1 / 98

The Fraud Audit: Areas where Professional Skepticism is Required

The Fraud Audit: Areas where Professional Skepticism is Required. Todays Agenda. The Fraud Audit: Areas where Professional Skepticism is Required What is The Fraud Risk Universe How to Write a Fraud R isk S tatement Understanding How Fraud Concealment I mpacts Y our Audit

nicholast
Download Presentation

The Fraud Audit: Areas where Professional Skepticism is Required

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Fraud Audit: Areas where Professional Skepticism is Required

  2. Todays Agenda • The Fraud Audit: Areas where Professional Skepticism is Required • What is The Fraud Risk Universe • How to Write a Fraud Risk Statement • Understanding How Fraud Concealment Impacts Your Audit • Strategies for Fraud Testing • My goal for today: • Create the opportunity for discussion • Help you think about fraud differently • Answer your questions to the best of my ability

  3. Could this Happen to You? • 63 Million Theft Loss to a False Billing Scheme • 2.3 Million Theft Spree, Purchase and Resell Scheme • Conflict of Interest Scheme: Wife of VP of Human Resources • Whistle Blower of Actual Fraud Committed by Senior Management: Was also accepting Kickbacks from a Vendor • How would you explain this to your Audit Committee

  4. Breaking The Code of FraudFraud Data Analytics plan • The Expectation Questions: • Should internal audits find fraud? • Can internal audits find fraud? • How do we detect fraud schemes?

  5. Your Strategic PlanTHOUGHT PROVOKING WORDS • Five key words I want you think about! • Differently • Logic • Linked • Methodology • Superior knowledge

  6. Differently • Fraud risk identification needs to be logic driven versus professional experience driven • The statement has five elements • Person committing the scheme • Type of entity: master file data • Fraud action statement: transactional data • Fraud impact • Fraud conversion

  7. Logic • You can compute the number of fraud scenarios in your scope with mathematical precision • The goal of logic analysis is two fold: • Ensure the completeness of your analysis • Create time for data interpretation • I may not know what the perpetrator is doing, but I know everything the perpetrator can do!

  8. Linked • The fraud scenario is what drives the fraud data analytics plan and the fraud audit procedure • Person committing • Type of entity • Fraud action statement • By understanding what you are looking for; the programming of the routine become obvious

  9. There is a Methodology • Scope of data analysis • Integrating the fraud risk assessment • Select the data mining strategy • Availability, reliability and usability • Understand the data • Develop search routines • Filtering techniques • Sample selection criteria • Plan to resolve false positives • Link the fraud audit test procedures

  10. Superior Knowledge • Understanding data from the: • Data perspective • Industry perspective • Fraud perspective

  11. Word of wisdom • The world’s best audit program and the world’s best auditor cannot detect fraud unless their sample includes a fraudulent transaction. • This is why fraud data analytics is so important to our profession.

  12. Professional Skepticism • What is the difference between skepticism and educated skepticism? • What standards are you following? • What is due care? • Requires diligence, critical thinking, and professional skepticism!

  13. Professional Skepticism • Component of the auditors general duty of care • Attitude that includes a questioning mind and critical assessment • Auditors attributes, mindset and actions • Source PCAOB

  14. Professional Skepticism • Applying reason to determine the validity of the claim • Critically analyzing all evidence considered • Finding a factually supported conclusion • Source ACFE

  15. Professional Skepticism • What is the difference between skepticism and educated skepticism? • What standards are you following? • What is due care? • Requires diligence, critical thinking, and professional skepticism!

  16. Professional Skepticism • Component of the auditors general duty of care • Attitude that includes a questioning mind and critical assessment • Auditors attributes, mindset and actions • Source PCAOB

  17. Educated Skepticism • Understand the fraud risk universe • Understand the Fraud Auditing is both a Science and a Art • Understand there is a methodology to assessing fraud risk • Understand there is a methodology to fraud data analytics, fraud auditing and fraud investigation

  18. Part 1: What is fraud Part 2: Fraud risk structure Part 3: How to write the fraud riskstatement Part 4: Integrating into the audit program Part 5: Practical exercise

  19. What is Fraud From A Legal Perspective • Blacks Law Dictionary Eight Edition: • A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment • Provides definition of specific types of fraud: • Civil fraud • Criminal fraud • Promissory • Etc.

