Dr. Adukia Forensic

9mm 180mm
Author's Prole
2019
Price: ` 799/-
Dr. Rajkumar Adukia is an eminent Forensic Investigator who has He has undertaken more than 1000 individual development seminars,
2019
created mark for himself in the eld of Forensic investigations. His minute both for professionals and students across faculties, and have motivated
detail oriented approach and analytical mind has helped his clients more than 1,00,000 people.
detect frauds at the very grassroot level.
Encyclopedia on
Eminent Faculty
Dr. Adukia has addressed the CBI ofcers, ofcers of Serious Fraud Dr. Adukia is an eminent faculty and an authoritative speaker. He has
Investigation Ofce (SFIO), and various State Police Academies. He has addressed more than 5000 national seminars and 40 International
also addressed a global seminar at ACFE. seminars, across the globe. Some of the signicant addresses include:
Dr. Adukia possesses professional expertise gained and polished in a • Insolvency and Bankruptcy Board of India • Institute of Cost
career span of more than 36 years. He has dealt with all sorts of subjects Accountants of India • Institute of Company Secretaries of India •
and topics and complications and provided professional services to Institute of Chartered Accountants of India • Chamber of Indian Micro,
Banks, Financial Institutions, Corporates, Government Departments, Small & Medium Enterprises • Speaker in IIA’s 2013 International
and Regulators. Conference in Orlando on Green Audit. • Speaker in IIA’s 2018
He has been a faculty to various professional institutions like ICAI, ICSI, International Conference at Dubai on Sustainability. • Faculty in Indian
ICAI(Cost Accountant), Advocates, and other institutions like Institute of Corporate Affairs(IICA) for courses on Insolvency Laws and
Management, Banking etc. He has addressed various professional Corporate laws. • Faculty Speaker in Workshop on Commodity Risk
bodies and trade associations on subjects like Law, Taxation, Business Management for Bankers organized by CAFRAL (Centre for Advanced
Consultancy, Corporate Restructuring, Insolvency and bankruptcy Financial Research and Learning) • Faculty at National Institute of
Encyclopedia on Forensic Investigation and Fraud Prevention

Laws, Real Estate, Valuation, Intellectual Property Laws, Anti-Trust Laws, Securities Management (NISM) • Addressed the Programme for
Alternative Dispute Resolution, etc. at different points of time. Principal Inspecting Ofcers & Inspecting Ofcers by Reserve Bank of
Signicant Professional Achievements: India- Department of Non-Banking Supervision. • Addressed the
He is Chairman of Association of Indian Investors, a Section 8 National apex Chamber of Commerce and State apex Chamber of
Company wherein its main thrust is to educate the layman about the Commerce including his address to ASSOCHAM, Confederation of
principles of safe investment, the complexity of capital market, changing Indian Industry (CII), Federation of Indian Chamber of Commerce and
rules of market operations, design and implement effective Internal Industry (FICCI), and All India Manufacturers Organization (AIMO). •
Financial Control framework and provide Corporate Governance Addressed the SCOPE- Standing Conference of Public Enterprises
Services.
He is also Vice President of All India Insolvency Professional
Association. It is providing services in the eld of insolvency and
which is an apex professional organization representing the Central
Government Public Enterprises. It has also some State Enterprises,
Banks and other Institutions as its members. • Addressed the National
Academy of Audit and Accounts (NAAA) • Dena Bank • Central Bank
Forensic
bankruptcy, corporate restructuring etc. The Organization is currently
Investigation and
having 200 professionals all over India as its members. Education
Current& Past Memberships& Positions Held: Having graduated from Sydenham College of Commerce & Economics
in 1980 as 5th rank holder in Bombay University and he has also
240mm
• International Financial Reporting Standards (IFRS) Foundation SME received a Gold Medal for highest marks in Accountancy & Auditing. He
Group • INSOL India National Committee for Regional Affairs and •
Fraud Prevention
cleared the Chartered Accountancy Examination with 1st Rank in
Member of International Bar Association(IBA) and the following Intermediate and 6th Rank in Final. He also secured 3rd Rank in the Final
committees of IBA • Asia Pacic Regional Forum • Forum for Barristers Cost Accountancy Course. He has been awarded G.P. Kapadia prize for
and Advocates • Arbitration Committee • Bar Issues Commission (BIC) best student of the year 1981. He also holds a Degree in law, PhD in
• CAG Advisory Committee • Quality Review Board of ICAI
His long and dedicated service and contribution to the profession
Corporate Governance in Mutual Funds, MBA, Diploma in IFRS (UK),
and Diploma in Labour law and Labour welfare, Diploma in IPR, Diploma (Including Cyber Security
include: in Criminology.
• International Member of Professional Accountants in Business
Committee (PAIB) of International Federation of Accountants (IFAC)
He has done Master in Business Finance, a one year post qualication
course by ICAI. He has also done Certicate Courses conducted by ICAI
and Digital Forensics)
from 2001 to 2004. • Member of Inspection Panel of Reserve Bank of on
India. • Member of J.J. Irani Committee (which drafted Companies Bill, • Arbitration • Forensic Audit and Fraud prevention • Concurrent Audit
2008, which later became the Companies Act, 2013). • Member of
Secretarial Standards Board of ICSI. • Member of Cost Accounting Awards and Accolades
Standards Board of The Institute of Cost Accountants of India. • Member He has been felicitated with awards like
of Working Group of Competition Commission of India, National • The Jeejeebhoy Cup for prociency and character, • State Trainer by
Housing Bank, NABARD, RBI, CBI etc. • Independent Director of Mutual the Indian Junior Chamber, • “Rajasthan Shree” by Rajasthan Udgosh, a
Fund Company and Asset Management Company. • Worked closely noted Social Organization of Rajasthan and • Several other awards as a
with the Ministry of Corporate Affairs on the drafting of various successful leader in various elds. • National Book Honors Award 2018
enactments. Dr. Adukia continuously endeavors to help the clients achieve the
Sharing of Knowledge desired results through customized and innovative solutions which
Dr. Adukia rmly believes in Knowledge shared is knowledge gained. involve focusing on exploring opportunities and leveraging them to Dr. Rajkumar S. Adukia
Just like happiness, knowledge increases by sharing. He has enhance the growth and expansion of his clients. Author of 300 plus books | Winner of National Book Honour Award 2018
contributed articles to Management Journal, Chartered Secretary, Sharing the knowledge is enhancing the knowledge. Dr. Adukia
Business India, Business Analyst, Financial Express, Economic Times, encourages the precise energies in research, training, seminars, and
B.Com. (Hons.), FCMA, FCA, FCS, LL.B., MBA, M.Com. (Part-I),
Dr. Rajkumar S. Adukia
The Views Journal, Accommodation Times, The Global Analyst and books writing in the eld, the one has passion. Dip IFRS (UK), DLL&LW, DIPR, Dip in Criminology, Ph.D.
many professional magazines and newspapers.
Mobile: 098200 61049
E-mail ID: drrajkumar@globalforensic.in
Author of 300 plus books | Winner of National Book Honour Award 2018
B.Com (Hons.), FCMA, FCA, FCS, LL.B., MBA, M.Com. (Part-I),

Dip IFRS (UK), DLL&LW, DIPR, Dip in Criminology, Ph.D.
Mobile: 098200 61049 E-mail ID: drrajkumar@globalforensic.in
© by DR. RAJKUMAR S. ADUKIA
9mm 180mm
Classic Publications Classic Publications
2019 2019 2019
Dr. Adukia’s Dr. Adukia’s Dr. Adukia’s

Dr. Adukia’s Dr. Adukia’s Dr. Adukia’s Best Selling Series
Complete Guide To Insight into New
Genius is Universal How To Be A Super Self Empowerment: of Model Test
Valuation Examination Insolvency Regime
Recognising your Super Successful Taking Control Papers on Valuation in India
Potential through Time Professional! of our Life Examinations
and Mind Management
2019 2019 2019
240mm
CMA
Legal and Practical How To Pass Limited Practical Guide for

Dr. Adukia’s How To Be A Super Super Blockchain Aspects of Alternative Insolvency Examination Valuation including
Zooming Your Business Successful Person In The – The Technology 3rd Edition
Dispute Resolution (ADR) Legal Framework in India
& Professional Growth Boundaryless World…!!! of Today
2019
Dr. Adukia’s In-Depth Analysis of the Magic Formulas

Dr. Adukia’s - The Role of State Reinvent Your Mind Strike Gold!! Ideal Corporate Insolvency and for Success
Co.op Soc. & Multistate Co.op Soc – And Change (The A To Z Dictionary 4th Edition
Governance Framework Bankruptcy Code, 2016
in Econommic Development of Nation Your Life of Becoming Rich) and the FRDI Bill, 2017
Encyclopedia on Forensic Investigations and Fraud Prevention (Including Cyber Security and Digital Forensics)
Dr. Adukia’s
Encyclopedia on Forensic
Investigation and
Fraud Prevention
(Including Cyber Security and
Digital Forensics)

International Speaker and Growth Coach
Author of 300 plus books
B. Com (Hons.), FCA, FCMA, FCS, LL.B., MBA, M.Com. (Part-I),
Mobile: 098200 61049
Email: drrajkumar@globalforensic.in
i
Encyclopedia on Forensic Investigation and Fraud Prevention (Including Cyber Security and Digital Forensics)
4th Edition: April, 2019

Price ` 799 /-
© All rights including copyrights and rights of translations etc., are reserved and vested exclusively with Dr. Rajkumar
Adukia. No part of this book may be reproduced in any form or by any means [Graphic, Electronic or Mechanical], or
reproduced on any information storage device, without the written permission of the publishers.
DISCLAIMER
The opinions and views expressed in this publication are those of the Contributor. No part of this publication may be
reproduced or transmitted in any form or by any means without the permission in writing. This publication is sold with the
understanding that neither the publisher, nor the author will be responsible as a result of any action taken on the basis of
this work whether directly or indirectly for any error or omission, to any person whether a buyer of this publication or not.
Published by
Rishabh Academy Private Limited
Office Nos. 3 to 6, Meredien Apartments, Veera Desai Road,
Andheri (W), Mumbai-400 058.
Tel.: +91-22-2676 5506/2676 3179
E-mail: info@rishabhtraining.com
Website: www.rishabhtraining.com
Printed by
Finesse Graphics & Prints Pvt. Ltd.
Tel.: 4036 4600 • Fax: 2496 2297
ii

(Including Cyber Security and Digital Forensics)
Dear Colleague,
As per Association of Certified Fraud Examiners’ (ACFE) report titled REPORT TO THE
NATIONS 2018 - GLOBAL STUDY ON O7CCUPATIONAL FRAUD AND ABUSE, USD 7
billion Loss was caused due to fraud on 2,690 cases worldwide.
Statistics quoted in 2014 report by ACFE titled “Report to the Nation on Occupational Fraud
and Abuse” has estimated that a typical organization loses 5% of its revenue to fraud each
year and cumulative annual fraud loss globally during 2013 could have been of the order
of more than $3.7 trillion. The banking and financial services, government and public
administration, and manufacturing industries continue to have the greatest number of cases
reported.
Worldcom, the LIBOR manipulation scandals, have caused major upheavals in western
nations and their impact has been felt not only in the individual institutions or countries but
across the global financial system. India too has witnessed a spate of fraudulent activities in
the corporate sector over the last decade in the form of Satyam, Reebok, Adidas, etc. What
the above statistics reveal is that the frequency, volume and the gravity of instances of fraud
across various sectors, particularly in the financial sector, has gone up tremendously over
the past few years.
With the sweeping changes in the scope and magnitude of banking transactions witnessed
in the past few decades, the emergence of hybrid financial products, the increasing trend
of cross border financial transactions and the dynamics of real-time fund movement and
transformation, the vulnerability of the system to the menace of fraud has become higher
than ever before. All these developments have added to the increasing need for a check on
these systems which can be in the form of Forensic Investigation.
So, Forensic Investigation is the need of the hour. But the major question that we face as
professionals is how to obtain a Forensic Investigation assignment? The assignments in
Forensic Investigations can be obtained by empanelling with banks, regulators like the ROC &
SEBI, CBI, Economic Offenses Wing, Enforcement Directorate, Stock Exchanges and insurance
companies. All these entities maintain a pool of firms, qualified and capable to undertake
Forensic Investigations as per their orders.
The banks are being proactive by conducting Forensic Investigations of loan seeking entities
to ensure timely repayment of loans and prevention of NPAs. The SEBI, on the directions
iii
of MCA also gets Forensic Investigations conducted to verify the conduct of the companies
listed on the stock exchanges of the country. The insurance companies also order Forensic
Investigations before passing claims of higher amounts. The Enforcement Directorate or the
ED along with the Serious Fraud Investigation Office uses Forensic Investigations to probe
into the cases of money laundering and wilful default, that are plaguing the banking system.
The provisions of the Companies Act, 2013, requires the company to set up internal
controls and take sufficient measures to prevent frauds. Such a set up has to be certified
by the directors, by including the same in the Directors’ report that accompanies the
financial statements sent to the shareholders of the company. This provisions result into
the companies’ engaging the services of Forensic Investigators to satisfy themselves that the
internal controls that they have put in place are effective.
This Book will give an exhaustive outlook over Forensic Investigation right from the
evolution of Forensic Investigation to the current scenario. It is a comprehensive
compendium on the scope, the processes, the techniques and its advantages etc stated in a
very simple manner.
We are confident that this publication “Encyclopedia on Forensic Investigations and Fraud
Prevention (Including Cyber Security and Digital Forensics)” will be of immense benefit to
all readers.

Author
iv
ABOUT PRECISE CYBER AND FORENSIC SERVICES PRIVATE LIMITED
Office- 6, Building No.1, ground Floor, Meridien Apartment,

Veera Desai Road, Andheri (w) Mumbai-400058, India
Ph: 022-26765506/26763179 | Mob: 9820061049
Email: drrajkumar@globalforensic.in
PRECISE CYBER AND FORENSIC SERVICES PRIVATE LIMITED is providing consultancy

services forensic and Cyber Audit and has been known for its excellency in its services.
Services
Forensic Audit Business Intelligence IT Forensic Advisory

• Financial statement • Due Diligence • Digital forensic • Due diligence and
fraud, asset • Market intelligence examination & risk assessments
misappropriation, analysis • Implementation
• Mystery shopping
intellectual • Data analytics, and monitoring
property theft, • Asset tracing
solutions of compliance
white collar crime • Business partner programs
• E-Discovery
• Procurement, intelligence
• Cyber-crime • Business partner
logistics, risk framework and
prevention, and
outsourcing, training
investigations
vendors/ contractors
• Anti-corruption
fraud
investigations
• Anti-fraud programs
Industry Expertise • Our Values & Commitments

• Banking
Committed to: Our Values
• Insurance
• Chemicals • Place the interest of client • Teamwork
before ours. • Learning
• Consumer
• Service • Integrity
• Energy
• Uphold high standards of • Accountability
• Healthcare & Hospitality
honesty and integrity
• Infrastructure • Result oriented
• Endeavour to improve the
• Logistics • Open to change
quality of services
• Oil & Gas • Lateral Thinking
• Excellence in professional
• Real estate services
• Retail • Continuous education and
• Technology staff training
• Telecom
• Textiles
v
RISHABH ACADEMY PRIVATE LIMITED

Office Nos. 3 to 6, Meredien Apartments, Veera Desai Road,
Andheri (w), Mumbai 400 058.
Website: www.rishabhtraining.com Tel.: +91 - 22 - 26765506/26763179
E-mail: info@rishabhtraining.com
Services provided by Rishabh Academy Private Limited::

 Providing research opportunities and services including collaborations and partnership
projects at research
 Providing consultancy services on various complex issues
 Training on international subjects like International Public-Sector Accounting Standards,

International Financial Reporting Standards etc.
 Organises workshops, trainings and guidance/seminar programs for transferring

knowledge on various complex issues concerning the professionals
 Conducting self-development programmes on topics like time management, managing

workplace conflicts, effective public speaking etc.
 Providing opportunities in co-authoring of books
 Research training
 Publishes articles on various topics ranging from those dealing with Trade, Taxation,
Finance, Real Estate to topics like Time Management and Professional Opportunities
 Executives are provided with instruction and facilitation in the areas of leadership,
strategic planning, legal issues
 Business related training
vi
From Gaining Expertise to Authoring Books
Dear Reader,
The road to progress and development doesn’t just end with knowledge and experience
gained. Knowledge continues to grow when it is shared among fellow aspirants.
I feel proud of the fact that I am amidst hardworking people who have made their way
to the pinnacle of success, by overcoming obstacles and hurdles in their journey through
professional life and achieving the most needed knowledge and expertise.
My unquenchable thirst for knowledge has been my constant inspiration to read more and
gain more knowledge. It has also been the source of motivation to author books, which has
enabled me to author 300 plus books on a wide range of subjects over a period of time.
I find it apt to remember English Historian and Geologist Charles Darwin’s famous quote
“In the long history of humankind those who learn to

collaborate and improvise most effectively have prevailed.”
In collaboration lies the spirit of greater achievements and carving a niche for ourselves by
setting the most inspiring example for others to follow.
I take this opportunity to invite both budding and established professionals/entrepreneurs/

academicians/ readers to join me in sharing the knowledge and expertise with our fellow
professionals and aspirants by developing knowledge series in the form of books on a wide
range of topics for example, business laws, various forms of audits, accounting standards,
arbitration and mediation, self-help and self-development and management topics to name
a few.
It will be my pleasure to co-author books with esteemed colleagues who will be interested
in presenting an innovative approach with respect to any subject within the ambit of finance
and its related fields.
You may feel free to contact me at rajkumar@drrajkumaradukia.com or reach me on my

mobile phone 9820061049 by WhatsApp for further details and discussions in this regard.
To receive regular updates kindly send test e-mail to rajkumarfca+subscribe@googlegroups.

