Corporate Fraud Anatomy and Case Study for Audit Trail

1 | P a g e

Corporate Fraud Anatomy and Case Study for Audit Trail

March 2014

Author: Saswot Raj Sharma

Institute of Chartered Accountant of India, New Delhi, India/ Tribhuwan University

Chartered Accountant (Final Level Student)/ Masters in Econometrics (Student)

Registration Number: FRO0001641

Current Address: Lazimpat, Kathmandu, Nepal

Mobile Number: +9779813 99 85 84

Email: [email protected]

mailto:[email protected]

2 | P a g e

Table of Contents Abstract ................................................................................................................................................... 4

Introduction ............................................................................................................................................ 4

Types of Fraud ..................................................................................................................................... 6

Accounts may be falsified to conceal .................................................................................................. 6

Motives for Fraudulent Financial ........................................................................................................ 6

Ways of committing frauds ................................................................................................................. 7

Ways for detecting corporate Fraud ....................................................................................................... 7

♣ Vertical Analysis .......................................................................................................................... 7

♣ Horizontal Analysis ...................................................................................................................... 8

♣ Cross Section analysis ............................................................................................................... 10

♣ Ratio Analysis ............................................................................................................................ 10

♣ Substantive procedure/Analytical procedure ........................................................................... 11

♣ Trend analysis ........................................................................................................................... 16

♣ Mathematical model ................................................................................................................. 16

Digital analysis:.............................................................................................................................. 16

Beneish Model: ............................................................................................................................. 18

♣ Efficiency, production (input output and ratio analysis of cost sheet) ..................................... 22

♣ Propriety audit .......................................................................................................................... 22

♣ Materiality of items involved .................................................................................................... 22

♣ Capacity of management .......................................................................................................... 22

♣ Internal auditor, internal control, whistle blower interview and previous audit report .......... 22

♣ Interrogation (Neuro Linguistic Model) .................................................................................... 27

♣ Data Mining (CAAT) ................................................................................................................... 29

Data mining application classes can be classified as .................................................................... 32

Classification of Data Mining Techniques for Financial Accounting Fraud Detection .................. 33

Forensic Audit on the CAAT .......................................................................................................... 34

♣ Stock market transaction .......................................................................................................... 36

♣ Tax filing (report, sales to sales tax, income to income tax etc) ............................................... 36

Other Qualitative Means for analyzing the fraud on Financial Statements are ................................... 37

Tests of reasonableness: ................................................................................................................... 37

Historical Comparisons ..................................................................................................................... 37

Off-Balance Sheet Transactions ........................................................................................................ 37

3 | P a g e

Key Qualitative indicators ................................................................................................................. 38

INVESTIGATION OF VENDORS ........................................................................................................... 38

INVESTIGATIONS OF IMPROPER RELATED-PARTY ACTIVITY ............................................................. 39

INVESTIGATIONS OF EMPLOYEE MISAPPROPRIATIONS ................................................................... 39

Evidence collection for forensic auditing .............................................................................................. 39

Working papers ................................................................................................................................. 39

Annex 1 ................................................................................................................................................. 40

SAMPLE TABLE OF CONTENTS (FORENSIC AUDIT REPORT) .............................................................. 40

Annex II ................................................................................................................................................. 41

Works Cited ........................................................................................................................................... 41

Bibliography .......................................................................................................................................... 42

Table 1: Effective cash tax rate and quality of earnings ratio ................................................................ 11

Table 2: Examples of assertions and their respective audit procedures .................................................... 13

Table 3: Benford’s law............................................................................................................................... 17



Table 6: Beneish M-Score model .............................................................................................................. 19

Table 7: Beinsh Model Analysis for Enron, WorldCom, Global Crossing, Qwest .................................. 21

Table 8: investing ratios............................................................................................................................ 21

Table 9: Comparison of systems that can be turned off through the shut-down method or pull-the-plug method .......................................................................................................................................... 1

Figure 1: Trend analysis ........................................................................................................................ 16

Figure 2: Eye accessing clues ................................................................................................................ 28

Figure 3: Eye accessing clues ................................................................................................................ 29

Figure 4: Conceptual Framework for Application of Data Mining to Financial Accounting Fraud

Detection .............................................................................................................................................. 30

4 | P a g e

Abstract

Fraud’ refers to an intentional act by one or more individuals among management, those charged

with governance, employees, or third parties, involving the use of deception to obtain an unjust or

illegal advantage. There are many literature's that cite the methods that can be used to identify the

fraud. There are usually two type of corporate fraud, assets theft fraud and financial statement

fraud, assets theft are done by dishonest employees e.g., Cardinal Whole Sale Case, whereas

Financial Statements frauds are committed by corporate executives whose compensation is closely

tied up with performance (Georgia Society of CPAs, September/October 2008). Forensic auditing

goes deeper to the fact that statutory auditors are unable to perform due to the limitation placed by

the court. There are fundamentally 18 methods that are listed so far for analysis of statements of

financial and performance and qualitative analysis of the corporate world. They if efficiently used

can help the auditors, investors and all the stakeholders can make them aware and alert to

cosmetics and fabrication to the performance of public companies. One reason for the increased

demand for forensic accountants is the post-Enron era. New accounting rules, SAS 99, and the

Sarbanes-Oxley corporate reform law are a direct result of the Enron scandal and many others.

Because of these new laws and regulations, nervous executives have been hiring hundreds of

forensic accountants, investigators, and attorneys from law enforcement and government agencies,

including the FBI, the SEC, and the IRS (Iwata, 2003).

Introduction

‘Fraud’ refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. There are usually two type of corporate fraud, assets theft fraud and financial statement fraud, assets theft are done by dishonest employees e.g., Cardinal Whole Sale Case, whereas Financial Statements frauds are committed by corporate executives whose compensation is closely tied up with performance. WorldCom fraud perfectly exemplifies financial statement fraud. Under the direction of Bernie Ebbers (CEO) and Scott Sullivan (CFO), WorldCom’s accountants improperly recorded billion of dollars in expenditures as assets instead of expenses. Such improper accounting made WorldCom’s financial position look much better than it really was and influenced investors and creditors to make economic decisions that ultimately resulted in billions of dollars in losses. (Georgia Society of CPAs, September/October 2008). There are standards of accountingi (IFRS/US GAAP/IAS) which precisely have said the means on which accounting statements should be prepared and how the valuation of most of the items are to be made, but loopholes that the law has minimized cannot be nullified so there exist change to commit deception and departure from standards.

Before proceeding towards the fraud detection we need to understand that what the fraud actually is, the Association of Certified Fraud Examiners defines fraud as "deception or misrepresentation that an individual or entity makes knowing that the misrepresentation could result in some unauthorized benefit to the individual or to the entity or some other party." Whereas in law it has been defined as an intentional concealment of facts, more broadly if an error occurs and someone intentionally make arrangements to hide such error due to whatever

5 | P a g e

the reason will also be regarded as fraud. Corporate commits fraud to disguise the actual performance of entity, or they misrepresent information/ unsuitable disclosure so as to conceal the performance, and to manipulate the stock prices on market (Shapiro v. UJB Financial Corp, 1992) (BASIC INC. ET AL.v. LEVINSON ET AL., 1988). Fraud is the most vulnerable areas where auditors come across on cases and they try to minimize the effect by planning the audit program that best suits to understand the environment where they operate and what basis is the thing that it can conclude about. On (London & General Bank, Justice Lopes, 1895) added;

"An auditor is not bound to be a detective or ... approach his work with suspicion or with a foregone conclusion that there is something wrong.

"He is a watch dog, but not a bloodhound."

In re London and General Bank, 1895-2 Ch 673 Lord Justice Lindley recorded his valuable opinion in regard to the duties of an auditor in the following words at page 683 :

".....he must be honest, i.e., he must not certify what he does not believe to be true, and he must take reasonable care and skill before he believes that what he certifies is true. What is reasonable care in any particular case must depend upon the circumstances of that case. Where there is nothing to excite suspicion very little inquiry will be reasonably sufficient, and in practice I believe businessmen select a few cases at haphazard, see that they are right, and assume that others like them are correct also. Where suspicion is aroused more care is obviously necessary, but. still, an auditor is not bound to exercise more than reasonable care and skill, even in a case of suspicion, and he is perfectly justified in acting on the opinion of an expert where special knowledge is required......"

Again, in the year 1896, the same noble Lord reiterated his opinion in the case of In re Kingston Cotton Mill Co., 1896-2 Ch 279 at p. 284:

"The duty of an auditor generally was very carefully considered by this Court in In re London and General Bank and I cannot usefully add anything to what will be found there. It was there pointed out that an auditor's duty is to examine the books..... But it was also pointed out that an auditor is not an insurer, and that in the discharge of his duty he is only bound to exercise a reasonable amount of care and skill, It was further pointed out that what in any particular case is a reasonable amount of care and skill depends on the circumstances of that case; that if there is nothing which ought to excite suspicion, less care may properly be considered reasonable than could be so considered if suspicion was or ought to have been aroused. These are the general principles which have to be applied to cases of this description protest, however, against the notion that an auditor is bound to be suspicious as distinguished from reasonably careful. To substitute the one expression for the other may easily lead to serious error."

6 | P a g e

Types of Fraud Frauds are classified as per the peoples that are affected by the fraud and they are as follows:

1. Creditors 2. Institution/ Business 3. Financial Institution's and Intermediary 4. Federal or local government 5. Financial Markets (Stock Market) 6. Investors

Frauds can also be categorized by the technique or activity used by the fraudster. These include:

1. Advance fee frauds 2. Bogus invoices 3. Computer hacking of information or property 4. Corruption and bribery 5. Counterfeiting, forgery, or copyright abuse 6. Credit Card fraud 7. False Accounting - manipulation of accounts and accounting records 8. Fraudulent bankruptcy - exploitation of cross-border corporate structures 9. Insurance fraud 10. Internet online scams - auctions, credit card purchases, investment scams 11. Investment fraud 12. Long Firm fraud 13. Misappropriation of assets 14. Money laundering 15. Mortgage Fraud 16. Payroll fraud 17. Principal agents - failure of systems to restrict key individuals 18. Pyramid schemes 19. Unsolicited letter frauds.

Accounts may be falsified to conceal Absolute theft of company assets and money (Employees). Disguise true results of operations, or financial position of the entity with a view to

prevent timely detection of corporate frauds and obtain unjust benefit for some parties.

Motives for Fraudulent Financial Reporting by Management (To deceive the real performance of the company) Management is under pressure, from sources outside or inside the entity, to achieve

(perhaps unrealistic target, where consequences of failure are significant.) To increase the entity’s stock price or earnings trend, so as to indulge investors into

investing into stocks and thus earning commission from securities exchange for concealing the performance.

