1. Forensic Auditing:�Audit or Investigation?��Ron Durkin, CPA/CFF, CFE, CIRA�National Partner in Charge of Fraud & Misconduct Investigations Practice�Clifton Gunderson, LLP
2. Current events and developments in forensic accounting
What is Forensic Auditing?
What is an Investigation?
Forensic Audit Thinking (FAT)
Forensic Audit Procedures (FAP)
Forensic Audit Technology
The 5 best practices for forensic accountants and 5 things forensic accountants should not do
Today’s Agenda
3. O’Malley Report (2000)
AU 316
PCAOB- Special Advisory Group Discussion Papers (September 8-9, 2004)
PCAOB Current and Future Events (April 2010 meeting) Auditing Standards and Professional Guidance
4. O’Malley Report�The Panel on Audit Effectiveness Report and Recommendations 2000 “Key to the implementation of its recommendation is that the ASB introduce into its standards the concept of a “forensic-type phase” in all audits” page 95
“… this new forensic-type phase should become an integral part of the audit…” page 88
“… the characterization of this phase … seeks to convey an attitudinal shift in the auditor’s degree of skepticism…” page 88
5. “Performance of substantive tests directed at the possibility of fraud, including tests to detect the override of internal control by management…” page 89
“The Panel recognizes that fraud-type audits usually are conducted only after fraudulent activity has been suspected or detected and that many procedures employed in those audits would be impractical or impossible to apply in a GAAS audit.” page 89 footnote 32 O’Malley Report (Cont’d)
6. AU 316 – Consideration of Fraud in a Financial Statement Audit Description and Characteristics of Fraud
Brainstorming Session
Conduct Appropriate Inquiries of Management and Others
Obtain Other Information Needed to Identify the Risk of Material Misstatement due to Fraud
Identify Risks that may Result in a Material Misstatement due to Fraud
Assess the Identified Risks after Taking into Consideration the Entity’s Programs and Controls
Respond to the Results of the Risk Assessment
Evaluate Audit Test Results
Communicate about Fraud to Management, the Audit Committee and Others
Documentation of Auditors’ Consideration of Fraud
7. AU 316 – Consideration of Fraud in a Financial Statement Audit (Cont’d) Auditors are required to have a mindset in planning and performing the audit such that audit procedures are responsive to fraud risk (brainstorming session-thinking forensically)
Auditors are required to “inquire” of management and others regarding the risks of fraud
Analytical procedures are used as substantive tests to identify potential misstatements due to fraud
8. PCAOB Standing Advisory Group Discussion Paper on Financial Fraud- September 2004
Page 21 - Involvement of Forensic Accountants in an Audit of Financial Statements- “the auditor may respond to an identified risk of material misstatement due to fraud by assigning additional persons with specialized skill and knowledge such as forensic … specialists… to the engagement.”
Page 22 - “a forensic accountant participating in an audit generally performs investigative services that makes use of a CPAs skills including the application of accounting and auditing knowledge as well as investigative skills to collect, analyze and evaluate evidential matter and to interpret and communicate findings.”
Past Events Relevant to Today
9. How current and future events will impact Forensic Auditing:
PCAOB – At the April 2010 meeting - the Standing Advisory Group (SAG) discussed the undertaking of a standard setting initiative to consider improvements to the auditor's standard reporting model, and clarification of the auditor's report of the auditor's role in detecting fraud under current auditing standards.
Current and Future Events
10. PCAOB – April 2010 SAG meeting
The current auditor's report does not mention fraud
Advisory Committee on the Auditing Profession (ACAP) recommended "expressly communicating to investors, other financial statement users, and the public the role of auditors in finding and reporting fraud"
ACAP recommended that the PCAOB "review and update the auditing standards governing fraud detection and fraud reporting"
Current and Future Events
11. PCAOB – April 2010 meeting
Some SAG members stated that the current auditor's report model is "very routine", "sort of a boiler plate" "information content is minimal"
ACAP recommendation suggests that the auditor's report should articulate the "auditor's role and limitations in detecting fraud" Current and Future Events
12. PCAOB – April 2010 meeting
The Global Public Policy Symposium (Nov 2006) claiming "there is a significant 'expectations gap'…”
Proposed certain ideas of change
A forensic audit on a regular basis
A forensic audit on a random basis
Other "choice-based" options
PCAOB discussion question – should auditing standards be amended to require a forensic audit component to the audit, or another option? Current and Future Events
13. “Forensic accounting involves the application of specialized knowledge and investigative skills possessed by CPAs to collect, analyze, and evaluate evidential matter and to interpret and communicate findings in the courtroom, boardroom, or other legal and administrative venues.” What is Forensic Accounting?
