internal audit: a strategic response to fraud - vonya global · fraud red flags • requires the...
TRANSCRIPT
Internal Audit: A Strategic Response to Fraud
Leonard VonaMay 19, 2009
© Leonard W. Vona, CPA, CFE Slide 2
Why Audits Do Not Detect Fraud
• Level of sophistication of concealment will vary based on perpetrators knowledge or pressures.
• Range of sophistication– No effort to conceal
– Multi level strategies
• Audit strategy must exceed the sophistication of the concealment strategy.
© Leonard W. Vona, CPA, CFE Slide 3
Audit Program ConsiderationsDecision Point
• How far should the audit team drill down?
• How will you respond to the audit fraud risk?
© Leonard W. Vona, CPA, CFE Slide 4
Fraud AuditThe Definition
• Fraud Auditing: is the application of audit procedures to a population of business transactions in a manner to increase the propensity of identifying fraud.
• Goal: Identify a suspicious transaction that warrants an investigation.
© Leonard W. Vona, CPA, CFE Slide 5
Fraud Risk StructureThe Drill Down Decision
• Major Type: Enterprise fraud scheme
• Minor Type: Within the enterprise level
• Inherent Fraud Scheme associated with Major and Minor Type
– Within the Business System
– Within the Class of Transactions in the Business System
– Within an Account (s)
© Leonard W. Vona, CPA, CFE Slide 6
Fraud Risk StructureThe Drill Down Decision
• Fraud scheme variations– Opportunity– Transaction– Entity
© Leonard W. Vona, CPA, CFE Slide 7
Enterprise Fraud SchemesMajor Type
• Financial Reporting
• Asset Misappropriation
• Corruption/Extortion
• Revenue Obtain Improperly
• Expense Avoidance
• Government Regulations Avoidance
• Improper Obtain/Loss Information
• Computer Fraud
• Management Override Concerns
• Other Areas
© Leonard W. Vona, CPA, CFE Slide 8
Asset Misappropriation TypesMinor Types
• Embezzlement of Funds
• Theft of Tangible Asset
• Misuse of Assets
• Lack of Business Purpose
• Related Party/Conflict of Interest
• Dispose of Asset Below FMV
• Acquire of Asset Above FMV
© Leonard W. Vona, CPA, CFE Slide 9
Inherent Fraud SchemesDisbursement
• Front Company– False Billing
– Pass Through Billing
• Real Company– Over Billing on Invoices
– Disguised Purchases
– Conflict of Interest
© Leonard W. Vona, CPA, CFE Slide 10
Fraud OpportunityDrill Down Process
• No internal control
• Access to the internal control– Direct Access
– Indirect Access
– Other Access
• Internal control inhibitors– Non performance internal controls
– System override features
– Logical Collusion
– Management Override
© Leonard W. Vona, CPA, CFE Slide 11
Fraud Audit ResponsesDecision Point
• Control design is adequate to minimize the fraud risk. Test control operation
or
• Consider fraud scheme as an inherent risk and disregard fraud minimization. Test for fraud
© Leonard W. Vona, CPA, CFE Slide 12
What is a Fraud Red Flag?
• A condition associated with a known fraud scheme.
• The condition links to the fraud concealment strategy.
• The condition can be observed through the audit process.
• The condition can be associated with data, documents, controls, and behavior.
© Leonard W. Vona, CPA, CFE Slide 13
Red Flag Premise
• Red flags cause an increased sensitivity to fraud propensity.
• Not all red flags have the same weight as to fraud propensity.
• Weight of the red flag(s) correlate to the predictability of fraud occurrence.
© Leonard W. Vona, CPA, CFE Slide 14
Test Control OperationFraud Red Flags
• Requires the auditor to observe the red flag in the performance of audit procedure.
• Observation occurs through:– Specific audit evidence gathered through a specific
procedure.– Professional skepticism through overall observation.
• Specific red flags should be incorporated into the audit program.
© Leonard W. Vona, CPA, CFE Slide 15
The Red Flag ApproachDecision Point
• Experience of Auditor: Hope approach
• Brain Storming: Awareness approach
• Identify Specific Red Flags: Methodology approach
© Leonard W. Vona, CPA, CFE Slide 16
Key Elements of EffectiveFraud Auditing
• Fraud risk methodology
• Data mining for fraud
• Fraud audit procedures
© Leonard W. Vona, CPA, CFE Slide 17
What isFraud Data Mining
• The process of obtaining and analyzing information to identify indicators or patterns in the data which is indicative of a inherent fraud scheme / fraud scenario.
• Identify a discreet number of transactions that can be examined using fraud audit procedures.
• Transactions identified have a higher propensity of fraud than other transactions.
© Leonard W. Vona, CPA, CFE Slide 18
Data Mining Considerations
• Must be built around the fraud scheme/ fraud scenario.
• Must be built around the concealment strategies.
• Data is extracted and interpreted
• Audit response
© Leonard W. Vona, CPA, CFE Slide 19
Data Mining Considerationsfor the Audit Director
• Cost of implementing data mining– Identifying the data tables and accessing data
– Integrating into the audit process
• Data integrity– Reliability
– False positives
• Methodology for use of data mining
© Leonard W. Vona, CPA, CFE Slide 20
Data Mining StrategyDecision Point
• Discussion Point– Using Data Mining as a Fraud Strategy
– Using Data Mining to Search for Exceptions
• Discussion Point– Data Mining as a Stand Alone Process
– Data Mining Integrated into Each Audit Team
© Leonard W. Vona, CPA, CFE Slide 21
What is Fraud AuditingProactive Approach
• No allegation of fraud.
• Application of audit procedures to a population of business transactions to increase the likelihood of identifying fraud.
• Audit Response– Sampling: Focused and Bias
– Procedure: Fraud Audit Procedure
© Leonard W. Vona, CPA, CFE Slide 22
Fraud AuditPremises
• Does not test existence of controls.
• Does not rely on management representations, nor assumes falsityof representations.
• Affirms the authenticity of the transaction.
• Conclusion is no known existence of fraud and indirect evidence that the control is operating.
• Conclusion is the identification of a suspicious transaction.
© Leonard W. Vona, CPA, CFE Slide 23
Design the Fraud Audit Procedure
• Procedure must be designed for the specific fraud scheme.
• Procedure must consider the concealment strategies corresponding to the specific fraud scheme.
• There is a correlation between evidence considered and fraud detection.
• The auditor should design an audit approach based on the mechanics of the fraud scheme and the concealment strategy.
© Leonard W. Vona, CPA, CFE Slide 24
Fraud AuditingDecision Point
• How to implement– Response to internal control red flag
– Integrate fraud audit procedures into Audit Program
– Perform fraud audit
• How to educate management– Educating and marketing the concept
– Obtaining the resources, tools and budget
– Assurance level
© Leonard W. Vona, CPA, CFE Slide 25
Vonya Global LLC150 N. Michigan Avenue
Suite 2935Chicago, IL 60601