Six Degrees: Advancing Arms for the Fraud Wars

Frank Hydoski's face is one that no CEO is ever happy to see. If the director of Deloitte Financial Advisory Services LLP turns up at your door, chances are he's been called in to head up an independent investigation of potential accounting fraud at the request of an internal agent -- the board of directors, perhaps -- or, more likely, an external source such as the Department of Justice or an external auditor. "Most companies probably aren't going to want to go to an independent investigation unless there's some external reason for them to do it," he notes.

Hydoski is back on the corporate fraud beat after taking a leadership role in some of the highest-profile forensic accounting cases of recent years. From 1996 to 2000, he led one of the teams of forensic accountants that spearheaded the Volcker Committee's investigation into Swiss banks for the presence of accounts that might have belonged to victims of the Holocaust or their heirs -- with spectacular results. "We identified something like 45,000 accounts that were 'probably or possibly' accounts of victims," he says. The cautious term "probably or possibly" was negotiated with the banks, Hydoski explains. The claims resolution process is ongoing.

In 2004, Hydoski came out of retirement to join the senior management group in Volcker's investigation of the U.N. Oil for Food Program, which uncovered self-dealing by U.N. officials and bribes and kickbacks from vendors to Saddam Hussein's government. After that two-year stint, he signed up with Deloitte. His latest focus is on technologies that grew out of stock options backdating cases. "We developed a project management group around our investigations, and I led the technology angle on that," he reports.

Hydoski sees technology as a crucial weapon in companies' ongoing battles against fraud perpetrators. "There are some cookie-cutter types of fraud, like vendor fraud -- an employee will pose as a vendor and pay himself or herself, and you'll find some indication of the employee's address or bank information in your accounts payable files. But accounting frauds are pretty individual, so they're in fact not easy to find." That difficulty is compounded by the fact that most accounting frauds cluster around revenue recognition -- which is "not a well-developed area within corporate accounting," according to Hydoski. "One of the things we've been doing is going through the SEC's enforcement letters, and it's pretty clear that most of the frauds that they focus on are frauds having to do with revenue numbers -- the vast proportion, 80 percent or something like that." And this is understandable, he says, because "sales numbers are often ephemeral."

Finance executives underutilize the software tools that could help them identify fraudulent transactions in this area. Hydoski points to a study by RevenueRecognition.com: "They asked, 'How do you develop your revenue numbers? Do you develop them using your ERP or in some other way?' And most of the CFOs, the vast majority, said that they develop the revenue numbers offline, outside their ERP system, using spreadsheets and so forth." And this means a loss of control over the numbers, he notes.

While continuous monitoring technology has been available for some time, "we don't think that it's been widely embraced because it hasn't become part of the normal accounting IT platform," says Hydoski. "We think that the logical step is for it to be a module within SAP or a module within Oracle financials and not a stand-alone deal that's a pain for the CIO and that operates outside the platform that the company's trying to put together."