SlideShare a Scribd company logo

Conducting a fraud audit

Download as PPTX, PDF
A
A F Inzamam

The document provides guidance on conducting fraud investigations and examinations. It discusses planning an investigation, assembling an investigation team, collecting and preserving evidence, conducting digital forensics and computer investigations, and writing an investigation report. The key steps include developing an investigation plan, preserving confidentiality, following chain of custody procedures, imaging computers to collect digital evidence without altering it, analyzing evidence for inculpatory and exculpatory findings, and structuring a report with an executive summary, scope, findings, and impact. Maintaining impartiality, accuracy and timeliness are important principles for investigation reporting.

1 of 36
Investigation Process Planning and Conducting a Fraud Examination Investigation 1
Fraud Examination • Fraud examination refers to a process of resolving allegations of fraud from inception to disposition. Tasks include:  Planning  Obtaining evidence INCULPATORY exculpatory  Reporting  Testifying to findings  Assisting in fraud detection and prevention • Forensic accounting is the use of professional accounting skills in matters involving potential or actual civil or criminal litigation. Investigation Page 2
Fraud Examination Methodology • Assume Litigation Will Follow  Begin with the proposition that the case will end in litigation • Act on Predication  Should not conduct or continue fraud examinations without proper predication • Move from General to Specific  Informational witnesses first, then subject Investigation Page 3
Definition of Predication Predication definition is the totality of circumstances that would lead a reasonable, professionally trained, and prudent individual to believe a fraud has occurred, is occurring, and/or will occur. Fraud examiners should not conduct or continue fraud examinations without proper predication definition; Data analytics is instrumental in helping a fraud examiner define predication. Define predication is the basis upon which a fraud investigation begins. Investigation Page 4
Fraud Theory Approach • Analyzing available data • Creating a hypothesis • Testing the hypothesis • Refining and amending the hypothesis Investigation Page 5
Develop a Fraud Response Plan/Policy • A fraud response policy/plan outlines the actions that members of an organization will take when suspicions of fraud have arisen. • Because every fraud is different, the response plan should not outline how a fraud examination should be conducted. • Instead, response plans should help organizations manage their responses and create environments to minimize risk and maximize the potential for success. Investigation Page 6
Initial Response • Activate the response team. • Engage legal counsel, if necessary. • Consider contacting the insurance providers. • Address immediate concerns. • Conduct an initial assessment. • Document the initial response. Investigation Page 7
Assemble the Fraud Team • Certified Fraud Examiners (CFEs) • Legal counsel • Accountants or auditors (internal or external) • Forensic accounting investigators • Audit committee members • Security personnel • Human resources (HR) personnel • A management representative • Information technology (IT) Personnel • Computer forensic experts • Data analytics specialists • External consultants • Industry specialists Investigation Page 8
Dos and Don’ts • Consider size. • Check for conflicts. • Check for reporting issues. • Select team members to fit the demands and objectives. • Recognize unique skills. • Recruit members with the skills needed. • Select people who work well together. • Don’t select members who lack restraint or a sense of discretion. Investigation Page 9
Developing an Investigation Plan • Review and gain a basic understanding of key issues. • Define the goals of the investigation. • Identify whom to keep informed. • Determine the scope of the investigation. • Establish the investigation’s timeframe. • Address the need for law enforcement assistance. • Define members’ roles and assign tasks. • Address operational/logical issues. • Outline the course of action. • Obtain the necessary resources. • Prepare the organization. Investigation Page 10
Prepare the Organization • Whether or not a violation of the law occurred is not the primary focus – finding the facts is. • Prepare the managers of the employees involved. • Notify key decision makers. • Notify the organization’s in-house or outside counsel when investigation is about to begin. Investigation Page 11
Preserving Confidentiality • Avoid Alerting the Suspect  Important to have information about the person who is being investigated and what he can access.  Limit the extent of any discussions.  Only inform those who need to know.  Inform employees of the consequences of a confidentiality breach.  Work discreetly without disrupting the office’s normal course of business.  Work fast.  Investigate during off hours. Investigation Page 12
Preserving Confidentiality • Request Participant’s Confidentiality  Remind participants to refrain from discussion. • Guard Case Information  Store confidential documents in locked file cabinets or rooms.  Avoid talking in public places.  Avoid using email or other electronic means (e.g., text messages or instant messages) to transmit confidential case information. • Consider Implementing Any Applicable  Evidentiary Privileges E.g., legal professionals Investigation Page 13
Investigation Digital Forensics
Creating A Chain of Custody • The chain of custody has the purpose of establishing from the time the evidence is collected to the time of its presentation to a court or perhaps to a regulatory body that it has been properly preserved from alteration or damage and thus retains its probative value. • Before gathering any evidence, the forensic accounting investigator should consider with counsel and the client the level of detailed record keeping necessary to establish the chain of custody over the evidence. • For the most part, establishing the chain of custody is merely a record-keeping procedure not very different from physical inventory procedures with which many accountants are familiar. • The procedure is used for establishing where the evidence came from and that it has been properly secured, principally against alteration, since it was acquired.
