preparing auditors in their usage of data analytics …...the characteristics of the caats: high...
TRANSCRIPT
A C F E A S I A - P A C I F I C F R A U D C O N F E R E N C E 2 0 1 1
Preparing Auditors In Their Usage of Data Analytics Tool In Fraud
Prevention Program
P r e s e n t e r :
F r a n s i s k u s O e y ( G r o u p M D )
T h e P r o d i g y G r o u p
w w w. p r o d i g y - g r o u p . c o m f r a n s i s k u s @ p r o d i g y - g r o u p . c o m
w w w . p r o d i g y - g r o u p . c o m
Introduction
Fraud is always intentional as contrasted to errors and misrepresentations that are unintentional by chance or
lack of training or skill.
w w w . p r o d i g y - g r o u p . c o m
Presentation Agenda
Challenges
Auditors’ New/Value-adding Role
Using CAATs for Audit Vs. Fraud Prevention
The Technology
The Techniques
Conclusion
w w w . p r o d i g y - g r o u p . c o m
Challenges
w w w . p r o d i g y - g r o u p . c o m
Challenges
a) Different vulnerability at different stages of the business process
b) Differentiating “fraud” transactions Vs. “error” transactions in digital domain of organisation system network
c) Lack of robust, scalable & near real-time preventive tools
d) Implementation steps
e) Automation vs. manual prevention/detection
w w w . p r o d i g y - g r o u p . c o m
Auditors’ New / Value-adding Roles
w w w . p r o d i g y - g r o u p . c o m
Auditors’ New / Value-adding Roles
Assist in fraud deterrence
Assist in fraud detection
Cost of fraud
Simplified Analytic Capability Model
Growing concerns
w w w . p r o d i g y - g r o u p . c o m
Fraud Deterrence
Internal auditor should determine that the:
Company set clear objectives
Company set realistic goals
Company’s Code of Conduct exist and updated
prohibited activities
course of action if violation is found
Continuous Control Monitoring (CCM)
Communication channel to the Management
Constant review for enhancement
w w w . p r o d i g y - g r o u p . c o m
Fraud Detection
Fraud indicators
Initial Detection of Occupational Frauds
Source: ACFE – Report To The Nation 2010
w w w . p r o d i g y - g r o u p . c o m
Fraud Detection
Examples of fraud indicators:
Unauthorised transactions
Override of internal controls
Pricing exceptions
Change of lifestyle
Change in behaviour
Motivation of management
w w w . p r o d i g y - g r o u p . c o m
Cost of Fraud
Why is it important?
*The sum of percentages
in this chart exceeds
100% because several
cases involved schemes
from more than one
category.
Source: ACFE – Report To The Nation 2010
w w w . p r o d i g y - g r o u p . c o m
Cost of Fraud
Distribution of Losses
Source: ACFE – Report To The Nation 2010
w w w . p r o d i g y - g r o u p . c o m
Cost of Fraud
Warren Buffett, CEO, Berkshire Hathaway
If you lose dollars for the firm by bad decisions, I will be understanding. If you lose reputation for the firm, I will be ruthless.
w w w . p r o d i g y - g r o u p . c o m
Cost of Fraud
Reputation for integrity is one of the most valuable assets of an organisation
Action plan for detection & prevention control
Prevention is better and cheaper than Investigation
Prevention Detection Investigation
Co
sti
ng
w w w . p r o d i g y - g r o u p . c o m
Analytic Capability Model
…in order to increase its relevance and value, as well as secure a “seat at the table” with executive management, audit needs to understand what happened yesterday, provide insight into what is happening in the business today, and understand where the organizational risks may occur tomorrow. In short, audit needs to provide a continuum of hindsight, insight and foresight. Together, these form an internal audit department’s “line of sight.”
