Illustration using ghost employee program

This year, I am focusing on the fraud risk assessment process as both a management tool and an audit tool. A common theme across my blogs is “Do you understand fraud risk?” I pose some questions that I hope will help you in your career as an auditor, investigator, risk manager or senior leader. In this blog, we’ll dive into how to gain a deeper understanding.

My guess is that most people understand the word “fraud” to some extent. And, my guess is that most people understand the word “risk” to some extent. But the new standard requires auditors to add “a deeper understanding of potential fraudulent schemes” to audit planning and execution. In my opinion, this is a two-step process. First, you must understand fraud risks, and second, you must plan audits to uncover fraud in the transactions you are examining.

What is the deeper understanding of ghost employees?

As an illustration, let's consider ghost employees. Most people believe that a ghost employee is a fictional person. However, this is a superficial understanding of fraud risk. As a reminder, there are five elements in a fraud risk statement. They are: Person Implementation, Entity, Action, Impact and Fraud Transformation. Of these five, one is always the key. It is considered the “primary element”. Keep in mind that there are many permutations of fraud risk statements.

For so-called ghost employee plans, the main element is physical. The action statement for each permutation is the same: pay for services not performed.

How to gain a deeper understanding?

1. Start with level one of the fraud risk statement.

2. Determine the arrangement of the first layer of fraud Risk Statement.

3. Customize these arrangements based on your industry and your company's organizational structure.

4. Customize the arrangement to suit your payroll system, whether it’s an in-house system or an external service.

5. Consider who can implement the plan. Whose problem.

6. Brainstorm how each fraud risk statement would play out at your company. how question.

7. Brainstorm where each fraud risk statement would appear in your company. What's the problem.

8. Incorporate business knowledge relevant to fraud risk statements. Industry issues.

9. If you want to really dig into fraud risk claims, consider the hidden complexities. This is what I call creating the illusion of etiquette.

10. Remember, this is no Time to consider internal controls. Your goal is to understand fraud risk.

Level 1 Fraud Risk Statement

In the spirit of this holiday season, I will provide a Level 1 fraud risk statement for ghost employee programs. Each of these will have variations; in real life, these variations will be specific to your industry and company. Let's start with the following illustrative examples: These are

• Fictional character projects work by creating an identity for someone who does not exist in real life.
• The perpetrator assumes the identity of a real person who is not a co-conspirator and adds them to your HR database.
• The perpetrator assumes the identity of a terminated or terminated employee and the employee is not a co-conspirator in the scheme. A conservatorship can be temporary or permanent.
• Perpretator temporarily assumes the identity of a real person in your HR database.
• Real person accomplices in fraud. In payroll, a “conspirator” is defined as a bona fide employee receiving the pay stub. Slang for “absent employee.” The motive was either asset theft or bribery.
• There were no real people involved in the fraud. In payroll, a “non-conspirator” is defined as an actual person who did not receive a payroll payment. The payment is transferred to the offender. One might argue that the last two overlap with the identity scheme hypothesized above.

Let's ask questions to deepen our understanding.

Use simple logic to develop arrangements. Is this person real or fake? The real person is either in the HR database or not. A person's identity can be assumed temporarily or permanently. Let me explain the thought process required to gain a deep understanding of fraud risk:

Let's assume your company is in the retail business. Store managers therefore have a high degree of control over entering HR and payroll transactions through direct access or administrative overrides.

• Presumed terminated employee status and the employee is not participating in the plan
• A store manager assumes the identity of an employee who leaves the workplace. The store manager caused the payroll hours of the departing employee to be submitted and caused the payroll payment to be transferred.
• Store managers assume an employee's identity for a limited time.
• After a limited period of time, the store manager will handle the termination. The store manager then has a limited time to choose another departing employee
• The likelihood of such a fraud risk statement occurring at corporate headquarters is considered low due to the physical separation of responsibilities at corporate headquarters.
• The payroll and attendance system is an internal system.
• In a retail setting, the manager is the most likely person to participate in the program, unless the manager delegates his or her responsibilities to a subordinate.
• The manager does not notify HR that an employee has left the workplace and enter the employee's working hours. Or, the new employee fills out a W-2 form, gives their manager their government ID number, and then never comes to work. Or, a manager processes a new employee's payroll a week before the employee starts working.
• This scheme is likely to occur when an employee receives a paper check payable in currency. This may occur if a manager causes changes to an employee's bank account.
• Business knowledge per se is not critical to this scenario.
• The manager will obviously create all the necessary paperwork for the employee. If the timing system is electronic, then the manager will use their override feature. The manager will select an employee with responsibility unrelated to the sales entry system. Managers will include employees in their weekly work schedule.

You now have options when writing your fraud risk statement:

• Ghost employee fraud risk

or

• Store manager takes over For a limited time, employees’ identitieso has left At the workplace, the store manager entered the departing employee's hours into the time and attendance system and subsequently misappropriated the departing employee's wages.

Which of the above represents a “deeper understanding” to you?

More importantly: May the holidays be filled with warmth, laughter, and happiness for you and your loved ones, wherever you are.

Fraud trivia

1. Last month’s answer:

2. What are common AI techniques used to copy people’s voices for the purpose of fraud?
3. b) Voice cloning. It uses artificial intelligence to copy someone's voice, allowing scammers to impersonate a trusted individual.

1. Which of the following might indicate that a video is an AI-generated “deepfake” video?

1. a) The speaker's clothing changes between cuts. Inconsistencies such as changes in clothing, disappearing background details, or unnatural neck movements can all be telltale signs of a deepfake.

1. How is artificial intelligence making phishing attacks more dangerous and harder to detect?
2. a) By creating highly personalized messages that mimic the tone and style of the legitimate sender. AI can create more sophisticated, persuasive and personalized emails.

1. What visual inconsistencies should you look for when analyzing suspicious images for AI processing?

1. b) Reflections on shiny surfaces are meaningless. While AI has improved on common mistakes, reflection and shadow defects remain common indicators that an image has been tampered with.

1. What can AI systems do to detect fraudulent financial transactions in real time?

1. b) Look for unusual or unusual activity based on learned patterns. AI-driven fraud detection systems use machine learning to identify unusual activity that deviates from normal customer behavior.

This month's question

5. Which artificial intelligence technology is used to create real but fake videos or images of individuals?
   a) Speech synthesis
   b) Neural network
   c) Deep fakes
   d) Natural language processing (NLP)
7. What behavioral biometrics can AI use to identify legitimate users and prevent fraud?
   a) User's height.
   b) User's typing speed and pattern.
   c) User's hair color.
   d) The user's shoe size.
9. What is the best first step if you receive an unexpected request for money over the phone from a family member?
   a) Send money immediately.
   b) Ignore the message.
   c) Verify the request by contacting the individual or organization directly through a known, trusted channel.
   d) Share the request on social media to see if others have received the same scam.
11. What might be signs of content fraud in AI-generated text?
    a) Consistent format.
    b) Unique and original writing style.
    c) Unverifiable factual claims or statistics.
    d) Correct grammar and spelling.
13. What are the main advantages of using machine learning for fraud detection?
    a) It is a perfect, error-free system.
    b) It can learn from historical data to automatically and quickly classify new transactions.
    c) It can replace all human security teams.
    d) Requires only a small amount of data to be effective.