The frequent and high incidence of fraud cases in commercial banks has attracted great attention from the State Council, the China Banking Regulatory Commission and commercial banks. Therefore, strengthening the research on fraud audit strategies and methods of commercial banks and continuously improving the ability of commercial banks' internal audit institutions to prevent, identify and investigate fraud cases have become urgent issues for commercial banks.

1. Types and characteristics of fraud in commercial banks

According to the nature of fraud, fraud is divided into two basic types: fraud that seeks economic benefits for the organization and fraud that harms the economic interests of the organization. of fraud.

1. Fraudulent behavior for the benefit of the organization. Fraudulent behaviors for the benefit of the organization mainly include: selling or distributing fictitious or misreported assets; making illegal political donations, paying bribes, providing kickbacks, paying remuneration to government officials or government official agents, customers, suppliers and other improper behaviors; Intentionally misstate or misvalue business transactions, assets, liabilities or income; intentionally misprice transfer payments (valuation of goods exchanged between related entities); engage in intentionally improper related party transactions in which one party receives something Benefits that cannot be obtained in normal transactions; intentional failure to record or disclose important information that would help outside parties better understand the organization's financial situation; illegal business activities; tax fraud, etc.

Combined with the characteristics of commercial banks, it can be found that fraud for the benefit of the organization mainly includes the following aspects: (1) interception of intermediate business income, such as fee income not being recorded, agency premium income not being recorded, leasing Income from fixed assets is not recorded in the accounts, small treasury is set up privately for collective profit, etc. (2) Embezzling or privately dividing credit assets, fixed assets, foreclosed assets, etc., at the expense of causing the loss of organizational assets, and seeking improper benefits for the collective. (3) Using unfair means to inflate (or conceal) business indicators such as profits and deposits, seek direct or indirect economic benefits for the organization or defraud collective (individual) honor. (4) Cost reduction, false listing of expenses, and seeking improper economic benefits for the organization, etc. (5) Tax evasion, etc.

2. Fraudulent activities that harm the organization. The main types of fraud that harm an organization include: accepting bribes and kickbacks; transferring transactions that would normally bring profits to the organization to employees or outsiders; and corruption, such as tampering with financial records to cover up corruption so that it cannot be easily detected. Discovery; intentional concealment (misstatement) of matters (or data); requests for payment for services or goods that were not actually provided to the organization.

Based on the characteristics of commercial banks, it can be found that the fraud behaviors that harm the organization mainly include the following aspects: (1) Corruption, embezzlement, and misappropriation of bank or customer funds. (2) Forge, fabricate or falsely issue bills, and use fraudulent means such as bills, letters of credit, bank cards, etc. to defraud banks or customers of funds. (3) Fake loans, self-approval and self-loans, fake mortgage loans, high-interest on-lending, illegal loans to related parties, illegal loans and seeking personal profits (or accepting bribes), etc. (4) Illegally absorbing public funds, illegally borrowing funds, and illegally engaging in off-book operations. (5) Taking advantage of his position to engage in money laundering activities. (6) Participate in foreign exchange arbitrage, foreign exchange evasion, foreign exchange fraud, etc. (7) Issue false credit (or deposit) certificates, etc. (8) Forgery and alteration of valuable documents and important blank vouchers to defraud funds. (9) Behaviors such as intercepting intermediary business income and enriching one's own pockets.

In addition, the types of fraud are classified differently according to different standards. The main ones are: First, according to the subject of the fraud, it can be divided into executive fraud and general employee fraud. Second, according to the means of fraud, it can be divided into: computer fraud and traditional manual fraud. Third, according to the object of fraud, it can be divided into fraud against assets and fraud against liabilities. Fourth, according to the group nature of the fraudsters, it can be divided into collective fraud of two or more people and individual fraud.

2. New trends in commercial bank fraud

Commercial bank fraud cases are moving toward "high positions, high technology, and high case value; the number of cases is large at the grassroots level, and there are many internal and external collusion crimes. The trend of "three highs and three mores" is developing with "more techniques". Fraud in commercial banks shows the following characteristics: First, the perpetrators of fraud are highly qualified.

