Improving Deception Detection

PROVO, Utah – Jun 28, 2018 – In 2001, news of the Enron scandal broke, revealing that the energy company had misrepresented its income. Arthur Andersen, the accounting firm that conducted audits of Enron, failed to detect the fraud; neither company recovered after the scandal.
 
Andrew Sanford, who graduated in April with his BS in information systems and MISM degrees, wants to help auditors better recognize fraud cases such as this. To fund his project, Sanford received a $1,500 grant from BYU’s Office of Research and Creative Activities (ORCA).
 
“I’ve been interested in fraud and security for quite some time,” Sanford says. “My dad was a CPA and I did an internship for one of the Big Four, so I was familiar with the auditing process. I felt there was an opportunity to make the auditing process better.”
 
After receiving the ORCA grant, Sanford got to work. He poured over academic journals and conducted a literature review of previous research on accounting fraud and threat modeling, a method used by security teams to optimize network security. These teams identify security objectives like protecting credit card information, possible vulnerabilities, and ways to mitigate risk.
 
Sanford developed a framework based on threat modeling to enable auditors to better detect fraud. Auditors already brainstorm possible ways fraud could be committed, but Sanford’s model provides more defined guidelines for that brainstorming process, as shown below.
 
“I hope this framework finds its way into the official auditing standards,” Sanford says. “We need a method that will detect fraud and help make the world a safer and more trustworthy place.”
 
Sanford’s final report, titled “Improving Fraud Detection by Auditors via Integration of Cybersecurity Principles,” was published in BYU’s Journal of Undergraduate Research last month. He was also invited to represent BYU Marriott and present his research findings to members of the President’s Leadership Council, a group of generous university supporters.

“This was fully Andrew’s idea, and his framework is a fantastic guide to help auditors think through what needs to be protected and how to protect it,” Albrecht says. “It’s always wonderful to have a student who understands the importance of producing high-quality research. Working with Andrew was very much a partnership rather than a student-teacher relationship.”
 
Sanford credits his research project, along with his other experiences while a student, for helping him land a job at the information security compliance office for The Church of Jesus Christ of Latter-day Saints. Using the skills and knowledge he gains in his career, he hopes to continue to research and find new ways to improve his field.

“The Information Systems Department has some of the world’s best researchers, and I enjoyed the opportunity to interact with them and get their feedback,” Sanford says. “I’m grateful for their willingness to help students succeed. I wouldn’t be where I am today without their support.”