com
Regards,
vii
Contents
Sr No Particulars..........................................................................................................Page No.
PART I
1. What is Forensic Investigation?..........................................................................................1
2. Advantages of Forensic Investigation ................................................................................7
3. Evolution of Forensic Investigation in The World............................................................9
4. Evolution of Forensic Investigation in India....................................................................11
5. Steps / Conduct of Forensic Investigations......................................................................12
6. Fraud Risk Assessment......................................................................................................14
7. Forensic Investigation Techniques....................................................................................19
8. Use of Data Mining Technique in Fraud Detection.........................................................28
9. Finding Red Flags..............................................................................................................36
PART II
10. Laws Governing Offences of Frauds & Institutional Framework in India and
Worldwide..........................................................................................................................40
11. Forensic Investigation under The Information Technology Act, 2000...........................55
12. Forensic Investigation under The Insolvency and Bankruptcy Code, 2016..................61
13. Forensic Investigation under The Companies Act, 2013................................................66
14. Forensic Investigation of Listed Corporate Entities.........................................................68
15. Laws governing Frauds Worldwide..................................................................................72
PART III
16. Cyber Crime & Security Strategy for Cyber Crime.........................................................81
17. Forensic Investigation in Digital Environment................................................................92
18. Behavior of Fraudsters & Criminals (An important tool in detecting fraud)...............105
19. Common Fraud Techniques in Banking & Insurance Sector........................................119
20. Common Fraud Techniques in Manufacturing Industry...............................................125
Part IV
21. Fraud Prevention measures including internal financial control,
COSO ERM & COBIT 2019 ............................................................................................129
Part V
22. Recent Developments in the Cyber Environment and Data Protection.......................145
Part VI
23. Expert Opinion and Report Writing...............................................................................154
24. Major Scams/ Frauds that Occurred in India................................................................158
25. Forensic Investigation Report Format.............................................................................161
26. Formats For Various Undertakings/Certificates..............................................................163
27. Useful Websites................................................................................................................184
viii
1. What is Forensic Investigation?
PART I
1. WHAT IS FORENSIC INVESTIGATION?
The term Forensic Investigation combines the word Forensic which means “scientific tests or
techniques used in connection with the detection of crime” and the word Investigation which
means “the act or process of examining a crime, problem, statement, etc. carefully, especially
to discover the truth”. Combining the two terms, Forensic investigation is the gathering and
analysis of all crime-related physical evidence in order to come to a conclusion about a sus-
pect. Investigators will look at blood, fluid, or fingerprints, residue, hard drives, computers, or
other technology to establish how a crime took place. Forensic Investigation is carrying out an
inquiry conducted in such a manner that the outcome will have application in court of law.
The term Forensic Investigation is very wide and is applied in various disciplines like ac-
counting, medicine and engineering. The scope and type of the investigations is defined by
the crime that the investigation intends to investigate. For example if the crime committed is a
murder, then Forensic Entomology, Forensic Pathology, Forensic Psychology, Forensic Science,
Forensic Toxicology may be used. If the crime committed is fraud or crime related to finance,
Forensic Investigation may be conducted and when the crime is conducted through Comput-
ers, cyber forensics may be conducted.
Financial Crimes range from tax evasions to theft of company assets to wrong reporting in
financial statements. A detail scenario of how frauds are committed was given by Kautilya.
Kautilya, in his famous treatise “Arthashastra” penned down around 300 BC, painted a very
graphic detail of what we, in modern times, term as ‘fraud’. Kautilya describes forty ways
of embezzlement, some of which are: “what is realised earlier is entered later on; what is
realised later is entered earlier; what ought to be realised is not realised; what is hard to
realise is shown as realised; what is collected is shown as not collected; what has not been
collected is shown as collected; what is collected in part is entered as collected in full; what
is collected in full is entered as collected in part; what is collected is of one sort, while what
is entered is of another sort.”
Statistics quoted in a recent report by the Association of Certified Fraud Examiners’ (ACFE)
2018 titled “REPORT TO THE NATION ON OCCUPATIONAL FRAUD AND ABUSE” may
have some answers. The report has estimated that in the 2690 cases of fraud reported during
the year, the amount of losses were estimated at $7 billion +. 22% of the cases caused losses
of more than $1 million. Approximately 30% of the schemes in the study included two or
more of the three primary forms of occupational fraud. The smallest organizations tend to
suffer disproportionately large losses due to occupational fraud. Additionally, the specific
fraud risks faced by small businesses differ from those faced by larger organizations, with
certain categories of fraud being much more prominent at small entities than at their larger
counterparts. The banking and financial services, government and public administration,
1
and manufacturing industries continue to have the greatest number of cases reported in their
research, while the mining, real estate, and oil and gas industries had the largest reported
median losses. The higher the perpetrator’s level of authority, the greater fraud losses tend
to be. Owners/executives only accounted for 19% of all cases, but they caused a median
loss of $8,50,000. Employees, conversely, committed 44% of occupational frauds but only
caused a median loss of $50,000. Managers ranked in the middle, committing 34% of frauds
with a median loss of $150,000. Collusion helps employees evade independent checks and
other anti-fraud controls, enabling them to steal larger amounts. The median loss in a fraud
committed by a single person was $74,000, but as the number of perpetrators increased,
losses rose dramatically. In cases with two perpetrators the median loss was $150,000, for
three perpetrators it was $339,000. Approximately 77% of the frauds in the study were
committed by individuals working in one of seven departments: accounting, operations,
sales, executive/upper management, customer service, purchasing and finance. At the time
of our survey, 53% of the victim organizations had not recovered any of their losses due to
fraud, and only 15% had made a full recovery. Enron, Worldcom and more recently, the Libor
manipulation scandals, have caused major upheavals in western nations and their impact has
been felt not only in the individual institutions or countries but across the global financial
system. India too has witnessed a spate of fraudulent activities in the corporate sector over
the last decade in the form of Satyam, Reebok, Adidas, etc. What the above statistics reveal
is that the frequency, volume and the gravity of instances of fraud across various sectors,
particularly in the financial sector, has gone up tremendously over the past few years.
With the sweeping changes in the scope and magnitude of banking transactions witnessed
in the past few decades, the emergence of hybrid financial products, the increasing trend
of cross border financial transactions and the dynamics of real-time fund movement and
transformation, the vulnerability of the system to the menace of fraud has become higher
than ever before.
In criminal law, fraud is intentional deception made for personal gain or to damage another
individual. Defrauding people or entities of money or valuables is a common purpose of
fraud.
Fraud is defined as ‘a legal concept, which involves acts of deceit, trickery, concealment, or
breach of confidence that are used to gain some unfair or dishonest advantage; an unlawful
interaction between two entities, where one party intentionally deceives the other through
the means of false representation in order to gain illicit, unjust advantage.’ (XVI International
Conference of Supreme Audit Institutions (INCOSAI) Uruguay, 1998)
The term ‘forensic’ has usually attracted an unfortunate connotation with the morbid world
of forensic medicine. It conjures images of forensic pathologists, battered corpses, blood-
splattered implements at the scenes of crime and autopsies and post mortems. Nothing can
be further from the truth. Forensic Investigation shares only one thread in common with
forensic pathology. That common denominator is the pursuit of evidence that will stand
the rigorous scrutiny that the rules of evidence and procedure demand for its admission as
evidence before the courts.
2
Indeed, the term ‘forensic’ as defined in Webster’s Dictionary means ‘belonging to, used
in or suitable to courts of judicature or to public discussion and debate’. The integration
of accounting, auditing and investigative skills yields the specialty known as Forensic
Investigation. It is the study and interpretation of accounting evidence. It is the application
of accounting methods to the tracking and collection of forensic evidence, usually for
investigation and prosecution of criminal acts such as embezzlement or fraud. Forensic
Investigation, is a specialised mode of investigation that is suitable to the court which will
form the basis of discussion, debate and, ultimately, for dispute resolution whether before
the courts or other decision-making tribunals.
Forensic Investigation in its present state can be broadly classified into two categories as
under.
1. Encompassing litigation support and
2. Investigative accounting.
These two major categories form the core around which other support services that
traditionally come within the sphere of investigative services revolve - including corporate
intelligence and fraud investigation services. However, it would also be remiss not to define
what encompasses litigation support and investigative accounting.
1. Litigation support - is the provision of assistance of an accounting nature in a matter
involving existing or pending litigation. It is primarily focused on issues relating to
the quantification of economic damages, which means a typical litigation support
assignment would involve calculating the economic loss or damage resulting from a
breach of contract. However, it also extends to other areas involving valuations, tracing
assets, revenue recovery, accounting reconstruction and financial analysis, to name a
few. Litigation support also works closely with lawyers in matters involving, but not
limited to, contract disputes, insolvency litigation, insurance claims, royalty audits,
shareholders disputes and intellectual property claims.
2. Investigative accounting - in contrast, investigative accounting is concerned with
investigations of a criminal nature. A typical investigative accounting assignment
could be one involving employee fraud, securities fraud, insurance fraud, kickbacks
and advance fee frauds. No doubt in many assignments, both litigation support and
investigative accounting services are required. In many cases, the combination of
these services will not be adequate to address the problem unless there is in place
an effective programme for fraud risk management and control. Creating an ethical
work environment with a vigorous anti-fraud culture, implemented seriously by
senior management through the promotion of a clear anti-fraud policy, is the only
viable option if management is serious about preventing or reducing the recurrence of
corporate fraud in its various guises.
Emergence of Computer Forensics

The proliferation of e-commerce has led to an increasing e-fraud in recent times, which
in turn has meant an increasing demand for forensic IT services aimed at identifying
3
unauthorised or unethical IT activities. It is undeniable that this is the fastest growing

forensic discipline that will assume greater importance; hence no paper on Forensic
Investigation would be complete without a passing mention of this specialised field.
Computer forensics is simply the application of computer science to the investigative process.
As investigative accounting is an important aspect of Forensic Investigation, computer
forensics and its sub-disciplines are important tools for the Forensic Investigator in his task
of retrieving and analysing evidence for the purposes of uncovering a fraud or challenging
any financial information critical to the outcome of any dispute. As a full treatment of
this area would warrant a separate article, it would suffice to add that the sub-disciplines
of computer forensics, like computer media analyses, imagery 0enhancement, video and
audio enhancements and database visualisation, are tools, techniques and skills which are
becoming more critical in the field of Forensic Investigation in general and investigative
accounting in particular. Fraud detection services and the techniques of data matching and
data mining would be impossible without the application of computer forensics.
Financial Sector Frauds

Bank fraud is the use of potentially illegal means to obtain money, assets, or other property
owned or held by a financial institution, or to obtain money from depositors by fraudulently
posing as a bank or other financial institution. In many instances, bank fraud is a criminal
offence. While the specific elements of particular banking fraud laws vary between
jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as
opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered a
white-collar crime.
• There are numerous types of financial sector frauds (bank fraud) like stolen cheque,
cheque kiting, rogue trader, fraudulent loan and applications for loan, and many more.
• ‘Skimming of Card Information takes a number of forms, ranging from merchants
copying clients’ credit card numbers for use in later illegal activities or criminals using
carbon copies from old mechanical card imprint machines to steal the info, to the use
of tampered credit or debit card readers to copy the magnetic stripe from a payment
card while a hidden camera captures the numbers on the face of the card. Some
fraudsters have attached fraudulent card stripe readers to publicly accessible ATMs,
to gain unauthorized access to the contents of the magnetic stripe, as well as hidden
cameras to illegally record users’ authorisation codes.
• Phishing operates by sending forged e-mail, impersonating an online bank, auction or
payment site; the e-mail directs the user to a forged web site which is designed to look
like the login to the legitimate site but which claims that the user must update personal
info. The information thus stolen is then used in other frauds, such as theft of identity
or online auction fraud.
• Fraudsters may set up companies or create websites with names that sound similar to
existing banks, or assume titles conferring notability to themselves for plausibility, then
abscond with the deposited funds.
4
Typical Approach to a Forensic Investigation

There are usually five areas which the forensic investigator will address in his approach
towards any case:
1. Focus on the who, what, when, where and how of what happened - this is vital
in order to understand the whole situation that is made more complex by the lack
of full documentation or other evidence. A thorough analysis and evaluation of
what happened would assist in framing the issues for the Forensic Investigator, the
management and their lawyers to consider when deciding on what steps to take.
2. Consider all suspects - nobody is ruled out or beyond suspicion.
3. Be on the alert for forged documents - seemingly innocuous documents or transactions
may hide potential frauds or lead to more incriminating evidence.
4. Conduct extensive searches of company documents and computer files for evidence of
fraud - this is where the Forensic Investigator’s team of forensic IT personnel would be
indispensable in any investigation.
5. Interview key company employees - formally and informally.
Difference between Forensic Investigation and Other Audits

The general public believes that a financial auditor would detect a fraud if one were being
perpetrated during the financial auditor’s audit. The truth, however, is that the procedures
for financial audits are designed to detect material misstatements, not immaterial frauds.
While it is true that many of the financial statements and frauds could have, perhaps should
have, been detected by financial auditors, the vast majority of frauds could not be detected
with the use of financial audits. Reasons include the dependence of financial auditors on a
sample and the auditors’ reliance on examining the audit trail versus examining the events
and activities behind the documents. The latter is simply resource prohibitive in terms of
costs and time.
There are some basic differences today between the procedures of forensic investigators and
those of financial auditors
Sr. Particulars Other Audits Forensic Investigation

No.
1. Objectives Express an opinion as to Whether any fraud has
‘True & Fair presentation actually, taken place in
books
2. Techniques Substantive & Compliance. Investigative, substantive
Sample based or in depth checking
3. Period Normally for a particular No such limitations.
accounting period
5
Sr. Particulars Other Audits Forensic Investigation

No.
4. Verification of stock, Relies on the Management Independent verification
estimation realizable certificate / Management of suspected / selected
value of current assets, Representation items
provisions / liability
estimation, etc.
5. Off balance sheet items Used to vouch the arithmetic Regulating& propriety
(like contracts etc.) accuracy & compliance with of these transactions /
procedures. contracts are examined.
6. Adverse findings if any Negative opinion or qualified Legal determination of
opinion expressed with/ fraud and naming persons
without quantification behind such frauds.
2
6
2. Advantages of Forensic Investigation
2. ADVANTAGES OF FORENSIC INVESTIGATION
Forensic Investigation involves examination of legalities by blending the techniques of

propriety (Value for Money audit), regularity and investigative and financial audits. The
objective is to find out whether or not true business value has been reflected in the financial
statements and in the course of examination to find whether any fraud has taken place.
Why engage a Forensic Investigator?

A logical question to pose is why bring in a forensic investigator and his team when the
organization’s internal auditor and management team can handle the situation which can
range from a simple employee fraud to a more complex situation involving management
itself? The answer would be obvious when management itself is involved and the fallout
to the discovery of the fraud leads to low employee morale, adverse public opinion and
perception of the company’s image and organizational disarray generally. Engaging an
external party can have distinct advantages from conducting an internal investigation.
Uses of Forensic Investigation:

The services rendered by the forensic investigators are in great demand in the following
areas:
1. Fraud detection where employees commit Fraud: Where the employee indulges in
fraudulent activities and are caught to have committed fraud, the Forensic Investigator
tries to locate any assets created by them out of the funds defalcated, then try
interrogating them and trying to find out the hidden truth.
2. Criminal Investigation: Matters relating to financial implications the services of the
Forensic Investigators are availed of. The report of the investigator is considered in
preparing and presentation as evidence.
3. Cases relating to professional negligence: Professional negligence cases are taken up
by the Forensic Investigators. Non-conformation to Generally Accepted Accounting
Standards (GAAS) or noncompliance to auditing practices or ethical codes of any
profession they are needed to measure the loss due to such professional negligence or
shortage in services.
4. Arbitration service: Forensic investigators render arbitration and mediation services for
the business community, since they undergo special training in the area of alternative
dispute resolution.
5. Settlement of insurance claims: Insurance companies engage Forensic Investigators to
have an accurate assessment of claims to be settled.
7
Similarly, policyholders seek the help of a forensic investigator when they need to
challenge the claim settlement as worked out by the insurance companies. A forensic
investigator handles the claims relating to consequential loss policy, property loss due
to various risks, fidelity insurance and other types of insurance claims.
6. Dispute settlement: Business firms engage Forensic Investigators to handle contract
disputes, construction claims, product liability claims, infringement of patent and
trademarks cases, liability arising from breach of contracts and so on.
7. Engagement by Regulators: Regulators of businesses like the Ministry of Corporate
Affairs, the SEBI or the stock exchanges engage Forensic Investigators to gather
evidence in the cases where they are of an opinion that a fraud or misrepresentation
of accounts has been resorted to by the company and detailed investigation in its
functioning is necessary for the overall benefit of the stakeholders.
Key Benefits of Using Forensic Investigators

1. Objectivity and credibility there is little doubt that an external party would be far
more independent and objective than an internal auditor or company accountant who
ultimately reports to management on his findings. An established firm of forensic
investigators and its team would also have credibility stemming from the firm’s
reputation, network and track record.
2. Accounting expertise and industry knowledge an external forensic investigator would
add to the organization’s investigation team with breadth and depth of experience
and deep industry expertise in handling frauds of the nature encountered by the
organisation.
3. Provision of valuable manpower resources an organisation in the midst of
reorganization and restructuring following a major fraud would hardly have the
full-time resources to handle a broad-based exhaustive investigation. The forensic
investigator and his team of assistants would provide the much-needed experienced
resources, thereby freeing the organization’s staff for other more immediate management
demands. This is all the more critical when the nature of the fraud calls for
management to move quickly to contain the problem and when resources cannot be
mobilised in time.
4. Enhanced effectiveness and efficiency this arise from the additional dimension and
depth which experienced individuals in fraud investigation bring with them to focus
on the issues at hand. Such individuals are specialists in rooting out fraud and would
recognise transactions normally passed over by the organization’s accountants or
auditors.
2
8
3. Evolution of Forensic Investigation in The World
3. EVOLUTION OF FORENSIC INVESTIGATION

IN THE WORLD
Though Forensic Investigation has gained more publicity in the recent years, evidence shows
that it has actually been around for centuries. In fact, archaeological findings reveal that, as
far back as 3300-3500 BC, the scribes of ancient Egypt, who were the accountants of their
day, were involved in the prevention and detection of fraud.
The name Forensic Investigation wasn’t even coined until 1946 implying that this specialty
career path was not especially common. Maurice E. Peloubet is credited with developing
the term Forensic Accounting in his 1946 essay “Forensic Accounting: Its Place in Today’s
Economy.” By this time, Forensic Accounting had proven its worth during World War II,
however formalized procedures were not in place until the 1980’s when major academic
works were published. The popularity and need for the services, Forensic Investigators,
provide has steadily and more rapidly grown in the past few decades.
In more recent times, a close relationship developed between the accountancy and legal
professions in the 1800, with accountants acting as expert financial witnesses in court cases.
In 1931, the IRS and FBI used accounting to convict mobster Al Capone. An arrest wasn’t
made until law enforcement built a tax evasion case utilizing accounting expertise. Frank
J. Wilson was the agent charged with finding proof of tax evasion. Wilson sifted through
millions of financial documents and found enough evidence for a conviction. Due to the
Capone case, the IRS actually produced an ad campaign boasting “Only an Accountant Could
Catch Al Capone.”
The basis of this field is founded upon understanding the mind of the fraudster in order to
understand why frauds are committed. Donald Cressey, a sociologist and criminologist in the
1940s, became a leader in understanding fraudsters and why they do what they do. Cressey
wrote, “Theft of the Nation,” a treatise on la Cosa Nostra, and he was widely known for his
studies in organized crime. Cressey first gained notoriety in this field while completing his
PhD dissertation on embezzlers, while at Indiana University. Cressey interviewed nearly 200
incarcerated individuals charged with embezzlement. From his research, Cressey developed
“The Fraud Triangle.”
So, far from being a new practice, forensic investigation has long been part of the accounting
profession. While it took a back seat in the early 20th century with general accounting taking
a greater role, it is now merely returning to its traditions.
In 1992, the American College of Forensic Examiners was established. In 1997, the American
Board of Forensic Accounts started functioning. In 2000, the Journal of Forensic Accounting,
Auditing, Fraud and Taxation began publication. The Sarbanes-Oxley Act established the
Public Companies Accounting Oversight Board (PCAOB) in 2002 that was responsible for
9
developing auditing standards, conducting investigations and ensuring corporate compliance.

It is because of this act, that Forensic Investigation is gaining importance.
Today’s forensic investigators are involved in a wide variety of cases, from the more mundane
family law and commercial matters through to a range of criminal investigations, which
include white-collar crimes such as business and insurance fraud through to organised crime,
murder and even terrorism where Forensic Investigators are used to trace the money trail and
uncover just who is financing the terrorist groups.
Sarbanes-Oxley opened up a whole new field of investigation for Forensic Investigators. For
one, it requires management to certify that their financial statements are free from material
misstatement and fraud. Since the Enron scandal and others like it there has been in
increased demand for audits and scrutiny of all companies. Often these audits take a Forensic
Investigator with them for their expertise. Forensic Investigators have also been called in to
discover whether any misstatements were intentional or by mistake. There is a lot of pressure
on management to provide nearly perfect financial statements. Therefore, there is an increase
in demand for Forensic Investigator’s valuable knowledge in that area.
In 2011, the Securities and Exchange Commission issued the Dodd-Frank Act. This piece
of legislation is an even bigger motivator for whistle-blowers to come forward. If a whistle-
blower brings forward information that results in successful enforcement of monetary
penalties over $1,000,000, they will be rewarded monetarily. The award can be from 10-30%
of the monetary penalties. This is a huge motivating reason for people to act ethically and
bring attention to fraudulent activity within their organization. With that comes more demand
for Forensic Investigators to be involved.
Forensic Investigation has taken many great leaps of growth in recent history. The Accounting
industry has gradually called for more and more Forensic Investigators. It is predicted that
growth of the industry, based on the amount of jobs, will reach 6.7% for the years between
2013 and 2018.
2
10
4. EVOLUTION OF FORENSIC INVESTIGATION IN INDIA
In Indian context history of investigative accounting goes back to the ancient Mauryan Times.
In India, Kautilya was the first person to mention the famous forty ways of embezzlement in
his famous Kautilya Arthashastra.
Forensic Investigation in India has come to limelight only recently due to rapid increase
in Frauds and the white-collar crimes and the belief that our law enforcement agencies do
not have sufficient expertise or the time needed to uncover frauds. In India the formation
of Serious Fraud Investigation Office is the landmark creation for the Forensic Investigators.
Growing cyber-crimes, failure of regulators to track the security scams, series 101 of co-
operative banks bursting - all are pinpointing the need of Forensic Investigation, irrespective
of whether we understand the need or not.
In India, Forensic Investigation has not got its due recognition even after alarming increase
in the complex financial crimes and lack of adequately trained professionals to investigate
and report on the complex financial crimes. The Serious Fraud Investigation Office (SFIO)
formed by the Government of India under Ministry of Corporate Affairs can be regarded the
first step of Government of India to recognize the importance and advance the profession of
Forensic Investigators.
There is no mention of Forensic Investigators in the Indian statutes so far but there are
various provisions related to Forensic Investigators in the statutes. The introduction of the
Companies Act, 2013 has a significant impact on fighting and preventing frauds. Under
section 245 (1g) of the Companies Act, depositors and members of a company can claim
damages from auditors, management and other consultants for the wrongdoings by the
company and its management. Many consultants and senior executives are expected to
become part of the certified community. Further, under section 140 the auditors and their
firm would be jointly liable for any frauds in the books of accounts and many auditors are
likely to become Forensic Investigators in the days to come to avoid being caught on the
wrong foot. Under section 149(12), independent directors would be held liable for the frauds
in their knowledge.
2
11
5. STEPS / CONDUCT OF FORENSIC INVESTIGATIONS
Fraud is considered to involve misrepresentation with the intent to deceive. If a company

makes specific promises about a product, for example, in order to sell that product, they may
be guilty of fraud if they are aware that the product does not work as advertised. Fraud is a
very real and costly problem in today’s world, and it causes not only loss of money but also
loss of life and serious injuries. A fraud investigation tries to determine whether fraud has
taken place and tries to detect evidence if fraud has occurred.
Just as there are different types of fraud and fraud-related crimes, there are different types
of fraud investigations. Insurance fraud investigations, for example, try to uncover those
who make false claims to get insurance money. Identity theft investigations try to determine
whether someone’s identity has been stolen and used to perpetrate fraud and other type of
fraud investigations. General fraud investigations cover all other areas of fraud.
The Forensic investigator’s concern is not with reaching a general opinion on financial
statements taken as a whole, derived from reasonable efforts within a reasonable materiality
boundary. Instead, the forensic investigator’s concern is, at a much more granular level,
with the detailed development of factual information—derived from both documentary
evidence and testimonial evidence—about the who, what, when, where, how, and why of a
suspected or known impropriety. Sampling and materiality concepts are generally not used
in determining the scope of Forensic Investigation procedures. Instead, all relevant evidence
is sought and examined. Based on the investigative findings, the forensic investigator
assesses and measures losses or other forms of damage to the organization and recommends
and implements corrective actions, often including changes in accounting processes and
policies and/or personnel actions. In addition, the forensic investigator takes preventive
actions to eliminate recurrence of the problem. The forensic investigator’s findings and
recommendations may form the basis of testimony in litigation proceedings or criminal
actions against the perpetrators.
Broad Stages of Forensic Investigation:

1. Accepting the investigation
2. Planning
3. Evidence Gathering
4. Reporting
5. Court Proceedings
12
5. Steps / Conduct of Forensic Investigations
1. Accepting the investigation:

• Forensic Investigators must ensure whether their firm has necessary skills and
experience to accept the work.
• Ideally statutory Auditors should not accept forensic investigation assignments of
the same concern.
2. Planning or Objectives of the investigation:

• Identify type of fraud
• Identify Fraudsters
• Quantify the loss
• Gather Evidence
• Provide advice to prevent the reoccurrence
3. Gathering Evidence or Technique:

• Testing internal controls
• Use analytical procedures
• Apply CAAT
• Discussion and interviews with employees
• Substantive techniques such as Reconciliation, Cash counts and Review of stocks.
4. Reporting: Report contains

• Findings / observation
• Summary of evidences
• Amount of loss
• How fraudsters set up fraud scheme and which controls were circumvented
• Recommend improvements of control
5. Court Proceedings:
• Members of investigation team are involved
• Evidence gathering is presented
• Simplify technical teams
• Forensic Investigators do not testify that fraud has occurred but only present
evidence.
2
13
6. FRAUD RISK ASSESSMENT
What is Fraud Risk Assessment?

