Acfe williamsburg 2013 jmk


Published on

Presentation on the impact of technology on fraud detection and professional standards

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Acfe williamsburg 2013 jmk

  1. 1. 7/12/2013 1 THE IMPACT OF TECHNOLOGY ON STANDARDS AND DETECTING, PREVENTING AND INVESTIGATING FRAUD JIM KAPLAN CIA CFE PRESIDENT AND FOUNDER AUDITNET® A Changing Landscape for Professionals 1© AuditNet® 2013 Agenda  Introduction  Technology Then and Now  Standard Changes and Technology  Evolution of Professional Networking  Latest Technology Tools for Fraud Auditors  Trends and the Future of Audit Technology for Detecting and Investigating Fraud 2 © AuditNet® 2013
  2. 2. 7/12/2013 2 Then and Now 3 © AuditNet® 2013 Auditors and Technology  Early Adopters  Innovators (into the new from Latin  Interested in new methods & techniques  Risk takers  Forward thinking  Gen X & Y  Laggards  Wait and see  Cautious  Hangs back  Last group to try or adopt a new product  Dislike change 4 © AuditNet® 2013
  3. 3. 7/12/2013 3 Standards Evolution 5  1954 to the mid-1960s, the auditing profession was still auditing around the computer – Why?  1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing.  December 1974 SAP 3 The Effects of EDP on the Auditor's Study and Evaluation of Internal Control  1977 Electronic Data Processing Auditors Association (EDPAA) published Control Objectives  July 1984 SAS 48 The Effects of Computer Processing on the Audit of Financial Statements  June 2001 SAS 94, The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit. © AuditNet® 2013 Standards and Regulatory Evolution 6  SEC, Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports  PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed In Conjunction With an Audit of Financial Statements  SAS 99, Consideration of Fraud in a Financial Statement Audit  SAS 99 Exhibit, Management Antifraud Programs and Controls  Committee of Sponsoring Organizations of the Treadway Commission, Internal Control—Integrated Framework  United States Sentencing Commission, Guidelines Manual  2009 Internal Auditing and Fraud and GTAG 13: Fraud Prevention and Detection in an Automated World © AuditNet® 2013
  4. 4. 7/12/2013 4 Computers, Auditors and CAATTs  The Evolution of CAATTs 80’s  Around  Through  With  EDP/IT Auditors  Mainframe  Audit Software 90’s  Data extraction and analysis  IT and non IT Auditors  Windows  The Millenium  Software for all phases (planning, fieldwork, GRC)  Cloud computing 7 © AuditNet® 2013 Impact of Technology  Computers and networks provide most of the information needed for auditing  Computer crime is increasing as fraudsters see value in information as well as financial assets  Auditors and fraud examiners must use the computer as an auditing tool  Auditors and fraud examiners must also use the computer for audit administration 8 © AuditNet® 2013
  5. 5. 7/12/2013 5 Impact of Technology  What I did in my youth is hundreds of times easier today. Technology breeds crime 9 © AuditNet® 2013 Impact of New Technology on the Profession  Professional Standards for Certified Fraud Examiners  IIA Professional Standards Fraud and Technology 10 © AuditNet® 2013
  6. 6. 7/12/2013 6 Certifications for Fraud Auditors 11 Initials Description Organization CITP Certified Information Technology Professional (CITP AICPA CFE Certified Fraud Examiner ACFE CFF Certified in Financial Forensics AICPA CAMS Certified Anti-Money Laundering Specialist ACALS CFFA Certified Forensic Financial Analyst (NACVA) CIFI Certified Insurance Fraud Investigator IASIU CBCO Certified Bank Compliance Officer BAI CISA Certified Information Systems Auditor ISACA CIA Certified Internal Auditors CIA CPA Certified Public Accountant AICPA © AuditNet® 2013 New Technologies and their Impact  Mobile computing  The Cloud or Internet based services  SaaS (application based)  PaaS (end to end SDLC)  IaaS (servers, storage, network) 12 © AuditNet® 2013
  7. 7. 7/12/2013 7 Social Media  Social Media Defined  The good the bad and the ugly  What is the primary risk? 13 © AuditNet® 2013 Technology as an Enabler There is a wide array of specialized tools to support and enhance the entire spectrum of internal audit processes … for the most part (auditors) are not taking advantage of them Not surprisingly, survey participants predict that technology will affect internal audit roles and responsibilities more than any other business trend. PwC 2010 Study on the State of the internal audit profession 14 © AuditNet® 2013
  8. 8. 7/12/2013 8 Audit Software 15 © AuditNet® 2013 Categories of Audit Software Technology Automated Issues Tracking Electronic Work Papers Risk Assessment Continuous Controls Monitoring Anti Fraud Software GRC Audit Management Software Audit Resource Scheduling Data Analytics 16 © AuditNet® 2013
  9. 9. 7/12/2013 9 Data Analysis for Auditors and CFE’s Although internal auditors have been doing data analysis for more than 25 years, it has only recently started to become standard practice. By our nature, most accountants and auditors are inclined to stick with what has worked in the past, rather than reach outside our comfort zone for an alternative that could help us accomplish more. Do you reach outside your comfort zone? 17 © AuditNet® 2013 New Tools New Approach Technology advances require a change in the approach for detecting and investigating fraud Fraud risk analysis is now a required part of an auditors responsibilities Proactive approach to detecting fraud Identifying risks early using audit software to detect anomalies is no longer optional Data analytic KSA’s now a basic facet of an auditor’s toolbox 18 © AuditNet® 2013
