it auditing & assurance, 2e, hall & singleton c hapter 12: fraud schemes & fraud...
TRANSCRIPT
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 12:Fraud Schemes & Fraud Detection
IT Auditing & Assurance, 2e, Hall & Singleton
FRAUD Asset misappropriation fraud
1. Stealing something of value – usually cash or inventory (i.e., asset theft)
2. Converting asset to usable form3. Concealing the crime to avoid detection4. Usually, perpetrator is an employee
Financial fraud1. Does not involve direct theft of assets2. Often objective is to obtain higher stock price (i.e., financial fraud) 3. Typically involves misstating financial data to gain additional
compensation, promotion, or escape penalty for poor performance
4. Often escapes detection until irreparable harm has been done 5. Usually, perpetrator is executive management
Corruption fraud1. Bribery, etc.
IT Auditing & Assurance, 2e, Hall & Singleton
ACFE 2004 REPORT TO THE NATION
IT Auditing & Assurance, 2e, Hall & Singleton
FRAUD SCHEMES Fraudulent financial statements {5%}
Corruption {13%} Bribery Illegal gratuities Conflicts of interest Economic extortion
Asset misappropriation {85%} Charges to expense accounts Lapping Kiting Transaction fraud
Percentages per ACFE 2002 Report to the Nation – see Table 12-1
IT Auditing & Assurance, 2e, Hall & Singleton
COMPUTER FRAUD SCHEMES
Data Collection
Data Processing
Database Management
Information Generation
IT Auditing & Assurance, 2e, Hall & Singleton
AUDITOR’S RESPONSIBILITY FOR DETECTING FRAUD—SAS NO. 99
Sarbanes-Oxley Act 2002 SAS No. 99 – “Consideration of Fraud in a
Financial Statement Audit”1. Description and characteristics of fraud2. Professional skepticism3. Engagement personnel discussion4. Obtaining audit evidence and information5. Identifying risks6. Assessing the identified risks7. Responding to the assessment8. Evaluating audit evidence and information9. Communicating possible fraud10. Documenting consideration of fraud
IT Auditing & Assurance, 2e, Hall & Singleton
FRAUDULANT FINANCIAL REPORTING
Risk factors:
1. Management’s characteristics and influence over the control environment
2. Industry conditions
3. Operating characteristics and financial stability
IT Auditing & Assurance, 2e, Hall & Singleton
FRAUDULANT FINANCIAL REPORTING
Common schemes: Improper revenue recognition Improper treatment of sales Improper asset valuation Improper deferral of costs and
expenses Improper recording of liabilities Inadequate disclosures
IT Auditing & Assurance, 2e, Hall & Singleton
What Is Internal Control?
Control Environment
Control activities
Risk Assessment
Information / Communication
Monitoring
Sets the tone of an organization.
Influences control consciousness
Foundation for all other components
Provides discipline and structure
IT Auditing & Assurance, 2e, Hall & Singleton
Why Did It Take So Long to Find Out?
IT Auditing & Assurance, 2e, Hall & Singleton
What Is Internal Control?
Control Environment
Control activities
Risk Assessment
Information / Communication
Monitoring
Identification and analysis
Relevant risks to objective achievement
Forms basis of risk management
IT Auditing & Assurance, 2e, Hall & Singleton
What Is Internal Control?
Control Environment
Control activities
Risk Assessment
Information / Communication
Monitoring
Policies and procedures
Help ensure achievement of
management objectives
IT Auditing & Assurance, 2e, Hall & Singleton
What Is Internal Control?
Control Environment
Control activities
Risk Assessment
Information / Communication
Monitoring
Information identification, capture,
and exchange
Forms and time frames
Enables people to carry out responsibilities
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsMisappropriation of Assets
Poor recordkeeping
Lack of management oversight
Inadequate job applicant screening
Poor segregation of duties or independent checks
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsMisappropriation of Assets
Poor physical safeguards
Inappropriate transaction authorization and approval
No mandatory vacations for control function employees
Lack of timely and appropriate transaction documentation
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsSusceptibility of Assets to Misappropriation
Large amounts of cash on hand or in process.
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsSusceptibility of Assets to Misappropriation
Inventory that is small in size, high in value, or in high demand.
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsSusceptibility of Assets to Misappropriation
Easily convertible assetsEasily convertible assets
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsSusceptibility of Assets to Misappropriation
Fixed assets that are small, marketable, or lack Fixed assets that are small, marketable, or lack ownership identification.ownership identification.
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsMaterial Misstatements Due to Fraud
Transactions improperly recorded or not recorded completely / timely.
Unsupported/unauthorized balances or transactions.
Last-minute adjustments significantly affecting financial results.
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsConflicting or Missing Evidential Matter
Missing documents or photocopies where originals should be.
Missing significant inventory or physical assets.
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsConflicting or Missing Evidential Matter
Unusual discrepancies between records and confirmation replies.
Significant unexplained items on reconciliations.
IT Auditing & Assurance, 2e, Hall & Singleton
Risk FactorsConflicting or Missing Evidential Matter
Inconsistent, vague, or implausible responses to inquiries or analytical procedures.
IT Auditing & Assurance, 2e, Hall & Singleton
MISAPPROPRIATION OF ASSETS
Common schemes: Personal purchases Ghost employees Fictitious expenses Altered payee Pass-through vendors Theft of cash (or inventory) Lapping
IT Auditing & Assurance, 2e, Hall & Singleton
ACFE 2004 REPORT TO THE NATION
IT Auditing & Assurance, 2e, Hall & Singleton
AUDITOR’S RESPONSE TO RISK ASSESSMENT
Engagement staffing and extent of supervision
Professional skepticism
Nature, timing, extent of procedures performed
IT Auditing & Assurance, 2e, Hall & Singleton
AUDITOR’S RESPONSE TO DETECTED MISSTATEMENTS DUE TO FRAUD If no material effect:
Refer matter to appropriate level of management Ensure implications to other aspects of the audit
have been adequately addressed
If effect is material or undeterminable: Consider implications for other aspects of the audit Discuss the matter with senior management and
audit committee Attempt to determine if material effect Suggest client consult with legal counsel
IT Auditing & Assurance, 2e, Hall & Singleton
AUDITOR’S DOCUMENTATION
Document in the working papers criteria used for assessing fraud risk factors:
1. Those risk factors identified
2. Auditor’s response to them
IT Auditing & Assurance, 2e, Hall & Singleton
FRAUD DETECTION TECHNIQUES USING ACL
Payments to fictitious vendors Sequential invoice numbers Vendors with P.O. boxes Vendors with employee address Multiple company with same address Invoice amounts slightly below review
threshold
IT Auditing & Assurance, 2e, Hall & Singleton
FRAUD DETECTION TECHNIQUES USING ACL Payroll fraud
Test for excessive hours worked Test for duplicate payments Tests for non-existent employee
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 12:Fraud Schemes & Fraud Detection
IT Auditing & Assurance, 2e, Hall & Singleton