SlideShare a Scribd company logo

Fraud auditing creative techniques

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area. The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court. This session Fraud Auditing Creative Techniques • Auditing Techniques • Auditing method 1- 'Tiger Team Test" • Auditing method 2- "Application of Benford's Theorem" • Auditing method 3- "Use of Barium test" • Auditing method 4- " Use of Birbal tricks and traps" • Auditing method 5- "Application of inverse logic" • Auditing method 6- "Use of Space-time dimension in data evaluation"

Business
1 of 30
Download to read offline
10/19/2017 1 Fraud Auditing Creative Techniques October 19, 2017 About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
10/19/2017 2 About Richard Cascarino, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 3 About AuditNet® LLC • AuditNet®, the global resource for auditors, is available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Training without Travel Webinars focusing on fraud, data analytics, IT audit, and internal audit • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors • NASBA Approved CPE Sponsor Introductions Page 4
10/19/2017 3 Housekeeping This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden.  If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual  This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link.  We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.  If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE per NASBA.  If you meet the NASBA criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event.  Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.  Please complete the evaluation questionnaire to help us continuously improve our Webinars. IMPORTANT INFORMATION REGARDING CPE!  SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event.  NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions!  We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io  Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE.  We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question.
10/19/2017 4 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC Today’s Agenda  When Should You investigate Fraud?  Auditing Techniques  Auditing method 1- “Tiger Team Test"  Auditing method 2- "Application of Benford's Theorem"  Auditing method 3- "Use of Barium test"  Auditing method 4- " Use of Birbal tricks and traps"  Auditing method 5- "Application of inverse logic"  Auditing method 6- "Use of Space-time dimension in data evaluation" Page 8
10/19/2017 5 When Should You Investigate Fraud? Consider the following: strength of the predication cost of the investigation exposure or amount that could have been taken the signal that investigation or non-investigation will send to others in the organization 9 What is Meant by “Predication of Fraud?” Circumstances, taken as a whole, that leads a reasonable prudent professional to believe a fraud is occurring, or has occurred, or will occur 10
10/19/2017 6 When Should You Investigate Fraud? risks of investigating and not investigating public exposure or loss of reputation from investigating and not investigating nature of the possible fraud 11 Fraud Investigation Methods Once there is predication, determine the: Who? How? How much? Questions of the fraud. 12
10/19/2017 7 Where the Evidence Resides  Data files  Volatile data in kernel structures  Slack space  Free or unallocated space  The logical file system  events log  application logs  the registry  the swap file  special application files  temporary files  the recycle bin  the printer spool  email sent or received POLLING QUESTION
10/19/2017 8 Applying Benford’s Law  Benford’s Law was first used by accountants in late 1980 Benford’s Law History  Simon Newcomb – 1881  Frank Benford – 1938  Roger Pinkham – 1961  Theodore Hill – 1995  Mark Nigrini “Benford’s Law” Wiley, 2012
10/19/2017 9 What Is Benford’s Law  BENFORD’S LAW FORMULA The probability of any number “d” from 1 through 9 being the first digit is…. Log10 (1 + 1/d) What Is Benford’s Law?  Benford’s law gives the probability of obtaining digits 1 through 9 in each position of a number.  For example, 3879 3 - first digit 8 - second digit 7 - third digit 9 – fourth digit
10/19/2017 10 What Is Benford’s Law  Most people assume the probability is 1/9 that the first digit will be 1 - 9  This would mean digits are equally likely to occur, but this is not the case  According to Benford’s Law the probability of obtaining a 1 in the first digit position is 30.1% Expected Frequencies Based on Benford’s Law Digit 1 st Place 2 nd Place 3 rd Place 4 th Place 0 0.11968 0.10178 0.10018 1 0.30103 0.11389 0.10138 0.10014 2 0.17609 0.19882 0.10097 0.1001 3 0.12494 0.10433 0.10057 0.10006 4 0.09691 0.10031 0.10018 0.10002 5 0.07918 0.09668 0.09979 0.09998 6 0.06695 0.09337 0.0994 0.09994 7 0.05799 0.0935 0.09902 0.0999 8 0.05115 0.08757 0.09864 0.09986 9 0.04576 0.085 0.09827 0.09982 Source: Nigrini, 1996.
10/19/2017 11 Types of Data That Conform  Accounts payable data  Accounts receivable data  Estimations in the general ledger  Relative size of inventory unit prices among locations  New combinations of selling prices  Customer refunds  Duplicate payments Uses in Fraud Investigations  Invented or altered numbers are not likely to follow Benford’s Law Human choices are not random  1993, State of Arizona v.Wayne James Nelson