14. A Forensic Audit Audit or Investigation?
15. Mattel vs. MGA (Bratz dolls) – Forensic Auditor appointed by U.S. District Court Judge Stephen Larson
City in Pennsylvania- request for proposal for forensic audit
City in Wisconsin- request for proposal for forensic audit
City in Kansas- request for proposal for forensic audit
City in California- request for proposal for forensic audit
Forensic in the audit
Forensic in the internal audit
Attorneys asked for forensic auditor assistance in litigation A Forensic Audit?
16. A financial audit, or more accurately, an audit of financial statements, is the examination by an independent third party of the financial statements of a company or any other legal entity (including governments), resulting in the publication of an independent opinion on whether or not those financial statements are relevant, accurate, complete, and fairly presented.
The purpose of an audit is to obtain sufficient, appropriate evidence to obtain reasonable assurance that the financial statements are free of material misstatement due to error or fraud. What is the Purpose of an Audit?
17. Involves gathering evidence to either prove or refute the allegations
Starts with predication
CPA follows professional standards (SSCS #1, Code of Professional Conduct at a minimum)
Requires some form of report
Does not conclude on fraud (indicia ok) What is the Purpose of an Investigation?
18. Comparison of an Audit to a Forensic Examination
19. Performing unlimited scope examination (100% v. Sampling)
Conducting detailed, in-depth examination of materials (100% v. Sampling)
Conducting detailed, in-depth examination of management representations
Obtaining convincing evidence (vs. persuasive evidence)
Obtaining evidence that meets legal standards Comparison of an Audit to a Forensic Examination
20. Comparison of an Audit to a Forensic Examination
21. What is Forensic Auditing?
22. A Forensic Audit?
23. A Forensic Audit is not an investigation (nor is a regular audit)
A Forensic Audit does use many of the tools and techniques that investigators use
A forensic audit increases the likelihood that auditors will detect fraud indicators in client books, records and other information
A forensic audit requires auditors to have an understanding of fraud schemes and other attributes
Forensic auditing includes both:
Expanded audit procedures and
More in-depth investigative procedures customized to the specific risks faced by your clients
The Forensic Audit
24. Forensic Auditing is a new concept that is comprised of three key ingredients:
Forensic Audit Thinking- in other words “thinking forensically”
Forensic Audit Procedures- both proactive and reactive
Use of technology and data analysis
*The term forensic auditing has been used in non-attest work. We are using this term only in the context of an attest engagement Forensic Auditing*
25. Auditing Standards and Professional Guidance
Planning and brainstorming (Forensic Thinking)
Risk Assessment (Forensic Thinking)
Forensic Audit Procedures
Assessment Tools (Data analytics)
Completion
Know what to do you if you find fraud
Forensic Auditing Components
26. Fraud Characteristics and Types of Fraud
27. The Fraud Triangle
28.
“fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit”
AU 316 (SAS 99) Defines Fraud
29. “Fraud is an intentional misrepresentation of a material fact that is relied upon by someone to their detriment”
MORT
M = misrepresentation
O = of a material fact
R = reliance
T = to their detriment Another Definition of Fraud
30. Three Fraud Categories
31. Uniform Occupational Fraud Classification System
32. Tips (40%)
Management Review (15%)
Internal audit (14%)
By Accident (8%)
Account Reconciliation (6%)
Document Examination (5%)
External Audit (5%)
Surveillance/Monitoring (3%)
Notified by Police (2%)
Confession (1%)
IT Controls (1%) How is Fraud Detected?
33. Gestation Period for Frauds to Be Detected
34. Reported Frauds Near �All Time Highs in 1Q 2011 “In what might be a lagging indicator of recession-spawned misdeeds, the percentage of reported corporate frauds compared with all other reported incidents increased to 20.3% in the first quarter of 2011, a rise of more than 60 basis points from the previous quarter, according to data from 1,000 organizations worldwide.”
