Software Tools Usage in Fraud Detection and
Prevention in Governmental and External Audit
Organizations in the Republic of Serbia1
Dragomir Dimitrijević, Zoran Kalinić
Financial statements are a company’s basic documents to reflect its financial status i.e. the mir-
rors of a company’s financial status and they generally include balance sheets, income statements,
cash flow statements, statements of retained earnings, and some other statements (Tangod &
Kulkarni, 2015). Enterprise financial statements have become a major source of information for
numerous investors, creditors, employees and states in the process of making decisions related to
the allocation of funds. Financial statement fraud is performed with the aim of displaying false
financial position, performance, and cash flows of a company. The greatest responsibility for
financial statement manipulation is held by a company’s management. The most frequent excuse
of management for committing fraud is that it was a way to try to save the company and ensure
profit for the company’s owners. Practical experience showed that existing system of control
(government, internal and external audit) is not enough to reveal and prevent frauds.
In their work, these forms of control must use modern software tools, because in the process
of fraud detection it is necessary to analyse large amounts of data, which is much easier and
more efficient with the use of appropriate software tools. These tools can also help controllers
in the process of fraud prevention, by warning them of the appearance of certain warning signs, so
called “red flags”, that indicate the possibility of fraud or some illogic that can either be the result
of errors or manipulation. For these reasons, the paper analyses the software tools used by all
forms of control in the financial reporting process in the Republic of Serbia, with special focus on
official, governmental institutions and external audit companies.
The publication was supported by the Ministry of Education, Science and Technological Development of the Re-
public of Serbia, Grant III-44010.
72 Dragomir Dimitrijević, Zoran Kalinić
2. Frauds in companies’ operations and methods of its
Fraud is an intentional deception made to achieve a certain goal, or to inflict damage to another
person or organization. International Standard on Auditing defined fraud as intentional action
of gaining unfair or illegal advantage by cheating, made by one or more persons from the manage-
ment, supervisory board, employees or third parties (International Standard of Auditing No. 240
– Auditor’s responsibilities related to fraud in the audit of the financial statements). Association
of Certified Fraud Examiners defines fraud as “deception or misrepresentation that an individual
or entity makes knowing that the misrepresentation could result in some unauthorized benefit to
the individual or to the entity or some other party” (Zabihollah, 2002).
To better understand the purpose and importance of fraud it is necessary to make a distinction
between fraud and errors. Although their effects might be the same – the presentation of incor-
rect information, there are significant differences between errors and frauds. The main difference
is that in case of fraud, there should be a conscious intention of the individual towards achieving
illegal goals. Frauds are usually classified into three groups: corruption, asset misappropriation and
fraudulent financial statements. Although 2016 Report to the Nations on Occupational Fraud and
Abuse by the Association of Certified Fraud Examiners (ACFE, 2016) survey found asset misap-
propriation as the most common type of fraud (occurring in 83% of cases), fraudulent financial
reporting was relatively rare, occurring in less than 10% of cases, but those cases inflicted greater
damage, with median losses of almost $1 million. The fraudulent financial reporting usually in-
volves overstatements of accounts receivable, inventory, securities or other assets.
Detecting fraudulent financial reporting can be difficult – but not impossible. Although,
in general, fraud prevention is much better solution, companies and organizations need to consider
appropriate measures to assist them in fraud detection. According to the study conducted by ACFE
(2016), the largest number of frauds in the companies is discovered by alerts from individuals.
Most of these alerts come from the employees, but also from suppliers, customers, creditors,
shareholders, etc. In order to detect fraud, various business intelligence and data mining techniques
are employed (Tangod & Kulkarni, 2015). Data mining techniques are very often used as a tool
in financial accounting fraud detection, since we are dealing with the large data volumes and
complex financial data. The detection of accounting fraud using only traditional audit procedures
is a difficult or sometimes an impossible task. Because fraudulent manipulation of accounting data
is so infrequent, the auditors often lack the required knowledge, experience and expertise needed
to detect and prevent frauds (Shaheen et al., 2014). Therefore, specialized software based on data
analysis i.e. various data mining techniques is a very useful tool in such cases. Data mining rou-
tines are being incorporated in specialized fraud detection components for software such as SAS,
SPSS and even traditional audit programs such as ACL and IDEA (Wong & Venkatraman, 2015).
