using data analytics to conduct a forensic audit
DESCRIPTION
Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud Using Data Analytics. Recordings of these Webinars are available for purchase from our Website fraudresourcenet.com This Webinar focused on fraud detection using data analytic software (Excel, ACL, IDEA) FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web. FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware. The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts. FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.TRANSCRIPT
- 1. Using Data Analytics to Conduct a Forensic Audit February 6, 2013 Special Guest Presenter: David Zweighaft CPA/CFF, CFECopyright 2013 FraudResourceNet LLCAbout Peter Goldmann, MSc., CFEPresident and Founder of White Collar Crime 101Publisher of White-Collar Crime Fighter Developer of FraudAware Anti-Fraud Training Monthly Columnist, The Fraud Examiner, ACFE Newsletter Member of Editorial Advisory Board, ACFE Author of Fraud in the Markets Explains how fraud fueled the financial crisis.Copyright 2013 FraudResourceNet LLC
2. About Jim Kaplan, MSc, CIA, CFE President and Founder of AuditNet, the global resource for auditors Auditor, Web Site Guru, Internet for Auditors Pioneer Recipient of the IIAs 2007 Bradford Cadmus Memorial Award. Author of The Auditors Guide to Internet Resources 2nd Edition Copyright 2013 FraudResourceNet LLCAbout David Zweighaft CPA/CFF, CFE Principal at DSZ Forensic Accounting & Consulting Services LLC David has been practicing Litigation Consulting and Forensic Accounting for over 20 years Assisted the US Dept of Justice in identifying and tracing asserts He managed the largest Swiss bank Holocaust Asset investigation in New York for the NYS Banking Department Copyright 2013 FraudResourceNet LLC 3. Webinar Housekeeping This webinar and its material are the property of AuditNet and FraudAware. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. We will be recording the webinar and if you paid the registration fee you will be provided access to that recording within two business days after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. Webinar will be recorded and will be made available within 48 hours. Please complete the evaluation to help us continuously improve our Webinars. You must answer the polling questions to qualify for CPE per NASBA. Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. If GTW stops working you may need to close and restart. You can always dial in and listen and follow along with the handout. Copyright 2013 FraudResourceNet LLCAgenda Introduction Standards & Essentials What is a Forensic Audit? Pre-Planning & Brainstorming Data Analysis Tools to Manage Big Data Data Analysis TechniquesCopyright 2013 FraudResourceNet LLC5 4. The Auditors Role IPPF Standard 1210.A3 Internal auditors must have sufficient knowledge ofavailable technology based audit techniques to perform their assigned workCopyright 2013 FraudResourceNet LLCIIA Guidance GTAG 13 Internal auditors require appropriate skills and should use available technological tools to help them maintain a successful fraud management program that covers prevention, detection, and investigation. As such, all audit professionals not just IT audit specialists are expected to be increasingly proficient in areas such as data analysis and the use of technology to help them meet the demands of the job.Copyright 2013 FraudResourceNet LLC 5. Professional GuidanceCopyright 2013 FraudResourceNet LLCPolling Question 3Detecting ghost employees is NOT one of the areas best suited for using data analytics a. True b. FalseCopyright 2013 FraudResourceNet LLC 6. Fraud: The Big Picture According to major accounting firms, professional fraud examiners and law enforcement: Fraud jumps significantly during tough economic times Business losses due to fraud increased 20% in last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. (Kroll 2010/2011 Global Fraud Report) Average cost to for each incident of fraud is $160,000 (ACFE) Of Financial Statement fraud: $2 million Approx. 60% of corporate fraud committed by insiders (PwC) Approx. 