Richard Chambers, President, The IIA
w w w . p r o d i g y - g r o u p . c o m
Analytic Capability Model
Level 1
Basic
Level 2
Applied
Level 3
Managed
Level 4
Automated
Level 5
Monitoring
Analytic Sophistication
Au
dit
Co
ntr
ibu
tio
n
Hindsight
Insight
Foresight
Ad-hoc Repetitive Continuous
Source: www.acl.com/steps/
w w w . p r o d i g y - g r o u p . c o m
Growing Concerns
• Uncertain outlook • Fear of job security
Regional and global economy
• Increase in business risk • Consolidation of resources
Merger and acquisitions
• Inadequate resources with right skill set • Data migration/integration
Advancement in computerised systems
• Regulatory compliance • Public expectations • Protecting shareholders’ interest
Stakeholder expectations and requirements
• Flat or declining budgets • Added workload • Inadequate specialised training and tools
Auditors are already overwhelmed
w w w . p r o d i g y - g r o u p . c o m
Growing Concern
Why is it important?
Recent economic crisis
Demands for better Corporate Governance by
Governments
General publics
Shareholders
Revenue leakages and errors can become frauds if undetected and not remedied
w w w . p r o d i g y - g r o u p . c o m
Growing Concern
Why is it important?
Source: ACFE – Report To The Nation 2010
Global Issue
w w w . p r o d i g y - g r o u p . c o m
Growing Concern
Why is it important? Primary Internal Control Weakness Observed by CFEs
Source: ACFE – Report To The Nation 2010
w w w . p r o d i g y - g r o u p . c o m
Using CAATs for Audit Vs. Fraud Prevention
w w w . p r o d i g y - g r o u p . c o m
Using CAATs for Audit Vs. Fraud Prevention
Audit findings may not necessarily be fraud findings
Additional steps and considerations needed:
In-depth understanding of:
1. Business environment
2. Types of fraud schemes
3. Red flags and clues
4. Why employees commit fraud?
5. The technology - tools needed
6. The techniques
w w w . p r o d i g y - g r o u p . c o m
(1) Business Environment
Looking at INTERNAL CONTROLS: policies & procedures of the organisation.
People’s INTEGRITY can change, especially when there is OPPORTUNITY for them to commit fraud.
Looking at the different systems that are available in the organisation.
w w w . p r o d i g y - g r o u p . c o m
(2) Types of Fraud Schemes
Source: Uniform Occupational Fraud Classification System - ACFE
w w w . p r o d i g y - g r o u p . c o m
(3) Red Flags and Clues
Corruption
Is there conflict of interest between the staffs and the customers/vendors/suppliers?
Is there collusion to disadvantage the company between staffs and the customers/vendors/suppliers?
Is the company facing cash flow issues?
w w w . p r o d i g y - g r o u p . c o m
(3) Red Flags and Clues
Asset Misappropriation
Is there “ghost” employees?
Cash register’s end-of-day balance does not tally with the stock on hand?
Purchases of resources/inventory do not tally with the purchase trend?
Any anomalies in the expense claims?
w w w . p r o d i g y - g r o u p . c o m
(3) Red Flags and Clues
Fraudulent Statements
Is the revenue recognition timing adhering correctly?
Is management dominated by a single person or a small group?
Has management restricted the auditor's access to documents or personnel?
Has management set unrealistic financial goals?
Has that employee's lifestyle or behaviour changed significantly?
w w w . p r o d i g y - g r o u p . c o m
(4) Why Employees Commit Fraud?