Planning Considerations • Depending on the issue under investigation, it is often necessary to meet with the client to discuss the types of evidence you may require and to locate that evidence for the time periods under review. • Review of client’s record retention policies and whether there is compliance • Storage locations for paper records, both on- and offsite • Imaging technology used for transaction documents, such as customer invoices, vendor invoices, and contracts • Existence and storage of employee files • Existence of files at employees’ homes, including home computers • File retention practices at different corporate locations, which may vary substantially
Planning Considerations • Organizational chart and reporting hierarchy • Storage medium for computerized records, both on- and offsite • Backup procedures used for employee computers and e-mail, including when backups occur and what information is lost or retained and what is contained on servers versus individual hard drives • Retention of records kept by or about former employees of the company • System changes in relation to corporate accounting systems or e-mail systems • Existence of documents related to outsourced corporate functions such as payroll and internal audit • Creation of a written plan for the collection of documents is frequently an excellent tool for focusing the efforts of the investigation team on material most likely to be relevant.
Digital Evidence Investigation Page 18
Digital Forensics • Deleted files and other data that has not been overwritten • Temporary auto-save files • Print-spool files • Websites visited, even where the browser history and cache have been deleted • Communications sent via chat or IM • Documents, letters, and images created, modified, or accessed on the computer • The time and date information about files Investigation Page 19
Digital Forensics • Digital evidence is more volatile than paper information; therefore, it can be easily altered or destroyed. • Integrity must be preserved. • If files are destroyed, it can give rise to a claim of spoliation of evidence. • If authenticity is not supported or proven, evidence will be inadmissible. • Rules are the same. Investigation Page 20
Locating Evidence • User-Created Files • User-Protected Files  Camouflaged files  Steganography  Encryption • Detection Methods  Visual anomalies in jpeg, bmp, gif files  Audible anomalies in wav, mp3, mpeg files  Statistical properties of files deviate from norm Structural oddities suggest manipulation (e.g., size, date, time differences) Investigation Page 21
Locating Evidence • Printers  Internal hard drives • Copiers and Scanners  Internal storage • Fax machines • Backup storage devices • Removable storage • Smartphones • Cloud environments Investigation Page 22
Privacy Issues • Search policy should include personal electronic devices:  Smartphones  USB flash drives  MP3 players  Laptops • Written privacy policy Investigation Page 23
Computer Investigation and Digital Forensics • Digital forensics typically involve these phases:  Seizing  Imaging  Analyzing  Reporting and testifying Investigation Page 24
Collecting Volatile Data • If the computer is off, leave it off. • Collect volatile data “live” if required. • Some data may be lost if the machine is shut down. • Data can be collected while the machine is still on. Investigation Page 25
Secure the Evidence • Don’t shut down the system using normal shutdown routines. • The primary rule is: “If the computer is off, don’t turn it on.” Investigation Page 26
Considerations When Seizing Evidence • Be certain to document the scene with photographs or a diagram, depending on the complexity of the setup. Remember that it might be a year or longer before testimony about what the office looked like on the day of the seizure will be asked for in a legal proceeding. Investigation Page 27
Identifying Digital Evidence • View of server’s wires • Another reason to photograph the scene Investigation Page 28
Considerations When Seizing Evidence • Many people write down or record their passwords near their computers. Fraud examiners should look around for notes that may appear to be passwords. This practice may aid in the discovery of passwords needed to access encrypted data in the event that the subject of the investigation is being uncooperative. Investigation Page 29
Imaging • Image acquisition involves using a standalone hard drive duplicator or similar device to duplicate a computer’s entire drive without altering it. • This process is known as imaging because it takes a hard drive and images it to another hard disk drive or other media. Investigation Page 30
Analyzing • Best to use a combination of various forensic tools during the analysis phase. • Fraud examiners should look for inculpatory evidence (i.e., evidence that serves to incriminate the subject of the investigation) and exculpatory evidence (i.e., evidence that serves to disprove the subject’s involvement in the misconduct). • Primary concern is to maintain the integrity of the data at all times. Investigation Page 31
Investigation Report Writing
Report Structure • Generally, the following sections should be included in fraud examination reports:  Background  Executive summary  Scope  Approach  Findings  Summary  Impact Investigation Page 33
Characteristics of a Good Report • A well-written report contains the following four characteristics:  Accuracy  Use memorandum that documents the details of the interview.  Clarity  Avoid using jargon and technical terms; explain terms if used.  Impartiality / Relevance  Report all facts without bias; include relevant info.  Timeliness Investigation Page 34
Reporting Mistakes • Conclusions—based upon observations of the evidence • Opinions—interpretation of facts • Be cautious about drawing conclusions • Conclusions should be self-evident and not necessarily pointed out in the report  If not obvious, clarify report Investigation Page 35
Opinions • Do not express an opinion on legal guilt or innocence. • No opinion about integrity or veracity of witness in report. • Opinions on technical matters permitted if fraud examiner is an expert in the matter. Examples:  Permissible expert opinion might be in regard to the relative adequacy of an entity’s internal controls.  Another might discuss whether financial transactions conform to generally accepted accounting principles. Investigation Page 36

