PROJET DE FIN D’ETUDES

POUR L’OBTENTION DU DIPLOME DE

L’ECOLE NATIONALE DE COMMERCE ET DE
GESTION AGADIR

Detection of fraudulent
Filière : Gestion financial
financière statements using
et comptable
Benford’s Law: Revenue Understatement

La détection des états financiers frauduleux à l’aide

de la loi de Benford : Chiffre d’affaires Sous-estimé

Organisme d’accueil : RSM MOROCCO

Période de stage : du 01/03/2022 au 31/05/2022

Réalisé par : Encadré par :

ZAHIR Hanane Dr. OUBDI Lahsen
Professeur chercheur à l’ENCG Agadir

Membres de jury : Tuteur du stage :

Dr. BARAKAT Wafae M. BERKANE Abdelhamid :
Professeur chercheur à l’ENCG Agadir Senior Manager à RSM MOROCCO
Dr. SAOSANY Amina
Professeur chercheur à l’ENCG Agadir

Année universitaire : 2021/2022

 Words of dedication
To the loving memory of my mother Aicha Ennassiri, my guiding

light, my shining star, forever.

I dedicate this work to my dear parents, my family whose love and

support have illuminated my path in life, for all the sacrifices they have

made for my education, upbringing, and well-being. No dedication can,

however, express my gratitude, love, and deep respect.

To my professors; may this work be the proof of my high consideration

for your support and advice.

To all my friends for all the good times we had together.

I dedicate this modest work to you...

I
 ACKNOWLDGEMENTS
“Gratitude is the memory of the heart” ~ Jean Baptiste Massieu
First of all, I would like to thank the Almighty, generous and merciful ALLAH, who has given
me the strength and the opportunity to study, and we pray to him to guide us to success in our
lives.

I want to express my gratitude and my appreciation for giving me the opportunity to serve as
an accounting consultant intern at RSM MOROCCO. I have gained valuable insight into the
audit and accounting industry over the past three months.

I would like to thank all the academic staff of ENCG in particular Dr. OUBDI Lahsen, my
supervisor, for his patient guidance, enthusiastic encouragement and useful critiques of this
work.

I would like to thank and express my gratitude to the following people for the enriching and
interesting experience they made me live during these months within RSM, the manager Mr.
BERKANE Abdelhamid, my internship supervisor, for having accepted my request as well as
for having guided me throughout my internship period, Mr. EL GHAZOUI Brahim, our team
leader and Mrs. ELARMAOUI, an accounting consultant and a colleague, for having given
me everything I needed to carry out my work. I also would like to thank them for their
availability, their modesty, as well as for the knowledge and experience they shared with me.

I would also like to thank Dr. BARAKAT WAFAE and Dr. SAOSANY Amine research professors at
ENCG Agadir, who have kindly done me the honor of accepting to judge this work.

I would also like to extend my thanks to the all the members of RSM team as well as any
person who contributed to the success of my internship period.

II
 ABSTRACT

NUMBERS DO THEY THE TRUTH?

The ability to detect fraudulently reported financial data is a critical requirement of

governments for tax purposes, corporations for internal audits and investors for investment
purposes. Benford's Law is a numerical phenomenon in which sets of data that are used to
count or measure some event follow a certain distribution.

This work proposes to present the antifraud profession, and how could this law provide the
fraud auditors with an effective tool to detect anomalies and duplications in the accounting data
sets following a statistical detection method developed by Nigrini.

Key words: Benford’s law, fraud, auditing, statistics, risk

RESUME
La capacité de détecter des données financières frauduleuses est une exigence essentielle des
gouvernements à des fins fiscales, des entreprises à des fins d'audit interne et des investisseurs
à des fins de placement. La loi de Benford est un phénomène statistique dans laquelle des
ensembles de données qui sont utilisés pour compter ou mesurer un événement suivent une
certaine distribution.

Ce travail propose de présenter la profession antifraude, et comment cette loi pourrait fournir
aux auditeurs un outil efficace pour détecter les anomalies et les duplications dans un ensemble
des données comptables en suivant une méthode de détection statistique développée par Nigrini.

Mots clés : Loi de Benford, fraude, audit, statistiques, risque

III
 SUMMARY

GENERAL INTRODUCTION
PART 1:

CHAPTER 1: BACKGROUND OF FRAUD AUDITING AND FORENESIC ACCOUNTING

I. BRIEF HISTORY OF FRAUD AND THE ANTIFRAUD PROFESSION
I. THE THEORY OF FRAUD
II. FRAUD AUDITS VERSUS INTERNAL AND EXTERNAL AUDITS
III. FRAUD SCHEMES AND RED FLAGS
IV. FRAUD RISK ASSESSEMENT
CHAPTER 2 : BENFORD’S LAW APPLICATION FOR FRAUD DETECION
I. INTRODUCTION TO BENFORD’S LAW: MATHEMATICAL FOUNDATIONS
II. THE EFFECTIVE USE OF BENFORD’S LAW TO DETECT FRAUD
III. BENFORD’S LAW TESTS: APPLICATION FOR ACCOUNTING AND FINANCIAL DATA
PART 2:

CHAPTER 1: PRESENTATION OF RSM MOROCCO FIRM

I. COMPANY DATA SHEET
II. ORGANIZATIONAL CHART OF RSM MOROCCO
III. RSM SERVICES
CHAPTER 2: FRAUD AUDITING, A DATA ANALYTICS APPROACH
I. DATA ANALYSIS CYCLE
II. EVALUATION AND ANALYSIS
III. SOFTWARE AND TECHNOLOGY
CONCLUSION

IV
 INDEX OF FIGURES
Figure 1: Fraud triangle by Doland R. Cressey................................................................................ 11
Figure 2:The-ACFE-Fraud-Tree-Report-to-the-Nation-1996-Institute-of-Certified-Fraud........ 18
Figure 3:RSM LOGO ......................................................................................................................... 41
Figure 4:Organizational Chart of RSM MOROCCO...................................................................... 42
Figure 5:The Data Analysis Cycle...................................................................................................... 48
Figure 6: DATA SHEET OF ALPHA COMPANY ......................................................................... 49
Figure 7:2021 Global Retail Development Index.............................................................................. 50
Figure 8:How does fraud affect organizations in different industries, 2020 RTTN ...................... 52
Figure 9:The most common fraud schemes in the retail industry, 2020 RTTN ............................ 53
Figure 10:Selling process flowchart, made by ourselves.................................................................. 54
Figure 11:The most common fraud schemes in sales department, 2020 RTTN ............................ 56
Figure 12:Extract of the general ledger of Alpha Company in Excel ............................................. 61
Figure 13:Combine Debit & Credit Columns in Excel .................................................................... 62
Figure 14: Data profile of Alpha Company' income accounts ........................................................ 62
Figure 15: Data histogram of annual revenue of Alpha Company, Excel Chart .......................... 63
Figure 16: Calculations of the leading digits in Excel ...................................................................... 65
Figure 17: Calculation of the first and the second digit statistics .................................................. 66
Figure 18: First digits of the Income account data ........................................................................... 67
Figure 19: 95% of the area under the normal distribution lies within 1.96 standard deviations
away from the mean. ........................................................................................................................... 68
Figure 20: The Cut-off scores of the MAD, Drake and Nigrini (2000) ........................................... 69
Figure 21:Second digits of the Income account data ........................................................................ 69
Figure 22: First-Two Digits of Alpha Company Revenue Data ...................................................... 70
Figure 23:First-Two Digits Frequencies in the tabulated data in Excel ......................................... 71
Figure 24: MAD Test of First-Two digits .......................................................................................... 71
Figure 25: The Chi-Square Test of Income Corporate Revenue data ............................................ 72
Figure 26: The calculation of the first-two digits of the differences ............................................... 74
Figure 27: The second-order test of the revenue data ...................................................................... 74
Figure 28:The second-order test of the adjusted revenue data ....................................................... 75
Figure 29: Excel Calculations for the Summation Test ................................................................... 76
Figure 30: The summation test of Alpha company revenue data ................................................... 76
Figure 31: Number Duplication for the Corporate Income Data in Excel pivot table .................. 77
Figure 32: Alpha Company Income report in Excel pivot table ..................................................... 78
Figure 33: Same Product sold with different percentage rates, Alpha company's invoices ......... 79
Figure 34: The last-two digits results in Excel .................................................................................. 80
Figure 35: The last-two digits graph.................................................................................................. 81

V
 LIST OF TABLES

Table 1:Financial Audit Versus Fraud Audit ................................................................................... 15

Table 2:ACFE Fraud Tree: Unique Characteristics of Each Category ......................................... 19
Table 3:Financial Statement Fraud Schemes ................................................................................... 22
Table 4:RSM DATA SHEET ............................................................................................................. 41
Table 5:Flowchart symbols meaning ................................................................................................. 54
Table 6:Questionnaire for corporate environement factors ............................................................ 57
Table 7:Questionnaire for internal controls ..................................................................................... 58
Table 8:Potential fraud schemes in Alpha company ........................................................................ 59

VI
 LIST OF ABBREVIATIONS

A.D: Anno Domini --------------------------------------------------------------------------------------------------------------

ACFE: ASSOCIATION OF CERTIFIED FRAUD EXAMINERES ------------------------------------------------------------
BC: Before Christ ---------------------------------------------------------------------------------------------------------------
CPA: Certified Public Accountant ------------------------------------------------------------------------------------------
IFRS: International Financial Reporting Standards---------------------------------------------------------------------
RTTN: REPORT TO THE NATIONS -------------------------------------------------------------------------------------------
VAT: Value Added Tax --------------------------------------------------------------------------------------------------------

VII
 GENERAL INTRODUCTION

Fraud is like cancer. Most of us know someone who has it. We know people who will
eventually have it. It has become common but we can take steps to protect ourselves
through healthy choices and regular checkups using the latest tools and technology.
But if people ignore the problem and live dangerously, then there’s a much greater
chance of becoming a victim.
—Toby Bishop, CEO, Association of Certified Fraud Examiners

The business of occupational and financial statement fraud is unfortunately alive and
doing very well.
There are regular reports of occupational and financial statement fraud in the financial press.
These reports might be just the tip of the iceberg. According to the Association of Certified
Fraud Examiners' 2020 Report to the Nations on Occupational Fraud and Abuse estimates
the average organization loses 5% of its yearly revenue to fraud. Other fraud surveys, such as
Price Waterhouse Coopers' Global Economic Crime Survey (2020), back up these findings.
Morocco is no exception, although it is difficult to obtain precise figures. The North African
and Middle Eastern area reported 127 cases in the ACFE study with a median loss of $100.000.
Organizations generate and keep more information in their systems in their electronic format
than ever before. Despite the fact that more analysis is performed with the available data, fraud
persists. With such massive amounts of data, fraudulent scheme transactions are buried and
difficult to identify using typical methods. With the use of data analytics in particular forensic
analytics, it is possible to detect symptoms of probable fraud and anomalies in the data.
Forensic analytics describes the act of collecting and analyzing electronic data using formulas
and statistical techniques to reconstruct, detect, or otherwise support an allegation of financial
fraud.
One of these statistical techniques is Benford’s law that deals with the world of digits
frequencies. This world fascinates me, when we read about it the first time, we were in a
disbelief, how could a random distribution of numbers follow a pattern that turn to fit into a

1
rigorous statistical formula. This law turns to be an effective tool in detecting anomalies,
duplications and suspicious records in a financial or an accounting data set.
So, how does actually a numerical phenomenon help antifraud professionals and
corporations in detecting fraud?
Therefore, we chose as a theme “Detection of fraudulent financial statements using
Benford’s Law: Revenue Understatement”, this theme combines between two fields: The
antifraud profession and the data analytics/statistics. Both are more crucial than ever.
During periods of economic instability as the one we see since the start of covid-19 pandemic,
fraud flourishes and will proliferate more.
When times are good, people steal. When times are bad, people steal more! - Tommie W.
SINGLETON
Data analytics on the other hand, can handle a vast amount of data at once. This will
undoubtedly assist the auditor or the fraud examiner in determining which areas are most
vulnerable to fraud and how to deal with it effectively.
This work tries to answer the followings questions:
➢ What is the theory of fraud? And how can be put into auditing practice?
➢ What is Benford’s Law? And how can we exploit this mathematical law to detect
data accounting anomalies?

This problem statement requires a deep reading to learn and understand the components of the
fraud theory and the mathematical fundamentals of Benford’s law. This is addressed in the
literature review in order to identify the body of knowledge of the antifraud profession
background and its proactive methods of auditing, including the forensic analytics.

This part cover 2 chapters, the first chapter provides the basic of fraud, starting with the history
of fraud to defining the fraud theory, fraud schemes and red flags to look for in a fraud risk
assessment. The second chapter presents the law of Benford’s, the mathematical logic behind
it and explains how to use it as tool to test and detect anomalies in the financial data.

Our research methodology follows a proactive approach of auditing: The Data Analytics
approach or the data analysis cycle. This approach is a three-stage cycle that begins with the
analysis and evaluation of fraud risk using the knowledge of the fraud theory and risk
assessment, and use the results to target those areas using software and technology while
applying forensic analytics, in our case Benford’s law. With the results given, an investigation
would be in place to conform if either the results are actually fraudulent data or false positives.

2
PART 1:

3
 CHAPTER 1: BACKGROUND OF FRAUD
AUDITING AND FORENESIC ACCOUNTING

According to the ACFE's RTTNs , roughly 60% of all reported frauds were detected
1

as a result of a tip or an accident, highlighting the need for a more efficient and proactive audit
approach.

The auditing profession has always dealt with the issue of fraud in two ways:

1. Use a passive approach of testing internal controls to search for fraud. This approach relies
on auditors spotting fraud red flags. Although few audit programs include explicit red flags for
audit observation, it is assumed that auditors with professional experience will be able to spot
the red flags.

2. Respond to allegations of fraud received via a tip or other audit source.

To detect and deter fraud, the auditing profession has traditionally relied on examining the
adequacy and efficiency of internal controls. Auditors would start by documenting the internal
control system. If the internal controls were found to be adequate, the auditors would examine
them to ensure they were functioning as intended by management. Internal controls are
evaluated using a random and unbiased sample of transactions from the business system.
Traditionally, auditing standards dictated that auditors should be on the lookout for fraud red
flags while conducting an audit. According to numerous studies, a lack of professional
skepticism is a major cause of audit failure in discovering fraud.

In some ways, investigating fraud appears to be a daunting task.

However, simple forms of fraud should be straightforward to detect. After all, the key to
detecting fraud is to look for it where it already exists. The use of fraud auditing to detect fraud
in core business systems is the subject of this chapter. Fraud auditing is a proactive audit method
for detecting and preventing fraud. In essence, the fraud audit approach requires auditors to
respond to the following questions:

• Who and how do people commit fraud?

• What kind of fraud scheme are we searching for?

1 . ACFE's RTTNs: ASSOCIATION OF CERTIFIED FRAUD EXAMINERS REPORT TO THE NATIONS

4
 • What's the link between internal controls and the risk of fraud?
• How is fraud concealed?
• How can we apply the fraud theory to our auditing approach?

I. BRIEF HISTORY OF FRAUD AND THE ANTIFRAUD

PROFESSION 2
Forensic accounting is considered by some to be one of the oldest professions, back to the
Egyptians. The King's 'Eyes and Ears' is basically a person who acts as the pharaoh's forensic
bookkeeper and oversee the inventory of food, gold and other assets. This person must be
trustworthy, responsible and able to handle positions of influence.

The fight against fraud is an endless battle, but it is not one faced only by our generation.
For as long as currency has existed, so has fraud.

