financialratios(likeassetturnoveranddayssalesinreceivables)havebeenusedto differentiatefraudfromnonfraudfirms.Researchintothedevelopmentofnewfraud specificratiosmightprovideinsightintoformulasthataremoresuccessfulatdetecting fraud.

Second,mostresearchhascomparedknownfraudfirmsagainstasimilarfirm. Whatdefinessimilar?Shouldthepairedfirmbeselectedbasedonsimilarrevenues, profits,assets,orliabilities?Canindustrymodelsbecreatedthatbetterapproximatethe industry(andcreateabetterpairedfirm)? Third,thecorrecttimeframeofcomparisonneedsresearch.Isitsufficientto analyzedatafor5years,ordolongerorshortertermsmakesense? Shouldyearlyor quarterlyreportsbeused?Thedeterminationofwheretheanomaliesarefoundin externaldatahasseenconsiderableresearch,butitisstill notwellunderstood. Fourth,mostresearchonratioanalysisdoesnotapproximatetherealworld.Most researchmakesonetoonecomparisons,essentiallyassumingthat50percentoffirmsare fraudulent. Inreality,fraudulentfirmsareprobablylessthanafewpercentofthetotal numberoffirmsthatreportfinancial statements.Thisdifferencebecomesimportantin learningalgorithms.Also,thecostsassociatedwithType1andType2errorsmustbe factoredintomany algorithms.Thecostofmissinganexistingfraudisgenerally regardedasmuchhigherthanrejectingapotentialclientbecauseitmightbefraudulent (but,inreality,wasnot),yetmostresearchsimplyassumesa50/50cost. Finally,whileratioanalysisisthecurrentfocus,entirelydifferentstreamsmay providebetterresults.Exploratoryresearchintonewmethodsofcombiningpublicly availablecompanyinformationcouldproveeffective.Intheend,researchmayshowthat financialstatementsaresimplytoosummarizedforeffectivedataminingforfraud. However,financialprofessionals,shareholders,andindeed,theentireauditprofession wouldbeforeverchangedifcomputerbasedresearchproducedareliableandrepeatable methodofdiscoveringfraudinfinancialstatements.

4 EXTERNALINFORMATIONSOURCES Inrecentyears,astorehouseofpubliclyavailabledatahasbecomeavailableon theInternet.Priortothe1990s,investigatorswantingpublicinformationhadtosearch through recordsatcourthouses,libraries,universities,andpublicrecordsoffices.Many times,theserecordswereinpaperform,andevenwhentheywereelectronic,thetask wasdauntingtomostinvestigators.Indeed,searchingeachcountrycourthouseinTexas meanttravelingthroughthestatetovisitatleast254locations! CompanieslikeLexisNexishavelongcollectednewsarticles,legaldocuments, andotherinformation.However,the1990ssawanexplosionofinformationcollecting bycompanieslikeChoicePoint,Accurint,andLexisNexis.Whiletheinformationhad alwaysbeenpublic,bringingittogetherintooneplacerepresentedaleapforwardinits accessibilityitbroughtexternalinformationsearchingintothecomputerorientedfraud detectionarea. Searchingforexternalinformation onpeopleandcompaniesbecomesimportant inatleasttwoareas.First,investigationsthathaveidentifiedkeyindividualscansearch publicrecordsforinformationonthoseindividuals.Theseindividualsarenormally identifiedthroughinternaldataminingefforts,anonymoustips,orothermethods. Second,regulationslikeSarbanesOxleyrequirethatauditorspaycloseattentiontotop levelmanagement.Externalinformationcanbeusefulindeterminingintoplevel managementarespendingexcessivelyorotherwiseengaginginactivitiesthatcause concern.