Recommended

Capture Discovery
Capture DiscoveryCapture Discovery
Capture Discoverywlucina
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
Alejandro Daricz
 
Duke Pci T Raining Slides
Duke Pci T Raining SlidesDuke Pci T Raining Slides
Duke Pci T Raining Slides
Laney Dale
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Alchemist095
 
Corporate Awareness Litigation
Corporate Awareness LitigationCorporate Awareness Litigation
Corporate Awareness Litigation
dkarpinsky
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic Examiners
BoyarMiller
 
Forensic audit
Forensic auditForensic audit
Forensic audit
Tobias Keller
 
BDO Forensic Services
BDO Forensic ServicesBDO Forensic Services
BDO Forensic Services
BDO Indonesia
 

Recommended

Capture Discovery
Capture DiscoveryCapture Discovery
Capture Discoverywlucina
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
Alejandro Daricz
 
Duke Pci T Raining Slides
Duke Pci T Raining SlidesDuke Pci T Raining Slides
Duke Pci T Raining Slides
Laney Dale
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Alchemist095
 
Corporate Awareness Litigation
Corporate Awareness LitigationCorporate Awareness Litigation
Corporate Awareness Litigation
dkarpinsky
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic Examiners
BoyarMiller
 
Forensic audit
Forensic auditForensic audit
Forensic audit
Tobias Keller
 
BDO Forensic Services
BDO Forensic ServicesBDO Forensic Services
BDO Forensic Services
BDO Indonesia
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Novizul Evendi
 
