Banks, Frauds & Internal Controls

CA Sheetal Anand
B.Com (H), FCA, DIRM, Certified Peer Reviewer
E: [email protected] | W: www.spjca.in | Twitter: @sheetuca

Abstract
Banks are the engines that drive the operations in the financial sector, money markets and
growth of an economy. With the rapidly growing banking industry in India, frauds in banks
are also increasing very fast, and fraudsters have started using innovative methods. As part of
the study, different conventional and non-methods are used to identify the instances of fraud
in the branch. On the basis of the finding, the root cause and deficiencies in internal control
system of the branch is identified and measures are suggested for improvement. The study
revealed that “poor employment practices and lack of effective training; over-burdened staff,
weak internal control systems, and low compliance levels on the part of Bank Managers,
Offices and Clerks are the main reason behind the identified deficiencies.
Although banks cannot be 100% secure against unknown threats, a certain level of
preparedness can go a long way in countering fraud risk. Internal audit professionals should
play an integral role in their organization’s fraud-fighting efforts. Some of other promising
steps to control frauds are: educate customers about fraud prevention, make application of
laws more stringent, leverage the power of data analysis technologies, follow fraud mitigation
best practices, and employ multipoint scrutiny. In 2015, the RBI has introduced new
mechanisms for banks to check loan frauds by taking pro-active steps by setting up a Central
Fraud Registry, introduced the concept of Red Flagged Account, submission of flash reports
and Indian investigative agencies (CBI, CEIB) will soon start sharing their databases with
banks.
Key words: Bank frauds, India, developing economy, RBI, internal controls, use of
technology.

Introduction
According to Singh (2005), “The Indian banking industry is unique and has no parallels in the
banking history of any country in the world. The phenomenal spread of branches, growth
and diversification in business, large-scale computerization and networking, have collectively
increased manifold the operational risks faced by the banks. The recent global financial crisis,
which had its roots in the banking sector, highlighted, except from the existing regulatory
gaps, the lack of proper and efficient internal audit functions within the banking institutions

1
in order to mitigate the resulting negative effects. The burst of the credit crunch and the
following financial recession resulted in the dramatic increase of bank frauds all over the
world, a fact that strengthened the need for the implementation of internal audit techniques.
The Reserve Bank of India (RBI) is the central policy making and national-level regulatory
body by keeping an eye over the entire banking industry.
Moreover, according to KPMG-CII report (2013), “Indian banking sector has potential to
become 5th largest in the world by 2020, and 3rd largest by 2025.” Besides, Kaveri (2014)
remarked that “while the Indian banking industry has witnessed a rapid growth in their
business and profits, the amount involved in bank frauds has also been on the rise. This
unhealthy development causes losses to the banks and badly affects their credibility.”
As KPMG‟s „India Fraud Survey 2012‟ states, “Despite having a strong regulator, the
financial services sector has emerged as the most susceptible sector to frauds.” According to
Chiezey and Onu (2013), “fraudulent activities cause losses to banks and their customers, and
also reduce money available for the development of economy.” Shockingly, “the banking
industry in India dubs rising fraud as an inevitable cost of business” (E&Y). According to
Deloitte India Banking Fraud Survey Report (Edition II, 2015), “Common causes of frauds in
banking include diversion & siphoning of funds, whereas fraudulent documentation and
absence, or overvaluation of collaterals were the main reasons for fraud in retail banking.”
Thus, in nutshell, “inadequate measures to prevent banking fraud is the primary reason for
widespread frauds. Technology is like a double-edged sword, which can be used to
perpetuate, detect and prevent frauds” (Bhasin, 2013).
However Kumar and Sriganga (2014) pointed that, “By leveraging power of data analysis
technology, banks can detect fraud very soon and reduce the impact of losses due to frauds.
Use of new technology can prove to be very helpful to control the fraud risk in banks.” It is a
well-known fact that investigation and prosecution of fraudsters in India is “very slow, time-
consuming process, thus, the danger of fraud will always be there. Thus through this research
report an attempt is made to use data analysis theories and techniques as a way of identifying
and flagging the suspicious transactions.

