Fraud and Fraud Detection. Gee Sunder
Чтение книги онлайн.
Читать онлайн книгу Fraud and Fraud Detection - Gee Sunder страница 8
Many staff members have access to business systems as part of their duties to update, create, delete, and modify transaction records. Some employees, such as managers, owners, and shareholders, may have additional or higher access rights. Without the proper controls these accesses are vulnerable to errors and potential fraud.
The modification or substitution recording of the proper transaction can be classified as a fraudulent inclusion. Falling under a fraudulent deletion can be failing to record the transaction when it should be entered.
Concealing theft of inventory can be done by altering inventory records to match the physical count. Alternatively, if the fraudster is involved in the physical count, changing the count numbers to match the perpetual inventory records would also conceal the shrinkage. Reclassifying the missing inventory as obsolete would accomplish the same results. More sophisticated fraudsters may create a sale of the inventory to an old existing account that may be due for write-off.
Recharacterizing expenses as capital expenditures increases net income that may constitute financial statement fraud. One of the simplest ways to show higher income is to just omit the recording of liabilities and expenses until another period. While it is easy for management to do, it is hard for the auditors to detect as it leaves no audit trail. Improper recording can be examined but it is far more difficult to look for something that should exist but does not.
True deletion of electronic records is akin to the shredding of paper documents. Most business systems do not allow deletion without it being logged in the audit-trail file. Some systems record a deletion as a reversal of a previous transaction, therefore maintaining the integrity of the system. An excellent example of transaction deletions are “zappers and phantom-ware facilitate the systematic skimming of cash receipts by deleting records of cash sales, re-numbering receipts to disguise the deletion, and the production of conforming financial reports. In some cases, these programs can be so thorough that they reach out beyond the ECR and the sale system itself to bring inventory and employee time records into line with the deletions.”18
CONCLUSION
Fraud occurs in any organization as it is not possible to invoke the level of control needed to eliminate fraud. If there are too many restrictions or controls in place, those restrictions prevent employees from doing their jobs properly.
As auditors or investigators, we can only test for red flags of fraud. Data analytical software can assist us in sifting through all the transactions to flag anomalies. Being able to recognize fraud may allow us to further refine our tests to reduce the number of anomalies to investigate.
Before we can perform data analytics, we must understand the data analysis cycle and know how to obtain the electronic data files for our audit or analysis. We must ensure that the data is usable, complete, and accurate.
CHAPTER 3
The Data Analysis Cycle
THE DATA ANALYSIS CYCLE is a three-stage cycle that is constantly changing, and which must be adjusted to in order to be effective. The stages are evaluation and analysis, software and technology, and the audit and investigation stage.
EVALUATION AND ANALYSIS
To start the cycle one must understand the whole business well and, specifically, the subsidiary, division, or business unit being reviewed. A good understanding of the industry in general, along with the business environment, will give you a baseline for comparison purposes.
This cycle includes evaluating areas of potential fraud and identifying symptoms or red flags for frauds. This knowledge allows you to tailor your evaluation strategies to the organization. You cannot apply all the same steps and procedures universally to every business, as business practices in different industries, as well as within the same industries, differ greatly.
With this knowledge, the next step is to identify weaknesses or areas where potential fraud may exist within the business systems. It would be impossible to perform this task on the business organization as a whole. You need to break down the organization to at least the business-unit level to be able to focus on a more detailed level. Each area has different elements and risks. For instance, one area may be dealing with cash or payments and another with access controls and authorities. The risk assessments discussed earlier need to be tailored specifically to the function under review.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.