4.1

AvailableInformation Fewacademicpapersexistontheavailabilityofexternalinformation.Because

theinformationispublishedbyprivatecompaniesthatcollectthepublicinformationinto onlinedatabases,professionaloutletsgenerallycarryinformationonproductandcontent availability(Frost,2004 Cameron,2001). Booksandtextbooksalsoprovidelinksto websiteswithinformation(Tyberski,2004Albrecht,et.al.,2009). Thefollowingisasamplingoftheavailableinformationforinvestigatorsonthese websites.Seetheabovereferencesforafulltreatmentofthesubject. Incorporationrecords Propertyandotherassetrecords Civillawsuits Criminalrecords Taxliens Civiljudgmentrecords Bankruptcyfilings Homevalues,loans,neighborcontactinformation Newsarticles,currentevents

TheinformationstorehouseslikeChoicePointarenottheonlysourceofonline information.Mapping,satellitephotos,birdseyeviews,andentirestreetviewsare availablefromGoogleandMicrosoft.DeepwebsearchengineslikeCompletePlanetand DeepDyveprovideonestopsearchingforsitesthatnormallyrequirelogins(andarethus notincludedintraditionalsearchengines). Other,specializedservicesexistformost informationneeds. 4.2 PrivacyIssues Oneareathathasseenconsiderableresearchistheprivacyissuesraisedbythese newwebsites.Thenewinformationwebsitesarenotprovidinganyinformationthathad notbeenpreviouslyavailable.However,bybothbringingtheinformationtogetherinto

oneplaceandbydigitizingpaperrecords,theinformationissignificantlymoreavailable to thepublic.Inaddition,techniqueslikelinkanalysisandcorrelationscanbedoneon therecords,effectivelycreatinginformationthatwasnotpreviouslyavailable.Many worryaboutthesignificantlossofprivacythathasoccurredinrecentdecades(Black, 2002Paletta,2005Lovett, 1955). Complicatingmattersisthefactthatdifferentstates disagreeabouttheonlineaccesstocourtrecords,makinglegislationdifficult(Swartz, 2004). Forexample,whenGooglereleasedstreetviewatoolwhichprovidespictoral viewsofmoststreetsintheUSAtheUSmilitaryaskedittoremoveallpictureswithin afewmilesofitsbases(TechnologyExpert,2008).Websiteslike GoogleSightseeing.com(notaffiliatedwithGoogle)publishthemostinteresting,popular, andsometimesembarrassingandintrusivepicturestakenbyGooglecameras. In2008, Googlelaunchedasatellitecapableoftakingpicturesatresolutionspreviouslyunknown toprivateentities(Jones,2008). Finally,GoogleDocs,Gmail,andothercloudbased servicesgiveincreasingamountsofdatatoasinglecompany. Whilethispaperisnot proposingaconspiracytheory ortryingtodiscouragetheuseofGoogleservices,the companyservesasanexampleof thepotentialprivacyconcernsthatisoccurringwithin privatecompaniesandgovernments. Bothacademicresearchersandprofessionalsare concernedwiththelossofprivacynewtechnologiesbring(Stafford,2005Samborn, 2002). Highlightingtherisksofcompilingtoomuchinformationintooneplaceisthe highlypublicizedChoicePointbreach.In2005,hackersgrabbeddataon163,000 individualsfromChoicePointsdatabases(Swartz,2007Freeman,2006).Whilethe

ChoicePointhackingwasextremelyserious,itiscertainlynottheonlysignificantbreach successfulhackingattemptsarereportedweekly inthepopularmedia. 4.3 FutureResearch Littleacademicresearchhasbeendoneonexternalinformationgathering.Most neededismethodologiesforsearching,compiling,andusingthesedatainfraud investigations.Mostsourcesonlylisttheavailablesourcesmorestructuredwaysof workingwiththesedataareneeded.Thesemethodologiescanbeincludedintextbooks anduniversitycourses. Therehasbeensomeworkdoneonprivacyissues,especiallybythelawfield. However,moreresearchisneededonhowtoregulatedataproviders,howtokeep informationsafe,andwherethelinesofprivacyshouldbedrawn. Asthesewebsites continuetheirmovetointernationaldata,differencesincountrypoliciesandcultureswill becomeimportantresearchtopics. 5 COMPUTERFORENSICS Today,almosteveryfinancialfraudincorporatestheuseofacomputer,whether thefraudisfalsifyinginvoicesorelectronicmoneylaundering(Smith,2005).Inthecase offinancialstatementfraud,entriesprobablyexistaselectronicjournalentries,login recordsfoundinlogfiles,andelectroniccorrespondencebetweeninvolvedindividuals. Inrecentyears,auditorsfindthemselvesincreasinglyinvolvedinevidencecollection throughcomputerforensics. Asitpertainstofrauddetection,computerforensicsistheprocessofimagingdata forsafekeepingandthensearchingclonedcopiesforevidence(Gavish,2007Dixon, 2005). Perhapsthemostcommon exampleisseizingthecomputerof asuspectfor

