The “Big one that got Away” – involved hundreds of millions of dollars in contracts for hardware and software maintenance over ten years. I ran a couple of tests to highlight red flags related to fraud risks and identified the fraudster a couple of times – but didn’t pursue the issue enough to uncover the fraud. The first red flag was identified when I performed an audit to determine if…
After my year of consulting in numerous private sector companies I felt that my experience not only with ACL, but also with risk assessment and fraud risk assessment in particular had grown. While ACL’s basic command set was powerful, there were a number of techniques that I had used specifically for fraud that were not (at this time) included in the basic ACL command set. They required the use of…
Technically, we were still in the planning phase of the A/P audit – but had already identified several areas of risk that needed to be analyzed further. The early payments represented a potential fraud. If you paid within 15 days, you should receive an early payment discount of between 1.5 -2.5% depending on the vendor’s terms. In addition to reviewing the invoices with ‘immediate’ payment terms, we calculated the difference…
Even now, I firmly believe that the potential for the Y2K disaster was real. The only reason that its effects were minimized was a result of the hundreds of thousands of hours spent checking and rechecking programming code to address the “00” year problem before it occurred. For those of you too young to remember, prior to the year 2000, many databases and applications only used two digits for the…
Our analytics team was running on all cylinders and achieving significant results. There was not just my opinion, we received an ISACA Award of Excellence at the Info Tech Audit ’95 conference for leadership and contribution to IT Audit Community. Amazingly, it was a $1,000 cash award. The team (3 people) went for out for a celebratory dinner and donated the remaining funds to a local charity. By how we…
The analytics team was now at three people – so I could build some overlap in our knowledge of the application systems that were we accessing on a regular basis. For example, this meant that I was no longer the only person who understood the financial system. Now we had at least two people for each of the 10-12 systems we were accessing on a regular basis. For all but…