To keep the results attuned to knowingly unrealistic/non-achievable forecasts/commitment made to creditors and lenders.

Tax-motivated reasons to pay less tax and to fraud into nation's economy. To raise capital either by further issue of shares at a premium and/or through

borrowings corporate frauds are results of manipulation of accounts and accounting jugglery designed to deceive others for wrongful gains.

7 | P a g e

Ways of committing frauds Normally the companies manipulate the financial statements through the following:

Fictitious income Improper expenses recognition Incorrect asset/liabilities valuation Hidden liabilities and secret reserves Unsuitable disclosures. Deception such as manipulation, falsification or alteration of accounting records

or supporting documents. Misrepresentation in or intentional omission from the financial statements,

significant events, transactions or other information. Intentional, mis-application of accounting principles relating to measurement,

recognition, Classification, presentation, or disclosure of material transactions as required by

act is not followed

Ways for detecting corporate Fraud 1. Vertical analysis 2. Horizontal analysis 3. Cross section analysis 4. Ratio analysis 5. Substantive procedure 6. Trend analysis 7. Mathematical model, (digital analysis, benish model) 8. Efficiency production (input output and ratio analysis of cost sheet) 9. Propriety audit 10. Materiality of items involved 11. Capacity of management 12. Internal auditor, whistle blower interview and previous audit report 13. Internal control evaluation 14. Interrogation (Neuro linguistic Models for lie detection) 15. Computer Aided Audit Techniques (log file and system entry point detection) ( and data

mining) 16. Stock market transaction (on certain date) 17. Tax filing (report, sales to sales tax, income to income tax etc) 18. Qualitative Techniques

♣ Vertical Analysis

This type of analysis used the concept of analyzing significant trend that occurred on the balance sheet of same firm across times. Using the tool analysis of percentage and rations of items of this year to previous year of the significant trend of the financial statement of the organization we can analyze that if there is material modification on the trend that should be occurred rather than trend being breached. for example, all the elements of income statement

8 | P a g e

are expressed as a percentage of sales with common base items (considering the geographic factors that causes certain items to appear as red flags but is apparent due to nature of location) (THOMAS W. GOLDEN, 2006). Vertical analysis is also useful for timeline analysis, where you can see relative changes in accounts over time, such as on a comparative basis over a five-year period. For example, if operating expenses have a history of being 50% of sales in each of the past four years, then a new percentage of 65% would be a cause for alarm.

Vertical Analysis of the Income Statement

$ Totals Percent Sales $1,000,000 100% Cost of goods sold 400,000 40% Gross margin 600,000 60% Salaries and wages 250,000 25% Office rent 50,000 5% Supplies 10,000 1% Utilities 20,000 2% Other expenses 90,000 9% Total expenses 420,000 42% Net profit 180,000 18%

Vertical Analysis of the Balance Sheet

$ Totals Percent Cash $100,000 10% Accounts receivable 350,000 35% Inventory 150,000 15% Total current assets 600,000 60% Fixed assets 400,000 40% Total assets $1,000,000 100% Accounts payable $180,000 18% Accrued liabilities 70,000 7% Total current liabilities 250,000 25% Notes payable 300,000 30% Total liabilities 550,000 55% Capital stock 200,000 20% Retained earnings 250,000 25% Total equity 450,000 45% Total liabilities and equity $1,000,000 100% Hence if there is significant deviation of the benchmark that is estimated for a particular organization over 5 year period of time owing to the fact of inflationary and other factors that causes significant rise in the general price level.

♣ Horizontal Analysis

9 | P a g e

This analysis is used to understand the percentage change of financial statements items over a period of time, considering to the fact that same items change with same trend line and figures and can be used to find out the actual findings of red flag. Here we analyze usually five years average considering the general price level changes or two year change of financial statements and variance that has produced over time. This type of analysis helps to find the significant deviation to the trend of accounts of financial statements, and justification regarding significant deviation ought to be asked from management.

Horizontal Analysis of the Income Statement

20X1 20X2 Variance Sales/ Direct income $1,000,000 $1,500,000 $500,000 Cost of goods sold 400,000 600,000 (200,000) Gross margin 600,000 900,000 300,000 Salaries and wages 250,000 375,000 (125,000) Office rent 50,000 80,000 (30,000) Supplies 10,000 20,000 (10,000) Utilities 20,000 30,000 (10,000) Other expenses 90,000 110,000 (20,000) Total expenses 420,000 615,000 (195,000) Net profit $180,000 $285,000 $105,000

Horizontal Analysis of the Balance Sheet

20X1 20X2 Variance Cash $100,000 80,000 $(20,000) Accounts receivable 350,000 525,000 175,000 Inventory 150,000 275,000 125,000 Total current assets 600,000 880,000 280,000 Fixed assets 400,000 800,000 400,000 Total assets $1,000,000 $1,680,000 $680,000 Accounts payable $180,000 $300,000 $120,000 Accrued liabilities 70,000 120,000 50,000 Total current liabilities 250,000 420,000 170,000 Notes payable 300,000 525,000 225,000 Total liabilities 550,000 945,000 395,000 Capital stock 200,000 200,000 0 Retained earnings 250,000 535,000 285,000 Total equity 450,000 735,000 285,000 Total liabilities and equity $1,000,000 $1,680,000 $680,000

Horizontal analysis can be mis-used to report skewed findings. This can happen when the analyst modifies the number of comparison periods used to make the results appear unusually good or bad. For example, the current period's profits may appear excellent when only

10 | P a g e

compared with those of the previous month, but are actually quite poor when compared to the results for the same month in the preceding year. Consistent use of comparison periods can mitigate this problem.

♣ Cross Section analysis

This type of analysis uses the concept of economic theory that all the firms of same size, capacity and recourse have the same level of input and output of products and resources. Hence we can use the industrial average of particular type of organization or same type of organization and see if the variables or items appearing on the balance sheet do not depict the pattern. Thus this form indicated clarification regarding if, the general trend and general price level changes across same industrial units have same degree of correlation.

♣ Ratio Analysis

This type of analysis can be used for finding the earning management done by the management key ratios that are suggested by financial analyst are quality of earnings ratio( net income to cash flow) (Brain-low and Updyke 2002; Anders 2002; Wills 2002), they cited that telltale sign of trouble was negative OCF( operation cash flow) while the company's EBITDA ( earnings before interest tax depreciation and amortization) was positive. Effective cash tax rate

Additional Red Flag: Quality of Earnings Quaity of Earnings = Operating Cash Flow

--------------------

Net Income

Enron WorldCom Global Crossing Quest

Year: 2000 1999 2001 2000 2001 2000 2001 2000

Benchmark: 4.88 1.38 5.78 1.88 -0.55 .6.60 -1.01 -45.44

Red Flag? No Yes No Yes Yes Yes Yes Yes

Additional Red Flag: Effective Cash Tax Rate GAAP: Accrual Basis

Effective Tax Rate

= Total Income Tax Expenses

-------------------------------

Net Income Before Taxes

versus Cash Basis Effective Tax Rate

= Total Income Tax Paid

-------------------------------

Net Income Before Taxes

Enron WorldCom Global Crossing Qwest

11 | P a g e

Year 2000 1999 2001 2000 2001 2000 2001 2000

GAAP Effective Tax Rate 30.7 10.4 38.7 40 Losses: Not Meaningful

versus

Cash Effective Tax Rate 4.4 5.1 9 9.8

Benchmark: >2 6.97 2.03 4.3 4.08

Red Flag? Yes Yes Yes Yes

Table 1: Effective cash tax rate and quality of earnings ratio

Most relevant ratio analysis is:

1. Gross margin and sales growth 2. Price to book and price earning 3. Profit margin, top-line growth & bottom line growth 4. Return on assets and return on equity 5. Current ratio 6. Quality of earning and effective cash tax rate

Other type of ratios are that are generally used for analysisii

♣ Substantive procedure/Analytical procedure

The Meaning of Substantive Procedures: Substantive procedures involve verification of transactions and account balances to supporting records such as invoices and ledgers. The purpose of substantive procedures is to identify material misstatements in the financial statements.

Substantive procedures consist of two activities as follows:

Analytical Substantive Procedures (simply known as analytical procedures or analytical review)

Test of Details, which is sub-divided into: Test of transactions [i.e. test of income statement figures] AND Test of account balances [i.e. test of statement of financial position figures].

Analytical Procedures (ISA 520): Analytical procedures have been defined as the relationship between financial data and non-financial data of the same period (month by month) or different periods (year by year) to highlight significant differences. Analytical procedures also include assessment of relevant accounting ratios and trends and investigation into unexpected variances.

12 | P a g e

Application of Analytical Procedure: Analytical procedures are applied by the auditor, throughout the stages of audit as follows:

1. At the planning stage: This is a requirement by ISA 520 and helps auditors to identify areas of significant fluctuations. Auditors then focus their test of controls and substantive procedures on transactions and balances that indicate significant variances. Auditors at this stage compare current year with previous year’s financial statements to identify significant variances.

2. Substantive test stage: During the course of the audit, analytical procedures such as year by year comparison and proof in total can be used to confirm assertions completeness and accuracy respectively.

3. Final stage: The ISA 520 requires auditors to apply analytical procedures during audit completion activities. The method used is to compare current year’s audited figures with previous year. Additional substantive audit procedures must be performed to address any material unexpected variances.

Substantive Procedures & Test of controls: Substantive procedures are performed after test of controls. The level of substantive procedures is influenced by the result of test of controls. If test of controls indicates that internal controls are weak, then more substantive procedures will be performed to confirm any material misstatements, and vice versa.

Substantive Procedures & Sources of Audit Evidence: There are seven sources of audit evidence (ISA 500) including observation, inquiry and recalculation. These sources of audit evidence indicate how auditors derive information and also represent audit procedures. An auditor may observe a company's revenue system (test of control) to confirm effectiveness of controls. However, it is inappropriate to observe revenue income ($), as a form of substantive test. For revenue income auditors preferred procedures include recalculation of sales invoice total and sales journals. Thus audit procedures must be relevant to auditor’s objective.

Substantive Procedures & Financial Statement Assertions: Auditors’ substantive procedures are designed in a manner to confirm financial statements assertions (aka assertions). Assertions are the representations or claims made by financial statements. For instance, a set of income statements maintain to presuppose specific characteristics (assertions) of financial information reported such as completeness, accuracy, occurrence and cut-off. It is worthy to note that as financial statements are prepared by directors, assertions are also directors’ representations. Consider this question: Briefly explain directors representations embodied in the receivables balance of $45,000.