Fraud risk assessment is the evaluation of potential instances of fraud that could impact the
organization’s ethics and compliance standards, business practice requirements, financial
reporting integrity, and other objectives. This is typically performed as part of a broader
organization-wide risk assessment, and involves subject matter experts from key business
functions where fraud could occur (e.g., procurement, accounting, and sales) as well as
forensic specialists e.g. Certified Fraud Examiners (CFEs).
The foundation of an effective fraud risk management program should be seen as a
component of a larger enterprise risk management (ERM) effort and is rooted in a risk
assessment that identifies where fraud may occur and who the perpetrators might be Involves
asking questions such as:
1. How might a fraud perpetrator exploit weaknesses in the system of controls?
2. How could a perpetrator override or circumvent controls?
3. What could a perpetrator do to conceal the fraud?
4. What has happened in the past?
5. Can we prevent it?
6. Can we catch it right away?
7. Can we handle it?
Involves asking questions such as, where is fraud inherently high:
• By functional area
• By position
• By Relationship
A fraud risk assessment is a critical tool for managing the cost of fraud to an organization. In
its simplest form, the risk assessment is a listing of possible fraud risks to an organization. In
its more advanced form, the document not only assesses the likelihood of fraud’s occurring
within an organization, but becomes an impact statement as well.
From an audit perspective, the fraud risk assessment is the initiation point for the fraud
audit program, as its substance is critical in the building of such a program. This substance
should include the following:
• A comprehensive listing of all fraud risks facing an organization.
14
6. Fraud Risk Assessment
• A likelihood assessment of the fraud risk occurring.

• An understanding of the resulting impact.
• Ownership of the fraud risk for both control and audit responsibility.
Purpose of Risk Assessment

Risk assessment is intended to provide management with a view of events that could impact
the achievement of objectives. It is best integrated into existing management processes and
should be conducted using a top-down approach that is complemented by a bottom-up
assessment process. Boards of directors—and particularly board audit committees—often
request enterprise-wide risk assessments to ensure that key risks are identified and duly
addressed. Such risk assessments should not be disconnected from other assessments
performed within the organization. The internal audit function, for instance, may be
15
assessing risks to plan its audits for the year. The finance function may look at similar
information to perform its risk-based scoping. Business units may also be assessing risks from
a business planning or performance management perspective. These individual assessments
should be aligned (e.g., using common terminology, risk categories, and congruent outcomes),
to cover key objectives, and be integrated to contribute to an enterprise-wide risk assessment.
Types of Risk Assessments

• Strategic risk assessment. Evaluation of risks relating to the organization’s mission
and strategic objectives, typically performed by senior management teams in strategic
planning meetings, with varying degrees of formality.
• Operational risk assessment. Evaluation of the risk of loss (including risks to financial
performance and condition) resulting from inadequate or failed internal processes,
people, and systems, or from external events.
• Compliance risk assessment. Evaluation of risk factors relative to the organization’s
compliance obligations, considering laws and regulations, policies and procedures,
ethics and business conduct standards, and contracts, as well as strategic voluntary
standards and best practices to which the organization has committed. This assessment
is typically performed by the compliance function with input from business areas.
• Financial statement risk assessment. Evaluation of risks related to a material
misstatement of the organization’s financial statements through input from various
parties such as the controller, internal audit, and operations.
• Internal audit risk assessment. Evaluation of risks related to the value drivers of the
organization, covering strategic, financial, operational, and compliance objectives. This
top-down approach enables the coverage of internal audit activities to be driven by
issues that directly impact shareholder and customer value, with clear and explicit
linkage to strategic drivers for the organization.
• Market risk assessment. Evaluation of market movements that could affect the
organization’s performance or risk exposure, considering interest rate risk, currency
risk, option risk, and commodity risk. This is performed by market risk specialists.
• Credit risk assessment. Evaluation of the potential that a borrower or counterparty will
fail to meet its obligations in accordance with agreed terms. This considers credit risk
inherent to the entire portfolio as well as the risk in individual credits or transactions.
Conducted typically by credit analysts
• Customer risk assessment. Evaluation of the risk profile of customers that could
potentially impact the organization’s reputation and financial position. This assessment
weighs the customer’s intent, creditworthiness, affiliations, and other relevant factors.
This is typically performed by account managers, using a common set of criteria and
a central repository for the assessment data.
• Product risk assessment. Evaluation of the risk factors associated with an organization’s
product, from design and development through manufacturing, distribution, use, and
16
6. Fraud Risk Assessment
disposal. This assessment aims to understand not only the revenue or cost impact, but
also the impact on the brand, interrelationships with other products, dependency on
third parties, and other relevant factors. This type of assessment is typically performed
by product management groups.
• Security risk assessment. Evaluation of potential breaches in an organization’s
physical assets and information protection and security. This considers infrastructure,
applications, operations, and people, and is typically performed by an organization’s
information security function.
• Information technology risk assessment. Evaluation of potential for technology system
failures and the organization’s return on information technology investments. This
assessment would consider such factors as processing capacity, access control, data
protection, and cybercrime. This is typically performed by an organization’s information
technology risk and governance specialists.
• Project risk assessment. Evaluation of the risk factors associated with the delivery or
implementation of a project, considering stakeholders, dependencies, timelines, cost,
and other key considerations. This is typically performed by project management teams.
Fraud Risk Assessment

• Process of Identifying and Analysing Risks (Sample Fraud Risk Assessment tool)
• Brief background of what constitutes fraud
• Share Resources tools to utilise in fraud risk management
• Common challenges in Effective Fraud Risk Assessment
Importance of Fraud Risk Assessment

• Effective risk assessment is increasingly important to the success of any business
• Relationship of Fraud Risk assessment with enterprise risk management program
• Training received is a very good basis for implementing an anti‐fraud programme. A
trained leader/staff/Entrepreneur is an important asset
• The environment and business world we operate requires responsible persons in
positions of authority to lead the way with knowledge on fraud and set the tone at the
top.
Preparing a Fraud Risk Assessment

The fraud risk assessment can be thought of as a fraud deterrence control for organizations
in their managing the cost of fraud. It is also the document auditors rely upon to plan their
response to the risk of fraud. The preparer of the fraud risk assessment should strive for the
following attributes:
• The determination of the fraud likelihood assessment should be free from bias.
17
• Provides a consistent qualitative and quantitative calculation for assessing the fraud
likelihood and the exposure identification.
• Ensures a complete identification of fraud risk based on the primary fraud
classifications.
The initial assessment of fraud risk should consider the inherent risk of particular frauds
occurring in the absence of internal controls. After all relevant fraud risks have been
identified; internal controls are mapped to the identified risks. Fraud risks that remain
unaddressed by appropriate controls comprise the population of residual fraud risks.
1. Identify inherent fraud risk — Gather information to obtain the population of fraud
risks that could apply to the organization. Included in this process is the explicit
consideration of all types of fraud schemes and scenarios; incentives, pressures, and
opportunities to commit fraud; and IT fraud risks specific to the organization.
2. Assess likelihood and significance of inherent fraud risk — assess the relative
likelihood and potential significance of identified fraud risks based on historical
information, known fraud schemes, and interviews with staff, including business
process owners.
3. Respond to reasonably likely and significant inherent and residual fraud risks —
decide what the response should be to address the identified risks and perform a cost-
benefit analysis of fraud risks over which the organization wants to implement controls
or specific fraud detection procedures.
2
18
7. Forensic Investigation Techniques
7. FORENSIC INVESTIGATION TECHNIQUES
The conventional accounting and auditing with the help of different accounting tools like
ratio technique, cash flow technique, a standard statistical tool examination of evidences
is all part of Forensic Investigation. In cases involving significant amounts of data, the
present-dor has technology available to obtain or source data, sort and analyse data and even
quantify and stratify results through computer audit and various other techniques. Some of
the techniques involved in Forensic Investigation to examine the frauds are:
1. Testing Defences
Most businesses and other organizations have procedures and defences set up to prevent
the occurrence of fraud. A good initial technique is to attempt to circumvent these defences
yourself. The weaknesses you find within the organization’s controls will most probably
guide you down the same path taken by suspected perpetrators. This technique requires you
to attempt to put yourself in the shoes and think like your suspect.
2. Trend Analysis
Businesses have cycles and seasons much akin to nature itself. An expense or event within
a business that would be analogous to a snowy day in the middle of summer is worth
investigating. Careful review of your subject organization’s historical norms is necessary in
order for you to be able to discern the outlier event should it arise within your investigation.
3. Digital Forensic Examinations

Every transaction leaves a digital footprint in today’s computer-driven society. Close scrutiny
of relevant emails, accounting records, phone logs and target hard drives is a requisite facet
of any modern Forensic Investigation. Digital investigations can become quite complex
and require support from trained digital investigators. However, many open-source digital
forensics tools are now available to assist you in this phase of the investigation.
4. Face to Face Interviews

Forensic Investigation is akin to detective work, and every good detective desire to look his
witnesses and suspects in the eye. Personal interviews with the staff of your target entity
yield a better understanding of its operations and of the culture that exists within it.
According to John J. Hall of the Journal of Accountancy, critical information can be gleaned
from interviews with parties who have knowledge of the events without being directly
connected to the fraud.
5. Full Financial Auditing

Detailed financial audits can be complex and most often require the assistance of a qualified
Forensic Investigator. Basic financial audit techniques include bank statement reconciliations,
19
scrutiny of all vendor contracts and payments, review of tax returns and analysis of public
filings. Financial Forensic Investigation techniques seek to identify suspicious transactions
and trace them back to potential perpetrators.
6. Benford’s Law
Benford’s Law, named for physicist Frank Benford, who worked on the theory in 1938 is a
mathematical tool, and is one of the various ways to determine whether variable under study
is a case of unintentional errors (mistakes) or fraud. On detecting any such phenomenon,
the variable under study is subjected to a detailed scrutiny. The law states that fabricated
figures (as indicator of fraud) possess a different pattern from random figures. The steps of
Benford’s law are very simple. Once the variable or field of financial importance is decided,
the left most digit of variable under study extracted and summarized for entire population.
The summarization is done by classifying the first digit field and calculating its observed
count percentage. Then Benford’s set is applied. A parametric test called the Z-test is carried
out to measure the significance of variance between the two populations, i.e. Benford’s
percentage numbers for first digit and observed percentage of first digit for a particular level
of confidence. If the data confirms to the percentage of Benford’s law, it means that the
data is Benford’s set, i.e. there is 68% (almost 2/3rd) chance of no error or fraud. The first
digit may not always be the only relevant field. Benford has given separate sets for 2nd,
3rd and for last digit as well. It also works for combination numbers, decimal numbers and
rounded numbers. There are many advantages of Benford’s Law like it is not affected by scale
invariance, and is of help when there is no supporting document to prove the authenticity
of the transactions.
Benford’s Law holds true for a data set that grows exponentially (e.g., doubles, then doubles
again in the same time span), but also appears to hold true for many cases in which an
exponential growth pattern is not obvious (e.g., constant growth each month in the number
of accounting transactions for a particular cycle). It is best applied to data sets that go across
multiple orders of magnitude (e.g., populations of towns or cities, income distributions).
While it has been shown to apply in a variety of data sets, not all data sets follow this theory.
The theory does not hold true for data sets in which digits are predisposed to begin with a
limited set of digits. For instance, Benford’s Law will not hold true for data sets of human
heights, human weights and intellectual quotient (IQ) scores. Another example would be
small insurance claims (e.g., between US $50 and US $100). The theory also does not hold
true when a data set covers only one or two orders of magnitude.
Right Circumstances for Using Benford’s Law

Almost from the beginning, proponents of Benford’s Law have suggested that it would be a
beneficial tool for fraud detection.
A recent example is Mark Nigrini’s research, which showed that Benford’s Law could be used
as an indicator of accounting and expenses fraud. One fraudster wrote numerous cheques
to himself just below US $100,000 (a policy and procedure threshold), causing digits 7, 8
and 9 to have aberrant percentages of actual occurrence in a Benford’s Law analysis. Digital
analysis using Benford’s Law was also used as evidence of voter fraud in the 2009 Iranian
20
election. In fact, Benford’s Law is legally admissible as evidence in the US in criminal cases
at the federal, state and local levels. This fact alone substantiates the potential usefulness of
using Benford’s Law.
Of course, the usage of Benford’s Law needs to “fit” the audit objective. Some uses are
fairly easy to determine for fit. For instance, if the audit objective is to detect fraud in
the disbursements cycle, the IT auditor could use Benford’s Law to measure the actual
occurrence of leading digits in disbursements compared to the digits’ probability. Some good
examples include thresholds and cut-offs.
For instance, if a bank’s policy is to refer loans at or above US $50,000 to a loan committee,
looking just below that approval threshold gives a loan officer the potential to discover loan
frauds. If loan fraud was being perpetrated, a Benford’s Law test of looking at either the
leading digit (specifically, the 4) or two leading digits (specifically, 49) has the potential to
uncover the fraud. Figure 2 shows what a Benford’s Law test of the leading digit might show
as a result in this particular scenario. The line is Benford’s Law probabilities and the bars
are the actual occurrences. Note that 4 is aberrantly high in occurrence, and 5 is too low,
indicating the possible manipulation of the natural occurrence of loans beginning with 5 (US
$50,000 loans) possibly being switched to just under the cut off or indicating that the suspect
could be issuing a lot of $49,999.99 loans fictitiously to embezzle funds.
21
Another example might be a cut off of US $2,500 for purchases in which a purchase order is
required for any purchase at or above this price point. Thus, a Benford’s Law test of the two
leading digits (specifically, 24) could reveal any anomalies, manipulation or fraud involving
this cut off. It is also useful as a test of controls to see if existing controls for purchase orders
are working effectively. It is important to note that since the cut off amount has two key
digits, a two-digit test is needed rather than a single leading digit.
Other objectives are equally applicable, including analysis of:
• Credit card transactions
• Purchase orders
• Loan data
• Customer balances
• Journal entries
• Stock prices
• Accounts payable transactions
• Inventory prices
• Customer refunds
Examples of data sets that are not likely to be suitable for Benford’s Law include:
• Airline passenger counts per plane
• Telephone numbers
• Data sets with 500 or fewer transactions.
22
• Data generated by formulas (e.g., YYMM#### as an insurance policy number)

• Data restricted by a maximum or minimum number (e.g., hourly wage rate)
As stated previously, the IT auditor will need to determine whether to run a one-digit test
or two-digit test. The two-digit test will usually give more granular results, but is also likely
to reveal more spikes than a one-digit test. For certain tests, two digits are critical (see the
previous example on purchase order cut off).
Once the test has been run, the IT auditor will need to determine what results deserve
more attention or whether the results provide evidence or information related to the audit
objective. Generally speaking, the spikes above the Benford’s Law line are the numbers
of interest (see 4, not 5, in figure 2). The IT auditor will want to obtain independent
information on why the digit(s) spike(s). The results that show a digit that is lower than
probable occurrence is generally ignored, unless the audit objective is in that direction.
Constraints in Using Benford’s Law

The assumptions regarding the data to be examined by Benford’s Law are
• Numeric data
• Randomly generated numbers:
– Not restricted by maximums or minimums
– Not assigned numbers
• Large sets of data
• Magnitude of orders (e.g., numbers migrate up through 10, 100, 1,000, 10,000, etc.)
(Other assumptions exist that are unimportant in applying Benford’s Law in IT audits.)
The mathematical theory has always been applied to digital analysis, i.e., a logarithmic study
of the occurrence of digits by position in a number.
It is important to note that one assumption of Benford’s Law is that the numbers in the
large data set are randomly generated. For example, hourly wages will have a minimum and
possibly some maximum (even if a realistic maximum) that means that the data set is not
generated in a completely random fashion, but rather uses a restricted or manipulated set
of digits as the potential leading digit. The same is true if there is a formula or structure
to the manner in which the number is generated. For example, US telephone numbers are
assigned with a specific area code and a limited number of 3-digit prefaces to the last 4
digits (which are the only truly randomly generated numbers in a phone number). Thus,
before applying Benford’s Law, the IT auditor should ensure that the numbers are randomly
generated without any real or artificial restriction of occurrence.
As can be seen, Benford’s Law should be applied only to large data sets. For IT auditors,
that would be data such as files with hundreds of transactions (e.g., invoices to customers,
disbursements, payments received, inventory items). It is inadvisable to use Benford’s Law
for small-sized data sets, as it would not be reliable in such cases. Thus, some experts
23
recommend data sets of at least 100 records. This author recommends that the data set be
1,000 records or more, or that the IT auditor justify why a lower volume of transactions is
suitable to Benford’s Law, i.e., show that the smaller size still meets the other constraints
and that size will not affect the reliability of results. The orders of magnitude in particular
usually take hundreds of transactions. Using fewer than 1,000 can also lead to too many
spikes of interest, too many false positives.
The IT auditor should be careful in extracting a sample and then using Benford’s Law on
the sample. That is especially true for directed samples in which the amount is part of the
factor allowing a transaction to be chosen. This is because the sample is not truly a random
sample. For example, pulling a sample of all invoices over US $5,000 leads to a data set that
is not random. For small entities, using a data set for the whole month, or a random day of
each month, is a better sample for Benford’s Law purposes.
Conclusion
Benford’s Law can recognize the probabilities of highly likely or highly unlikely frequencies
of numbers in a data set. The probabilities are based on mathematical logarithms of the
occurrence of digits in randomly generated numbers in large data sets. Those who are not
aware of this theory and intentionally manipulate numbers (e.g., in a fraud) are susceptible
to getting caught by the application of Benford’s Law. The IT auditor can also apply Benford’s
Law in tests of controls and other IT-related tests of data sets. However, the IT auditor needs
to remember to make sure that the constraints (mathematical assumptions of the theory) are
compatible with the data set to be tested.
7. Theory of relative size factor (RSF)

It highlights all unusual fluctuations, which may be routed from fraud or genuine errors. RSF
is measured as the ratio of the largest number to the second largest number of the given set.
In practice there exist certain limits (e.g. financial) for each entity such as vendor, customer,
employee, etc. These limits may be defined or analysed from the available data‐if not
defined. If there is any stray instance of that is way beyond the normal range, then there is
a need to investigate further into it. It helps in better detection of anomalies or outliners. In
records that fall outside the prescribed range are suspected of errors or fraud. These records
or fields need to relate to other variables or factors in order to find the relationship, thus
establishing the truth.
8. Computer Assisted Auditing Tools (CAATs)

CAATs are computer programs that the auditor uses as part of the audit procedures to process
data of audit significance contained in a client’s information systems, without depending on
him. CAAT helps auditors to perform various auditing procedures such as: (a) Testing details
of transactions and balances, (b) identifying inconsistencies or significant fluctuations, (c)
Testing general as well as application control of computer systems. (d) Sampling programs to
extract data for audit testing, and (e) Redoing calculations performed by accounting systems.
24
9. Data mining techniques

It is a set of assisted techniques designed to automatically mine large volumes of data for
new, hidden or unexpected information or patterns. Data mining techniques are categorized
in three ways: Discovery, Predictive modelling and Deviation and Link analysis. It discovers
the usual knowledge or patterns in data, without a predefined idea or hypothesis about what
the pattern may be, i.e. without any prior knowledge of fraud. It explains various affinities,
association, trends and variations in the form of conditional logic. In predictive modelling,
patterns discovered from the database are used to predict the outcome and to guess data
for new value items. In Deviation analysis the norm is found first, and then those items are
detected that deviate from the usual within a given threshold (to find anomalies by extracted
patterns). Link discovery has emerged recently for detecting a suspicious pattern. It mostly
uses deterministic graphical techniques, Bayesian probabilistic casual networks. This method
involves “pattern matching” algorithm to ‘extract’ any rare or suspicious cases.
10. Ratio Analysis