- Weak internal controls - Weak system access control
- Others are doing it - Just “borrowing” - I deserve this - For the benefit of the organisation
- Gambling debts - “lifestyle” living - Hitting bonus incentives
w w w . p r o d i g y - g r o u p . c o m
(5) The Technology - Tools Needed
CAATs
Computer Aided Audit Tools
Computer Assisted Audit Techniques
w w w . p r o d i g y - g r o u p . c o m
(5) The Technology - Tools Needed
The characteristics of the CAATs:
High speed
100% data analysis
Log files
Audit trails
Separate log files for fraud investigation
Read only
Ability to analyse “raw data”
Ability to automate procedures or tests
w w w . p r o d i g y - g r o u p . c o m
(5) The Technology - Tools Needed
The characteristics of the CAATs:
Ability to upload materials (documents, pictures, audio, etc) for evidence
Secure knowledgebase retention
w w w . p r o d i g y - g r o u p . c o m
(6) The Techniques
CAATTs
Computer Assisted Audit Tools and Techniques
Initiate investigation predication
Prepare for investigation
Identify team members
Build business process flowchart
Apply analytical tests
w w w . p r o d i g y - g r o u p . c o m
(6) The Techniques
Initiate investigation predication
w w w . p r o d i g y - g r o u p . c o m
(6) The Techniques
Prepare for investigation
Set context or
parameter
(risk-based)
Define indicators of
fraud
Determine the presence of elements that make up the fraud, for each
indicator
Identify the required sources of
information
Obtain the data required for analysis. Ideally it should be original/raw format
data (no conversion)
w w w . p r o d i g y - g r o u p . c o m
(6) The Techniques
Identify team members
Internal / external
Fraud investigators
Technical specialists
Business process managers
Corporate lawyers
etc
w w w . p r o d i g y - g r o u p . c o m
ORDERING DEPARTMENT
PURCHASE REQUISITION
PURCHASING DEPARTMENT
PURCHASE REQUISITION
$ CHEQUE $ to VENDOR
$ CHEQUE $ to VENDOR
PURCHASE ORDER
ACCOUNTS PAYABLE
PURCHASE ORDER
PURCHASE ORDER
VENDOR
PURCHASE ORDER
RECEIVING DEPARTMENT
INVOICE INVOICE
GOODS GOODS
•Identifies products •Submits requisition to purchasing
•Selects Vendor •Places order
•Delivers goods •Sends Invoice
•Prepares Receiving Report •Distributes goods to Ordering dept.
•Compares Purchase Order to Receiving Report •Pays Vendor
RECEIVING REPORT
RECEIVING REPORT
GOODS GOODS
(6) The Techniques Flowchart: Purchases, Payables & Payment Systems
what, who, where, when and how?
w w w . p r o d i g y - g r o u p . c o m
(6) The Techniques Applying Analytical Tests (examples)
Purchases, Payments and Payables
• Duplicate payments • Early repayments • Analyse and age A/P • Correlate vouchers or
invoices posted versus purchase order amounts
• Create activity summary for suppliers with duplicate products
• Extract invoices posted with duplicate purchase order numbers
• Identify credits given before discount terms of payment days
Travel and Entertainment
• Duplicate claims • Dubious claims • Travel claims during period
when staff is on vacation or sick leave
• Running receipts numbers with no “gaps”
• Benford Test on claims • “No cents” on claims amount
Salaries and Payroll
• Compare and summarise costs for special pay, overtime, premium, etc.
• Report entries against authorisation records for new or terminated employees
• Extract all payroll checks where the gross dollar amount exceeds set amount
• Identify duplicate or missing payroll checks by check, bank, etc.
• Summarise payroll distributions for reconciliation to general ledger
w w w . p r o d i g y - g r o u p . c o m
(6) The Techniques Applying Analytical Tests
Other useful CAATs commands and functions:
Compare files – to detect changes
Verify command to check for field type mismatch
Analyse internal security logs, file permission, etc
Cross tabulate for trend analysis
Statistics to identify statistical anomalies
Digital analysis of leading digits using Benford’s Law
“SOUNDSLIKE” and “SOUNDEX” functions to identify similar or variation of company or employee names
Gaps testing of missing sequential numbering
w w w . p r o d i g y - g r o u p . c o m
(6) The Technique Early Warning Continuous Monitoring System
Data
Transactional Data
Data
Data
Data Data
Data
CONTROL & COMPLIANCE THRESHOLDS
Significant Control Breaches
Suspect Transactions
E-Mail Alerts
Exception Reports
Management/ Audit Committee / Fraud Investigation team
Management Action:
Investigation Recoveries Improved Controls & Procedures
w w w . p r o d i g y - g r o u p . c o m
Conclusion
w w w . p r o d i g y - g r o u p . c o m
Conclusion
Use the advance features of CAATs
Initiate investigation predication once “red flags” are raised
Build up a fraud team comprising of different skill sets
Build up a fraud plan using business process flowcharts
Access to original data and users access log files
Identify system / data owner
Build an early warning Continuous Monitoring through automation
Create FRAUD AWARENESS culture
Thank you…and happy hunting!
FRANSISKUS OEY ( G R O U P M D ) [email protected]
THE PRODIGY GROUP ( M E M B E R O F T H E A S S U R A N C E G R O U P A S I A P A C I F I C )
WWW.PRODIGY-GROUP.COM WWW.SATORIGROUP.COM.AU WWW.ACL.COM WWW.PENTANA.COM