IG1 Element 4.pptx
IG1 Element 4.pptxIG1 Element 4.pptx
IG1 Element 4.pptx
NasirMunir10
 
The Forensics Frontier
The Forensics FrontierThe Forensics Frontier
The Forensics Frontierwhbrown5
 
Ch 3C Processing Crime and Incident Scenes.ppt
Ch 3C Processing Crime and Incident Scenes.pptCh 3C Processing Crime and Incident Scenes.ppt
Ch 3C Processing Crime and Incident Scenes.ppt
whbwi21Basri
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
Financial Poise
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
canadianlawyer
 
Trade Secret Theft in the Digital Age
Trade Secret Theft in the Digital AgeTrade Secret Theft in the Digital Age
Trade Secret Theft in the Digital Age
BoyarMiller
 
Areas of Strength
Areas of StrengthAreas of Strength
Areas of StrengthMark Thompson
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Preparing Your Business For A Disaster
Preparing Your Business For A DisasterPreparing Your Business For A Disaster
Preparing Your Business For A Disaster
CIOOffice
 
Ethics And Practice Management
Ethics And Practice ManagementEthics And Practice Management
Ethics And Practice Management
goclio.com
 
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...Nancy Duhon
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Onkar1431
 
RenewData Corporate Brochure
RenewData Corporate BrochureRenewData Corporate Brochure
RenewData Corporate BrochureAlan Brooks
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
TrustArc
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distributionMike Saunders
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
when will pi network coin be available on crypto exchange.
when will pi network coin be available on crypto exchange.when will pi network coin be available on crypto exchange.
when will pi network coin be available on crypto exchange.
DOT TECH
 
Analyzing the instability of equilibrium in thr harrod domar model
Analyzing the instability of equilibrium in thr harrod domar modelAnalyzing the instability of equilibrium in thr harrod domar model
Analyzing the instability of equilibrium in thr harrod domar model
ManthanBhardwaj4
 

More Related Content

Similar to Conducting a fraud audit

Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Novizul Evendi
 
IG1 Element 4.pptx
IG1 Element 4.pptxIG1 Element 4.pptx
IG1 Element 4.pptx
NasirMunir10
 
The Forensics Frontier
The Forensics FrontierThe Forensics Frontier
The Forensics Frontierwhbrown5
 
Ch 3C Processing Crime and Incident Scenes.ppt
Ch 3C Processing Crime and Incident Scenes.pptCh 3C Processing Crime and Incident Scenes.ppt
Ch 3C Processing Crime and Incident Scenes.ppt
whbwi21Basri
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
Financial Poise
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
canadianlawyer
 
Trade Secret Theft in the Digital Age
Trade Secret Theft in the Digital AgeTrade Secret Theft in the Digital Age
Trade Secret Theft in the Digital Age
BoyarMiller
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Preparing Your Business For A Disaster
Preparing Your Business For A DisasterPreparing Your Business For A Disaster
Preparing Your Business For A Disaster
CIOOffice
 
Ethics And Practice Management
Ethics And Practice ManagementEthics And Practice Management
Ethics And Practice Management
goclio.com
 
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...Nancy Duhon
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Onkar1431
 
RenewData Corporate Brochure
RenewData Corporate BrochureRenewData Corporate Brochure
RenewData Corporate BrochureAlan Brooks
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
TrustArc
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 

Similar to Conducting a fraud audit (20)

Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
IG1 Element 4.pptx
IG1 Element 4.pptxIG1 Element 4.pptx
IG1 Element 4.pptx
 
The Forensics Frontier
The Forensics FrontierThe Forensics Frontier
The Forensics Frontier
 
Ch 3C Processing Crime and Incident Scenes.ppt
Ch 3C Processing Crime and Incident Scenes.pptCh 3C Processing Crime and Incident Scenes.ppt
Ch 3C Processing Crime and Incident Scenes.ppt
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
Privacy Breaches In Canada Lsuc It.Can May 1 2009 (Plain Background)
 
