Module 5

Audit and Investigation

Forensic Accounting Techniques

There are several techniques for conducting a forensic review of the business. The ones provided below are
generic but effective. These are the forensic techniques that apply to almost all companies. These are:

1. Reviewing Public Documents and Conducting Background Checks

The documents made available to the public are scrutinized as they are the easiest to obtain. Also, thorough
background checks of a particular company are done to see the past dealings of the business. Public Documents
would include any information in the public database, the corporate records, and any legally available information
on the internet.

2. Conducting Detailed Interviews

Conducting an interview is an essential technique that can transform an unwilling person into a source of valuable
information. It helps in fully understanding all the facts. An interview should be conducted by accurately assessing
the gravity of the situation and preparing the questions according to it. Discussions should take every detail into
account and look at the greater picture to figure out the magnitude of the illegal activity and the culprit responsible.

3. Gathering Information from Trustworthy Sources

Information provided by a confidential and trustworthy source can be precious to any case. When a piece of
information is gained from a confidential source or a confidential informant, all the necessary precautions should
be taken to hide the identity of the so-called cause. A forensic accountant should try to have as many confidential
sources as possible because such sources can virtually guarantee a correct result.

4. Analyzing Evidence Gathered

Proper analysis of the obtained evidence can point to the guilty party and assist in understanding the extent of the
fraud committed in the business. Furthermore, this analysis would also help understand how secure the company
is against financial scams and installing various austerity measures to prevent any such future situation.

5. Conducting Surveillance

This can be done physically or electronically and is one of the conventional measures to uncover any fraud. It can
be done by monitoring and tracking all the official emails and messages.

6. Going Undercover

This is an extreme measure and should be used only as a last resort. It is best left to the professionals as they
know how and where to conduct the investigations. Even a small mistake while being undercover can signal the
offender that something is wrong, and the person might vanish.

7. Analyzing the Financial Statements

This is a special tool for finding out the fraud committed. All the necessary details are summarised in the financial
statement, and the analysis of these statements can help a forensic accountant figure out the scam.

Forensic Audit Thinking (Thinking Forensically)

Involves the critical assessment throughout the audit of all evidential matter and maintaining a
higher degree of professional skepticism that fraud or financial irregularity may have occurred, is
occurring, or will occur in the future. Furthermore, Forensic thinking is a mind shift where the
auditor believes that the possibility of fraud or financial irregularity may exist and the controls may
be overridden to accomplish that possibility. Forensic thinking is used throughout the audit work i.e.
from start to finish.

Forensic Audit Procedures

Forensic audit procedures are more specific and geared toward detecting the possible material
misstatements in financial statements resulting from fraudulent activities or error.

Audit procedures should align with Fraud Risks and Fraud Risk Assessments.

According to Donald R. Cressy, in his proposition ―Fraud Triangle.

He highlighted that there are three interrelated elements that enable someone to commit fraud:

(a) The Motive that drives a person to want to commit the fraud,

(b) The Opportunity that enables him to commit the fraud, and

(c) The ability to Rationalize the fraudulent behavior.

The vulnerability that an organization has to those capable of overcoming all three elements of the
fraud triangle is fraud risk. Fraud risk can come from sources both internal and/or external to the
organization.

Fraud Risk Assessment

A fraud risk assessment is a powerful proactive tool in the fight against fraud for any organization.
According to Association of Certified Fraud Examiners, Fraud Risk assessment is a process aimed at
proactively identifying and addressing an organization’s vulnerabilities to internal and external fraud.

• It is important to think about a fraud risk assessment as an ongoing, continuous process,

rather than just an adhoc activity.
• A fraud risk assessment starts with an identification and prioritization of fraud risks that exist
in the organization.

Performing Forensic Procedures

Those performing forensic procedures (either the auditor or other forensic specialists like certified
fraud examiners, etc.) may consider having:

• An investigative mindset which should be more than skeptical.