  20. What is Fraud from and Auditors Perspective

  21. Threat and vulnerability analysis Organization’s fraud risk structure How to create a comprehensive fraud risk register Resources necessary to implement fraud auditing DOES THE AUDITOR UNDERSTAND?

  22. Vulnerabilities:Points in the internal control structure that can be exploited Threats:Possible danger that someone might exploit a vulnerability in our internal control structure thereby causing monetary or non monetary harm Risk: Threat, probability and business impact Fraud Risk: An intentional act and concealed act which is designed to cause harm to the organization THREATS, VULNERABILITIES AND FRAUD RISKS

  23. Governance structure or organization How and where we conduct business Non compliance with a internal control Sophistication of concealment Collusion or extortion Fraud risk factors WHAT IS A VULNERABILITY

  24. UNDERSTANDING THE PROGRESSIONTHE THREE LEVELS

  25. Part 1: What is fraud Part 2: Fraud risk structure Part 3: How to write the fraud risk statement Part 4: Integrating into the audit program Part 5: Practical exercise

  26. The Fraud Risk Universe

  27. Fraud Risk Universe Fraud Risk Structure Offender and victim Type of fraud or category of fraud Inherent Scheme Generic description of a fraud risk. Comprised of an entity and action Fraud Risk Statement How the inherent scheme occurs within your business system

  28. Fraud Risk Statements

  29. Common to all business systems Company specific Industry specific Unauthorized access Internal control inhibitor Types Of Fraud Risk Statements

  30. Fraud Risk Identification process

  31. Employee against employer Employer against employee Employer against government Employer against consumer or investing community Professional crime groups against companies or government STARTING POINT FOR THREAT ANALYSIS Offender And The Victim

  32. Primary Fraud Risk Categories

  33. Definitions Of Major Categories • Asset misappropriation: application of another's property or money dishonestly to ones own use (source Blacks Law Dictionary) • Corruption: is the use of entrusted power for personal gain (source Transparency international) Conceptually, corruption is a form of behaviour which departs from ethics, morality, tradition, law and civic virtue. • Financial reporting: Financial statement fraud is the process of intentionally misleading the reader of the financial statements. It is the deliberate misrepresentation, misstatement, or omission of financial data to provide the impression that the organization is financially sound.

  34. Secondary Fraud Risk Categories

  35. Secondary Fraud Risk Categories

  36. Secondary Fraud Risk Categories

  37. Secondary Fraud Risk Categories

  38. Secondary Fraud Risk Categories

  39. inherent scheme Links to the Audit Process Person(s) Committing How The Scheme Occurs Fraud Impact Inherent Fraud Scheme Permutation Analysis Fraud Conversion Fraud Concealment Internal Control

  40. Each business system has a finite and predictable list of inherent fraud schemes Each inherent fraud scheme has a finite and predictable list of fraud permutations Each inherent fraud scheme permutation creates a finite and predictable list of fraud scenarios Each inherent fraud scheme has two components Entity Action Inherent Fraud Schemes

  41. False entity: vendor False billing: receive no goods or services Pass Through billing: receive goods or services Real entity: vendor Over billing: over pay on some aspect or some way Disguised expenditure: personal or theft conversion THE PREDICTABLE PHASE Inherent Fraud Scheme Example: Disbursement of Funds

  42. Each inherent scheme links to a person(s) that commit the scheme Person Committing: Operations manager falsely accepts product with known defect Entity: Real vendor that is complicit Action: Over billing Actions may have multiple categories Primary Category: Overbilling by vendor Secondary Category: Product Substitution Inherent Fraud Schemes

  43. Vendor overbills the company Vendor commits product substitution scheme Product substitution Fitness issue Knock off scheme Counterfeit Manufacturer false label Chemical Composition Country of Origin At what level should your describe the fraud action statement

  44. Just A Different Look At Inherent Scheme

  45. Just A Different Look At Inherent Scheme

  46. Group Discussion • How does the fraud risk structure help the auditor in developing their audit scope?

  47. Part 1: What is fraud Part 2: Fraud risk structure Part 3: How to write the fraud riskstatement Part 4: Integrating into the audit program Part 5: Practical exercise

  48. Building The Fraud Risk Statement Person(s) Committing How The Scheme Occurs Fraud Impact Inherent Fraud Scheme Permutation Analysis Fraud Conversion Fraud Concealment Internal Control

  49. Just a reminder: The Fraud Risk Universe

  50. How To Build A Fraud Risk Statement Customize Merging Business process and permutation analysis

More Related