Trade Secret Theft in the Digital Age
Trade Secret Theft in the Digital AgeTrade Secret Theft in the Digital Age
Trade Secret Theft in the Digital Age
 
Areas of Strength
Areas of StrengthAreas of Strength
Areas of Strength
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Preparing Your Business For A Disaster
Preparing Your Business For A DisasterPreparing Your Business For A Disaster
Preparing Your Business For A Disaster
 
Ethics And Practice Management
Ethics And Practice ManagementEthics And Practice Management
Ethics And Practice Management
 
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
2009 Ala Region 5 OM01 Technology Management Strategies: Become a Lean, Mean ...
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
RenewData Corporate Brochure
RenewData Corporate BrochureRenewData Corporate Brochure
RenewData Corporate Brochure
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 

Recently uploaded

when will pi network coin be available on crypto exchange.
when will pi network coin be available on crypto exchange.when will pi network coin be available on crypto exchange.
when will pi network coin be available on crypto exchange.
DOT TECH
 
Analyzing the instability of equilibrium in thr harrod domar model
Analyzing the instability of equilibrium in thr harrod domar modelAnalyzing the instability of equilibrium in thr harrod domar model
Analyzing the instability of equilibrium in thr harrod domar model
ManthanBhardwaj4
 
can I really make money with pi network.
can I really make money with pi network.can I really make money with pi network.
can I really make money with pi network.
DOT TECH
 
The European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population agingThe European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population aging
GRAPE
 
Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...
Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...
Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...
Vighnesh Shashtri
 
where can I find a legit pi merchant online
where can I find a legit pi merchant onlinewhere can I find a legit pi merchant online
where can I find a legit pi merchant online
DOT TECH
 
一比一原版(IC毕业证)帝国理工大学毕业证如何办理
一比一原版(IC毕业证)帝国理工大学毕业证如何办理一比一原版(IC毕业证)帝国理工大学毕业证如何办理
一比一原版(IC毕业证)帝国理工大学毕业证如何办理
conose1
 
Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...
Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...
Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...
University of Calabria
 
1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf
Neal Brewster
 
how can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYChow can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYC
DOT TECH
 
Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...
Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...
Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
Falcon Invoice Discounting
 
BYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptxBYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptx
mikemetalprod
 
Donald Trump Presentation and his life.pptx
Donald Trump Presentation and his life.pptxDonald Trump Presentation and his life.pptx
Donald Trump Presentation and his life.pptx
SerdarHudaykuliyew
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
egoetzinger
 
The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.
DOT TECH
 
APP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the yearAPP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the year
telilaalilemlem
 
Scope Of Macroeconomics introduction and basic theories
Scope Of Macroeconomics introduction and basic theoriesScope Of Macroeconomics introduction and basic theories
Scope Of Macroeconomics introduction and basic theories
nomankalyar153
 
Intro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptxIntro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptx
shetivia
 
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdfTumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Henry Tapper
 

Recently uploaded (20)

when will pi network coin be available on crypto exchange.
when will pi network coin be available on crypto exchange.when will pi network coin be available on crypto exchange.
when will pi network coin be available on crypto exchange.
 
Analyzing the instability of equilibrium in thr harrod domar model
Analyzing the instability of equilibrium in thr harrod domar modelAnalyzing the instability of equilibrium in thr harrod domar model
Analyzing the instability of equilibrium in thr harrod domar model
 
can I really make money with pi network.
can I really make money with pi network.can I really make money with pi network.
can I really make money with pi network.
 
