mis 5208 week 2 fraud detection &...
TRANSCRIPT
Copyright©2015EdwardS.Ferrara
MIS 5208 – Week 2 F raud Detect ion &Prevention
EdFerrara,MSIA,[email protected]
Introductions,CourseOutline,andOtherAdministrationIssues
Copyright©2015EdwardS.Ferrara
F raud Awareness & In ternal Contro ls
Awareness
UnderstandFraudSymptoms•Behaviors•Datasources
Alert• Fraudulentbehaviors
InternalControls
Operational&ControlEnvironment• SeparationofDuties•Accounttreatments•Cybersecurity controls
AssessRisk&Exposures
IdentifyPotentialDataSourcesforFraudDetection
FraudDetection
Copyright©2015EdwardS.Ferrara
R isk Factors For F raud
FraudManagementEnvironment
CompetitiveBusiness
Environment
EmployeeRelationships
AttractiveAssets
InternalControls
Integrationofduties
Copyright©2015EdwardS.Ferrara
F raud Exposure
FraudRiskAssessment• Riskassessmentisasometimesandcontroversialissue
• Wewillhaveanentiresectiononriskassessment
• Examinetherisksandexposurestoidentifyprocessandsystemweakness
DevelopCategoriesofRisk• Externalenvironment• Legal• Regulatory• Governance• Strategy• Operational• Information• Humanresources• Financial• Technology
DeterminingFraudExposure• Sourcesofrisk• Reviewexistingriskassessments• Reviewriskassessmentprocess• BusinessImpactAnalysts• Typesandsourcesoffraud
• Externalenvironment• Governance• Legal• Regulatory• Operational• Strategy
Copyright©2015EdwardS.Ferrara
R isk Factors fo r F raudManagementEnvironment
UnrealisticFinancialTargets
UnrealisticPerformanceStandards
CorporateCulture–
EmphasizingWinAtAllCosts
Competitive&BusinessEnvironment
MisstatementofInventoryPositions
FraudulentOrders
Off BalanceSheet
Transactions
EmployeeRelationships Nepotism InsiderTrading Collusion
AttractiveAssets
IntellectualPropertyTheft
InsiderAbuseofPrivilege
CustomerContactCenter
Fraud
InternalControls
Inadequateinternalcontrols
Inventorymarkdowns
TradingPractices
SeparationofDuties
RelatedtoAbove ReducedStaff Fraud
Opportunity
Evaluate:Companyproductionfiguresforreasonableness, financialtargets,andmanagement’spositiononsame.
Evaluate:Recalculatethevalueofofinventory– ensuringitiscorrectlyvalued.
Evaluate:Lookfornepotism,matchingemployeeandvendoraddresses.
Evaluate:Monetizebothphysicalandinformationassetsforfinanciallybasedriskassessment.
Evaluate:Computersystemshavenecessary correspondingcontrols,privilegeduserabuseprotection,etc.
Evaluate:Ensurenecessarypolicies,procedures,guidelinesandstandardsareinplace.
Copyright©2015EdwardS.Ferrara
F raud Schemes – AData Dr iven Approach
ControlWeaknessesApproach• Examinekeycontrols• Determinevulnerabilities• System• Process
KeyFields• Focusondataentry• Whichdatacanbechanged?
• Whatistheimpact?
Copyright©2015EdwardS.Ferrara
ControlWeakness• Internal/Externalparties• Example:Receivedquantitylessthanorderedquantity–butpaymentmadeforfullamount
KeyFields• Datamanipulation• Privilegeduserabuse• Example:Createfictitiousvendors,changingaddressandbankaccount.
Copyright©2015EdwardS.Ferrara
F raud Exposure Identif icat ion
Control Weakness Perpetrator Data Fields
Data Analysis(Tests)
ControlWeakness
DataofInterest
Copyright©2015EdwardS.Ferrara
Key Data
VendorName,Address, BankInformation
Clerks&VendorDuplicatePayments,FictitiousVendors &
Payments
Vendorcreation,modification,
UnitPrices Clerk DirectPaymentsVendor
modification;systemlogfiles
Quantities ContractingOfficer,Vendor Kickbacks Invoicematching,
onorderquantity
TransactionAmounts
Clerk,vendor
Overpayment toobtainfundsor
kickbacks,overcharges
Invoicematching,contractamounts
Dates Clerk,vendor
Backdatepayment,duedates,backdatetoobtainearlier
payment
Invoicematching,invoiceandgoodsreceiveddate
Evaluate:Lookforblanksinkeyfields,lookforduplicatesinvendortable.
Evaluate:Lookfordisparitiesinunitpriceandcontractedprice.
