Fraud and Forensic Auditing
Chapter Ten
Definition of Fraud“…any act involving the use of deception to
obtain an illegal advantage.” (ISACA Irregularities and Illegal Acts Guideline 30)
Why Fraud Occurs
Pressure Rationalization
Opportunity
Fraud Triangle
Major Fraud StudiesThe COSO Studies (1987, 1999)1998 KPMG Fraud Study2002 Wells Report
Characteristics of Fraud2002 Cost: $600 billionProblematic industries:
ComputerManufacturingFinancial services
3 Categories of Fraud (See Figure 10-4)Asset misappropriation (85.7%)Corruption (12.8%)Fraudulent financial statements (5.1%, but
highest dollar amount)See Figure 10-4
Responsibilities to Detect FraudCorporate
Positive security model a necessityCorporate fraud policyEthical tone at the topPolicies on computer use and abuseNetwork security policy
Fraud in MalaysiaFraud appears to be more rampant in the
manufacturing, construction, engineering and consumer products industries
Value: RM 63.5 milliomMotivation: Greed/lifestyle (62%), personal financial
pressure (39%)Perpetrators: Management, Non-management
employees, Customers, Suppliers and Service provider
Types of fraud: Theft of physical asset (83%) and theft of funds (77%)
Source: KPMG 2011 Fraud Report
Red Flags not to be missedExcessive secrecy about a function, its operations and its
financial results. When questions are asked, answers are always stalled and withheld.
There is excessive pressures on employees to tamper with result to meet high expectation of the business
Increases in profitability fail to lead to increased cash flows
Senior managers receive large bonuses linked to meeting targets
Complex/unusual payment methodsA remote operation not effectively monitored by head
office
Source: KPMG Analysis
Employees behavioural red flagsRefuses and does not seek promotionRarely takes holidaysDoes not or will not produce records/information or on
requestUnreliable and prone to mistakesSurrounded by “favourites” or people who do not
challenge themPersistent rumours of personal bad habits/addiction/vicesBullies or intimidates colleaguesVendor/suppliers will only deals with this individualLifestyle seems excessive for incomeSeems stressed and under pressuresSource: KPMG Analysis
Auditor’s Responsibility-SAS 99Supersedes SAS 82Effective December 15, 2002Incorporates the fraud triangle and requires
audit team to consider the fraud triangleProfessional skepticismExpanded team discussions, brainstormingRevenue recognitionTechnology
Sarbanes-Oxley Act of 2002Public Oversight Board establishedIncreased audit committee responsibilitiesSpecifically prohibited activities
8 nonaudit services now prohibited by company also performing the audit
Criminal sanctionsWhistleblower protection
Forensic AuditingInvestigating known or suspected fraudComputer forensics
The use of computer technology to investigate fraud
Conducting the Forensic InvestigationGathering evidence
Rules of Evidence must be carefully followedChain of custody criticalInterviewing personnelInvigilationIndirect methods of proof
ProsecutionMust establish chain of custodyMust prove 4 elements of fraud exist:
Misrepresentation of a material factIntent to defraudJustifiable relianceResulting in an injury
Tools of Computer ForensicsScrewdriver and pliersDisk imaging softwareHash calculation utilitySearch utilitiesFile and data recovery toolsFile viewing utilitiesPassword cracking softwareDigital camera