Part2 – the audit had entered an investigative type phase looking into probable fraud. As a result, the team leader developed a fraud analysis plan. The plan outlined on the Who, What, How and Why and focused on analytics to look at the symptoms of fraud in the data. Who could take advantage of the control weaknesses; what could they manipulate or control and what would it look like in…
The company I worked had a fleet of cars that we maintained, and when beyond a certain age, were sold. The analysis below describes an audit that looked at the controls around both of these processes. The new manager of the company garage had only been in charge for a year and was already well respected and well liked. He and his assistant provided quick and efficient maintenance service for…
I haven’t looked at payroll very often; at least not as often as I think I should or would have liked. Payroll can be a significant cost to an organization – easily representing 50% of a company’s total expenditures in some industries – but senior management seems to think that the controls over payroll are good and therefore it is low risk. This belief is often transferred to audit even…
I always jump at the chance to perform analysis in non-financial areas. Not only does this expand my knowledge of audit risks and different business processes, but it also further demonstrates the flexibility and power of analytics. Some of the analytics I have perform include areas such as environmental control, HR – staffing, succession planning, transportation, maintenance, IT security, system conversion, control testing and risk. Normally, there is an element…
Continuing on from last week ….. Figure 1 from the book “Computer –Aided Fraud Prevention and Detection: A Step-by-Step Guide” describes two approaches used to identify fraud risks and control exposures. The first looks at control weaknesses and assesses how these exposures could be exploited. The second starts with the key information or data fields and examines who could modify or manipulate these critical pieces of information; and then assesses…
By 2011, I was becoming more and more involved in data analysis to detect fraud. I had been doing this for years but had never really thought about the approaches I was taking to assess fraud risk and determine the analytics to perform. The following is the result of my deliberations (which continue to this day). Fraud Detection The unrelenting advancement of technology is affecting virtually every aspect of our…
Following on the success achieved by the development of the standard extract of financial data from SAP, I decided to design and develop a standard extract from PeopleSoft – our company used SAP for finances and PeopleSoft for HR and another package for Pay (don’t ask why). For HR data, we really only needed three files to address most of the audit requirements: Person – providing information on the employee…
Imagine my excitement when I had 7 responses to my previous post on Payroll and then my utter disappointment when I found out that all we in Russian and had nothing to do with the content of my blog. This continued for several days and suddenly switched to English posts about Credit Unions. In total I had over 65 spam bot posts including two that wanted to help me monetarize…
No having to rely on samples allowed us to perform audits more efficiently and effectively. The audit results were more easily defendable (no arguments about the representativeness of the sample and the validity of the extrapolation). It also supported better coverage and more comprehensive audits. Vacation audit – the company allowed employees to carry forward vacation days – but different unions had negotiated different amounts. Depending on the union to…
Accessing different systems, trying to address auditor requirements, and performing complex analysis – they all present risks. And while I have had a great deal of success, there also have been many mistakes. I once heard it said, “learn from others mistakes – you don’t have enough time to make them all yourself” or something similar. This is why I always try to post a lesson-learned and this post is…