In history of fraud, humanity encountered many instances of fraud, the most significant ones
are:

300 B.C – The

earliest 1821 – The
recorded imaginary
attempt prince 1920 – Ponzi

193 A.D – The 1911 – Louvre

year of the five at first sight
emperors

The history of fraud begins in the year 300 BCad. When a Greek sea merchant, took out an
insurance contract against his boat and its cargo, the contract was referred to then as a bottomry.
The shipper acquires cash on the premise then when the boat shows up at its objective and the
freight is delivered, the credit is repaid with paid with interest. On the off chance that the loan
isn't reimbursed, the boat and its freight, are repossessed. However, in what is potentially the
earliest recorded endeavor of first party fraud, the Greek sea merchant wanted to sink his vacant
boat, destroy the goods and keep the credit.

2.Some of the information in this section comes from many websites such Dr. Robert E. Jensen’s web site at Trinity
University, www.trinity.edu/rjensen/415wp/AmericanHistoryOfFraud.html and the English blog
https://www.experian.co.uk/blogs/latest-thinking/fraud-prevention/5-of-the-most-remarkable-instances-in-the-
history-of-fraud/
5
 While in 193 A.D in the Roman Empire. The Praetorian Guard – a special group of
soldiers supposedly faithful l to the emperor Pertinax – assassinated Pertinax and held an
auction to sell the Roman Empire to the highest bidder. The man who won the auction was
Julianus, with an enormous bid of 250 pieces of gold for every soldier in the army, the
equivalent of around £1billion today. The guards had sold something that wasn’t theirs,
effectively amounting to financial fraud. Julianus was never recognized as emperor and was
immediately dismissed, leading to a period of civil war in the empire and a period of time known
as the year of the five emperors.

In 1821, there was a Scottish General in the military Mr. Gregor McGregor, who claimed
that he conquered a little island and became its Prince. The land being referred to was called
Poyais and it was completely made-up. He promised to build luxurious homes for his investors
on the promise of a life in paradise, investors rushed to him, with many purchasing houses that
didn't exist and some even trading their Sterling for his own made-up currency.

In 1911, a con man named Argentinian Eduardo de Valfierno paid an anonymous Louvre
worker to steal the world's most well-known painting, Leonardo Da Vinci's Mona Lisa.
Eduardo had no need for the real painting and never wanted it. He simply wanted people to
realize it was missing to have the option to sell his fakes to underground collectors, and it
worked.

There have been numerous Ponzi schemes3 over the years and the original one happened in
1920. American Charles Ponzi discovered he could arbitrage discounted postal reply coupons
buying them from other countries, and shipping them to the USA, using foreign exchange rates
as leverage to make a humble 5% profit. He somewhat over exaggerated his margin when
selling to investors, promising a 50% profit return in 90 days Ponzi paid the first returns with
the cash proceeds from those coming in later, then he personally took the proceeds from later
entrants to the scheme.

The birth of business corporations opens new doors for fraud. The earliest ones were formed
in 17th century Europe. Countries founded new corporations and gave them public duties in
exchange for a legal right to exist, separation of ownership from management, and limited
liability that protected shareholders from losses of the business entity. One such corporation,

3 . Ponzi Scheme is a fraudulent investing scam promising high rates of return with little risk to investors, which generates
return for early investors with money taken from later investors.

6
the Massachusetts Bay Company, was founded by Charles I4 in 1628 and had a mission of
colonizing the New World.

The first major corporate fraud is probably the fraud known as the South Sea Bubble.
The South Sea Company was formed in 1711 with exclusive trading rights to the Spanish
colonies of the Americas. The government struggled to pay holders of its debt on time. So, debt
holders were encouraged to hand their debt instruments to the South Sea Company in return for
shares. The company would collect an gather the interest from the government, instead of the
state paying out interest to a large amount of debt-holders. The company would then pass on
the interest payment in the form of dividends.

In 1720 there was an incredible boom in South Sea stock, as a result of the company’s
proposal, accepted by Parliament, to take on the entire remaining national debt in Britain, over
£30 million., using its own stock at 5 percent in exchange for government bonds lasting until
1727. Its stock rose from £128 to £550 in just 5 months, in a frenzy of speculation.

The company drove the price of the stock up through the hype largely taking the form of new
subscriptions combined with the circulation of pro-trade-with-Spain stories designed to give
the impression that the stock could only go higher.

However, in September 1720, the bubble finally burst as the stock price began to decline losing
around 85% of its value in just one month. Individuals and companies went bankrupt and an
outraged nation demanded the parliament act. This led to the first hiring in the history of
accounting of an external auditor who was brought in to audit the books of the South Sea
Company, and marks the beginning of Chartered Accountants in England and thus the
beginning of Certified Public Accountants (CPAs) and financial audits as we know them today.
Thus, CPAs owe their profession, at least to a large extent, to a fraud.

Many scandals hit hard in the early 21st century, as high dollar frauds reached all type of
industries. For instance, Waste Management in trash services, Sunbeam in manufacturing,
Enron in energy, WorldCom in telecommunications, and HealthSouth in health services all
occurred during this time. Many of these frauds were among the largest ever, and they took
place during a short period of time.

4 . Charles I was the king of England, Scotland and Ireland 1625 until his execution in 1649

7
The most infamous fraud is Enron. In 2001, Enron filed bankruptcy after reporting major
discrepancies in revenues and liabilities in its financial reports. The audit firm Arthur
Andersen came to an end as a result of the ramifications of the Enron scandal.

The Enron bankruptcy in December 2001 set off a series of events that resulted in the Sarbanes-
Oxley Act5 and perhaps has brought more than more attention to fraud audits and forensic
accounting than the Enron scandal and SOX.

Which lead us to wonder are all of these scandals are merely historical coincidences? Did media
attention create them? Probably, media attention may have created the original public
awareness, but the frauds and corruption were there all the time, and there exists no real way of
measuring or comparing them.

The fraud environment can be and often is seen as a pendulum swinging from one extreme to
the other with little time in between at the proper balancing point.

This cycle (pendulum swing) is a natural result of human nature, business cycles, and the nature
of legislation and regulation. The cycle can certainly be influenced and controlled to some
extent, but it will probably never cease.6

What can we learn about fraud by studying its history? Well, a certain proportion of the
population will always be drawn to white-collar criminality7 and fraud, just as a segment of
humanity is lured to criminal activity in general.

There will always be fraudsters willing to take the risk in order to get their hands on the ill-
gotten profits of fraud.

To better understand the importance of fraud auditing, we should define what is considered in
the first-place fraud, and what are the principles of the theory of fraud, that we will apply in our
auditing approach.

5 . The Sarbanes-Oxley Act is a law the U.S. Congress passed on 2002 to help protect investors from fraudulent financial
reporting by corporations
6 . Tommie W. Singleton, Aaron J. Singleton(2010), Fraud Auditing and Forensic Accounting, Edition: Wiley Corprate

F&A
7 . White-Collar Crime is a financially motivated, nonviolent or no directly violent crime committed by individuals,

businesses, and government officials. 8

 I. THE THEORY OF FRAUD

1. Definition of fraud

In general terms, fraud is an intentional deception, whether by omission or commission,

that causes the victim to suffer economic loss and the perpetrator to realize a gain.

However, having a precise definition of fraud to incorporate into the fraud risk assessment is
essential to the process of searching for fraud.

An auditor's success in avoiding, detecting, deterring, and prosecuting fraud depends on a

complete understanding of the fraud theory throughout the process.

Fraud is a word that has many definitions. Some of the more notable ones are:

• The legal definition:

Fraud is a knowing misrepresentation of the truth or concealment of a material fact to

induce another to act to their detriment8. In other words, if a person lies in order to deprive
another individual or organization of their money or assets, they are committing fraud.

The legal definition requires auditors to understand the legal implications of the terms in the
definition. The term “misrepresentation” includes concealment, nondisclosure, or false
representation. The misrepresentation must relate to a material fact rather than a simple
opinion. However, opinions made by an individual purportedly with superior knowledge could
become a misrepresentation. Concealment, referred to as suppression of facts, is also a critical
aspect of the misrepresentation. The courts have accepted these theories of concealment:9

• Intentional concealment of known defects.

• Active prevention of the discovery of the defects
• Uttering lies, with the intent to deceive.

In practice, most audit firms cannot apply the legal definition of fraud because simply the
definition is written for both civil and criminal prosecutions.

8 . ACFE’S Definition: Fraud 101: What is fraud? (Black’s Law Dictionary)

9 . Leonard W. Vona, Fraud Risk Assessment Building a Fraud Audit Program

9
Intent is one of the elements of the legal definition that is usually the most difficult aspect to
prove in a court case. Because intent is formed in one's mind, proof is partly circumstantial. To
prove intent, one must first establish a sufficient pattern of fraudulent transactions or acts.

For example, if a victim corporation discovers a single abuse of the corporate credit card and
files a criminal case, the defendant can easily defend the accusations with the “oops” theory10,by
claiming, "sorry, I made a mistake—I meant to use my personal credit card and didn't realize I
used the corporate one by mistake."

Similarly, businesses must define fraud, include it in their ethics or fraud policy, and have
employees sign a document acknowledging their awareness and agreement to follow it. Certain
types of frauds would be difficult to prove to a jury of peers without a written policy statement
on the definition), leading to arguments about whether those actions are fraud. As a result, it is
in the entity's best interests to establish a fraud definition.

• The accounting definition:

The Institute of Internal Auditors Standard 1210.A2 provides a definition of fraud, the
section “What is fraud?” states: Fraud encompasses a range of irregularities and illegal acts
characterized by intentional deception or misrepresentation, which an individual knows to
be false or does not believe to be true.11

Certain actions may be referred to in this definition as "fraud," which can be legally defined
and/or referred to as "corruption." Fraud is committed by someone who intends to gain an
unauthorized profit for themselves, for the organization, or for another individual, and it can be
committed by people both inside and outside the organization.

2. The triangle of fraud :

We have to consider the fraud triangle to better understand why people commit fraud.
Donald Cressy, a sociologist and criminologist, established a model to study the behavior of
white-collar criminals.

10 . The name of this tactic is attributed to forensic accountant Ralph Summerford of Forensic Strategic Solutions in
Birmingham, AL.
11 . The Institute of Internal Auditors Standard 1210.A2.PA1210. A.2 - 2

10
Figure 1: Fraud triangle by Doland R. Cressey

The Fraud Triangle is based on the idea that three elements are required for an ordinary person
to perpetrate fraud. There must be a perceived pressure, a perceived opportunity, and
rationalization.

Cressey’s hypothesis was: "Trusted persons become trust violators when they conceive of
themselves as having a financial problem which is non-sharable, are aware this problem can
be secretly resolved by violation of the position of financial trust, and are able to apply to their
own conduct in that situation verbalizations which enable them to adjust their conceptions of
themselves as trusted persons with their conceptions of themselves as users of the entrusted
funds or property."12

The triangle's first leg represents pressure (incentive, or motivation). The pressure doesn’t
need actually to exist. But it’s real and significant to the fraudster, that’s why it’s called a
“perceived” pressure.

The fraudster must believe that the pressure is non-sharable and that they must deal with it
alone. The individual frequently believes that the issue is beyond legal resolution. If the problem
persists, financial collapse catastrophe will be the end result. The current problem is frequently
linked to a personal or external issue, such as excessive debt or job loss.

12 . Doland R. Cressey, Other People’s Money: A Study in the Social Psychology of Embezzlement

11
Many issues stem from vices like drug or alcohol addiction, gambling, extramarital affairs, or
living beyond ones means. Forensic auditors face a difficult task in dealing with perceived
pressures. Because they have limited contact with persons, so they have no baseline for the
symptoms of the fraudster's problem.

The second leg of the fraud triangle represents opportunity. Before committing fraud, an
individual must believe that there is a way to take advantage of the system without getting
caught. Allowing for covert pressure relief. Poor or insufficient internal controls within an
organization's financial system are the primary source of opportunity.

According to Cressey’s research (i.e., the Fraud Triangle), fraudsters always have the
knowledge and opportunity to commit the fraud.

The research is proved by known frauds and research studies like as the ACFE's RTTNs, which
show that when employees and managers commit fraud, they tend to have a long tenure with
the organization.

A simple explanation is that long-serving employees and supervisors are well aware of the flaws
in internal controls and have acquired adequate expertise about how to successfully perpetrate
the fraud.

Another challenging issue to handle is management's ability to bypass internal controls.

Controls can be overridden or ignored by management with complete authority within the
system. This is a problematic issue since employees who notice anything wrong may not have
a way to report it other than to their boss. And we know that if the manager is the issue, there
will be no reporting.

Rationalization is the final leg of the fraud triangle. People are generally trustworthy, yet fraud
entails theft.

As most fraudsters do not have a criminal record. In the ACFE Report to the Nation (RTTN)
200813,93% of the reported fraudsters had no history of crime.

In the mind of a fraudster, rationalization helps justify the crime in a way that makes it
acceptable. One of the most prevalent defenses is that I earned it or that they owe it to me.

This justification is frequently used by employees who believe they are being underpaid or
otherwise financially exploited. They treat me badly is a non-financial variant of the “I deserve

13 . Association of Certified Fraud Examiners (ACFE), Report to the Nation (RTTN),2008.

12
it defense”. Another justification is that I'm borrowing the money; after all, borrowing is much
easier to defend than stealing.

When an ordinary person or an accidental fraudster commits fraud, all three legs of the triangle
must be present, according to the fraud triangle's basic hypothesis. A perceived problem that
cannot be shared must exist.

Furthermore, the fraudster must believe that there is an opportunity that can be used to address
the problem. Finally, the individual will rationalize the fraud to aid in the denial of the action's
illegality.

Understanding the fraud triangle can help us in determining who is perpetrating the fraud as
well as detecting it.

To try to understand the fraudsters, the fraud auditors shouldn’t inflict their values system on
what others might do, usually fraud in related financial crime do not make sense. The fraud
auditor should always keep an open mind when examining the facts and circumstances and
evidence of a fraud. Following the evidence, documenting the evidence, and not creating
assumptions. The fraud auditor determines who, what, when, where, and how by using the
evidence.

The typical fraudster is often portrayed as the first-time offender, who is doing something
apparently out of character. The Fraud Triangle suggest that the perpetrator has a non-sharable
problem that is rooted in financial difficulties. And when combining with opportunities and
rationalization, a formerly good citizen succumbs to committing fraud. This person might be
characterized as the accidental fraudster.

However, the fraud triangle does not aim to explain all types of fraudsters. Some people are on
the lookout for ways to defraud others. These are predator fraudsters.

The predator slinks through the organization hunting for holes and vulnerabilities, unlike the
accidental fraudster who needs money and perceives an opportunity to relieve it. Fraud
predators don’t need to justify their behavior. they merely want the money in any manner
possible.

So, the element of pressure in the traditional fraud triangle is no longer relevant because
predators do not commit fraud out of necessity. Similarly, because these people aren't trying to
justify their behavior to themselves, there's no need to come up with extensive justifications or

13
rationalizations. The only thing that remains is opportunity. Predators spend their time and
energy looking for ways to defraud people.

One of the key points to understand the importance of fraud auditing is to have a clear idea
about the difference between financial audits versus fraud audits, as well as internal
audits/controls versus fraud audits.

II. FRAUD AUDITS VERSUS INTERNAL AND EXTERNAL

AUDITS

Terms like fraud auditing, forensic accounting, fraud examination and fraud
investigation are not well defined in the accounting language.

So, when we talk about fraud auditing, we must distinct it from forensic accounting.

Fraud auditing is a specific approach and methodology for detecting fraud, in which the auditor
searches for evidence of fraud. The goal is to prove or deny the existence of a fraud.
Historically, forensic accountants were brought after evidence or suspicion of fraud appeared
as a result of an allegation, complaint, or discovery.

Forensic accountants are skilled, trained, and informed in all aspects of fraud investigation,
including how to conduct good interviews (particularly with suspects), how to prepare effective
reports for clients and courts, and how to deliver expert testimony in court.