Another useful fraud detection technique is the calculation of data analysis ratios for key
numeric fields. Like financial ratios that give indications of the financial health of a company,
data analysis ratios report on the fraud health by identifying possible symptoms of fraud.
Three commonly employed ratios are: -
1. The ratio of the highest value to the lowest value (max/min);
2. The ratio of the highest value to the second highest value (max/max2); and
3. The ratio of the current year to the previous year.
Using ratio analysis, a financial expert studies relationship between specified costs and
some measure of production, such as units sold, dollars of sales or direct labour hours. For
example, to arrive at overhead costs per direct labour hour – Total overhead costs might
be divided by total direct labour hours. Ratio analysis may help a Forensic Investigator to
estimate expenses.
The following strategic fraud detection approach shows how the use of information systems
and technology provide effective ways to detect fraud –
(1) understanding the business,
(2) identifying all possible frauds that could occur,
(3) cataloguing possible symptoms for each type of fraud,
(4) using technology to gather data about symptoms,
(5) analysing and refining results, and
(6) investigating identified symptoms
25
Categorization of Fraud Detection Methods
Strategic Fraud Detection Approach
26
Fraud Symptoms for Kickbacks
27
8. USE OF DATA MINING TECHNIQUE IN FRAUD DETECTION
Traditional methods of data analysis have long been used to detect fraud. They require
complex and time-consuming investigations that deal with different domains of knowledge
like financial, economics, business practices and law. Fraud often consists of many instances
or incidents involving repeated transgressions using the same method. Fraud instances can
be similar in content and appearance but usually are not identical.
Data Mining
Data mining is about discovering new patterns which are unknown before, statistically
reliable and process able from data. Data mining is a field which is concerned to
understanding data patterns from huge datasets. We can say that the aim is to find out new
patterns in data. A number of data mining techniques are there like classification, clustering,
advanced neural networks, prediction and regression models used for different data mining
approaches in various areas. Another area we are discussing here is fraud detection. Fraud
detection is the identification of symptoms of fraud where no previous disbelief exists.
Firstly, we have to learn that given data pattern is fraudulent or not. There are two kinds of
learning data set supervised and unsupervised. Supervised learning of data set deals with
fraud data that is previously known and unsupervised learning of data set deals with fraud
data that is not previously considered as a fraud data but after sometimes they reflect the
nature of fraud or crime. Then we treat those data patterns according to their behaviour.
Different terms are used for doing that task, they are described as techniques and methods
for fraud or crime detection.
Techniques used for fraud detection fall into two primary classes: statistical techniques and
artificial intelligence. Examples of statistical data analysis techniques are:
• Data pre-processing techniques for detection, validation, error correction, and filling up
of missing or incorrect data.
• Calculation of various statistical parameters such as averages, quintiles, performance
metrics, probability distributions, and so on. For example, the averages may include
average length of call, average number of calls per month and average delays in bill
payment.
• Models and probability distributions of various business activities either in terms of
various parameters or probability distributions.
• Computing user profiles.
• Time-series analysis of time-dependent data.
• Clustering and classification to find patterns and associations among groups of data.
28
8. Use of Data Mining Technique in Fraud Detection
• Matching algorithms to detect anomalies in the behaviour of transactions or users as

compared to previously known models and profiles. Techniques are also needed to
eliminate false alarms, estimate risks, and predict future of current transactions or
users.
Some Forensic Investigators specialize in forensic analytics which is the procurement and
analysis of electronic data to reconstruct, detect, or otherwise support a claim of financial
fraud. The main steps in forensic analytics are
(a) Data collection,
(b) Data preparation,
(c) Data analysis, and
(d) Reporting.
For example, forensic analytics may be used to review an employee’s purchasing card activity
to assess whether any of the purchases were diverted or divertible for personal use. Forensic
analytics might be used to review the invoicing activity for a vendor to identify fictitious
vendors, and these techniques might also be used by a franchisor to detect fraudulent or
erroneous sales reports by the franchisee in a franchising environment.
Fraud management is a knowledge-intensive activity. The main AI techniques used for fraud
management include:
• Data mining to classify, cluster, and segment the data and automatically find
associations and rules in the data that may signify interesting patterns, including those
related to fraud.
• Expert systems to encode expertise for detecting fraud in the form of rules.
• Pattern recognition to detect approximate classes, clusters, or patterns of suspicious
behaviour either automatically (unsupervised) or to match given inputs.
• Machine learning techniques to automatically identify characteristics of fraud.
• Neural networks that can learn suspicious patterns from samples and used later to
detect them.
Other techniques such as link analysis, Bayesian networks, decision theory, land sequence
matching are also used for fraud detection.
Techniques used for data analysis in detection of fraud

Data mining analyses the huge volumes of transactions and billing data and seeks out
patterns, trends and clusters that reveal fraud. The main steps for implementing this
approach for fraud detection within a business organization are:
1. Analyse the fraud objectives and the potential fraudsters, in order to converting them
into data mining objectives;
29
2. Data collection and understanding;

3. Data cleaning and preparation for the algorithms;
4. Experiment design;
5. Evaluation results in order to review the process.
Relevant technical problems are due to:
1. Imperfect data not collected for purpose of data mining, so they are inaccurate,
incomplete, and irrelevant data attributes;
2. Highly skewed data, there are many more legitimate than fraudulent examples, so
by predicting all examples to be legal a very high success rate is achieved without
detecting any fraud;
3. Higher chances of over fitting that occurs when model high accuracy arises from fitting
patterns in the training set that are not statistically reliable and not available in the
score set. To handle with skewed data the training set is divided into pieces where the
distribution is less skewed (Chan, 1998).
A typical detection approach consists in outlier detection where the non-fraudulent
behaviour is assumed as normal and identifies outliers that fall far outside the expected range
should be evaluated more closely.
Statistic techniques used for this approach are:
1. Predict and Classify
• Regression algorithms: neural networks, CART, Regression, GLM;
• Classification algorithms (predict symbolic Outcome): CART, logistic regression;
2. Group and Find Associations
• Clustering/Grouping algorithms: K-means, Kohonen, Factor analysis;
• Association algorithms: GRI, Capri Sequence.
Many existing fraud detection systems operate by: supervised approaches on labelled data,
hybrid approaches on labelled data, semi-supervised approaches with legal (non-fraud) data,
unsupervised approaches with unlabelled data. The classification framework, which is shown
below is based on a literature review of existing knowledge on the nature of data mining
research, fraud detection research.
30
Classification of Data Mining Applications

Each of the six data mining application classes is supported by a set of algorithmic
approaches to extract the relevant relationships in the data. These approaches can handle
different classes of problems. The classes are presented below.
Classification: Classification builds up and utilizes a model to predict the categorical labels
of unknown objects to distinguish between objects of different classes. These categorical
labels are predefined, discrete and unordered. The research literature describes that
classification or prediction is the process of identifying a set of common features (patterns),
and proposing models that describe and distinguish data classes or concepts. Common
classification techniques include neural networks, the Naïve Bayes technique, decision trees
and support vector machines. Such classification tasks are used in the detection of credit
card, healthcare and automobile insurance, and corporate fraud, among other types of fraud,
and classification is one of the most common learning models in the application of data
mining in fraud detection.
Clustering: Clustering is used to partition objects into previously unknown conceptually
meaningful groups (i.e. clusters), with the objects in a cluster being similar to one another
but very dissimilar to the objects in other clusters. Clustering is also known as data
segmentation or partitioning and is regarded as a variant of unsupervised classification.
Cluster analysis decomposes or partitions a data set (single or multivariate) into dissimilar
groups so that the data points in one group are similar to each other and are as different as
possible from the data points in other groups. It is suggested that data objects in each cluster
should have high intra-cluster similarity within the same cluster but should have low inter-
cluster similarity to those in other clusters. The most common clustering techniques are the
K-nearest neighbour, the Naïve Bayes technique and self-organizing maps.
Prediction: Prediction estimates numeric and ordered future values based on the patterns of
a data set. It is noted that, for prediction, the attribute, for which the value being predicted
is continuous-valued (ordered) rather than categorical (discrete-valued and unordered). This
31
attribute is referred as the predicted attribute. Neural networks and logistic model prediction
are the most commonly used prediction techniques.
Outlier Detection: Outlier detection is employed to measure the distance between data
objects to detect those objects that are grossly different from or inconsistent with the
remaining data set. Data that appear to have different characteristics than the rest of the
population are called outliers. The problem of outlier/anomaly detection is one of the most
fundamental issues in data mining. A commonly used technique in outlier detection is the
discounting learning algorithm.
Regression: Regression is a statistical methodology used to reveal the relationship between
one or more independent variables and a dependent variable (that is continuous-valued).
Many empirical studies have used logistic regression as a benchmark. The regression
technique is typically undertaken using such mathematical methods as logistic regression
and linear regression, and it is used in the detection of credit card, crop and automobile
insurance, and corporate fraud.
Visualization: Visualization refers to the easily understandable presentation of data and to
methodology that converts complicated data characteristics into clear patterns to allow users
to view the complex patterns or relationships uncovered in the data mining process. The
researchers have exploited the pattern detection capabilities of the human visual system by
building a suite of tools and applications that flexibly encode data using colour, position,
size and other visual characteristics. Visualization is best used to deliver complex patterns
through the clear presentation of data or functions.
Classification of Data Mining Techniques for Financial Accounting Fraud Detection

To determine the main algorithms used for financial accounting fraud detection, we present a
Review of data mining techniques identified in literature applied to the detection of financial
fraud. The most frequently used techniques are logistic models, neural networks, the
Bayesian belief network, and decision trees, all of which fall into the classification category.
These four techniques are discussed in more detail in the following paragraphs.
Regression Models: The regression-based models are mostly used in financial accounting
fraud detection. The majority of them are based on logistic regression, stepwise-logistic
regression, multi criteria decision making method and exponential generalized beta two
(EGB2). Logistic model is a generalized linear model that is used for binomial regression in
which the predictor variables can be either numerical or categorical. It is principally used to
solve problems caused by insurance and corporate fraud.
Some of the research has suggested logistic regression-based model to predict the presence
of financial statement fraud. Statistical method of logistic regression can detect falsified
financial statements efficiently. Some researchers have also developed generalized qualitative
response model based on Probit and Logit techniques to predict financial statement fraud.
That model was based on a dataset collected by an international public accounting company
and needs testing for generalization. Cascaded Logit model has also proposed to investigate
the relationship between insider trading and possibility of fraud. The study in found
32
that, when the fraud is being executed, insiders, i.e. top executives and managers, reduce
their stock holdings through high stock selling activity. The other methods like statistical
regression analysis are also useful to test if the existence of an independent audit committee
mitigates or reduces the likelihood of fraud. Literature also describes that organizations with
audit committees, formed by independent managers, meeting no more than twice per year,
are less likely to be sanctioned for fraudulent financial reporting.
The regression analysis using Logit model can be used for empirical analysis of financial
indexes which can significantly predict financial fraud. Logistic analysis and clustering
analysis jointly can be used to establish a detecting model of fraud from four aspects of
financial indexes, company governance, financial risk and pressure and related trading. After
cluster filtering significant variables, prediction model can be established with methods of
Standardization, non- Standardization Bayes and Logistic.
The logistic regression-based accounting fraud detecting models are common in literature
since the model based on logistic regression can reach up to 95.1% of detecting accuracy
with significant expectation effect.
Neural Networks: The neural networks are non-linear statistical data modelling tools that
are inspired by the functionality of the human brain using a set of interconnected nodes.
Neural networks are widely applied in classification and clustering, and its advantages
are as follows. First, it is adaptive; second, it can generate robust models; and third, the
classification process can be modified if new training weights are set. Neural networks are
chiefly applied to credit card, automobile insurance and corporate fraud.
Bayesian Belief Network: The Bayesian belief network (BBN) represents a set of random
variables and their conditional independencies using a directed acyclic graph (DAG),
in which nodes represent random variables and missing edges encode conditional
independencies between the variables. The Bayesian belief network is used in developing
models for credit card, automobile insurance, and corporate fraud detection. The research
in described that Bayesian belief network model correctly classified 90.3% of the validation
sample for fraud detection. Bayesian belief network outperformed neural network and
decision tree methods and achieved outstanding classification accuracy.
Decision Trees: A decision tree (DT) is a tree structured decision support tool, where each
node represents a test on an attribute and each branch represents possible consequences.
In this way, the predictive model attempts to divide observations into mutually exclusive
subgroups and is used for data mining and machine learning tasks. Decision trees are
predictive decision support tools that create mapping from observations to possible
consequences. Predictions are represented by leaves and the conjunctions of features by
branches. Decision trees are commonly used in credit card, automobile insurance, and
corporate fraud.
Nearest Neighbour Method: Nearest neighbour method is a similarity-based classification
approach. Based on a combination of the classes of the most similar k record(s), every record
is classified. Sometimes this method is also known as the k-nearest neighbour technique.
33
K-nearest neighbour method is used in automobile insurance claims fraud detection and for
identifying defaults of credit card clients.
Fuzzy logic and Genetic Algorithm: Genetic algorithms are used in classifier systems to
represent and modelling the auditor decision behaviour in a fraud setting. Genetic algorithm
along with binary support vector system (BSVS) which is based on the support vectors in
support vector machines (SVM) are used to solve problems of credit card fraud that had not
been well identified.
Fuzzy Logic is a mathematical technique that classifies subjective reasoning and assigns data
to a particular group, or cluster, based on the degree of possibility the data has of being in
that group. The expert fuzzy classification techniques enable one to perform approximate
reasoning that can improve performance in three ways. First, performance is improved
through efficient numerical representation of vague terms, because the fuzzy technology can
numerically show representation of a data item in a particular category. The second way
performance is enhanced is through increased range of operation in ill-defined environments,
which is the way that fuzzy methodology can show partial membership of data elements
in one or more categories that may not be clearly defined in traditional analysis. Finally,
performance is increased because the fuzzy technology has decreased sensitivity to “noisy”
data, or outliers. A multilevel fuzzy rule-based system is proposed in to rank state financial
management. The authors used fuzzy set theory to represent imprecision in evaluated
information and judgments.
A fuzzy logic model has been implemented in for fraud detection in an Excel spreadsheet.
By using the fuzzy logic model to develop clusters for different statements representing red
flags in the detection of fraud, non-financial data was included with financial statement
variables for the analysis. The model consists of different financial variables like leverage,
profitability, liquidity, cash flow and a variable designed to represent a company’s risk of
fraud. Fuzzy logic efficiently modelled the variable, which was developed to quantify fraud
risk factors. The model predicted frauds with 86.7% accuracy. The same model was adapted
in to develop a model for detection of financial statement fraud. The proposed model used
a combination of different financial statement data.
Fuzzy logic based expert system has been developed to identify and evaluate whether
elements of fraud are involved in insurance claims settlements. The fuzzy logic based expert
system was developed for auditors to identify fraud in settled claimed insurance. The system
was able to cut costs by detecting fraudulent filings.
Genetic programming with fuzzy logic production rules is used to classifying data. The
study in has proposed and tested a system to detect frauds on real home insurance claims
and creditcard transaction data. The study on genetic programming for fraud detection lacks
benchmarking with the existing methods and techniques. A genetic algorithm-based approach
to detect financial statement fraud. It was found that exceptional anomaly scores are valuable
metrics for characterizing corporate financial behaviour and that analysing these scores over
time represents an effective way of detecting potentially fraudulent behaviour.
Expert Systems: Researchers in the field of Expert systems have examined the role of Expert
Systems in increasing the detecting ability of auditors and statement users. By using expert
34
system, they could have better detecting abilities to accounting fraud risk under different
context and level and enable auditors give much reliable auditing suggestions through
rational auditing procedure. The research has confirmed that the use of an expert system
enhanced the auditor’s performance. With assistance from expert system, the auditors
discriminated better, among situations with different levels of management fraud-risk. Expert
System aided in decision making regarding appropriate audit actions.
The financial accounting fraud detection research is classified as per data mining application
and data mining techniques. Some researchers have tried to apply a combination of many
data mining techniques like decision trees, neural networks, Bayesian belief network, K-
nearest neighbour. The main objective is to apply a hybrid decision support system using
stacking variant methodology to detect fraudulent financial statements.
Data Mining Based Framework for Fraud Detection

The research related with application of data mining algorithms and techniques for financial
accounting fraud detection is a well-studied area. The implementation of these techniques
follows the same information flow of data mining processes in general. The process starts
with feature selection then proceeds with representation, data collection and management,
pre-processing, data mining, post-processing, and in the end performance evaluation. This
paper has proposed an expanded generic data mining framework. This framework considers
specific characteristics of fraud detection techniques for financial accounting fraud as
mentioned below.
35
9. FINDING RED FLAGS
A red flag is a set of circumstances that are unusual in nature or vary from the normal
activity.
It is a signal that something is out of the ordinary and may need to be investigated further.
The first step in fraud detection is, knowing where to look. Understanding the motivations of
those committing fraud and knowing in which accounts fraud is more likely to exist based on
a risk assessment helps identify the areas that might be subject to greatest scrutiny. Similarly,
being aware of the types of transactions that warrant further review, as well as other potential
red flag indicators, may alert auditors to areas that might require a closer look.
An auditor’s ability to detect fraud may be significantly enhanced by personal understanding
of an enterprise and the environment in which it operates. With this knowledge, the auditor
may be better able to identify anomalies or other potential red flags such as nonsensical
analytic relationships, control weaknesses, transactions that have no apparent business
purpose, related parties, and unexpected financial performance. It is important to understand
the business, the control procedures in place, the budgeting process, the accounting policies,
the industry, and the general economic climate affecting the company.
It is however not as easy as it sounds to identify and interpret potential red flags. The term
flags are a bit of a misnomer and creates a false impression of plainly visible warning signs.
While this is true in case of some frauds, one should remember that fraud is fundamentally
a crime of deception and deceit. Calling to mind a mental picture of a scarcely visible red
thread waving in the wind is more accurate than picturing a bold red flag.
The Fraud Triangle

Donald Cressey, a sociologist and criminologist in the 1940s, became a leader in
understanding fraudsters and why they do what they do. Cressey wrote, “Theft of the
Nation,” a treatise on la Cosa Nostra, and he was widely known for his studies in organized
crime. Cressey first gained notoriety in this field while completing his PhD dissertation
on embezzlers, while at Indiana University. Cressey interviewed nearly 200 incarcerated
individuals charged with embezzlement. From his research, Cressey developed “The Fraud
Triangle.”
The fraud triangle views the following as key conditions that tend to be present when fraud
occurs:
• Incentive and pressure—that is, need
• Opportunity
• Rationalization and attitude
36
9. Finding Red Flags
Incentive & Pressure

Management or other employees may find themselves offered incentives or placed under
pressure to commit fraud. When, for example, remuneration or advancement is significantly
affected by individual, divisional, or company performance, individuals may have an
incentive to manipulate results or to put pressure on others to do so. Pressure may also come
from the unrealistic expectations of investors, banks, or other sources of finance. Certain risk
factors are usefully considered in the evaluation of whether or not the organization is at a
greater or lesser degree of risk, owing to incentives or pressures that could potentially lead
to material misstatements.
Determining the presence and degree of these pressures or incentives is p art of the auditor’s
goal in evaluating the risk that misstatements due to fraud may have occurred.
Certain risk factors are usefully considered in the evaluation of whether or not the
organization is at a greater or lesser degree of risk, owing to incentives or pressures that
could potentially lead to material misstatements. These risk factors include:
• Circumstances that threaten the profitability or financial stability of the business
• Excessive pressure on management to meet or exceed the expectations of third parties,
including investors and lenders
• Significant threats to the personal wealth of management as a result of the performance
of the business
• Excessive internal pressures on divisional or departmental management imposed by the
board of directors or senior management
• A struggle to retain the company’s listing on a stock exchange or debt rating
37
• Inability to meet debt covenants or satisfy conditions in merger or acquisition

agreements
Opportunity
Circumstances may exist that create opportunities for management or other staff to commit
fraud. When such opportunities arise, those who might not otherwise be inclined to behave
dishonestly may be tempted to do so. Even individuals under pressure and susceptible
to incentives to perpetrate a fraud are not a grave threat to an organization unless an
opportunity exists for them to act on their need. An opportunity must exist to commit fraud,
and the fraudster must believe the fraud can be committed with impunity.
Opportunities may also be inherent in the nature, size, or structure of the business. Certain
types of transactions lend themselves more than others to falsification or manipulation, as
do certain kinds of balances or accounts.
Risk factors indicative of opportunities that could lead to material misstatements as a result
of fraudulent financial reporting include:
• Factors related to the nature of the industry in which the entity operates, the nature of
the entity’s business and the transactions it enters into, and the manner in which they
are recorded in the profit-and-loss account or balance sheet.
• The nature of the entity’s relationships with customers and suppliers and its position
in its markets: the ability to dominate or dictate terms may create the opportunity for
inappropriate or non-arm’s-length transactions.
• The degree of judgment involved in determining the level of income or expenditure or
the valuation of assets or liabilities: Generally, a higher degree of judgment will give
rise to a greater opportunity for deliberate manipulation.
• The extent and effectiveness of supervision of senior management by independent
corporate governance functions such as the audit committee, nonexecutive directors,
and supervisory boards.
• The degree of complexity and stability of the entity or group.
• The overall control environment, including the continuity and effectiveness of internal
audit, information technology, and accounting personnel as well as the effectiveness of
accounting and reporting systems.
Rationalization and attitude

Some individuals are more prone than others to commit fraud. Other things being equal, the
propensity to commit fraud depends on people’s ethical values as well as on their personal
circumstances. Ethical behaviour is motivated both by a person’s character and by external
factors. External factors may include job insecurity, such as during a downsizing, or a work
environment that inspires resentment, such as being passed over for promotion.
38
9. Finding Red Flags
Risk factors that fall into this category of rationalization and attitude are typically the
least tangible or measurable, and many are by nature difficult for an auditor to observe or
otherwise ascertain. Fundamentally, rationalization and attitude are functions of the culture
of an organization, the psychology of those who work in it, and the interaction between
the two— for example, the level of employee loyalty to the company. The wider business
environment must also be considered: hard times in an industry or in the overall economy
may make it easier for some individuals to rationalize fraud. Risk factors to look for, in this
somewhat intangible but critically important category, include:
• Lack of clarity or communication about corporate ethical values or infrequent
communication and reinforcement of such values
• Disregard for the risk of fraud—or ineffective measures when fraud rises
• Lack of realism in budgeting and forecasting and in communicating expectations to
third parties
• Recurring attempts by management to justify inappropriate accounting or disclosure
policies and practices on grounds of materiality or other grounds
• Difficult relationships with the entity’s auditors: a bullying attitude, imposition of
unreasonable time pressure, or constraints on access to relevant audit evidence
2
39
PART II
10. LAWS GOVERNING OFFENCES OF FRAUDS & INSTITUTIONAL
FRAMEWORK IN INDIA AND WORLDWIDE
LAWS GOVERNING OFFENCES OF FRAUDS IN INDIA

1. The Indian Penal Code, 1860
The Indian Penal Code is the main criminal code of India. It is a comprehensive code
intended to cover all substantive aspects of criminal law. The code was drafted in 1860
on the recommendations of first law commission of India established in 1834 under the
Charter Act of 1833 under the Chairmanship of Thomas Babington Macaulay. It came into
force in British India during the early British Raj period in 1862. However, it did not apply
automatically in the Princely states, which had their own courts and legal systems until the
1940s. The Code has since been amended several times and is now supplemented by other
criminal provisions. Based on IPC, Jammu and Kashmir has enacted a separate code known
as Ranbir Penal Code (RPC).
There is no separate legislation dealing with fraud as in the United Kingdom or the USA.
Fraudulent activities are covered by the Indian Penal Code. The word ‘fraud’ is not defined in
Indian Penal Code; instead what constitutes doing a thing fraudulently is explained. Section
25 defines the expression ‘fraudulently’ – ‘a person is said to do a thing fraudulently if he
does that with intent to defraud but not otherwise’. The expression fraudulently occurs in
Sections 206, 207, 208, 242, 246, 247, 252, 253, 261, 262, 263 and Sections 421 to 424.
Sections 24 and 23 define expressions ‘dishonestly’ and ‘wrongful gain and wrongful loss.
‘Wrongful gain’ is gain by unlawful means of property which the person gaining is not legally
entitled. ‘Wrongful loss’ is the loss by unlawful means of property to which the person losing
it is legally entitled. Whoever does anything with the intention of causing wrongful gain to
one person or wrongful loss to another person, is said to do that thing ‘dishonestly’.
Indian Penal Code recognizes the following acts as fraud:
a) Impersonation
b) Counterfeiting
c) Wrong weighing and measurement
d) Misappropriation
e) Criminal breach of trust
40
10. Laws Governing Offences of Frauds & Institutional Framework in India and Worldwide
f) Cheating
g) Dishonest dealing in property
h) Mischief
i) Forgery
j) Falsification
k) Possessing stolen property
l) Concealment
2. The Civil Procedure Code, 1908