10/19/2017 12 POLLING QUESTION Tiger Team Auditing  Tiger teams Groups assembled to actively test a system Members have expertise in security and fraud Commonly used in the past 24
10/19/2017 13 Use of Barium test  Barium test is a clinical technique involving: Use of a radio-opaque medium to expose abnormalities in internal systems which would not be visible in conventional X-ray internal testing  Audit application To detect abnormalities within systems which would not be observable in common audit tests Involves introducing transactions which would be observable within normal tests 25 Barium Testing  May include audit techniques such as: Parallel Simulation Test Data Integrated Test Facility 26
10/19/2017 14 Birbal tricks and traps  Raja Birbal, was a Hindu advisor in the court of the Mughal emperor Akbar  Birbal could guess what a thief had in mind and plan a situation so as to trap him  Chetan Dalal, an Indian Fraud Examiner is credited with applying Birbal Tricks and traps to fraud investigation 27 Birbals Litmus Test  A suspect’s honesty or dishonesty can be identified in an investigation by observing his reactions and general behavior for example: Cashier suspected of theft Auditor surreptitiously removed some cash from the transaction log Honest cashier on seeing a shortfall would: A) report it or B) keep quiet and hope nobody notices A subsequent audit showing no shortfall may indicate that the books were recooked to cover up the Litmus test indicates dishonesty is probable 28
10/19/2017 15 Application of inverse logic  Logically Fraud involves theft  Inverse logic Theft involves fraud  Not necessarily true 29 Use of Space-time dimension in data evaluation  A method for detecting anomalous patterns in general categorical data set  Detecting anomalous patterns in massive, multivariate data sets  Dynamic query interfaces (DQIs) are a recently developed database access mechanism that provides continuous real-time feedback to the user during query formulation  May be used in Anomaly detection 30
10/19/2017 16 POLLING QUESTION What are Anomalies?  Anomaly is a pattern in the data that does not conform to the expected behavior  Also referred to as outliers, exceptions, peculiarities, surprise, etc.  Anomalies translate to significant (often critical) real life entities Cyber intrusions Credit card fraud
10/19/2017 17 Key Challenges  Defining a representative normal region is challenging  The boundary between normal and outlying behavior is often not precise  The exact notion of an outlier is different for different application domains  Availability of labelled data for training/validation  Malicious adversaries  Data might contain noise  Normal behavior keeps evolving Types of Anomaly  Point Anomalies  Contextual Anomalies  Collective Anomalies
10/19/2017 18 Point Anomalies  An individual data instance is anomalous with respect to the data X Y N1 N2 o1 o2 O3 Contextual Anomalies  An individual data instance is anomalous within a context  Requires a notion of context  Also referred to as conditional anomalies* * Xiuyao Song, Mingxi Wu, Christopher Jermaine, Sanjay Ranka, Conditional Anomaly Detection, IEEE Transactions on Data and Knowledge Engineering, 2006. Normal Anomaly
10/19/2017 19 Collective Anomalies  A collection of related data instances is anomalous  Requires a relationship among data instances Sequential Data Spatial Data Graph Data  The individual instances within a collective anomaly are not anomalous by themselves Anomalous Subsequence Anomaly Detection Problems  Nature of input data  Availability of supervision  Type of anomaly: point, contextual, structural  Output of anomaly detection  Evaluation of anomaly detection techniques
10/19/2017 20 Data Classification  Main idea: build a classification model for normal (and anomalous (rare)) events based on labelled data, and use it to classify each new unseen event  Classification models must be able to handle skewed (imbalanced) class distributions  Categories:  Supervised classification techniques  Require knowledge of both normal and anomaly class  Build classifier to distinguish between normal and known anomalies  Semi-supervised classification techniques  Require knowledge of normal class only!  Use modified classification model to learn the normal behavior and then detect any deviations from normal behavior as anomalous Using ACL to Detect Fraud  Anomalous records could include both transactions and master file entries which indicate violations of the organization’s policies and procedures or legal violations of statue. Such violations could include items such as:  Customers with account balances exceeding their credit limits  Excessive use of sole vendors  Vendors with unusual or overseas bank accounts  Dormant vendors  Duplicate vendors  Duplicate employees  Invalid Social Security numbers on employee records  Excessive use of overtime  Loans which are past due  Transactions over corporate limits 40