Substantive procedures are therefore designed to confirm specific assertions claimed by financial statements. An effective approach to substantive procedures is to consider relevant assertions and to identify audit procedures needed to confirm such assertions.

13 | P a g e

The table below illustrates examples of assertions and their respective audit procedures. There are more than one audit procedures to confirm an assertion. The suggested tabulated audit procedures for each transaction or account balance reflect various ways of confirming an assertion.

Income Statement Assertions

Completeness: All transactions are recorded

Accuracy:Transactions amounts recorded correctly

Occurrence: Transactions actually took place

Cut-off: Transactions recorded in correct accounting period

Revenue Select a sample of sales invoices in sequence and trace to sales journal.

Select a sample of sales invoices and trace price quoted to official price list.

Select a sample of sales invoices and agree with goods dispatch notes.

Select a sample of sales invoices just before and after year end to confirm that it have been included and excluded respectively.

Purchases Compare current year purchases with previous to assess reasonableness of variance.

Obtain purchase journals and cast total totals to confirm it correctness.

Select sample of purchase orders and agree with purchase invoices and good received notes.

Select a sample of purchase invoices just before and after year end to confirm that it have been included and excluded respectively.

Payroll Agree list of payroll total with general ledger and statement of financial position.

Select a sample of employees and recalculate net pay using appropriate tax rates.

Select a sample of employees’ time sheets and compare with payroll list and bank payments.

Select a sample of employees’ time sheets and net pays before and after year end and trace to correct accounting year.

Statement of Financial Position (SFP) Assertions

Completeness: All balances (assets & liabilities) recorded

Existence: Balances (assets & liabilities) are real

Valuation: Assets & liabilities amount are correct

Right & Obligation: Entity has control over assets or responsibility to pay liabilities

Non-current assets (NCAs)

Obtain list of NCAs and agree with general ledger and SFP.

Visit locations of NCAs and inspect conditions of NCAs.

Recalculate depreciation charges and agree with account.

Review appropriate ownership documents to confirm document details relate to entity.

Receivables Agree list of receivables total with receivable control accounts.

Send confirmation letters to sample receivables.

Review receivables list to ensure bad debts are excluded.

Review addressees of sample sale invoices and GDNs with receivables ledger.

Inventories Obtain and cast inventory list total and agree with SFP.

Attend inventory count and inspect sample inventories.

Review inventory list and assess allowance for slow moving items.

Review sample of purchase invoices and GRNs and confirm entity indeed purchased items.

Table 2: Examples of assertions and their respective audit procedures

14 | P a g e

Audit of Accounting Estimates & Matters Confined To Management

IAS 8 permits preparers of accounts to estimate certain figures such as allowances for doubtful debts, warranty and lawsuit. Obviously, there are no verifiable documents such as invoices to support such estimates. Auditor’s approach is to assess reasonableness of estimates included in the financial statements. Methods used by auditors in assessing estimates and matters confined to management (e.g. subsequent events) include the following:

1. Make inquiries from directors with respect to specific estimate or allowance. 2. Review board minutes to obtain evidence relating to specific allowance. 3. Obtain representation from directors to confirm reasonableness of allowance. 4. Inquire from directors assumptions used in deriving allowance. 5. Compare estimate with previous year to assess completeness (this procedure will be

irrelevant if it is a first time estimate). 6. Review after date position (i.e. post year end transactions) of estimate to confirm

appropriateness of allowance: For instance if at date of audit cash payments for customers’ warranty, account for 90% of total allowance for warranty, then allowance for warranty may be considered inadequate by the auditor.

Substantive Procedures Common Pitfalls:

Audit Procedures & Accounting Standards & Entries: Substantive audit procedures reflect requirements of accounting standards and basic book-keeping entries. There are situations where exams questions are unanswered not because of time pressure, but such questions may be considered difficult. For instance audit procedures for bank balance should reflect accounting entries related to cash book, bank reconciliation statement and even one’s experience of personal banking.

Types of Ledger Accounts: Invariably, audit procedures make reference to ledger accounts. There are three types of ledger accounts as follows:

1. Sales ledger: This consists of receivables balances (customers).

2. Purchases ledger: This consists of payables balances (suppliers).

3. General ledger: This consists of all other accounts balances other than sales and purchases ledgers. General ledgers comprise of sales revenue, purchases, assets & liabilities, other income and expenses.

Sales revenue is therefore not a sales ledger account. Receivables and payables are not general ledger category. The misuse of types of ledgers invalidates audit answers. For example it is impracticable to agree sales revenue with sales ledger (receivables), as sales revenue consists of cash and credit sales. Even where sales revenue is wholly on credit, sales revenue cannot be agreed to sales ledger (receivables) as customers might have made some payments throughout

15 | P a g e

the year. However, sales revenue can be compared with sales ledger (i.e. analytical procedure) to assess the reasonableness of receivables.

Help in Case Studies: Audit questions are often based on a case study. This requires answers to reflect the specifics of case study. For example if sales tax (VAT) is not included in a case study, answers should not refer to procedures on sales tax. In effect audit procedures should revolve around a company’s accounting system. Candidates should be prepared to apply principles learnt to annotate case study facts.

Appropriate Audit Procedures: The use of the term ‘check’ is often so vague that it attracts little or no credits. The term ‘check’ is often used without stating exactly what is being checked. A poor example of the use of ‘check’ may be for example: ‘Check sales ledger transactions’ (for what?). A proper use of ‘check 'could be: ‘Check sales ledger transaction (and) to identify any unusual postings’.

It is advisable to be mindful of the use of the conjunction ‘and’ in audit procedures where necessary. Examiners’ reports often comment on weak answers such as ‘Obtain list of receivables’ (for what?). This is incomplete answer. Rather the audit procedure should be worded like ‘Obtain list of receivables and cast totals or agree total with sales ledger’.

Audit procedures should reflect a reason (the why or how) it being performed. Consider this familiar but erroneous audit procedure: ‘Obtain management representation letter’. Rather this audit procedure could be: ‘Obtain management representation letter to confirm entity is a going concern or provision is reasonable’.

Audit procedures should also reflect appropriate direction of testing. For example when testing for occurrence of sales transactions it is inappropriate to begin with ‘Trace sample goods dispatch notes with respective sales invoices’. By starting with goods dispatch notes (GDNs), the possibility of identifying misstatements is completely diminished. GDNs is a self-evidence of occurrence of sales transactions. An appropriate test for occurrence of sales transaction is to ‘Trace samples sales invoices to respective GDNs’.

Often test of controls are produced as substantive procedures and vice versa. An exams case study may include both internal and accounting systems. Substantive procedures should be restricted to accounting system. For example ‘‘review of approval of customers’ credit limits’’ will normally be performed as test of control. However, substantive procedure on credit limit will be to ‘Compare sample receivable balances with credit limits to confirm whether receivables are within authorized limits’, as this will assess adequacy of allowance for receivables.

(Odei-Kissi, 2013)

16 | P a g e

♣ Trend analysis

This type of analysis uses the concept that all the business works on the trend line having seasonal, cyclic, or static trend line that depict how data's are flowing and help to create the analysis that data's ought to move that way viewing the cycles of business, demand, supply, business lines competition etc. Typical trend lines for analysis of financial statements are for: revenues, gross margin, net profit margin, account receivable and debt.

Figure 1: Trend analysis

♣ Mathematical modeliii

Digital analysis:12 The digital analysis also called the “Benford’s law” is basically the analysis of the frequency of digits in every transaction. The law has been evolved over the years and concluding the ideal probability in percentage of occurrence of each digit in every transaction.

As we know that amount of every transaction stars from one digit from 1,2,3,4,5,6,7,8,or 9. Now we need to conduct 1st digit, 2nd digit, 3rd digit and 4th digit analysis of the given data. During

1 http://www.jsrsys.com/fema/new15sys.htm

2 http://www.csub.edu/~bbae/publication/digital%20analysis%20in%20audit.todays%20cpa%202002.pdf

17 | P a g e

this analysis we establish the frequency of each digit and then compare it with the established probable result by the Benford’s law. Where the calculated frequency exceeds the established probability it should be red flagged as potential fraud and needs to be further verified in detail. e.g. in a given data of 7000 transactions we conduct a single digit or 1st digit analysis and the following are the results:

Table 3: Benford’s law

Now compare the calculated results as per column C with the established probabilities under the Benford’s law and identify the group of transactions having potential fraud risk. Similarly the frequency of 2nd, 3rd and 4th digit can be calculated and compared with the ideal probability for identification of the potential fraud in the group of transactions.

The following table B gives the standard probability of the 1st, 2nd, 3rd and 4th digit for the compassion with the actual calculated results.


18 | P a g e

Now compare the values calculated in column C of the table A with the 1st digit probability as mentioned in


Now see the positive variation where the actual frequency of 1st digit exceeds the standard probable frequency of the same. This variation denotes that the transactions starting with these digits (i.e. 3,4,5,8 & 9) are potentially risky area and needs further verification and application of substantive procedures.

The auditor intends to use the digital analysis must keep in mind that the digital analysis is applicable only on the relatively large data. The relatively large data means the set of transactions should be at least more than 300 transactions. The digital analysis may not be useful for the small data and result calculated under digital analysis will not serve the purpose. Furthermore, once understood the application and using the digital analysis at first digit level same technique can be used to analyze the 2nd, 3rd and 4th digit analysis. Normally the desired results can be obtained only by applying the 1st digit analysis and we may not need to apply the 2nd, 3rd and 4th digit analysis.

Beneish Model:3

The Beneish M-Score model (the Model), developed in 1999 by Messod D. Beneish, Ph.D., professor of accounting in the Kelley School of Business at Indiana University—Bloomington, consists of eight indices capturing financial statement anomalies that can result from earnings manipulation or other types of fraudulent activity. Actual data in the financial statements builds

3

http://www.google.com.np/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&ved=0CE4QFjAE&url=http%3A%2F%2Faaahq.org%2Faudit%2Fmidyear%2F04midyear%2Fpapers%2FDangers%2520of%2520Applying%2520Benford's%2520Law%2520-%2520Paper%2520-%2520December%25202003.doc&ei=MG4dU9mjGsayiAfxnoC4BA&usg=AFQjCNGtv8eznX9auz5FQlMsaKJ0OLDZYg&bvm=bv.62578216,d.aGc

19 | P a g e

the calculations of the indices that create the overall M-Score describing the degree of possible earnings manipulation or possible other fraudulent activity, such as concealing embezzlement activity. In his study, Beneish found that he could correctly identify 76% of the earnings manipulators and incorrectly identify 17.5% as non-manipulators.1 In other words, Beneish found that 17.5% of the companies whose financial statements he thought were free from earnings manipulation re-filed financial statements later due to earnings manipulation. From the financial forensic examiner's perspective, the percentage of correct identification provides reassurance that the calculations deliver reliable information concerning the examination of the financial information, thus allowing the investigative work to be more effective and efficient.

