Information

Technology
Auditing &
Assurance
Chapter 12: Business Ethics, Fraud and Fraud
Detection

FRAUD SCHEMES
1.Fraudulent statements
2.Corruption
3.Asset Misappropriation

1. FRAUDULENT
STATEMENTS
- associated with management
fraud.
- statement is not simply a
vehicle for obscuring or covering a
fraudulent act.

1. FRAUDULENT
STATEMENTS

Underlying problems:
1.Lack of auditor independence.
2.Lack of director independence.
3.Questionable executive compensation
schemes.
4.Inappropriate accounting practices

1. FRAUDULENT
STATEMENTS

Sarbanes-Oxley Act and Fraud:

2. CORRUPTION
- involves an executive, manager, or
employee of the organization in collusion
with an outsider.
- four types: bribery, illegal gratuities,
conflicts of interest and economic
extortion.

2. CORRUPTION
a. Bribery
- involves giving, offering, soliciting
or receiving things of value to influence
an official in the performance of his or
her lawful duties.

2. CORRUPTION
b. Illegal gratuities
- involves giving, offering,
soliciting something of value
because of an official act that has
been taken.

2. CORRUPTION
c. Conflicts of Interest
- occurs when an employee acts on
behalf of a third party during the
discharge of his or her duties or has selfinterest in the activity being performed.

2. CORRUPTION
d. Economic Extortion
- is the use (or threat) of force
(including economic sanctions) by
an individual or organization to
obtain something of value.

3. ASSET
MISAPPROPRIATION
- the most common fraud schemes
involve some form of asset misappropriation
in which assets are either directly or
indirectly diverted to the perpetrators
benefit.
- examples: skimming, cash larceny,
billing schemes, check tampering, payroll
fraud, expense reimbursements, theft of cash

3. ASSET
MISAPPROPRIATION
a. Skimming
- stealing cash from an organization
before it is recorded on the organizations
books and records.
b. Cash Larceny (ex. Lapping)
- cash receipts are stolen from an
organization after they have been recorded
in the organizations books.

3. ASSET
MISAPPROPRIATION
c. Billing schemes (known as Vendor

Fraud)
- perpetrated by employees who
cause their employer to issue a payment to a
false supplier or vendor by submitting
invoices for fictitious goods and services,
inflated invoices, or invoices for personal
purchases.

3. ASSET
MISAPPROPRIATION
Billing schemes (known as Vendor Fraud):
Shell company
- establish false supplier on the books of the
victim.
- there is no legitimate transaction but the
system recorded it as legitimate.

3. ASSET
MISAPPROPRIATION
Billing schemes (known as Vendor Fraud):
Pass-through
- same with the shell company but the transaction
actually took place.
- the false vendor actually purchases from a legitimate
vendor.
- the false vendor charges the victim company a much
higher than market price for the items, but pays only the
market price to the legitimate vendor.

3. ASSET
MISAPPROPRIATION
Billing schemes (known as Vendor Fraud):
Pay-and-Return
- this typically involves a clerk with check
writing authority who pays a vendor twice for the
same products received. The vendor, recognizing
that its customer made a double payment, issues a
reimbursement to the victim company, which the
clerk intercepts and cashes.

3. ASSET
MISAPPROPRIATION
d. Check Tampering
- involves forging or changing in some
material way a check that the organization has
written to a legitimate payee.
e. Payroll Fraud
- is the distribution of fraudulent
paychecks to existent and/or nonexistent
employees.

3. ASSET
MISAPPROPRIATION
f. Expense Reimbursements
- an employee makes a claim for
reimbursement of fictitious or inflated business
expenses.
g. Thefts of Cash
h. Non-Cash Misappropriations

COMPUTER FRAUD
1. The theft, misuse or misappropriation of assets by
2.
3.
4.
5.

altering computer-readable records and files

COMPUTER FRAUD

COMPUTER FRAUD
1st Stage: Data Collection
Objective: To ensure that transaction data entering the
system are valid, complete, and free from material errors
Rules:
Relevance - the information system should capture
relevant data only.
Efficiency - collect data only once.

COMPUTER FRAUD
1st Stage: Data Collection
Fraud techniques in networked systems done from
remote locations:
Masquerading perpetrator gaining access to the
system from a remote site by pretending to be an
authorized user.
Piggybacking perpetrator at the remote sit taps into
the telecommunications lines and latches onto an
authorized user.
Hacking breaking into the system rather than the theft
of assets.

COMPUTER FRAUD
2nd Stage: Data Processing
- processing data to produce information.
- include mathematical algorithms used for production
scheduling applications, statistical techniques for sales
forecasting, and posting and summarizing procedures used
for accounting applications.
- Two classes: Program Fraud and Operations Fraud

COMPUTER FRAUD
2nd Stage: Data Processing
Program Fraud
1. Creating illegal programs that can access data files to
alter, delete, or insert values into accounting records.
2. Destroying or corrupting a programs logic using a
computer virus.
3. Altering program logic to cause the application to
process data incorrectly.