Theoretical Framework:
What is Fraud?
The Institute of Internal Auditors „International Professional Practices Framework‟ (2009)
defines fraud as, “Any illegal act characterized by deceit, concealment, or violation of trust.
Frauds are perpetuated by parties to obtain money, property or services; to avoid payment, or
loss of services; or to secure personal or business advantage.”
Pasricha and Mehrotra (2014) observed that “one of the most challenging aspects in the
Indian banking sector is to make banking transactions free from electronic crime.” However,
Bhasin (2011) concluded, “Frauds generally take place in banks when safeguards and
procedural controls are inadequate, or when they are not carefully followed, thus providing
ample opportunities to the fraudsters.

Role of Internal Control in addressing bank fraud :

Control is a broad concept that means different things to different people. The IIA definition,
according to the International Standards glossary, is:

2
“Any action taken by management, the board and other parties to manage risk and increase
the likelihood that established objectives and goals will be achieved. Management plans,
organizes and directs the performance of sufficient actions to provide reasonable assurance
that objectives and goals will be achieved.”
In simple words, internal controls are processes designed to provide reasonable assurance that
management achieves effectiveness and efficiency of operations, reliability of financial
reporting and compliance with applicable laws and regulations.
The internal audit reviews the effectiveness of the internal control system to ascertain
whether the system is functioning as intended (Fadzil, Haron & Jantan, 2005). The system of
internal controls should emphasize on, proper identification measurement and monitoring of
risks, control activities for each level of operation, creation of reliable information systems
that promptly reports anomalies and detailed reporting of all operations and monitoring of all
the activities (Opromolla & Maccarini, 2010). Internal controls should have the following as
its components, control environment, risk assessment, control activities, information and
communication and monitoring activities (Basel Committee, 2011).These interrelated
components of internal control must be present and functioning properly in order to have an
adequate and functioning internal control system (Rezaee, 1995).

Literature review:
Fraud and Fraud Awareness
In the broadest sense, fraud can encompass any crime for gain that uses deception as its
principal modus. General term of fraud is a form of deception or fraud committed by people
who are not responsible. Fraud is an intentional deception made to incur losses unconsciously
by the injured party and provide profits for perpetrators of fraud. Cheating or fraud is
generally come from the pressure to perform fraud or encouragement to take advantage from
opportunities that exist and their justification (generally accepted) against the action (fraud).
It includes all surprises, tricks, cunning or dissembling, and any unfair way which another is
cheated.
Auditors, accountants, investors, financial analysts, regulators, and others need financial
statements free of material misstatement, whether caused by error or fraud, and therefore are
interested in identifying fraudulent financial reporting.
Fraudulent Financial reporting (FFR) may occur anywhere and has become increasingly
prominent in the eyes of the public and the world’s regulators as it may be committed by
individuals across all professions.
According to the auditing standard, the factor that distinguishes fraud and error is action
background, which resulted in the misstatement in the financial statements of the action
intentional or unintentional. If fraud as an intentional act that cannot be detected by an audit,
it can have a negative effect for the financial reporting process (Koroy 2008).
On the other hand, there is an example of a professional standard applicable to fraud is
proposed by the Institute of Internal Auditors (IIA). The IIA standards contain a section
called “What is Fraud?”. According to the IIA standard, fraud is perpetrated by a person
knowing that it could result in some unauthorized benefit to him or her, to the organization,
or to another person, and can be perpetrated by persons outside and inside the organization.
After defining the fraud, it is important to make fraud risk assessment which is essential for