Othman et al. (2015) reported that, although rated as very effective, the implementation of fraud
detection software in public sector in Malaysia in very limited. Bierstaker et al. (2006) found
that companies often may be reluctant to invest in anti-fraud technology, although the perceived
benefits and effectiveness of the software may outweigh the cost, and that even at larger firms,
anti-fraud methods and software are under-utilized. In their study of fraud detection and preven-
tion in the public sector in Nigeria, Okoye and Gbeki (2013) suggested that ministries should take
the advantage of the modern accounting and auditing software to enhance efficiency and smooth
forensic accounting operations.
Software Tools Usage in Fraud Detection and Prevention in Governmental…
In the process of financial fraud detection, two possible approaches are used: deductive and
inductive (Stancic & Dimitrijevic, 2014, p. 2). Deductive approach goes from general analysis to
specific details. This approach is considered to be quite simple and economical. Deductive approach
is usually used in the cases of preventive investigatory examination or when there is a suspicion
on fraud, but there are no clear signs or proofs of manipulation. In deductive approach, several
methods and models are used: Beneish’s analysis, Benford’s Law, Altman’s models, Bex model,
FEFQM model, general program of forensic analysis and similar models (Stancic et al., 2013,
p. 17). In the inductive approach, we start from the specific experiences on which items of fi-
nancial statement frauds usually occur. Therefore, these items are investigated first, in order to
bring the conclusion of whether there is a significant risk of fraud. Inductive approach, as a rule,
applies when there are significant doubts and warning signs of manipulation with certain items
in the financial statements. It is generally considered that the inductive approach is more efficient
and economical for large and complex enterprises that have an extremely large amount of various
transactions (Dimitrijevic, 2012, p. 22).
Red flags in financial statements represent warning signs that investors should take note of. They
do not necessarily indicate that undoubtedly financial statement fraud has occurred, but merely
signal that special attention and further in-depth research must be conducted. But, sometimes
spotting red flags can be extremely challenging, as companies engaged in fraudulent activities are
attempting to portray the image of financial stability and normal business operations.
Looking at the main categories of fraud defined by Association of Certified Fraud Examiners
– ACFE (corruption, asset misappropriation and fraudulent financial statements), we can distin-
guish some common warning signs. The asset misappropriation is a type of fraud that is usually
performed by employees against the organization, for their own benefit. Common warning signs
include: changes in behaviour, avoid direct views, increased irritability, CV with several breaks,
problematic character, constant anger, the tendency to blame others and changes in lifestyle (Lux &
Fitiani, 2002). There are other warning signs that indicate the possibility of disposition of property
in situations where employees: express dissatisfaction with their employer or supervisor; never
take a vacation; have financial difficulties or problems with debt; exhibiting psychotic features;
constantly complain to their supervisors treat them badly; exhibit behavioural characteristics that are
associated with self-centeredness or exaggerated by the need for the control; refuse reassignments,
promotions or other business deals (Singleton & Singleton, 2010). The creation of fraudulent finan
cial statements is typical for senior management. These frauds are executed for the organization (at
least partially or indirectly), for the benefit of the organization and the perpetrator. Usual warning
signs for this type of fraud include accounting anomalies, rapid business growth and an unusual
amount of profit, deficiencies in internal control and aggression that manifests executive manage-
ment (Singleton & Singleton, 2010). The focus of this study in on detection of this type of fraud.