The Civil procedure is the body of law that sets out the rules and standards that courts
follow when adjudicating civil lawsuits (as opposed to procedures in criminal law matters).
These rules govern how a lawsuit or case may be commenced, what kind of service
of process (if any) is required, the types of pleadings or statements of case, motions or
applications, and orders allowed in civil cases, the timing and manner of depositions and
discovery or disclosure, the conduct of trials, the process for judgment, various available
remedies, and how the courts and clerks must function.
To give uniformity to Civil Procedure Legislative Council of India, enacted Code of Civil
Procedure, 1859, which received the assent of Governor-General on 23 March 1859. The
Code however, not applicable to Supreme Court in the Presidency Towns and to the
Presidency Small Cause Courts. But it did not meet the challenges and was replaced by Code
of Civil Procedure Code, 1877. But still it did not fulfil the requirements of time and large
amendments were introduced. In 1882, it were recast the whole Code and it was the Code of
Civil Procedure, 1882. With passing of time it is felt that the Code needs some flexibility to
breath the air of speed and effectiveness. So, meet these problems Code of Civil Procedure,
1908 was enacted. Though it has been amended number of time it stood the test of time.
The CPC is composed of two parts:
• First part: Dividend into 158 Sections. Can be amended by the legislature only.
• Second Part: Divided into 51 Orders and Rules. Can be amended by High Courts.
The Orders and Rules are to be read along with the Sections. When there is ambiguity in
interpretation between the two, the version of the Sections prevails.
3. The Indian Contract Act, 1872

Under the Indian Contract Act, 1872, Sec.17 defines fraud.
“Fraud means and includes any of the following acts committed by a party to a contract, or
with his connivance, or by his agents, with intent to deceive another party thereto his agent,
or to induce him to enter into the contract;
41
(1) The suggestion as a fact, of that which is not true, by one who does not believe it to
be true;
(2) The active concealment of a fact by one having knowledge or belief of the fact;
(3) A promise made without any intention of performing it;
(4) Any other act fitted to deceive;
(5) Any such act or omission as the law specially declares to be fraudulent.
Explanation.—Mere silence as to facts likely to affect the willingness of a person to enter
into a contract is not fraud, unless the circumstances of the case are such that, regard being
had to them, it is the duty of the person keeping silence to speak, or unless his silence, is,
in itself, equivalent to speech.”
4. The Indian Evidence Act, 1872

The Indian Evidence Act, originally passed by the Imperial Legislative Council in 1872,
during the British Raj, contains a set of rules and allied issues governing admissibility of
evidence in the Indian courts of law.
The enactment and adoption of the Indian Evidence Act was a path-breaking judicial
measure introduced in India, which changed the entire system of concepts pertaining to
admissibility of evidences in the Indian courts of law. Until then, the rules of evidences were
based on the traditional legal systems of different social groups and communities of India
and were different for different people depending on caste, religious faith and social position.
The Indian Evidence Act and introduced a standard set of law applicable to all Indians.
Contents of the Act

This Act is divided into three parts and there are 11 chapters in total under this Act.
Part 1 deals with relevancy of the facts. There are two chapters under this part: the first
chapter is a preliminary chapter which introduces to the Evidence Act and the second
chapter specifically deals with the relevancy of the facts.
Part 2 consists of chapters from 3 to 6. Chapter 3 deals with facts which need not be proved,
chapter 4 deals with oral evidence, chapter 5 deals with documentary evidence and chapter
6 deals with circumstances when documentary evidence has been given preference over the
oral evidence.
The last part, that is part 3, consists of chapter 7 to chapter 11. Chapter 7 talks about the
burden of proof. Chapter 8 talks about estoppel, chapter 9 talks about witnesses, chapter
10 talks about examination of witnesses, and last chapter which is chapter 11 talks about
improper admission and rejection of evidence.
The Indian Evidence Act Classification

In the Evidence Act All the Provisions can be divide in to two Categories (1) Taking the
Evidence (By Court) (2) Evaluation
42
In Taking the Evidence Court take the Evidence for the Facts (Either “Issue of Facts” or
“Relevant Facts”); The Facts means the things which is said before the court in connection
with the matter, The main thing, which is Crime in Criminal and Right etc. in Civil matters
are main Issues, So main Issues are known as “Issue of Facts”, and the other facts which are
Relevant to it are “Relevant Facts”.
For those Facts Evidence is Given to the Court by two ways, One is orally and Second is
Documentary (includes Electronic Documents), Oral Evidence mostly suggest the Verbal
deposition before the Court (and not otherwise), and which includes oral statement regarding
materials too, Documentary Evidence suggest the Documents. So, The Evidence Regarding
Matter which have number of Facts, for which Evidence by way of oral or Documentary
produced before the court for its Evaluation for either one fact or facts. Court by going throw
those Documentary Evidence and Oral Evidence decide that particular fact and all facts are
proved or not, or whether the fact or facts can be presumed to be proved?
In Evaluation as above said by looking in to the Oral and Documentary Evidence Court
decide whether particular fact is proved or not, or facts are proved or not, In Evaluation there
are two concepts to prove facts; One is Prove (Prove, Disprove or Not prove) and Other is
Presumption (that fact is proved) (may Presume, Shall presume and Conclusive proof) After
going to Oral and Documentary Evidence Court see that whether any fact or facts are proved
by looking to such evidence or not? If at all no evidence is given or enough evidence is given
for the fact it’s said fact is ‘Not proved’; The second Concept for evaluation is “Presumption”
In Evidence many Section suggest these presumptions, Where there is said Facts ‘may
presume’, Court is extremely free to believe it or not and may ask to prove the fact, In ‘shall
presume’ there is more weight given to believe facts but in that too court may ask to give
more evidence to prove the facts, Where in any provision it is said that particular fact, or
particular fact in particular circumstances must be concluded as “conclusive proof’ Court
has no liberty then to believe it to be proved.
Classification of Evidence Act in Four Questions

Evidence Act may be divided in four questions.
Question 1 Evidence is Given of What
Answer 1 of Facts (“Issue of Facts” or “Relevant Facts”)
Question 2 How the Evidence of such Facts are Given
Answer 2 The Evidence of Such Facts is Given Either by way of “Oral Evidence” or
“Documentary Evidence’
Question 3 On whom the Burden to Prove Facts lies
Answer 3 “Burden of Proof”(of particular fact) or “Onus of proof” (to prove whole case)
Question 4 What are the Evaluation of the Facts.
Answer 4 The Evaluation is “Prove” or “Presumption”(of prove); The fact is either ‘prove’,’
disprove’, or ‘Not prove’; or there may be presumption that prove of facts “may presume’,
‘shall presume’, or ‘conclusive proof’.
43
Section 44 in The Indian Evidence Act, 1872

Fraud or collusion in obtaining judgment, or incompetency of Court, may be proved.—Any
party to a suit or other proceeding may show that any judgment, order or decree which is
relevant under section 40, 41 or 42 and which has been proved by the adverse party, was
delivered by a Court not competent to deliver it, or was obtained by fraud or collusion. “44.
Fraud or collusion in obtaining judgment, or incompetency of Court, may be proved.—Any
party to a suit or other proceeding may show that any judgment, order or decree which is
relevant under section 40, 41 or 42 and which has been proved by the adverse party, was
delivered by a Court not competent to deliver it, or was obtained by fraud or collusion.”
5. The Prevention of Money Laundering Act, 2002

The Prevention of Money Laundering Act, 2002 (PMLA) forms the core of the legal
framework put in place by India to combat money laundering. PMLA and the Rules notified
there under came into force with effect from July 1, 2005. Director, FIU-IND and Director
(Enforcement) have been conferred with exclusive and concurrent powers under relevant
sections of the Act to implement the provisions of the Act.
The PMLA and rules notified there under impose obligation on banking companies, financial
institutions and intermediaries to verify identity of clients, maintain records and furnish
information to FIU-IND. The PMLA defines money laundering offence and provides for the
freezing, seizure and confiscation of the proceeds of crime.
The PMLA empowers certain officers of the Directorate of Enforcement to carry out
investigations in cases involving offence of money laundering and also to attach the property
involved in money laundering. The PMLA envisages setting up of an Adjudicating Authority
to exercise jurisdiction, power and authority conferred by it essentially to confirm attachment
or order confiscation of attached properties. It also envisages setting up of an Appellate
Tribunal to hear appeals against the order of the Adjudicating Authority and the authorities
like Director FIU-IND.
The PMLA envisages designation of one or more courts of sessions as Special Court or
Special Courts to try the offences punishable under PMLA and offences with which the
accused may, under the Code of Criminal Procedure 1973, be charged at the same trial.
The PMLA allows Central Government to enter into an agreement with Government of any
country outside India for enforcing the provisions of the PMLA, exchange of information for
the prevention of any offence under the PMLA or under the corresponding law in force in
that country or investigation of cases relating to any offence under the PMLA.
As per the Section 3 of the Prevention of Money-Laundering Act, 2002, the offence of Money-
Laundering is defined as under:
“Whosoever
• directly or indirectly,
• attempts to indulge, or
• knowingly assists, or
44
• knowingly is party, or
• is actually involved in
o any process, or
o activity connected,
• with the Proceeds of Crime, including its
o Concealment,
o Possession,
o Acquisition or use; and
• Projecting or Claiming it as Untainted Property shall be guilty of offence of Money-
Laundering.”
The definition of “Money-Laundering” in India is comprehensive enough to cover most of
the instances of converting the black money into white, as the same will depend upon the
willingness of Enforcement Authorities for strong implementation of, which is in any case
subject to judicial scrutiny. Some of the examples of Money-Laundering in the corporate
world cover the instances relating to Shell Companies, Foreign Investments, Corporate
Mismanagement, Insider Trading and Bribery.
Proceeds of Crime
The term “PROCEEDS OF CRIME”, which is an essential ingredient of Money-Laundering
has been defined under Section 2(u) of the PMLA, and it means and includes
• Any property derived or obtained
• Directly or indirectly
• By any person
• as a result of criminal activity
• relating to a
• scheduled offense or
• Value of any such property.
It is only when proceeds of crime are projected or claimed as untainted property i.e.
uncorrupted; the offense of Money-Laundering is committed.
Methods and Means for financial fraud

Some of the ways for generation of black money which are peculiar to the Corporate Sectors
may be narrated herein below:
• External Trade and Transfer Pricing;
45
• Manipulation by Way of International Transactions through Associate Enterprises;

• Financial Market Transactions;
• Out of Book Transactions;
• Parallel Books of Accounts;
• Manipulation of Books of Account;
• Manipulation of Sales/Receipts;
• Under-reporting of Production;
• Manipulation of Expenses;
• Manipulations of Accounts;
• Manipulation of Capital;
• Manipulation of Closing Stock;
• Manipulation of Capital Expenses;
• Generation of Black money in Some Vulnerable Sections of the Economy;
• Land and Real Estate Transactions;
• Bullion and Jewellery Transactions;
• Public Procurement;
• Non-profit Sector;
• Informal Sector and Cash Economy;
• Investment through Innovative Derivative Instruments.
Under PMLA, committing any offenses as specified in the Part A and Part C of the Schedule
of PMLA, will invoke the provisions of PMLA. Some of the Acts and offences, which may
attract PMLA, are enumerated herein below:
• An offence which is the offence of Cross Border implications and is specified in Part
A of Schedule under PMLA, or
• The offences against property under Chapter XVII of the Indian Penal Code is
applicable, involving cross border implications.
• Offences under the
o The Indian Penal Code, 1860 including offences relating to Cheating,
Counterfeiting of Government stamps, Dishonest or Fraudulent removal or
Concealment of Property to prevent distribution among creditors, dishonestly or
fraudulently preventing debt being available for creditors, Dishonest or Fraudulent
46
execution of deed of transfer containing false statement of consideration.

o Offences under the Narcotic Drugs and Psychotropic Substances Act, 1985
o Offences under the Prevention of Corruption Act, 1988;
o Offences under the Securities and Exchange Board of India Act, 1992 including
offences relating to
£ Prohibition of manipulative and deceptive devices,
£ Insider Trading and substantial Acquisition of securities or control.
o Offences under the Customs Act, 1962 relating to evasion of duty or prohibitions;
o Offences under the Emigration act, 1983
o Offences under the Foreigners act, 1946
o Offences under the Antiquities and Arts Treasures Act, 1972
o Offences Under the Copyright Act, 1957, including
£ Offence of infringement of copyright or other rights conferred by Copyright
Act.
£ Knowing use of infringing copy of computer programme;
o Offences under the Trade Marks Act, 1999 including
£ Application of false trademarks, trade descriptions, etc.
£ Selling goods or providing services to which false trademark or false trade
description is applied.
£ Falsely representing a trade mark as registered.
£ Abetment in India of acts done out of India.
o Offences under The Information Technology Act, 2000, including
£ Breach of confidentiality and privacy,
£ Offence or contravention committed outside India.
o Offences under the Suppression of Unlawful Acts Against Safety of Maritime
Navigation and Fixed Platforms on Continental Shelf Act, 2002
Offences by Companies
Section 70 of PMLA deals with offences by Companies, providing that Where a person
committing a contravention of any of the provisions of this Act or of any Rule, Direction or
Order made there under is a Company (company” means anybody corporate and includes a
firm or other association of individuals); and
47
• Every person who, At the time the contravention was committed, was
o in charge of, and
o was responsible to the company,
£ for the conduct of the business of the company
£ as well as the company,
shall be deemed to be guilty of the contravention and shall be liable to be proceeded against
and punished under PMLA.
The only exception to such rule is that if such person proves that the contravention took
place
• without his Knowledge, or
• that he exercised all due diligence to prevent such contravention.
Further, notwithstanding anything contained in sub‐section (1) of Section 70 of PMLA, where
a contravention of any of the provisions of this Act or of any Rule, Direction or Order made
there under has been committed by a company and it is proved that the contravention has
taken place
• with the consent or connivance of, or
• is attributable to any neglect on the part of any Director, Manager, Secretary or other
Officer of any Company,
such Director, Manager, Secretary or other Officer shall also be deemed to be guilty of the
contravention and shall be liable to be proceeded against and punished accordingly.
Obligations of Banking Companies, Financial Institutions and Intermediaries

Under Section 12 of PMLA, all Banking Companies, Financial Institutions And Intermediaries
are required to maintain a record of all transactions, including information relating to
transactions for a period of 5 years, in such manner as to enable it to reconstruct individual
transactions, and furnish to the concerned Authorities under PMLA, all information
relating to such transactions, whether attempted or executed; the nature and value of such
transactions; verify the identity of its clients and the beneficial owner, if any; and maintain
record of documents evidencing identity of its clients and beneficial owners as well as
account files and business correspondence relating to its clients.
Punishment under PMLA

Section 4 of the PMLA prescribes the Punishment for Money-Laundering as under:
• Rigorous Imprisonment for a term
o which shall not be less than Three years, but
o which may extend to 7 years/10 years, and
o shall also be liable to fine.
48
In certain cases, the offences under Narcotic Drugs and Psychotropic Substances Act, 1985
are punishable with rigorous imprisonment upto 10 years. The fine under PMLA is without
any limit and the same may be commensurate to the nature and extent of offence committed
and the money laundered.
Arrests
Under Section 19 of the PMLA, the appropriate authority under the Act has the power to
arrest any person provided that such authority on the basis of the material in his possession
has reason to believe that such person has been guilty of any offence punishable under the
PMLA. After the arrest, the person arrested has to be informed about the grounds for his
arrest. It is also required that the person so arrested shall, within 24 hours, be produced
before the Judicial Magistrate or a Metropolitan Magistrate, as the case may be, having
jurisdiction.
Attachment, Adjudication and Confiscation
Under Section 5 of the PMLA, if the authority as specified under the Section, has reason
to believe (the reason for such belief to be recorded in writing), on the basis of material in
their possession, that-
• Any person is in possession of any Proceeds of Crime; and
• such Proceeds of crime are likely to be
o Concealed,
o Transferred, or
o dealt with in any manner
£ which may result in frustrating any proceedings relating to confiscation of
such Proceeds of Crime,
may, by order in writing, provisionally attach such property for a period not exceeding 180
days from the date of the order, in such manner as may be prescribed.
Attachment of 3rd Party Properties

Under the PMLA, even the property of any person may be attached under Section 5(1) 2nd
Proviso, if the designated officer has reason to believe that the property in possession of
such person is involved in Money-Laundering, and the non-attachment will frustrate any
proceedings under the Act.
However, nothing in Section 5 of the PMLA shall prevent the person interested in the
enjoyment of the immovable property attached from such enjoyment. “Person interested”, in
relation to any immovable property, includes all persons claiming or entitled to claim any
interest in the property.
What after the Attachment of Property?

Section 8 of the PMLA provides an elaborate procedure for adjudication of a complaint under
Section 5 of the PMLA, and a person holding property on behalf of any other person, or if
49
there is a claim by a third person not a party to the complaint, such person is also required
to be implicated into the proceedings for adjudication, and heard by the Adjudicating
Authority.
Presumptions and Burden of Proof

Where Money-Laundering involves two or more inter-connected transactions and one
or more such transactions is or are proved to be connected with Money-Laundering,
then for the purposes of Adjudication or Confiscation, under Section 8 or for the trial of
the Money- Laundering offence, it shall unless otherwise proved, be presumed that the
remaining transactions form part of such inter-connected transactions associated with Money-
Laundering
Under Section 24 of the PMLA, in any proceeding relating to the proceeds of crime a
presumption is raised by the authority or court against any person charged with the offence
of Money-Laundering, unless the contrary is proved by the accused, that such proceeds of
crime are involved in money-laundering; and in the case of any third person, such authority
or court may also presume that such proceeds of crime are involved in Money-Laundering.
Essentially, under the PMLA, the burden of proof lies on the person who claims that the
proceeds of crime alleged to be involved in Money-Laundering, are not involved in Money-
Laundering. The presumption against the accused or any 3rd party is good enough to
discharge the onus of the authorities under the PMLA. Even in the case of Records, and
Properties, which are found in the possession or control of any person in the course of a
survey or search under the Act (Section 16, Section 17 and Section 18 of the PMLA), under a
presumption is raised that such records or property belongs to such person, and the contents
of such records are true, and further that signatures and any part of such records in hand-
writing of a particular person or in the hand-writing of such person, the presumptions as
to the records in property are absolute, and the onus to prove the same otherwise, lies on
such person.
It is clear that, a person accused of an offence under Section 3 of the PMLA, whose property
is attached and proceeded against for Confiscation, shall discharge the onus of proof (Section
24) vested in him by disclosing the sources of his Income, Earnings or Assets, out of which
or means by which he has acquired the property attached, to discharge the burden that the
property does not constitute proceeds of crime.
Where a transaction of acquisition of property is part of inter-connected transactions, the
onus of establishing that the property acquired is not connected to the activity of Money-
Laundering, is on the person in ownership, control or possession of the property, though not
accused of a Section 3 offence under the PMLA, provided one or more of the interconnected
transactions is or are proved to be involved in Money-Laundering (Section 23).
6. The Foreign Exchange Management Act, 1999

The Foreign Exchange Management Act, 1999 (FEMA) is an Act of the Parliament of India “to
consolidate and amend the law relating to foreign exchange with the objective of facilitating
external trade and payments and for promoting the orderly development and maintenance
50
of foreign exchange market in India”. It was passed in the winter session of Parliament in
1999, replacing the Foreign Exchange Regulation Act (FERA). This act seeks to make offenses
related to foreign exchange civil offenses. It extends to the whole of India. It enabled a new
foreign exchange management regime consistent with the emerging framework of the World
Trade Organisation (WTO). It also paved way to Prevention of Money Laundering Act 2002,
which was effected from 1 July 2005.
FEMA permits only authorised person to deal in foreign exchange or foreign security. Such
an authorised person, under the Act, means authorised dealer, money changer, off-shore
banking unit or any other person for the time being authorised by Reserve Bank. The Act
thus prohibits any person who:-
• Deal in or transfer any foreign exchange or foreign security to any person not being an
authorized person;
• Make any payment to or for the credit of any person resident outside India in any
manner;
• Receive otherwise through an authorized person, any payment by order or on behalf
of any person resident outside India in any manner;
• Enter into any financial transaction in India as consideration for or in association with
acquisition or creation or transfer of a right to acquire, any asset outside India by any
person is resident in India which acquire, hold, own, possess or transfer any foreign
exchange, foreign security or any immovable property situated outside India.
Main Features
• Activities such as payments made to any person outside India or receipts from them,
along with the deals in foreign exchange and foreign security is restricted. It is FEMA
that gives the central government the power to impose the restrictions.
• Restrictions are imposed on residents of India who carry out transactions in foreign
exchange, foreign security or who own or hold immovable property abroad.
• Without general or specific permission of the MA restricts the transactions involving
foreign exchange or foreign security and payments from outside the country to India –
the transactions should be made only through an authorised person.
• Deals in foreign exchange under the current account by an authorised person can be
restricted by the Central Government, based on public interest.
• Although selling or drawing of foreign exchange is done through an authorised person,
the RBI is empowered by this Act to subject the capital account transactions to a
number of restrictions.
• Residents of India will be permitted to carry out transactions in foreign exchange,
foreign security or to own or hold immovable property abroad if the currency, security
or property was owned or acquired when he/she was living outside India, or when it
was inherited by him/her from someone living outside India.
51
• Exporters are needed to furnish their export details to RBI. To ensure that the
transactions are carried out properly, RBI may ask the exporters to comply to its
necessary requirements.
VARIOUS COMMITTEES
Santhanam Committee
That there were some functional inadequacies in the IPC was recognized by the Santhanam
Committee (1962) which observed that ‘the Penal Code does not deal in any satisfactory
manner with acts which may be described as social offences having regard to special
circumstances under which they are committed and which have now become a dominant
feature of certain powerful sections of modern society.’
Mitra Committee
An Experts Committee on Legal Aspects of Bank Frauds appointed by Reserve Bank of India
headed by Sri NL Mitra in its report submitted in 2001 recommended that financial fraud
needs to be criminalized by inserting a definition for the offence on ‘financial fraud’ and a
penal provision in the Indian Penal Code.
Second Administrative Reforms Commission