3
analyzing the determinants of fraud cases. The fraud triangle is commonly accepted as the
major process of identifying and assessing fraud risk. In the fraud theory, there needs to be
rationalization, pressure, and opportunity for fraud to take place. The AICPA has referred to
these three elements as the fraud risk factors or conditions of fraud, i.e. fraud triangle. The
three elements of fraud triangle coexist at different levels within an organization and also
influence each personality differently.
Therefore, the fraud risk assessment process must consider the fraud conditions as a whole. It
is a fact that measuring the three elements of the fraud triangle is not easy. The audit process
is expected to identify and understand how the fraud conditions lead to the likelihood of
fraud. In practice, identifying the fraud condition is easier than measuring these elements
(Aksoy, 2012).
In addition, the key factors leading to fraud are personal financial needs, opportunity and
greed (Brock, 2012). Although eradicating fraud is impossible, it is possible to reduce the risk
that occurs (Brock, 2012). Some key deterrence for fraud as noted by Brock (2012) were
assessing the risk to delimit high risk areas (with the awareness that fraud occurs most
frequently in the finance department), conduct audits prior to hiring, especially for key
positions (including police record, credit bureau), review employment contracts
(whistleblowing, code of conduct) and set up a whistleblowing program and reporting
mechanism (telephone line, mailbox or any other anonymous was of exposing an
irregularity).
Similarly a study by Heerden (2011) in Switzerland revealed that weak internal control was
the major factor that contributed to the on-going fraud. In addition, Heerden (2011) reported
that misappropriation of assets is the most common fraud, and has been exposed by
whistleblowing mechanisms. On the other hand, one in seven frauds has been discovered by
chance. This puts a question mark on the effectiveness of controls and management review
utilized in detecting and preventing fraud (Heerden, 2011). Heerden (2011) suggested that
management review and basic internal control mechanism was rated as the most effective
means for detection.

Perception
Perception is how people see or interpret the events, objects, and people. People act on the
basis of their perceptions and ignoring whether this perception reflects the actual fact
(Ikhsan-Ishak 2005). Perception can also be defined as a process which individuals organize
and interpret their sensory impressions in order to give meaning to their environment.
However, what one receives can basically differ from objective reality. The individual
behaviour based on their perception of reality and not the reality itself (Robbins 2008).

In summary of some definitions above, it can be concluded that each individual's perception
of an object or event depends on the framework of a different space and time. The difference
is caused by two factors, internal factor (cognitive) and the external factors (aspects of visual
stimulus). Robins (2008) implicitly saying that an individual's perception of the object is very
likely to have differences with the other individual's perception of the same object. The

4
phenomenon is thought to be caused by several factors: a factor in the situation, in the person
factors, and factors on target.

The Method of Fraud Early Warning Systems

Prevention of fraud involves two fundamental steps: first, the creation and maintenance of
honesty and integrity, the second assessment opportunity of fraud risk and to build a way to
minimize risk and eliminate the opportunity of fraud. Fraud mitigation is more effective when
reducing opportunities through the system, curb justification and inhibit intention (Hernawan
2010).
The accounting profession must take a responsibility to anticipate and detect fraud in
financial reporting preparation. It is necessary for the improvement of auditing standards,
especially financial audit standards that emphasize the possible risks of fraud in the financial
statements (Verdiana and Utama, 2013).
Auditors will enter a much expanded arena of procedures to detect fraud as they implement
SAS no. 99. The new standard aims to have the auditor’s consideration of fraud seamlessly
blended into the audit process and continually updated until the audit’s completion. SAS no.
99 describes a process in which the auditor (1) gathers information needed to identify risks of
material misstatement due to fraud, (2) assesses these risks after taking into account an
evaluation of the entity’s programs and controls and (3) responds to the results. SAS no. 99
reminds auditors they need to overcome some natural tendencies—such as overreliance on
client representations— and biases and approach the audit with a skeptical attitude and
questioning mind. Also essential: The auditor must set aside past relationships and not
assume that all clients are honest. The new standard provides suggestions on how auditors
can learn how to adopt a more critical, skeptical mind-set on their engagements, particularly
during audit planning and the evaluation of audit evidence. SAS 99 defines fraud as a
deliberate act that results in a material misstatement in financial statements. Fraud can be
considered either misstatements that result from fraudulent financial reporting or
misstatements that occur from misappropriation of assets. According to SAS 99 the three
conditions that must be present for fraud to exist include the incentive to commit fraud, the
opportunity to commit fraud and the ability to rationalize the fraud. One method used to
measure the effectiveness of fraud detecting red flags is to use rating scales where auditors
report their impression to red flags (Widiyastuti dan Pamudji 2009).
Red flags is a peculiar condition or different from normal circumstances. In other words, the
red flags are a signal or indication of something unusual and require further investigation
(Sitinjak 2008)
Many studies have examined various methodologies used by auditors to detect fraudulent
financial reporting associated with corporations. Moyes (2007) found no differences between
external and internal auditors regarding the overall perceived level of fraud detecting
effectiveness. However, he found that 17 of the 42 red flags had significant differences
regarding the effectiveness of red flags in detecting fraud. For external auditors, the extent of
use of red flags was a significant predictor of perceived effectiveness. For internal auditors,
perceived fraud detecting effectiveness was a function of total audit experience.
Moser (2012) noted that external auditors who work with internal auditors can create an
effective partnership for detecting fraudulent financial reporting. They surveyed 124 internal
auditors on the importance of fraud warning signs. Each respondent rated the importance of