3. Software tools for fraud detection and prevention
Software tools used for fraud detection and prevention enable auditors and forensic investigators
to examine massive volumes of transactional data and many types of financial documents, in order
to detect and prevent fraud. They save forensic-accounting investigators thousands of man-hours
by compiling data and identifying possible patterns. In addition, some software solutions can track
fraud as it happens i.e. they can look for an unusual number of transactions just below the limit
74 Dragomir Dimitrijević, Zoran Kalinić
needed to require a supervisor’s assistance or too many partial payments by customers. Programs
used by auditors to interrogate files, generally known as audit software, come in a number of forms,
ranging from software packages specially designed to support auditing, to any other computer
program that the auditor finds useful (AuditNet, 2003).
Computer Assisted Auditing Tools (CAATs) are computer programs used by auditor as part
of the audit procedures, in order to process data of audit significance contained in a client’s informa-
tion system i.e. to automate the audit processes (Shaheen et al., 2014). CAATs represent powerful
tool for auditors that can identify unusual or unexpected trends in data that may indicate possible
fraud. The main advantages of CAATs are: it saves time, with no loss of quality or accuracy; data
analysis is focused and allows any future adjustment to be made with minimal effort; preliminary
data can often be analyzed early in the audit process and a more efficient audit plan can be made
(CAAG, 2006). In addition, historically, auditors have relied on samples of transactions or com-
panies to perform their tests (AuditNet, 2003). With the use of automated data analysis tools,
it is possible to assess all records and companies in focus. Automated fraud detection software
tools and programs are used help pinpoint anomalies and unusual patterns as well as revealing
potential red flags (Aiken, 2016).
One of the most popular and most used software solutions is Audit Command Language (ACL),
developed by ACL Service Ltd (www.acl.com). ACL’s software program is one of the leading tools
in the industry and delivers audit data analytics to its customers and quickly uncover potential
fraudulent schemes, without exhausting a lot of time and money (Aiken, 2016). Although it has
automated analytical procedures i.e. built in analysis command and there is no programming
language needed, it also offers script for auditors who want more customized programmable com-
mands. One of analysis command often used for fraud detection is Benford’s Law analysis, which
is commonly used in auditing especially in fraud detecting, by many auditors including internal,
external and governmental. Benford’s Law refers to the frequency distribution of digits in many
real-life sources of data, including financial documents (Shaheen et al., 2014). In this distribu-
tion, digit 1 occurs as the leading digit in about 30% of the cases, while larger digits occur in that
position far less frequently: for example, digit 9 as the first digit is in less than 5% of the cases.
So, if financial document analysis shows that digit 1 appears as the first digit in 10 or 50 percent
of the cases, possible fraud is indicated. ACL use Benford’s Law analysis in a digit-by-digit basis,
which might increase the chances of findings actual fraudulent entries (Cleary & Thibodeu, 2005).
Newest versions of ACL can read and analyze PDF file. However, despite its powerful functions,
ACL’s price is quite expensive.
CaseWare IDEA software (www.casewareanalytics.com) includes a full range of auditing tools
in a standalone package and it can read, analyze, sample or extract from data files from almost any
source including spreadsheets, exported data from databases, accounting programs, ERP systems
and documents in formats such as PDFs or plain text (.txt). IDEA also, among others, may perform
Benford’s Law analysis. This software lowers the cost of analysis, but also adds more quality to
audit work and meet the professional requirements regarding fraud and audit. IDEA (Interactive
Data Extraction and Analysis) is used in over 90 countries by major accounting and auditing
companies, federal, state, provincial and local government and corporations in all industry sec-
tors. For example, IDEA is extensively used by the National Audit Office in the United Kingdom
SAS software programs are also often used to manage the risk of fraud along with detecting
and deterring potential instances of fraud (Aiken, 2016). By implementing SAS software programs
Software Tools Usage in Fraud Detection and Prevention in Governmental…
within company systems and using its powerful data analytics, audit managers can analyse large
sets of data and detect and prevent instances of fraud and abuse.
Picalo is a collaborative, open-source data analysis application suitable to auditors, fraud
examiners, data miners, and other data analysts. Users can either use the built-in routines or write
their own, which can be shared with others in the Picalo community. The final goal is to create
a large set of analysis routines that meet many different needs. Another example is Arbutus Fraud
Detection Software, which is also a proven, effective fraud detection software tool. Also, other
CAAT solutions include ESKORT Computer Audit (also known as SESAM), InfoZoom, SoftCAAT,
Easy2Analyze, etc. Finally, many CAATs are provided as Excel add-ons: Active Data for Excel,
eCAAT, ACL, TopCAATs, etc.