analysis. Ingainingaccesstoorauditingthedataonadigitaldevice,computerforensics canalsoinvolvewhitehat(legal)hacking,passwordandencryptioncracking,key logging,digital surveillance,andintrusiondetection. Arguablythemostcommonformofelectronicevidenceisemailcorrespondence. Whenanindividual sendsanemail,acopyisnormallykeptinatleastfourplaces:onhis orherworkstation,onthesendingmailserver,onthereceivingmailserver,andonthe recipientscomputer.Computerforensicsonanylocationshouldprovidethefulltextof theemail,includinganyattachments. 5.1 ToolsoftheTrade Aswithexternaldatasources,mostofthewritteninformationaboutcomputer forensicsiscontainedintextbooksandprofessionaloutlets.Thetwoleadingproducts, EnCaseandFTK(describedbelow),arematuresoftwaresuites.Bothsoftware companiesprovidecomprehensivetrainingonforensicsoftwareandtechniques. Academicoutletsaregenerallyreservedforencryptioncrackingalgorithms, steganography,hacking,operatingsystemweaknesses,andprotocols.Whiletheseideas maybeusefulinsomeforensicaudits,theyarebeyondthescopeofthispaper.Theycan befoundincomputerscience,mathematics,andstatisticalliterature. 5.1.1 ForensicSuites ThetwoleadingsoftwarepackagesareEnCasebyGuidanceSoftwareandthe ForensicToolkit(FTK)byAccessData(Kuchta,2001).Thesesuitesprovideshorter learningcurvesthanprevioussinglepurposeutilitiesandbringagreaternumberof professionalstothefieldmorequickly.Bothpackagesprovidetaskorientedprocesses

forsecuringandcloningtheharddrive,calculatingmd5 or shachecksums,searchingfor graphics,andkeywordsearch. Inrecentyears,Linuxbasedtoolshavebecomepopularasfreealternativestothe traditionalsuites.Helix,thePenguinSleuth,andSecurityToolsDistributionareLinux distributionsthatrundirectlyfrom CD,providingcleanenvironmentsforsearchinga computerwithouttheneedforcloning(Causey,2005).Thesetoolsbootasuspect computerdirectlytoLinuxandmounttheuserharddrivesinreadonlymode,essentially bypassingmostpasswordsandsecurityprotections.WhileLinuxbasedtoolsaremore difficulttouseanddonothavethesameprecedentincourtasEnCaseandFTK,they havebecomepopularwithsomeauditors. Morespecializedtoolsusuallygearedtoasinglepurposelikepassword crackingorfileundeletingareavailable(Kuchta,2001).Thesetoolsmakeupthe toolkitofaforensicinvestigator.Mostauditorsonlyneedtounderstandthegeneral categoriestoeffectivelyworkwithdedicatedforensicpersonnel. Forensicinvestigatorsgenerallylookforinformationinthefollowingareas: 5.2 Officesuitefilesincomputerdirectories Graphicsindirectoriesandinthebrowsercache Email,instantmessaginglogs,andothercomputerbasedcommunications. Cellphonetextmessagelogsandcallrecords. Memoryanddiskcaches Deletedspaceonharddrives OtherdigitaldeviceslikeUSBflashdrives