The Second Administrative Reforms Commission (2005) in its Fourth report on Ethics in
Governance made the following recommendations, including reiterating Mitra Committee
recommendation, with reference to Serious Economic Offences:
a. A new law on ‘Serious Economic Offences’ should be enacted.
b. A Serious Economic Offence may be defined as:
i. One which involves a sum exceeding Rs 10 crore; or
ii. is likely to give rise to widespread public concern; or
iii. its investigation and prosecution are likely to require highly specialized
knowledge of the financial market or of the behaviour of banks or other financial
institutions; or
iv. involves significant international dimensions; or
v. in the investigation of which there is requirement of legal, financial, investment
and investigative skills to be brought together; or
vi. which appear to be complex to the Union Government, regulators, banks, or any
financial institution.
LIST OF INSTITUTIONAL FRAMEWORK IN INDIA TO COMBAT FRAUD IN INDIA

i. Serious Fraud Investigation Office (SFIO)
52
ii. Public Accounts Committee - examines the appropriateness of the expenditure incurred
by the government as presented in the accounts, the reported cases of losses, financial
irregularities in the government, and so on.
iii. Comptroller and Auditor-General - the constitutional authority charged with the
responsibility of auditing all receipts and expenditure of the Union Government and
that of the States and Union Territories and agencies under them.
iv. Chief Secretary - the highest administrative authority dealing with complaints of
misconduct and fraud committed by any Department of the State.
v. Crime Investigation Department (CID) - white collar crime and larger issues like scams
and frauds are dealt by the Crime Investigating Department.
vi. Economic Offences Wing - investigates cases pertaining to misappropriation, cheating,
forgery, counterfeit currency, cybercrimes and major frauds, scams and other white-
collar offences.
vii. State vigilance Commission
viii. Lokayuktha & UpaLokayuktha
Serious Fraud Investigation Office

http://sfio.nic.in/websitenew/main2.asp
The SFIO is a non-statutory body and was set up on the basis of the recommendations of the
Naresh Chandra Committee on corporate governance in the backdrop of stock market scams,
failure of non-financial banking companies and the phenomena of vanishing companies
and plantation companies. It is a multi-disciplinary organisation with experts on finance,
capital market, accountancy, Forensic Investigation, taxation, law, information technology,
company law, customs and investigation. These experts are drawn from banks, the Securities
and Exchange Board of India (SEBI), the Comptroller and Auditor General’s office and the
organisations and departments concerned of the government.
The SFIO will normally take up for investigation only such cases, which are characterized by
• complexity and having inter-departmental and multi-disciplinary ramifications;
• substantial involvement of public interest to be judged by size, either in terms of
monetary misappropriation or in terms of persons affected, and;
• the possibility of investigation leading to or contributing towards a clear improvement
in systems, laws or procedures. The SFIO shall investigate serious cases of fraud
received from Department of company Affairs.
SFIO does not initiate any investigation on its own, based on any complaints/documents
received from any source. The cases are taken up for investigation as are order for
investigation by the Government i.e. Ministry of Corporate Affairs under the Companies Act,
2013. These provisions enable the Central government to appoint one or more competent
persons as inspectors to investigate and submit a report on the affairs of a company if, in its
53
opinion, or in the opinion of the Registrar of Companies or the Company Law Board, there
are circumstances suggesting that the business of a company is being conducted with the
intention to defraud its creditors or members, or for a fraudulent or unlawful purpose.
2
54
11. Forensic Investigation under The Information Technology Act, 2000
11. FORENSIC INVESTIGATION UNDER THE INFORMATION

TECHNOLOGY ACT, 2000
THE INFORMATION TECHNOLOGY ACT, 2000 is an Act to provide legal recognition

for transactions carried out by means of electronic data interchange and other means of
electronic communication, commonly referred to as “Electronic Commerce”, which involve
the use of alternatives to paper-based methods of communication and storage of information,
to facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence
Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or
incidental thereto.
The IT Act recognizes offences related to fraud such as tampering with computer source
documents, hacking computer systems, creating, publishing, or otherwise making available
digital signature for any fraudulent purpose.
The Act provides a legal framework for electronic governance by giving recognition
to electronic records and digital signatures. It also defines cyber crimes and prescribes
penalties for them. The Act directed the formation of a Controller of Certifying Authorities
to regulate the issuance of digital signatures. It also established a Cyber Appellate Tribunal
to resolve disputes arising from this new law. The Finance Act, 2017, merged the Cyber
Appellate Tribunal with the Telecom Disputes Settlement and Appellate Tribunal with effect
from 26 May 2017.The Act also amended various sections of the Indian Penal Code, 1860,
the Indian Evidence Act, 1872, the Banker’s Book Evidence Act, 1891, and the Reserve Bank
of India Act, 1934 to make them compliant with new technologies.
Amendments
A major amendment was made in 2008. It introduced Section 66A which penalized
sending of “offensive messages”. It also introduced Section 69, which gave authorities
the power of “interception or monitoring or decryption of any information through
any computer resource”. It also introduced provisions addressing child porn, cyber
terrorism and voyeurism. The amendment was passed on 22 December 2008 without any
debate in Lok Sabha. The next day it was passed by the Rajya Sabha. It was signed into law
by President Pratibha Patil, on 5 February 2009. The amendments came into effect from 27
October 2009.
Offences sections
 Section 65 – Tampering with Computer Source Documents If any person knowingly
or intentionally conceals, destroys code or alters or causes another to conceal, destroy
code or alter any computer, computer program, computer system, or computer
55
network,he shall be punishable with imprisonment up to three years, or with fine up

to two lakh rupees, or with both.
 Section – 66 Computer Related Offences If any person, dishonestly, or fraudulently,
does any act referred to in section 43,he shall be punishable with imprisonment for a
term which may extend to two three years or with fine which may extend to five lakh
rupees or with both.
 Section 66A – Punishment for sending offensive messages through communication
service
Any person who sends, by means of a computer resource or a communication device,
o Any information that is grossly offensive or has menacing character;
o Any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred, or ill will, persistently makes by making use of such
computer resource or a communication device,
o Any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or recipient
about the origin of such messages
shall be punishable with imprisonment for a term which may extend to three
years and with fine.
 Section 66B – Punishment for dishonestly receiving stolen computer resource or
communication device. Whoever dishonestly receives or retains any stolen computer
resource or communication device knowing or having reason to believe the same
to be stolen computer resource or communication device,shall be punished with
imprisonment of either description for a term which may extend to three years or with
fine which may extend to rupees one lakh or with both.
 Section 66C – Punishment for identity theft Whoever, fraudulently or dishonestly make
use of the electronic signature, password or any other unique identification feature of
any other person,shall be punished with imprisonment of either description for a term
which may extend to three years and shall also be liable to fine which may extend to
rupees one lakh.
 Section 66D – Punishment for cheating by personation by using computer
resource Whoever, by means of any communication device or computer resource cheats
by personating; shall be punished with imprisonment of either description for a term
which may extend to three years and shall also be liable to fine which may extend to
one lakh rupees.
 Section 66E – Punishment for violation of privacy Whoever, intentionally or knowingly
captures, publishes or transmits the image of a private area of any person without his
56
or her consent, under circumstances violating the privacy of that person,Explanation –

For the purposes of this section:
a. “transmit” means to electronically send a visual image with the intent that it be
viewed by a person or persons;
b. “capture”, with respect to an image, means to videotape, photograph, film or
record by any means;
c. “private area” means the naked or undergarment clad genitals, pubic area,
buttocks or female breast;
d. “publishes” means reproduction in the printed or electronic form and making it
available for public;
e. “under circumstances violating privacy” means circumstances in which a person
can have a reasonable expectation that–
i. he or she could disrobe in privacy, without being concerned that an image
of his private area was being captured; or
ii. any part of his or her private area would not be visible to the public,
regardless of whether that person is in a public or private place.
shall be punished with imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both.
• Section-66F Cyber Terrorism
o Whoever,-
a. with intent to threaten the unity, integrity, security or sovereignty of India
or to strike terror in the people or any section of the people by –
i. denying or cause the denial of access to any person authorized to
access computer resource; or
ii. attempting to penetrate or access a computer resource without
authorization or exceeding authorized access; or
iii. introducing or causing to introduce any Computer Contaminant
and by means of such conduct causes or is likely to cause death
or injuries to persons or damage to or destruction of property or
disrupts or knowing that it is likely to cause damage or disruption
of supplies or services essential to the life of the community or
adversely affect the critical information infrastructure specified under
section 70, or
b. knowingly or intentionally penetrates or accesses a computer resource
without authorization or exceeding authorized access, and by means of
such conduct obtains access to information, data or computer database
57
that is restricted for reasons of the security of the State or foreign relations;
or any restricted information, data or computer database, with reasons to
believe that such information, data or computer database so obtained may
be used to cause or likely to cause injury to the interests of the sovereignty
and integrity of India, the security of the State, friendly relations with
foreign States, public order, decency or morality, or in relation to contempt
of court, defamation or incitement to an offence, or to the advantage of any
foreign nation, group of individuals or otherwise, commits the offence of
cyber terrorism.
o Whoever commits or conspires to commit cyber terrorism shall be punishable
with imprisonment which may extend to imprisonment for life.
• Section 69 – Powers to issue directions for interception or monitoring or decryption
of any information through any computer resource.-
1. Where the central Government or a State Government or any of its officer
specially authorized by the Central Government or the State Government, as the
case may be, in this behalf may, if is satisfied that it is necessary or expedient
to do in the interest of the sovereignty or integrity of India, defence of India,
security of the State, friendly relations with foreign States or public order or
for preventing incitement to the commission of any cognizable offence relating
to above or for investigation of any offence, it may, subject to the provisions of
sub-section (2), for reasons to be recorded in writing, by order, direct any agency
of the appropriate Government to intercept, monitor or decrypt or cause to be
intercepted or monitored or decrypted any information transmitted received or
stored through any computer resource.
2. The Procedure and safeguards subject to which such interception or monitoring
or decryption may be carried out, shall be such as may be prescribed.
3. The subscriber or intermediary or any person in charge of the computer resource
shall, when called upon by any agency which has been directed under sub
section (1), extend all facilities and technical assistance to –
o provide access to or secure access to the computer resource generating,
transmitting, receiving or storing such information; or
o intercept or monitor or decrypt the information, as the case may be; or
o provide information stored in computer resource.
4. The subscriber or intermediary or any person who fails to assist the agency
referred to in sub-section (3) shall be punished with an imprisonment for a term
which may extend to seven years and shall also be liable to fine.
58
• Section 69A – Power to issue directions for blocking for public access of any
information through any computer resource
5. Where the Central Government or any of its officer specially authorized by it in
this behalf is satisfied that it is necessary or expedient so to do in the interest of
sovereignty and integrity of India, defense of India, security of the State, friendly
relations with foreign states or public order or for preventing incitement to the
commission of any cognizable offence relating to above, it may subject to the
provisions of sub-sections (2) for reasons to be recorded in writing, by order
direct any agency of the Government or intermediary to block access by the
public or cause to be blocked for access by public any information generated,
transmitted, received, stored or hosted in any computer resource.
6. The procedure and safeguards subject to which such blocking for access by the
public may be carried out shall be such as may be prescribed.
7. The intermediary who fails to comply with the direction issued under sub-section
(1) shall be punished with an imprisonment for a term which may extend to
seven years and also be liable to fine.
• Section 69B. Power to authorize to monitor and collect traffic data or information
through any computer resource for Cyber Security
8. The Central Government may, to enhance Cyber Security and for identification,
analysis and prevention of any intrusion or spread of computer contaminant
in the country, by notification in the official Gazette, authorize any agency of
the Government to monitor and collect traffic data or information generated,
transmitted, received or stored in any computer resource.
9. The Intermediary or any person in-charge of the Computer resource shall when
called upon by the agency which has been authorized under sub-section (1),
provide technical assistance and extend all facilities to such agency to enable
online access or to secure and provide online access to the computer resource
generating, transmitting, receiving or storing such traffic data or information.
10. The procedure and safeguards for monitoring and collecting traffic data or
information, shall be such as may be prescribed.
11. Any intermediary who intentionally or knowingly contravenes the provisions of
subsection (2) shall be punished with an imprisonment for a term which may
extend to three years and shall also be liable to fine.
• Section 71 – Penalty for misrepresentation Whoever makes any misrepresentation to,
or suppresses any material fact from, the Controller or the Certifying Authority for
obtaining any license or Electronic Signature Certificate, as the case may be,shall be
punished with imprisonment for a term which may extend to two years, or with fine
which may extend to one lakh rupees, or with both.
59
• Section 72 – Breach of confidentiality and privacy Any person who, in pursuant of

any of the powers conferred under this Act, rules or regulations made there under, has
secured access to any electronic record, book, register, correspondence, information,
document or other material without the consent of the person concerned discloses such
electronic record, book, register, correspondence, information, document or other material
to any other person shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with both.
• Section 72A – Punishment for Disclosure of information in breach of lawful
contract Any person including an intermediary who, while providing services under
the terms of lawful contract, has secured access to any material containing personal
information about another person, with the intent to cause or knowing that he is likely
to cause wrongful loss or wrongful gain discloses, without the consent of the person
concerned, or in breach of a lawful contract, such material to any other person shall
be punished with imprisonment for a term which may extend to three years, or with
a fine which may extend to five lakh rupees, or with both.
• 73. Penalty for publishing electronic Signature Certificate false in certain particulars.
12. No person shall publish a Electronic Signature Certificate or otherwise make it
available to any other person with the knowledge that
a. the Certifying Authority listed in the certificate has not issued it; or
b. the subscriber listed in the certificate has not accepted it; or
c. the certificate has been revoked or suspended, unless such publication
is for the purpose of verifying a digital signature created prior to such
suspension or revocation
Any person who contravenes the provisions of sub-section (1) shall be punished
with imprisonment for a term which may extend to two years, or with fine which
may extend to one lakh rupees, or with both.
• Section 74 – Publication for fraudulent purpose: Whoever knowingly creates, publishes
or otherwise makes available a Electronic Signature Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with both.
• Section 75 – Act to apply for offence or contraventions committed outside India
1. Subject to the provisions of sub-section (2), the provisions of this Act shall apply
also to any offence or contravention committed outside India by any person
irrespective of his nationality.
2. For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involves a computer, computer system
or computer network located in India.
2
60
12. Forensic Investigation under The Insolvency and Bankruptcy Code, 2016
12. FORENSIC INVESTIGATION UNDER

THE INSOLVENCY AND BANKRUPTCY CODE, 2016
The Insolvency and Bankruptcy Code, 2016, (referred to hereinafter as “the Code”) is the
option resorted to by the financial and the operational creditors of a corporate debtor, in the
cases of non-payment of debt due.
The Code not only prescribes the procedures to be followed in case of the insolvency/ non
payment of dues of the debtor, it also describes the transactions that are prejudicial to the
general interests of the stakeholders. The Code specifically deals with transactions which
are preferential, undervalued, entered into with the purpose of defrauding the creditors or
extortionate credit transactions.
The following sections of the Code deal with the specific transactions:
Section 43: Preferential Transactions
Section 47: Application by creditors in case of Undervalued Transactions
Section 49: Transactions defrauding creditors
Section 50: Extortionate Credit Transactions
As per the Code and the Regulations issued thereto, the insolvency professional, who works
as the interim resolution professional, the resolution professional or the liquidator, as per
the stage of ongoing resolution process, has to form an opinion, on or before the 75th day
of the insolvency commencement date, whether the corporate debtor has been subjected to
any preferential transactions, undervalued transactions, extortionate credit transactions or
fraudulent transactions. If the resolution professional is convinced that such a transaction
has taken place, he shall make a determination on or before the 115th day of the insolvency
commencement date, under intimation to the Board and apply to Adjudicating Authority for
appropriate relief on or before the 135th day.
PREFERENTIAL TRANSACTIONS
The Resolution professional or the liquidator, as the case may be, is of the opinion that the
corporate debtor has, at any given time, given preference to any persons, he can apply to the
Adjudicating Authority for the avoidance of such preferential transactions.
As per Section 45(2) of the Code, the corporate debtors shall be deemed to have given
preference, when there is a transfer of property or an interest thereof of the corporate debtor,
for the benefit of a creditor or a surety or guarantor for a financial/operational debt or other
liabilities outstanding, and the transfer so made, puts the creditor, guarantor or the surety in
61
a better position than he would have been in the event of distribution of assets in accordance
of Section 53.
Also, for the transaction to be termed as a preferential transaction, the above mentioned
transfers should have been made to a related party, other than the employee, of the corporate
debtor within the period of two years preceding the insolvency commencement date and
for the parties other than the related party of the corporate debtor, such transaction should
have been entered during the one year period, immediately preceding the insolvency
commencement date.
Wherever a preferential transaction is proved, as per Section 44, the adjudicating authority
may pass such an order, so as to reverse the effect of the preferential transaction and require
the interests in the property restored to the corporate debtor.
The provision to the section states that any order under this section shall not affect any
interest in property which was acquired from a person other than the corporate debtor or
any interest derived from such interest and was acquired in good faith and for value and
require a person, who received a benefit from the preferential transaction in good faith and
for value to pay a sum to the liquidator or the resolution professional.
Also, the explanations to the section 44 clarifies that, where a person, who has acquired an
interest in property from another person other than the corporate debtor, or who has received
a benefit from the preference or such another person to whom the corporate debtor gave
the preference, had sufficient information of the initiation or commencement of insolvency
resolution process of the corporate debtor or is a related party, it shall be presumed that the
interest was acquired, or the benefit was received otherwise than in good faith unless the
contrary is shown.
It is also clarified that a person shall be deemed to have sufficient information or opportunity
to avail such information if a public announcement regarding the corporate insolvency
resolution process has been made under section 13.
UNDERVALUED TRANSACTIONS
As per section 45 of the Code, a transaction shall be considered undervalued where the
corporate debtor makes a gift to a person; or enters into a transaction with a person which
involves the transfer of one or more assets by the corporate debtor for a consideration the
value of which is significantly less than the value of the consideration provided by the
corporate debtor, and such transaction has not taken place in the ordinary course of business
of the corporate debtor.
For such transaction, to be declared void and the effect of the transaction to be reversed, the
transaction should have occurred within a period of one year prior to the commencement
of the insolvency resolution process. In case of the occurrence of such transaction with the
related party, the period covered is of two years preceding the insolvency commencement
date.
62
If the liquidator or the resolution professional, as the case may be, on an examination of the
transactions of the corporate debtor determines that certain transactions were made during
the relevant period, as mentioned in above para, which were undervalued, he shall make an
application to the Adjudicating Authority to declare such transactions as void and reverse
the effect of such transaction.
The Adjudicating Authority may require an independent expert to assess evidence relating
to the value of the transactions in case of undervalued transactions.
The Code, in case of undervalued transactions, if the liquidator or the resolution
professional has not reported such transactions to the Adjudicating Authority, a creditor,
member or a partner of a corporate debtor, as the case may be, may make an application
to the Adjudicating Authority to declare such transactions void and reverse their effect in
accordance with section 47 of the Code.
On examination of such application, If the Adjudicating Authority is satisfied that
undervalued transactions had occurred and the liquidator or the resolution professional,
as the case may be, after having sufficient information or opportunity to avail information
of such transactions did not report such transaction to the Adjudicating Authority, it shall
pass an order restoring the position as it existed before such transactions and reversing the
effects thereof. It shall also require the Board to initiate disciplinary proceedings against the
liquidator or the resolution professional as the case may be.
TRANSACTIONS DEFRAUDING CREDITORS

Section 49 of the Code provides that, where the corporate debtor has entered into an
undervalued transaction as referred to in section 45(2) of the Code, and the Adjudicating
Authority is satisfied that such transaction was deliberately entered into by such corporate
debtor for keeping assets of the corporate debtor beyond the reach of any person who is
entitled to make a claim against the corporate debtor in order to adversely affect the interests
of such a person in relation to the claim, the Adjudicating Authority shall make an order
restoring the position as it existed before such transaction as if the transaction had not been
entered into and protecting the interests of persons who are victims of such transactions.
But the section also provides that an order under this section shall not affect any interest
in property which was acquired from a person other than the corporate debtor and was
acquired in good faith, for value and without notice of the relevant circumstances, or affect
any interest deriving from such an interest and shall not require a person who received
the benefit from the transaction in good faith, for value and without notice of the relevant
circumstances to pay any sum unless he was a party to the transaction.
EXTORTIONATE CREDIT TRANSACTIONS

Section 50 of the Code provides that, where the corporate debtor has been a party to an
extortionate credit transaction involving the receipt of financial or operational debt during
the period within two years preceding the insolvency commencement date, the liquidator
or the resolution professional as the case may be, may make an application for avoidance
63
of such transaction to the Adjudicating Authority if the terms of such transaction required
exorbitant payments to be made by the corporate debtor.
The explanation to the section also clarifies that any debt extended by any person providing
financial services which is in compliance with any law for the time being in force in relation
to such debt shall in no event be considered as an extortionate credit transaction.
On examination of such application, if the Adjudicating Authority is satisfied that the terms
of a credit transaction required exorbitant payments to be made by the corporate debtor, it
shall pass an order to restore the position as it existed prior to such transaction. It may also,
by order, set aside the whole or part of the debt created on account of the extortionate credit
transaction or modify the terms of the transaction. The Adjudicating Authority may require
any person who is, or was, a party to the transaction to repay any amount received by such
person or require any security interest that was created as part of the extortionate credit
transaction to be relinquished in favour of the liquidator or the resolution professional, as
the case may be.
PENALTIES/ PUNISHMENTS FOR DEFRAUDING CREDITORS