  10. 10. 7/12/2013 10 Obstacles to Implementation  Failure to plan for use  Lack of an FRA methodology  Skill set gap -  Department size  Cost implication  Complexity of the software  Resistance in training auditors  Failure of software to meet audit departments needs 19 © AuditNet® 2013 Heard on the Street Technology Initiatives considered having the most impact (2012 AICPA Top Technology Issues) 1.Information security 2.Remote access 3.Control and use of mobile devices 4.Business process improvement with technology 5.Data retention policies and structure 6.Privacy policies and compliance 7.Staff and management training 8.Spreadsheet management 9.Overall data proliferation and control 10.Portals (vendor and client/customer) 20 © AuditNet® 2013
  11. 11. 7/12/2013 11 New Tools for Fraud Examiners 21 © AuditNet® 2013 New Tools  Sept, 2008….  Any device, Any time, Any where was born  Users not interested in security, they want to trust, not to be trusted  Any unprotected device connected to both the Internet & and company LAN poses a security risk 22 © AuditNet® 2013
  12. 12. 7/12/2013 12 Impact of Technology on Detecting Fraud  Proactive Fraud Detection  Computer-aided fraud detection skills  Data Extraction  Scripting  Analyzing Data  Automation  Data is the key to detecting fraud with technology  Benford’s Law analysis using technology  Continuous monitoring software suites 23 © AuditNet® 2013 Impact of Technology on Detecting Fraud  Digital Information Explosion (DIE) has created greater opportunities for fraud examiners and auditors.  Asset recovery  Anomalies in data through 100% analysis  Examining digital information on mobile devices  Using social media to profile fraudsters  Social Network Analysis (SNA)  Using data analytics to detect property and casualty claims fraud 24 © AuditNet® 2013
  13. 13. 7/12/2013 13 Audit Apps for iPhones/iPads 25 © AuditNet® 2013 Imagine the Possibilities  Access your computer from remote locations  Collaborate using tools from the road  Access audit programs, work papers and more from your mobile device  Join Anti-Fraud Webinars and Webcasts for training  Conduct or participate in virtual meetings with staff, clients etc. 26 © AuditNet® 2013
  14. 14. 7/12/2013 14 Trends and their Impact  Mobile devices and wireless computing  Smart devices and malware  Cloud sourcing and computing – security, governance and compliance  Social media platform for communications  Continuous risk and control assessment  Reporting to the Board using SOTA technology 27 © AuditNet® 2013 Skill Set for Future Auditors  Multi-disciplinary less accountants more business oriented  Critical thinking skills  Strong communication skills  Audit Technology oriented 28 © AuditNet® 2013
  15. 15. 7/12/2013 15 The Impact of Technology Observations Not surprisingly, survey participants predict that technology will affect internal audit roles and responsibilities more than any other business trend. High-performing internal audit functions maximize the use of technology to enhance the efficiency, effectiveness, and quality of operations. PwC 2012 Study on the State of the internal audit profession 29 © AuditNet® 2013 AuditNet® Survey - 2012 State of Technology Use by Auditors Profile of Over 1,500 Responses • 45% 5 or less auditors • Technology tools used – mostly data analytics and EWP • Technology tools least used – monitoring (continuous audit and fraud), GRC, risk compliance • Only 17% feel that their auditors are technology proficient • Technology training primarily OJT • 35% maintain an inventory of audit technology tools • More than half (54%) rated their department at the informal use level (ad hoc or none at all) for audit technology • Less than 4% rated their department at the highest maturity level 30 © AuditNet® 2013
  16. 16. 7/12/2013 16 AuditNet® 10 Point Action Plan for Integrating Technology in Audit 1. Conduct an inventory of audit technology tools 2. Provide training for all staff in use of audit technology 3. Measure staff technology KSA 4. Build a business case for audit technology 5. Work with IT and Senior Management on cost 6. Hire auditors with technology skills 7. Find a technology champion and influencer 8. Establish an audit technology assessment benchmark and update annually 9. Require the use of technology for all audit and administrative tasks 10. Develop a succession plan so that audit software does not become shelfware 31 © AuditNet® 2013 Strategic Fraud Detection Approach 32 © AuditNet® 2013 Source: Strategic Fraud Detection: A Technology-Based Model Conan C. Albrecht W. Steve Albrecht
  17. 17. 7/12/2013 17 Future Predictions  Standards will mandate use of technology tools for audit  New generation of auditors must have the KSA to utilize technology  If auditors and audit departments do not adapt to new technology they risk outsourcing  Social networking will evolve to professional networking  Tools will become more intuitive  Knowledge hubs for audit tool, techniques and resources will consolidate and merge 33 © AuditNet® 2013 Audit Programs and Guides  Auditor’s Guide to Cloud Computing - Security Considerations.xls  Cloud Matrix_Benefits & Risks.xls  AuditNet® Guide to Social Networking  AuditNet® Guide to Wireless Security  Business Continuity Planning – A Diagnostic Tool  Forensic Document Examination  Data Analytics Enabled Audit Programs for Key Business Processes  AuditNet® is working to provide tools and resources to keep pace with new technology! 34 © AuditNet® 2013
  18. 18. 7/12/2013 18 Fraud Examiner Technology Resources  ACFE Seminars, Books and Training  Introduction to Digital Forensics  Using Data Analytics to Detect Fraud  Investigating on the Internet  online training  Audit Software – ACL, IDEA, Excel, ActiveData, TopCAATs  AuditNet® is working to provide tools and resources to keep pace with new technology! 35 © AuditNet® 2013 Conclusion  I hope that I have provided you with some useful information that will stimulate your thought processes!  Any questions? 36 © AuditNet® 2013
  19. 19. 7/12/2013 19 Contact Information If you haven’t been to AuditNet recently please visit and see our new design and interface Jim Kaplan CIA, CFE 37 © AuditNet® 2013