The M-Score has been set at -2.22, the auditors are required to calculate the M-Score of the company under audit and compare it with the standard given in the Beneish Model. If the outcome of the actual analysis is less than -2.22 it means that the financials given by the company are accurate and there is zero probability of manipulation of the books of accounts used to prepare the financial statements. Whereas the greater M-Score means that the financial statements have been manipulated.

In order to calculate the M-Score following ratios are calculated from the financial statements under audit:

Table 6: Beneish M-Score model

The factor/ ratios calculated as per above table then used in the following formula with the given constant values to calculate the M-Score:

M = -4.84 + 0.92*DSRI + 0.528*GMI + 0.404*AQI + 0.892*SGI + 0.115*DEPI – 0.172*SGAI + 4.679*TATA – 0.327*LVGI

20 | P a g e

The above calculation of M-Score is referred as 8- variable M- score because it contains 8 factors for the analysis of the financial statement to identify the potential manipulation of the financial statements. There is another version called 5-variable M-Score can also be used to analyze the financial statements for the same purpose. In order to calculate the 5-variable M-Score the following formula is used:

M = -6.065 + 0.823*DSRI + 0.906*GMI + 0.593*AQI + 0.717*SGI + 0.107*DEPI

Once you have calculated all ratios calculate the M-Score and compare it with the standard i.e. -2.22 and conclude that financial statements are manipulated or not.

21 | P a g e

Table 7: Beinsh Model Analysis for Enron, WorldCom, Global Crossing, Qwest

Table 8: investing ratios

(Hugh & Tom, 2004)

22 | P a g e

♣ Efficiency, production (input output and ratio analysis of cost sheet)

This analysis can be used to find the actual calculation made by the auditors regarding certain items like interest, tax, depreciation, reserves amortization and seeing the actual results and thus identifying the red flags areas.

♣ Propriety audit

Propriety audit is conducted by Supreme Audit Institutions (SAI) to report on whether Government accounts, i.e., all expenditure sanctioned and incurred are need-based and all revenues due to Government have been realized in time and credited to the government account. In conducting the propriety audit, “Value for Money audit” technique aims at lending assurance that economy, efficiency and efficacy have been achieved in the transactions for which expenditure has been incurred or revenue collected is usually applied. The same analogy, with modifications to the principles of propriety of public finance, applies in forensic audit to establish fraudulent intentions if any, on the part of the management. Financial frauds are results of wasteful, unwarranted and fruitful expenditure or diversion of funds by the investigated entity to another entity.

♣ Materiality of items involved

All the items that are material either individually or in aggregate should not be relied on sampling basis. These items must be audited on one to one basis, using substantive procedure and significances of internal control should not be overruled while performing audit of materials items.

♣ Capacity of management

Management having high ethical character, moral integrity, professional development is used as a basis of finding whether they can be motives of performing fraud or not. If noticed that senior management team composes of person having non qualities and are just promoted as a relation to favoritism, cronyism, and nepotism then they may show red flag areas that should be overlooked.

♣ Internal auditor, internal control, whistle blower interview and previous audit report

Internal control is a process. It’s a means to an end, not an end in itself.

23 | P a g e

Internal control is affected by people. It’s not merely policy manuals and forms, but people at every level of an organization.

Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.

Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

Internal control consists of five interrelated components. These are derived from the way management runs a business, and are integrated with the management process. Although the components apply to all entities, small and mid-size companies may implement them differently than large ones. Its controls may be less formal and less structured, yet a small company can still have effective internal control. The components are:

1. Control Environment — The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors.

2. Risk Assessment — Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.

3. Control Activities — Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity’s objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.

4. Information and Communication — pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control

24 | P a g e

responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders.

5. Monitoring — Internal control systems need to be monitored–a process that assesses the quality of the system’s performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board.

Integrity and Ethical Values

1. Existence and implementation of codes of conduct and other policies regarding acceptable business practice, conflicts of interest, or expected standards of ethical and moral behavior.

2. A dealing with employees, suppliers, customers, investors, creditors, insurers, competitors, and auditors, etc. (e.g., whether management conducts business on a high ethical plane, and insists that others do so, or pays little attention to ethical issues).

3. Pressure to meet unrealistic performance targets — particularly for short-term results — and extent to which compensation is based on achieving those performance targets.

Commitment to Competence

Formal or informal job descriptions or other means of defining tasks that comprise particular jobs.

Analyses of the knowledge and skills needed to perform jobs adequately. Board of Directors or Audit Committee Independence from management, such that necessary, even if difficult and probing,

questions are raised. Frequency and timeliness with which meetings are held with chief financial and/or

accounting officers, internal auditors and external auditors. Sufficiency and timeliness with which information is provided to board or committee

members, to allow monitoring of management’s objectives and strategies, the entity’s financial position and operating results, and terms of significant agreements.

Sufficiency and timeliness with which the board or audit committee is apprised of sensitive information, investigations and improper acts (e.g., travel expenses of senior officers, significant litigation, investigations of regulatory agencies, defalcations, embezzlement or misuse of corporate assets, violations of insider trading rules, political payments, illegal payments).

25 | P a g e

Management’s Philosophy and Operating Style

Nature of business risks accepted, e.g., whether management often enters into particularly high-risk ventures, or is extremely conservative in accepting risks.

Frequency of interaction between senior management and operating management, particularly when operating from geographically removed locations.

Attitudes and actions toward financial reporting, including disputes over application of accounting treatments (e.g., selection of conservative versus liberal accounting policies; whether accounting principles have been misapplied, important financial information not disclosed, or records manipulated or falsified).

Organizational Structure

Appropriateness of the entity’s organizational structure, and its ability to provide the necessary information flow to manage its activities.

Adequacy of definition of key managers’ responsibilities, and their understanding of these responsibilities.

Adequacy of knowledge and experience of key managers in light of responsibilities. Assignment of Authority and Responsibility

Assignment of responsibility and delegation of authority to deal with organizational goals and objectives, operating functions and regulatory requirements, including responsibility for information systems and authorizations for changes.

Appropriateness of control-related standards and procedures, including employee job descriptions.

Appropriate numbers of people, particularly with respect to data processing and accounting functions, with the requisite skill levels relative to the size of the entity and nature and complexity of activities and systems.

Human Resource Policies and Practices

Extent to which policies and procedures for hiring, training, promoting and compensating employees are in place.

Appropriateness of remedial action taken in response to departures from approved policies and procedures.

Adequacy of employee candidate background checks, particularly with regard to prior actions or activities considered to be unacceptable by the entity.

Adequacy of employee retention and promotion criteria and information-gathering techniques (e.g., performance evaluations) and relation to the code of conduct or other behavioral guidelines

Risks: Entity Level. Risks at the entity-wide level can arise from external or internal factors. Examples include:

26 | P a g e

External Factors

1. Technological developments can affect the nature and timing of research and development, or lead to changes in procurement.

2. Changing customer needs or expectations can affect product development, production process, customer service, pricing or warranties.

3. Competition can alter marketing or service activities. 4. New legislation and regulation can force changes in operating policies and

strategies. 5. Natural catastrophes can lead to changes in operations or information systems and

highlight the need for contingency planning. 6. Economic changes can have an impact on decisions related to financing, capital

expenditures and expansion.

Internal Factors

1. A disruption in information systems processing can adversely affect the entity’s operations.

2. The quality of personnel hired and methods of training and motivation can influence the level of control consciousness within the entity. A change in management responsibilities can affect the way certain controls are affected.

3. The nature of the entity’s activities, and employee accessibility to assets, can contribute to misappropriation of resources.

4. An unassertive or ineffective board or audit committee can provide opportunities for indiscretions

Circumstances Demanding Special Attention

This focus on managing change is founded on the premise that, because of their potential impact, certain conditions should be the subject of special consideration. The extent to which such conditions require management’s attention, of course, depends on the effect they may have in the particular circumstances. Such conditions are:

1. Changed Operating Environment — A changed regulatory or economic environment can result in increased competitive pressures and significantly different risks. “Divestiture” in the telecommunications industry, and deregulation of commission rates in the brokerage industry, for example, thrust entities into a vastly changed competitive environment.

2. New Personnel — A senior executive new to an entity may not understand the entity’s culture, or may focus solely on performance to the exclusion of control-

27 | P a g e

related activities. High turnover of personnel, in the absence of effective training and supervision, can result in breakdowns.

3. New or Revamped Information Systems — Normally effective controls can break down when new systems are developed, particularly when done under unusually tight time constraints — for example, to gain competitive advantage or make tactical moves.

4. Rapid Growth — When operations expand significantly and quickly, existing systems may be strained to the point where controls break down; where processing shifts or clerical personnel are added, existing supervisors may be unable to maintain adequate control.

5. New Technology — When new technologies are incorporated into production processes or information systems, a high likelihood exists that internal controls will need to be modified. Just-in-time inventory manufacturing technologies, for instance, commonly require changes in cost systems and related controls to ensure reporting of meaningful information.

6. New Lines, Products, Activities — When an entity enters new business lines or engages in transactions with which it is unfamiliar, existing controls may not be adequate. Savings and loan organizations, for example, ventured into investment and lending arenas in which they had little or no previous experience, without focusing on how to control the risks involved.

7. Corporate Restructurings — Restructurings — resulting, for example, from a leveraged buyout, or from significant business declines or cost-reduction programs — may be accompanied by staff reductions and inadequate supervision and segregation of duties. Or, a job performing a key control function may be eliminated without a compensating control put in its place. A number of companies learned too late that they made rapid, large-scale cutbacks in personnel without adequate consideration of serious control implications.

8. Foreign Operations — The expansion or acquisition of foreign operations carries new and often unique risks that management should address. For instance, the control environment is likely to be driven by the culture and customs of local management. Also, business risks may result from factors unique to the local economy and regulatory environment. Or, channels of communication and information systems may not be well established and available to all individuals.

(Coopers & Lybrand , May 1994)

♣ Interrogation (Neuro Linguistic Model)

Following model can be used while accessing the information regarding whether subject is lying while providing answers to questionnaire. This is the famous model used by clinical hypnotist and interrogation agencies working for national defense. This method is universal and is applicable to all the subjects under considering since it uses the model of brain accessing and eye movements.

Its concept are:

1. Eyes Up and Left: Non-dominant hemisphere visualization - i.e., remembered imagery (Vr). 2. Eyes Up and Right: Dominant hemisphere visualization - i.e., constructed imagery and visual

fantasy (Vc).

