"A typical organization loses 5% of its revenue every year due to fraud" - Association of Certified Fraud Examiners (ACFE)
With reference to the "Darwin's theory of evolution", along with the humans, even crimes have evolved. These frauds or "White Collar Crimes" as they are more peculiarly known as, have revealed the extent to which they can adversely affect the corporate environment through corruption and fraudulent actions, which are beyond our imaginations.
And in this context, names such as "Enron", "World Com", "Tyco", "Satyam", "Sahara", "Harshad Mehta Scam" etc. have established as the biggest crimes of all times which have led the regulators and experts and to shift their focus from traditional auditing techniques to investigation based techniques to safeguard the investor's confidence and maintain the reliability over the truthfulness of the reported financials.
In such a scenario the auditors are expected to take up the responsibility of not just providing an opinion but also bring solutions to frauds and thereby ensure better transparency, effective control, and regulative punishment for the fraudsters.
And to provide these critical solutions "forensic audit" is the most effective tool.
Meaning of Forensic Audit:
"Forensic" means "suitable for use in court of law" and "Audit" relates to the independent examination of data of entity. A forensic audit is therefore an independent and comprehensive process of reviewing a person's or the company's financial statements to determine if they are accurate and whether or not any financial benefit has been attained by way of presenting an unrealistic picture or any illegal activity.
It is the legal determination of whether the fraud has actually occurred.
It answers the questions such as:
- How long the fraud has been carried out?
- How it was conducted and concealed by the perpetrators?
- What is the impact of such frauds?
Hence it involves the application of specialized methods for tracking and collection of evidence, usually for investigation and prosecution of criminal acts such as embezzlement fraud.
Thus in simple terms, forensic audit is a combined venture of auditing and investigation.
We can also summarize forensic audit as "LIAR"
- Legal representation
- Reporting & Prevention
Objectives of Forensic Audit:
- To establish the fact that a fraud or a crime or any other unlawful act has been committed.
- Critical examination of these facts to obtain appropriate evidence.
- Careful evaluation of the approach and impact of such an act.
- To bring out the reality by dissolving all the false representation made such an act.
- To punish the wrong doers by the hands of law.
Types of Investigation:
The forensic accountant should be asked to investigate many different types of fraud. It is helpful to categorize these types into three groups to provide an overview of the wide range of investigations that could be carried out.
There are three types of corruption fraud: conflicts of interest, bribery and extortion. Research shows that corruption is involved in around one third of all frauds.
- In a conflict of interest fraud, the fraudster exerts their influence to achieve a personal gain which detrimentally affects the company. The fraudster may not get benefit financially, but rather receives an undisclosed personal benefit as a result of the situation. For example, a manager may approve the expenses of an employee who is also a personal friend in order to maintain that friendship, even if the expenses are illegitimate to needs of business.
- Bribery is when money (or something else of value) is offered in order to influence a situation.
- Extortion is the opposite of bribery, and happens when money is demanded (rather than offered) in order to secure a particular outcome.
By far the most common frauds are those involving asset misappropriations, and there are many different types of fraud which fall into this category. The common feature is the left of cash or other assets from the company, for example:
- Cash theft - the stealing of physical cash, for example petty cash, from the premises of a company.
- Fraudulent disbursements - company funds beings used to make fraudulent payments. Common examples include billing schemes, where payments are made to a fictitious supplier, and payroll schemes, where payments are made to fictitious employee (often known as 'ghost employees').
- Inventory frauds - the theft of inventory from the company.
- Misuse of assets - employees using company assets for their own personal interest.
Financial Statement Fraud:
This is also known as fraudulent financial reporting, and is a type of fraud that causes a material misstatement in the financial statements. It can include deliberate falsification of accounting records, omission of transactions, balances or disclosures from the financial statements; or the misapplication of financial reporting standards. This is often carried out with the intention of presenting the financial statements with a particular bias, for example concealing liabilities in order to improve any analysis of liquidity and gearing.
Critical Point Auditing:
Critical point auditing aims at filtering out the symptoms of fraud from regular and normal transactions in which they are mixed or concealed, to find out any abnormal or irregular item in relation to the fraud.
- Trend analysis of significant financial transactions
- False credit to boost sales
- Weakness in internal control system
It is also known as "value for money audit", wherein the focus is to examine whether all expenditures are need based.
Financial frauds are often in conjugation with the wasteful, unwanted and unfruitful expenditures and hence under propriety audit, all the improper, fictitious, avoidable expenditures are identified as potential areas of fraud and checked thoroughly.