So, the forensic accounting is the incorporation of all the terms involved with investigation,
include fraud auditing. Thus, Fraud auditing is a subset of the forensic accounting profession.

While fraud investigation is similar to fraud auditing expect that it involves a lot more non-
financial evidence, such as testimony from interviewees, than a fraud audit. As a result, fraud
investigation includes fraud audit but also includes nonfinancial forensic evidence.

Now, we do understand the similarities and the differences between the anti-fraud professions.

We will have to differentiate fraud auditing from internal and external auditing to have a clear
idea about the profession of fraud auditing and its importance in the life of organizations and
individuals.

14
 1. Fraud Audits Vs Financial Audits

Financial auditing is a wholly different term that needs to be distinguished from forensic
accounting and fraud auditing. Financial auditing typically refers to the process of evaluating
compliance of financial information with regulatory standards, usually for public
companies, by an external, independent entity.
However, the focus of financial audits and financial reporting ultimately is concerned with
providing reasonable assurance that a material misstatement to financial statements has not
occurred, regardless of the reason.14

Table 1:Financial Audit Versus Fraud Audit

FINANACIAL AUDITORS FRAUD AUDITORS

• The process of work of financial • Fraud auditors are not constrained
auditors is designed to detect by materiality15. In the
material misstatements investigation, one does not reject
• Financial auditing aims to allow the evidence as being immaterial;
auditor to express an opinion on indeed, the smallest item can be the
whether a set of transactions is largest clue to the truth
presented fairly according to local • Fraud auditors are accountants or
accounting standards or IFRS. The auditors who are experts at
auditor is primarily concerned with detecting and documenting frauds
qualitative values (thus the concept in books of accounting and
of materiality) and is not concerned financial transactions and events
with whether the financial due to their attitudes, qualities,
statements accurately reflect skills, knowledge, and experience.
management's policies, intents, or
goals.

Many members of the public have questioned why financial auditors do not uncover
more fraud. The general public believes that if a financial auditor were to conduct an audit, he

14. Tommie W. Singleton, Aaron J. Singleton(2010), Fraud Auditing and Forensic Accounting, Edition: Wiley
Corprate F&A
15 . Information is said to be material if omitting it or misstating it could influence decisions that users make on the basis of
an entity's financial statements.
15
or she would be able to uncover a fraud. The truth is that financial auditing techniques are meant
to discover material misstatements, not immaterial frauds. While it is true that financial auditors
could have, and perhaps should have, caught many of the frauds, the great majority of frauds
couldn’t not detect using the standards of financial audits. Financial auditors' reliance on a
sample and auditors' concentration on analyzing the audit trail rather than evaluating the events
and actions behind the papers are among the reasons. While fraud auditors mostly focus on
exceptions, oddities, and financial and accounting abnormalities and patterns of behavior.

Fraud auditing is more a mind-set than a methodology

As fraud auditing is generally learnt by experience, rather than audit textbooks. Learning to
think like a thief is part of becoming a fraud auditor: "Where are the weakest links in this
chain of internal controls?" "How can I get away with stealing from my job?"

2. Fraud Audits Vs Internal Audits

Fighting fraud requires having strong internal control mechanisms in place, as well as an
appropriate response plan. Internal audit has in-depth knowledge of the organization's control
systems. In order to uncover the holes in controls that allow fraud to appear, a combined
assurance strategy is critical. Fraud investigations are best handled by professionals who have
done similar work before. Internal audit's skill set does not include fraud investigation, so
organizations should not expect it. Internal audit should instead support the organization's anti-
fraud activities by providing appropriate assurance services for internal controls meant to detect
and prevent fraud.

To conclude, Fraud auditors should be familiar with the common body of knowledge
regarding fraud. The fraud triangle, fraud research, red flags, fraud schemes, the steps in
a fraud investigation, legal elements of fraud, profiling white-collar criminals, and so on
are among the topics covered.

We will discuss in the next section some of the elements that are critical to detecting fraud.
A fraud auditor or a forensic accountant must be familiar with the types of frauds that are
committed and how each fraud scheme is typically carried out. However, these elements come
together in the research, analysis, and use of red flags to prevent and detect fraud.

16
III. FRAUD SCHEMES AND RED FLAGS

To prevent, detect, or investigate fraud, one must first gain a thorough understanding of
fraud schemes. The Association of Certified Fraud Examiners' (ACFE) classification is the best
for analyzing fraud schemes.

As the ACFE taxonomy has remained consistent over time. The ACFE fraud tree classifies 49
different types of fraud schemes. That figure has remained constant throughout time. Fraudsters
may find new or different ways to commit fraud, but it is usually one of the old-fashioned fraud
schemes (e.g., the Internet and other technology offer up new means to perpetrate some of the
existing frauds rather than generating new schemes).

1. Fraud schemes

A. The Fraud Tree

The ACFE model for categorizing known frauds is referred to as the fraud tree. It divides
individual fraud schemes into categories, subcategories, and micro-categories using a
classification model.: (1) Corruption fraud, (2) Asset Misappropriation Fraud, and (3)
Financial Statement Fraud are the three main (top-level) categories.

17
Figure 2:The-ACFE-Fraud-Tree-Report-to-the-Nation-1996-Institute-of-Certified-Fraud

Each of the three main branches of the fraud tree has characteristics that are distinct and unique
from the other two when examined. Understanding these distinct characteristics of fraud
scheme categories provides insight into how to use the fraud tree in antifraud activities.

These distinct traits and descriptors aid in customizing and tailoring fraud audits.

18
Table 2:ACFE Fraud Tree: Unique Characteristics of Each Category16

ASSET FRAUDULENT
DESCRIPTORS CORRUPTION MISAPPROPRIATION STATEMENTS
Profile of the Two parties Employees Executive
management
Fraudster
Size of the fraud Medium Smallest Largest

Frequency of the Medium: 30% Most often: 92.7% Least often: 7.9%
fraud
Motivation Challenge, Personal pressures Stock prices,
business bonuses

Benefactors Fraudster Fraudster Company and

(Against company) fraudster

Size of the victim Depends Small Large

corporation
• Fraudster: Executive management, usually the chief executive officer (CEO), chief
financial officer (CFO), or another C-level manager, is the fraudster in financial
statement fraud schemes. Asset misappropriation, on the other hand, is frequently
committed by an employee, albeit one in a critical position and regarded as trustworthy.
The fraudster in a corruption scheme could be anyone, but there are always two parties
engaged, even if one is an unwilling participant (e.g., extortion).

• Size of the fraud: Financial statement frauds are the fraud category with the largest
average loss. Depending on the survey and year, the average financial statement fraud
is between $1 million and $257.9 million according to 2020 RTTN statistics. By
comparison, the average fraud in the asset misappropriation category of the 2020 RTTN
was only $100,000. The average corruption fraud was $200,000.
• Frequency of fraud: Asset misappropriation is the category with the highest number
of fraud cases. This category accounts for over 92% of all frauds. By comparison,

16
.Tommie W. Singleton, Aaron J. Singleton(2010), Fraud Auditing and Forensic Accounting, Edition: Wiley Corprate
F&A

19
 financial statement frauds accounted for only 7.9% of all frauds. 30.1% of frauds were
due to corruption.
• Motivation: Egocentric motives are commonly the origin of committing a financial
statement fraud. As well as stock prices, whether directly or indirectly, tend to motivate
the fraudsters. The South Sea Bubble scandal in England in 1720 was, for example, the
first financial fraud recorded in accounting history. The stock's market price was the
driving force behind the phony earnings. The motivation for financial statement fraud
has been essentially unchanged for 300 years, including Enron, WorldCom, and other
recent examples. One the other hand, economic pressures are frequently the driving
motivation behind asset misappropriation schemes, however, sometimes, the fraudster
in the scheme may be driven by emotional motives, such as the desire to defy the system
or a grudge against management or the company. Asset misappropriation and corruption
may both be motivated by the same factors. However, business motives (economic)
often fuel corruption frauds, such as bribery schemes to obtain access to otherwise
unavailable markets. Corruption frauds can sometimes be linked to political agendas.
• Benefactors: Financial statement fraud is perpetrated on behalf of the firm, but it
usually benefits the fraudster. This form of fraud is referred to as "frauds for the
company". On the contrary, asset misappropriation and corruption benefit the fraudster
and are classed as insider fraud against the company. In some cases, such as bribes,
corruption can help the company.
• Size of the company: Because financial statement fraud is frequently driven by stock
prices, the companies that are victims of financial statement fraud are usually big and
publicly traded companies. Although such businesses are more complicated and
difficult to manage, they also have greater resources to devote to internal controls,
auditing, and antifraud initiatives. These businesses are also more likely to be subject to
various restrictions, resulting in more controlled settings and a lower chance of asset
misappropriation, which is inherently more difficult to control. But when it comes to
asset misappropriation, the opposite is true. Because the organizations affected by this
type of fraud are typically small, they either lack the resources or the ability to focus on
fraud prevention and detection small businesses frequently have only one accountant
and cannot justify proper segregation of duties. “An insufficient or absent segregation
of duties is almost always associated with asset misappropriation schemes” (ACFE
2004 RTTN).

20
 B. Fraud audit and Who audits whom ?17

Financial Statement Fraud:

Financial Auditors
The reason behind this is the
financial statement fraud
tends to be material
Corruption: Possibly
misstatement of the financial
Asset Misappropriation: Either Internal or
reporting, and financial audit Internal Auditors Financial Auditors
procedures are designed to
Asset misappropriation schemes Corruption fraud losses
detect material
tend to be immaterial, especially tend to be larger than
misstatements. Another
individual transactions, they are asset misappropriation. If
reason is that executive
difficult for financial auditors to it becomes material, then
management is involved with
discover while doing traditional clearly the financial
financial statement fraud,
financial audits. auditors should have
other parties internal to the
some responsibility
company (such as other
management, accounting, or
the internal auditors) can be
fooled or pressured into
complicity. Management can
override controls.
The financial statements fraud schemes are our main interest in this work, so we will focus on
understanding the main schemes in this category.

17.Tommie W. Singleton, Aaron J. Singleton(2010), Fraud Auditing and Forensic Accounting, Edition: Wiley Corprate
F&A

21
 2. Financial statements schemes:

Financial and nonfinancial statement schemes are the two subcategories of financial
statement schemes. Because the latter is rather infrequent, this discussion will be limited to
financial schemes.

Revenue overstatement is the most common financial statement fraud scheme. In certain
circumstances, businesses simply make up revenue. (a credit to revenue and a debit to accounts
receivable creates miracles on the balance sheet and income statement,) In the fraud tree, this
subcategory contains five schemes.

Table 3:Financial Statement Fraud Schemes

Timing Fictitious Concealed Improper Improper

Differences Revenues revenues Disclosures 18 Asset
Valuation
The intentional Fictitious One way of Improper By inflating the
recording of income revenues are committing this fraud disclosures value of assets
or expenses in generated by scheme is to simply may include (often
improper periods. As registering sales postpone the providing false receivables,
a result, profits can that never took recording of liabilities information or inventory, and
be increased or place. in the twelfth month the failure to long-lived
decreased as desired They can involve of the fiscal year so disclose assets),
during specific genuine or that the current year required capitalizing
periods. fictitious has fewer expenses, information. expenses, or
One way is to push customers. The and then record the deflating contra
excess inventory to ultimate liability in the first accounts19, the
salespeople, where it consequence is month of the value of assets
is treated as a sale frequently an following fiscal year. can be inflated.
while knowing that increase in Another way, is to The financial
much of it would be revenues, profits, move those liabilities statements will
returned at a later and assets (the somewhere else (a reveal a higher-
date. This technique other side of the subsidiary for than-real equity
is known as Channel fictitious example). and profit.
stuffing. accounting entry).

18. Disclosure refers to the timely release of all information about a company that may influence an investor's decision
19 . A contra account's natural balance is the opposite of the associated account. If a debit is the natural balance recorded in
the related account, the contra account records a credit. For example, the contra account for a fixed asset is accumulated
depreciation
22
This study of fraud schemes is an important component of the critical knowledge that fraud
auditors and forensic accountants need to be able to do an effective job. Understanding the red
flags connected with various fraud schemes, as given in the following section, is also critical.

3. Red flags :

The term "red flags refers to fraud fingerprints. When fraud occurs, traces of the criminal
and crime are left at the crime scene or in the life of the fraudster, similar to fingerprints left at
a crime scene.
Accounting anomalies, unexplained transactions or events, unusual elements of a transaction, a
person's behavioral changes or characteristics are all red flags.

A careful analytical review of the fraud tree (schemes) and the fraud triangle reveals relevant
red flags.

Some common red flags in the financial statement fraud schemes include:

• Accounting anomalies;
• Unusual profits;
• Rapid growth;
• Executive management's aggressiveness or obsession with stock prices;
• Deficient internal control;
• Significant, unusual, or highly complex transactions at the end of the fiscal year;
• Evidence that CEOs or board members are financially dependent on the entity's
performance.
There are specific red flags that are associated to the subcategories of the financial statement
fraud schemes.
For instance, in Timing difference scheme especially in Channel stuffing, the excessive return
of merchandise especially in the early days of a new fiscal year or new financial reporting
period.
While in the Fictitious Revenues scheme, some red flags associated with this type include:
• Unusual asset growth (the other side of the entry to generate phony revenues)
• Customers with lacking information (particularly addresses and phone numbers)
Increasing (Improper) asset valuations can exaggerate profits. This can be achieved by
adding value to the original costs or by lowering the contra accounts associated with a
depreciable asset. Some red flags are:

23
 • Increases in the book value of assets (inventory, receivables, long-lived assets) that are
unusual or unexplainable
• Management has a tendency to be unresponsive when internal auditors report assets that
need to be removed from a balance sheet (because they were reportedly retired or
transferred to another company)
Because of their apparent benign nature, recognizing signals of fraud (red flags) might be
difficult at first, especially when considering a single transaction, document, or event. For
example, an internal auditor conducting a vendor file review comes across an invoice with a
POB20 as the address and no physical address. A POB on an invoice with no physical address
is a red flag for a fictious revenues scheme. Should it therefore be dismissed? Is it significant
on its own? Perhaps not, but it should not be overlooked.
A single anomaly or fact might hold the thread of other events together in explaining a fraud.
As a result, auditors and antifraud concerns would benefit from some methodology for
accumulating and identifying anomalies (exceptions).

IV. FRAUD RISK ASSESSEMENT

There has been a substantial focus on fraud, internal controls, and the notion of fraud risk
management, including fraud risk assessment, since Enron and other frauds occurred around
the same time.

Knowledge of fraud principles (the fraud triangle, red flags, fraud schemes, and accounting
information systems), all taken into account in the applicable fraud environment (entity, time
frame, effectiveness of current internal controls, etc.), is required for effective fraud risk
assessment.

There is one significant difference between traditional audit risk assessments and fraud audit
risk assessments. Fraud risk is a deliberate and intentional concealment of the truth. The
documents are fake, internal control performance is misrepresented, and people lie. The fraud
is hidden within a business system. As a result, a fraud risk assessment is utilized to identify
concealment techniques related to the fraud scheme.

A fraud risk assessment is an effective tool utilized by companies of all sizes and industries to
effectively identify and prioritize areas of fraud risk within their organization, with a focus on

20. POB: Post office boxes, are traditionally used by individuals to receive mail in areas where mail may not be delivered
directly to their homes

24
the review of potential fraud schemes and the internal controls in place to prevent or detect
those schemes.21

By performing a fraud risk assessment, the detected fraud risk is associated with the core
business systems. Controls are linked to risk, just as they are in a traditional audit, but in this
case, it is the fraud risk that is being targeted. The concealing methods used by the perpetrator(s)
are also examined by including the fraud theory into the fraud risk assessment. Auditors use
fraud red flags to alert them to a potential fraudulent event, often known as the specific fraud
scheme. The sampling plan is used to look for transactions that are suggestive of a particular
fraud scheme. The audit technique is then used to reveal the transaction's true nature.