28 | P a g e

3. Eyes Lateral Left: Non-dominant hemisphere auditory processing - i.e., remembered sounds, words, and "tape loops" (Ar) and tonal discrimination.

4. Eyes Lateral Right: Dominant hemisphere auditory processing - i.e., constructed sounds and words (Ac).

5. Eyes Down and Left: Internal dialogue, or inner self-talk (Ad). 6. Eyes Down and Right: Feelings, both tactile and visceral (K). 7. Eyes Straight Ahead, but Defocused or Dilated: Quick access of almost any sensory

information; but usually visual.

Figure 2: Eye accessing clues

To explore the relationship between eye movements and thinking for yourself, find a partner, ask the following questions, and observe his or her eye movements. For each question keep track of your partner's eye movements in one of the boxes (following the questions below) by using marks, lines or numbers that represent the sequence of positions you observe.

1. Visual Remembered: Think of the color of your car. What kind of pattern is on your bedspread? Think of the last time you saw someone running. Who were the first five people you saw this morning?

2. Visual Construction: Imagine an outline of yourself as you might look from six feet above us and see it turning into a city skyline. Can you imagine the top half of a toy dog on the bottom half of a green hippopotamus?

3. Auditory Remembered: Can you think of one of your favorite songs? Think of the sound of clapping. How does your car's engine sound?

4. Auditory Constructed: Imagine the sound of a train's whistle changing into the sound of pages turning. Can you hear the sound of a saxophone and the sound of your mother's voice at the same time?

5. Auditory Digital (Internal Self Talk): Take a moment and listen to the sound of your own inner voice. How do you know it is your voice? In what types of situations do you talk to yourself the most? Think of the kinds of things that you say to yourself most often.

6. Kinesthetic Remembered: (Tactile) When was the last time you felt really wet? Imagine the feelings of snow in your hands. What does a pine cone feel like? When was the last time you touched a hot cooking utensil? (Visceral/Emotional) Can you think of a time you felt satisfied about something you completed? Think of what it feels like to be exhausted. When was the last time you felt impatient?

29 | P a g e

7. Kinesthetic Construction: (Tactile) Imagine the feelings of stickiness turning into the feelings of sand shifting between your fingers. Imagine the feelings of dog's fur turning into the feelings of soft butter. (Visceral/Emotional) Imagine the feelings of frustration turning into the feeling of being really motivated to do something. Imagine the feeling of being bored turning into feeling silly about feeling bored.

Figure 3: Eye accessing clues

(Dilts, Robert)

♣ Data Mining (CAAT)

30 | P a g e

Data-mining analytics are different from the other types of analytic procedures in that they are queries or searches performed within accounts or other client data to identify anomalous individual items, while the other types use aggregated financial information. What can be expected of data mining depends on the purpose of the procedure. For example, scanning a numerical sequence may bring to light certain gaps that merit investigation, while scanning payment amounts may yield evidence of duplicate payments. The expectation in searching for large and unusual items is based on the forensic accounting investigator’s assessment of what constitutes normal. While some analytics such as a scan of closing or adjusting entries may be performed manually, others such as filters, duplicates, gaps, and sorts may require computer-assisted audit techniques using software packages like Audit Command Language, Access, or Excel. You may also opt to build your own tool for large data sets. (THOMAS W. GOLDEN, 2006)

Figure 4: Conceptual Framework for Application of Data Mining to Financial Accounting Fraud Detection

Software engineers have developed various software's4 that can be used for data mining and finding

patterns, that were previously unavailable. External intruders5 are too a risk factor that can cause a

serious harm. (Hoke, 2004)

1. 4 Deloitte & Touché has set up a worldwide network of computer forensic labs for their forensic accountants and

technicians (Iwata, 2003). 2. There are many new technologies that allow the investigators to recover deleted files, crack encryptions or

codes, and extract and sort data (Bigler, 2001). 3. KPMG Forensic Accounting has developed software that it uses to aid in determining how the fraud was

perpetrated. The software prepares a TRACE (Transactional Representation of Assets and Court Evidence) diagram. The TRACE diagram provides a computer-generated graphical and concise summary of a series of transactions, events or structures in an easy-to-read format, to map the flow of funds through the perpetrator’s private companies/accounts, identify the parties involved, and provide litigation support to the civil and criminal proceedings (Sing, 1999).

31 | P a g e

The following ten steps describe the key activities in implementing a forensic readiness program that

we can use as trail on court against criminal proceedings:

1. Define the business scenarios that require digital evidence. 2. Identify available sources and different types of potential evidence. 3. Determine the evidence collection requirement. 4. Establish a capability for securely gathering legally admissible evidence to meet the

requirement. 5. Establish a policy for secure storage and handling of potential evidence. 6. Ensure monitoring is targeted to detect and deter major incidents. 7. Specify circumstances when escalation to a full formal investigation (which may use the

digital evidence) should be launched. 8. Train staff in incident awareness, so that all those involved understand their role in the

digital evidence process and the legal sensitivities of evidence. 9. Document an evidence-based case describing the incident and its impact. 10. Ensure legal review to facilitate action in response to the incident.

(Robert Rowlingson Ph.D, 2004)6

Data-mining might include all of the following:

Scanning transaction listings Identifying gaps in check runs or shipping documents Identifying duplicate invoice numbers, payments, or payroll transactions to the same

payee Matching return dates and credit memos to test for proper cutoff Comparing recent invoice prices with costs on the perpetual inventory records Filtering to identify all new suppliers, nonstandard journal entries, accounts under

dispute, and the like Stratifying or grouping customer accounts by balance size or employees by overtime

pay

4. A software program (called Gargoyle) can detect steganography (i.e., steganography is a process by which data

can be hidden within other files). Using steganography, a fraudster could hide stolen data within an MP3-format

song making it virtually undetectable until Gargoyle. WetStone Technologies released the Gargoyle software in

May 2003. It was developed to work with the government-sponsored National Software Reference Library

(NSRL) database. The NSRL database is a collection of digital file signatures, known as hashes, developed from

thousands of common software programs. These hashes allow investigators to check if any alterations have

occurred. Currently, Gargoyle can identify a large quantity of programs. In addition to stenography programs,

Gargoyle includes 550 Trojan-horse toolkits, 94 wireless-war-driving software tools, 455 file encryption programs,

and hundreds of key-logging and password-cracking applications (Piazza, 2003).

5. A company based out of Houston (called ChurchStreet Technology) has developed a very useful tool for forensic

accountants and other crime-fighting agencies. ChurchStreet has developed a method for reconstructing shredded

documents electronically, offering a speedier alternative to the laborious task of searching, matching, and pasting

strips manually. The process uses proprietary digitizing techniques to scan the shredded paper and then matches

them with specialized software. The software can even reconstruct documents that have been cross-shred or cut in

two directions into tiny pieces (Satov, 2003). 5 http://www.pkftexas.com/media/258401/fullmagvol4iss3.pdf

6 https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B13342-B4E0-1F6A-156F501C49CF5F51.pdf

32 | P a g e

Data mining application classes can be classified as:

Classification: Classification builds up and utilizes a model to predict the categorical labels of unknown objects to distinguish between objects of different classes. These categorical labels are predefined, discrete and unordered. The research literature describes that classification or prediction is the process of identifying a set of common features (patterns), and proposing models that describe and distinguish data classes or concepts. Common techniques include neural networks, the Naïve Bayes technique, decision trees and support vector machines. Such classification tasks are used in the detection of credit card, healthcare and automobile insurance, and corporate fraud, among other types of fraud, and classification is one of the most common learning models in the application of data mining in fraud detection.

Clustering: Clustering is used to partition objects into previously unknown conceptually meaningful groups (i.e. clusters), with the objects in a cluster being similar to one another but very dissimilar to the objects in other clusters. Clustering is also known as data segmentation or partitioning and is regarded as a variant of unsupervised classification. Cluster analysis decomposes or partitions a data set (single or multivariate) into dissimilar groups so that the data points in one group are similar to each other and are as different as possible from the data points in other groups. It is suggested that data objects in each cluster should have high intra-cluster similarity within the same cluster but should have low inter-cluster similarity to those in other clusters. The most common clustering techniques are the K-nearest neighbor, the Naïve Bayes technique and self-organizing maps.

Prediction: Prediction estimates numeric and ordered future values based on the patterns of a data set . It is noted that, for prediction, the attribute, for which the value being predicted is continuous-valued (ordered) rather than categorical (discrete-valued and unordered). This attribute is referred as the predicted attribute. Neural networks and logistic model prediction are the most commonly used prediction techniques.

Outlier Detection: Outlier detection is employed to measure the distance between data objects to detect those objects that are grossly different from or inconsistent with the remaining data set. Data that appear to have different characteristics than the rest of the population are called outliers. The problem of outlier/anomaly detection is one of the most fundamental issues in data mining. A commonly used technique in outlier detection is the discounting learning algorithm.

Regression: Regression is a statistical methodology used to reveal the relationship between one or more independent variables and a dependent variable (that is continuous-valued). Many empirical studies have used logistic regression as a benchmark. The regression technique is typically undertaken using such mathematical methods as logistic regression and linear regression, and it is used in the detection of credit card, crop and automobile insurance, and corporate fraud.

33 | P a g e

Visualization: Visualization refers to the easily understandable presentation of data and to methodology that converts complicated data characteristics into clear patterns to allow users to view the complex patterns or relationships uncovered in the data mining process. The researchers have exploited the pattern detection capabilities of the human visual system by building a suite of tools and applications that flexibly encode data using color, position, size and other visual characteristics. Visualization is best used to deliver complex patterns through the clear presentation of data or functions .

Classification of Data Mining Techniques for Financial Accounting Fraud Detection To determine the main algorithms used for financial accounting fraud detection, we present a Review of data mining techniques identified in literature applied to the detection of financial fraud. The most frequently used techniques are logistic models, neural networks, the Bayesian belief network, and decision trees, all of which fall into the classification category. These four techniques are discussed in more detail in the following paragraphs.