5
43 warning signs in helping identify possible fraudulent financial reporting. The results show
that internal auditors perceive factors related to attitude or rationalization conditions as the
most important warning sign of possible fraud. Thus, internal auditors tend to emphasize
management characteristics as important fraud detecting factors.
Smith in Moyes, 2007 conducted a study on a selected sample of Malaysian external auditors.
The study basically explores the perception of auditors on the existence and usage of fraud
risk factors when they audit the financial statements of their clients.
Since the concepts of fraud risk factors were newly introduced then, the variables used to
measure financial fraud red flags in this article were also very basic. The study found that
though fraud risk factors were perceived to be important, their usage (to detect fraud) by
these auditors were somewhat limited. There was also no comparison being made to other
similar standards as being practiced by other countries. There was also no reference being
made to the three fraud triangle dimensions on that study.

The main responsibility of the external auditor is give an opinion on the fairness of financial
reporting into their client. In carrying out their responsibilities, the External Auditor
profession often rely on someone else for their client's financial statements. Generally, the
external auditors rely on the client's internal auditor. Dependence on the results of the internal
auditor is in relation to the client cost savings. The external auditors may rely on internal
auditors due because internal auditor have a responsibility to ensure the effectiveness of the
company's internal controls in order to prevent financial fraud action, where this
responsibility is also a function of the External Auditor. Because of these similarities
responsibility, the internal auditor and the external auditor are likely to have a same
perception regarding the methods and techniques of fraudulent financial reporting detection
and prevention.

Hypothesis
Various research about the effectiveness of method and technology in fraud detection
increased our interest in determining the analytical methods and procedures which can be
helpful for the auditor to identify the fraudulent transactions.

6
Research Work

Methodology:

 Data Collection and analysis:

For identifying the fraudulent and suspicious transaction, the cash receipts and
payment data for the month of November and December 2016 of one of the leading
bank branch of Delhi is obtained and analyzed

 Observation and Interviews:

On the basis of observation, the interviews of responsible officials is conducted for
ascertaining the root cause of errors and establishing efficient internal control
mechanism in the branch.

Techniques:
For identifying the suspicious transaction from the receipts and payment data following
techniques are used –

I. Benford’s Theorem
II. Tiger Team Test
III. Application of Inverse Logic
IV. Use of Space Time Dimension

7
 Procedures

 Data collection & Sampling:

For the purpose of making an effective sample and spotting fraudulent accounting data the
Benford Law is used. The brief description of said law is:
“Frank Benford was a physicist at GE Research Laboratories in the1920s. He noted that the
first parts of the log table books were more worn than the back parts. The first pages contain
logs of numbers with low first digits. The first digit is the left-most digit in a number.
Frank Benford collected data from 20 lists of numbers totaling 20,229 observations. He found
that the first digit of 1 occurred 31 percent of the time. Using integral calculus, he calculated
the expected digit frequencies that are now known as “Benford’s Law”. It took Frank
Benford six years to perform his analysis and develop his law of expected digit frequencies.”
On the Basis of the above theory the data pertaining to cash payments made by the bank
during the month of October 2016 is obtained and procedures are applied on the data to spot
the variances. On the basis of said variances, the samples are prepared and audit procedures
are applied to verify the genuineness of transaction falling in category which has reflected
higher level of variance.
The result of the said process are as follows:
Digit Actual Actual Benford Tolerance Variance
% % Z factor Test %