35. Reported Frauds Near �All Time Highs in 1Q 2011
36. Forensic Audit Thinking - (FAT)
37. FAT Consideration – Identification of Financial Statement Fraud Risks Financial statement fraud risk factors
Fraudulent financial reporting
Intentional misrepresentation in or omission of material events, transactions or other information
Intentional misapplication of GAAP
Falsification or manipulation of accounting records or documents
Misappropriation of assets
Theft that causes the financial statements to not be fairly presented in all material respects
Corruption and integrity risks
38. FAT Consideration – Suggested Information Requested to Identify Fraud Risks
39. Applying Forensic Techniques in an Audit�Forensic Audit Procedures (FAP)
40. Forensic audit procedures are more specific and geared toward detecting the possible material misstatements in financial statements resulting from fraudulent activities or error.
Audit procedures should align with fraud risks and fraud risk assessments
If fraud was occurring at the company, what procedures would detect it? Forensic Audit Procedures – FAP
41. FAP Consideration – Identification of Fraud Attributes Weaknesses in the system of internal control
Significant audit adjustments or passed adjustments
Problematic tone at the top
Significant declines in customer demand
Indication that errors may have been caused by possible manipulation
Hotline calls not followed up
Turnover of senior management, key employees in financial reporting and internal audit
Unusual transactions entered into with outsiders
42. FAP Consideration- Respond to the Risk of Management Override of Internal Controls How effective are internal controls? Any prior incidents where breakdowns, etc. have occurred?
How effective is internal audit? Are they qualified, financial reporting oriented, etc.?
How effective is the hotline? How many calls and are they indicative of an informed population?
Have the auditors found any issues?
Have there been prior allegations of fraud or misconduct?
Have you reviewed stock trading activities?
43. Key Characteristics for Effectively Implementing Forensic Procedures Those performing forensic procedures (either the auditor or the forensic specialists) may consider having:
An investigative mindset – more than skeptical
An understanding of fraud schemes and indicia of fraud
Experience in dealing with fraud issues
Knowledge of certain investigative, analytical and technology-based techniques
Knowledge of legal process (pitfalls, ramifications, etc.)
44. Public document reviews and background investigations
Interviews of knowledgeable persons
Confidential sources
Laboratory analysis of physical and electronic evidence
Physical and electronic surveillance
Undercover operations
Analysis of financial transactions
* Source: Based on “The 7th Investigative Technique” by Richard Nossen. FAP-The Seven Investigative Techniques*
45. Public document Reviews and Background Investigations Audit Procedures
Obtain internal or external documents supporting economic transactions generated in the normal course of business
Forensic Procedures
Review public document sources and perform background checks for information about key individuals, related parties, etc.
46. Audit Procedures
Inquire regarding established control procedures or explanations for observed results�
Forensic Procedures
Interview knowledgeable persons to discover or obtain evidence of questionable activities
Interviews of Knowledgeable Persons
47. FAP Consideration - Assist in Interview Strategy, Planning and Execution Strategy involves determining who to interview, when to interview them, order of priority and topics to discuss
Planning involves being prepared, having areas to discuss and documenting the interview
Execution involves listening, exploring and expanding questions based on responses
Audits are dynamic and therefore successive interviews need to factor in testing, procedures, interview results, etc. into future interviews
48. Remember to document your interviews
How do you protect yourself from future claims if something happens at your audit client? (e.g., fraud scenario plays out and litigation ensues)
If you have not properly documented the inquiries (interviews), how would you respond if the interviewees change their stories? �
Interview memos or outlines will help prevent this from occurring. Reviewing these documents with the interviewees will also help mitigate this risk. FAP – Interviews (Cont’d)
49. Audit Procedures
Request confirmation from outside parties regarding specific transactions and balances�
Forensic Procedures
Develop relationships with informants and obtain confidential and/or alternative information sources such as management override or evidence of a weak control environment Confidential Sources
50. Traditional audit approach - ask for information, sequester him/herself in audit room
Forensic Audit approach - develop sources of information within the Company
Explain the purpose of the audit, information that might be helpful
Develop a broad information and feedback network within the Company FAP - Sources of Information
51. Laboratory Analysis of Physical and Electronic Evidence Audit Procedures
Physically examine tangible assets shown on the balance sheet in order to verify their existence or condition (e.g., inventory or fixed assets)�
Forensic Procedures
Perform laboratory analysis of physical evidence in order to validate credible evidence (e.g., altered documents, forgeries, etc.)