This process is based on 3 pillars: economy, efficiency and effectiveness.
- Benford's Law
- Detecting skimming, lapping or paddling transactions
- Theory of relative size factor
- Data mining techniques
- Ratio analysis
- Electronic and physical surveillance
- Undercover operations
- Space-time dimensions
To understand how forensic auditing works, it is important to know why fraud takes place, which can be explained through the "Fraud Triangle".
- Reason of fraud
- The aim behind the act
- Personal or family financial problems
- Gambling or drug problems
- Financial expectations
- Loophole which led to such fraud
- Areas that aided the act
- Weaknesses in controls
- The person who is trying to be defensive
- Hiding the fraud and related evidence to justify the act
So the forensic auditor would now target these 3 areas:
- What was the gain by the fraud?
- Whether the loophole was internal, external or both?
- Who has the advantage by concealing the facts?
Such an approach would enable the auditor to gather evidence more appropriately and carry out investigations in the right area.
Stages of Forensic Audit:
Accepting the investigation:
It is primary and most essential stage. It requires careful and thorough understanding of the business entity.
Proper planning is must to
- Identify the possible areas of fraud.
- Prepare an audit methodology.
- Draft the checkpoints to be verified during the investigation.
- Roadmap for efficient execution of skills.
Obtaining & Evaluating Evidence:
The auditor can resort to various methods for obtaining evidence such as
- Testing internal controls
- Use of analytical procedures
- Use CAAT or substantive techniques
Analysis of evidence collected to ascertain the further action plans
- Identifying evidences which are reliable
- Use of computer forensics or data analysis
This stage would require the auditor to prepare a detailed report providing the relevant facts such as
- Summarized observations along with required evidences
- How the fraud was conducted
- Which controls were bypassed
- Details of persons involved
- Quantification of the loss
- Impact on the financial statements
- Recommendation for the improvement
- Presentation of the case before the court
- To testify as a key witness in the court
Founder and CEO, Mr. Ramalinga Raju charged with fraud, false corporate reportings and making false statements to regulators.
- Accounting scam worth 7,900 crore overstatement in financials.
- Creation of 13,000 ghost employees.
- The company was near bankruptcy, market position destroyed within hours.
- The statutory auditors (PWC) were fined Rs. 60 lakhs by US Securities and Exchange Commission.
- The CEO was sentenced to 7 years jail and penalty of Rs. 5 crore.
Present and future trends:
Presently forensic audits are gaining importance owing to the following reasons:
- Rapid increase in quality and intensity of crime
- Traditional approaches are unfruitful in combating such crimes
- The risk of the statutory auditor not being able to detect a material misstatement (Detection Risk)
- The Companies Act 2013 has been a major game changer for the corporate environment, ushering a new set of guidelines for enhancing governance.
- Emphasis has been laid on corporate fraud reporting, by the auditors under section 143 which specifically provides for reporting of any kind of fraud or irregular activity to the Central Government.
- Also the punishments for the frauds have been made more stringent and applicable to the directors, key managerial personnel, auditors and/or officers of company.
- Thus, the new act goes beyond professional liability for fraud and extends to personal liability if a company contravenes such provisions.
- Establishment of the "Serious Fraud Investigation Office (SFIO)", to be headed by a director and consists of experts and forensic auditors (Section 211).
i. It is a next generation technique that aims to find out digital evidences.
ii. If crimes are committed through the system, the evidences shall also be in the systems.
iii. Use of DFF (Digital Forensic Framework) for easy collection, preservation and analysis of digital evidences without compromising systems and the data.
iv. Use of specific task based analytical tools known as digital forensic tools for data analysis such as:
- Access Data
- SANS SIFT
- The sleuth kit
Extensive use of digital forensics such as
- Securities fraud
- Business valuation
- Bankruptcy, insolvency, re-organization
- Network intrusions
It has surely proved that auditors are not just watchdogs, but can be bloodhounds also. And fraudsters shall now fear the bloodhounds.
Forensic Audit is a very specialist type of engagement, which requires highly skilled team members who have experience not only of accounting and auditing techniques, but also of the relevant legal framework.
- Although forensic audit is now being used widely, it is yet to get due recognition.
- It is still at the nascent stage but following factors are needed for its growth to establish a fair, just and reliable corporate environment across the globe.
- Proactive implementation
- Effective awareness
- Revision in the existing controls for further enhancement
- Technological reinforcement.