Regression Models: The regression based models are mostly used in financial accounting fraud detection. The majority of them are based on logistic regression, stepwise-logistic regression, multi criteria decision making method and exponential generalized beta two (EGB2). Logistic model is a generalized linear model that is used for binomial regression in which the predictor variables can be either numerical or categorical . It is principally used to solve problems caused by insurance and corporate fraud. Some of the research has suggested logistic regression based model to predict the presence of financial statement fraud. Statistical method of logistic regression can detect falsified financial statements efficiently . Some researchers have also developed generalized qualitative response model based on Probit and Logit techniques to predict financial statement fraud. That model was based on a dataset collected by an international public accounting company and needs testing for generalization. Cascaded Logit model has also proposed to investigate the relationship between insider trading and possibility of fraud. The study in found that, when the fraud is being executed, insiders, i.e. top executives and managers, reduce their stock holdings through high stock selling activity. The other methods like statistical regression analysis are also useful to test if the existence of an independent audit committee mitigates or reduces the likelihood of fraud. Literature also describes that organizations with audit committees, formed by independent managers, meeting no more than twice per year, are less likely to be sanctioned for fraudulent financial reporting. The regression analysis using Logit model can be used for empirical analysis of financial indexes which can significantly predict financial fraud. Logistic analysis and clustering analysis jointly can be used to establish a detecting model of fraud from four aspects of financial indexes, company governance, financial risk and pressure and related trading. After cluster filtering significant variables, prediction model can be established with methods of Standardization, non-Standardization Bayes and Logistic.

Genetic programming with fuzzy logic production rules is used to classifying data. The study in has proposed and tested a system to detect frauds on real home insurance claims and credit card transaction data. The study on genetic programming for fraud detection lacks benchmarking with the existing methods and techniques. A genetic algorithm based approach to detect financial statement fraud. It was found that exceptional anomaly scores are valuable metrics for characterizing corporate financial behavior and that analyzing these scores over time represents an effective way of detecting potentially fraudulent behavior.

34 | P a g e

Expert Systems: Researchers in the field of Expert systems have examined the role of Expert Systems in increasing the detecting ability of auditors and statement users. By using expert system, they could have better detecting abilities to accounting fraud risk under different context and level and enable auditors give much reliable auditing suggestions through rational auditing procedure. The research has confirmed that the use of an expert system enhanced the auditors‟ performance. With assistance from expert system, the auditors discriminated better, among situations with different levels of management fraud-risk. Expert System aided in decision making regarding appropriate audit actions. The financial accounting fraud detection research is classified as per data mining application and data mining techniques. Some researchers have tried to apply a combination of many data mining techniques like decision trees, neural networks, Bayesian belief network, K-nearest neighbor. The main objective is to apply a hybrid decision support system using stacking variant methodology to detect fraudulent financial statements. (G.Jyotsna, 2013)

Forensic Audit on the CAAT Forensic investigations consist of three phases: acquiring the evidence, analyzing results, and reporting results. Below is a description of each. (Purita , Ryan, Sept 2006)

Acquiring the Evidence The process of securing or acquiring evidence starts with previewing the contents of a computer's hard drive or other media. To acquire the electronic data, including deleted information, the storage device must be mirrored or duplicated exactly bit by bit. The actual size or space of the storage device and transfer speed over a network cable will dictate the length of time needed to image the drive. Once the storage device is secured, a second device may be needed as a working copy if the original storage device was not seized or secured. This allows the examiner access to an unaltered copy of the electronic data.

The second step to collecting the evidence is the preview stage. Here, the auditor performs a simple check to determine the current status of data files. This can provide useful information about ownership of the data and its relevance to a particular investigation, as well as help to focus the subsequent investigation.

The third step when collecting evidence is to protect the data by capturing an exact copy of the original information. This is done through a process known as imaging. An image is an exact replica of the computer's hard drive or other media, and should include any slack space (for more information, see "What is Slack Space?iv" at right). The image is then investigated, rather than the original, to avoid altering the original data, which would make any evidence gathered inadmissible in court. Imaging is a vital step in a computer forensic investigation and is accepted as the best method for capturing computer evidence that may be presented in a court of law.

Having captured an exact image of the data, the fourth step is to process it. All data must be processed, including deleted or partially overwritten files, information hidden outside normal storage areas, and data in virtual memory and slack space. The most common method used by forensic examiners to capture this data is by using a write-blocking device. This device prevents the forensic examiner's machine from writing or altering the data on the suspect drive. Windows operating systems are notorious for this problem.

35 | P a g e

Typically, the suspect drive is removed from the machine if possible and plugged directly into the write-blocking device. Once this has occurred, an examiner can make what is called a "bit-stream" image of the drive. This is an exact bit-for-bit copy of the drive's contents, including deleted space, file slack, and logical files. Another method of capturing this data is using a Linux live CD or a boot disk, which allow the investigator to view the files on the drive, including deleted space and unallocated clusters, without altering the drive's contents. The examiner can then copy the files onto an external hard drive and view them. Hidden data often contains the most vital evidence to prove or disprove a case. In some cases, a file extraction may be appropriate. In other situations, a data index may be created to support powerful search tools.

After auditors have a complete image of the drive, they can start collecting the evidence. Most forensic software includes ready-made scripts for a variety of operating systems that automate certain functions such as encrypted registry parser, file finder, and file mounter. Because different programs may work better for different tasks, auditors should ensure organizations are using the right product based on their data analysis needs. For additional tips on how to gather evidence, refer to the "Additional Steps and Techniques" section below or "Steps to Handle Evidence During a Forensic Examination" sidebar at left.

Analyzing the Results The second phase, analyzing the results, takes place after all the evidence is acquired and imaged properly. Because every case is different, auditors need to be fully trained when conducting a data analysis, or they should recommend a trained forensic examiner performs the evaluation if they lack the professional training to do so.

To analyze the evidence, auditors should use the working copy of retrieved, deleted, electronic data only, including files and folders. Auditors also need to maintain a chain of custody when handling the evidence. This enables them to ensure the legitimacy of the evidence presented in court is unquestionable and provides an audit trail of who accessed the data and when. To maintain a digital chain of custody, all images should be hashed — the process of creating a small digital fingerprint of the data.

During the data analysis stage, software also is used to inspect the raw data and organize it into an understandable report. As a result, the auditor must be able to tell the computer what to look for by using text-string search terms that will identify data pertaining to the specific incident under investigation. A search term should be created for each individual investigation and may be modified for each specific storage device within that investigation. Text strings could have as many as 500 words or phrases. The more text strings used, the better the results will be. Using more text strings, however, requires more work: As more text strings are used, results may contain a higher number of false positives or unrelated data that need to be examined. In addition, this process may take considerable time depending on the size of the storage device and the amount of data on that device.

Once the data is analyzed, auditors should review any information stored in special folders and files created by the operating system, in addition to folders and files created by the user. After this stage is completed, the evidence must be recorded, sorted into different classifications, and stored.

Reporting Results The final phase of the forensic examination is creating the report and reporting the evidence. Final reports of the investigation should include a list of all the evidence gathered, a copy of printed documents listed as appendices, and an executive summary. In certain cases, (e.g., to obtain a search warrant or make a criminal charge), auditors may need to create interim reports. These reports are updated as new information is gathered and until the investigation is completed.

36 | P a g e

Report findings need to be ready to be used in a court of law. For instance, reports should clearly explain what made the company or auditor suspicious of the hard drive, how the hard drive was imaged, how the data was handled prior to the analysis, where within the hard drive the evidence was found, and what the evidence means. Internal auditors who conduct the forensic examination should expect to be called to provide expert testimony during the court case and help the organization review the opposing counsel's evidence. Other Steps are inculted on endnote.v

♣ Stock market transaction

Usually stock market is moving on random walk, investors price the underlying stock on the basis of the future cash flow and return that the investments usually make. If overall market thinks that price of stock of particular corporation if overpriced then they may be under some conclusion from the Financial analyst that have dig into the pattern of stock and performance that is inconsistent from the estimated data so significantly that causes red alert from them and thus stock price will fall down. Under the efficient market hypothesis they exist a concept that market has all the information necessary to price the stock available at hand and they try to value the underlying stock on the basis of the information being up to date on real time basis. There exists only about 5-10 minutes time on which after the sensitive information is relayed on the news or other informal source market makes correct assumption about the stock prices. Usually if the big capital market institution (mutual fund, hedge fund, investment bankers, pension fund) makes a certain transaction they always consider information either given by Financial Analyst (quants) using technical and fundamental analysis, or from insiders information that either we deduce from recent news or whistle blower/spy that work on the industry for them.

♣ Tax filing (report, sales to sales tax, income to income tax etc)

We can see the actual tax filed by the corporate house to the balance sheet that management has prepared and can analyze that if there if significant deviation on the reported amount that management has reported to the Inland Revenue Department. Many management usually have audited financial statements on many parts like one for shareholders, another for tax authorities, next for board of directors and others for general public and investors. Usually excise report; indirect tax report (VAT/Sales Tax/Customs) is undervalued to pay less tax. If the auditors asks from these government institution that filing document of the corporate, then some red flags can be noticed and detected timely. These way auditors can dig into the fact if the balance sheet and financial statements are significantly deviated from what is reported to the authorities.

37 | P a g e

Other Qualitative Means for analyzing the fraud on Financial Statements are Examination methods are:

Tests of reasonableness: Check weaknesses in internal controls Identify questionable transactions – indicating wide fluctuations from the normal

ones and not, in general, related to main objectives. Review questionable transaction documents for peculiarities, like improper account,

classifications, pricing, invoicing, or claims, etc.

Historical Comparisons Develop a profile of the entity under investigation, its personnel and beneficiaries,

using available information. Identify questionable accounts, account balances, and relationships between

accounts, for finding out variances from current expectations and past relationships. Gather and preserve evidence corroborating asset losses, fraudulent transactions,

and financial misstatements.

Off-Balance Sheet Transactions There are certain transactions not prima facie discussed in the financial statements and nor suitable disclosures made. Since these are intangible in financial statement, or auditor may not consider these as significant or material, no statement/qualification is normally made in auditors’ report. These may encompass:

Significant purchases/sales of raw materials and/or finished goods with only a particular dealer or group companies of such vendor which might suggested significant related party transactions.

Pattern of consumption of major raw materials/components, indicating excess consumption or under consumption without the correlating management or operational indicators for so.

Over/under-invoicing for capital goods, raw materials/ components, services, etc. as compared to normal arms’ length prices for the same. (both in related party transactions and in general)

Alteration (amendment and deletion) of contractual terms, and ratification of to pass on otherwise accrued benefit, to holding/group companies.

Diversion of funds through group companies and setting off such debits as expenditure in accounts with proper authorization before closure of accounts to avoid detection.

Cost over–runs in major capital expenditure without corresponding benefit or convincing reasons, for future benefit that might be considered elsewhere.

Justifications for non-maintenance of certain basic records, on technical grounds, but with intention to defraud.

Aspects to be covered Objective of forensic audit is to find whether or not a fraud has taken place. Forensic auditor shall have to examine voluminous and in totality, records and witnesses, if permitted by law. Proper documentation is vital in substantiating the findings. The outcome shall focus on the following, in case of frauds:

Proving the loss Proving the responsibility for the loss Proving the method/motive

38 | P a g e

Establishing guilty knowledge Identifying other beneficiaries.

