IT Auditing & Assurance, 2e, Hall & Singleton C hapter 12: Fraud Schemes & Fraud Detection

IT Auditing & Assurance, 2e, Hall & Singleton FRAUD  Asset misappropriation fraud 1. Stealing something of value – usually cash or inventory (i.e., asset theft) 2. Converting asset to usable form 3. Concealing the crime to avoid detection 4. Usually, perpetrator is an employee  Financial fraud 1. Does not involve direct theft of assets 2. Often objective is to obtain higher stock price (i.e., financial fraud) 3. Typically involves misstating financial data to gain additional compensation, promotion, or escape penalty for poor performance 4. Often escapes detection until irreparable harm has been done 5. Usually, perpetrator is executive management  Corruption fraud 1. Bribery, etc.

IT Auditing & Assurance, 2e, Hall & Singleton ACFE 2004 REPORT TO THE NATION

IT Auditing & Assurance, 2e, Hall & Singleton FRAUD SCHEMES  Fraudulent financial statements {5%}  Corruption {13%}  Bribery  Illegal gratuities  Conflicts of interest  Economic extortion  Asset misappropriation {85%}  Charges to expense accounts  Lapping  Kiting  Transaction fraud Percentages per ACFE 2002 Report to the Nation – see Table 12-1

IT Auditing & Assurance, 2e, Hall & Singleton COMPUTER FRAUD SCHEMES  Data Collection  Data Processing  Database Management  Information Generation

IT Auditing & Assurance, 2e, Hall & Singleton AUDITOR’S RESPONSIBILITY FOR DETECTING FRAUD—SAS NO. 99  Sarbanes-Oxley Act 2002  SAS No. 99 – “Consideration of Fraud in a Financial Statement Audit” 1. Description and characteristics of fraud 2. Professional skepticism 3. Engagement personnel discussion 4. Obtaining audit evidence and information 5. Identifying risks 6. Assessing the identified risks 7. Responding to the assessment 8. Evaluating audit evidence and information 9. Communicating possible fraud 10. Documenting consideration of fraud

IT Auditing & Assurance, 2e, Hall & Singleton FRAUDULANT FINANCIAL REPORTING  Risk factors: 1. Management’s characteristics and influence over the control environment 2. Industry conditions 3. Operating characteristics and financial stability

IT Auditing & Assurance, 2e, Hall & Singleton FRAUDULANT FINANCIAL REPORTING  Common schemes:  Improper revenue recognition  Improper treatment of sales  Improper asset valuation  Improper deferral of costs and expenses  Improper recording of liabilities  Inadequate disclosures

IT Auditing & Assurance, 2e, Hall & Singleton What Is Internal Control? Control Environment Control activities Risk Assessment Information / Communication Monitoring Sets the tone of an organization. Influences control consciousness Foundation for all other components Provides discipline and structure

IT Auditing & Assurance, 2e, Hall & Singleton Why Did It Take So Long to Find Out?

IT Auditing & Assurance, 2e, Hall & Singleton What Is Internal Control? Control Environment Control activities Risk Assessment Information / Communication Monitoring Identification and analysis Relevant risks to objective achievement Forms basis of risk management

IT Auditing & Assurance, 2e, Hall & Singleton What Is Internal Control? Control Environment Control activities Risk Assessment Information / Communication Monitoring Policies and procedures Help ensure achievement of management objectives

IT Auditing & Assurance, 2e, Hall & Singleton What Is Internal Control? Control Environment Control activities Risk Assessment Information / Communication Monitoring Information identification, capture, and exchange Forms and time frames Enables people to carry out responsibilities

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Misappropriation of Assets Poor recordkeeping Lack of management oversight Inadequate job applicant screening Poor segregation of duties or independent checks

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Misappropriation of Assets Poor physical safeguards Inappropriate transaction authorization and approval No mandatory vacations for control function employees Lack of timely and appropriate transaction documentation

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Susceptibility of Assets to Misappropriation Large amounts of cash on hand or in process.

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Susceptibility of Assets to Misappropriation Inventory that is small in size, high in value, or in high demand.

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Susceptibility of Assets to Misappropriation Easily convertible assets

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Susceptibility of Assets to Misappropriation Fixed assets that are small, marketable, or lack ownership identification.

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Material Misstatements Due to Fraud Transactions improperly recorded or not recorded completely / timely. Unsupported/unauthorized balances or transactions. Last-minute adjustments significantly affecting financial results.

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Conflicting or Missing Evidential Matter Missing documents or photocopies where originals should be. Missing significant inventory or physical assets.

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Conflicting or Missing Evidential Matter Unusual discrepancies between records and confirmation replies. Significant unexplained items on reconciliations.

IT Auditing & Assurance, 2e, Hall & Singleton Risk Factors Conflicting or Missing Evidential Matter Inconsistent, vague, or implausible responses to inquiries or analytical procedures.

IT Auditing & Assurance, 2e, Hall & Singleton MISAPPROPRIATION OF ASSETS  Common schemes:  Personal purchases  Ghost employees  Fictitious expenses  Altered payee  Pass-through vendors  Theft of cash (or inventory)  Lapping

IT Auditing & Assurance, 2e, Hall & Singleton ACFE 2004 REPORT TO THE NATION

IT Auditing & Assurance, 2e, Hall & Singleton AUDITOR’S RESPONSE TO RISK ASSESSMENT  Engagement staffing and extent of supervision  Professional skepticism  Nature, timing, extent of procedures performed

IT Auditing & Assurance, 2e, Hall & Singleton AUDITOR’S RESPONSE TO DETECTED MISSTATEMENTS DUE TO FRAUD  If no material effect:  Refer matter to appropriate level of management  Ensure implications to other aspects of the audit have been adequately addressed  If effect is material or undeterminable:  Consider implications for other aspects of the audit  Discuss the matter with senior management and audit committee  Attempt to determine if material effect  Suggest client consult with legal counsel

IT Auditing & Assurance, 2e, Hall & Singleton AUDITOR’S DOCUMENTATION  Document in the working papers criteria used for assessing fraud risk factors: 1.Those risk factors identified 2.Auditor’s response to them

IT Auditing & Assurance, 2e, Hall & Singleton FRAUD DETECTION TECHNIQUES USING ACL  Payments to fictitious vendors  Sequential invoice numbers  Vendors with P.O. boxes  Vendors with employee address  Multiple company with same address  Invoice amounts slightly below review threshold

IT Auditing & Assurance, 2e, Hall & Singleton FRAUD DETECTION TECHNIQUES USING ACL  Payroll fraud  Test for excessive hours worked  Test for duplicate payments  Tests for non-existent employee

IT Auditing & Assurance, 2e, Hall & Singleton Chapter 12: Fraud Schemes & Fraud Detection IT Auditing & Assurance, 2e, Hall & Singleton