The European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population agingThe European Unemployment Puzzle: implications from population aging
The European Unemployment Puzzle: implications from population aging
 
Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...
Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...
Abhay Bhutada Leads Poonawalla Fincorp To Record Low NPA And Unprecedented Gr...
 
where can I find a legit pi merchant online
where can I find a legit pi merchant onlinewhere can I find a legit pi merchant online
where can I find a legit pi merchant online
 
一比一原版(IC毕业证)帝国理工大学毕业证如何办理
一比一原版(IC毕业证)帝国理工大学毕业证如何办理一比一原版(IC毕业证)帝国理工大学毕业证如何办理
一比一原版(IC毕业证)帝国理工大学毕业证如何办理
 
Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...
Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...
Eco-Innovations and Firm Heterogeneity. Evidence from Italian Family and Nonf...
 
1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf
 
how can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYChow can I sell pi coins after successfully completing KYC
how can I sell pi coins after successfully completing KYC
 
Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...
Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...
Tax System, Behaviour, Justice, and Voluntary Compliance Culture in Nigeria -...
 
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
innovative-invoice-discounting-platforms-in-india-empowering-retail-investors...
 
BYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptxBYD SWOT Analysis and In-Depth Insights 2024.pptx
BYD SWOT Analysis and In-Depth Insights 2024.pptx
 
Donald Trump Presentation and his life.pptx
Donald Trump Presentation and his life.pptxDonald Trump Presentation and his life.pptx
Donald Trump Presentation and his life.pptx
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.The secret way to sell pi coins effortlessly.
The secret way to sell pi coins effortlessly.
 
APP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the yearAPP I Lecture Notes to students 0f 4the year
APP I Lecture Notes to students 0f 4the year
 
Scope Of Macroeconomics introduction and basic theories
Scope Of Macroeconomics introduction and basic theoriesScope Of Macroeconomics introduction and basic theories
Scope Of Macroeconomics introduction and basic theories
 
Intro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptxIntro_Economics_ GPresentation Week 4.pptx
Intro_Economics_ GPresentation Week 4.pptx
 
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdfTumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
 