(Vasudevan, 2004)

Key Qualitative indicators 1. Falling of Stock prices on market and increase on short selling activities of the company 2. Resignation of the senior personnel of the company for personal reasons or other

diplomatic reasons 3. Selling of large number of shares by promoters, company officers and major trading

house to the effect of insider's information and trading. 4. Using complicated disclosure and accounting practices to make naive and novice

investors fooled into believing the statements. 5. Audit fees are far less in comparison to the other management, legal fees paid to

auditors.

The auditor can spot the red flag on risky area by putting an analytical procedure e.g.:

Revenue is growing without significant and co relational growth in operation cash flows, or cash flow is being generated from other sources like financing activities and investing activities,

Consistent sales growth whereas the competitors are experiencing weak performance and economy is under recession,

A rapid and unexplainable rise in the number of day's sales in receivables in addition to growing inventories,

A significant surge in the company's performance within the final reporting period of fiscal year, without correlating increase in the marketing affect, demand increase if unjustified,

The company maintains consistent gross profit margins while its industry is facing pricing pressure.

A large buildup of fixed assets. It may refer to operating expense capitalization, rather than expense recognition.

Depreciation methods and estimates of assets' useful life. An overstated life of an asset will decrease the annual depreciation expense, and underestimated life of assets causes increase depreciation expenses, thus reducing profit. Many other factors that require diligent estimate can be made to misapprehension to create fabricated statements. e.g.: estimate for provision for bad debts, provision for reserve to transfer to balance sheet estimate etc.

A weak system of internal controls, where there is perceived opportunity of committing fraud and deception.

Outsized frequency of complex related-party or third-party transactions, many of which do not add tangible value (can be used to conceal debt off the balance sheet) to the corporation, and seems unjust to the benefit to the company.

INVESTIGATION OF VENDORS Vendor information setup in the company’s master file data for the accounts payable system •

Contracts, purchase orders, invoices, and documents used to accumulate payment approvals, receiving documents, correspondence concerning credits, billing errors, or other matters,•

39 | P a g e

Internal reviews of vendor quality and the results of public record searches performed to qualify the vendor

INVESTIGATIONS OF IMPROPER RELATED-PARTY ACTIVITY Related party transaction occurs in the scope of corruption and commission where one party obtains unjust benefit from performing the transactions. This type of work is done when transaction are not performed owing to the fact that that ought to be done to be best interest of the shareholders, and are performed to the benefit of the management. E.g. purchase of significant raw materials from family members and relatives as defined by the act.

INVESTIGATIONS OF EMPLOYEE MISAPPROPRIATIONS Employees usually perform embezzlement of petty cash and misappropriation of assets of the company. They usually commits this kind of fraud by deliberately write off of inventories as consumed during production, mis-totaling on ledger, not recording inventory received on full value and quantity, and recording fictious petty cash expenses. This type of fraud can be tested by using substantive procedure, internal control model analysis and audit trail of complete flow of materials.

Evidence collection for forensic auditing

Working papers Accounting records, other documents. General ledger, sub ledgers, financial management reports, reconciliations, journal entries, internal audit reports, purchase orders, vendor information, accounting journals, management reports, contracts, telephone, computer system and security system records, desk files, e-mail files, Web sites—and still other types of records and documents are collected for using as a criminal or civil trial where alteration, fabrication, cosmetics and other type of acts are performed that create the real performance of corporation in disguise and dark.

Public record searches. Reports from third-party investigations, such as related-party evidence, Dun & Bradstreet reports, and investigative reports and information from Internet sites :the information may be as varied as newspaper articles, chat room discussions, links to hobbies, and philanthropic and other outside interests and investments. Sources of this material may include filings with the U.S. Securities and Exchange Commission (SEC), accessed through EDGAR.3

Electronic computer files. E-mail (copies of To, From, cc, and bcc), computer files or imaged records of entire drives, and data stored in handheld personal digital assistants.

Photographs or digital photos, preferably with a date/time stamp. Chain-of-custody documentation. Interview notes and audio recordings. Interview notes taken by you and your staff

professionals during the investigation of witnesses—both targets and company personnel.

Third-party information. Provided by legal counsel or other interested third parties, this material might include external audit reports, management letters and reports, records of non-audit services, bank statements (canceled checks, bank advices, and other supporting documentation), and documents obtained by subpoena or search warrants.

Court pleadings and deposition transcripts.

40 | P a g e

Annex 1

SAMPLE TABLE OF CONTENTS (FORENSIC AUDIT REPORT) EXECUTIVE SUMMARY 1.0 BACKGROUND 1.1 Origin of the Audit 1.2 Audit Objective 1.3 Proposed Audit Outputs 1.4 Audit Implementation Approach 2.0 RISK ANALYSIS 2.1 Internal Environment Risk 2.1.1 Financial Management 2.1.2 Customers, Products and Competitors 2.1.3 Information technology 2.1.4 Business Process 2.1.5 Human Resource Management 2.2 External Environment Forces 2.2.1 Influence of Economics and Loans Market 2.2.2 Political and Legal Scenario 2.2.3 Technology in Banking 3.0 EVIDENCE OF RISK EVENTS 3.1 Conflicts of interest 3.2 Bribery 3.3 Extortion 3.4 Cash theft 3.5 Fraudulent disbursements 3.6 Inventory frauds 3.7 Misuse of assets 3.8 Financial Statement fraud 4.0 AUDIT RECOMMENDATIONS 4.1 Logical Framework Approach 4.2 Preconditions and Risks 5.0 GOVERNANCE ON RECOMMENDATION IMPLEMENTATION 5.1 Stakeholders 5.2 Budget Considerations

41 | P a g e

List of Annexes Annex 1: Members of the Interviews Annex 2: Organization Chart of Bank Annex 3: Financial Performance (YYYY to YYYY) Annex 4: Audit Recommendation Logical Framework Annex 5: Analysis of Key Risk Events Many Others: (Accountants, Association of Chartered Certified, 2009)

Annex II

Works Cited Accountants, Association of Chartered Certified. (2009). UK Technical Paper. UK.

BASIC INC. ET AL.v. LEVINSON ET AL., 485 US 224 (Supreme Court of United States. March 7, 1988).

Coopers & Lybrand . (May 1994). INTERNAL CONTROL – INTEGRATED FRAMEWORK (Vol. 2). Jersey ,

New Jersey, USA: American Institute of Certified Public Accountants.

Dilts, Robert. (n.d.). The Article of the Month/ Eye Movements and NLP. Retrieved 3 08, 2014, from

NPL University: http://www.nlpu.com/Articles/artic14.htm

Financial Statement Analysis. (n.d.). Retrieved from Accounting Tools:

http://www.accountingtools.com/financial-statement-analysis

42 | P a g e

G.Jyotsna, S. S. (2013). Application of Data Mining Techniques for Financial Accounting Fraud

Detection Scheme. International Journal of Advanced Research in Computer Science and Software

Engineering , 3 (11), 717-724.

Hugh, G., & Tom, C. (2004). Lessons for Auditors (Vols. 1524-5586). USA: Journal of Forensic

Accounting.

London & General Bank, Justice Lopes (2 1895).

Odei-Kissi, A. (2013, April 7 ). Auditing- Substantive Procedures. Retrieved from

http://studyresort.blogspot.com/

Shapiro v. UJB Financial Corp, 964 F.2d 272 (1992) (United States Court of Appeals May 20, 1992).

THOMAS W. GOLDEN, S. L. (2006). A GUIDE TO FORENSIC ACCOUNTING INVESTIGATION. New Jersey:

John Wiley & Sons, Inc.

Vasudevan, S. (2004). Forensic Auditing. ICAI Journal , 359-364.

Bibliography Accountants, Association of Chartered Certified. (2009). UK Technical Paper. UK.

BASIC INC. ET AL.v. LEVINSON ET AL., 485 US 224 (Supreme Court of United States. March 7, 1988).

Coopers & Lybrand . (May 1994). INTERNAL CONTROL – INTEGRATED FRAMEWORK (Vol. 2). Jersey ,

New Jersey, USA: American Institute of Certified Public Accountants.

Dilts, Robert. (n.d.). The Article of the Month/ Eye Movements and NLP. Retrieved 3 08, 2014, from

NPL University: http://www.nlpu.com/Articles/artic14.htm

Financial Statement Analysis. (n.d.). Retrieved from Accounting Tools:

http://www.accountingtools.com/financial-statement-analysis

G.Jyotsna, S. S. (2013). Application of Data Mining Techniques for Financial Accounting Fraud

Detection Scheme. International Journal of Advanced Research in Computer Science and Software

Engineering , 3 (11), 717-724.

Hugh, G., & Tom, C. (2004). Lessons for Auditors (Vols. 1524-5586). USA: Journal of Forensic

Accounting.

London & General Bank, Justice Lopes (2 1895).

43 | P a g e

Odei-Kissi, A. (2013, April 7 ). Auditing- Substantive Procedures. Retrieved from

http://studyresort.blogspot.com/

Shapiro v. UJB Financial Corp, 964 F.2d 272 (1992) (United States Court of Appeals May 20, 1992).

THOMAS W. GOLDEN, S. L. (2006). A GUIDE TO FORENSIC ACCOUNTING INVESTIGATION. New Jersey:

John Wiley & Sons, Inc.

