Is your fraud risk assessment intended to fail?

I was told early in my career: “People commit fraud, not internal control.” So if we were to have a proper analysis of the risk of fraud, we needed to evaluate people first. No, I don't mean psychological image. For me, this means there is a chance that the person is in the business cycle. Or mask the elegance of fraudulent plans through them. Or, by understanding the natural vulnerability present in its business system.

Without this analysis, your fraud risk assessment is just an academic exercise that meets the criteria. Or more outspoken, your fraud risk assessment is intended to fail. sorry!

Start with the complexity of the perpetrator

In our risk assessment, we have five categories of criminals. First-time offenders, repeated offenders, criminal groups, management and external parties. Whoever is likely to be an outside criminal depends on where we are in the business cycle. For example, in the expenditure cycle, the external party is the supplier, and in the revenue cycle, it will be the customer, etc.

For each category, we need to understand how they will implement the plan (the fraud scenario) and how they will create ritual fantasies (hidden strategies). Then we need to consider whether there are correct prevention and detective controls to mitigate the risk of fraud for criminals in each category.

Now, let’s look at a real-life example of how an organized crime group can steal assets.

aboutallIf fraud example

Recently, the three participated in a program to deceive the Georgia Department of Labor (Gadol) to benefit tens of millions of dollars in benefits, aiming to help the unemployed during the 19th period.

From March 2020 to November 2022, three individuals and their accomplices caused more than 5,000 fraudulent unemployment insurance (UI) claims filed against Gador, resulting in at least $30 million in stolen benefits, according to court documents and court evidence.

To implement the plan, the defendant and his accomplices created a fictitious employer and used thousands of identity theft victims’ personal identification information (PII) to create a fictitious employer list and filed fraudulent unemployment insurance on the Gadol website. Accomplices obtained PII from various sources, including by paying employees to employees of the Atlanta-area healthcare and hospital network, illegally obtaining patient PII from hospital databases, and purchasing PII from other sources via the Internet. Using the victim's PII, the three perpetrators and their accomplices that resulted in the stolen UI funds being issued via prepaid debit cards mailed to various locations. The victims of identity theft and uninformed participants are employees of several virtual companies created to execute such fraudulent plans.

FYI, we know that unemployment fraud was rampant in all states during the Coovid period. So is this a business problem, or is the State Administration of Unemployment failing to understand how criminal organizations make unemployment fraud crimes? Honestly, individuals have been committing unemployment fraud since the start of unemployment insurance.

Let's take a look at two fraud risk statements: expectations and accidents

Wear the auditor hat and create a fraud risk assessment first, by creating two different fraud risk statements

• Real people apply for unemployment benefits through real companies in false disguise. (Expected Fraud Risk Statement)

• Organized criminal groups take over the identity of the real person (assumed identity) and file false unemployment claims through virtual companies and deposit payments into prepaid debit cards. (An unexpected fraud risk statement)

What makes the expected fraud plan different from the unexpected fraud risk statement?

1. 1. The plan was conducted by a criminal group, not by a single person who claimed to be beneficial.
2. 2. The perpetrator stole the identity of a real person (assumed identity scheme).
3. 3. The perpetrator created the wrong company.
4. 4. Payment is a prepaid debit card, not a person's bank account.
5. 5. Plans implemented during the crisis. (In fact, this is the vulnerability that should be considered. Very much like a disaster recovery plan)

Without access to fraud risk assessment documents in various state unemployment offices, we can only speculate on what they say or don’t say. We can only guess what internal controls they have and what they do not implement.

If you can, let's talk about some strategies that might prevent this fraud or at least minimize it.

By understanding the categories of people who submit fraud risk statements, we can better determine the correct internal controls for each fraud risk statement. In this case, here are some things that can be considered red flags

1. 1. The creation date of the virtual company.
2. 2. The virtual company does not report the fact that the salary is paid.
3. 3. Payment card payment (additional review)
4. 4. Employees receiving unemployment benefits (assuming their identity) will report their payroll in another company.

Million dollar question

So, is their fraud risk assessment process designed to fail? I think you know the answer.

Fraudulent trivia

1. 1. according to The Time of Israelbetween 2017 and 2019, he allegedly accounted for $1 billion from Renhe Bank Ponzi scheme. Simon Leviev was born on September 27, 1990
2. 2. According to the Washington Post release, the film has become the most popular documentary on Netflix and has received five Emmy nominations. Tinder Swindler
3. 3. When did his legal trouble begin? 2011
4. 4. WAre HICH countries arrested for using fake passports? Israel, Jordan, Finland and Greece.
5. according to The Time of IsraelIn 2020, he pretended to be a medical worker to “get the COVID-19 vaccine early”.

So many times, I heard the auditor say, “You need to think like a thief.” So, do you think you can think like Simon? Can you make these plans? I think, think like an auditor. You need to know the risk of fraud, fraud hiding, internal control theory, and the principles of fraud auditing are better than thieves.

There is no doubt that AI is creating new opportunities for individuals to engage in fraudulent planning. Dubbing or creating an image of someone is used to access your business system. Your phone rang and it looked like someone you knew was calling. But before all this wonderful technology, let's see some of these schemes Hollywood has already done. Please name the person

1. 1. Which male actor portrays a woman to get a job?
2. 2. Which male actor portrays a woman to meet his child?
3. 3. Which movie star plays a singer who pretends to be a man and becomes famous? Be crazy!
4. 4. In the dangerous roles that play her most successful films, she is all shimmering and croaking films, forever popularizing her title role, becoming the most important female fatale in history?
5. 5. Portraited by numerous, Oscar-winning actorsThe most famous adaptation of the character Patricia Highsmith is __________? This is one of the great figures in film and literature, and perhaps the most important figure in the cinema.
6. 6. Because he is a classic, he cannot be excluded from the list. He now works for the FBI.

I haven't minimized the risk of fraud caused by AI, but in many ways Hollywood understands how Impostors were created a long time ago.