4. Data analysis and results
In order to analyse the software solutions used by government authorities and audit institutions
in the process of fraud detection and prevention in the Republic of Serbia, we have conducted
interviewing of the most important institutions included in this process. At the state level, three
basic institutions are key players in the process of fraud detection and prevention: Tax Administra-
tion (TA), Serbian Business Registers Agency (SBRA) and State Audit Institution (SAI). All three
institutions participated in the survey.
Tax Administration collects public revenues, monitor and improve the level of fiscal discipline
and creates an environment in which every taxpayer voluntarily, without excessive costs, fulfils its
tax obligations, which enables the Government of the Republic of Serbia to provide public services
to its citizens. Tax Administration as an administrative body within the Ministry of Finance, which
performs the following tasks: keep an integral register of taxpayers; perform tax control and tax
assessment in accordance with the law; perform regular and enforced collection of taxes and sec-
ondary tax duties; reveal tax crimes and their perpetrators and take legal measures, initiating and
conducting first instance misdemeanour tax proceedings and impose penalties for tax violations;
keep tax accounting. Serbian Business Registers Agency, founded in 2004, is established to keep
main registers as a single centralized electronic database and to lead the reform of registration
system, in order to create a favourable business environment for starting a business and attracting
investments. The main task of the State Audit Institution is to examine and check the transactions
disclosed in the financial statements of state institutions, i.e. to express an opinion whether they are
carried out in accordance with the legislation and principles. SAI performs audits, prepares reports,
issues legal acts and documents, advises users of the budget, make recommendations for amend-
ments to the existing laws, adopt auditing standards, cooperate with international accounting and
auditing organizations, etc. Subjects of audit are all direct and indirect budget (national or local)
beneficiaries i.e. mandatory social insurance budget funds, the National Bank of Serbia, public
enterprises, companies established by direct or indirect budget user or participates in the capital
of that company.
The study also included private external audit institutions that perform audits of financial state-
ments of companies in the Republic of Serbia. Eight most important external audit organizations
in the Republic of Serbia were invited to participate in the study, but only three of them agreed to
participate and have sent required data.
76 Dragomir Dimitrijević, Zoran Kalinić
The results showed that state institutions mainly use their own software solutions (SBRA and
Tax Administration), while State Audit Institution uses existing commercial software solutions
(CaseWare IDEA). Software solutions used by state institutions had to undergo some adjustments
to meet the needs of these institutions. In addition, the state institutions, in their work, use other
available methods and applications, such as Excel and Access. Unfortunately, state institutions
do not use specialized modules for fraud detection and prevention. In addition, state institutions,
except for SBRA, do not use a specialized methodology for fraud detection. It should be noted that,
except State Audit Institution, which takes 100% of the institutions in the sample when examining
the existence of fraud, other state institutions did not want to give answers to the question regarding
the number of institutions included in the sample in the process of fraud detection.
The external audit institutions that participated in the survey also mainly use own software
solutions (some institutions use software solutions that is completely new and specially developed
for these institutions, while others, besides own solutions, use existing commercial solutions, like
IDEA). Software solutions used by external audit institutions usually have not had to undergo some
adjustments to meet the needs of these institutions. In addition, as in the case of state institutions,
external audit institutions use other available methods and applications, such as Excel and Access.
It should be noted that the fraud detection is not a priority for external audit institutions, which
is probably one of the reasons why they do not have and do not use specialized software modules
for fraud detection. On the other hand, research has shown that external audit institutions, if they
are engaged for the purposes of fraud detection, using specific methodology, but they were not
ready to talk in detail about it.
