Part 2 D – 1V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Section Topics
1. Discovery sampling
2. Interrogation techniques
3. Forensic auditing
4. Use of computers in analyzing data
5. Red flags6. Types of fraud
Part 2, Section D
Part 2 D – 2V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Fraud Investigation Roles and Players
Standard 1210.A2
“Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.”
Part 2, Section D, Introduction
Part 2 D – 3V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some of the objectives of a fraud investigation?
Sample answer:
• Protect the innocent, establish facts, resolve the matter, and clear the air.
• Quickly stop loss.
• Support successful prosecution.
• Identify, gather, and protect evidence.
• Identify and interview witnesses.
• Identify behavior patterns.
• Determine motives and suspects.
• Provide basis for discipline, etc.
• Account for and recover assets.
• Identify control weaknesses to be fixed.
Discussion Question
Part 2, Section D, Introduction
Part 2 D – 4V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
If you are interviewing (not interrogating) an audit client, why do you establish rapport? What are some methods of doing so?
Sample answer:
Why—To make client comfortable with providing information.
Methods—Agree on convenient time andplace; keep number of interviewers to aminimum; dress appropriately for client and situation; use open, attentive body language.
Part 2, Section D, Topic 2
Part 2 D – 5V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
What are some hallmarks of active listening?
Sample answer:
• Soft eye contact.• Facial expressions showing interest.• Brief silences to allow for more information.• Paraphrasing.• Unobtrusive note-taking.
Part 2, Section D, Topic 2
Part 2 D – 6V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion QuestionWhat are some examples of open and closed questions?
UseOpen
Closed To uncover facts in brief statements; to get to yes or no.
To invite opinions, descriptions, narratives, etc.
Examples
How often do employees skip a step in the approved process?
Please describe your unit’s step-by-step recycling procedure.
Type
Part 2, Section D, Topic 2
Answer:
Part 2 D – 7V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
What are some interview behaviors that you would consider indicators of fraud?
Sample answer:
Inappropriate attitude
No eye contact
Anxiety
Attitude change
Restlessness.
Leaning away
Changing answers
Part 2, Section D, Topic 2
Part 2 D – 8V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Interviewing Model
Document• Complete report
soon.
• Don’t transcribe.
• Include attitude, next steps.
Agree
Prepare
• Summarize key points.
• Confirm or correct points.
• Define goals.
• Get background.
• Plan questions, strategies.
Conduct
• Stick to plan.
• Verify fact or hearsay.
• Take notes.
Part 2, Section D, Topic 2
Part 2 D – 9V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
You are a specialized fraud investigator.
You don’t already know the answers.
A. Interview
B. Interrogation
You want to confirm or eliminate suspicion of fraud.
Match the questioning method on the right to the appropriate context for using that method on the left.
You want a confession.
A
B
A
Answers:
B
Part 2, Section D, Topic 2
Part 2 D – 10V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The Forensic Auditor
Internal auditor Forensic auditor
Identifies fraud indicators. Gathers evidence suitable for use in court—and can present it in court.
Pieces together the fraud narrative from experience, knowledge, and intuition.
Knows when to call for full fraud audit. May be certified by Association of
Certified Fraud Examiners (ACFE).
Part 2, Section D, Topic 3
Part 2 D – 11V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Sample answer:
What are some types of information that computers can provide?
• Voice mail (computer-stored)• Internet history reports• Computer forensics
• Word-processeddocuments
• Customer lists• E-mail logs• Financial records• Scheduling systems or logs• Operations logs• Personnel records
Part 2, Section D, Topic 3
Part 2 D – 12V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Types of Computer Analysis
Numerical analysis
Enterprise auditing
Regression analysis
Continuous online auditing
Study of number sequences (e.g., check amounts) for unlikely patterns, often using Benford’s Law
Comparison of transactions as (or soon after) occurrence against predefined acceptable patterns
Mining data in enterprise-wide systems to identify suspicious patterns
Computer analysis of relationship between variables—one dependent on the other(s)
Part 2, Section D, Topic 4
Part 2 D – 13V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Types of Red Flags
Part II D-5
Audit cycle
red flags
Environmental
red flags
Industry-
specific re
d
flagsPerpetra
tor
red flags
Part 2, Section D, Topic 5
Part 2 D – 14V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Sample answer:
What are some examples of audit cycle red flags?
Changes to key figures pre-financing; sales receivables discrepancies
Expenditure cycle
Production cycle
Financing cycle
Revenue cycle
Consistent overruns; excessive waste or write-offs; unsecured warehouse
High turnover in purchases/payroll; inordinate purchasing from a vendor
Unusual increases; sales to shipments discrepancies; slow collections
Part 2, Section D, Topic 5
Part 2 D – 15V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Sample answer:
What are some examples of environmental red flags?
• Stiff, unfair competition
• Lax regulation
• Industry or cultural tendency toward illegal practices (bribes, etc.)
• Loss of contracts; reorganization that disruptscontrol policies; poor ethics training
• International organizations and organizations dependent on computer technology
Part 2, Section D, Topic 5
Part 2 D – 16V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Sample answer:
What are some examples of industry-specific red flags in the following areas?
Financial services
Manufacturing
Insurance
Energy
Misstatement of sales and earnings; diversion of cash from accounts; phony loans
Cost overruns and discrepancies
Fraudulent claims; payouts to phony clients; misevaluation of underwritten properties
False valuation of assets; misstatement of profits; bribes and cover-ups
Part 2, Section D, Topic 5
Part 2 D – 17V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Sample answer:• Pattern of complaints
• Decline in morale or attendance
• Abrupt resignations
• Evasive answers; adversarial attitude; lack of cooperation during audit
• Unexplained variances; unusual shortages in cash or inventories; missing or altered documents
• Managers who are late with reports, play favorites
What are some examples of perpetrator red flags?
Part 2, Section D, Topic 5
Part 2 D – 18V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Sample answer:
• Fictitious revenues
• Improper asset valuation
• Concealed liabilities
• Improper disclosures
What are some examples of financial statement red flags?
Part 2, Section D, Topic 5
Part 2 D – 19V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Financial statement fraud
What are some examples of fraud in each area?
Skimming cash; diverting payments; pocketing deposits; selling waste and keeping proceeds
Sample answer:
Diverting money from phony accounts to oneself; altering timecards; faking expense reports
Sale of fictitious assets; intentionally concealing events, transactions, or data; theft of office equipment and supplies
Illegal business activities; intentional errors to reduce tax liabilities; failure to act as required; bid rigging
Fictitious revenues; intentional, improper transfer pricing; concealing liabilities
Misuse or theft of assets
Bribery and corruption
Fraudulent disbursement
Cash theft
Part 2, Section D, Topic 6
Part 2 D – 20V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 2-8Part 2, Section D
Fraud Knowledge Elements
Part 2, Section D
Part 2 D – 21V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
End of Section D
Questions?
Part 2, Section D