50% of employees who commit fraud have been with their employers for over 5 years (ACFE) Copyright 2013 FraudResourceNet LLCData Analytics: IntroductionCopyright 2013 FraudResourceNet LLC 7. Data Analytics: IntroductionCopyright 2013 FraudResourceNet LLCAnalytics in Audit PlanningCopyright 2013 FraudResourceNet LLC 8. Analytics in Audit Planning From SAS 99, Consideration of Fraud in a Financial Statement Audit: Discussion Among Engagement Personnel Regarding the Risks of Material Misstatement Due to Fraud Prior to or in conjunction with the information-gathering procedures described [this document], members of the audit team should discuss the potential for material misstatement due to fraud. The discussion should include: An exchange of ideas or "brainstorming" among the audit team members, including the auditor with final responsibility for the audit, about how and where they believe the entity's financial statements might be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated. ContinuedCopyright 2013 FraudResourceNet LLCIdentifying the Detailed Payroll Transaction Data TYPES OF FRAUD RISK Financial Reporting Risk (1) Tone set by top management, (2) internal accounting and audit functions, (3) Audit committee, (4) management and audit committee reports, (5) practice of seeking second opinions from independent public accountants, and (6) quarterly reporting. Operational risk Risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk is the amount of exposure an organization has as a result of its operational structure. This includes risk due to processes, organizations, and technologies. Strategic Risk The risk associated with future business plans and strategies. This risk category includes plans for entering new business lines, expanding existing services through mergers and acquisitions, and enhancing infrastructure (e.g., physical plant and equipment and information technology and networking). Strategic plans that include market expansion or addition of new products. Copyright 2013 FraudResourceNet LLC 9. Identifying the Detailed Payroll Transaction Data TYPES OF FRAUD RISK (continued) Reputation Risk Business reputation is established by gaining and retaining the confidence and trust of the stakeholders in the business: customers, suppliers and employees, as well as shareholders. Reputation is gained over time. Regulatory/Compliance Risk Risk of Civil and Criminal violations. Regulatory risk, a term describing the problems arising from new or existing regulations, is now one of the greatest threats to business. Compliance with regulatory requirements and ethical conduct standards is a major concern of Boards of Directors and Audit Committees. Copyright 2013 FraudResourceNet LLCAnalytics in Audit Planning Common Fraud Scenarios, or If I were going to commit fraud, Id. Per SAS 99, PCAOB, AS 2 and 5, fraud risk must be considered using a Common Fraud Scenario approach. This allows the auditor to enlist the detailed knowledge of the stakeholders in the organization in identifying and prioritizing fraud risks at both the entity, process and account levels.Copyright 2013 FraudResourceNet LLC 10. Analytics in Audit Planning Common Fraud Scenarios, or If I were going to commit fraud, Id. Fraud Scenarios Treasury Cash Executive management in Australia sets up two bank accounts for deposit of COMPANY receipts. Funds deposited to the first account is reported to COMPANY Corporate headquarters. Funds deposited to the second account are used for the personal pleasure of Executive management in Australia. Bank reconciliations are conducted by COMPANY Executive management in Australia and no other accounting is reported to COMPANY headquarters Continued Copyright 2013 FraudResourceNet LLCAnalytics in Audit Planning Common Fraud Scenarios, or If I were going to commit fraud, Id. Fraud Scenario Tax Law Bribes are paid to tax authorities in China to reduce outstanding liabilities and/or audit adjustments. The bribe payments are disguised as consulting or contracting expense. Fraud Scenarios - Payroll The payroll analyst records time and attendance and a salary of $500,000.00 per year for her boyfriend who never worked at XXXX. Subsequent to the time the payroll information is sent to ADP but prior to the time the payroll report is reviewed by the Payroll Supervisor, the payroll analyst reverses the entry. The disbursement to the boyfriend is made by ADP but does not show