While organizations should still complete routine audits, it is highly recommended to imple-
ment proactive fraud detection software programs and tools, which are very useful in the analysis
of big data, finding any discrepancies with patterns and preventing potential fraud schemes (Aiken,
2016). Considering the results of the research, it can be seen that majority of the surveyed institu-
tions (governmental and external audit) use their own, custom-made software solutions in their
work. Also notable is the fact that neither of the institutions have and use specialized modules
for fraud detection, which indicates a low degree of fraud control, especially in state institutions.
The absence of a predetermined sample of companies examined to fraud shows that no surveyed
institutions consider fraud detection and prevention as one of its priorities. This attitude has led to
the ever-growing number of frauds and late responses of all the institutions, particularly govern-
Existence of adequate specialized software solutions, which would be used only for fraud
detection, is not a guarantee that fraud will not occur. But, a lack of these software solutions cre-
ates a favourable situation for frauds and fraudsters, and huge potential financial losses for both,
institutions and the state. Therefore, it is highly recommended to state institutions, that are most
responsible for fraud detection and prevention, to get these software solutions, capable to indicate
the existence of warning signs of the possible existence of fraud in the institution. These warn-
ing signs are not necessarily indicators of fraud, but they are a sure sign that one should examine
further and in more details, whether or not there is fraud in the institution.
Software Tools Usage in Fraud Detection and Prevention in Governmental…
1. ACFE. (2016). Report to the Nations on Occupational Fraud and Abuse. Retrieved on
12/06/2017, from: https://s3-us-west-2.amazonaws.com/acfepublic/2016-report-to-the-nations.
2. Aiken, K. (2016). Analyzing Proactive Fraud Detection Software Tools and the Push for
Quicker Solutions. Economic Crime Forensics Capstones, Paper 9.
3. AuditNet. (2003). Principles of Computer Assisted Audit Techniques. Retrieved on 12/06/2017,
4. Bierstaker, J., Brody, G.R., & Pacini, C. (2006). Accountants’ Perceptions Regarding Fraud
Detection and Prevention Methods. Managerial Auditing Journal, 21(5), 520-535.
5. CAAG. (2006). A Guide to Computer Assisted Audit Techniques, Computer Assisted Audit
Group (CAAG), Department of Revenue, Commonwealth of Massachusetts, USA.
6. Cleary, R., & Thibodeau, J.C. (2005). Applying Digital Analysis Using Benford’s Law to De-
tect Fraud: The Dangers of Type I Error. Auditing: A Journal of Practice and Theory, 24(1),
7. Lux, A., & Fitiani, S. (2002). Fighting Internal Crime Before It Happens. Information Systems
Control Journal, 3, 50-51.
8. Okoye, E.I., & Gbeki, D.O. (2013). Forensic Accounting: A Tool for Fraud Detection and
Prevention in the Public Sector. (A Study of Selected Ministries in Kogi State). International
Journal of Academic Research in Business and Social Sciences, 3(3), 1-19.
9. Othman, R., Aris, N.A., Mardziyah, A., Zainan, N., & Amin, N.A. (2015). Fraud Detection
and Prevention Methods in the Malaysian Public Sector: Accountants’ and Internal Auditors’
International Conference on Financial Criminology, 13-14 April 2015, Oxford,
10. Shaheen, I., Sultana, A., & Noor, A. (2014). Forensic Accounting and Fraud Examination
in India. International Journal of Innovative Research & Development, 3(12), 171-177.
11. Singleton, T., Singleton, A., Bologna, J., & Lindquist, R. (2006). Fraud Auditing and Forensic
Accounting. John Wiley & Sons, SAD.
12. Tangod, K.K., & Kulkarni, G.H. (2015). Detection of Financial Statement Fraud using Data
Mining Technique and Performance Analysis. International Journal of Advanced Research
in Computer and Communication Engineering, 4(7), 549-555.
13. Wong, S., & Wenkatraman, S. (2015). Financial Accounting Fraud Detection Using Business
Intelligence. Asian Economic and Financial Review, 5(11), 1187-1207.
14. Zabihollah, R. (2002). Financial Statement Fraud – Prevention and Detection. New York:
John Wiley & Sons, Inc.