Audit ApproachFraud

1
ACG 4671 Internal Auditing
2

• CHAPTER 7
• Fraud
• The thing about moneyis that it makes you do
  things
• you dont want to do
• Lou Mannheim (Hal Holbrook)
• Greed is good
• Gordon Gekko (Michael Douglas)
• Wall Street (1987)

3
Overview

• Fraud
• Theory
• Prevention and Detection
• IT Fraud
• Types

4
Concerns

• Enron (2001) largest overall impact on the
  economy and most publicized fraud
• WorldCom (2002) 11 billion, largest U.S. fraud
• Parmalat (2004) 18 billion, largest global
  fraud

5
Concerns

• Why do internal auditors fail to detect fraud?
• Unwillingness to look for fraud
• Too much trust in auditees
• Not enough emphasis on audit quality
• Lack of support by management
• Failure to focus on high-risk areas

6
Red Flags

• Potential Warning Signs of Fraudulent Activity
  (per AICPA)
• Lack of written corporate policies and procedures
• Lack of compliance with internal controls
• Segregation of duties conflicts
• Handwritten checks in a computerized environment
• Reluctance by management to report criminal
  activities
• Checks written to cash in large amounts
• Funds transfers to offshore bank accounts
• Officers and management living above their means
• Frequent and unusual related-party transactions
• Unused vacation time

7
Red Flags

• Reasons for Committing Fraud
• Employee desperately in need of money
• Disgruntled employee
• Challenge to beat the system
• Lax internal controls
• Low probability of detection / prosecution
• Management indifference
• Lack of loyalty or feeling of ownership
• Unreasonable budget expectations or financial
  targets
• Compensation less than market value poor
  promotion opportunities
• GREED!!!

8
Public Accountings Role

• SAS 99 Consideration of Fraud in a Financial
  Statement Audit
• Issued October 2002
• Defined fraud as an intentional act that results
  in a material misstatement in financial
  statements
• Two types of fraud
• Fraudulent financial reporting
• Misappropriation of assets
• Three conditions present when fraud occurs
• Incentive or pressure (the reason)
• Opportunity exists
• Attitude (rationalization)

9
Public Accountings Role

• Requirements of SAS 99
• Brainstorming sessions of where the financial
  statements might be susceptible to material
  misstatement
• Gather information necessary to identify risks of
  material misstatement (management inquiry, fraud
  risk factors)
• Use the information gathered above (how to
  identify and assess risk). Specifically mentions
  revenue recognition and management override of
  controls
• Evaluate entitys programs and controls to
  address identified risks
• Assess the risk of material misstatement due to
  fraud throughout the audit
• Communication of ANY fraud to management, audit
  committee, BOD

10
IIA Standards

• Standard 1210.A2
• The internal auditor should have sufficient
  knowledge to identify the indicators of fraud but
  is not expected to have the expertise of a person
  whose primary responsibility is detecting and
  investigating fraud.

11
IIA Standards

• Practice Advisory 1210.A2-1
• The principal mechanism for deterring fraud is
  control. Primary responsibility for establishing
  and maintaining control rests with management.
• Internal auditors are responsible for assisting
  in the deterrence of fraud by examining and
  evaluating the adequacy and the effectiveness of
  the system of internal control.

12
Fraud Investigations

• Objectives of Fraud Reviews
• Prove the loss
• Overall size and scope
• Establish responsibility and Intent
• Identify everyone involved
• Prove the audit investigative methods used
• Thorough documentation of procedures and process

13
IS Fraud

• Types of Information Systems Fraud
• Improper Personal Use of Computer Resources
• Inappropriate Internet Access
• Illegal Use of Software
• Computer Security and Confidentiality
• Information Theft or Data Abuse
• Embezzlement