10/19/2017 21 Statistics Based Techniques  Data points are modelled using stochastic distribution  points are determined to be outliers depending on their relationship with this model  Advantage  Utilize existing statistical modelling techniques to model various type of distributions  Challenges  With high dimensions, difficult to estimate distributions  Parametric assumptions often do not hold for real data sets Types of Statistical Techniques  Parametric Techniques Assume that the normal (and possibly anomalous) data is generated from an underlying parametric distribution Learn the parameters from the normal sample Determine the likelihood of a test instance to be generated from this distribution to detect anomalies  Non-parametric Techniques Do not assume any knowledge of parameters Use non-parametric techniques to learn a distribution – e.g. parzen window estimation
10/19/2017 22 Application of Dynamic Graphics  Apply dynamic graphics to the exploratory analysis of spatial data.  Visualization tools are used to examine local variability to detect anomalies  Manual inspection of plots of the data that display its marginal and multivariate distributions * Haslett, J. et al. Dynamic graphics for exploring spatial data with application to locating global and local anomalies. The American Statistician Anomaly vs Misuse Detection  Anomaly detection is based on profiles that represent normal behavior of users, hosts, or networks, and detecting attacks as significant deviations from this profile  Major benefit - potentially able to recognize unforeseen attacks.  Major limitation - possible high false alarm rate, since detected deviations do not necessarily represent actual attacks  Major approaches: statistical methods, expert systems, clustering, neural networks, support vector machines, outlier detection schemes  Misuse detection is based on extensive knowledge of patterns associated with known attacks provided by human experts  Existing approaches: pattern (signature) matching, expert systems, state transition analysis, data mining  Major limitations:  Unable to detect novel & unanticipated attacks  Signature database has to be revised for each new type of discovered attack
10/19/2017 23 Accounting Anomalies  Missing documents.  Excessive voids or credits.  Increased reconciliation items.  Alterations on documents.  Duplicate payments.  Common names or addresses of payees or customers  Increased past due accounts. POLLING QUESTION
10/19/2017 24 ACL Testing Techniques  Analytic Techniques Statistical samples Seeking Duplicates and Missing Items Use of pivot tables Trend analysis Continuous monitoring  Compliance Analysis of Transaction by Teller Unauthorized internet access Pricing rules not followed 47 ACL Testing Techniques  Fraud Identify duplicate employees in the employee master table Excessive sole vendor contracts Ghost employees Duplicate payments Benford analysis 48
10/19/2017 25 Software to Detect Fraud  Provide reports for customer credits, adjustment accounts, inventory spoilage or loss, fixed-asset write- offs.  Detect unusual anomalies such as unusual amounts or patterns  Compare vendor addresses and phone numbers with employee data  Use Range or Limit Validation to detect fraudulent transactions  Logged computer activity, login or password attempts, data access attempts, and geographical location data access. 49 Red flags software can detect  Out-of-sequence checks  Large number of voids or refunds made by employee or customer  Manually prepared checks from large company  Payments sent to nonstandard (unofficial) address  Unexplained changes in vendor activity  Vendors with similar names or addresses  Unapproved vendor or new vendor with high activity 50
10/19/2017 26 POLLING QUESTION TeamMate Analytics Demo  Demo available from http://www.teammatesolutions.com/data- analytics.aspx 52
10/19/2017 27 Forensic Software  The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks  Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer.  DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). 53 Forensic Software  Forensic Control - List of over 130 free tools provided as a free resource for all. Updated several times a year No support or warranties for the listed software User’s responsibility to verify licensing agreements.  SANS Investigative Forensic Toolkit (SIFT) Developed by SANS and made available to the whole community as a public service. 54
10/19/2017 28 Forensic Analysis  Physical Analysis  String search DOS-based StringSearch - http://www.maresware.com  Search and extract  eg $4A $46 $49 $46 $00 $01 is start of a JPEG file  http://www.wotsit.org  File slack and free space extraction  http://www.nti.com  Logical Analysis  Logical File space  Slack space  Unallocated space 55 POLLING QUESTION
10/19/2017 29 Questions? Any Questions? Don’t be Shy! AuditNet® and cRisk Academy If you would like forever access to this webinar recording If you are watching the recording, and would like to obtain CPE credit for this webinar Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacade my.com Use coupon code: 50OFF for a discount on this webinar for one week
10/19/2017 30 Thank You! Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Richard Cascarino & Associates Cell: +1 970 819 7963 - South Africa +27 (0)78 980 7685 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino Page 59