There is no one approach or way to implement a fraud risk assessment. The methodology
chosen is determined on the reason for conducting the risk assessment. Risk assessments are
typically carried out to meet regulatory and audit requirements, to review internal controls, and
to detect fraud in core business systems.

Prior to beginning the fraud risk assessment Internal controls provide a reasonable, but not
absolute, guarantee of an organization's acceptable degree of fraud. The standard response is
that no form of fraud is acceptable. While this is true theoretically, no company can afford the
cost of putting in place procedures that will completely prevent fraud.

21 . The definition above comes from the website https://www.eisneramper.com/

25
 In conclusion, A fraud auditor or a forensic accountant must be familiar with the fraud
theory, fraud schemes and as many red flags as possible in order to have a high possibility of
detecting fraud.
The main concepts of this chapter form the cornerstone of an efficient fraud detection. The ideas
presented help us explain fraud with the fraud triangle and the fraud tree. They are crucial in
effective fraud detection, which is early detection. The last section stressed out the importance
of red flags in antifraud activities. Therefore, in fraud detection, one needs a substantial amount
of knowledge on all four topics: fraud background, fraud theory, fraud schemes, and red
flags.

For instance, the fraud theory approach to detecting frauds begins with determining the most
likely fraud plan and how it was carried out.

However, the fraud auditor will need to know the fraud schemes (fraud tree), the fraud triangle,
a little about controls, and a lot about red flags in order to confirm or refute the resulting idea.

Rather of improperly recording cash transactions and other operations in the normal course of
business, financial statement fraud is frequently committed through writing journal entries.

However, developing a reliable technique for recognizing fraudulent journal entries from a
population of tens or hundreds of thousands of journal entries (manipulating numbers and
accounting data) made by firms is a challenge. In this scenario, detecting the changing numbers
also means exposing the fraud. Benford's Law is one theory that may be useful in this regard,
which asserts that the chances of obtaining numbers in a naturally occurring number of digits
are not equal. According to Nigrini22 (2000), Benford's law has become a powerful and useful
tool for fraud auditing.

We will discuss this theory in more detail in Chapter 2.

. Mark Nigrini is a Benford Expert and Professor, he is the author of Benford’s Law Applications for Forensic accounting,
22

Auditing and Fraud Detection

26
 CHAPTER 2 : BENFORD’S LAW APPLICATION
FOR FRAUD DETECION

NUMBERS PLAY A KEY ROLE IN OUR LIVES. We wake up because the

numbers 7:00 have arrived on our digital clock. As we get ready for work or school, we may
watch the weather forecast for the day that will be summarized in a number, 21-degree Celsius
would be a pleasant and comfortable day. Someone may call us before we leave home, and in
order to do so, they must type the ten digits corresponding to our phone number into their
phone.
This may make us wonder are there patterns to the numbers that we see on daily basis?
And, if that's the case, can we use these patterns to determine whether a data table is
genuine or has been manipulated with in some way? Is there a secret number
combination, and if so, what is it?

I. INTRODUCTION TO BENFORD’S LAW:

MATHEMATICAL FOUNDATIONS

The answer to our questions begins with Frank Benford who was an
American electrical engineer and physicist, he was the author of nearly 100 papers on light and
optics, and he had 20 patents issued to his name that were assigned to General Electric.
However, his paper on digit dealt with was his favorite hobby, Mathematics. Benford's patents
have long since expired, but his digits paper, which he wrote as a hobby, has been lived on with
1,000 published book chapters, articles, and papers on Benford’s Law.
The Law of Anomalous Numbers paper (Benford, 1938) begins with a note that in a book of
logarithm tables, the pages show more stains and wear on those giving the logarithms of
numbers with low first digits (1 and 2) than on those giving the logarithms of numbers with
high first digits (8 and 9). Benford then speculated that this was because more of the numbers
used (or “in existence”) had low first digits.23
He concluded that he was looking up the logs of numbers with low first digits more often than
he were looking up the logs of numbers with high first digits. The first digit of a number is the
leftmost digit. For instance, the first digit of a number let’s say 53,467 is 5. There are 9 possible

23 . Benfords Law Applications for Forensic Accounting, Auditing, and Fraud Detection by Mark Nigrini

27
first digits. Zero can never be a first digit. The sign of negative numbers is ignored when we
calculate the first digit.
There was a total of 20,229 records in Benford's tables. He gathered information from as many
sources as possible in order to include a wide range of data sets. His data ranged from random
numbers with no relation to one another, such as numbers from newspaper front pages to
mathematical tables.

1. BENFORD’S EXPECTED DIGIT FREQUENCIES :

According to Benford's findings, the first digit 1 appeared in 30.6% of the numbers. The
number 2 appeared 18.5% of the time. This means that 49.1% of the numbers had a 1 or 2 as
the first digit. 4.7% of the numbers had a first digit of nine. The actual proportion for the 1 was
near to the logarithm of 2 (or 2/1), and the actual proportion for the 2 was close to the logarithm
of 3/2, according to Benford. The proportion for the digit 9 was close to the logarithm of 10/9.
The formulas for the digit frequencies are shown next with D1 representing the first digit, D2
the second digit, and D1D2 the first-two digits of a number.
𝟏
𝑷(𝑫𝟏 = 𝒅𝟏) = 𝐥𝐨𝐠 (𝟏 + ) 𝑑1 ∈ {1,2, … ,9} (1.1)
𝒅𝟏
𝟗
𝟏
𝑷(𝑫𝟐 = 𝒅𝟐) = ∑ 𝐥𝐨𝐠 (𝟏 + ) 𝑑2 ∈ {0,1,2, … ,9} (1.2)
𝒅𝟏𝒅𝟐
𝒅𝟏=𝟏
𝟏
𝑷(𝑫𝟏𝑫𝟐 = 𝒅𝟏𝒅𝟐) = 𝐥𝐨𝐠 (𝟏 + ) 𝑑1𝑑2 ∈ {10,11,22, … ,99} (1.3)
𝒅𝟏𝒅𝟐
where P represents the probability of observing the event in parentheses. The formula for the
first digit proportions is shown in Equation 1.1. The formula for the second digit proportions is
shown in Equation 1.2, and the formula for the first-two-digit proportions is shown in Equation
1.3.
For e.g., the probability of the first digit 1 is calculated as shown in Equation 1.4.

𝟏
𝑷(𝑫𝟏 = 𝟏) = 𝐥𝐨𝐠 (𝟏 + ) = 𝐥𝐨𝐠(𝟐) = 𝟎. 𝟑𝟎𝟏𝟎𝟑 (1.4)
𝟏

The results of Benford work shows that as we move from left to right, the digits tend toward
being equally distributed. If we are dealing with numbers with three or more digits, for all
practical purposes the ending digits (the rightmost ones) are expected to be evenly distributed.

28
The preferred Benford's Law test is the first-two digits test since it captures more information
than the first- and second-digit tests combined. Even when the data defies some of the law's
underlying mathematical assumptions, the first digits of the numbers in a data table can confirm
to Benford's Law.
The mantissas24 of the logs of the numbers are anticipated to be uniformly (evenly) distributed,
according to Benford's Law. The probability, according to Benford, were more directly tied to
"events" than to the number system itself. He found that some of the finest fits to the expected
pattern (of the digits) were for data with no relationship between the numbers, such as numbers
from the newspaper articles. Benford concluded that nature counts in a geometric progression.
Benford then derived the predicted digit proportions for tabulated "natural" data. is a geometric
sequence25 of 10,000 number ranging from 1 to 9.9977.
A useful test related to Benford’s Law is to graph the logs of the data. The expectation is that
these logs, when ordered, will form a straight line. This test could identify excessive number
duplication and other data anomalies.

2. WHEN A DATA SET SHOULD FOLLOW BENFORD'S LAW?

A general rule is that the data set should have at least 1,000 records before we should expect
a good conformity to Benford’s Law.
Plus, there are many nonmathematical guidelines for determining whether a data set should
follow this law, such as:
• The size of facts or events should be represented in the records or data: The population
of towns and cities, river flow rates, and company revenues on the major stock
exchanges are all examples of such data.
• Data should be no built-in minimum or maximum values, except for a minimum of 0
for data that can only be made up of positive numbers.
• The numbers should not be assigned, such as the bank account numbers, car license
plate numbers….
• There are more small records than large records in the data set: The data should not
be strongly clustered around an average value, which implies that the data should not
be too clustered around its mean value. For e.g., salary and wage data don’t conform to

24. In scientific notation the mantissa is the digits without the ×10n part
25
. In mathematics, a geometric sequence, is a sequence of non-zero numbers where each term after the first is found by
multiplying the previous one by a fixed, non-zero number called the common ratio.
29
 Benford’s Law because most employees in the same company are paid approximately
the same salary.
A weak fit to Benford's Law indicates that the data is likely to contain abnormal duplications
and anomalies. The first step is to determine whether the data should follow Benford's Law.
This judgment could be based on the considerations just described, as well as previous
experience with similar data or data from previous times.

II. THE EFFECTIVE USE OF BENFORD’S LAW TO

DETECT FRAUD

Benford's law is a statistical and data mining26 tool for detecting fraud. When fraudsters
create fake transaction documents, they rarely consider Benford's law. Because it detects
manual intervention in otherwise automated transaction activity, Benford's law can expose
fictious numbers, anomalies and discrepancies in random data sets.

As our culture advances, we become capable of accomplishing feats previously thought

inconceivable. Our collective mathematical and technological abilities have skyrocketed. With
our computers and other devices, we literally perform magic.

However, can we, on the other hand, recognize when a friend or a family member is lying?
Perhaps not, but a highly sophisticated statistician is able to detect straight-faced fraudsters
when confronted with their fake and fictious data. This talent is based on the fact that to make
authentic-looking information. A basic understanding of the basic properties of the digital
language is required. While most fraudsters have not got any idea about the topic, and
incorrectly believe that the realm of numbers is ruled by digital equality.

People are creatures of habit. We do have habits, and it is our habits that define who we are
and shape our good or bad personalities. Even when urged to do so, people find it difficult to
act at random. If we go back to our morning routines, it's likely that we do things in the same
order every day.

Given our general proclivity for routine, it's reasonable to expect that our routines will extend
to any set of numbers we invent. A person would very certainly choose the same numbers.
Fraudulent numbers are numbers that have been added to data by a fraudster that should not be

26 . Data mining is a technique for extracting useful information from a vast amount of unstructured data. It entails utilizing
one or more software to analyze data patterns in big batches of data.

30
there. The fraud could entail misrepresenting an actual amount (such as the expense of a
business trip) to gain a higher reimbursement from the employer or to claim a larger tax
deduction than would be allowed. If people tend to use the same fraudulent numbers, the
numbers should stand out among the crowd.

Benford's Law can help in the discovery of financial statement fraud (it can be also useful in
the detection of some forms of asset misappropriation schemes, but that type of scheme is not
the focus here).

Rather of improperly recording cash transactions and other operations in the normal course of
business, financial statement fraud is frequently committed through recording journal entries.
Using Benford’s Law may have useful applications in detecting financial statement anomalies
but further investigation would be necessary to prove whether fraud was indeed involved or just
an honest mistake.
Not only can data analysis tools such Benford’s Law detect fraud, but simply analyzing data
for fraud on a regular basis can be an effective control mechanism in and of itself. If employees
and vendors are aware that a business is implementing rigorous fraud detection testing, they
may be less likely to commit fraud.

III. BENFORD’S LAW TESTS: APPLICATION FOR

ACCOUNTING AND FINANCIAL DATA

THE BENFORD LAW TESTS are divided into three categories: primary tests,
advanced tests, and associated tests.

Some analysis projects employ all of the tests, while others are fine with employing only some
or all of the primary tests. The typical norm is that the primary tests come first, followed by the
advanced tests, and finally the associated tests. The associated tests are not really Benford's
Law tests, but rather digit and number pattern tests.

1. The primary tests

The primary tests are the main Benford’s Law tests:

• the first digits;
• the second digits;
• the first-two digits, known as the first-order test.

31
Primary tests are typically performed on either positive or negative numbers. Positive and
negative numbers are analyzed separately because the incentives to manipulate them are
diametrically opposed.

For example, management wants a higher profit number when earnings are positive, whereas
when earnings are negative, they want a number closer to zero. To cut taxes, taxpayers would
aim to lower their income numbers and boost their deductions numbers.

For the primary tests, an optional filtering step for transactional amounts is to remove all
numbers less than 10. For auditing or investigative reasons, these figures are usually immaterial.

The data profile is a test that comes before the primary Benford's Law tests. The data profile
may reveal major flaws that indicate that continuing with the analysis is not a wise idea.

Data profiling is the process of evaluating, analyzing, reviewing, and summarizing data sets to
acquire insight into data quality. Data quality is a metric that assesses the accuracy,
completeness, consistency, timeliness, and accessibility of information.

The data profile divides the data into strata and displays the count and sum for each stratum27.

A. The first digit tests

This test could be useful with a data set with a small number of records (about 300). The
issue with the first digit test is that the first digits may indicate a conforming pattern even if the
data has major flaws that reveal it does not follow Benford's Law.

Unless the analyst or the auditor gets some direction from data sets that clearly do comply to
the law, the first-digit graph is too high level to even visually analyze whether the data conforms
to Benford's Law.

B. The second digit tests

The second digit test is a high-level test of reasonableness that, like the first, is actually too
high-level to be useful except in very specific circumstances. Because of round numbers, the
second digits graph for payments data and other data sets with prices will frequently display
excess 0s and 5s (such as 15, 100, and 350). This is normal and should not be a cause for
concern.

27
. Stratum refers to a subset of the population

32
The second digits test is quite effective in detecting data biases. When people strive for specific
numbers or ranges of numbers in order to go around actual or perceived internal control
threshold. Biases also occur in marketing when supermarkets or discount chains establish
selling prices with ending digits 9s.

The second digit test has been used to detect rounding-up behavior in corporate earnings reports
(Nigrini, 2005)

Daily sales data over a quarter or a year do not frequently follow Benford's Law because the
variability is insufficient to cover all of the first digits. However, even if the first digits are
nonconforming, the second digits should still follow Benford's Law.

C. First-two-digit test

The first-two digits test is a more focused test than the first digit test, and it's used to spot
unusual digit duplications and possible data biases. All of the information from the first- and
second-digits graphs is contained in the first-two digits graph. The first-two digits graph gives
us more information than both of the first graphs, as it’s highly aggregated.

Unless there are specific conditions, such as a small data set or an investigation into rounding
up or rounding-down behavior, the first-order test is the primary Benford's Law test. The first
step in the test is to locate the field of interest in the table. For the purposes of the test, amounts
less than $10 will be removed based on the data profile and objectives. Calculating the first two
digits of each quantity is the initial step in the analysis. The first two digits are then counted to
see how many of each we have. The results are then graphed and the supporting statistics are
calculated.

The Z-statistic28 is used to see if the actual proportion for a given digit differs considerably
(statistically) from Benford's Law's expectation. The formula considers the absolute magnitude
of the difference, the number of records, and the expected proportion magnitude with a
significance level of 5%.

The formula of Z-Test is shown in Equation 1.1:

1
|𝐴𝑃 − 𝐸𝑃| − (
𝑍= 2𝑁) (1.1)
√𝐸𝑃(1 − 𝐸𝑃)
𝑁

28 Z-statistic or Z-Score gives us an idea of how far from the mean a data point is.

33
Where:
EP: The expected proportion;
AP: The actual proportion;
N: The number of records.
Some data authenticity tests should be undertaken before any Benford's Law tests are
performed. The data profile, periodic graph, data histogram, and descriptive statistics are
examples of pre-Benford tests. Analyzing data that is incorrect or partial yields minimal benefit.