Conducting a fraud audit

  • 1. Investigation Process Planning and Conducting a Fraud Examination Investigation 1
  • 2. Fraud Examination • Fraud examination refers to a process of resolving allegations of fraud from inception to disposition. Tasks include:  Planning  Obtaining evidence INCULPATORY exculpatory  Reporting  Testifying to findings  Assisting in fraud detection and prevention • Forensic accounting is the use of professional accounting skills in matters involving potential or actual civil or criminal litigation. Investigation Page 2
  • 3. Fraud Examination Methodology • Assume Litigation Will Follow  Begin with the proposition that the case will end in litigation • Act on Predication  Should not conduct or continue fraud examinations without proper predication • Move from General to Specific  Informational witnesses first, then subject Investigation Page 3
  • 4. Definition of Predication Predication definition is the totality of circumstances that would lead a reasonable, professionally trained, and prudent individual to believe a fraud has occurred, is occurring, and/or will occur. Fraud examiners should not conduct or continue fraud examinations without proper predication definition; Data analytics is instrumental in helping a fraud examiner define predication. Define predication is the basis upon which a fraud investigation begins. Investigation Page 4
  • 5. Fraud Theory Approach • Analyzing available data • Creating a hypothesis • Testing the hypothesis • Refining and amending the hypothesis Investigation Page 5
  • 6. Develop a Fraud Response Plan/Policy • A fraud response policy/plan outlines the actions that members of an organization will take when suspicions of fraud have arisen. • Because every fraud is different, the response plan should not outline how a fraud examination should be conducted. • Instead, response plans should help organizations manage their responses and create environments to minimize risk and maximize the potential for success. Investigation Page 6
  • 7. Initial Response • Activate the response team. • Engage legal counsel, if necessary. • Consider contacting the insurance providers. • Address immediate concerns. • Conduct an initial assessment. • Document the initial response. Investigation Page 7
  • 8. Assemble the Fraud Team • Certified Fraud Examiners (CFEs) • Legal counsel • Accountants or auditors (internal or external) • Forensic accounting investigators • Audit committee members • Security personnel • Human resources (HR) personnel • A management representative • Information technology (IT) Personnel • Computer forensic experts • Data analytics specialists • External consultants • Industry specialists Investigation Page 8
  • 9. Dos and Don’ts • Consider size. • Check for conflicts. • Check for reporting issues. • Select team members to fit the demands and objectives. • Recognize unique skills. • Recruit members with the skills needed. • Select people who work well together. • Don’t select members who lack restraint or a sense of discretion. Investigation Page 9
  • 10. Developing an Investigation Plan • Review and gain a basic understanding of key issues. • Define the goals of the investigation. • Identify whom to keep informed. • Determine the scope of the investigation. • Establish the investigation’s timeframe. • Address the need for law enforcement assistance. • Define members’ roles and assign tasks. • Address operational/logical issues. • Outline the course of action. • Obtain the necessary resources. • Prepare the organization. Investigation Page 10
  • 11. Prepare the Organization • Whether or not a violation of the law occurred is not the primary focus – finding the facts is. • Prepare the managers of the employees involved. • Notify key decision makers. • Notify the organization’s in-house or outside counsel when investigation is about to begin. Investigation Page 11
  • 12. Preserving Confidentiality • Avoid Alerting the Suspect  Important to have information about the person who is being investigated and what he can access.  Limit the extent of any discussions.  Only inform those who need to know.  Inform employees of the consequences of a confidentiality breach.  Work discreetly without disrupting the office’s normal course of business.  Work fast.  Investigate during off hours. Investigation Page 12
  • 13. Preserving Confidentiality • Request Participant’s Confidentiality  Remind participants to refrain from discussion. • Guard Case Information  Store confidential documents in locked file cabinets or rooms.  Avoid talking in public places.  Avoid using email or other electronic means (e.g., text messages or instant messages) to transmit confidential case information. • Consider Implementing Any Applicable  Evidentiary Privileges E.g., legal professionals Investigation Page 13
  • 15. Creating A Chain of Custody • The chain of custody has the purpose of establishing from the time the evidence is collected to the time of its presentation to a court or perhaps to a regulatory body that it has been properly preserved from alteration or damage and thus retains its probative value. • Before gathering any evidence, the forensic accounting investigator should consider with counsel and the client the level of detailed record keeping necessary to establish the chain of custody over the evidence. • For the most part, establishing the chain of custody is merely a record-keeping procedure not very different from physical inventory procedures with which many accountants are familiar. • The procedure is used for establishing where the evidence came from and that it has been properly secured, principally against alteration, since it was acquired.
  • 16. Planning Considerations • Depending on the issue under investigation, it is often necessary to meet with the client to discuss the types of evidence you may require and to locate that evidence for the time periods under review. • Review of client’s record retention policies and whether there is compliance • Storage locations for paper records, both on- and offsite • Imaging technology used for transaction documents, such as customer invoices, vendor invoices, and contracts • Existence and storage of employee files • Existence of files at employees’ homes, including home computers • File retention practices at different corporate locations, which may vary substantially
