You’ve done what you’ve been told. Y2K preparations are completed or on target. Y2K “experts” are beginning to say that the preparations have been effective (if not draining) and are predicting that problems will be minor inconveniences rather than disasters.

Is it time to rest from the frantic preparations and get back on track? Is it time to recover from the strain on resources and its negative effects on the bottom line that the Y2K problem has caused? It may be, but there is danger in the smug satisfaction of successful disaster aversion. The opportunities for accounting system fraud around January 1st, 2000 have multiplied at the worst possible time: when systems resources are strained and attention is focussed elsewhere.

Fortunately, the power of modern software technologies combined with standard fraud management techniques has made the prevention and detection of Y2K-related fraud relatively easy and inexpensive within the time remaining. Surprisingly though, the key to planning for “Fraud 2000” lies in the genesis of the Y2K problem itself...

Surviving to December 31st, 1999
You don’t need to worry about Fraud 2000 if you haven’t first taken these necessary steps to solve the technical Y2K problem of dealing with dates. You’ve got much bigger headaches!

• Get professional advice. A Y2K expert or industrial engineer from outside the organisation is required to manage these tasks and consult with your lawyers, accountants and systems professionals.
• Check all systems and make all necessary changes.
• Analyse dependencies on systems, suppliers, clients, governments, utilities.
• Analyse risks and probabilities.
• Develop contingency plans appropriately.

Fraud 2000
Y2K is a one time bonanza for fraudsters because it is a simultaneous massive systems conversion project for all medium and large sized businesses. Fraudsters know well that system conversions offer the best opportunities to commit new frauds, cover old ones or even resurrect old ones. Why? Because only account balances are transferred; because detailed history is lost; because normal accounting control vigilance is relaxed at conversion time; because anomalies can be explained and written off as conversion effects; because anomalies are too expensive to investigate; because managers are under too much pressure for Y2K compliance at the same time as their bottom line performance is suffering because of it!

What can be done to counter the costly damages of Fraud 2000?

Surviving in the new Millenium
Surviving Y2K means preparing by solving the technical problem as described above and using the tools of modern technology to prepare for and respond to frauds and other Y2K problems that will arise.

Now should be the time to take advantage of increased productivity promised by the new software technologies in newly converted, Y2K-compliant systems. Now should be the time to put the drain on resources and negative effects on the bottom line of Y2K preparation well behind us. This would be a welcome respite, but executives are anything but relaxed, in spite of their apparent preparedness. Why? The worst thing about Y2K is the fear of the unknown - and preparedness does nothing to cure that. Given the abundance, complexity and inter-dependence of computer systems, the consequences of Y2K are simply: unknown.

If we can remove some of the unknown we can, in part, free corporations of the anxiety that may be preventing them from maximising their potential. The bonus is that understanding the Y2K problem also leads to an effective strategy for fighting Fraud 2000.

The Y2K Problem
The Y2K problem was not caused by programmers trying to save valuable storage space. We were there, writing COBOL programs in the 60's and 70's and - we weren’t trying to save space. It was just that nobody wanted to use four digit years. We didn’t need them.

Eventually though, the problem changed. Systems advanced and users wanted to take advantage of new software and hardware. These new systems had the capability to handle four digit years, but changing to a four digit-year would mean either converting massive amounts of existing data or losing it. Neither option was attractive, so software was converted to work with the existing data. And with each successive conversion the Y2K problem worsened and its solution became more expensive. It is no wonder that IT managers would not want to undertake a Y2K conversion..

In essence then, Y2K was caused by fear of losing past data. And it is this closing of the window on the past that now poses the threat of Fraud 2000.

Case Study: A Window on Past Fraud
We were retained by a fidelity insurer to quantify a theft from a public sector “business” that had occurred two years prior. An accounting manager, aware that the accounting system was to be changed over the next few months, had stolen cash payments and covered the imbalances by entering fraudulent transactions in the accounting system. Three months after the theft the accounting system hardware and software was changed. Fortunately, the accounting system included a transaction history file which was converted when the new system was installed. Or so we thought!

We recreated the accounting batches that included the fraudulent transactions in order to match them to bank deposits and so prove the loss. Unfortunately, none of the batches balanced. It turned out that the history file only retained the twenty most recent transactions. This was fine for the fraudulent transactions which were posted to dormant accounts, but transactions in active accounts had been gone from the history file for over a year.

All was not lost. There were archival backup tapes from the period in question. One of the old computers with the old backup tape hardware and software and old accounting system was still available. All we needed to do was write a program in the old programming language to extract the transaction and account data that we needed. Fortunately, there was an old programmer around as well! We extracted the data and matched the batches to the deposits.

We were lucky that the tapes had not deteriorated and that the tape backup unit still worked and that all of the old software still worked. With the ever increasing pace of technological development, it does not pay for suppliers to maintain obsolete equipment or software.

What does pay is an investment in current technologies that enable practical storage of and access to large amounts of archival data.

Solving Y2K and Fraud 2000
The advances in computer hardware and software technologies have enabled us to succeed in solving the technical problems of Y2K. These technologies should also stand us in good stead in dealing with problems that do arise after January 1st, 2000. We are much better prepared technically to respond to information system crises than ever before.

However, we need to use this technological security blanket to help us return to vigilant accounting controls and systems security procedures. And to prevent, detect and quantify Fraud 2000, we need to use the technology to keep the window to past data open.

FORENSIC ACCOUNTING & INVESTIGATIVE SERVICES (FAIS), Toronto, Craig P. Malcolm, Managing Partner, has been serving the needs of the insurance industry since 1983. Telephone 416-214-4500.