2. The Advanced Benford’s Law Tests

This section introduces the summation test and the second-order test, which collectively
are known as the advanced tests.

With or without the primary tests, advanced tests can be run on data. It's okay to bypass the
primary tests and only run the advanced ones. The advanced tests can be done even if the data
is not expected to confirm to Benford's Law or was found not to conform to Benford's Law with
some hindsight. The advanced tests can be applied to nearly any dataset.

The summation test looks for unusually big numbers in a data set. The test detects numbers
that are unusually large in comparison to the data's norm.

The second-order test examines data patterns and is based on the digits of the differences
between quantities ranked from smallest to largest (ordered). The digit patterns of the
differences are expected to closely resemble Benford's Law's digit frequencies. The second
order test produces few, if any, false positives because if the findings are not as expected (near
to Benford), the data does actually have some odd and unusual, abnormal, or irregular
characteristic.

A. Summation test

The theorem underlying the summation test is based on the fact that the sums of all the
numbers in a Benford Set with first-two digits 10, 11,12, . . ., 99 should be equal.29
The summation test analyses the sums of the numbers with various digits (10, 11, 12…, 99).
The usual first-order test relies on the counts of numbers with various digits.
For example, if the numbers were 1253, 1744, 346, 105, and 12.04, the count of the numbers
with a first digit 1 is 4 while the sum of the numbers with a first digit 1 is 3,114.04. The sums

29. Benford’s Law Applications for Forensic Accounting, Auditing, and Fraud Detection by Mark Nigrini

34
for the various digits are expected to be equal, and spikes tell us that there are some large single
numbers.
A Z-statistic is not calculated for the summation test.
B. Second-order test

A Benford Set is a table of numbers that closely follows Benford's Law. The relationship
between a geometric sequence and a Benford Set was discussed earlier. Benford recognized
this link in his work, which he titled "Geometric Basis of the Law" and said that “Nature
counts geometrically and builds and functions accordingly” (Benford 1938, p. 563).
Raimi (1976) relaxes the tight restriction that the sequence should be perfectly geometric and
states that a close approximation to a geometric sequence will also produce a Benford Set.
The equation for a geometric sequence, Sn, is:

𝑆𝑛 = 𝑎𝑟 𝑛−1 (1.1)
Where:
a: the first term in the sequence;
r: the common ratio of (𝐧 + 𝟏)𝒔𝒕 divided by the 𝐧𝒕𝒉 element;
n: the 𝐧𝒕𝒉 term.
The digits of a geometric sequence will form a Benford Set if two conditions are met:
1. The number of records N should be large; As N increases, the real proportions tend to
approach Benford's Law's exact proportions;
2. The difference between the logs of the largest and smallest numbers should be an integer
value.
The second-order set shows that the differences between successive elements of a geometric
sequence give a second geometric sequence
𝐷 = 𝑎𝑟 𝑛 − 𝑎𝑟 𝑛−1 𝑤𝑖𝑡ℎ 𝑛 = 1,2, … . , 𝑁 − 1 (2.2)
= 𝑎(𝑟 − 1) ∗ 𝑟 𝑛−1
The elements of this new sequence form a geometric sequence, and because the differences
between the logs of largest and the smallest numbers will still be an integer. The patterns of
these digits will also conform to Benford's Law, and the N–1 difference will form a Benford
Set.
The second-order test of Benford’s Law is based on the digit patterns of the differences
between the elements of ordered data and is summarized in this way:

35
 • If the data is made up of a single geometric sequence of N records conforming to
Benford’s Law, then the N– 1 difference between the ordered (ranked) elements of such
a data set gives a second data set that also conforms to Benford’s Law.
• Some anomalous situations might exist when the digit patterns of the differences are
neither Benford nor almost Benford. These anomalous situations are expected to be rare.
If the digit patterns of the differences are neither Benford, nor almost Benford, this is a
red flag that some serious issue or error might exist in the data.30

The summation test examines the sums of numbers with the first two digits 10, 11…99. The
test's purpose is to find abnormally large numbers or medium-sized enormous numbers that
have the same first two digits repeated throughout the data. Given the numerous controls that
presumably exist in accounting systems, it would appear that off-the-charts accounting or
processing errors are inconceivable.
The second-order test analyses the disparities between the ordered (ranked) values of a data set.
In most circumstances, regard less of the distribution of the underlying data, the digit of the
differences will closely follow Benford's Law.
For data sets containing mistakes or omissions, the second-order test could actually return
produce compliant findings results. The second-order test could detect many abnormalities like
download mistakes, rounding errors, and the use of statistically generated numbers would not
have been detected using standard Benford's Law tests.
Benford's Law is an excellent technique for assessing the risk of the contents of a data set. It
gives the auditor or investigator a good place to start. To utilize this tool properly, the user
needs to have a thorough understanding of the business and industry to eliminate the false
positives.

3. The Associated Benford’s Law Tests

The Associated tests are referred to as such because they are not direct tests of Benford's
Law, but rather complimentary tests that are used in combination with the standard Benford’s
Law tests. The number duplication test digs deeper into the data to find the exact numbers that
caused the spikes in the first-order and summation graphs. The last-two digits test identifies

30. Benford’s Law Applications for Forensic Accounting, Auditing, and Fraud Detection by Mark Nigrini

36
anomalous duplications on the right side of the numbers in the data. Spikes on the graph of the
last two digits could suggest mistakes, created numbers, or excessive rounding.

A. The Number Duplication test

The number duplication test is not specifically Benford's Law test; rather, it is an associated test
that can be used to supplement the results of Benford's Law tests. The number duplication test
can produce specific numbers that triggered spikes in the first order tests and the summation
test.

Spikes in any first-order test are caused by numbers occurring more frequently than expected,
whereas spikes in the summation test are typically caused by large volumes of the same
numbers repeating more frequently than normal.

B. The Last Two Digits test

The last-two-digits test is an effective number invention test. The theory behind this test is that
when we move to the right in a number, the digit frequencies become equal.

The last-two-digits test is designed to detect number invention in data sets where we don't want
to see evidence of people inventing numbers. We expect the digits (00, 01, 02..., 99) to be
evenly scattered because we are looking at the right-hand side of the numbers. We estimate that
each of the 100 potential last-two-digit combinations will occur around 1% of the time. In
forensic settings such as election results, website statistics, etc. We apply this technique to seek
for rounding or number fabrication.

37
 Benford's Law is about a lot more than just the first or the second digit phenomenon.
It's also a lot more than a mathematical curiosity or a cool side effect of how we express
numbers. The dispersion of numerous types of financial and scientific occurrences leads to
Benford's Law. The idea that there are many small rivers and only a few large rivers, that there
are many small businesses and only a few large businesses, and that there are many bank
accounts and other investments with small balances and only a few with large balances seems
logical. It's amazing how this simple logic can be transformed into a rigorous statistical
distribution that is base invariant, scale invariant31, and power invariant.

It's particularly surprising that this distribution has been the subject of hundreds of careful
publications in mathematical and statistical journals. The law is much more than a simple set
of nine probabilities that sum up to 100%. But it's not a lie detector, and we can't necessarily
assume that data that doesn't fit Benford's law is fraudulent. People are constantly fascinated by
the law because we enjoy discovering secrets, and understanding that there is some underlying
pattern to what appears to be chaos is akin to discovering a secret code.

31
. Scale invariance is a feature of objects or laws that does not change when scales of length, energy, or other variables are
multiplied by a common factor, indicating universality.

38
PART 2:

39
 CHAPTER 1: PRESENTATION OF RSM
MOROCCO FIRM

Our End of Study Internship was carried out in the accounting department within the
firm RSM Morocco for a period of three months in the busy season.

In addition to the accounting and financial analysis work that we worked on, we also had the
chance to intervene in a mission of the financial reporting of a group of companies.

Before presenting the methodology of our work, we saw the interest of starting with a small
presentation of the host firm RSM Morocco by presenting its culture, its organizational chart
and its different departments.

RSM is an international, integrated, transparent and independent network that federates

the skills of 51000 professionals (audit, tax and consulting experts) in more than 115 countries
that that make up its integrated partnership. They are present in Europe, Africa, the MENA,
Asia Pacific, North America, Latin America and the Caribbean. The number of RSM offices
worldwide is over 800 offices.

While on the national level, RSM Morocco, formerly named Acconcil was founded in
2001 on the initiative of Mr. Tarik Bouziane and has grown to become one of Morocco's
largest audit, consulting, and accounting firms in less than a decade.

RSM Morocco provides a comprehensive variety of services to its national and international
clients, based on a full understanding of the market environment and the numerous sectors of
activity that make it up.

RSM Morocco's strategy is primarily built on a listening, proximity, and competence in order
to comprehend each customer's specific problem and to carry out its missions to the highest
levels while adhering to international norms.

40
Figure 3:RSM LOGO

I. COMPANY DATA SHEET

Table 4:RSM DATA SHEET

Company Name RSM MOROCCO

Legal Status Limited Liability Company (SARL)
Date of Creation 25/10/2001
Activity Accounting, Auditing, Tax and Legal
Firm
65 Bd De La Corniche, Résidence Le
Address Yacht, Immeuble A, 4eme Etage, 20100
- Casablanca

Staff 30
Registry of Commerce (RC) 112019
Capital (MAD) 3 000 000 DHS
Web Site https://www.rsm.global/morocco/

41
II. ORGANIZATIONAL CHART OF RSM MOROCCO

Tarik Bouziane
Managing Partner

Youssef Smires Fatine Hamouchi

Partner Audit/Corparate Partner Expertise/Juridique

Corporate & Audit &

Accounting & HR
Transaction supervision Legal & Tax
services
support comptable

Figure 4:Organizational Chart of RSM MOROCCO

The study of this organizational chart shows three main hierarchical levels at the level of the
firm RSM Morocco:

At the head of the hierarchy, the management of RSM Morocco is ensured by Mr. BOUZIANE
Tarik, a certified public accountant and auditor. He is a member of the Order of Chartered
Accountants of Casablanca and the Compagnie des Commissaires aux Comptes de Paris.

Mr. BOUZIANE Tarik has been practicing the profession for over 20 years. He started his
career in France as a Project Manager with Ernst & Young where he managed audit missions
for large companies, before becoming Managing Partner of RSM Morocco, a member of the
RSM International network, the 6th largest network in the world. He assists large companies in
their international operations, both in terms of assurance on accounts and in terms of
transactions and mergers and acquisitions.

At the second level, Mr. SMIRES Youssef holds the position of partner in Audit and Corporate
Finance. He is a chartered accountant with an experience of more than 12 years in the fields of
accounting, audit and consulting. Mr. SMIRES has conducted various missions and has
significant experience in the production and accounting expertise, contractual audit and
consulting in organization and information systems

42
The following hierarchical level is presented by the managers of each department namely, Mrs.
ELHARITH Nchirah, the executive manager and responsible for the human resources
department, Mr. HAMDI Yassine the manager of the Audit and Tax department, Mr.
BERKANE Abdelhamid as the manager of the accounting department and Mrs. Salwa, the
responsible of the legal issues.

III. RSM SERVICES

The firm RSM occupies a large market in Morocco and this is due to the fact that it provides
a set of services, to different clients and industries: public sector organizations, owner managed
businesses, private individuals or listed companies with overseas operations.

• Audit & Assurance: Statutory audit, Acquisition audit, Contractual audit, Internal audit
and Due diligence

• Accounting Services: Outsourcing of all accounting services, IFRS, consolidated

financial statement, Setting-up of analytical accounting statement and HR services

• Legal and Tax services: Tax advice and compliance, Business Law & corporate legal
advice and Assistance to fiscal and litigation controls

• Corporate: Mergers & Acquisitions, Financial restructuring and Companies’ valuation

Thanks to the diversity of its Moroccan and international clients, RSM has accumulated
experience and an expertise that allows it to intervene in various missions in many industries
Within the framework of these various missions, RSM Morocco has been able, and continues,
to demonstrate its expertise, its mastery of the trade and its professionalism.

Its team is composed of professionals trained in the best French and Moroccan establishments
and regularly benefits from internal and external training. These employees are supervised and
evaluated every year in order to guarantee the quality of the services provided on one hand and
their career development on the other hand.

This organizational culture was also reflected in the quality of the relationships of trust that the
firm has established with its clients, based on professional and human values that are the
guarantee of an effective collaboration, in the interest of the company and its durability.

43
Throughout our internship period, the staff made sure that we were involved in the real world
of work by entrusting us with tasks and missions of great added value. The areas of our
intervention were in particular those of accounting expertise as well as participation in financial
reporting missions.

44
 CHAPTER 2: FRAUD AUDITING, A DATA
ANALYTICS APPROACH
Within the framework of the missions held by the accounting and auditing firm RSM
Morocco, we had chosen, among the different missions we were in charge of, a mission of
analyzing the accounts of a company in the retail sector in order to put into practice what we
had developed in theory.
Our mission, as a collaborator, was to reconciliate the receivable accounts in order to
reconciliate the detailed amounts of unpaid customer billings to the accounts receivable total
stated in the general ledger.
We chose to apply Benford’s Law to test the accounting data of this company, in particular, the
income accounts “71110000000 Sales of goods in Morocco” and “71180000000 Sales of
goods of previous years” for the accounting period from 01/01/2021 to 31/12/2021, after
assessing the risks of fraud in this sector in general and the company ΑLPHA SARL in
particular.

In what follows, we will specify in detail our approach in order to carry out our mission.

I. DATA ANALYSIS CYCLE

Our methodology of research follows the data analytics approach or the data analysis
cycle. It’s a three-stage circular cycle, the stages are evaluation and analysis, software and
technology, and audit and investigation stage.

1. Evaluation and Analysis

To begin the cycle, we must have a thorough understanding of the whole business, as well
as the subsidiary, division, or business unit under examination. A solid understanding of the
industry as a whole, as well as the business environment, will serve as a baseline for
comparison.

This cycle comprises assessing potential fraud areas or zones and identifying fraud symptoms
or red flags, using the Fraud Risk Assessment plan. This information enables us to adjust our
evaluation tactics to the needs of the organization. Because business practices in different
industries, as well as within the same industry, fluctuate widely, we cannot apply all of the same
stages and procedures to every organization.

45
With this knowledge, the next step is to identify gaps or weakness inside the company processes
where possible fraud might exist.

To focus on a more detailed level, we must first break down the organization to at least the
business unit level. Each area has its own set of elements and risks. The risk assessment must
be adapted to the function under consideration which is in our case the Sales Department.

The third step of this stage is to list all the red flags and possible fraud schemes perpetrated in
the Sales Department.

Once completed, we can move on to the next stage which “The Software and Technology
segment of the data analysis”

2. Software and Technology

Various software and hardware tools can be used to source information and data using
the identified red flags or fraud schemes. After that, the data and information gathered can be
analyzed.

With a list of symptoms in hand, we can determine what information is required to conduct
meaningful analysis and meet the audit objectives. With the data in hand, a software like Excel
can run tests to target the selected areas. We will use Benford’s Law tests to highlight the
anomalies and irregularities in our accounting data or maybe to conform the authenticity of data
set.

The audit plan should be enhanced to include a review and investigation of any questionable
items or anomalies. The majority of the anomalies will be false positives that can be explained
with more research. Which is why the third stage comes handy.

3. Audit and Investigate

No amount of technology or Data Analysis can confirm a fraud. Technology can

only serve as a starting point for fraud detection or to identify potential transactions.
Technology minimizes the number of everyday routine transactions to only those that are high
risk and require additional review. Risk analysis determines whether more resources should be
committed to widen the audit or investigate specific transactions. It is necessary to follow the
audit trail and analyze the source papers. Interviewing employees may be necessary to gain
further information, clarification, or reasons behind the transaction. This could lead back to a

46
requirement for a more detailed understanding of the business throughout the evaluation and
analysis stage.