COMPUTER FRAUD
2nd Stage: Data Processing
Operations Fraud
- misuse or theft of the firms computer resources.
- involves using the computer to conduct personal
business

COMPUTER FRAUD
Database Management
- its physical repository for financial and nonfinancial
data.
Database Management Fraud
- Includes altering, deleting, corrupting, destroying, or
stealing an organizations data.

COMPUTER FRAUD
3rd Stage: Information Generation
- is the process of compiling, arranging, formatting, and
presenting information to users.

COMPUTER FRAUD
3rd Stage: Information Generation
Characteristics:
1. Relevance
2. Timeliness
3. Accuracy
4. Completeness
5. Summarization

COMPUTER FRAUD
3rd Stage: Information Generation
Fraud:
Scavenging searching through the trash cans of the
computer center for discarded output.
Eavesdropping listening to output transmissions over
telecommunications lines.

AUDITORS
RESPONSIBILITY FOR
DETECTING
SAS No.
99, Consideration of Fraud in FRAUD
a Financial
Statement Audit, which pertains to the following areas of a
financial audit:
1. Description and characteristics of fraud
2. Professional Skepticism
3. Engagement personnel discussion
4. Obtaining Audit Evidence and information
5. Identifying risks

AUDITORS
RESPONSIBILITY FOR
DETECTING
SAS No.
99, Consideration of Fraud in FRAUD
a Financial
Statement Audit, which pertains to the following areas of a
financial audit:
6. Assessing the identified risks
7. Responding to the assessment
8. Evaluating Audit Evidence and information
9. Communicating possible fraud
10.Documenting consideration of fraud

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Fraudulent
Financial Reporting
Considerations:
1. Managements characteristics and influence over the
control environment
2. Industry Conditions
3. Operating characteristics and financial stability

AUDITORS
RESPONSIBILITY FOR
DETECTING FRAUD

Fraudulent Financial Reporting

auditors should look the following schemes:

1.
2.
3.
4.
5.
6. Inadequate disclosures

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Misappropriation
of Assets
Two risk factors:
1. Susceptibility of assets to misappropriation.
2. Controls

AUDITORS
RESPONSIBILITY FOR
DETECTING FRAUD

Misappropriation of Assets
Schemes related:

1.
2.
3.
4.
5.
6.
7.

Personal purchases
Ghost employees
Fictitious expenses
Altered payee
Pass-through vendors
Theft of cash or inventory
Lapping

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Auditors
Response to Risk Assessment
The auditors judgments about the risk of material
misstatements due to fraud may affect the audit in the
following ways.
1. Engagement staffing and extent of supervision
2. Professional Skepticism
3. Nature, timing, and extent of procedures performed

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Response
to Detected Misstatements
Due to Fraud
- Influenced by the degree of assessed risk
- Some instances, may determine the currently planned audit
procedures are sufficient to respond to the risk factors.
- In other cases, may extend the audit and modify planned
procedures.
- In rare cases, the auditor may conclude that procedures cannot be
sufficiently modified to address the risk, in which case the auditor
should consider withdrawing from the engagement and
communicating the reasons for withdrawal to the audit committee.

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Response
to Detected Misstatements
Due to Fraud
If the auditor has determined that fraud exist and had no
material effect to the financial statements:
1. Refer the matter to an appropriate level of management
at least one level above those involved.
2. Be satisfied that implications for other aspects of the
audit have been adequately considered.

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Response
to Detected Misstatements
Due to Fraud
When the fraud had a material effect to the financial
statements or the auditor is unable to evaluate the degree
of materiality, the auditor should:
1. Consider the implications for other aspects of the audit
2. Discuss the matter with the senior management and with
board of directors audit committee
3. Attempt to determine whether the fraud is material
4. Suggest that the client consult with the legal counsel, if
appropriate.

AUDITORS
RESPONSIBILITY FOR
DETECTING
FRAUD
Documentation
Requirements
1. Risk factors identified
2. The auditors Response to them

FRAUD TECHNIQUES
Payments to Fictitious Vendors
1. Sequential invoice numbers
2. Vendors with P.O. Boxes
3. Vendors with Employee Addresses
4. Multiple Companies with the same address
5. Invoice amounts slightly below the review threshold

FRAUD TECHNIQUES
Payroll Fraud
1. Test of Excessive Hours Worked
2. Test for duplicate payments
3. Test for Nonexistent employees

FRAUD TECHNIQUES
Lapping of Accounts Receivable
1. The balance forward method
2. The open Invoice method