Recommended

How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social MediaJim Kaplan CIA CFE
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork WebinarJim Kaplan CIA CFE
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 

Recommended

How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social MediaJim Kaplan CIA CFE
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork WebinarJim Kaplan CIA CFE
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksJim Kaplan CIA CFE
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsJim Kaplan CIA CFE
 
The Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsThe Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsJim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliersJim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and CountermeasuresJim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slidesJim Kaplan CIA CFE
 
20160210 webinarslides
20160210 webinarslides20160210 webinarslides
20160210 webinarslidesJim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analyticsJim Kaplan CIA CFE
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 

More Related Content

What's hot

Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksJim Kaplan CIA CFE
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsJim Kaplan CIA CFE
 
The Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsThe Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsJim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 

What's hot (20)

Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & Culture
 
Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excel
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reporting
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risks
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data Analytics
 
The Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsThe Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data Analytics
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
20160210 webinarslides
20160210 webinarslides20160210 webinarslides
20160210 webinarslides
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 

Similar to Fraud auditing creative techniques

Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudFraudBusters
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
5 Things Your Intake Strategy Needs to Take on More Clients With Ease
5 Things Your Intake Strategy Needs to Take on More Clients With Ease5 Things Your Intake Strategy Needs to Take on More Clients With Ease
5 Things Your Intake Strategy Needs to Take on More Clients With EaseClio - Cloud-Based Legal Technology
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
The Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudThe Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudFraudBusters
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 

Similar to Fraud auditing creative techniques (20)

Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slides
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay Fraud
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
 
5 Things Your Intake Strategy Needs to Take on More Clients With Ease
5 Things Your Intake Strategy Needs to Take on More Clients With Ease5 Things Your Intake Strategy Needs to Take on More Clients With Ease
5 Things Your Intake Strategy Needs to Take on More Clients With Ease
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
The Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudThe Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding Fraud
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 

More from Jim Kaplan CIA CFE

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated AnalyticsJim Kaplan CIA CFE
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceJim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 

More from Jim Kaplan CIA CFE (10)

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics Excellence
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 

Recently uploaded

Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 

Recently uploaded (20)

Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 

Fraud auditing creative techniques

  • 1. 10/19/2017 1 Fraud Auditing Creative Techniques October 19, 2017 About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
  • 2. 10/19/2017 2 About Richard Cascarino, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 3 About AuditNet® LLC • AuditNet®, the global resource for auditors, is available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Training without Travel Webinars focusing on fraud, data analytics, IT audit, and internal audit • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors • NASBA Approved CPE Sponsor Introductions Page 4
  • 3. 10/19/2017 3 Housekeeping This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden.  If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual  This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link.  We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.  If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE per NASBA.  If you meet the NASBA criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event.  Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.  Please complete the evaluation questionnaire to help us continuously improve our Webinars. IMPORTANT INFORMATION REGARDING CPE!  SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event.  NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions!  We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io  Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE.  We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question.
  • 4. 10/19/2017 4 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC Today’s Agenda  When Should You investigate Fraud?  Auditing Techniques  Auditing method 1- “Tiger Team Test"  Auditing method 2- "Application of Benford's Theorem"  Auditing method 3- "Use of Barium test"  Auditing method 4- " Use of Birbal tricks and traps"  Auditing method 5- "Application of inverse logic"  Auditing method 6- "Use of Space-time dimension in data evaluation" Page 8
  • 5. 10/19/2017 5 When Should You Investigate Fraud? Consider the following: strength of the predication cost of the investigation exposure or amount that could have been taken the signal that investigation or non-investigation will send to others in the organization 9 What is Meant by “Predication of Fraud?” Circumstances, taken as a whole, that leads a reasonable prudent professional to believe a fraud is occurring, or has occurred, or will occur 10
  • 6. 10/19/2017 6 When Should You Investigate Fraud? risks of investigating and not investigating public exposure or loss of reputation from investigating and not investigating nature of the possible fraud 11 Fraud Investigation Methods Once there is predication, determine the: Who? How? How much? Questions of the fraud. 12
  • 7. 10/19/2017 7 Where the Evidence Resides  Data files  Volatile data in kernel structures  Slack space  Free or unallocated space  The logical file system  events log  application logs  the registry  the swap file  special application files  temporary files  the recycle bin  the printer spool  email sent or received POLLING QUESTION
  • 8. 10/19/2017 8 Applying Benford’s Law  Benford’s Law was first used by accountants in late 1980 Benford’s Law History  Simon Newcomb – 1881  Frank Benford – 1938  Roger Pinkham – 1961  Theodore Hill – 1995  Mark Nigrini “Benford’s Law” Wiley, 2012
  • 9. 10/19/2017 9 What Is Benford’s Law  BENFORD’S LAW FORMULA The probability of any number “d” from 1 through 9 being the first digit is…. Log10 (1 + 1/d) What Is Benford’s Law?  Benford’s law gives the probability of obtaining digits 1 through 9 in each position of a number.  For example, 3879 3 - first digit 8 - second digit 7 - third digit 9 – fourth digit
  • 10. 10/19/2017 10 What Is Benford’s Law  Most people assume the probability is 1/9 that the first digit will be 1 - 9  This would mean digits are equally likely to occur, but this is not the case  According to Benford’s Law the probability of obtaining a 1 in the first digit position is 30.1% Expected Frequencies Based on Benford’s Law Digit 1 st Place 2 nd Place 3 rd Place 4 th Place 0 0.11968 0.10178 0.10018 1 0.30103 0.11389 0.10138 0.10014 2 0.17609 0.19882 0.10097 0.1001 3 0.12494 0.10433 0.10057 0.10006 4 0.09691 0.10031 0.10018 0.10002 5 0.07918 0.09668 0.09979 0.09998 6 0.06695 0.09337 0.0994 0.09994 7 0.05799 0.0935 0.09902 0.0999 8 0.05115 0.08757 0.09864 0.09986 9 0.04576 0.085 0.09827 0.09982 Source: Nigrini, 1996.
  • 11. 10/19/2017 11 Types of Data That Conform  Accounts payable data  Accounts receivable data  Estimations in the general ledger  Relative size of inventory unit prices among locations  New combinations of selling prices  Customer refunds  Duplicate payments Uses in Fraud Investigations  Invented or altered numbers are not likely to follow Benford’s Law Human choices are not random  1993, State of Arizona v.Wayne James Nelson
  • 12. 10/19/2017 12 POLLING QUESTION Tiger Team Auditing  Tiger teams Groups assembled to actively test a system Members have expertise in security and fraud Commonly used in the past 24