Evaluate:Lookfordisparitiesbetweenorderedanddeliveredquantities.
Evaluate:Lookfordisparitiesbetweencontractandinvoiceamounts.
Evaluate:Lookfortransactionswhereinvoicedateislessthangoodreceipt.
Who Why Controls Test
Copyright©2015EdwardS.Ferrara
Case S tudy – Conde Nast
http://www.forbes.com/sites/williampbarrett/2011/04/03/conde-nast-paid-8-million-to-scammer-who-sent- one-email/print/
Copyright©2015EdwardS.Ferrara
Invest igat ing F raud
Detectallmaterialerrorsandirregularities inthefinancialstatements
Discoverallillegalactscommittedbytheclient
Ensurethefinancialhealthoftheentity
Whichoftheseistrue?
Anauditwill:
Copyright©2015EdwardS.Ferrara
Aud itors Respons ib i l i t ies
§ Errors- Unintentionalmisstatements§ Mistakesingatheringor
processingaccountingdata
§ Incorrectaccountingestimates
§ Mistakesintheapplicationofaccountingprinciples
§ Irregularities- Intentionalmisstatements,manipulation,falsification,oralterationofaccountingrecords&supportingdocuments§ Misrepresentationorintentionalomissionofevents,transactions,orothersignificantinformation
§ Intentionalmisapplicationofaccountingprinciples
Copyright©2015EdwardS.Ferrara
So f tware AccountingS tandards
• Planandperform theaudittoprovidereasonable assurancethatfinancial statementsarefreeofmaterialmisstatementscausedbyerror orfraud.
SAS1and22
• Auditrisk,materiality andmisstatementsinfinancial statements
SAS47
• Detection ofillegalacts(AUSection317)
SAS54
• PrivateSecuritiesLitigation ReformActof1995
Section301of thePrivateSecuritiesLitigationReformAct
• Requirestheinclusionofcertainprocedures inaccordancewithgenerallyacceptedaccountingstandards(GAAS).• Auditproceduresprovidereasonableassuranceofdetectingillegalacts• Auditprocedureswillidentifyrelatedparty transactionsmaterialtofinancialstatements• Evaluateofthereissubstantialdoubtabout theabilityofthecanstayinbusiness.
Section10(a)oftheExchangeAct
• Auditor’sresponsibilityrelatedtofraudinafinancialstatement• Providesguidanceonwhatauditorsshoulddotomeettheseresponsibilities• Describes:
• FraudulentFinancialReporting• MisappropriationofAssets
SAS82
Copyright©2015EdwardS.Ferrara
SAS 82Requ irements
§ Considerthepresenceoffraudriskfactors.- SASNo.82providesexamples(detailed below)ofriskfactorsanauditormayconsiderforfraudrelatedtoa)fraudulentfinancialreporting,andb)misappropriationofassetsmisstatements. Anauditorshouldbecome familiarwiththese riskfactorsandbealertfortheirpresenceattheclient’s.
§ Assesstheriskofmaterialmisstatementofthefinancial statementsduetofraud.SASNo.82requiresanassessment astotheriskofmaterialmisstatement duetofraud.Thisassessment isseparatefrombutmaybeperformedinconjunctionwithotherriskassessments (forexample,controlorinherentrisk)madeduringtheaudit.SASNo.82alsorequiresreevaluationofassessments ifotherconditionsareidentifiedduringfieldwork.
§ Developaresponse.Basedonassessments ofrisk,SASNo.82requiresdevelopment ofappropriateauditresponse.Insomecircumstances, anauditor’sresponsemaybethatexistingauditproceduresaresufficienttoobtainreasonableassurancethatthefinancialstatements arefreeofmaterialmisstatementduetofraud.Inothercircumstances, auditorsmaydecidetoextendplannedauditprocedures.
§ Documentcertainitemsinworkpapers.SASNo.82requiresauditorstodocumentevidence oftheperformanceoftheirassessment ofriskofmaterialmisstatement duetofraud.Documentation shouldincluderiskfactorsidentifiedasbeingpresentaswellastheauditor’sresponsetothese riskfactors.