up on payroll reports. Copyright 2013 FraudResourceNet LLC 11. Analytics in Audit Planning Identifying and Prioritizing Fraud Risk By brainstorming the types of fraud schemes the organization is potentially vulnerable to, the team and the stakeholders can make estimates of i) Vulnerability - how likely the occurrence of these schemes are (very low to very high), and ii) Magnitude - what is the potential qualitative impact (very low to very high). Using the vulnerability criteria discussed previously, auditors can produce a risk heat map that can assist in identifying HIGH RISK accounts and processes. Copyright 2013 FraudResourceNet LLCAnalytics in Audit Planning LevelDescriptorVulnerability DescriptionProbability Per Occurrence5Very HighControls, testing, monitoring & reporting are non-existent or ineffective; previous significant adverse experience; lack of skills, influence & knowledge to mitigate risk; and/or significant process or system issue.Almost Certain4High3Medium2Low1Very LowControls, testing, monitoring & reporting are minimally effective; previous major adverse experience; limited skills, influence & knowledge to mitigate risk; and/or major process or system issue. Controls, testing, monitoring & reporting are somewhat effective; previous moderate adverse experience, minor skills, influence & knowledge to mitigate risk; and/or moderate process or system issue. Controls, testing, monitoring & reporting are effective; previous minor adverse experience, significant skills, influence & knowledge to mitigate risk; and/or no process or system issue. Controls, testing, monitoring & reporting are very effective; no previous adverse experience, very significant skills influence & knowledge to mitigate risk Copyright 2013 FraudResourceNet LLCProbableReasonably Possible RemoteRare 12. Analytics in Audit Planning Business Impact Per OccurrenceLevelDescriptorMagnitude Description5Very HighHigh damage control requiring public / regulatory communication, huge financial loss, fraud perpetrated by senior mgmt> $20 million4HighBusiness impact requires significant additional resources to mitigate (internal or external), high financial loss> $5 million to < $20 million3MediumBusiness impact may require (mainly internal) additional resources, medium/high financial loss> $1 million < $5 million2LowBusiness impact easily mitigated, medium/low financial loss> $500,000 to < $1 million1Very LowInsignificant business impact, low financial loss< $500,000Copyright 2013 FraudResourceNet LLCAnalytics in Audit Planning 1 FacilitiesIdentification & Prioritization of Fraud Risk 182 Fixed AssetsHigh Magnitude/High VulnerabilityHigh Vulnerability/Low Magnitude3 Inventory 4 Information Technology160 GA 20 51461 312Vulnerability76 CATS-Procurement16 89107 Customer Support148 Direct Sales245 CATS-A/P19139 Entity Level Controls1110 Finance-Accounting171011Finance-Payroll121812 Finance Regulatory813 Finance Tax15 614 Finance-Treasury Cash 15 HR-Benefits416 Indirect Sales 17 Law218 Marketing 19 R&D020 Sales 0246810Low Magnitude/Low Vulnerability12Magnitude14161820High Magnitude/Low VulnerabilityCopyright 2013 FraudResourceNet LLC0 GA 13. Polling Question 3Who should participate in the identification and prioritization of fraud exercise? a. b. c. d.Finance Legal Internal Audit All of the aboveCopyright 2013 FraudResourceNet LLCAnalytics in Audit Planning Identify Relevant Data Sources within the organization: Financial General Ledger, Sub Ledgers, Payroll Non-Financial Personnel files, Access logs, Emails, Vendor Files Identify data sources Areas or issues of focus Collect or gather data Prepare data (data normalization)Analyze data Interpret data Monitor results Identify issues for further research or investigationAssess Resources Needed for the Audit: Staffing Headcount, locations Skills Languages, Experience, Expertise (CFEs, IT skills) Tools Computer Automated Analytic Tools (CAATs) Software Copyright 2013 FraudResourceNet LLC 14. Data Analysis - Forensic AuditData Analysis TechniquesCopyright 2013 FraudResourceNet LLCAnalytics in Audit Planning Analytical Approaches to Planning Industry Comparatives Benchmarking Time Series (Horizontal) Analysis Common Size (Vertical) AnalysisCopyright 2013 FraudResourceNet LLC 15. Analytics in Audit Planning