• An understanding of fraud schemes termed as occupational fraud (corruption, asset
misappropriation and financial statement fraud).
• Experience in dealing with fraud issues.
• Knowledge of certain investigative, analytical, and technology-based techniques (digital or
computer forensics, i.e. how to gather, analyze and interpret data)
• Knowledge of legal processes.

Appropriate Use of Technology

Forensic Data Analysis can be used to prevent, detect and control fraud along with other
irregularities.
Forensic Data Analysis Forensic data analysis is the process of gathering, summarizing, comparing,
and aggregating existing different sets of data that organizations routinely collect in the normal
course of business with the goal of detecting anomalies that are traditionally indicative of fraud or
other misconduct (Donald, 2007).

Benefits of Forensic Data Analysis

The following are some of the benefits of using forensic data analysis tools and techniques;

❖ Analyzes 100% of data sets rather than using statistical sampling—such as Risk Based Sampling.
❖ Can help identify potential control environment weaknesses.
❖ Can assist with the assessment of the effectiveness of existing anti-fraud and fraud risk
management programs and practices.
❖ Can help to Identify potential policy and process violations—vendor acceptance/approval
process, bidding, etc.
❖ Can assist with interviews in investigations.

Data Analysis Tools

1. Forensic Data Analysis Process

(i) Acquire Data and Normalize

(ii) Brainstorming and Real-Time Data Analysis

(iii) Output and Anomalies

2. Digital and Frequency Testing – Benford Analysis

3. Analytical Testing – Income Statement Items

4. Related Party Transaction Analysis – e-Discovery

Investigation Mechanism

A forensic auditor is required to have special training in forensic audit techniques and in the legalities
of accounting issues. A forensic audit has additional steps that need to be performed in addition to
regular audit procedures. Forensic Audit could be done with the adoption of the procedure detailed
below :

Step 1 – Accepting the Investigation

A forensic audit is always assigned to an independent firm/group of investigators in order to conduct

an unbiased and truthful audit and investigation. Thus, when such a firm receives an invitation to
conduct an audit, their first step is to determine whether or not they have the necessary tools, skills
and expertise to go forward with such an investigation. They need to do an assessment of their own
training and knowledge of fraud detection and legal framework. Only when they are satisfied with
such considerations, can they go ahead and accept the investigation.

Step 2 – Planning the Investigation

Planning the investigation is the key step in a forensic audit. The auditor(s) must carefully ascertain
the goal of the audit so being conducted, and to carefully determine the procedure to achieve it,
through the use of effective tools and techniques. Before planning the investigation, they should be
clear on the final categories of the report, which are as follows,
 • Identifying the type of fraud that has been operating, how long it has been operating for, and
how the fraud has been concealed.
• Identifying the fraudster(s) involved.
• Quantifying the financial loss suffered by the client.
• Gathering evidence to be used in court proceedings.
• Providing advice to prevent the recurrence of the fraud.

Step 3 – Gathering Evidence

In forensic auditing specific procedures are carried out in order to produce evidence. Audit
techniques and procedures are used to identify and to gather evidence to prove, for example, how
long have fraudulent activities existed and carried out in the organization, and how it was conducted
and concealed by the perpetrators. In order to continue, it is pertinent that the planning stage has
been thoroughly understood by the investigating team, who are skilled in collecting the necessary
evidence.

The investigators can use the following techniques to gather evidence,

• Testing controls to gather evidence which identifies the weaknesses, which allowed the fraud
to be perpetrated
• Using analytical procedures to compare trends over time or to provide comparatives
between different segments of the business
• Applying computer-assisted audit techniques (CAATs)
• Discussions and interviews with employees
• Substantive techniques such as reconciliations, cash counts and reviews of documentation.

Step 4 – Reporting

The reporting stage is the most obvious element in a forensic audit. After investigating and gathering
evidence, the investigating team is expected to give a report of the findings of the investigation, and
also the summary of the evidence and conclusion about the loss suffered due to the fraud. It should
also include the plan of the fraud itself, and how it unfolded, basically the whole trail of events, and
suggestions to prevent such fraud in the future.

