it auditing & assurance, 2e, hall & singleton c hapter 12: fraud schemes & fraud...

IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 12:Fraud Schemes & Fraud Detection


FRAUD Asset misappropriation fraud

1. Stealing something of value – usually cash or inventory (i.e., asset theft)

2. Converting asset to usable form3. Concealing the crime to avoid detection4. Usually, perpetrator is an employee

Financial fraud1. Does not involve direct theft of assets2. Often objective is to obtain higher stock price (i.e., financial fraud) 3. Typically involves misstating financial data to gain additional

compensation, promotion, or escape penalty for poor performance

4. Often escapes detection until irreparable harm has been done 5. Usually, perpetrator is executive management

Corruption fraud1. Bribery, etc.


ACFE 2004 REPORT TO THE NATION


FRAUD SCHEMES Fraudulent financial statements {5%}

Corruption {13%} Bribery Illegal gratuities Conflicts of interest Economic extortion

Asset misappropriation {85%} Charges to expense accounts Lapping Kiting Transaction fraud

Percentages per ACFE 2002 Report to the Nation – see Table 12-1


COMPUTER FRAUD SCHEMES

Data Collection

Data Processing

Database Management

Information Generation


AUDITOR’S RESPONSIBILITY FOR DETECTING FRAUD—SAS NO. 99

Sarbanes-Oxley Act 2002 SAS No. 99 – “Consideration of Fraud in a

Financial Statement Audit”1. Description and characteristics of fraud2. Professional skepticism3. Engagement personnel discussion4. Obtaining audit evidence and information5. Identifying risks6. Assessing the identified risks7. Responding to the assessment8. Evaluating audit evidence and information9. Communicating possible fraud10. Documenting consideration of fraud


FRAUDULANT FINANCIAL REPORTING

Risk factors:

1. Management’s characteristics and influence over the control environment

2. Industry conditions

3. Operating characteristics and financial stability


FRAUDULANT FINANCIAL REPORTING

Common schemes: Improper revenue recognition Improper treatment of sales Improper asset valuation Improper deferral of costs and

expenses Improper recording of liabilities Inadequate disclosures


What Is Internal Control?

Control Environment

Control activities

Risk Assessment

Information / Communication

Monitoring

Sets the tone of an organization.

Influences control consciousness

Foundation for all other components

Provides discipline and structure


Why Did It Take So Long to Find Out?



Control Environment

Control activities

Risk Assessment


Monitoring

Identification and analysis

Relevant risks to objective achievement

Forms basis of risk management



Control Environment

Control activities

Risk Assessment


Monitoring

Policies and procedures

Help ensure achievement of

management objectives



Control Environment

Control activities

Risk Assessment


Monitoring

Information identification, capture,

and exchange

Forms and time frames

Enables people to carry out responsibilities


Risk FactorsMisappropriation of Assets

Poor recordkeeping

Lack of management oversight

Inadequate job applicant screening

Poor segregation of duties or independent checks


Risk FactorsMisappropriation of Assets

Poor physical safeguards

Inappropriate transaction authorization and approval

No mandatory vacations for control function employees

Lack of timely and appropriate transaction documentation


Risk FactorsSusceptibility of Assets to Misappropriation

Large amounts of cash on hand or in process.



Inventory that is small in size, high in value, or in high demand.



Easily convertible assetsEasily convertible assets



Fixed assets that are small, marketable, or lack Fixed assets that are small, marketable, or lack ownership identification.ownership identification.


Risk FactorsMaterial Misstatements Due to Fraud

Transactions improperly recorded or not recorded completely / timely.

Unsupported/unauthorized balances or transactions.

Last-minute adjustments significantly affecting financial results.


Risk FactorsConflicting or Missing Evidential Matter

Missing documents or photocopies where originals should be.

Missing significant inventory or physical assets.



Unusual discrepancies between records and confirmation replies.

Significant unexplained items on reconciliations.



Inconsistent, vague, or implausible responses to inquiries or analytical procedures.


MISAPPROPRIATION OF ASSETS

Common schemes: Personal purchases Ghost employees Fictitious expenses Altered payee Pass-through vendors Theft of cash (or inventory) Lapping


ACFE 2004 REPORT TO THE NATION


AUDITOR’S RESPONSE TO RISK ASSESSMENT

Engagement staffing and extent of supervision

Professional skepticism

Nature, timing, extent of procedures performed


AUDITOR’S RESPONSE TO DETECTED MISSTATEMENTS DUE TO FRAUD If no material effect:

Refer matter to appropriate level of management Ensure implications to other aspects of the audit

have been adequately addressed

If effect is material or undeterminable: Consider implications for other aspects of the audit Discuss the matter with senior management and

audit committee Attempt to determine if material effect Suggest client consult with legal counsel


AUDITOR’S DOCUMENTATION

Document in the working papers criteria used for assessing fraud risk factors:

1. Those risk factors identified

2. Auditor’s response to them


FRAUD DETECTION TECHNIQUES USING ACL

Payments to fictitious vendors Sequential invoice numbers Vendors with P.O. boxes Vendors with employee address Multiple company with same address Invoice amounts slightly below review

threshold


FRAUD DETECTION TECHNIQUES USING ACL Payroll fraud

Test for excessive hours worked Test for duplicate payments Tests for non-existent employee


Chapter 12:Fraud Schemes & Fraud Detection


it auditing & assurance, 2e, hall & singleton c hapter 12: fraud schemes & fraud...

Documents

nationit auditing assurance

structureit auditing

hall singletonwhat

hall singletonchapter

hall singletonacfe

hall singletonwhy

internal control

financial data