Auditors Fraud Detection and Data Analysis Techniques

Fraud Detection and Data Analysis Techniques

Just because a project is on budget or was completed under budget does not mean all costs were appropriate. Also we have a common belief that when statutory audit is over, everything is correct. It is not true. The fact is that statutory or balance sheet audit is not designed to find fraud and in most cases they may not detect fraud that exists.

Statutory audits are traditionally designed to determine the financial statements to show a true and fair view of the activities and financial statements are free from any material misstatements. Normally statutory auditors test a small number of transactions for any indications of fraud or to satisfy themselves to know that the financial statements show a fair view of the assets and liabilities of the company.
In most cases Auditors are not able to find fraud during the normal audit procedures. Most of the auditors are not trained/equipped to find fraud indicators.

Auditors, Fraud, Detection, Data Analysis, Techniques

Why Auditors fail to find fraud?

  1. Less equipped with latest audit tools: Today’s most auditors are not equipped with latest audit tools and need to think of a wider canvas to go beyond books of account.
  2. Predicable test by auditors: Year after year auditors will repeat the same tests focusing on the same type of transactions or same valued inventories. Fraudsters will be able to predict the tests, which are going to happen. When employees know exactly what risks and accounts the auditors will target, the effectiveness of audit testing goes down. When new auditors join, they will be asked to follow the same work papers of previous year and the new auditor will do the same.
  3. Reliance on Internal Controls: Total audit plan and procedures will be based on the assessment of internal controls and risk. When this assessment goes wrong in the initial years, the quality of the audit will also go down. Eventually, auditor will fail to find control weaknesses.
  4. Reliance on sampling: As data volume increases year after year, auditor is unable to get the correct sample. Due to the resource and budget problems auditor will stick to sampling verification and the audit quality will go down.
  5. Concentrated testing on large valued items: On looking into the patterns, if the fraudsters know that, auditor will look into the large valued items he will select small valued areas to commit fraud. Auditors are normally looking into big numbers for scope and materiality.
  6. More dependency on junior staff: Younger auditors will do most of the field work. It is a practice to control the cost of the audit in many occasions. Is there any compromise happening on quality? Young auditors often do not know what questions to be asked, and are usually reluctant to ask difficult questions or challenge management’s assertions. They are easily manipulated, influenced, and misled because of their inexperience.
  7. Lapses in follow up action by the concerned authorities: If the exceptions reported were not seriously taken up and follow up action taken, the auditor will be discouraged to find more red-flags.
  8. Lack of expertise in audit committees to guide auditors: Many of the audit committee lack expertise and not in a position to deal with fraud situations and guide auditors appropriately.
  9. Use of social engineering techniques by fraudsters: Management and fraudsters use social engineering techniques to distract auditors’ attention from one area and will be diverted to somewhere else to commit fraud or not to detect the fraud indicators.
  10. The involvement of top management in fraudulent and corruption acts: When the top management and Board members are involved in fraud and corruption activities, many a times auditors are not in a position to find frauds.

Auditors, Fraud, Detection, Data Analysis, Techniques

Data Analysis Challenges!

The data size is growing every moment and it is a challenge to auditors to decide from where they will get reliable data to audit.

IIA Standard 1210 A2 requires auditors to have sufficient knowledge of possible frauds to be able to identify their symptoms. IIA standard 1220 A2 requires “In exercising due professional care the internal auditor should consider the use of computer assisted audit tools and other data analysis techniques”.

To satisfy the regulators and stakeholders, it is necessary to have adequate knowledge of latest audit tools to find out the indicators of fraud. When data size is growing at an annual 40% compounded rate, control professionals challenge is to pick the few fraudulent transactions or indications of fraud from millions of transactions accumulated. Without a powerful data analysis tool this task is impossible.

Auditors, Fraud, Detection, Data Analysis, Techniques

What Data Analysis can do for you?