Methodologies Beyondthetrainingprovidedbysoftwarecompanies,someacademicshave

researchedmethodologiesandtechniquesforcomputerforensics.Inparticular,Waldrup, et.al.(2004)proposedageneralizedfivestepprocessforadefensibleforensic

accountingprocess. Theystatetheirprocessisdefensibleincourtandrobustfroma technicalstandpoint. Smith(2005)researchedtherelationshipbetweentheuseofdigitaldataby auditorsandcomputerforensicspecialists.Byfocusingontherolesofthetwo individuals,Smithinvestigatedhowcollectingdigitalevidencecanbenefitfraudoriented audits. Linkanalysisisamethodologythatanalyzeslinksbetweendatafoundindata mining,fromexternalsources,andduringforensicinvestigations. Someresearchersare investigatinghowlinkanalysiscanbeeffectivelyusedtocorrelatecomplexevidencein forensicaccountingcases(Kovalerchuk,et.al.2007). 5.3 FutureResearch Whilesignificantresearchhasbeendoneonindividualforensictechniquesinthe computerscienceandmathematicsfields,additionalresearchisneededtoapplythese techniquestotheforensicaccountingfield.Mostauditorsdonothavethebackground neededtounderstandhowtoapplyrigorousforensicalgorithmsiftechniquesarenot includedinEnCaseorFTK,theyarenotgenerallyavailabletothefield.Academicswith thisknowledgecouldbringadditionaltechniquestotheaccountingfield. Ascanbeseeninthemethodologysectionabove,onlypreliminaryworkhasbeen doneincreatingrobust,researchedmethodologiesforforensicauditors.Theproposed methodologiesneedtobevalidatedandtested,andnewmethodologiesshouldbe proposed. Theproliferationofdatacapabledevicespresentsnewopportunitiesforthe applicationofforensicsresearch.Deviceslikecellphones,iPodsandotherMP3players,

digital cameras,PDAs,USBkey fobs,externalharddrives,andevenwritinginstruments withembeddedstoragearepotentialforensicsearchpoints.Forexample,therelatively largeharddriveintodaysiPodsdespitetheirinnocuousandubiquitousnaturehas surelybeenusedtostealdataorsensitiveinformationfromcompaniesandindividuals. Asthistrendcontinues,regulation,privacy,andprotectionwillbecomeincreasingly importantissues.Inaddition,theincreasingavailabilityofcloud(internet)storageand backuppresentsnewopportunitiesforforensicauditors. Finally,forensicauditingisarelativelynewfield.Researchintohowforensics shouldbeincludedinaccountingcurriculawouldbeuseful.Fewteachersknowwhich topicsshouldbetaughttoaccountingstudentsandwhichshouldbelefttoinformation systemsorcomputerscienceclassrooms.Indeed,ifdedicatedfraudcoursesareonlynow enteringthecurriculumofuniversityprograms,computerforensicsforaccounting majorsifresearchshowsthatsuchathingshouldbedoneisrelativelyunknown. 6 CONCLUSION Computeraidedfrauddetectionisanew,excitingfieldforaccounting researchers.Topicslikedataminingtechniques,ratioanalysisforthedetectionof financialstatementfraud,issuessurroundingexternalinformationsources,andcomputer forensicsbringopportunitiesforrobustresearchandforcollaborationbetween accountingfacultyandinformationsystems,legal,computerscience,mathematics,and otherresearchers. Currently,theresearchisspreadacrossawidevarietyofjournals,fromauditing toinformationsystemstoinvestigativeoutlets.Thegoalofthispaperistointroduce whatisknownabouteachtopicandproposeneededareasofstudyitisnotmeanttobea

comprehensiveliteraturereviewoneachtopic,butitreferencesotherreviewswhere possible.