In our case, and due to the shortage of information and resources, we couldn’t conduct an
investigation to clarify the anomalies discovered in our data.

The three stages of the cycle are always changing and evolving. They must be proactive,
as new fraud techniques emerge all the time, especially with the rapid developments in
technology. While technology can help auditors and investigators with new detection methods,
it also gives fraudsters new tools to target systems and commit fraud. Where one area may be
protected now by numerous restrictions, it may be vulnerable tomorrow. An auditor must
incorporate routine checks, like as a night watchman on patrol checking that all doors are
correctly closed numerous times during his patrol. Make a plan, but be sure to alter it as needed!

Thus, the diagram above summarizes our approach and the different steps implemented during
each stage.

47
 Evaluation and Analysis (Fraud Risk Assessement)

1.Risk
2.Risk Analysis
Identifaction

Corporate
Understanding Understanding
Environment Internal Factors
the business the sales cycle
Factors

Fraud Factors

Software and Technology

Preparation of Data Data Analytics Tests:

Obtaining Data Files
Analysis: Data Profile Benford's Law

Audit and Investigate

Recommendations and
limits

Figure 5:The Data Analysis Cycle

48
II. EVALUATION AND ANALYSIS

The fraud risk assessment process is broken down into the following the four steps:

• Risk Identification;
• Risk Analysis;
• Risk Evaluation;
• Risk treatment.

For the risk evaluation and treatment, we didn’t communicate the results to the company so we
couldn’t evaluate the risks or know the feedback(decision) of their risk tolerance and appetite.

1. Risk Identification

A. Understanding the business

a) Data sheet of Alpha Company

Company Name ALPHA

Legal Status Limited Liability Company (SARL)
Date of Creation 2011
Activity Table Art Retail Store
Staff 5
Capital (MAD) 400 000 DHS
Turnover of 2021 (MAD) 4 266 00 DHS

Figure 6: DATA SHEET OF ALPHA COMPANY

b) Business activity

The company ALPHA is specialized since its creation in 2011, in the trading, representation,
purchase, sale, marketing and distribution of all articles, materials, equipment and furniture for
table art.

Their products include tableware, porcelain, glasses, cutlery, candleholders and lanterns,
vases and other gift items.

49
 c) Legal and fiscal context of the company

On the fiscal level, the company is subject to the provisions of the law n° 5-96 relating to the
Limited Liability companies and subjected to the various taxes: the IS, IR, VAT and the
professional tax.

➢ Corporate income tax (IS):

The company is subject to corporate income tax (IS) on the base of a scale. The tax due
cannot be less than a minimum contribution (CM) calculated at the rate of 0.5% or 0.6% of the
operating income excluding taxes.

➢ Value added tax (VAT):

The sales made by the company are subject to the common law rate (20%) according to the
system of receipts (since the fiscal year 2015), except for foreign customers for whom the
invoices without taxes in accordance with the provisions of the General Tax Code (CGI).

d) The retail industry in Morocco

Moroccan is the African leader in the retail industry, according to Kearney32, a US consulting
firm, followed by Egypt and Ghana. Morocco ranked 6th out of the 35 countries.

Figure 7:2021 Global Retail Development Index

32 . 2021 Global Retail Development Index

50
Retail sales according to Invest.Gov.ma account for 12% of annual National GDP and retail
employment accounts for 12.8% of total employment, or about 1.2 million people. This falls
short of the Rawaj Vision 202033 (announced in early 2000), which aimed to boost the retail
sector's contribution to GDP to 15% and increasing modern retailing’s share of all commerce
to 30 percent, this is due largely to the covid-19 recession.

Morocco becomes one of the fastest growing markets in the world as the middle class is growing
and consumers are willing to explore new products and organized and modern formats of retail
stores.

The rise of e-commerce, which is predicted to grow at a rate of around 16% through 2025, has
prompted traditional merchants to expand their digital capabilities. Marjane Holding,
Morocco's largest retailer, is expanding its supply chain capabilities and building a more agile
and adaptable network, as well as speeding up its digital transformation by delivering products
online and integrating omnichannel capabilities.

➢ Characteristics of the sector:

As mentioned above, the retail sector in Morocco is:

• A fastest-growing sector;
• Supported with business-favorable policies to attract foreign and private sector
investments;
• Still dominated by traditional retailing despite the presence of a few modern chain
retailers;
• Characterized by the rise of e-commerce but still dominated by cash-on-delivery
medium for online shopping.

e) Fraud risk in the retail industry

According to the 2020 RTTN, the assessed fraud risk in the retail industry is approximately 5%
with a median loss of $85,000.

33. the overall objective of this strategy is to make trade and distribution a high-performance sector at the service of all
consumers

51
Figure 8:How does fraud affect organizations in different industries, 2020 RTTN

In a retail environment, the fraud schemes occur in a myriad of ways, however, the most
prevalent ones are as follows:

• Corruption 37%;
• Billing34 22%;
• Cash larceny35 15%;
• Financial statement fraud 6%;

34 A billing scheme involves a fraudster submitting a fake invoice or altering a legitimate invoice to persuade a buyer to
make a payment that should not be paid.
35 . Cash Larceny is the theft of cash from the employer, occurring after it was recorded in the books of records

52
Figure 9:The most common fraud schemes in the retail industry, 2020 RTTN

B. Understanding the sales cycle

In this section, we will try to describe and detail the procedures of the sales cycle,
implemented by the store ALPHA in order to identify the fraud risks linked to this business
process.

This assessment will therefore allow us to identify areas of risk for which the coming steps
“Risk Analysis and Evaluation” would be intensified in order to minimize the audit risk and
avoid the issuing a false positive risk or inaccurate opinion on the company's accounts and
financial statements.

For this purpose, we will describe in this section the internal procedures of this cycle through
the flow-chart method and the memorandum.

To collect information about the selling process of this company, and because it was not an
official mission of audit, we interviewed the RSM’s accounting consultant of Alpha company
who has a good knowledge of the history of this client and the process of their business as he
was their consultant for more than 6 years.

a) Selling process Flowchart of Alpha Store

Flowcharting is a technique in which a process (a sequence of operations and flows of

documents, information or goods) is presented visually using a set of symbols with a meaning,
explained in advance. This system makes it possible to summarize in a clear and synoptic way

53
 the procedures of an organization in a clear and synoptic way so that the weak points of the
system and the places where information is processed inefficiently are quickly highlighted.

Here is the meaning of the symbols we have used for this purpose:

Table 5:Flowchart symbols meaning

A process symbol, also called an "Action Symbol," indicates a process,

action, or function.

Represents the input or output of a document (An invoice, report, bill

receipt)

A decision symbol (Accept or refuse)

A data symbol, represents the data available for input or output

Figure 10:Selling process flowchart, made by ourselves

54
 b) Memorandum

We didn’t create a terminator step (Start and End) of this process, because in fact it’s a business
continuance process that starts from the procurement process and doesn’t end in the selling
process.

The selling process in Alpha Store is split into two categories: direct sales in stores and
indirect sales via shipment (e-commerce). Consumers who do not come directly to the business
or who live outside the city can take advantage of sales via shipment. Orders are taken down
and checked for availability. The sales department sums up the total order with the help of an
automatic cashier machine as well as the shipping fee for the shipment when the transaction
occurs. The sales staff prepares the product for the customer after taking payment.

Most of the costumers are individuals (80%, and the rest are businesses) who don’t usually ask
for the invoice and take only the receipt bill; however, the administration must prepare invoices
for all of the receipts to report the income to the management and their accounting consultant.

Their individuals’ costumers opt mainly for paying with a credit card or cash, while business’
costumers can negotiate the payment terms with the company.

c) Fraud risk in the sales department

According to the 2020 RTTN, the Sales department comes in 4th position as a high-risk
department where fraud schemes like corruption, noncash36, expense reimbursement 37and
financial statement fraud are the most prevalent one.

36.
Any scheme in which an employee steals or misuses noncash assets of the victim organization
37 . Any scheme in which an employee makes a claim for reimbursement of fictitious or inflated business expenses

55
Figure 11:The most common fraud schemes in sales department, 2020 RTTN

By understanding the selling process in this store in particular and the retail environment in
general, it is possible to identify the fraud risks which may be inherent in this cycle.

By observing the flowchart in figure 10, to keep track of the remaining inventory in the
warehouse, the person in charge of product stock must keep track of stock data. The existing
system's difficulty is that not all stocks are effectively recorded since there are too many
products in the warehouse, which are also not organized properly, causing stocks that are still
in the warehouse to be regarded non-existent or vice versa. This is also due to the fact that
records are not regularly updated, meaning that when sales transactions occur, the stock on the
record does not instantly decrease and must be manually updated. Furthermore, checking the
goods in the warehouse accurately takes a long time. Because stock data is updated as soon as
a product is sold or purchased, it is important to keep track of it.

So, a fraudster may see this as an opportunity to steal the goods from the warehouse because
records are not automatically updated➔ Noncash scheme

56
The income report provides information on product sales revenue. Because the store handles
both direct and shipping transactions, more receipts are generated, making the administration
department's job more difficult for gathering sales data and recording income.

It’s a weakness in the process, and a fraudster will find it as an opportunity to not report all the
cash receipts and steal cash➔ Cash larceny scheme

In the administration and finance department, the fraudster may create false records for
customers and invoices, especially that most of the customers are individuals, that make it hard
to track them without a real address. The record of income could easily be manipulated by the
management, because it can be updated manually in Excel to understate the revenue for tax
evasion, as there is a difficulty to track all the customers or the cash➔ revenue
understatement scheme

2. Risk Analysis

To analyze the inherent fraud risks in this cycle, we should determine the potentiality and the
probability of the fraud, and this by analyzing the nature, extent and effectiveness of fraud
controls in the business plus the environmental and the cultural contrasts.

A. Corporate Environment Factors

Table 6:Questionnaire for corporate environement factors

Factors (Questions) Answers

How is the management style of Alpha I think it tends more to be an autocratic style;
Store? the culture of micromanagement is well
Is it autocratic, democratic, or laissez-faire present.
type of management?

How could you describe the CEO They are more of number and profits oriented
characteristics? than people oriented.
How do you think they measure the Well, there always be some critique,
performance of their employees? negative feedback.
Are there any human resource problems? Well, as you saw from the payroll records,
there is a high turnover, because there is not
really a segregation of duties. One employee
who is responsible for the administration

57
 department, recording all the income and
expense reports, as well as creating the
invoice, calling the vendors…. Some are
polyvalent, stockers and salespersons in the
same time. That leads to the burnout of
many employees.
Are there any financial concerns for the Sure, the cash flow shortage this is due
management? mainly to the covid-19 recession
In your experience, do you think I’m not sure, but looking in the payroll data,
employees are loyal to the company? I don’t think so.

B. Internal Factors

Table 7:Questionnaire for internal controls

Factors (Questions) Answers

Does the company have their standards of I’m afraid I can’t answer the question, I’ve no
performance and personal conduct? if so, clue about it.
is it well communicated to the staff

Is there some kind of training on legal, Not that I know of.

ethical, security and fraud issues?
Is there ambiguity in job duties and areas Yes, as I mentioned before, there is no a real
of accountability? segregation of duties
Is there a lack of audit, inspections and There is no periodic audit, but as I said their
follow-through to ensure compliance with style of management is micromanagement
the company policies? so they inspect everything their staff do.

C. Fraud Factors

The fraud factors are the elements of the Fraud triangle (Pressure/motivation, opportunity,
rationalization). So, for a fraud to occur, these three factors must be present.

By analyzing the environment, the sales cycle, the corporate culture and the internal controls,
we can determine some of the most potential fraud risks.

58
Clearly, as mentioned in the answers of the accounting consultant of Alpha company, Alpha
organization is characterized by many weaknesses and vulnerabilities in the management and
security and internal controls. We can sum up the inherent fraud schemes (not all of them) and
their probability of occurring in this process.

Table 8:Potential fraud schemes in Alpha company

Fraud scheme Fraud Fraud Opportunity Pressure Rationalization

potential scenario
Embezzlement High The cashier As was discussed Motivation I deserve it
of cash receipts Risk may divert before, the for justification
and cash the customer administration committing maybe the one
larceny payment finds it difficult to such occurring in
without track all the cash Fraud is such a fraud
recording receipts. However, numerous: scheme, a
the sale in one of the Financial fraudster who is
the cash advantages of the pressure a minimum
register micromanagement, would be the wage worker
the management principal and has many
surprises motivation responsibilities
excessively the of a cashier will try to
employees, which who is a justify by this
may lead the minimum defense.
cashier to think wage
twice before worker, in a
committing such period
fraud. characterized
by economic
and financial
recession
Revenue High The With most of the Motivation Feeling entitled
understatement Risk management costumers are for to the money is
manipulates individuals with no committing a justification
the income real address, it is such that may the
record and really difficult to management or

59
 the track the Fraud could the CEO gives
accounting transactions be financial to rationalize
system to especially those as one of the illegal tax
create fake paid in cash. There their evasion.
invoices that would be no concerns is
don’t report transactions the cash
the whole recorded in the first shortage and
sell or don’t place because the paying taxes
report at all information system (VAT,
some is updated corporate
transactions manually. income tax)
especially will lead to
those paid in more
cash to shortage of
decrease the liquidity.
revenue.

We will discuss more in details the financial statement fraud (Revenue understatement) in the
next sections.

III. SOFTWARE AND TECHNOLOGY

1. Obtaining data files

We export our data from the accounting software Sage Coala to an excel sheet, the
general ledger of the 2021 period of Alpha company as well as the company files such as the
income record, sales invoices, credit memos, bank statements, tax reports which all are stored
in the database of RSM Morocco in pdf or excel reports, which all we need (data requirement)
for the data analysis tests.

However, this database must be cleansed and reorganized in order to easily perform our tests

We didn’t find any difficulty to access the data files because it’s all stored in the database of
the host firm, and it wasn’t time consuming to extract the data as it was in readable files and
fast to download.

60
After importing the general data, we should assess the data quality, completeness and accuracy.

To evaluate the data quality received, we reconcile the revenue accounts “71110000000 Sales
of goods in Morocco” and “71180000000 Sales of goods of previous years” in the excel sheet
with the balance trial in Sage Coala by summing up the entries of all the records. However, this
process cannot tell us if some of the records are at summary level rather than the desired detailed
level.

Count step allow us to match the number of records imported into Excel with the total number
of entries in Sage Coala.

Now, that data quality is assessed, we must clean the data and adjust it to our desired format.

The general ledger imported in excel looks like this:

Figure 12:Extract of the general ledger of Alpha Company in Excel

First of all, we need to filter and copy only the data related to income accounts “71110000000
Sales of goods in Morocco” and “71180000000 Sales of goods of previous years” in another
sheet.

As well as the debit and the credit columns in one column, with this formula as shown in the
figure below:

61
Figure 13:Combine Debit & Credit Columns in Excel

The column H combines the debit and the credit columns while distinguishing from each other,
as income account debit is related to credit memo which decreases the income so we should
multiply by -1

Now that our data is adjusted to our desired level, we should familiarize with it, we cannot
effectively work with data we are aware of what it contains. And this where the data profile
comes handy.

2. Preparation of Data Analysis: Data Profile

A. Data profile

The data profile is a test that comes before data analytics tests. The data profile may
reveal major flaws that indicate that continuing with the analysis is not a good idea.

The data profile is quite uncomplicated and the test divides our data into five strata as shown
below:

1
2
3
4
5

Figure 14: Data profile of Alpha Company' income accounts

62
The above strata or categories are described as the (1) large positive numbers, (2) small positive
numbers, (3) zeroes, (4) small negative numbers, and (5) large negative numbers.

The data profile test ensures us that our data set is complete with 1101 records. We also observe
that our data doesn’t have entries of amounts equal to zero, which means that our data is
accurate. Because an entry with an amount of zero doesn’t make any sense.