Analytical Approaches to Planning Vertical a/k/a common-sized statements Analyzes each line as a % of its relevant total Income items as a % of total revenue Expenses as a % of total expense Identifies disproportionate items Identifies fluctuations between periods Horizontal a/k/a time-series analysis Measures $ and % changes from period to period Identifies fluctuations and seasonalityCopyright 2013 FraudResourceNet LLCDemo Horizontal & Vertical Analysis Demo: Performing Financial Statement Analyses Learn How to: Identify patterns and anomalies in financial statementsCopyright 2013 FraudResourceNet LLC 16. Demo Account Reconciliations Demo: Converting and Matching Subledger Data to the General Ledger Learn How to: Extract data from legacy systems and reconcile to General Ledger dataCopyright 2013 FraudResourceNet LLCAnalytics in Audit Planning Top-Down vs. Bottom-Up Approach Depending on the area being audited, the auditor may choose between Top-Down Approach Best for entity-level controls and compliance policies Code of conduct issues Corporate Governance Vendor selection policies Bottom-Up Approach Best for process-level and account detail testing Travel & Expense reporting Cash disbursements and approvalsCopyright 2013 FraudResourceNet LLC 17. Polling Question 3When comparing companies in the same industry, which analytic tool is least helpful? a. b. c. d.Industry benchmarks Time series analysis Common-sized statements None of theseCopyright 2013 FraudResourceNet LLCData Analysis - Forensic AuditData Analysis ToolsTo Manage Big DataCopyright 2013 FraudResourceNet LLC 18. Analytics in Forensic Audits BIG DATA Forget the cloud; Big Data is the new new thing. Here are some commonly available tools to help manage, analyze and present findings:ACL or IDEA data interrogator, capable of extracting information from a variety of file formats. Can run pre-scripted tests and handle unlimited amount of data. Interfaces with Excel and Access. MICROSOFT ACCESS database program, programmable input screens, data validation, ad hoc queries and formatted report outputs. MICROSOFT EXCEL spreadsheet program, versatile and almost universally accepted business and data analysis tool. Pivot tables can present field-by-field analytical views of huge data files Copyright 2013 FraudResourceNet LLCCase Study BackgroundHey Big Spender Embezzled union retirement funds Cost to the Company: $42.6 M over 6 years Fraudster Profile Fund Administrator; Female Wrote checks to herself and her family Used multiple credit card accounts for friends & family No monitoring or oversight of her work Spent money on travel, cars, horses, jewelery Copyright 2013 FraudResourceNet LLC 19. Demo Pivot Tables Demo: Presenting Big Data Learn How to: Present Travel & Expense Fraud findings using Pivot TablesCopyright 2013 FraudResourceNet LLCPolling Question 3Detecting lack of segregation of duties is NOT one of the areas best suited for using data analytics a. True b. FalseCopyright 2013 FraudResourceNet LLC 20. Case Study Background The Out-of-Control Controller Perpetrator failed to reconcile accounts Cost to the Company: $6.8 M over 4 years Fraudster Profile Financial Operations Sr VP; Male Prepared fictitious support for account reconciliations Directed staff to post fraudulent J/Es to the G/L No monitoring or oversight of his workCopyright 2013 FraudResourceNet LLCCase Study BackgroundThe Out-of-Control Controller (contd) Additional Tests Segregation of Duties Matching Journal Entry originators toauthorizers Identifying E-mails to staff instructing them to postfictitious Journal EntriesCopyright 2013 FraudResourceNet LLC 21. Demo Account Reconciliations Demo: Matching Data Fields for Segregation of Duties Testing Learn How to: Match Journal Entry Initiators to Authorizers to identify SOD violationsCopyright 2013 FraudResourceNet LLCQuestions? Any Questions? Dont be Shy!Copyright 2013 FraudResourceNet LLC 22. Thank You! Jim Kaplan AuditNet LLC 703-255-3388 Email: [email protected] http://www.auditnet.org Peter Goldmann White Collar Crime 101 LLC/FraudAware 800-440-2261 Email: [email protected] http://www.fraudaware.com David Zweighaft DSZ Forensic Accounting Services LLC 212-699-0901 Email: [email protected] http://www.dszforensic.com Copyright 2013 FraudResourceNet LLC