7 REFERENCES

ACFE(2008).2008ReporttotheNation.TheAssociationof CertifiedFraudExaminers. Agyemang,M.,Barker,K.,&Alhajj,R.(2006).Acomprehensivesurveyofnumericand symbolicoutlierminingtechniques.IntelligentDataAnalysis,10,521538. AICPA(2002).SASNo.99:ConsiderationofFraudinaFinancialStatementAudit Summary. Albrecht,C.C.,Albrecht,W.S.,&Dunn,J.G.(2000).ConductingaProActiveFraud Audit:ACaseStudy.JournalofForensicAccounting,II,203218. Albrecht,C.C.(2008).Detectlets:ANewApproachtoFraudDetection.InEuropean AcademyofManagementatLjubljana,Slovenia. Albrecht,W.S.,&Albrecht,C.C.(2002).RootOutFinancialDeception.Journalof Accountancy,3033. Albrecht,W.S.,Albrecht,C.,&Albrecht,C.C.(2008).CurrentTrendsinFraudandits Detection.InformationSecurityJournal:AGlobalPerspective,17(1). Albrecht,W.S.,Albrecht,C.C.,Albrecht,C.O.,&Zimbelman,M.(2009).Fraud Examination(3).SouthWesternCengageLearning. Beasley,M.S.,&Jenkins,J.G.(2003).TheRelationof InformationTechnologyand FinancialStatementFraud.JournalofForensicAccounting,4,217232. Bell,T.B.,&Carcello,J.V.(2000).ResearchNotes,Adecisionaidforassessingthe likelihoodoffraudulentfinancialreporting.Auditing:AJournalof Theoryand Practice,19(1),169175. Benish,M.(1999).TheDetectionofEarningsManipulation.FinancialAnalystsJournal, 55,2436. Black,J.(2002).PublicRecordsinPublicViewOnline?.BusinessWeekOnline. Bolton,R.J.,&Hand,D.J.(2001).Unsupervisedprofilingmethodforfrauddetection. InConferenceofCreditScoringandCreditControlVII,Edinburgh,UK. Busta,B.(1998).RandyWeinberg.UsingBenford'slawandneuralnetworksasareview procedure,13(6),356366. Cameron,P.(2001). YouCan'tHidefromAccurint.LawTechnologyNews,8(9). Causey,B.(2005).HowToRespondToAttacks.CertificationMagazine.

Cecchini,M.,Aytug,H.,Koehler,G.,&Pathak,P.(2005).DetectingManagementFraud inPublicCompanies.UniversityofFloridaFisherSchoolofBusiness. Cho,W.K.T.,&Gaines,B.J.(2007).Breakingthe(Benford)Law:StatisticalFraud DetectioninCampaignFinance.TheAmericanStatistician,61(3),218223. Coglitore,F.J.,&Matson,D.M.(2007).TheUseofComputerAssistedAuditing TechniquesintheAuditCourse:FurtherEvidence.JournalofForensic Accounting,VIII,201226. DailyTarHeel(2007).ReportonSocialSecurityNumberFraud.UniversityofNorth CarolinaatChapelHill,April26. Dixon,P.D.(2005).An overviewofcomputerforensics.IEEEPotentials,24(5),710. Eining,M.M.,Jones,D.R.,&Loebbecke,J.K.(1997).RelianceonDecisionAids:An ExaminationofAuditors'AssessmentofManagementFraud.Auditing:AJournal ofTheoryandPractice,16(2). Freeman,E.H.(2006).DisclosureofInformationTheft:TheChoicePointSecurity Breach.InformationSystemsSecurity,1115. Frost,M.(2004).FindingSkeletonsinOnlineClosets.Searcher,12(6),5460. Gavish,A.(2007).TheHiddenCostsofComputerMisconduct.Security. Green,B.P.,&Choi,J.H.(1997).AssessingtheRiskofManagementFraudThrough NeuralNetowrkTechnology.Auditing:AJournalofTheoryandPractice,16(1). Grove,H.,&Cook,T.(2004).LessonsforAuditors:QuantitativeandQualitativeRed Flags.JournalofForensicAccounting,V,131146. Hansen,J.,McDonald,J.,Messier,W.,&Bell,T.(1996).AGeneralizedQualitative ResponseModelandtheAnalysisofManagementFraud.ManagementScience, 42,10221033. Heel,D.T.(2007).ReportonSocialSecurityNumberFraud.UniversityofNorth CarolinaatChapelHill. Hermanson,D.R.,Moran,B.,Rossie,C.S.,&Wolfe,D.T.(2006).Continuous MonitoringofTransactionstoReduceFraud,Misuse,andErrors.Journalof ForensicAccounting,VII,1730. Hill,T.P.(1995).AStatisticalDerivationoftheSignificantDigitLaw.Statistical Science,10,354363.

