Chapter Ten

1
Chapter Ten

• Fraud and Forensic Auditing

2
Definition of Fraud

• any act involving the use of deception to
  obtain an illegal advantage. (ISACA
  Irregularities and Illegal Acts Guideline 30)

3
Why Fraud Occurs
Opportunity
Fraud Triangle
Pressure
Rationalization
4
Major Fraud Studies

• The COSO Studies (1987, 1999)
• 1998 KPMG Fraud Study
• 2002 Wells Report

5
Characteristics of Fraud

• 2002 Cost 600 billion
• Problematic industries
• Computer
• Manufacturing
• Financial services

6
3 Categories of Fraud (See Figure 10-4)

• Asset misappropriation (85.7)
• Corruption (12.8)
• Fraudulent financial statements (5.1, but
  highest dollar amount)
• See Figure 10-4

7
Responsibilities to Detect Fraud

• Corporate
• Positive security model a necessity
• Corporate fraud policy
• Ethical tone at the top
• Policies on computer use and abuse
• Network security policy

8
Auditors Responsibility-SAS 99

• Supersedes SAS 82
• Effective December 15, 2002
• Incorporates the fraud triangle and requires
  audit team to consider the fraud triangle
• Professional skepticism
• Expanded team discussions, brainstorming
• Revenue recognition
• Technology

9
Sarbanes-Oxley Act of 2002

• Public Oversight Board established
• Increased audit committee responsibilities
• Specifically prohibited activities
• 8 nonaudit services now prohibited by company
  also performing the audit
• Criminal sanctions
• Whistleblower protection

10
Forensic Auditing

• Investigating known or suspected fraud
• Computer forensics
• The use of computer technology to investigate
  fraud

11
Conducting the Forensic Investigation

• Gathering evidence
• Rules of Evidence must be carefully followed
• Chain of custody critical
• Interviewing personnel
• Invigilation
• Indirect methods of proof

12
Prosecution

• Must establish chain of custody
• Must prove 4 elements of fraud exist
• Misrepresentation of a material fact
• Intent to defraud
• Justifiable reliance
• Resulting in an injury

13
Tools of Computer Forensics

• Screwdriver and pliers
• Disk imaging software
• Hash calculation utility
• Search utilities
• File and data recovery tools
• File viewing utilities
• Password cracking software
• Digital camera