Section 69 of the Code provides for penalties and punishments to the officers of the corporate
debtor or the corporate debtor itself, in case of their involvement in the transactions for
defrauding the creditors.
If an officer of the corporate debtor or the corporate debtor shall be punishable with
imprisonment for a term which shall not be less than one year, but which may extend to
five years, or with fine which shall not be less than one lakh rupees, but may extend to one
crore rupees, or with both, if he has been involved in any transaction undertaken so as to
defraud the creditors or affect their interest in adverse manner. But a person shall not be
punishable under this section if the said acts were committed more than five years before
the insolvency commencement date; or if he proves that, at the time of commission of those
acts, he had no intent to defraud the creditors of the corporate debtor.
The punishment and penalty are also applicable in the case of concealment or removal of
any part of the property of the corporate debtor within two months before the date of any
unsatisfied judgment, decree or order for payment of money obtained against the corporate
debtor.
Section 73 contains penalties and punishments in the case of the corporate debtor or any
officer thereof, makes false representations to the creditors. The punishment under this
section is imprisonment for a term which shall not be less than three years, but may extend
to five years or with fine which shall not be less than one lakh rupees, but may extend to
one crore rupees, or with both.
Section 73 is applicable when any officer of the corporate debtor on or after the insolvency
commencement date, makes a false representation or commits any fraud for the purpose of
obtaining the consent of the creditors of the corporate debtor or any of them to an agreement
with reference to the affairs of the corporate debtor, during the corporate insolvency
64
resolution process, or the liquidation process or prior to the insolvency commencement date,
has made any false representation, or committed any fraud, for that purpose.
Also, Section 235A of the Code provides for punishments in situations where no specific
penalty has been provided. As per the section, if any person contravenes any of the
provisions of this Code or the rules or regulations made thereunder for which no penalty or
punishment is provided in this Code, such person shall be punishable with fine which shall
not be less than one lakh rupees but which may extend to two crore rupees.
To determine whether such transactions defrauding the creditors and other stakeholders have
taken place, it is of utmost importance to undertake a forensic investigation.
2
65
13. FORENSIC INVESTIGATION UNDER

THE COMPANIES ACT, 2013
Comprehensive explanation of term Fraud is given in Explanation to Section 447(1) of The

Companies Act, 2013 as follows:
“fraud” in relation to affairs of a company or any body corporate, includes
(a) any act,
(b) omission,
(c) concealment of any fact or
(d) abuse of position committed by any person or any other person with the connivance
in any manner, –
• with intent to deceive,
• to gain undue advantage from, or
• to injure the interests of,
o the company or
o its shareholders or
o its creditors or
o any other person,
• “wrongful gain” means the gain by unlawful means of property to which the
person gaining is not legally entitled;
• “wrongful loss” means the loss by unlawful means of property to which the
person losing is legally entitled.
Statutory provisions of Fraud and Fraud Reporting under The Companies Act, 2013
Section 447 of the Companies Act, 2013 often now referred as one of the draconian section
of the new Act deals with provision relating to punishment for fraud. It reads as: “Without
prejudice to any liability including repayment of any debt under this Act or any other law for
the time being in force, any person who is found to be guilty of fraud, shall be punishable
with imprisonment for a term which shall not be less than 6 months but which may extend
to 10 years and shall also be liable to fine which shall not be less than the amount involved
in the fraud, but which may extend to 3 times the amount involved in the fraud.
66
13. Forensic Investigation under The Companies Act, 2013
Where the fraud in question involves public interest, the term of imprisonment shall not be
less than 3 years”.
The Companies Act, 2013 has provided punishment for fraud as provided under section 447
in around 20 sections of the Act e.g. u/s 7(5), 7(6), 8(11), 34, 36, 38(1), 46(5), 56(7), 66(10),
75, 140(5), 206(4), 213, 229, 251(1), 266(1), 339(3), 448 etc. for directors, key managerial
personnel, auditors and/or officers of company. Thus, the new Act goes beyond professional
liability for fraud and extends to personal liability if a company contravenes such provisions.
2
67
14. FORENSIC INVESTIGATION OF LISTED CORPORATE ENTITIES
The forensic investigation is ordered in the cases of financial frauds, to recover the defrauded
assets and to gather enough unquestionable evidence to be presented before the court of law,
so as to punish the wrong-doer.
The forensic investigation can be ordered by regulators like the Ministry of Corporate Affairs,
the Securities and Exchange Board of India or the respective stock exchange where the com-
pany has been registered.
The forensic investigation can also be ordered internally, by the board of directors of the com-
pany, for purposes of internal control and to identify any lapse thereto.
Listed below is the checklist of activities to be performed by the forensic investigator in case
of a forensic investigation assignment.
In case of internal investigation, appointment letter and scope of work from the company
should be studied and understood in detail.
In case of statutory appointment, following documents should be collected and studied, before
the initiation of the assignment.
• Letter of appointment from the regulators
• Scope of work
• Any instructions as to the methods of investigations to be implemented or any specific
accounts to be verified in depth.
• Any orders passed by SEBI
• Collect all the letters and replies submitted to SEBI, before the order was passed.
• Study all the letter and replies submitted to all the applicable authorities by the
company under investigation.
• Collect as much information as possible on the industry in which the company
functions and the general norms of the industry.
Research the company on MCA portal

• Collect all possible details about the company from the filings made with the BSE and
MCA portals.
• Run a check on other directorships and commitments of all the directors and KMPs of
the auditee.
68
14. Forensic Investigation of Listed Corporate Entities
• Check whether there are any transactions between the company under investigation
and the company which has common directors with it.
• If there are any transactions entered into, check those transaction in detail.
o Are the transactions in normal course of business?
o Are the transactions undertaken at arm’s length prices?
o Had the transactions reported in the books, actually taken place or are merely
book entries? Collect enough documentary evidence for the same.
o Were the companies with common directors, ever reported as related party?
• Check the financials and other details of the companies with common directors with
the company under investigation. Are there any suspicious transactions?
• Are there any subsidiary companies or joint ventures? If yes, verify the financials and
other details of the same.
Check the legal compliances

• Has the company complied with the SEBI (Listing Obligations and Disclosure
Requirements) Regulations, 2015?
• Are the provisions of the Companies Act, 2013 complied with? Specific focus required
on the explanation to Section 134(5)(e) of the Act.
• The Companies Act, 2013, covers directors responsibility under section 134(5),
responsibility of the auditors u/s 143 and that of the company secretaries u/s 205, 206.
Have these sections been complied with?
• Has the company complied with all the applicable accountings, cost accounting,
auditing and secretarial standards?
• Are the Auditing and Assurance standards followed by the auditors in carrying out
their assignment and preparation of reports?
• Is the functioning of the company in line with its incorporation documents?
• Are the compliances of general laws and laws specific to the industry complied with?
• Are there any disputes with any authorities?
• Are there any payments due to be made to any of the authorities outstanding?
• Are applicable labour laws, business laws, taxes on income, VAT, GST, etc. wherever
applicable, have been followed and all compliances as per those acts done in a timely
manner?
• Does the company require any permissions from any authorities to carry out its
business? has such permissions been taken?
69
• Are there any ongoing cases for /against the company under investigation with any of
the authorities? If yes, current status of the case and future action proposed to be taken.
• Is the appointment of all the officials, including directors and KMPs within the ambit of
law? Are there any discrepancies? Proper documentation of appointment entered into?
Meetings with company officials

• Understand the business model and the functioning of the company. Ask questions
to get information. Frame questions in such a manner that each question extracts
maximum possible information.
• Understand what the company officials have to say with respect to the investigation
being conducted.
• Ask for internal financial control policy and understand the same.
• The meeting with the directors, chief financial officer, compliance officer and company
secretary of the company, practicing company secretary, statutory auditors, internal
auditors, should be held separately. Each should be asked to prove that they have
disposed of their duties in the best possible manner and there has been no lapse from
their end.
• Has the company formed requisite committees of the board? Are the meetings of the
board and the committees held as per the requirements of the law at regular time
intervals? Is the composition of the committee as per the legal requirements?
Checking of the books and registers of the auditee:

All the principles and guidelines of internal and statutory audit are applicable to the forensic
investigation assignment.
• Make a list of all the books and registers that the company is required to maintain.
• Verify all the registers and books that are required to maintain.
• Check the agenda, agenda notes, notices and minutes of the meetings of the Board
of Directors and other board committees. See if all the provisions related thereto are
complied with and there are no discrepancies.
• Ledger scrutiny of the books of accounts.
• Collect the yearly financial statements, annual report, tax audit report, secretarial audit
report, cashflow statements of the company under investigation.
• Collect and verify all the contracts entered into by the company. Proper documentation
for all the loans taken or advances made, documents for day to day purchase/sale/
provision of services, etc.
• In case of loans and advances, verify that they are made in the due course of business
at rates of interest in line with the existing market rates and the said transactions are
not prejudicial to the business as a whole or to any class of stakeholders in particular.
70
14. Forensic Investigation of Listed Corporate Entities
• Verify that all the accounts making up the total trade receivables and payables are
active and not dormant.
• Verify that all the transactions are reported in the books of accounts and no transactions
are directly set off against one another, without bringing them to the books.
• Verify the fixed assets register and also physically verify the fixed assets.
• Verify the share capital account and see if there are any new issues of shares,
debentures, preferential allotment, rights issue, etc. if any such issues are made, check
if proper procedures were followed and all the statutory compliances made. Thereafter
verify how much fund was raised and where is it used/proposed to be used.
• Check the reserves account. If there are accumulated losses, dig out the information
on the same, as in when were the losses incurred? Reason for the loss, if it is ongoing,
what steps has the management taken in order to reduce the losses and to keep them
in check.
• Verify the items falling under the head current liabilities.
• Check whether there are any contingent liabilities. Gather information as to the chances
of contingent liability becoming a liability and if they should be reclassified.
• Are investments shown at fair value?
• Verify whether appropriate provisions are made for probable losses.
In forensic investigation, before a report can be made or an opinion be expressed, it is of
utmost importance for the investigator, to know the business of the company and all the
events that have occurred during its life, like the back of his hand. With the company
knowledge and appropriate technical knowledge of the laws of the land, a forensic
investigation can be successfully completed.
2
71
15. LAWS GOVERNING FRAUDS WORLDWIDE
Fraud law covers a broad range of crimes and civil tort actions that address situations in
which a person wrongfully obtains money, property, or other benefits by deceit. In the
criminal context, fraud is typically charged as a felony, meaning that a conviction can
result in a year or more of incarceration. Criminal penalties can also include statutory fines,
restitution (victim reimbursement), community service, as well as the loss of civil rights
associated with a felony conviction. In civil court, financial compensation is generally the
plaintiff’s sole remedy. Fraud cases can be brought in either state or federal court.
UNITED KINGDOM
The Fraud Act, 2006 – United Kingdom
The Fraud Act came into force on the 15th January 2007. By introducing a general offence of
“fraud”, the aim was to simplify the law by replacing the various deception offences under
the Theft Act, 1968. This new general offence of fraud is set out in section 1 of the Act. It
can be committed in three ways:
• Fraud by false representation;
• Fraud by failing to disclose information;
• Fraud by abuse of position.
A person who is guilty of fraud is liable on conviction on indictment to imprisonment for a
term not exceeding 10 years or to a fine (or both).
Each offence in the Fraud Act 2006 is a conduct offence, complete on the accused’s acts
notwithstanding any result caused. So, there is no need to prove a result of any kind, it is
sufficient that the person intends to cause loss or make a gain.
• “Fraud by false representation” is defined by Section 2 of the Act as a case where a
person makes “any representation as to fact or law ... express or implied” which they
know to be untrue or misleading.
• “Fraud by failing to disclose information” is defined by Section 3 of the Act as a case
where a person fails to disclose any information to a third party when they are under
a legal duty to disclose such information.
• “Fraud by abuse of position” is defined by Section 4 of the Act as a case where a
person occupies a position where they are expected to safeguard the financial interests
of another person, and abuses that position; this includes cases where the abuse
consisted of an omission rather than an overt act.
72
15. Laws Governing Frauds Worldwide
In all three classes of fraud, it requires that for an offence to have occurred, the person must
have acted dishonestly, and that they had to have acted with the intent of making a gain for
themselves or anyone else, or inflicting a loss (or a risk of loss) on another.
A “gain” or a “loss” is defined to consist only of a gain or a loss in money or property
(including intangible property), but could be temporary or permanent. A “gain” could be
construed as gaining by keeping their existing possessions, not just by obtaining new ones,
and loss included losses of expected acquisitions, as well as losses of already-held property.
The Act will establish two “supporting” offences, these being the possession of articles for
use in frauds (Section 6) and the making or supplying of articles for use in frauds (Section 7).
Section 11 of the Act makes it a statutory offence to obtain services dishonestly; meaning
that services which were to be paid for were obtained with the knowledge or intention
that no payment would be made. A person found guilty of this will be liable to a fine or
imprisonment for up to twelve months on summary conviction (six months in Northern
Ireland), or a fine or imprisonment for up to five years on conviction on indictment.
In regard to the fraudulent behaviour of companies, the existing offence of participating in
fraudulent business carried on by a company, provided for by the Companies Act 1985, was
amended by Section 10 - bringing the maximum penalty from 7 years imprisonment to 10
years [And/or a fine] - and a new offence of participating in fraudulent business carried on
by a sole trader was established by Section 9.
Section 12 of the Act provides that where an offence against the Act was committed by
a body corporate, but was carried out with the “consent or connivance” of any director,
manager, secretary or officer of the body - or any person purporting to be such - then that
person, as well as the body itself, is liable.
The Bribery Act, 2010

The Bribery Act 2010 was introduced to update and enhance UK law on bribery including
foreign bribery in order to address better the requirements of the 1997 OECD anti‐bribery
Convention. It is now among the strictest legislation internationally on bribery. Notably, it
introduces a new strict liability offence for companies and partnerships of failing to prevent
bribery.
The introduction of this new corporate criminal offence places a burden of proof on
companies to show they have adequate procedures in place to prevent bribery. The Bribery
Act also provides for strict penalties for active and passive bribery by individuals as well as
companies.
The crime of bribery is described in Section 1 as occurring when a person offers, gives
or promises to give a “financial or other advantage” to another individual in exchange for
“improperly” performing a “relevant function or activity”.
The Bribery Act creates four prime offences:
• Two general offences covering the offering, promising or giving of an advantage, and
requesting, agreeing to receive or accepting of an advantage;
73
• A discrete offence of bribery of a foreign public official; and

• A new offence of failure by a commercial organisation to prevent a bribe being paid
to obtain or retain business or a business advantage (should an offence be committed,
it will be a defence that the organisation has adequate procedures in place to prevent
bribery).
The Bribery Act is legislation of great significance for companies incorporated in or carrying
on business in the UK. It presents heightened liability risks for companies, directors and
individuals. To avoid corporate liability for bribery, companies must make sure that they
have strong, up-to-date and effective anti-bribery policies and systems.
The Bribery Act unlike previous legislation places strict liability upon companies for failure
to prevent bribes being given (active bribery) and the only defence is that the company had
in place adequate procedures designed to prevent persons associated with it from undertaking
bribery.
The Bribery Act has extra-territorial reach both for UK companies operating abroad and for
overseas companies with a presence in the UK.
UK companies doing business overseas -
Companies registered in the UK must take note of the extra-territorial reach of the Bribery
Act. A company can commit an offence under section 7 of failure to prevent bribery if an
employee, subsidiary, agent or service provider (‘associated persons’) bribes another person
anywhere in the world to obtain or retain business or a business advantage.
A foreign subsidiary of a UK company can cause the parent company to become liable under
section 7 when the subsidiary commits an act of bribery in the context of performing services
for the UK parent. If the foreign subsidiary were acting entirely on its own account it would
not cause the UK parent to be liable for failure to prevent bribery under section 7 as it would
not then be performing services for the UK parent.
However, the UK parent might still be liable for the actions of its subsidiary in other ways
such as false accounting offences or under the Proceeds of Crime Act 2002.
Foreign companies with operations in the UK -
The Bribery Act has important implications for foreign companies which do business in the
UK as its territorial scope is extensive. The corporate offence set out in Section 7 of failure
to prevent bribery in the course of business applies to any relevant commercial organisation
defined as a body incorporated under the law of the United Kingdom (or United Kingdom
registered partnership) and any overseas entity that carries on a business or part of a business
in the United Kingdom.
A foreign company which carries on any part of its business in the UK could be prosecuted
for failure to prevent bribery even where the bribery takes place wholly outside the UK and
the benefit or advantage to the company is intended to accrue outside the UK.
74
Section 11 explains the penalties for individuals and companies found guilty of committing a
crime. If an individual is found guilty of a bribery offence, tried as a summary offence, they
may be imprisoned for up to 12 months and fined up to £5,000. Someone found guilty on
indictment, however, faces up to 10 years’ imprisonment and an unlimited fine. The crime
of a commercial organisation failing to prevent bribery is punishable by an unlimited fine.
In addition, a convicted individual or organisation may be subject to a confiscation order
under the Proceeds of Crime Act 2002, while a company director who is convicted may be
disqualified under the Company Directors Disqualification Act 1986.
(The Proceeds of Crime Act 2002 (c.29) (POCA) is an Act of the Parliament of the United
Kingdom which provides for the confiscation or civil recovery of the proceeds from crime
and contains the principal money laundering legislation in the UK.)
Serious Fraud Office (United Kingdom)

http://www.sfo.gov.uk/
The Serious Fraud Office (SFO) is an independent UK Government department that
investigates and prosecutes serious or complex fraud and corruption. Accountable to the
Attorney General, it has jurisdiction over England, Wales and Northern Ireland and assists
a number of overseas investigations by obtaining information from UK sources. Section 2
of the Criminal Justice Act, 1987 grants the SFO special compulsory powers to require any
person (or business/bank) to provide any relevant documents (including confidential ones)
and answer any relevant questions including ones about confidential matters.
The SFO is also the principal enforcer of the Bribery Act 2010, which has been designed to
encourage good corporate governance and enhance the reputation of the City of London and
the UK as a safe place to do business.
The SFO is a specialist organisation that investigates only the most serious types of economic
crime. As a result, a potential case must meet certain criteria before it is taken on. These
criteria include whether -
• the value of the alleged fraud is more than £1 million
• there is a significant international dimension
• the case is likely to be of widespread public concern
• the requires highly specialised knowledge, for example, of financial markets
• the SFO’s special powers need to be used
The SFO is unique in that its role is to both investigate and prosecute. Its case teams are
therefore made up of investigators, lawyers, law clerks and Forensic Investigators.
National Fraud Authority (NFA)

https://www.gov.uk/government/organisations/national-fraud-authority
75
The National Fraud Authority is an executive agency of the United Kingdom Home Office
responsible for increasing protection for the UK economy from the harm caused by fraud.
The NFA works with a wide range of partners with the aim of making fraud more difficult
to commit in the UK. Formerly the National Strategic Fraud Authority, it was set up in
October 2008 in response to the government’s Fraud Review in 2006. It concluded that fraud
is a significantly under-reported crime, and while various agencies and organisations were
attempting to tackle the issue, greater co-operation was needed to achieve a real impact
within the public sector. The scale of the problem pointed to the need to bring together the
numerous counter-fraud initiatives that existed, which is when the NFA was formed.
The NFA works to tackle frauds across the spectrum, but also works on fraud types and
fraud issues that are a notable problem. These include identity fraud, mortgage fraud,
accommodation addresses, mass marketing fraud and fraud affecting small and medium sized
businesses. The NFA also produces the Annual Fraud Indicator, which estimates the cost of
fraud. Working with the charity, Victim Support, the NFA has also done some significant
work with victims, to ensure they receive the support they deserve if they have been a victim
of the crime.
Action Fraud is the UK’s national fraud reporting service, run by a private sector company
called bss for the National Fraud Authority. Action Fraud is the place to go to get information
and advice about fraud, as well as to report fraud. UK citizens can report fraud online
(such as forwarding scam emails for inspection) or by telephone. When a fraud is reported
to Action Fraud, victims are given a crime reference number and their case is passed on to
the National Fraud Intelligence Bureau (NFIB), which is run by the City of London’s police
service. The Action Fraud website also has an A-Z of fraud describing different types of
fraud, and offers prevention advice.
The National Fraud Authority publishes the Annual Fraud Indicator every year, which is the
UK’s comprehensive estimate of how much fraud costs the UK. The annual fraud indicator
for 2012 was published in March 2012, and estimated that fraud would cost the UK over
£73 billion that year. This was up from £38 billion in 2011. When broken down by sector,
the indicator revealed that fraud losses to the public sector amounted to £20.3 billion, the
private sector lost £45.5 billion, the not-for-profit sector lost £1.1 billion and individuals lost
£6.1 billion.
CIFAS The UK’s Fraud Prevention Service

http://www.cifas.org.uk/
CIFAS is a not-for-profit membership association representing the private and public sectors.
CIFAS is dedicated to the prevention of fraud, including staff fraud, and the identification of
financial and related crime. CIFAS operates two databases:
• National Fraud Database (NFD)
• Staff Fraud Database (SFD)
76
CIFAS has 290 Member organisations spread across various business sectors. These include
financial services, retail, telecommunications, customer service centres, call centres and
public services. Although at present CIFAS Members are predominantly private sector
organisations, public sector bodies may also share fraud data reciprocally through CIFAS to
prevent fraud.
Members share information about confirmed frauds in the fight to prevent further fraud.
CIFAS is unique and was the world’s first not-for-profit fraud prevention data sharing
organisation. Since CIFAS was founded, CIFAS Members have prevented fraud losses to their
organisations worth over £8 billion by sharing fraud data.
CIFAS AIMS TO:

• Build on crime prevention data sharing to encompass both the private and public
sectors in the public interest.
• Protect the interests of CIFAS Members from the actions of criminals by pooling
information on fraud and prevented fraud.
• Ensure that innocent members of the public who are the victims of fraud are not
prejudiced by the misuse of their identities and documentation.
UNITED STATES OF AMERICA