For the low-value invoices]-10;10[, we don’t have any invoice with that amount. So, in the
following step we don’t need to adjust our data set to include only amounts over 10 or less than
-10 dhs (A requirement of Benford’s law tests).

The number of credit memos is 31, about 3% of the invoices.

B. Data histogram

The data histogram also helps us to familiarize with the data set, it shows the pattern of
our data regarding the size and counts by showing us the shape of the distribution.

The histogram provides further information about the qualities of our data. We learn how many
little numbers there are, how many numbers in between, and how many large numbers there
are. The data histogram is a graphical representation of the data, whereas the data profile is a
numerical table. This test is known as a descriptive statistic in statistics. Descriptive statistics
are graphical and numerical metrics used to summarize and explain some of a data table's
attributes.

Figure 15: Data histogram of annual revenue of Alpha Company, Excel Chart

63
The x-axis is made up of intervals, that include all the amount in the data set. Each record
belongs to one interval only. The height of each bar in the histogram indicates the number or
the count of records in the interval.

We split our data in ten intervals, the first include all the negative amounts, the second one
includes the small amounts less than 1000dh while the last one the large amounts more than
8000dh.

The histogram shows that most of the invoices are in the second and the third intervals (0 to
2000dh). And only 108 invoices are in last interval (about 10%). Which is usually the pattern
in many financial and accounting data sets.

The data profile and data histogram give us an overview of the data, by using the data profile
we ensure that there are no data errors or processing efficiencies. While, the histogram gives
another view of the shape of the distribution. It tells us which numeric ranges have the highest
counts.

In the section, we will analyze our data by applying the Benford’s Law tests to detect if there
are any anomalies and risk indicators in our data set.

3. Data Analytics Tests: Benford's Law

Benford’s law can allow as explained in the literature review to detect duplications,
abnormalities or irregularities in the data, if the data test doesn’t conform to Benford’s Law.

While, the Benford’s law tests can provide a list of anomalies, it is not a list of fraudulent
transactions. We cannot assume without further investigation and auditing that the data is
indeed fraudulent.

The Benford’s Law are categorized in three types of tests: the primary tests, the advanced
tests and the associated tests.

A. The primary tests

Our data set was first described in the section 2 of Technology and Software together with the
data profile. The data is a table of sales invoices processed in 2021 by Alpha company. The
invoices are created in the administration and finance department to give it to the customers.
The company also processed credit memos for discounts due or for corrections to the invoiced
amounts. The net amounts of the invoices and the credit memos were the amounts paid to the
company. The invoices ranged from amounts 20dh than to invoices for thousands of dirhams.

64
The goal of the analysis was to see if the income account records show any abnormalities and
irregularities, that could be an alarming indicator to suspicions transactions or manipulated
accounting records that needs to be investigated and concentrated on.
The first step in this analysis (primary tests) is to calculate the first, the second and the first-two
digits of the amounts of the income account.
a) The first and the second digits tests

Figure 16: Calculations of the leading digits in Excel

The Figure above shows the original data in Columns A, B, C (accounting entries hidden for
the purpose of confidentiality), and D.
The calculations are shown in Columns E, F, and G. The formulas are:
E2=VALUE(IF(D2>=10; LEFT(D2;1); -1))
F2=VALUE(IF(D2>=10; MID(D2;2;1); -1))

G2=VALUE(IF(D2>=10; LEFT(D2;2); -1))

If Amount is greater than or equal to 10, the formula in E2 extracts the leftmost digit. If Amount
is greater than or equal to 10, the formula in F2 extracts the second digit. If Amount is greater
than or equal to 10, the formula in G2 specifies the first two digits. The formulas all produce a
value of –1 if Amount is less than 10. Because –1 is obviously not a valid digit or digit
combination, it was utilized as a default.

65
The next step is to count the digits in Columns E, F, and G.

Figure 17: Calculation of the first and the second digit statistics

The figure above shows the calculation of the first and the second proportions as well as to test
the goodness of fit of the results. In Column B, the counts are calculated, and the formula is as
follows:

B3=COUNTIF (DATA! E: E;"="&A3)

The formula in B3 counts the number of times that the first digit 1 in column E as shown before
in figure 17, the actual proportion is the number of counts of the first digit on the total number
of counts, which is equal to the sum of the records of invoices minus the credit memos (1070
records)

The formula in D3 calculates the expected proportion of the first digit 1 according to Benford
Law, the formula is:

D3=ROUND(LOG10(1+1/A3);5)

The Z-Statistic is used to test whether the actual proportion for a specific digit differs
significantly (in the statistical sense) from the expected value of Benford’s Law.

66
Z‐score is calculated by taking the difference between the number and the mean (average) and
then dividing the difference obtained by the standard deviation.
The formula was explained in the literature review.

1
|𝐴𝑃 − 𝐸𝑃| − (
𝑍= 2𝑁)
√𝐸𝑃(1 − 𝐸𝑃)
𝑁

Where:

AP is the actual proportion;

EP is the expected proportion;

And N is the number of records.

FIRST DIGIT
0,350
0,300
0,250
0,200
0,150
0,100
0,050
0,000
1 2 3 4 5 6 7 8 9

Actual Benford Actual

Figure 18: First digits of the Income account data

The first-digits graph in Figure 18 shows the Benford’s Law proportions as the line and the
actual proportions as the bars.
We observe that there are evident and large spikes in the first digit 6 and 7.
We can validate these observations, by the calculation of Z-test and compare it with the cut-off
score* with a level of significance of 5%.

67
 Figure 19: 95% of the area under the normal distribution lies within 1.96 standard deviations away from the mean.

We performed the hypothesis test by determining 2 hypotheses: The null hypothesis and the
alternative hypothesis.

As we identified before the level of significance of 5%, which is interpreted as follows: if the
probability of our first digit mean is less than or equal to 5%, then the null hypothesis is
rejected, on the other hand, if the probability of our first digit mean is greater than 5%, then the
null hypothesis fails to be rejected.

The Null-hypothesis is when the Z-score is less than the cut-off 1,96, the actual proportion and
the expected proportion are not significantly different from each other, the actual proportion
conform to the Benford’s Law.

The alternative hypothesis is if the Z-score is great than the cut-off 1,96, the actual proportion
and the Benford proportion are significantly different, which means that the proportion of the
first digit in question is doesn’t conform to the distribution of Benford’s Law.

In the first-digits table, by calculating the Z-score, we can clearly see that the actual proportion
of the first digit 6 and 7 is significantly different than the expected proportion, and leads us to
reject the null-hypothesis and accept the alternative hypothesis.

Another method to assess the conformity of the first digit of the income revenue to Benford’s
Law is by using the Mean Absolute Deviation (MAD) criterion.

The MAD is calculated using the following equation:

∑𝑘𝑖=1|𝐴𝑃 − 𝐸𝑃|
𝑀𝐴𝐷 =
𝐾

where EP denotes the expected proportion, AP denotes the actual proportion, and K represents
the number of bins (which equals 9 for the first digits).

68
The MAD is the average deviation between the heights of the bars and the Benford line in the
first-digits graph. The higher the MAD, the larger the average difference between the actual
and expected proportions. The MAD can compare the conformity of two data sets. The data
with the lowest MAD has the closest conformity to Benford’s Law.
We calculate the MAD in Excel using the function average, it calculates the mean or the average
of the absolute differences between the actual proportions and the expected proportions.
There are no objective statistically valid cutoff scores that may signal how big should the MAD
be to signal that our data doesn’t conform to Benford’s Law. However, Drake and Nigrini
(2000) offer some suggestions on their personal experiences as forensic analytics the cut-off
scores for the calculated MAD as shown in the figure below.

Figure 20: The Cut-off scores of the MAD, Drake and Nigrini (2000)

The MAD of our data (First Digits) is 0,024 which is above 0,0022, that means according to
the conclusions of Nigrini and Drake that the data set doesn’t conform to Benford’s Law.
For the second digits test, using the MAD as shown in figure 24, we can conclude as well that
the data set (second digits) doesn’t conform to Benford’s Law.

SECOND DIGIT
0,160
0,140
0,120
0,100
0,080
0,060
0,040
0,020
0,000
0 1 2 3 4 5 6 7 8 9

ACTUAL BENFORD Actual

Figure 21:Second digits of the Income account data

69
The second digits graph in Figure 21 shows the Benford’s Law proportions as the line and the
actual proportions as the bars.
We observe that there a significant spike in the second digit 6, the z-score of the second digit 6
is 6,157 which is way greater than the cut-off score 1,96, which leads us to reject the Null-
hypothesis, and accept the alternative hypothesis.

The second-digits graph will usually show excess 0s because of round numbers (such as 60,
100, and 350). This is normal and should not be a cause for concern.
The first-digit graph is too high level to even assess whether the data conforms to Benford’s
Law. Also, even with the knowledge that there are spikes at 6 and 7 in the first digits, it is
difficult to figure out what to do with this information.
b) The first-two tests

The first-two digits test is a more focused test than the first-digits test and is there to detect
abnormal duplications of digits and possible biases in the data.

FIRST TWO DIGITS

0,080
0,070
0,060
0,050
0,040
0,030
0,020
0,010
0,000
10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97

Actual Benford Actual

Figure 22: First-Two Digits of Alpha Company Revenue Data

The first-two digits graph contains all the information in the first- and second-digits graphs.
The first-two digits graph in Figure 22 shows many spikes, the most evident ones are at 10, 66,
70, 75, 79, 81 and 91. While the first graph showed spikes at 6 and 7, the first-two digits graph
is more targeted in that it shows spikes at 66, 77, 75 and 79. The second digit 6 has been
narrowed down to the spike of 66.
We can assess the goodness-fit of our data to Benford’s Law using many statistical tests such
as: Z-test, MAD and the CHI-SQUARE test.

70
Figure 23:First-Two Digits Frequencies in the tabulated data in Excel

In figure 23, we can see that the actual proportions first two digits 66, 70, 75, 79 and 83 differ
significantly from Benford’s expected proportions. As shown in the graph where there are
significant spikes in these digits. In particular, the Z-score of the first-two digits 66 is 26,763
which is the largest difference between an actual proportion and an expected one. This is an
alert that something is anormal in the data set, that we should look into for further information.

Figure 24: MAD Test of First-Two digits

The MAD of the Revenue data is 0.005 and the conclusion is therefore that the data set does
not conform to Benford’s Law. This is a reasonable result given that we can see several large
spikes in Figure 22.
The last test to assess the goodness fit of our data to Benford’s Law is the CHI-SQUARE test.
The chi-square test X2 is often used to compare an actual set of results with an expected set of
results. Our expected result is that the data follows Benford’s Law. The null hypothesis is that

71
the first two digits of the data follow Benford’s Law. The chi-square statistic for the digits is
calculated as is shown in the next equation:
𝑘
(𝐴𝐶 − 𝐸𝐶)2
𝑐ℎ𝑖 − 𝑠𝑞𝑢𝑎𝑟𝑒 = ∑
𝐸𝐶
𝑖=1

Where:
AC: the Actual Count;
EC: the Expected Count respectively;
K is the number of bins (which in our case is the number of different first-two digits).
The summation sign indicates that the results for each bin (one of the 90 possible first-two
digits) must be added together. The number of degrees of freedom equals K_1 which means
that for the first-two digits, the test is evaluated using 89 degrees of freedom.

Figure 25: The Chi-Square Test of Income Corporate Revenue data

The chi-square statistic (the sum of the 90 calculations) for the Income data equals 1148,695.
The calculated chi-square test statistic X2 is compared to a critical value from the Chi-square
distribution table38.
These cutoff values can also be calculated in Excel by using the CHIINV function. For
example, CHIINV (0.05,89) with 0,05 is the level of significance, this equals 112.02. This
means that if the calculated chi-square value exceeds 112.02 then the null hypothesis of
conformity of the first-two digits must be rejected and we would conclude that the data does

38 . The Chi-Square distribution table is a table that shows the critical values of the Chi-Square distribution

72
not conform to Benford’s Law. The higher the calculated Chi-square statistic, the more the data
deviate from Benford’s Law.
The null hypothesis is that there is no significant difference between the actual proportions
and those of Benford’s Law.
From figure 25, we can see that the actual proportions of the Revenue data deviate quite
radically from the expected proportions. The Chi-Square test score exceeds the cut-off value.
So, the null-hypothesis is rejected and we accept the alternative hypothesis that states that our
data set doesn’t conform to Benford’s Law.
All the tests combined reject the null hypothesis that our data doesn’t conform to Benford Law,
this is well shown in the graph (figure 22) as there are multiple larges spikes.
However, to further conform that there are no irregularities in our data or the information is
processed inefficiently-as we did in the data profile section- we need to calculate the advanced
tests of Benford’s Law.
B. The Advanced Tests

The advanced Benford’s Law tests do not rely on data conforming to Benford’s Law.

The second-order test is one of these tests. This test can be used on (nearly) any dataset. This
test can be applied to (almost) any set of data. The second-order test looks at relationships and
patterns in data and is based on the digits of the differences between amounts that have been
sorted from smallest to largest. The digit patterns of the differences are expected to closely
approximate Benford's Law's digit frequencies. The second-order test produces few, if any,
false positives because if the findings aren't as expected (close to Benford), the data does
actually have an uncommon and odd, abnormal, or irregular characteristic.

The second of these new tests is called the summation test. The summation test looks for
excessively large numbers in the data.
a) The second-order test

The first-order test in the section A showed that the data did not conform to Benford’s Law
using the traditional Z-statistics and chi-square tests. However, there was the general Benford
tendency in that the low digits occurred more frequently than the higher digits with some
exceptions (such as in the first-two digits 66, 70,75, 79, 83, 91). Again, the second-order test
does not require conformity to Benford’s Law.
To calculate the second-order test, we sorted our data (the revenue amounts) from the smallest
to the largest, and calculate the differences between these amounts as shown in the figure below.

73
Figure 26: The calculation of the first-two digits of the differences

The column I calculates the differences, for example, the cell I3 calculates the differences
between the amount in cell D3 and the amount in cell D2. The multiplication by 1000 is to so
that the amounts such as 0.03 become 30. And then, we can use the left function to calculate
the first-two digits of the differences.

Second Order
0,180
0,160
0,140
0,120
0,100
0,080
0,060
0,040
0,020
0,000
10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97

Actual Benford Actual

Figure 27: The second-order test of the revenue data

The second-order test results in Figure 27 show that there are anomalous issues with the data.
There are large spikes in numerous first-two digits (16,40,83). This is due, to the issue of
rounded amounts of the revenue, because the revenue amounts don’t include taxes, as the
accounts “71110000000 Sales of goods in Morocco” and “71180000000 Sales of goods of
previous years” are calculated excluding taxes.

74
So, we adjust our data by including the taxes (VAT: 20%), and this is the new adjusted graph.

Second Order
0,180
0,160
0,140
0,120
0,100
0,080
0,060
0,040
0,020
0,000
10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97

Actual Benford Actual

Figure 28:The second-order test of the adjusted revenue data

Figure 28 shows the results of a second-order test based on the adjusted revenue data. The graph
does not display differences of zero (which occur when the same number appears twice in a list
of ordered data). Figure 28 shows a second-order graph with two distinct functions. The first
Benford-like function is used for the first two digits of 10, 20, 30…., 90, while the second
Benford-like function is used for the other first-two-digit combinations (11 to 19, 21 to 29, . . .,
91 to 99). The groups are called the prime and the minor first two-digits.

The consistent spikes on the prime digits can be explained mathematically by the fact that the
revenue database does not contain values from a continuous distribution. Currency amounts can
only differ by multiples of 0.01dh.

Therefore, this pattern of spikes does not indicate an anomaly. The second-order test conforms
to Benford’s Law.

b) The summation test

The summation test was introduced in the literature review, this test is based on the fact that
the sums of all the numbers in a Benford Set with first-two digits 10,11, 12…99 should be
equal.