Jones,M.W.(2008).DoesGoogleHaveItsGeoEyeOnYou. .Electronicdocument, http://tech.blorge.com/Structure:%20/2008/10/10/doesgooglehaveitsgeoeye onyou/,accessed. Kirkos,E.,Spathis,C.,&Manolopoulos,Y.(2007).Dataminingforthedetectionof fraudulentfinancialstatements.ExpertSystemswithApplications,23. Kou,Y.,Lu,C.,&Sirwongwattana,S.(2004).SurveyofFraudDetectionTechniques.In 2004InternationalConferenceonNetworking,Sensing,andControl(pp.749 754). Kovalerchuk,B.,Vityaev,E.,&Holtfreter,R.(2007).Correlation ofComplexEvidence inForensicAccountingUsingDataMining.JournalofForensicAccounting,VIII, 5388. Kuchta,K.J.(2001).YourComputerForensicToolkit.InformationSystemsSecurity. Lamoreaux,M.(2007).InternalAuditorUsedComputerTooltoDetectWorldCom Fraud.JournalofAccountancy,35. Lehman,M.W.(2008).JointheHunt.JournalofAccountancy,4649. Loebbecke,J.,Eining,M.,&Willingham,J.(1989).Auditors'ExperiencewithMaterial Irregularities:Frequency,Nature,andDetectability.Auditing:AJournalof TheoryandPractice,9,128. Loebbecke,J.K.,&J.J.Willingham,J.(1988).ReviewofSECAccountingand AuditingEnforcementReleases.UniversityofUtah. Loftus,J.T.,&Vermeer,T.E.(2003).ProActiveFraudAuditing:Technology,Fraud Auditing,andLiquor.JournalofForensicAccounting,IV,307310. Lovett,R.W.(1955).LookingAround.HarvardBusinessReview. Marczewski,D.,&Akers,M.(2005).CPA'sPerceptionsoftheImpactofSAS99.CPA Journal,75,3840. Nigrini,M.J.(1999).I'veGotYourNumber.JournalofAccountancy. Nigrini,M.J.(2000).DigitalanalysisusingBenford'sLaw.GlobalAuditPublications. Paletta,D.(2005).RegulatingChoicePoint:WhoseJobIsIt,Anyway?.American Banker. Phua,C.,Lee,V.,Smith,K.,&Gaylor,R.(2005).Acomprehensivesurveyofdata miningbasedfrauddetectionresearch.WorkingPaper.

Procedure,S.(2008).RetrievedNovember17,2008from http://www.securityprocedure.com/downloadpicaloopensourcealternativeacl audit. Rezaee,Z.,Sharbatoghlie,A.,Elam,R.,&McMickle,P.L.(2002).Continuous Auditing:BuildingAutomatedAuditingCapability.Auditing:AJournalof TheoryandPractice,21(1). Samborn,H.V.(2002).NoPlaceToHide.ABAJournal. Smith,G.S.(2000).BlackTechForensics:CollectionandControlofElectronic Evidence.JournalofForensicAccounting,I,283290. Smith,G.S.(2005).ComputerForensics:HelpingtoAchievetheAuditor'sFraud Mission.JournalofForensicAccounting,VI,119=134. Stafford,A.(2005).InformationBrokers:PrivacyInPeril.PCWorld,101104. Summers,S.L.,&Sweeny,J.T.(1998).FraudulentlyMisstatedFinancialStatements andInsiderTrading:AnEmpiricalAnalysis.TheAccountingReview,73(1),131 146. Swartz,N.(2004).U.S.StatesDisagreeAboutOnlineAccesstoCourtRecords. InformationManagementJournal,11. TechnologyExpert(2008).Google'sStreetView"OfftheMap"atU.S.MilitaryBases. RetrievedNovember17from http://technologyexpert.blogspot.com /2008/03/googlestreetviewoffmapatus.html. Tyburski,G.(2004).IntroductiontoOnlineLegal,Regulatory,andIntellectualProperty Research.SouthWesternEducationalPub. Waldrup,B.,Capriotti,K.,&Anderson,S.C.(2004).ForensicAccountingTechniques: ADefensibleInvestigatoryProcessforLitigationPurposes.JournalofForensic Accounting,V,116. Wells,J.T.(2002).OccupationalFraud:TheAuditasDeterrent.JournalofAccountancy.