Fraud and Forensic Auditing

Chapter Ten

Definition of Fraud“…any act involving the use of deception to

obtain an illegal advantage.” (ISACA Irregularities and Illegal Acts Guideline 30)

Why Fraud Occurs

Pressure Rationalization

Opportunity

Fraud Triangle

Major Fraud StudiesThe COSO Studies (1987, 1999)1998 KPMG Fraud Study2002 Wells Report

Characteristics of Fraud2002 Cost: $600 billionProblematic industries:

ComputerManufacturingFinancial services

3 Categories of Fraud (See Figure 10-4)Asset misappropriation (85.7%)Corruption (12.8%)Fraudulent financial statements (5.1%, but

highest dollar amount)See Figure 10-4

Responsibilities to Detect FraudCorporate

Positive security model a necessityCorporate fraud policyEthical tone at the topPolicies on computer use and abuseNetwork security policy

Fraud in MalaysiaFraud appears to be more rampant in the

manufacturing, construction, engineering and consumer products industries

Value: RM 63.5 milliomMotivation: Greed/lifestyle (62%), personal financial

pressure (39%)Perpetrators: Management, Non-management

employees, Customers, Suppliers and Service provider

Types of fraud: Theft of physical asset (83%) and theft of funds (77%)

Source: KPMG 2011 Fraud Report

Red Flags not to be missedExcessive secrecy about a function, its operations and its

financial results. When questions are asked, answers are always stalled and withheld.

There is excessive pressures on employees to tamper with result to meet high expectation of the business

Increases in profitability fail to lead to increased cash flows

Senior managers receive large bonuses linked to meeting targets

Complex/unusual payment methodsA remote operation not effectively monitored by head

office

Source: KPMG Analysis

Employees behavioural red flagsRefuses and does not seek promotionRarely takes holidaysDoes not or will not produce records/information or on

requestUnreliable and prone to mistakesSurrounded by “favourites” or people who do not

challenge themPersistent rumours of personal bad habits/addiction/vicesBullies or intimidates colleaguesVendor/suppliers will only deals with this individualLifestyle seems excessive for incomeSeems stressed and under pressuresSource: KPMG Analysis

Auditor’s Responsibility-SAS 99Supersedes SAS 82Effective December 15, 2002Incorporates the fraud triangle and requires

audit team to consider the fraud triangleProfessional skepticismExpanded team discussions, brainstormingRevenue recognitionTechnology

Sarbanes-Oxley Act of 2002Public Oversight Board establishedIncreased audit committee responsibilitiesSpecifically prohibited activities

8 nonaudit services now prohibited by company also performing the audit

Criminal sanctionsWhistleblower protection

Forensic AuditingInvestigating known or suspected fraudComputer forensics

The use of computer technology to investigate fraud

Conducting the Forensic InvestigationGathering evidence

Rules of Evidence must be carefully followedChain of custody criticalInterviewing personnelInvigilationIndirect methods of proof

ProsecutionMust establish chain of custodyMust prove 4 elements of fraud exist:

Misrepresentation of a material factIntent to defraudJustifiable relianceResulting in an injury

Tools of Computer ForensicsScrewdriver and pliersDisk imaging softwareHash calculation utilitySearch utilitiesFile and data recovery toolsFile viewing utilitiesPassword cracking softwareDigital camera