  • 13. 10/19/2017 13 Use of Barium test  Barium test is a clinical technique involving: Use of a radio-opaque medium to expose abnormalities in internal systems which would not be visible in conventional X-ray internal testing  Audit application To detect abnormalities within systems which would not be observable in common audit tests Involves introducing transactions which would be observable within normal tests 25 Barium Testing  May include audit techniques such as: Parallel Simulation Test Data Integrated Test Facility 26
  • 14. 10/19/2017 14 Birbal tricks and traps  Raja Birbal, was a Hindu advisor in the court of the Mughal emperor Akbar  Birbal could guess what a thief had in mind and plan a situation so as to trap him  Chetan Dalal, an Indian Fraud Examiner is credited with applying Birbal Tricks and traps to fraud investigation 27 Birbals Litmus Test  A suspect’s honesty or dishonesty can be identified in an investigation by observing his reactions and general behavior for example: Cashier suspected of theft Auditor surreptitiously removed some cash from the transaction log Honest cashier on seeing a shortfall would: A) report it or B) keep quiet and hope nobody notices A subsequent audit showing no shortfall may indicate that the books were recooked to cover up the Litmus test indicates dishonesty is probable 28
  • 15. 10/19/2017 15 Application of inverse logic  Logically Fraud involves theft  Inverse logic Theft involves fraud  Not necessarily true 29 Use of Space-time dimension in data evaluation  A method for detecting anomalous patterns in general categorical data set  Detecting anomalous patterns in massive, multivariate data sets  Dynamic query interfaces (DQIs) are a recently developed database access mechanism that provides continuous real-time feedback to the user during query formulation  May be used in Anomaly detection 30
  • 16. 10/19/2017 16 POLLING QUESTION What are Anomalies?  Anomaly is a pattern in the data that does not conform to the expected behavior  Also referred to as outliers, exceptions, peculiarities, surprise, etc.  Anomalies translate to significant (often critical) real life entities Cyber intrusions Credit card fraud
  • 17. 10/19/2017 17 Key Challenges  Defining a representative normal region is challenging  The boundary between normal and outlying behavior is often not precise  The exact notion of an outlier is different for different application domains  Availability of labelled data for training/validation  Malicious adversaries  Data might contain noise  Normal behavior keeps evolving Types of Anomaly  Point Anomalies  Contextual Anomalies  Collective Anomalies
  • 18. 10/19/2017 18 Point Anomalies  An individual data instance is anomalous with respect to the data X Y N1 N2 o1 o2 O3 Contextual Anomalies  An individual data instance is anomalous within a context  Requires a notion of context  Also referred to as conditional anomalies* * Xiuyao Song, Mingxi Wu, Christopher Jermaine, Sanjay Ranka, Conditional Anomaly Detection, IEEE Transactions on Data and Knowledge Engineering, 2006. Normal Anomaly
  • 19. 10/19/2017 19 Collective Anomalies  A collection of related data instances is anomalous  Requires a relationship among data instances Sequential Data Spatial Data Graph Data  The individual instances within a collective anomaly are not anomalous by themselves Anomalous Subsequence Anomaly Detection Problems  Nature of input data  Availability of supervision  Type of anomaly: point, contextual, structural  Output of anomaly detection  Evaluation of anomaly detection techniques
  • 20. 10/19/2017 20 Data Classification  Main idea: build a classification model for normal (and anomalous (rare)) events based on labelled data, and use it to classify each new unseen event  Classification models must be able to handle skewed (imbalanced) class distributions  Categories:  Supervised classification techniques  Require knowledge of both normal and anomaly class  Build classifier to distinguish between normal and known anomalies  Semi-supervised classification techniques  Require knowledge of normal class only!  Use modified classification model to learn the normal behavior and then detect any deviations from normal behavior as anomalous Using ACL to Detect Fraud  Anomalous records could include both transactions and master file entries which indicate violations of the organization’s policies and procedures or legal violations of statue. Such violations could include items such as:  Customers with account balances exceeding their credit limits  Excessive use of sole vendors  Vendors with unusual or overseas bank accounts  Dormant vendors  Duplicate vendors  Duplicate employees  Invalid Social Security numbers on employee records  Excessive use of overtime  Loans which are past due  Transactions over corporate limits 40