1 632 32.05 30.10 3.31 1.95

2 376 19.07 17.60 0.69 1.47
3 248 12.58 12.50 0.61 0.08
4 145 7.35 9.70 0.11 (2.35)
5 305 15.47 7.90 1.04 7.57
6 78 3.96 6.70 0.40 (2.74)
7 61 3.09 5.80 2.75 (2.71)
8 66 3.35 5.10 3.16 (1.75)
9 61 3.09 4.60 1.60 (1.51)
Total 1,972

On the Basis of the above a sample is prepared from the group of transaction beginning with
digit 2, 4, 5 & 6. (Rows Marked Red in above table)
 Observation
In order to ascertain the deficiencies in internal control system, observation technique is
adopted and in case of critical and suspected areas Tiger Team Tests (TTT) are also
conducted.
For understanding,” Tiger Team Test are walk through trials and test of internal control and
procedures. They are practical test of implementation of prescribed rules and guidelines.

8
They differ from walk through test because they include using intentional attacks and assaults
on existing controls to ensure that they are indeed functioning well. They include deliberate
acts of ‘ethical’ stealing, financial manipulation, bribing and attempting other methods of
wrongdoing, with prior management consent, to evaluate the strength of the preventive
control environment and identify any potential vulnerabilities and risks.”
On conducting such Tiger Team Test, following deficiencies are observed:
 Weak reporting mechanism.
 Improper organization structure.
 Improper implementation of Internal Control.
 Lack of monitoring activities.

 Data Analysis
The data collected by adopting above procedure are accumulated and different logics or
techniques are applied on said data to spot the incidences of breach of rules and regulations.
While analyzing the concept of Inverse Logic and Space/Time Dimension is used.
For understanding, the principle of ‘Inverse Logic’ is that if one cannot find out what the
truth is, one tries to find out what is not or cannot be, the truth! Our Vedic scriptures also
provided a similar principle in the Upanishads called the ‘Neti-Neti Vaada’ meaning one can
search for truth by eliminating everything in the material world.
And;
The space-time dimension is an added method of analyzing data which an auditor can use
during the normal course of his audit. Just as he would prepare a checklist for his usual tests
of data of sales, purchases, inventory or any other audit population for quantities, values,
amounts, dates and accounting treatment, if he could extend his audit vision to include test
for space and time as is appropriate in each situation, his audit approach would be
comprehensive and enable him to have a better grasp of Audi tee’s business and financial
information.
The Data is analyzed for following checks:
 The maximum amount of payment made in cash per week per account cannot exceed
Rs 50,000/ in case of current account and Rs 24,000/- in case of saving bank account.
 The maximum amount of cash which can be exchanged per day per person cannot
exceed Rs 4500/-.
 No exchange can take place on the day of bank holiday or after the office working
hours.
 Any amount in excess of above mentioned figures can be paid in the event of
emergency after being duly authorized by responsible official.
 No such authorization can be made on day when such official was on leave.

Results of Analysis:
After analyzing the above data using various excel functions like Pivot, V-lookup, LEN,
DATE360, LEFT etc. following observation is made:

9
  Cases are identified in which the payment is made in excess of above limits.
However on inquiring in respect of the same it is found that all such transactions
are made only and after due approval of the responsible official.
 NO such case is identified where approval is made on day when the said official
is on leave.
 Similarly no cases is identified, where exchange of notes is allowed on bank
holidays or after office working hours.

The above analysis might not have resulted some significant observations but assisted in
performing the audit procedures and getting reasonable assurance about the genuineness of
the internal controls and financial transactions.

