Fraud and Forensic Auditing Chapter Ten
Definition of Fraud “…any act involving the use of deception to obtain an illegal advantage.” (ISACA Irregularities and Illegal Acts Guideline 30)
Why Fraud Occurs PressureRationalization Opportunity Fraud Triangle
Major Fraud Studies The COSO Studies (1987, 1999) 1998 KPMG Fraud Study 2002 Wells Report
Characteristics of Fraud 2002 Cost: $600 billion Problematic industries: Computer Manufacturing Financial services
3 Categories of Fraud (See Figure 10-4) Asset misappropriation (85.7%) Corruption (12.8%) Fraudulent financial statements (5.1%, but highest dollar amount) See Figure 10-4
Responsibilities to Detect Fraud Corporate Positive security model a necessity Corporate fraud policy Ethical tone at the top Policies on computer use and abuse Network security policy
Fraud in Malaysia Fraud appears to be more rampant in the manufacturing, construction, engineering and consumer products industries Value: RM 63.5 milliom Motivation: Greed/lifestyle (62%), personal financial pressure (39%) Perpetrators: Management, Non-management employees, Customers, Suppliers and Service provider Types of fraud: Theft of physical asset (83%) and theft of funds (77%) Source: KPMG 2011 Fraud Report
Red Flags not to be missed Excessive secrecy about a function, its operations and its financial results. When questions are asked, answers are always stalled and withheld. There is excessive pressures on employees to tamper with result to meet high expectation of the business Increases in profitability fail to lead to increased cash flows Senior managers receive large bonuses linked to meeting targets Complex/unusual payment methods A remote operation not effectively monitored by head office Source: KPMG Analysis
Employees behavioural red flags Refuses and does not seek promotion Rarely takes holidays Does not or will not produce records/information or on request Unreliable and prone to mistakes Surrounded by “favourites” or people who do not challenge them Persistent rumours of personal bad habits/addiction/vices Bullies or intimidates colleagues Vendor/suppliers will only deals with this individual Lifestyle seems excessive for income Seems stressed and under pressures Source: KPMG Analysis
Auditor’s Responsibility-SAS 99 Supersedes SAS 82 Effective December 15, 2002 Incorporates the fraud triangle and requires audit team to consider the fraud triangle Professional skepticism Expanded team discussions, brainstorming Revenue recognition Technology
Sarbanes-Oxley Act of 2002 Public Oversight Board established Increased audit committee responsibilities Specifically prohibited activities 8 nonaudit services now prohibited by company also performing the audit Criminal sanctions Whistleblower protection
Forensic Auditing Investigating known or suspected fraud Computer forensics The use of computer technology to investigate fraud
Conducting the Forensic Investigation Gathering evidence Rules of Evidence must be carefully followed Chain of custody critical Interviewing personnel Invigilation Indirect methods of proof
Prosecution Must establish chain of custody Must prove 4 elements of fraud exist: Misrepresentation of a material fact Intent to defraud Justifiable reliance Resulting in an injury
Tools of Computer Forensics Screwdriver and pliers Disk imaging software Hash calculation utility Search utilities File and data recovery tools File viewing utilities Password cracking software Digital camera