  • 21. 10/19/2017 21 Statistics Based Techniques  Data points are modelled using stochastic distribution  points are determined to be outliers depending on their relationship with this model  Advantage  Utilize existing statistical modelling techniques to model various type of distributions  Challenges  With high dimensions, difficult to estimate distributions  Parametric assumptions often do not hold for real data sets Types of Statistical Techniques  Parametric Techniques Assume that the normal (and possibly anomalous) data is generated from an underlying parametric distribution Learn the parameters from the normal sample Determine the likelihood of a test instance to be generated from this distribution to detect anomalies  Non-parametric Techniques Do not assume any knowledge of parameters Use non-parametric techniques to learn a distribution – e.g. parzen window estimation
  • 22. 10/19/2017 22 Application of Dynamic Graphics  Apply dynamic graphics to the exploratory analysis of spatial data.  Visualization tools are used to examine local variability to detect anomalies  Manual inspection of plots of the data that display its marginal and multivariate distributions * Haslett, J. et al. Dynamic graphics for exploring spatial data with application to locating global and local anomalies. The American Statistician Anomaly vs Misuse Detection  Anomaly detection is based on profiles that represent normal behavior of users, hosts, or networks, and detecting attacks as significant deviations from this profile  Major benefit - potentially able to recognize unforeseen attacks.  Major limitation - possible high false alarm rate, since detected deviations do not necessarily represent actual attacks  Major approaches: statistical methods, expert systems, clustering, neural networks, support vector machines, outlier detection schemes  Misuse detection is based on extensive knowledge of patterns associated with known attacks provided by human experts  Existing approaches: pattern (signature) matching, expert systems, state transition analysis, data mining  Major limitations:  Unable to detect novel & unanticipated attacks  Signature database has to be revised for each new type of discovered attack
  • 23. 10/19/2017 23 Accounting Anomalies  Missing documents.  Excessive voids or credits.  Increased reconciliation items.  Alterations on documents.  Duplicate payments.  Common names or addresses of payees or customers  Increased past due accounts. POLLING QUESTION
  • 24. 10/19/2017 24 ACL Testing Techniques  Analytic Techniques Statistical samples Seeking Duplicates and Missing Items Use of pivot tables Trend analysis Continuous monitoring  Compliance Analysis of Transaction by Teller Unauthorized internet access Pricing rules not followed 47 ACL Testing Techniques  Fraud Identify duplicate employees in the employee master table Excessive sole vendor contracts Ghost employees Duplicate payments Benford analysis 48
  • 25. 10/19/2017 25 Software to Detect Fraud  Provide reports for customer credits, adjustment accounts, inventory spoilage or loss, fixed-asset write- offs.  Detect unusual anomalies such as unusual amounts or patterns  Compare vendor addresses and phone numbers with employee data  Use Range or Limit Validation to detect fraudulent transactions  Logged computer activity, login or password attempts, data access attempts, and geographical location data access. 49 Red flags software can detect  Out-of-sequence checks  Large number of voids or refunds made by employee or customer  Manually prepared checks from large company  Payments sent to nonstandard (unofficial) address  Unexplained changes in vendor activity  Vendors with similar names or addresses  Unapproved vendor or new vendor with high activity 50
  • 26. 10/19/2017 26 POLLING QUESTION TeamMate Analytics Demo  Demo available from http://www.teammatesolutions.com/data- analytics.aspx 52
  • 27. 10/19/2017 27 Forensic Software  The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks  Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer.  DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). 53 Forensic Software  Forensic Control - List of over 130 free tools provided as a free resource for all. Updated several times a year No support or warranties for the listed software User’s responsibility to verify licensing agreements.  SANS Investigative Forensic Toolkit (SIFT) Developed by SANS and made available to the whole community as a public service. 54
  • 28. 10/19/2017 28 Forensic Analysis  Physical Analysis  String search DOS-based StringSearch - http://www.maresware.com  Search and extract  eg $4A $46 $49 $46 $00 $01 is start of a JPEG file  http://www.wotsit.org  File slack and free space extraction  http://www.nti.com  Logical Analysis  Logical File space  Slack space  Unallocated space 55 POLLING QUESTION
  • 29. 10/19/2017 29 Questions? Any Questions? Don’t be Shy! AuditNet® and cRisk Academy If you would like forever access to this webinar recording If you are watching the recording, and would like to obtain CPE credit for this webinar Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacade my.com Use coupon code: 50OFF for a discount on this webinar for one week
  • 30. 10/19/2017 30 Thank You! Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Richard Cascarino & Associates Cell: +1 970 819 7963 - South Africa +27 (0)78 980 7685 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino Page 59