COSO had released an update to COSO-ERM which included Principle #8 (“The organization considers the potential for fraud in assessing risks to the achievement of objectives.”) related to fraud risk. David Cotton (Cotton and Company LLP) put together a team of experts to develop guidance on how the audit profession and management could address the requirements of principle #8 and I was fortunate enough to be invited to be part…
Part2 – the audit had entered an investigative type phase looking into probable fraud. As a result, the team leader developed a fraud analysis plan. The plan outlined on the Who, What, How and Why and focused on analytics to look at the symptoms of fraud in the data. Who could take advantage of the control weaknesses; what could they manipulate or control and what would it look like in…
The company I worked had a fleet of cars that we maintained, and when beyond a certain age, were sold. The analysis below describes an audit that looked at the controls around both of these processes. The new manager of the company garage had only been in charge for a year and was already well respected and well liked. He and his assistant provided quick and efficient maintenance service for…
I haven’t looked at payroll very often; at least not as often as I think I should or would have liked. Payroll can be a significant cost to an organization – easily representing 50% of a company’s total expenditures in some industries – but senior management seems to think that the controls over payroll are good and therefore it is low risk. This belief is often transferred to audit even…
Continuing on from last week ….. Figure 1 from the book “Computer –Aided Fraud Prevention and Detection: A Step-by-Step Guide” describes two approaches used to identify fraud risks and control exposures. The first looks at control weaknesses and assesses how these exposures could be exploited. The second starts with the key information or data fields and examines who could modify or manipulate these critical pieces of information; and then assesses…
By 2011, I was becoming more and more involved in data analysis to detect fraud. I had been doing this for years but had never really thought about the approaches I was taking to assess fraud risk and determine the analytics to perform. The following is the result of my deliberations (which continue to this day). Fraud Detection The unrelenting advancement of technology is affecting virtually every aspect of our…
It was hard to believe, but I had now been at this (data analytics to support audit) for 20 years. And I still found it interesting, challenging, frustrating, rewarding and aggravating – all at once. I was constantly being asked to access new systems and perform analysis for different types of audits. At the same time, I had my regular monthly routine tasks of extracting, downloading and cleansing data we…
Note: I hope this is like the ACL forum where there are more people reading it, but not posting questions/answers. While I am enjoying my trip down memory lane – it is a lot of work and it would be a shame if I was the only one reading the posts. My aim was to encourage discussion and sharing – this is not happening and lessens the value of the…
From time to time I was lucky enough to get to do some consulting work. These were usually fairly large audits, involving a number of external experts. As the “data guy” I was often given very little time to perform the required analysis. On such audit was a review of the costs for a major construction project. The audit team did not have all of the necessary expertise and had…
This was the year that I re-published my second book “Fraud Detection: A Revealing Look at Fraud (2004). This dealt with obtaining, verifying and analyzing the data to support fraud prevention, detection and investigation. However, it was also relevant to regular internal audit analyses. I thought I would do something a little different this week – so here is a fraud analysis story. It is based on an actual fraud…