Step 5 – Court Proceedings

The last stage expands over those audits that lead to legal proceedings. Here the auditors will give
litigation support as mentioned above. The auditors are called to jurisdictional Court, and also
included in the advocacy process. The understanding here is that they are called in because of their
skill and expertise in commercial issues and their legal process. It is important that they lay down the
facts and findings in an easily understandable and objective manner for everyone to comprehend so
that the desired action can be taken up. They need to simplify the complex accounting processes and
issues for others to understand the evidence and its implications.

Types of Investigations

1. Corruption

There are three types of corruption fraud: conflicts of interest, bribery, and extortion. Research
shows that corruption is involved in around one third of all frauds.

• In a conflict of interest fraud, the fraudster exerts their influence to achieve a

personal gain which detrimentally affects the company. The fraudster may not
 benefit financially, but rather receives an undisclosed personal benefit as a result of
the situation. For example, a manager may approve the expenses of an employee
who is also a personal friend in order to maintain that friendship, even if the
expenses are inaccurate.
• Bribery is when money (or something else of value) is offered in order to influence a
situation.
• Extortion is the opposite of bribery, and happens when money is demanded (rather
than offered) in order to secure a particular outcome.
2. Asset misappropriation
By far the most common frauds are those involving asset misappropriations, and there are
many different types of fraud which fall into this category. The common feature is the theft
of cash or other assets from the company, for example:
o Cash theft – the stealing of physical cash, for example petty cash, from the premises
of a company.
o Fraudulent disbursements – company funds being used to make fraudulent
payments. Common examples include billing frauds, where payments are made to a
fictitious supplier, and payroll frauds, where payments are made to fictitious
employees (often known as ‘ghost employees’).
o Inventory frauds – the theft of inventory from the company.
o Misuse of assets – employees using company assets for their own personal interest.
3. Financial statement fraud
This is also known as fraudulent financial reporting, and is a type of fraud that causes a
material misstatement in the financial statements. It can include deliberate falsification of
accounting records; omission of transactions, balances or disclosures from the financial
statements; or the misapplication of financial reporting standards. This is often carried out
with the intention of presenting the financial statements with a particular bias, for example
concealing liabilities in order to improve any analysis of liquidity and gearing.

Methods of Investigations

Computer assisted audit techniques (CAATs)

Computer assisted audit techniques (CAATs) includes tools used by auditors during their work. These
tools allow auditors to receive data in any form and analyze it better. CAATs includes various
methods that can help auditors in many ways. For example, auditors can use them to identify trends or
single out anomalies in the provided information. These tools are available for both external and
internal audit uses.

Two Common Types of Computer Assisted Audit Techniques

• Test Data
• Audit Software

Advantages of Computer Assisted Audit Techniques

Computer-assisted audit techniques can have several advantages. Some of its primary
benefits include the following.

• CAATs allow auditors to save time and test more items.

• CAATs can help auditors conduct their audits in a more cost-effective

manner.

• CAATs enable auditors more freedom with their work and focus on critical
areas.

• CAATs let auditors collect more evidence and form better opinions
regarding their clients.

Disadvantages of Computer Assisted Audit Techniques

• Auditors may require the client’s permission to use CAATs.

• CAATs also need data in a specific format, which the client may not be able to
provide.
• CAATs can be costly, particularly when auditors use bespoke tools.
• Auditors need to have sufficient knowledge to operate these tools.

Computer Assisted Audit Tools & Techniques

1) Test Data Method

2) Base Case System Evaluation
3) Tracing
4) Integrated Test Facility (ITF)
5) Parallel Simulation
6) GAS

Test Data Method

❖ Used to establish the application processing integrity

❖ Uses a “test deck”
➢ Valid Data
➢ Purposefully selected invalid data
➢ Every possible:
▪ Input error
▪ Logical processes
▪ Irregularity
▪ Procedures
❖ Predetermined results and expectations
❖ Run test desk
❖ Compare

2) Tracing
 ➢ Test data techniques that takes step by step walk through application
➢ Excellent means of debugging a faculty programme

Integrated test Facility

Integrated test facility is a computer auditing technique used both external & internal
auditors, information system auditors, risks analysts and for everyone who develops standard
applications in Account View and wishes to test them automatically in a variety of ways

Following are the main advantages of integrated test facility:

• The integrated testing and development environment of Account View.