75
Figure 29: Excel Calculations for the Summation Test

The formula used in cell B3, calculates the sum of the amounts of the revenue if there is a
match between the first-two digit in question with the dataset.

Summation Test
0,090
0,080
0,070
0,060
0,050
0,040
0,030
0,020
0,010
0,000
10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97

Actual Benford

Figure 30: The summation test of Alpha company revenue data

From a visual observation, the data set clearly doesn’t conform to the summation test.
Experimentation with the summation theorem has shown that real-world data sets seldom show
the neat straight-line pattern shown on the graph even though this is the theoretical expectation.

76
This is due to the fact that abnormal duplications of large numbers occur in the real world. We
can't say if the spikes are generated by a few (one, two, or three) very large numbers or an
abnormal duplication of a few hundred somewhat large numbers at this time.
The first order tests in section A had large spikes at 10, 66, 70, 75, 79, 81 and 91. However, in
this graph (figure 30), the numbers 70, 75, 79, 81 and 91 don’t affect the summation test,
therefore, we can conclude that the numbers are small. The spikes at 10 and 66 are large because
the count and the sums are high.
c) The associated tests

a) The Number Duplication Test

The result of the first order test of Alpha’s revenue income data in Figure 29 shows large spikes
at 10, 66, 70, 75, 79, 81 and 91. The mean absolute deviation (MAD) of 0.005 signals
nonconformity. We therefore have data with some clear issues and nonconformity to Benford’s
Law. The result of the number duplication test is shown in Figure 31.

Figure 31: Number Duplication for the Corporate Income Data in Excel pivot table

The number duplication report shows that 65 invoices for 66,67dh (80 with taxes) were
processed by the company. This means that Alpha company processed to sell to customers a
product or number of products with the price of 80dh, 65 time.

77
This 66,67dh caused the largest spike at 66 on the first-two digits graph (figure 22). The second
largest spike is at 79,17 with a count of 23 invoices. The third largest spike is at 75 with a count
of 22 and the fourth largest spike is at 70,83 with a count of 13.

All these numbers exceed the expected frequency of Benford first-two-digit test, with a z-score
way greater than the cut-off score.

To understand, why there are such abnormal duplication of these 4 numbers, we look up in the
Alpha company’s income report and the sales invoices file.

Figure 32: Alpha Company Income report in Excel pivot table

The amounts are including taxes (VAT 20%), so the spikes at 66, 70, 75 and 79 are
consecutively 80, 85, 90 and 95.

We note that the customers that buy the items at these prices were private
individuals(particuliers) except one business, and all of the invoices are paid in cash.

The payment of these invoices in cash is normal, because the amount is less than 100dh, and if
we look into the data in the income report we can clearly see that most of the invoices paid by

78
a credit card or a check were large and big than 100dh. However, one may wonder what if
someone choose deliberately these small amounts to be invoiced and paid by cash which
difficult to track (no bank statement or whatsoever).

We look up into the items sold in these invoices, the products were candles, glasses and table
mats. All of the items were sold on discount. However, the discount percentage differs from an
invoice to another. We don’t have any information on what base they chose their discount
percentage. The same product would be on discount with different percentages. The example
shown below is the same product sold to different clients but with different discount rates.

Figure 33: Same Product sold with different percentage rates, Alpha company's invoices

Unfortunately, we don’t have any information about the pricing strategy of the business, it could
be a psychological pricing strategy to attract more customers or they negotiate the prices with
customers they can’t afford to lose.

Either this, or there are other factors at play, for example if private individual customers don’t
demand getting their invoices, the management could fake these invoices with including these
discounts to underestimate the revenue from these sales, as no one can track the payments(cash).

b) The Last-Two Digits Test

The last-two digits test is a really effective number invention test.

The test is a little difficult to apply in Excel because there is no such thing as the last two digits
of a number in mathematics. Numbers like π, and 1/3 do not have a set of last-two digits.
Furthermore, the last two digits of a figure like 3,104 could be 04 or 00 (as in 3,104.00). In
forensic analytics, the question is to decide what we're looking for and, depending on that,

79
which last two digits (if any) are relevant for the analysis. For currency, the cents (the two digits
to the right of the decimal point) are acceptable. So, we'd use 00 as the last two digits for
3,104.00.

From a programming standpoint, the problem is to accurately identify the last two digits. The
logic incorporates multiplication (typically by 100) in such a way that the last two digits are to
the left of the decimal point.

Figure 34: The last-two digits results in Excel

In the figure above, we calculate the last-two digits by using the formula as shown in cell K33.

80
 Last Two Digit (Cents)
0,30000

0,25000

0,20000

0,15000

0,10000

0,05000

0,00000
0 3 6 9 12 15 18 21 24 27 30 33 36 39 42 45 48 51 54 57 60 63 66 69 72 75 78 81 84 87 90 93 96 99
Actual Benford

Figure 35: The last-two digits graph

The last-two digits results are shown graphically in Figure 35. The graph shows that about 27%
of the amounts ended with 00. These numbers were whole dirhams with no cents. This is
common in sales amounts. The most interesting result is the spiking at 17, 33, 50, 67 and 83.
This is an unusual result and we can also see this pattern from the numbers in the number
duplication table in Figure 83.
The data doesn’t conform to Benford law as the z score is 0,017 (Above 0,022).
All of the Benford’s law tests conform that we have a pattern in some amounts like 66.67, 79.17,
75.00 and 70.83 which is considered as an anomaly.
Conclusions with respect to sales revenue

As we concluded in the evaluation and analysis stage, the premises of a fraud occurring
in this business is high, all of the elements of the fraud theory are present, for e.g., in the
financial statement fraud scheme, the management have financial concerns on the liquidity
shortages so having to pay the fiscal administration is an obstacle that needs to get rid of, the
opportunity exist at large with having the possibility to fake invoices that are difficult to control
because most of the customers are individuals (no address or identity information), as well as
cash could be manipulated easily as cash cannot be traced. The rationalization could be that
they feel that they are entitled to the money, it’s their business after all.

However, without real investigation, we cannot claim that the duplications found in the data are
fraudulent. These tests are effective at detecting errors, anomalies and duplications but it’s just

81
a part of the forensic accounting and fraud auditing process, without reviewing the documents,
interviewing the people, understanding well enough the business and its weaknesses,
understanding the fraud schemes and detecting the red flags. Which is the last stage of the fraud
analysis cycle. That we didn’t have nor the opportunity (resources, information) or the expertise
to conduct.

82
 CONCLUSION

Fraud is here to stay. The only truly shocking reality is that the detection of fraud
continues to astonish people. The financial and popular press both cover only the major cases.
It seems that when people are given the opportunity to perpetrate fraud, it appears that many of
them do so.

In The Global Economic Crime Survey from Price Waterhouse Cooper (PwC), forensic
analytics was added as a new category in the methods of how significant fraud was initially
detected. According to 2020 survey, data analytics was responsible for the initial detection of
5% of fraud schemes perpetrated.

Does this mean that other techniques of detecting fraud, such as tips, routine internal audits,
and so on, are far more effective? We might speculate that the low detection rate is attributable
to the low usage of forensic analytics when we combine this survey with a Deloitte survey that
indicated less than 26% of firms use data analytical tools to manage risk in their business
processes.

Every day, numerous risks arise. The majority are insignificant, but a few can be significant
and damaging. Risk isn't something that can or should be completely eliminated. After all, if
businesses didn't take some risks, they wouldn't be able to grow or even survive.

The idea is to keep risk under control. Data analytics can help to reduce the risk of fraud by
evaluating all transactions, whether they are in the thousands or millions, to spot irregularities
in those records.

However, forensic analytics is only a part of the forensic investigation. A software alone will
not be able to conclude an investigation. A review of paper documents, interviews, reports and
presentations, and concluding actions are usually included in an investigation.

As technology advances and businesses grow, so are the possibilities for fraud.

Technology gives fraudsters the ability to conceal traditional fraud schemes as well as commit
new ones. The organization will always need to examine and reassess the efficiency of controls,

83
preventive measures, and detection systems in order to combat fraud. Anti-fraud systems, such
as data analytics software, should try to maintain and improve their effectiveness as fraud
evolves.

Forensic analytics is a subdiscipline of forensic accounting that is still developing and evolving.
Changes in fraudulent behavior, software upgrades and changes in the way data is gathered and
stored will all necessitate new and enhanced detection approaches in the forensic analytics
landscape. In addition, the business environment is evolving, with managers and directors
becoming more aware of the risks of fraud and their growing responsibilities to prevent,
identify, and combat corporate fraud. Managers are realizing that the expenses aren't only
monetary; they're also reputational. The opportunity to commit fraud across national borders
grows as the world gets more global. As a result of these changes, forensic analytics has become
both attractive and in-demand. These developments necessitate forensic practitioners not only
staying current on trends and approaches through publications, training, and conferences, but
also being willing and able to share their accomplishments and best practices with others in the
profession. This final statement does not signal the conclusion of the journey, but rather the
start of a journey filled with thrilling discoveries, an ever-improving technology, and more
novel techniques in the future.

84
 REFERENCES

Mark Nigrini (2012), Benford’s Law: Applications for Forensic Accounting, Auditing, and
Fraud Detection
Alex Ely Kossovsky (2014), Benford's Law: Theory, the General Law of Relative Quantities,
and Forensic Fraud Detection Applications
Sunder Gee (2014), Fraud and Fraud Detection, + Website: A Data Analytics Approach
John Wiley & Sons (2015), Fraud analytics using descriptive, predictive, and social network
techniques: a guide to data science for fraud detection
Berger, Arno, Hill, Theodore Preston (2017), An introduction to Benford’s law
Tommie W. Singleton, Aaron J. Singleton (2010), Fraud Auditing and Forensic Accounting
Leonard W. Vona (2008), Fraud Risk Assessment: Building a Fraud Audit Program
Association of Certified Fraud Examiners (2021), Fraud Examiners Manual
Gary A. Rubin (2008), Fraud Risk Checklist: A Guide for Assessing the Risk of Internal Fraud
Corporate Fraud and Internal Control - 2012 - Cascarino - Fraud Risk Analysis
Financial Statement Fraud Strategies for Detection and Investigation (Gerard M. Zack)
Forensic Analytics Methods and Techniques for Forensic Accounting Investigations (Mark J.
Nigrini)
THE ACFE’s 2020 RTTN
The 2020 Global Economic Crime Survey from Price Waterhouse Cooper (PwC)
2021 Global Retail Development Index

85
 CONTENTS
ACKNOWLDGEMENTS..................................................................................................................... II
ABSTRACT .......................................................................................................................................... III
RESUME ............................................................................................................................................... III
SUMMARY........................................................................................................................................... IV
GENERAL INTRODUCTION ....................................................................................................................... 1
PART 1: .................................................................................................................................................... 3

................................................................................................................................................................. 3
CHAPTER 1: BACKGROUND OF FRAUD AUDITING AND FORENESIC ACCOUNTING ................................ 4
I. BRIEF HISTORY OF FRAUD AND THE ANTIFRAUD PROFESSION ................................................. 5
I. THE THEORY OF FRAUD ............................................................................................................... 9
1. Definition of fraud ................................................................................................................... 9
2. The triangle of fraud : ............................................................................................................ 10
II. FRAUD AUDITS VERSUS INTERNAL AND EXTERNAL AUDITS ..................................................... 14
1. Fraud Audits Vs Financial Audits ........................................................................................... 15
2. Fraud Audits Vs Internal Audits ............................................................................................. 16
III. FRAUD SCHEMES AND RED FLAGS ........................................................................................ 17
1. Fraud schemes....................................................................................................................... 17
A. The Fraud Tree................................................................................................................... 17
B. Fraud audit and Who audits whom ? ................................................................................ 21
2. Financial statements schemes: ............................................................................................. 22
3. Red flags : .............................................................................................................................. 23
IV. FRAUD RISK ASSESSEMENT ................................................................................................... 24
CHAPTER 2 : BENFORD’S LAW APPLICATION FOR FRAUD DETECION ................................................... 27
I. INTRODUCTION TO BENFORD’S LAW: MATHEMATICAL FOUNDATIONS .................................. 27
1. BENFORD’S EXPECTED DIGIT FREQUENCIES :........................................................................ 28
2. WHEN A DATA SET SHOULD FOLLOW BENFORD'S LAW?...................................................... 29
II. THE EFFECTIVE USE OF BENFORD’S LAW TO DETECT FRAUD ................................................... 30
III. BENFORD’S LAW TESTS: APPLICATION FOR ACCOUNTING AND FINANCIAL DATA............... 31
1. The primary tests................................................................................................................... 31
A. The first digit tests ............................................................................................................. 32
B. The second digit tests ........................................................................................................ 32
C. First-two-digit test ............................................................................................................. 33

86
 2. The Advanced Benford’s Law Tests ....................................................................................... 34
A. Summation test ................................................................................................................. 34
B. Second-order test .............................................................................................................. 35
3. The Associated Benford’s Law Tests ..................................................................................... 36
A. The Number Duplication test ............................................................................................ 37
B. The Last Two Digits test ..................................................................................................... 37
PART 2: .................................................................................................................................................. 39
......................................................................................... 39
CHAPTER 1: PRESENTATION OF RSM MOROCCO FIRM ................................................................................ 40
I. COMPANY DATA SHEET ............................................................................................................. 41
II. ORGANIZATIONAL CHART OF RSM MOROCCO ......................................................................... 42
III. RSM SERVICES ....................................................................................................................... 43
CHAPTER 2: FRAUD AUDITING, A DATA ANALYTICS APPROACH .................................................................... 45
I. DATA ANALYSIS CYCLE ............................................................................................................... 45
1. Evaluation and Analysis ......................................................................................................... 45
2. Software and Technology ...................................................................................................... 46
3. Audit and Investigate ............................................................................................................ 46
II. EVALUATION AND ANALYSIS ..................................................................................................... 49
1. Risk Identification .................................................................................................................. 49
A. Understanding the business .............................................................................................. 49
a) Data sheet of Alpha Company ....................................................................................... 49
b) Business activity ............................................................................................................ 49
c) Legal and fiscal context of the company ....................................................................... 50
d) The retail industry in Morocco ...................................................................................... 50
e) Fraud risk in the retail industry ..................................................................................... 51
B. Understanding the sales cycle ........................................................................................... 53
a) Selling process Flowchart of Alpha Store ...................................................................... 53
b) Memorandum................................................................................................................ 55
c) Fraud risk in the sales department ................................................................................ 55
2. Risk Analysis........................................................................................................................... 57
A. Corporate Environment Factors ........................................................................................ 57
B. Internal Factors.................................................................................................................. 58
C. Fraud Factors ..................................................................................................................... 58
III. SOFTWARE AND TECHNOLOGY ............................................................................................. 60
1. Obtaining data files ............................................................................................................... 60
2. Preparation of Data Analysis: Data Profile ............................................................................ 62

87
 A. Data profile ........................................................................................................................ 62
B. Data histogram .................................................................................................................. 63
3. Data Analytics Tests: Benford's Law ...................................................................................... 64
A. The primary tests ............................................................................................................... 64
a) The first and the second digits tests .............................................................................. 65
b) The first-two tests ......................................................................................................... 70
B. The Advanced Tests ........................................................................................................... 73
a) The second-order test ................................................................................................... 73
b) The summation test....................................................................................................... 75
c) The associated tests .......................................................................................................... 77
a) The Number Duplication Test........................................................................................ 77
b) The Last-Two Digits Test ................................................................................................ 79
Conclusions with respect to sales revenue ............................................................................... 81
CONCLUSION ......................................................................................................................................... 83
REFERENCES .................................................................................................................................... 85
CONTENTS ......................................................................................................................................... 86

88