With data analysis technology, you can:

  • Perform fraud risk analysis.
  • Search for indicators of fraud.
  • Review 100 percent of transactions.
  • Compare data originating from different applications and systems.
  • Calculate the impact of fraud.
  • Conduct proactive tests.
  • Helps to automate repetitive tests and Implement continuous monitoring

Auditors, Fraud, Detection, Data Analysis, Techniques

Data analysis will take you from the historical prospective of “ what happened” to the future prospective of “What if these trends continue “ through the present fact of “where is the problem”.

Why data analysis?

In a fraud risk management scenario, the manager will be in a dilemma with where to start. Knowing that fraud is occurring, but not having insight into where, how and by whom. It is always a concern and here effectively implemented data analysis tools will give insight into the problem areas.

The primary reason to use data analysis techniques to find fraud indicators are because many a system of internal control has serious control weaknesses. In order to effectively verify and monitor internal controls, organizations need to look at 100% of transactions that took place and test them against established policies and procedures, across applications, across complex It structures, and from dissimilar applications and data sources. Many ERP systems alone cannot handle this challenge and many controls are never even turned on.

Data analysis software allows auditors to gain a quick overview of the business operations and easily drill down into the details of specific areas. As a result, examinations are much more detailed and comprehensive than a manual review of sample files.

Computer-assisted audit techniques can be used to develop an understanding of the relationships between various data elements, both financial and nonfinancial, and to examine the data for trends. Analytical procedures can be used to perform substantive tests and conduct investigations.
With huge volume of data, manually reviewing all documents is both costly and time consuming. Audit software can assist by highlighting transactions that contain characteristics often associated with fraudulent activities. Millions of transactions, including data from previous years or other locations or different software systems, can be reviewed.

A simple statistical profiling of given data will give lot of useful information about the given table such as date, amount and other boundaries and number of records, totals etc. It will bring the outliers. Simply look at high and low values and find irregularities. These may be indicators of fraud. By doing this auditor is saving enormous time and chances of errors before proceeding to actual audit tests. Also this kind of test is on 100% of the data and not on samples.

A simple duplicate test not only points to fraud but also inefficiencies or errors within transactions. Fuzzy duplicate transactions are common and without a tool it is difficult to find. (Fuzzy duplicates are nearly identical character values that may refer to the same real-world entity. For example, Hanson and sons, Hansson and sons, Hansan and Sons, Hansen & Sons, Hanssen & Sons, Jansen and Sons, Hanzon and Sons etc which may all be the same company entered by the ERP administrators as different company and there is a chance that payable department may process payments differently).

Auditors, Fraud, Detection, Data Analysis, Techniques

A data analysis will look into instances of irregularities, for example:

  • Do we still pay fuel bills for the terminated employees?
  • Do we pay duplicate payments to suppliers/employees/service providers?
  • Any FCPA violations?
  • Any access control violations?
  • General Ledger postings on Holidays?
  • Goods received /issued on holidays?
  • Access control logs after the office time?
  • Business travel and entertainment expenses beyond the policy limits?
  • Concentrated buying from top suppliers?
  • Is the buying rates comparable with market rates?
  • Are there certain GL accounts that are frequently reversed?
  • Are there dormant accounts that are used suddenly?
  • Do you have any employee who doen’t want to go on holiday?
  • Other than the tools, In general auditors can be more effective in detecting fraud by,
  1. Know the business: A better understanding of the business will help auditors to be more effective. Business processes, procedures and business challenges will provide a better background to perform well.
  2. On understanding the business processes, auditor should step into the shoes of the fraudster and consider the potential scenarios where frauds can happen.
  3. When putting the auditors in the job, more experienced auditors should take lead role and junior auditors should help the experts. Normally most of the field work will be done by the junior auditors and they are not capable to find probable frauds or they are not capable to ask brilliant questions to the auditees.
  4. Auditors should be educated to use data analysis and forensic tools to find probable frauds.

Auditors, Fraud, Detection, Data Analysis, Techniques