Internal Audit: A Strategic Response to Fraud - Vonya Global · Fraud Red Flags • Requires the...

Internal Audit: A Strategic Response to Fraud

Leonard VonaMay 19, 2009

© Leonard W. Vona, CPA, CFE Slide 2

Why Audits Do Not Detect Fraud

• Level of sophistication of concealment will vary based on perpetrators knowledge or pressures.

• Range of sophistication– No effort to conceal

– Multi level strategies

• Audit strategy must exceed the sophistication of the concealment strategy.


Audit Program ConsiderationsDecision Point

• How far should the audit team drill down?

• How will you respond to the audit fraud risk?


Fraud AuditThe Definition

• Fraud Auditing: is the application of audit procedures to a population of business transactions in a manner to increase the propensity of identifying fraud.

• Goal: Identify a suspicious transaction that warrants an investigation.


Fraud Risk StructureThe Drill Down Decision

• Major Type: Enterprise fraud scheme

• Minor Type: Within the enterprise level

• Inherent Fraud Scheme associated with Major and Minor Type

– Within the Business System

– Within the Class of Transactions in the Business System

– Within an Account (s)


Fraud Risk StructureThe Drill Down Decision

• Fraud scheme variations– Opportunity– Transaction– Entity


Enterprise Fraud SchemesMajor Type

• Financial Reporting

• Asset Misappropriation

• Corruption/Extortion

• Revenue Obtain Improperly

• Expense Avoidance

• Government Regulations Avoidance

• Improper Obtain/Loss Information

• Computer Fraud

• Management Override Concerns

• Other Areas


Asset Misappropriation TypesMinor Types

• Embezzlement of Funds

• Theft of Tangible Asset

• Misuse of Assets

• Lack of Business Purpose

• Related Party/Conflict of Interest

• Dispose of Asset Below FMV

• Acquire of Asset Above FMV


Inherent Fraud SchemesDisbursement

• Front Company– False Billing

– Pass Through Billing

• Real Company– Over Billing on Invoices

– Disguised Purchases

– Conflict of Interest


Fraud OpportunityDrill Down Process

• No internal control

• Access to the internal control– Direct Access

– Indirect Access

– Other Access

• Internal control inhibitors– Non performance internal controls

– System override features

– Logical Collusion

– Management Override


Fraud Audit ResponsesDecision Point

• Control design is adequate to minimize the fraud risk. Test control operation

or

• Consider fraud scheme as an inherent risk and disregard fraud minimization. Test for fraud


What is a Fraud Red Flag?

• A condition associated with a known fraud scheme.

• The condition links to the fraud concealment strategy.

• The condition can be observed through the audit process.

• The condition can be associated with data, documents, controls, and behavior.


Red Flag Premise

• Red flags cause an increased sensitivity to fraud propensity.

• Not all red flags have the same weight as to fraud propensity.

• Weight of the red flag(s) correlate to the predictability of fraud occurrence.


Test Control OperationFraud Red Flags

• Requires the auditor to observe the red flag in the performance of audit procedure.

• Observation occurs through:– Specific audit evidence gathered through a specific

procedure.– Professional skepticism through overall observation.

• Specific red flags should be incorporated into the audit program.


The Red Flag ApproachDecision Point

• Experience of Auditor: Hope approach

• Brain Storming: Awareness approach

• Identify Specific Red Flags: Methodology approach


Key Elements of EffectiveFraud Auditing

• Fraud risk methodology

• Data mining for fraud

• Fraud audit procedures


What isFraud Data Mining

• The process of obtaining and analyzing information to identify indicators or patterns in the data which is indicative of a inherent fraud scheme / fraud scenario.

• Identify a discreet number of transactions that can be examined using fraud audit procedures.

• Transactions identified have a higher propensity of fraud than other transactions.


Data Mining Considerations

• Must be built around the fraud scheme/ fraud scenario.

• Must be built around the concealment strategies.

• Data is extracted and interpreted

• Audit response


Data Mining Considerationsfor the Audit Director

• Cost of implementing data mining– Identifying the data tables and accessing data

– Integrating into the audit process

• Data integrity– Reliability

– False positives

• Methodology for use of data mining


Data Mining StrategyDecision Point

• Discussion Point– Using Data Mining as a Fraud Strategy

– Using Data Mining to Search for Exceptions

• Discussion Point– Data Mining as a Stand Alone Process

– Data Mining Integrated into Each Audit Team


What is Fraud AuditingProactive Approach

• No allegation of fraud.

• Application of audit procedures to a population of business transactions to increase the likelihood of identifying fraud.

• Audit Response– Sampling: Focused and Bias

– Procedure: Fraud Audit Procedure


Fraud AuditPremises

• Does not test existence of controls.

• Does not rely on management representations, nor assumes falsityof representations.

• Affirms the authenticity of the transaction.

• Conclusion is no known existence of fraud and indirect evidence that the control is operating.

• Conclusion is the identification of a suspicious transaction.


Design the Fraud Audit Procedure

• Procedure must be designed for the specific fraud scheme.

• Procedure must consider the concealment strategies corresponding to the specific fraud scheme.

• There is a correlation between evidence considered and fraud detection.

• The auditor should design an audit approach based on the mechanics of the fraud scheme and the concealment strategy.


Fraud AuditingDecision Point

• How to implement– Response to internal control red flag

– Integrate fraud audit procedures into Audit Program

– Perform fraud audit

• How to educate management– Educating and marketing the concept

– Obtaining the resources, tools and budget

– Assurance level


Vonya Global LLC150 N. Michigan Avenue

Suite 2935Chicago, IL 60601

[email protected]

Internal Audit: A Strategic Response to Fraud - Vonya Global · Fraud Red Flags • Requires the...

Documents

Transcript of Internal Audit: A Strategic Response to Fraud - Vonya Global · Fraud Red Flags • Requires the...