  • 17. Planning Considerations • Organizational chart and reporting hierarchy • Storage medium for computerized records, both on- and offsite • Backup procedures used for employee computers and e-mail, including when backups occur and what information is lost or retained and what is contained on servers versus individual hard drives • Retention of records kept by or about former employees of the company • System changes in relation to corporate accounting systems or e-mail systems • Existence of documents related to outsourced corporate functions such as payroll and internal audit • Creation of a written plan for the collection of documents is frequently an excellent tool for focusing the efforts of the investigation team on material most likely to be relevant.
  • 19. Digital Forensics • Deleted files and other data that has not been overwritten • Temporary auto-save files • Print-spool files • Websites visited, even where the browser history and cache have been deleted • Communications sent via chat or IM • Documents, letters, and images created, modified, or accessed on the computer • The time and date information about files Investigation Page 19
  • 20. Digital Forensics • Digital evidence is more volatile than paper information; therefore, it can be easily altered or destroyed. • Integrity must be preserved. • If files are destroyed, it can give rise to a claim of spoliation of evidence. • If authenticity is not supported or proven, evidence will be inadmissible. • Rules are the same. Investigation Page 20
  • 21. Locating Evidence • User-Created Files • User-Protected Files  Camouflaged files  Steganography  Encryption • Detection Methods  Visual anomalies in jpeg, bmp, gif files  Audible anomalies in wav, mp3, mpeg files  Statistical properties of files deviate from norm Structural oddities suggest manipulation (e.g., size, date, time differences) Investigation Page 21
  • 22. Locating Evidence • Printers  Internal hard drives • Copiers and Scanners  Internal storage • Fax machines • Backup storage devices • Removable storage • Smartphones • Cloud environments Investigation Page 22
  • 23. Privacy Issues • Search policy should include personal electronic devices:  Smartphones  USB flash drives  MP3 players  Laptops • Written privacy policy Investigation Page 23
  • 24. Computer Investigation and Digital Forensics • Digital forensics typically involve these phases:  Seizing  Imaging  Analyzing  Reporting and testifying Investigation Page 24
  • 25. Collecting Volatile Data • If the computer is off, leave it off. • Collect volatile data “live” if required. • Some data may be lost if the machine is shut down. • Data can be collected while the machine is still on. Investigation Page 25
  • 26. Secure the Evidence • Don’t shut down the system using normal shutdown routines. • The primary rule is: “If the computer is off, don’t turn it on.” Investigation Page 26
  • 27. Considerations When Seizing Evidence • Be certain to document the scene with photographs or a diagram, depending on the complexity of the setup. Remember that it might be a year or longer before testimony about what the office looked like on the day of the seizure will be asked for in a legal proceeding. Investigation Page 27
  • 28. Identifying Digital Evidence • View of server’s wires • Another reason to photograph the scene Investigation Page 28
  • 29. Considerations When Seizing Evidence • Many people write down or record their passwords near their computers. Fraud examiners should look around for notes that may appear to be passwords. This practice may aid in the discovery of passwords needed to access encrypted data in the event that the subject of the investigation is being uncooperative. Investigation Page 29
  • 30. Imaging • Image acquisition involves using a standalone hard drive duplicator or similar device to duplicate a computer’s entire drive without altering it. • This process is known as imaging because it takes a hard drive and images it to another hard disk drive or other media. Investigation Page 30
  • 31. Analyzing • Best to use a combination of various forensic tools during the analysis phase. • Fraud examiners should look for inculpatory evidence (i.e., evidence that serves to incriminate the subject of the investigation) and exculpatory evidence (i.e., evidence that serves to disprove the subject’s involvement in the misconduct). • Primary concern is to maintain the integrity of the data at all times. Investigation Page 31
  • 33. Report Structure • Generally, the following sections should be included in fraud examination reports:  Background  Executive summary  Scope  Approach  Findings  Summary  Impact Investigation Page 33
  • 34. Characteristics of a Good Report • A well-written report contains the following four characteristics:  Accuracy  Use memorandum that documents the details of the interview.  Clarity  Avoid using jargon and technical terms; explain terms if used.  Impartiality / Relevance  Report all facts without bias; include relevant info.  Timeliness Investigation Page 34
  • 35. Reporting Mistakes • Conclusions—based upon observations of the evidence • Opinions—interpretation of facts • Be cautious about drawing conclusions • Conclusions should be self-evident and not necessarily pointed out in the report  If not obvious, clarify report Investigation Page 35
  • 36. Opinions • Do not express an opinion on legal guilt or innocence. • No opinion about integrity or veracity of witness in report. • Opinions on technical matters permitted if fraud examiner is an expert in the matter. Examples:  Permissible expert opinion might be in regard to the relative adequacy of an entity’s internal controls.  Another might discuss whether financial transactions conform to generally accepted accounting principles. Investigation Page 36