Conclusion:

Quick fraud detection is essential to minimizing losses. The faster a bank detects fraud, the
faster it can restrict account activity. Jose Diaz, director of payment strategy at Thales e-
Security, explained in a recent interview with IBM that this strategy can minimize losses for
both the financial institution and its customers.
Fast fraud detection and remediation is important for maintaining customer relationships as
well. Customers are extremely sensitive about the security of their financial information.
Today, people expect more from their banks, including faster fraud detection and seamless
resolutions. Banks that want to meet these customer demands and position themselves ahead
of competitors should embrace the benefits that banking analytics can provide in the fight
against fraudsters.
As already explained through research work, use of conventional of unconventional methods
can be very useful while auditing and for detection of fraudulent activities in the bank. To
support the said fact it the support of below mention phrase can be taken
“As very strongly emphasized by Bhasin (2015), “In the 21st century, the forensic
accountants are in great demand and forensic accounting is listed among the top-20 careers of
the future.” Recent accounting scandals and the resultant outcry for transparency and honesty
in reporting, therefore, have given rise to two disparate yet logical outcomes. First, forensic
accounting skills have become very crucial in untangling the complicated accounting
maneuvers‟ that have obfuscated financial statements. Second, public demand for change and
subsequent regulatory action has transformed corporate governance (CG) scenario (Bhasin,
2016). Therefore, many senior-level company officers and directors are under the ethical and
legal scrutiny. In fact, both these trends have the common goal of addressing the investors‟

10
concerns about the transparent financial reporting system. The failure of the corporate
communication structure has also made the financial community realize that there is a great
need for skilled professionals that can identify, expose, and prevent structural weaknesses in
three key areas: poor CG, flawed internal controls, and fraudulent financial statements
(Bhasin, 2012). Therefore, forensic accounting skills are becoming increasingly relied upon
within a corporate reporting system that emphasizes its accountability and responsibility to
stakeholders.”

Thus efforts should be made to initiate the involvement of unconventional methods of audit
while auditing the banking transaction.

References
1. Bhasin, M. L. (2012). Audit Committee Scenario and Trends in a Developing Country,
School of Doctoral Studies European Union Journal, 4, 53-70.
2. Bhasin, M. L. (2013). Corporate Governance and Forensic Accountant: An Exploratory
Study, Journal of Accounting, Business and Management, October, 20(2), 55-75.
3. Bhasin, M. L. (2015). Menace of Frauds in the Indian Banking Industry: An Empirical
Study, Australian Journal of Business and Management Research, 4(2), April, 21-33.
4. Bhasin, M. L. (2016). Contribution of Forensic Accounting to Corporate Governance:
An Exploratory Study of an Asian Country, International Business Management, 10(4),
479-492. (Forthcoming)
5. Bhasin, M.L. (2011), Combating Cheque Fraud in Banks: The Role of Internal Auditor
and Technology, Siddhant, Dec. 6, available at www.indianjournals.com.
6. Bhasin, M.L. (2013a). An Empirical Investigation of the Relevant Skills of Forensic
Accountants: Experience of a Developing Economy, European Journal of Accounting,
Auditing and Finance Research, 1(2), June, 11-52.
7. Ernest & Young (2010). Proactive Fraud Monitoring For Banks in India. Available at
www.ey.com/india.
8. Ernest & Young (2012). India Fraud Indicator 2012, a study by E&Y‟s Fraud
Investigation and Dispute Services. Available at www.ey.com/india.
9. KPMG (2012), India Fraud Survey, available at www.kpmg.
10. RBI (2015), RBI issues Framework for Banks to Deal with Frauds, May 8, available at
http://www.livemint.com.
11. RBI (2015), RBI to Soon Issue Norms for Central Fraud Registry: Deputy Governor,
Press Trust of India, March 29, 2015.
12. The Institute of Internal Auditor .(2001). Identification of Fraud. Artikel. Practice
Advisory.
13. South East Asia Journal of Contemporary Business, Economics and Law, Vol. 9, Issue 1
(Apr.) ISSN 2289-1560, Available at Researchgate.net
14. Research Paper on “AN EMPIRICAL STUDY OF FRAUDS IN THE BANKS”
available on Researchgate.net
15. Research Paper on “ The critical role of Internal Auditing in addressing bank fraud: A
conceptual framework” available on Researchgate.net
16. Report of the Working Group on Electronic Banking published on official site of RBI.

11