Vasudevan, S. (2004). Forensic Auditing. ICAI Journal , 359-364.

i International Financial Reporting Standards IAS 1: Presentation of Financial Statements IAS 2: Inventories IAS 7: Cash Flow Statements IAS 8: Net Profit or Loss for the Period, Fundamental Errors and Changes in Accounting Practices IAS 10: Events After the Balance Sheet Date IAS 11: Construction Contracts IAS 12: Income Taxes IAS 14: Segment Reporting IAS 15: Information Reflecting the Effects of Changing Prices IAS 16: Property, Plant and Equipment IAS 17: Leases IAS 18: Revenue IAS 19: Employee Benefits IAS 20: Accounting for Government Grants and Disclosure of Government Assistance IAS 21: The Effects of Changes in Foreign Exchange Rates IAS 22: Business Combinations IAS 23: Borrowing Costs IAS 24: Related Party Disclosures IAS 26: Accounting and Reporting by Retirement Benefit Plans IAS 27: Consolidated Financial Statements IAS 28: Investments in Associates IAS 29: Financial Reporting in Hyperinflationary Economies IAS 30: Disclosures in the Financial Statements of Banks and Similar Financial Institutions IAS 31: Financial Reporting of Interests in Joint Ventures IAS 32: Financial Instruments: Disclosure and Presentation IAS 33: Earnings per Share IAS 34: Interim Financial Reporting

44 | P a g e

IAS 35: Discontinuing Operations IAS 36: Impairment of Assets IAS 37: Provisions, Contingent Liabilities and Contingent Assets IAS 38: Intangible Assets IAS 39: Financial Instruments: Recognition and Measurement IAS 40: Investment Property IAS 41: Agriculture IFRS 1 First-time Adoption of International Financial Reporting Standards IFRS 2 Share-based Payment IFRS 3 Business Combinations IFRS 4 Insurance Contracts IFRS 5 Non-current Assets Held for Sale and Discontinued Operations IFRS 6 Exploration for and Evaluation of Mineral Resources IFRS 7 Financial Instruments: Disclosures Source: International Accounting Standards Board (2007): International Financial Reporting Standards (IFRSs®) 2007 (including International Accounting Standards (IASs™).

ii . The general groups of ratios are:

Liquidity ratios. This is the most fundamentally important set of ratios, because they measure the ability of a company to remain in business.

a. Cash coverage ratio. Shows the amount of cash available to pay interest. b. Current ratio. Measures the amount of liquidity available to pay for current

liabilities. c. Quick ratio. The same as the current ratio, but does not include inventory. d. Liquidity index. Measures the amount of time required to convert assets into

cash. Activity ratios. These ratios are a strong indicator of the quality of management, since

they reveal how well management is utilizing company resources. a. Accounts payable turnover ratio. Measures the speed with which a company

pays its suppliers. b. Accounts receivable turnover ratio. Measures a company's ability to collect

accounts receivable. c. Fixed asset turnover ratio. Measures a company's ability to generate sales from a

certain base of fixed assets. d. Inventory turnover ratio. Measures the amount of inventory needed to support a

given level of sales. e. Sales to working capital ratio. Shows the amount of working capital required to

support a given amount of sales. f. Working capital turnover ratio. Measures a company's ability to generate sales

from a certain base of working capital.

Leverage ratios. These ratios reveal the extent to which a company is relying upon debt to fund its operations, and its ability to pay back the debt.

a. Debt to equity ratio. Shows the extent to which management is willing to fund operations with debt, rather than equity.

45 | P a g e

b. Debt service coverage ratio. Reveals the ability of a company to pay its debt obligations.

c. Fixed charge coverage. Shows the ability of a company to pay for its fixed costs.

Profitability ratios. These ratios measure how well a company performs in generating a profit.

a. Breakeven point. Reveals the sales level at which a company breaks even. b. Contribution margin ratio. Shows the profits left after variable costs are

subtracted from sales. c. Gross profit ratio. Shows revenues minus the cost of goods sold, as a proportion

of sales. d. Margin of safety. Calculates the amount by which sales must drop before a

company reaches its breakeven point. e. Net profit ratio. Calculates the amount of profit after taxes and all expenses have

been deducted from net sales. f. Return on equity. Shows company profit as a percentage of equity. g. Return on net assets. Shows company profits as a percentage of fixed assets and

working capital. h. Return on operating assets. Shows company profit as percentage of assets

utilized. (Financial Statement Analysis)

iii Examples of Digital Analysis audit findings In an accounts payable audit there were several first-two digit spikes (excesses) and the number duplication table showed large frequencies for several low-value numbers. This pointed to several processing inefficiencies such as individual invoices for courier charges and for employee business cards. The internal auditor suggested ways to consolidate the low-value invoices and significant processing time was saved thereby allowing accounts payable personnel to focus on large dollar invoices. In an employee reimbursements audit, the auditor detected abnormal first-two digit excesses at 95, 99, and 10. The follow-up showed that employees were excessively claiming breakfast expenses of $9.50, $9.90, and $10.00. The corporate policy was that meal expenses of $10 and under did not need a supporting voucher. While the amounts were small, the value-added conscious auditor reported the finding to management and noted that any increase in the voucher cut-off amount could potentially increase amounts claimed by employees. A bank auditor found that credit card balances written off as uncollectible had an excessive level of numbers with first-two digits 49. The investigation found that $5,000 was an internal write-off limit for internal collections employees. One employee was responsible for most of the 49s by working with friends and having them apply for a card and then running up a balance to just below $5,000. The employee would then write the debt off. The systematic nature of the fraud was evident from the first-two digits graph. An accounts payable audit at a utility showed excessive 50s on the first-two digits graph. The auditor found that many of the numbers starting with 50 were for car batteries costing $50. The

46 | P a g e

investigation work showed that the number of car batteries paid for during the year was twice the number of cars in the fleet. A company had an internal purchasing limit of $1,000 for most managers and for capitalizing expenses. The auditor noted that first-two digits showed no significant excesses for 95 to 99 which would occur if managers were breaking up purchases to below their limit. Not finding violations of the control procedure was deemed by management to be useful value-added information. At an accounts payable audit of a large conglomerate, the auditors noted that the number duplication table included many large odd numbers that occurred exactly twice. The investigation showed that the divisional databases were incorrectly merged and that the invoices of one division were included twice, and the invoices of another division were omitted. Without this finding the auditors would have had a zero sample for the omitted division. In an audit of inventory the external auditors detected that the number duplication table included many large odd numbers that occurred exactly twice. The finding was error-related in that the inventory in three large sections of the warehouse was included twice on the inventory count sheets. The double count would have materially overstated earnings. iv WHAT IS SLACK SPACE? When an e-mail message is created, space is reserved in small sections. As the message grows, sections are added one at a time. These sections are of a specific size. When e-mail data is deleted, the space is available for use again, and new e-mails can use the sections as needed. If the new e-mail is shorter than the deleted e-mail, the storage device will contain sections with the previous data. This old written data is referred to as slack space. Here's a more general analogy: A person goes to the video store to buy a movie. The VHS tape allows for two hours of video to be recorded on it. The person decides that the movie is not worth keeping and uses the tape to record a 90-minute show. After taping over the original movie, the VHS tape still has 30 minutes of tape remaining, which contains the old movie.

v ADDITIONAL STEPS AND TECHNIQUES Before and during the forensic investigation, internal auditors can take additional steps to ensure evidence is court-ready. Prior to the forensic examination, the auditor should physically secure the system in question and take pictures of the room, the area surrounding the system, and the system itself. In addition, the auditor needs to secure the evidence onsite or in a laboratory to ensure a proper chain of custody is followed and digital evidence is secured effectively. The auditor should also document all system details and any connections to the system, such as network cables and 802.11x connections. The following actions should be avoided at all cost prior to collecting the evidence: Modifying the time and date stamps of the system(s) containing the evidence before duplication takes place. Executing nontrusted binaries by double-clicking or running any executable files that are on the computer (e.g., evidence.exe could be a wiping program that, when run, can destroy all the evidence on the drive). Terminating the rogue process. This pertains to processes on the computer that are displayed when users press Ctrl+Alt+Delete. In hacking cases, it's common for people to press

47 | P a g e

Ctrl+Alt+Delete and kill any processes they are unsure about. This may have adverse effects, such as wiping the drive or log files and notifying the attacker that the process has been discovered. Updating the system before the forensic investigation takes place. Not recording executed commands. Installing software on the system.

Live Analysis While collecting the evidence, a live or offline analysis can be performed as part of the gathering process. A live analysis takes place when the forensic investigation is conducted on the live system (i.e., the system is not powered down). Due to the volatile nature of digital media, auditors need to document all the steps taken while collecting the evidence during a live analysis. Besides refraining from installing software on the system, the auditor should not update the system with any security patches or hot fixes prior to imaging the drive. If the computer has any active windows open, pictures should be taken of the monitor as part of the examination's documentation, as well as the area by the system's clock to determine whether there are encrypted containers and, if so, whether they are open. Internal auditors may encounter problems during any live analysis. Some of these problems include: Destruction or alteration of digital evidence by the auditor. Because computer files only get overwritten when data needs to take its place on the hard drive, clicking on files or folders on a computer will result in information being written to the drive, potentially overwriting valuable evidence. During a live analysis, this is unavoidable. To capture potentially overwritten data, the auditor should write every action performed on the system so that the forensic examiner can rule out that activity. Logic bombs and slag code. This refers to a piece of code or application that does something based on a condition. For example, wiping software commonly erases the drive on startup or shutdown. Therefore, the auditor can trigger a logic bomb or slag code simply by clicking on Start>Shutdown. The best way to avoid this situation is to unplug the machine from the wall. This will prevent software code from running, because the machine will have no electricity to run. If the investigation involves a laptop, after unplugging the machine, the investigator can shutdown the laptop by pressing the power button and holding it down for approximately five to 10 seconds. This will cut all power to the machine and force it to shutdown. Trojan binaries and root kits. Trojans and root kits are installed by the attacker. When operational, they send alerts to the hacker after a specific action takes place. Some Trojans even allow the attacker to view the computer screen in real time. Properly shutting down the machine, will prevent the hacker from seeing what the forensic investigator is doing. At a minimum, the computer's Internet connection must be disabled so that information is not sent to the attacker. No access to slack space, pagefile/hibernation files, Windows NT file system transaction logs, and print spoolers. Sometimes, these files may contain just the right evidence needed to prove a case. For instance, in cases involving the use of forged checks, printed files could have all the evidence needed. However, if the investigator is unable to access these files, the evidence could be lost as the investigation moves forward and files are imaged. Once the data is gathered during the live analysis, the system must be imaged. Depending on the type of operating system, the auditor may need to shut down the system properly without damaging the evidence, while still allowing the system to boot up.

48 | P a g e

Offline Analysis An offline analysis is when the investigation takes place on the imaged copy. When preparing the evidence, auditors need to know how to power down the system correctly. Some systems must be shut down properly, while others can be turned off by pulling the plug (refer to Table 1).

Table Error! Main Document Only.: Comparison of systems that can be turned off through the shut-down method or pull-the-plug method

When taking the system down, auditors need to make sure they remove the plug from the back of the computer and not the wall, because the computer may be plugged into an uninterruptible power supply. All cords attached to the computer, such as USB devices or network Ethernet cables, must be documented. Once the system is turned off and the information is recorded, the auditor might want to make an image of the system. Auditors always should check to ensure duplication procedures and tools used meet the country's legal requirements. Otherwise, evidence may not be admissible in a court of law. For example, in the United States the National Institute of Standards and Technology requires that disk imaging tools used during the forensic examination meet certain standards, such as not altering the original disk in any way and logging all input and output errors.

Corporate Fraud Anatomy and Case Study for Audit Trail

Documents

Transcript of Corporate Fraud Anatomy and Case Study for Audit Trail