3. Pay close attention to the division of job responsibilities and potential conflicts of interest in the internal control system. Through a large number of investigations into global bank cases, the Basel Committee concluded that an important reason for financial losses in bank cases is the lack of proper division of responsibilities. Giving one person conflicting responsibilities (for example, being responsible for both the management and execution of a transaction) creates opportunities for him or her to gain access to valuable assets and manipulate financial data for personal gain or to conceal losses. Therefore, in daily audits, seemingly trivial job separation and regular job rotation systems are likely to lurk major conflicts of interest and serious risks of fraud (cases). Even if there is not sufficient evidence of fraud, the accused must be investigated. Audit units carry out risk warnings because this is not only a system requirement, but also the key to preventing fraud (cases) and eliminating fraud opportunities. In this regard, internal auditors of commercial banks must pay great attention and be vigilant.

4. Pay close attention to the signs (signals) of fraud. After a fraud occurs, the perpetrator often leaves some clues, which requires internal auditors to observe carefully, inquire carefully, and carry out in-depth investigation and evidence collection. First, the signs (signals) of employee fraud mainly include: overspending on purchases or extravagant lifestyles; unexplained mood swings or complex abnormal behaviors; low psychological tolerance for stress; the ability to rationalize their theft behavior; the ability to Taking advantage of weaknesses in internal controls to cover up their own fraud; unwillingness to take leave or leave work; a large number of write-offs and debits in personal business; long-term low morale at work; abnormal close relationships with customers; heavy signs of personal debt; obsession with gambling and pornography; failure to provide relevant information or physical objects required for audit inspections or in a timely manner under various excuses, etc. Second, the signs (signals) of organizational fraud mainly include: missing or destroying accounting records or related documents; too many "cancellations" or "refunds"; abnormal or repeated transactions; a large number of accounting adjustments or chargebacks; Unrealistic performance forecasts or assessments; long-term low employee morale; frequent changes in the person in charge of the financial department or personnel in key positions; an increase in dead and bad debts; abnormal related-party transactions; intentional misstatements or misvaluations of business transactions, assets, liabilities or Income; rumors about conflicts of interest; excessive financial pressure or unrealistic business metrics, etc.

Through comprehensive analysis and judgment on the soundness and effectiveness of the internal control system of the audited unit, control environment, division of job responsibilities and potential conflicts of interest, and signs (signals) of fraud, Combined with the appropriate use of fraud audit methods and focused substantive testing, it is possible to discover clues and evidence of fraud in a timely manner.

4. Fraud audit methods of commercial banks

There are many methods of fraud audit, in addition to some methods used in conventional audits such as supervision, inquiry, on-site observation, on-site investigation and other methods , but also use some special audit methods:

Analytical review (measurement). It refers to some important ratios or trends of the audited entity, including investigating abnormal changes in these ratios or trends and their differences from expected amounts and related information.

Correspondence confirmation. It refers to the method of sending a letter to a third party for verification in the name of the audited unit in order to verify the matters contained in the accounting records of the audited unit and prevent the audited unit from committing fraud.

Red flag law. That is, describing in words the links with a relatively high probability of fraud is equivalent to planting a red flag to attract attention and serve as the focus of suspicion and investigation of fraud.

Make mistakes. It is to target internal control weaknesses and links prone to fraud and damage, and adopt the practice of making real errors to observe whether they pass through the control system, in order to observe the possibility and extent of fraud in the control system.

Replenishment and auditing method. It means that fraudsters artificially cover up their actions and often destroy some or all of the account books and vouchers. In this regard, auditors should conduct internal and external investigations based on accounting principles (everything borrowed must be credited, and loans must be equal) to make up for the destroyed accounting books and vouchers. vouchers, and then audit the accounts to discover the facts of fraud.

Traceability tracking method. It is to conduct retrospective tracking and inspection of accounting records and the whereabouts of funds in accordance with the fund flow and accounting processing procedures. You can find out the ins and outs of funds by designing business flow charts, fund flow tables and other methods.

Computer fraud audit methods. There are many ways to use computer fraud, including tampering with input and output, tampering with program settings, tampering with data files, setting up "program backdoors", setting up logic bombs, computer viruses, computer Trojans (stealing user passwords for online banking), hacker intrusions and attacks Wait, there are many ways to investigate and prevent computer fraud, such as physical control, logical control, installation of firewalls and anti-virus software; software review method, machine replacement review method, black box review method, etc.

Prevention methods. It refers to promoting the gradual improvement of the internal control system of the audited unit through the use of employee background information checks, comprehensive internal control evaluations and various special audit inspections, so as to prevent the occurrence of fraud.