§ Communicatetomanagement.Ifitisdetermined thatthereisevidencethatafraudmayexist,anauditorshouldapprisetheappropriatelevelofmanagement, evenifthemattermaybeconsideredinconsequential. SASNo.82alsorequiresanauditortocommunicate directlywiththeauditcommittee (orequivalent) ifthematter involvesfraudthatwouldmateriallymisstate thefinancialstatements orfraudcommitted byseniormanagement
Copyright©2015EdwardS.Ferrara
F raud Types
§ Billing-§ CashLarceny§ CashonHand§ CheckTampering§ Corruption§ FinancialStatementFraud§ Non-Cash§ Payroll§ RegisterDisbursements§ Skimming
Copyright©2015EdwardS.Ferrara
F raud Analys is : Usefu l In formation§ Issues
§ Conflictsofinterest§ Unknownrelationships§ Abnormalpatternsofactivity§ Errorsinkeyprocesses§ Controlweaknesses§ Hindsight,insight,foresight
§ BusinessOperationsandExpenseAreas§ Accountspayable§ Claims
§ DamagedGoods§ Healthcare§ Insurance§ Loss
§ Expensereimbursement§ GeneralLedger§ TravelandEntertainment
Copyright©2015EdwardS.Ferrara
Vendor Attr ibute Capture
§ Totalnumberofvendors§ Vendorswithout:
§ Addresses§ TAXID§ Aretheyreceivingpayment?§ Electronictransfers§ Paperchecks
Copyright©2015EdwardS.Ferrara
Vendor Act iv ity Assessment
§ NumberofVendors§ FrequencyofUse§ NumberofActiveUsersComparedAgainstTotalVendors§ UnusedVendorscanbesourceofinternalabuse§ VendorIdentityAbuse
Copyright©2015EdwardS.Ferrara
NameMin ing
§ LookingforFictitiousVendors§ FictitiousNames
§ Usetheirinitialsinthenameofavendor§ Anagrams§ Others
– Substitution– Insertion and Omission– Transposition– Number Substitution
Copyright©2015EdwardS.Ferrara
Emp loyee Vendor Re lat ionsh ips
§ EmployeeandVendorNameareDifferent§ CommonAddresses§ Addressesthataredifferentbutareatthesamegeographic
location:§ 201CollegeAvenue§ 669WestChestnutStreet
§ PhoneNumber§ TAXID§ ZipCodes
Copyright©2015EdwardS.Ferrara
Prox imity Analys is
§ MailboxServices§ Anonymous§ Thesemaildrophavetheappearanceofaphysicaladdress§ Proximitylocationofvendortoactualemployees
§ EmployeeAddresses§ VendorAddresses
§ ProximityAnalysis
Copyright©2015EdwardS.Ferrara
Vendor T rend ingAnalys is
§ AccountsPayable§ ClaimsPayable§ FraudPaymentAcceleration
§ Smallinitialamountsoffraud§ Amountsandfrequencyincreases
§ TestPhase§ ConfidencePhase§ GreedPhase
§ TrendPaymentstoVendors§ ValleyandSpikePaymentPatterns
§ Longperiodsofinactivity betweenperiodsofveryhighactivity§ Unusuallyhighperiodsofactivity
Copyright©2015EdwardS.Ferrara
Payment T rend Analys is
§ Calendar§ ByDayofWeek§ ByDayofMonth§ ByMonth§ Checkscreatedonweekends(SaturdaysandSundays)
§ Datecreated§ Dateposted
§ Benford’s Law§ Thefirstdigitshouldbea1…(30%ofthetime)
Copyright©2015EdwardS.Ferrara
Ben ford ’s Law
McGinty, J. C. (2014). Accountants Increasingly Use Data Analysis to Catch Fraud - Auditors Wield Mathematical Weapons to Detect Cheating. The Wall Street Journal. (Web Site)
Copyright©2015EdwardS.Ferrara
Check Sequence Analys is
§ G/L§ CashReceipts§ IdentifyGapsinCheckSequences
Copyright©2015EdwardS.Ferrara
E xpense , Payro l l , and Vacation Contro ls
§ AnalysisofOvertimeHours§ Reasonableness§ Consistentwithrole
§ HolidayHours§ Reasonableness§ Consistentwithrole
§ PurchasingCards§ Spendingoverapprovallimits§ Splittransactionstoavoidlimit§ Collusionbetweensubordinateandsupervisortoavoidapproval
scrutiny§ VacationHours
§ Reasonableness§ Consistentwithrole§ Largeamountsofvacationoutsideofguidelines
Copyright©2015EdwardS.Ferrara
O ther Analys is Areas
§ SystemAccessLogs§ MaintenanceFiles§ SocialMedia
§ ThePriceisRightFraud§ PhysicalInvestigations
§ Surveillance
Copyright©2015EdwardS.Ferrara
Continuous Aud it ing
§ ProgrammaticAuditing§ SystemBased
Source: Cser, A. (2010).Market Overview: Fraud Management Solutions - Seven Tenets Of Effectively Combating Fraud Costs. Forrester Research.