52. Audit Procedures
Observe accounting and control processes and procedures to determine whether they are properly performed as claimed�
Forensic Procedures
Use physical and electronic surveillance or institute undercover operations to discover improper activities Physical and Electronic Surveillance
53. Audit Procedures
Identify whether established control procedures or explanations for observed results make sense�
Forensic Procedures
Misrepresent who you are in order to obtain inside information and evidence of questionable activities Undercover Operations
54. Audit Procedures
Perform analytical procedures to identify areas of concern or validate relationships between financial and non-financial data
Re-perform the processes involved in accounting for the company’s economic activity
Forensic Procedures
Supplement the auditor’s analytical procedures with other analyses of financial transactions and data that are used to detect known fraud schemes
Analyze electronic evidence (both financial and non-financial) for signs of fraudulent activity Analysis of Financial Transactions
55. Financial Statement Analysis
Vertical Analysis
Horizontal Analysis
Financial Ratio Analysis
Insider Stock Trading Analysis
Net Worth Analysis
Asset Valuation Method
Expenditure Method
Historical Comparisons Analytical Procedures
56. Forensic Data Analysis
57. Forensic Data Analysis is the process of gathering, summarizing, comparing and aggregating existing disparate sets of data that organizations routinely collect in the normal course of business with the goal of detecting anomalies that are traditionally indicative of fraud or other misconduct.
Can be used in the Prevention, Detection or Response of fraud or other misconduct
Provides additional comfort to C-Level Executives, Audit Committees, Internal Audit Departments & Management Forensic Data Analysis
58. This is a proactive as well as reactive type of forensic data analysis used to assist with identifying fraud risk areas.
Uses analytical procedures as well as other investigative techniques.
Recommend performing basic queries in population to start with. Further analysis and comparisons to expectations to identify higher risk areas, where further queries can then be performed. Journal Entry Analysis
59. Forensic Data Analysis Methodology
60. Forensic Data Analysis
61. Forensic Data Analysis Process
62. Digital/Frequency Testing
63. Analytical Testing – Income Statement Items
64. Analytical Testing – User Activity by Month
65. Analytical Testing – Day of the Week
66. Analytical Testing – Time of Day
67. Types of Frauds and Areas of Analysis
68. Types of Frauds and Areas of Analysis
69. Know and follow professional standards
Match forensic procedures to risk assessment
Be able to define and have knowledge of fraud schemes – know the basics of each
Know the “fraud du jour” for your industry
Think forensically 5 Best Practices in Forensic Auditing
70. Do not conclude on fraud!
Do not believe everything you hear or read- trust but verify!
Do not assume that fraud red flags are automatic indicators of fraudulent activity
Don’t accept an engagement if you cannot comply with applicable professional standards
Do not attempt to implement a forensic procedure or investigative technique you are not qualified to perform (i.e. undercover operations)
5 Don’ts In Performing a Forensic Audit
71. Questions? Ron Durkin
Ron.durkin@cliftoncpa.com
72. CPA/ CFF (Certified in Financial Forensics- AICPA)
CFE (Certified Fraud Examiner- ACFE)
CIRA (Certified Insolvency & Restructuring Advisor- AIRA)
MBA (California State University- Sacramento
Former Special Agent of the FBI (1976-1986)
Retired Partner- KPMG (former national partner in charge of fraud & misconduct investigations practice)
Serve on AICPA committees (CFF, NAC)
Former chair of AICPA Litigation Services Committee, National Fraud Conference, California Litigation Services Committee
Ron Durkin’s Background
73. ACFE Annual Report to the Nation
Standards/guidance issued by AICPA, SEC, PCAOB, ACFE, IIA, CICA
Studies conducted by the Panel on Audit Effectiveness (O’Malley Report)
Discussion papers - Bridging the GAP, Management Override, Forensic Accountant Definition
Courses - AICPA, ACFE, IIA
Nossen’s Seven Investigative Techniques Sources of Information
