Chapter 12: Fraud Schemes & Fraud Detection IT Auditing & Assurance, 2e, Hall & Singleton IT Auditing & Assurance, 2e, Hall & Singleton

IT Auditing & Assurance, 2e, Hall & Singleton FRAUD TREE Asset misappropriation fraud Stealing something of value – usually cash or inventory (i.e., asset theft) Converting asset to usable form Concealing the crime to avoid detection Usually, perpetrator is an employee Financial fraud Does not involve direct theft of assets Often objective is to obtain higher stock price (i.e., financial fraud) Typically involves misstating financial data to gain additional compensation, promotion, or escape penalty for poor performance Often escapes detection until irreparable harm has been done Usually, perpetrator is executive management Source: ACFE Corruption fraud Bribery, etc. IT Auditing & Assurance, 2e, Hall & Singleton

ACFE 2004 REPORT TO THE NATION IT Auditing & Assurance, 2e, Hall & Singleton

IT Auditing & Assurance, 2e, Hall & Singleton FRAUD SCHEMES Fraudulent financial statements {5%} Corruption {13%} Bribery Illegal gratuities Conflicts of interest Economic extortion Asset misappropriation {85%} Charges to expense accounts Lapping Kiting Transaction fraud FRAUD SCHEMES  ACFE 2002 Report to the Nation Fraudulent Financial Statements {5%} Corruption {10%} Bribery Illegal gratuities Conflicts of interest Economic extortion Asset Misappropriation {85%} Charges to Expense Accounts {??} Lapping {??} Kiting {??} Transaction Fraud {??} Percentages per ACFE 2002 Report to the Nation – see Table 12-1 IT Auditing & Assurance, 2e, Hall & Singleton

COMPUTER FRAUD SCHEMES Data Collection Data Processing Database Management Information Generation Employee fraud – done by non-management employees are generally designed to directly convert cash or other assets to the employee’s personal benefit.   Employee fraud usually involves 3 steps: stealing something of value, converting the asset to a usable form, and concealing the crime to avoid detection. Management fraud – often escapes detection until irreparable damage has been done. Does not involve the direct theft of assets. Management may engage in fraudulent activities to obtain a higher price from a stock or debt offering or just to meet the expectations of investors. May typically involve materially misstating financial data and reports to gain additional compensation, to garner a promotion, or to escape the penalty for poor performance. IT Auditing & Assurance, 2e, Hall & Singleton

AUDITOR’S RESPONSIBILITY FOR DETECTING FRAUD—SAS NO. 99 Sarbanes-Oxley Act 2002 SAS No. 99 – “Consideration of Fraud in a Financial Statement Audit” Description and characteristics of fraud Professional skepticism Engagement personnel discussion Obtaining audit evidence and information Identifying risks Assessing the identified risks Responding to the assessment Evaluating audit evidence and information Communicating possible fraud Documenting consideration of fraud Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

FRAUDULANT FINANCIAL REPORTING Risk factors: Management’s characteristics and influence over the control environment Industry conditions Operating characteristics and financial stability Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

FRAUDULANT FINANCIAL REPORTING Common schemes: Improper revenue recognition Improper treatment of sales Improper asset valuation Improper deferral of costs and expenses Improper recording of liabilities Inadequate disclosures Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

MISAPPROPRIATION OF ASSETS Risk factors: Susceptibility of assets to misappropriation Controls Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

MISAPPROPRIATION OF ASSETS Common schemes: Personal purchases Ghost employees Fictitious expenses Altered payee Pass-through vendors Theft of cash (or inventory) Lapping Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

ACFE 2004 REPORT TO THE NATION IT Auditing & Assurance, 2e, Hall & Singleton

AUDITOR’S RESPONSE TO RISK ASSESSMENT Engagement staffing and extent of supervision Professional skepticism Nature, timing, extent of procedures performed Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

AUDITOR’S RESPONSE TO DETECTED MISSTATEMENTS DUE TO FRAUD If no material effect: Refer matter to appropriate level of management Ensure implications to other aspects of the audit have been adequately addressed If effect is material or undeterminable: Consider implications for other aspects of the audit Discuss the matter with senior management and audit committee Attempt to determine if material effect Suggest client consult with legal counsel Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

AUDITOR’S DOCUMENTATION Document in the working papers criteria used for assessing fraud risk factors: Those risk factors identified Auditor’s response to them Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

FRAUD DETECTION TECHNIQUES USING ACL Payments to fictitious vendors Sequential invoice numbers Vendors with P.O. boxes Vendors with employee address Multiple company with same address Invoice amounts slightly below review threshold Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

FRAUD DETECTION TECHNIQUES USING ACL Payroll fraud Test for excessive hours worked Test for duplicate payments Tests for non-existent employee Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

FRAUD DETECTION TECHNIQUES USING ACL Lapping A.R. Balance forward method Open invoice method Three special characteristics: ·        Perpetrated at levels of management above the one where internal controls relate ·        Frequently involves using the financial statements to create illusions about corporate financial health ·        If fraud involves misappropriation of assets, it frequently is shrouded in a complex maze of business transactions, and often involves third parties IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 12: Fraud Schemes & Fraud Detection IT Auditing & Assurance, 2e, Hall & Singleton IT Auditing & Assurance, 2e, Hall & Singleton