• Sample scenarios that illustrate the scenario testing language and a series of
test techniques and which can be used as a model for your own scenarios.
• An elaborate test company that you can use as the basis for input data and
which, among other things, includes ledger accounts, customers, suppliers and
products of many types and sizes.
• Recording of number of checks and error reports in each scenario.
• Scenario blocking function, to temporarily exclude particular scenarios.
• Scenario demark function, to temporarily suspend the marking of particular
scenarios.

Parallel Simulation

The test data and ITF methods both process test data through real programs. With parallel
simulation, the auditor processes real client data on an audit program similar to some aspect of the
client’s program. The auditor compares the results of this processing with the results of the
processing done by the client’s program.

GAS

Generalized audit software (GAS) is used in many companies to perform routine audit
procedures. It is software purchased as a package and each company selling it offers
diversity in the software’s capabilities.

PURPOSE
This software allows auditors the ability to sort through large amounts of data in a rapid
manner. GAS can scan and test all data within a computer system, allowing for a more
accurate audit of the books. Instead of random sampling, 100 percent of the company’s data
is examined.
FUNCTIONS
GAS software is designed to examine financial information for quality, completeness,
correctness and consistency. It verifies all calculations, compares data and prints audit
samples.
DISADVANTAGES
GAS software is costly to purchase. Many users feel it is difficult to learn as well. GAS
software, over the years, has become easier to use than the packages offered years ago.

RED FLAGS
Red flags are nothing but symptoms or indicator of situation of fraud. A red flag is a set of
circumstances that are unusual in nature or vary from the normal activity. It is a signal that
something is out of the ordinary and may need to be investigated further.

Definition of Red Flag for Forensic Audit

Red flags are nothing but symptoms or indicator of situation of fraud.

1. A red flag is a set of circumstances that are unusual in nature or vary from the normal activity.

2. It is a signal that something is out of the ordinary and may need to be investigated further.
Significance of Red Flags Red Flags underscores Auditor’s Responsibility to consider fraud and error:
1. Effective for all audits

2. When planning and performing audit procedures,evaluating and reporting the results thereof, the
auditor should consider the risk of material misstatements in the financial statements resulting from
fraud or error.

3. Two types of misstatements are relevant to the auditor’s consideration of fraud: n Misstatements
arising from misappropriation of assets. n Misstatements arising from fraudulent financial reporting.

4. Studies of fraud cases consistently show that red flags were present, but were either not
recognized or were recognized but not acted upon by anyone. 5. Sometimes an error is just an error.

Common Types of Red flags

The most common types of Red Flags and fraudulent activity can be categorized as:

1. Employee Red Flags

2. Management Red Flags

Employee Red Flags are like:

Employee lifestyle changes: expensive cars, jewellery, homes, clothes

Significant personal debt and credit problems

Behavioral changes: these may be an indication of drugs, alcohol, gambling, or just fear of losing the
job

High employee turnover, especially in those areas which are more vulnerable to fraud

Refusal to take vacation or sick leave

Lack of segregation of duties in the vulnerable area

Management Red Flags are like

Reluctance to provide information to auditors

Managers engage in frequent disputes with auditors

Management decisions are dominated by an individual or small group

Managers display significant disrespect for regulatory bodies

There is a weak internal control environment

Green Flags
Above discussion on Red Flags says that red flags are symptoms or indicators of fraud, white collar
crime or something detrimental to the interest of the organization. To the contrary there are other
signals which could also imply the existence of fraud but do not activate alarm bells. Rather they may
even lead to a greater sense of assurance and comfort in a scenario which may be potentially infused
with fraud. These signals are referred as ‘green flags’.

The instance of Green Flags could be15 helpful in identifying are unusual signs or inconsistencies, but
apparently harmless or perhaps even helpful.