Sometimes even the simplest analytics are extremely useful.  They often tell you what is happening in the detailed transactions without you having to make assumptions about the data.  STATISTICS is one of those commands: with a couple clicks of the mouse you can get: Min and Max Highest and Lowest ‘X’ values Number of Positive, Negative and Zero valued transactions Average Median, Mode and Q25 and Q75 But like any…

April 6, 2017

Missing items

I have been away on vacation and now I have exams to mark and Christmas preparations to finish.  So, I must confess that these examples are fillers as I have been too busy to write much else these days.  However, I do still feel that they have value. Sometimes fraud is detected through the identification of missing items or transactions; in other cases unexpected transaction are found, highlighting the fraud. …

December 21, 2016

New System – control weaknesses

It is always important to test controls when systems and/or processes change.  Sometimes a current process may have adequate controls, but the new process may not be as secure. Equipment Serial Numbers A large company with several plants purchased expensive, highly specialized, equipment for use in its manufacturing plants.  A central purchasing organization made all the purchases and the inventory held until required by a plant.  The inventory manager was…

December 7, 2016

Year 29 – 2016 – Fraud

 Hidden Costs The true cost of fraud is more than the total of the financial losses.  Stockholder confidence, employee morale and other intangible factors must be added to the monetary losses.  Most managers agree with this assessment; however management often encourages fraud by placing unrealistic goals on employees, or by disregarding the rules themselves.  Auditors must be aware of the pressures placed upon employees that may lead them to commit…

November 28, 2016

Year 28 – 2015 – Fraud Risk Management Guidance

COSO had released an update to COSO-ERM which included Principle #8 (“The organization considers the potential for fraud in assessing risks to the achievement of objectives.”) related to fraud risk.  David Cotton (Cotton and Company LLP) put together a team of experts to develop guidance on how the audit profession and management could address the requirements of principle #8 and I was fortunate enough to be invited to be part…

November 21, 2016

Year 27 – 2014 – Car Maintenance – Part 2

Part2 – the audit had entered an investigative type phase looking into probable fraud.  As a result, the team leader developed a fraud analysis plan.  The plan outlined on the Who, What, How and Why and focused on analytics to look at the symptoms of fraud in the data.  Who could take advantage of the control weaknesses; what could they manipulate or control and what would it look like in…

November 14, 2016

Year 27 – 2014 – Car Maintenance – Part 1

The company I worked had a fleet of cars that we maintained, and when beyond a certain age, were sold.  The analysis below describes an audit that looked at the controls around both of these processes. The new manager of the company garage had only been in charge for a year and was already well respected and well liked.  He and his assistant provided quick and efficient maintenance service for…

November 7, 2016

Year 26 – 2013 – Payroll

 I haven’t looked at payroll very often; at least not as often as I think I should or would have liked.  Payroll can be a significant cost to an organization – easily representing 50% of a company’s total expenditures in some industries – but senior management seems to think that the controls over payroll are good and therefore it is low risk.   This belief is often transferred to audit even…

October 31, 2016

Year 24 – 2011 – Fraud Detection – part 2

Continuing on from last week ….. Figure 1 from the book “Computer –Aided Fraud Prevention and Detection: A Step-by-Step Guide” describes two approaches used to identify fraud risks and control exposures.  The first looks at control weaknesses and assesses how these exposures could be exploited.  The second starts with the key information or data fields and examines who could modify or manipulate these critical pieces of information; and then assesses…

October 17, 2016

Year 24 – 2011 – Fraud Detection – part 1

By 2011, I was becoming more and more involved in data analysis to detect fraud.  I had been doing this for years but had never really thought about the approaches I was taking to assess fraud risk and determine the analytics to perform.  The following is the result of my deliberations (which continue to this day). Fraud Detection The unrelenting advancement of technology is affecting virtually every aspect of our…

October 10, 2016