Foreign Corrupt Practices Act, 1977 – United States of America
The Foreign Corrupt Practices Act of 1977 (FCPA) is a United States federal law known
primarily for two of its main provisions, one that addresses accounting transparency
requirements under the Securities Exchange Act of 1934 and another concerning bribery of
foreign officials.
As a result of U.S. Securities and Exchange Commission investigations in the mid-1970s,
over 400 U.S. companies admitted making questionable or illegal payments in excess of
$300 million to foreign government officials, politicians, and political parties. The abuses
ran the gamut from bribery of high foreign officials to secure some type of favourable action
by a foreign government to so-called facilitating payments that were made to ensure that
government functionaries discharged certain ministerial or clerical duties. One major example
was the Lockheed bribery scandals, in which officials of aerospace company Lockheed paid
foreign officials to favour their company’s products. Another was the Banana gate scandal
in which Chiquita Brands had bribed the President of Honduras to lower taxes. Congress
enacted the FCPA to bring a halt to the bribery of foreign officials and to restore public
confidence in the integrity of the American business system.
The Act was signed into law by President Jimmy Carter on December 19, 1977, and amended
in 1998 by the International Anti-Bribery Act of 1998 which was designed to implement the
anti-bribery conventions of the Organization for Economic Co-operation and Development.
The FCPA applies to any person who has a certain degree of connection to the United States
and engages in foreign corrupt practices. The Act also applies to any act by U.S. businesses,
77
foreign corporations trading securities in the United States, American nationals, citizens,
and residents acting in furtherance of a foreign corrupt practice whether or not they are
physically present in the United States. In the case of foreign natural and legal persons, the
Act covers their actions if they are in the United States at the time of the corrupt conduct.
Further, the Act governs not only payments to foreign officials, candidates, and parties,
but any other recipient if part of the bribe is ultimately attributable to a foreign official,
candidate, or party. These payments are not restricted to just monetary forms and may
include anything of value.
Persons subject to FCPA –
• Issuers
Includes any U.S. or foreign corporation that has a class of securities registered, or that
is required to file reports under the Securities and Exchange Act of 1934
• Domestic concerns
Refers to any individual who is a citizen, national, or resident of the United States and
any corporation and other business entity organized under the laws of the United States
or of any individual US State, or having its principal place of business in the United
States
• Any person
covers both enterprises and individuals
The anti-bribery provisions of the FCPA make it unlawful for a U.S. person, and certain
foreign issuers of securities, to make a payment to a foreign official for the purpose of
obtaining or retaining business for or with, or directing business to, any person. Since
1998, they also apply to foreign firms and persons who take any act in furtherance of such
a corrupt payment while in the United States. The meaning of foreign official is broad.
For example, an owner of a bank who is also the minister of finance would count as a
foreign official according to the U.S. government. Doctors at government-owned or managed
hospitals are also considered to be foreign officials under the FCPA, as is anyone working
for a government-owned or managed institution or enterprise. Employees of international
organizations such as the United Nations are also considered to be foreign officials under
the FCPA. There is no materiality to this act, making it illegal to offer anything of value as a
bribe, including cash or non-cash items. The government focuses on the intent of the bribery
rather than on the amount.
The FCPA also requires companies whose securities are listed in the United States to meet
its accounting provisions. These accounting provisions, which were designed to operate
in tandem with the anti-bribery provisions of the FCPA, require corporations covered by
the provisions to make and keep books and records that accurately and fairly reflect the
transactions of the corporation and to devise and maintain an adequate system of internal
accounting controls. An increasing number of corporations are taking additional steps to
protect their reputation and reducing exposure by employing the services of due diligence
78
companies. Identifying government-owned companies in an effort to identify easily

overlooked government officials is rapidly becoming a critical component of more advanced
anti-corruption programs.
Regarding payments to foreign officials, the act draws a distinction between bribery and
facilitation or “grease payments”, which may be permissible under the FCPA but may still
violate local laws. The primary distinction is that grease payments are made to an official to
expedite his performance of the duties he is already bound to perform. Payments to foreign
officials may be legal under the FCPA if the payments are permitted under the written laws
of the host country. Certain payments or reimbursements relating to product promotion may
also be permitted under the FCPA.
OECD ANTIBRIBERY CONVENTION

http://www.oecd.org/daf/anti-bribery/anti-briberyconvention/
The OECD Anti-Bribery Convention (officially Convention on Combating Bribery of Foreign
Public Officials in International Business Transactions) is a convention of the OECD aimed
at reducing corruption in developing countries by encouraging sanctions against bribery
in international business transactions carried out by companies based in the Convention
member countries. Its goal is to create a truly level playing field in today’s international
business environment.
The OECD was founded in 1961 to stimulate economic progress and world trade.
In 1989, the OECD established ad hoc working group for comparative review of national
legislations regarding the bribery of foreign public officials. In 1994, the OECD Ministerial
Council adopted the Recommendation of the Council on Bribery in International Business
Transactions; the revised recommendation was adopted in 2007. The ad hoc working group
was replaced by the OECD Working Group on Bribery in International Business Transactions.
The convention was signed on 17 December 1997 and came into force on 15 February 1999.
Countries that have signed the convention are required to put in place legislation that
criminalises the act of bribing a foreign public official. The OECD has no authority to
implement the convention, but instead monitors implementation by participating countries.
Countries are responsible for implementing laws and regulations that conform to the
convention and therefore provide for enforcement. The OECD performs its monitoring
function in a two-phased examination process. Phase I consists of a review of legislation
implementing the conventions in the member country with the goal of evaluating the
adequacy of the laws. Phase 2 assesses the effectiveness with which the legislation is applied.
The Convention is open to accession by any country which is a member of the OECD or has
become a full participant in the OECD Working Group on Bribery in International Business
Transactions. As of May 2013, 40 countries have ratified or acceded to the convention:
Presently India is not a member of the OECD Anti-Bribery Convention.
79
U.N. CONVENTION AGAINST CORRUPTION

The United Nations Convention against Corruption (UNCAC) is a multilateral convention
negotiated by members of the United Nations. It is the first global legally binding
international anti-corruption instrument. In its 71 Articles divided into 8 Chapters, UNCAC
requires that States Parties implement several anti-corruption measures which may affect
their laws, institutions and practices. These measures aim at preventing corruption,
criminalizing certain conducts, strengthening international law enforcement and judicial
cooperation, providing effective legal mechanisms for asset recovery, technical assistance and
information exchange, and mechanisms for implementation of the Convention, including the
Conference of the States Parties to the United Nations Convention against Corruption (CoSP).
The United Nations Office on Drugs and Crime (UNODC) promotes the convention and its
implementation.
2
80
16. Cyber Crime & Security Strategy for Cyber Crime
PART III
16. CYBER CRIME & SECURITY STRATEGY FOR CYBER CRIME
Businesses are increasingly the victims of cyber-attacks. These crimes are not only costly
for the companies, but can also put their very existence at risk and may provoke significant
externalities for third parties. The World Federation of Exchanges reported in July 2013
that half of the 46 exchanges it surveyed had been victims of cyber-attacks in the previous
year. In a 2013 Financial Times article, the Depository Trust and Clearing Corporation,
which processes large securities transactions for U.S. capital markets, described cybercrime
“as arguably the top systemic threat facing global financial markets and associated
infrastructure.”
Cybercrime encompasses any criminal act dealing with computers and networks (called
hacking). Additionally, cybercrime also includes traditional crimes conducted through the
Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit
card account thefts are considered to be cybercrimes when the illegal activities are committed
through the use of a computer and the Internet.
The first recorded cybercrime took place in 1820. That is not surprising considering the fact
that the abacus, which is thought to be the earliest from of a computer, has been around
since 3500 B.C.
In India, Japan and China, the era of modern computer, however, began with the analytical
engine of Charles Babbage. The first spam email took place in 1976 when it was sent out
over the ARPANT. The first virus was installed on an Apple computer in 1982 when a high
school student, Rich Skrenta, developed the EIK Cloner.
Cybercrimes can be defined as: “Offences that are committed against individuals or groups
of individuals with a criminal motive to intentionally harm the reputation of the victim or
cause physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet (networks including chat rooms, emails, notice
boards and groups) and mobile phones.
Cybercrime may threaten a person or a nation’s security and financial health. Issues
surrounding these types of crimes have become high-profile, particularly those surrounding
hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child
pornography, and child grooming.
Cyber crime violates privacy and confedetiality of information by intercepting or disclosing
it lawfully or unlawfauuly. Cybercrimes are sometimes defined from the perspective of
gender and defined ‘cybercrime against women’ as “Crimes targeted against women with
a motive to intentionally harm the victim psychologically and physically, using modern
telecommunication networks such as internet and mobile phones”.
81
Cybercrimes are not just restricted to individuals and businesses, internationally, both
governmental and non-state actors engage in cybercrimes, including espionage, financial
theft, and other cross-border crimes. Cybercrimes crossing international borders and involving
the actions of at least one nation state is sometimes referred to as cyber warfare
CYBER CRIME encompasses are large variet of crimes. Some of them are discussed below
1. Financial fraud crimes
Computer fraud or Internet fraud is any dishonest misrepresentation of fact intended to
let another to do or refrain from doing something which causes loss. In this context,
the fraud will result in obtaining a benefit by:
• Altering in an unauthorized way. This requires little technical expertise and is
common form of theft by employees altering the data before entry or entering
false data, or by entering unauthorized instructions or using unauthorized
processes;
• Altering, destroying, suppressing, or stealing output, usually to conceal
unauthorized transactions. This is difficult to detect;
• Altering or deleting stored data;
Other forms of financial fraud may be facilitated using computer systems,
including bank fraud, carding, identity theft, extortion, and theft of classified
information. These types of crime often result in the loss of private information or
monetary information.
Cyberterrorism
Government officials and information technology security specialists have documented a
significant increase in Internet problems and server scans since early 2001. Such intrusions
are part of an organized effort by cyber terrorists, foreign intelligence services, or other
groups to map potential security holes in critical systems. A cyberterrorist is someone who
intimidates or coerces a government or an organization to advance his or her political or
social objectives by launching a computer-based attack against computers, networks, or the
information stored on them.
Cyberterrorism in general can be defined as an act of terrorism committed through the use
of cyberspace or computer resources . As such, a simple propaganda piece in the Internet
that there will be bomb attacks during the holidays can be considered cyberterrorism. There
are also hacking activities directed towards individuals, families, organized by groups within
networks, tending to cause fear among people, demonstrate power, collecting information
relevant for ruining peoples’ lives, robberies, blackmailing etc.
Cyberextortion
Cyberextortion occurs when a website, e-mail server, or computer system is subjected to
or threatened with repeated denial of service or other attacks by malicious hackers. These
hackers demand money in return for promising to stop the attacks and to offer “protection”.
82
The cybercrime extortionists attack corporate websites and networks, crippling their ability
to operate and demanding payments to restore their service.
Cyberwarefare is the use or targeting in a battlespace or warfare context of computers,
online control systems and networks. It involves both offensive and defensive operations
pertaining to the threat of cyber attacks, espionage and sabotage.
The attack on Estonia’s infrastructure in 2007, and the Ukraine power grid attack are
cyberattacks that shook the world posing new threats to the sovernity of nations.
CATEGORIES OF CYBER CRIME

We can categorize cybercrime in two ways
• Computer as a target: Here the computers are used as target of crime. These crimes
are committed by a selected group of criminals. Unlike crimes using the computer as
a tool, these crimes require the technical knowledge of the perpetrators e.g. Hacking,
virus/worms’ attacks, Dos attack, malware
• The computer as a weapon: When the individual is the main target of cybercrime, the
computer can be considered as the tool rather than the target. These crimes generally
involve less technical expertise. Human weaknesses are generally exploited. The
damage dealt is largely psychology and intangible, making legal action against the
variants more difficult. These are the crimes which have existed for centuries in the
offline world. Scams theft, and the likes have existed even before the development in
high-tech equipment. The same criminal has simply been given a tool which increases
their potential pool of victims and makes them all the harder to trace and apprehend.
Crimes that use computer networks or devices to advance other ends include:
Hacking
Hacking in simple terms means illegal intrusion information a computer system and/or
network. It is also known as Cracking. Government websites are the hot target of the hackers
due to the press coverage, it receives. Hackers enjoy the media coverage. Motive behind the
crime called Hackers Motive, hacking greed power, publicity, revenge, adventure desire to
access forbidden information destructive mindset wants to sell network security services.
Law & Punishment: Under The Information Technology (Amendment) Act, 2008, Section
43(a) read with section 66 is applicable and Section 379 & 406 of Indian Penal Code, 1860
also are applicable. If crime is proved under the IT Act, accused shall be punished for
imprisonment, which may extend to three years or with fine, which may extend to five lakh
rupees or both. Hacking offence is cognizable, bailable, compoundable with permission of the
court before which the prosecution of such offence is pending and triable by any magistrate
Data Theft
Data theft is growing problem, primarily perpetrated by office workers with access of
technology such computers, laptops and hand-held devices, capable of storing digital
information such as flash drives, iPods and even digital cameras. The damage caused by
83
data theft can be considerable with today’s ability to transmit very large files via e-mail, web
pages, USB devices, DVD storage and other hand-held devices. According to Information
Technology (Amendment) Act, 2008, crime of data theft under Section 43 (b) is stated as -
If any person without permission of the owner or any other person, who is in charge of a
computer, computer system of computer network - downloads, copies or extracts any data,
computer data base or information from such computer, computer system or computer
network including information or data held or stored in any removable storage medium,
then it is data theft.
43(b) read with Section 66 is applicable and under Section 379, 405 & 420 of Indian Penal
Code, 1860 also applicable. Data Theft offence is cognizable, bailable, compoundable with
permission of the court before which the prosecution of such offence is pending and triable
by any magistrate.
Email Spoofing
E-mail spoofing is e-mail activity in which the sender addresses and other parts of the e-mail
header are altered to appear as though the e-mail originated from a different source. E-mail
spoofing is sending an e-mail to another person in such a way that it appears that the e-mail
was sent by someone else. A spoof email is one that appears to originate from one source but
actually has been sent from another source. Spoofing is the act of electronically disguising
one computer as another for gaining as the password system. It is becoming so common that
you can no longer take for granted that the e-mail you are receiving is truly from the person
identified as the sender.
Email spoofing is a technique used by hackers to fraudulently send email messages in which
the sender address and other parts of the email header are altered to appear as though the
email originated from a source other than its actual source. Hackers use this method to
disguise the actual email address from which phishing and spam messages are sent and
often use email spoofing in conjunction with Web page spoofing to trick users into providing
personal and confidential information.
66-D and Section 417, 419 & 465 of Indian Penal Code, 1860 also applicable. Email spoofing
offence is cognizable, bailable, compoundable with permission of the court before which the
prosecution of such offence is pending and triable by any magistrate.
Identity Theft
Identity theft is a form of fraud or cheating of another person’s identity in which someone
pretends to be someone else by assuming that person’s identity, typically in order to access
resources or obtain credit and other benefits in that person’s name. Information Technology
(Amendment) Act, 2008, crime of identity theft under Section 66-C, whoever, fraudulently or
dishonestly make use of the electronic signature, password or any other unique identification
feature of any other person known as identity theft.
84
Identity theft is a term used to refer to fraud that involves stealing money or getting other
benefits by pretending to be someone else. The term is relatively new and is actually a
misnomer, since it is not inherently possible to steal an identity, only to use it. The person
whose identity is used can suffer various consequences when they are held responsible for
the perpetrator’s actions. At one time the only way for someone to steal somebody else’s
identity was by killing that person and taking his place. It was typically a violent crime.
However, since then, the crime has evolved and today’s white collared criminals are a lot
less brutal. But the ramifications of an identity theft are still scary.
66-C and Section 419 of Indian Penal Code, 1860 also applicable. Identity Theft offence
is cognizable, bailable, compoundable with permission of the court before which the
prosecution of such offence is pending and triable by any magistrate.
Child Pornography
The Internet is being highly used by its abusers to reach and abuse children sexually
worldwide. As more homes have access to internet, more children would be using the
internet and more are the chances of falling victim to the aggression of Paedophiles.
Paedophiles use false identity to trap the children; Paedophiles connect children in various
chat rooms which are used by children to interact with other children.
Denial of Service Attacks

This is an act by the criminals who floods the bandwidth of the victim’s network or fills his
E-mail box with spam mail depriving him of the service he is entitled to access or provide.
Many DOS attacks, such as the ping of death and Tear drop attacks.
Virus Dissemination
Viruses and Trojans are harmful programs that are loaded onto your computer without your
knowledge. The goal of these programs may be to obtain or damage information, hinder the
performance of your computer, or flood you with advertising.
Viruses spread by infecting computers and then replicating. Trojans appear as genuine
applications and then embed themselves into a computer to monitor activity and collect
information.
Using a firewall and maintaining current virus protection software can help minimise your
chances of getting viruses and inadvertently downloading Trojans.
Computer Vandalism
Damaging or destroying data rather than stealing or misusing them is called cyber vandalism.
These are program that attach themselves to a file and then circulate.
Cyber Terrorism
Terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and
hate E-mails, attacks on service network etc.
85
Software Piracy
Theft of software through the illegal copying of genuine programs or the counterfeiting and
distribution of products intended to pass for the original.
LIST OF TOP 20 COUNTRIES WITH THE HIGHEST RATE OF CYBER CRIME (SOURCE:
BUSINESS WEEK / SYMANTEC)
1. United States of America

Share of malicious computer activity: 23%
Malicious code rank: 1
Spam zombies rank: 3
Phishing web site hosts rank: 1
Bot rank: 2
Attack origin rank: 1
2. China
Bot rank: 1
3. Germany
Bot rank: 4
4. Britain
86

Bot rank: 9
5. Brazil
Bot rank: 5
6. Spain
Bot rank: 3
7. Italy
Bot rank: 6
8. France
Bot rank: 10
87
9. Turkey
Bot rank: 8
10. Poland
Bot rank: 7
11. India
Bot rank: 20
12. Russia
Bot rank: 17
88
13. Canada
Bot rank: 14
14. South Korea

Bot rank: 15
15. Taiwan
Bot rank: 11
16. Japan
Bot rank: 22
17. Mexico
89

Bot rank: 21
18. Argentina
Bot rank: 12
19. Australia
Bot rank: 27
20. Israel
Bot rank: 16
CYBER SECURITY
Cyber Security involves protection of sensitive personal and business information through
prevention, detection and response to different online attacks.
90
Privacy Policy: Before submitting your name, e-mail, address, on a website look for the sites
privacy policy.
Keep Software Up to Date: If the seller reduces patches for the software operating system
your device, install them as soon as possible. Installing them will prevent attackers form
being able to take advantage Use good password which will be difficult for thieves to guess.
Do not choose option that allows your computer to remember your passwords.
Disable Remote Connectivity: Some PDA’s and phones are equipped with wireless
technologies, such as Bluetooth, that can be used to connect to other devices or computers.
You should disable these features when they are not in use.
Advantages of Cyber Security

• Cyber security will defend us from critical attacks.
• It helps us to browse the site, website.
• Internet Security processes all the incoming and outgoing data on your computer.
• It will defend us from hacks and virus.
• Application of cyber security used in our PC needs update every week
Safety Tips to Cyber Crime

• Use antivirus Software
• Insert Firewalls
• Uninstall unnecessary software
• Maintain backup
• Check security settings
2
91
17. FORENSIC INVESTIGATION IN DIGITAL ENVIRONMENT
The modern digital environment offers new opportunities for both perpetrators and
investigators of fraud. In many ways, it has changed the way fraud examiners conduct
investigations, the methods internal auditors use to plan and complete work, and the
approaches external auditors take to assess risk and perform audits.
While some methods, such as online working papers, are merely computerized versions of
traditional tasks, others, such as risk analysis based on neural networks, are revolutionizing
the field. Many auditors and researchers find themselves working amid an ever-changing
workplace, with computer-based methods leading the charge.
What are Digital Forensics?

Digital forensics (sometimes known as digital forensic science) is a branch of forensic
science encompassing the recovery and investigation of material found in digital devices,
often in relation to computer crime. The term digital forensics was originally used as a
synonym for computer forensics but has expanded to cover investigation of all devices
capable of storing digital data. With roots in the personal computing revolution of the late
1970s and early ‘80s, the discipline evolved in a haphazard manner during the 1990s, and
it was not until the early 21st century that national policies emerged.
Digital forensics investigations have a variety of applications. The most common is to support
or refute a hypothesis before criminal or civil (as part of the electronic discovery process)
courts. Forensics may also feature in the private sector; such as during internal corporate
investigations or intrusion investigation (a specialist probe into the nature and extent of an
unauthorized network intrusion).
The technical aspect of an investigation is divided into several sub-branches, relating to
the type of digital devices involved; computer forensics, network forensics, forensic data
analysis and mobile device forensics. The typical forensic process encompasses the seizure,
forensic imaging (acquisition) and analysis of digital media and the production of a report
into collected evidence.
As well as identifying direct evidence of a crime, digital forensics can be used to attribute
evidence to specific suspects, confirm alibis or statements, determine intent, identify sources
(for example, in copyright cases), or authenticate documents. Investigations are much broader
in scope than other areas of forensic analysis (where the usual aim is to provide answers to
a series of simpler questions) often involving complex time-lines or hypotheses.
History
Prior to the 1980s crimes involving computers were dealt with using existing laws. The first
computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included
92
17. Forensic Investigation in Digital Environment
legislation against the unauthorized modification or deletion of data on a computer system.

Over the next few years the range of computer crimes being committed increased, and
laws were passed to deal with issues of copyright, privacy/harassment (e.g., cyber bullying,
cyber stalking, and online predators) and child pornography. It was not until the 1980s that
federal laws began to incorporate computer offences. Canada was the first country to pass
legislation in 1983. This was followed by the US Federal Computer Fraud and Abuse Act in
1986, Australian amendments to their crimes acts in 1989 and the British Computer Abuse
Act in 1990.
Development of forensic tools

During the 1980s very few specialized digital forensic tools existed, and consequently
investigators often performed live analysis on media, examining computers from within the
operating system using existing sysadmin tools to extract evidence. This practice carried the
risk of modifying data on the disk, either inadvertently or otherwise, which led to claims of
evidence tampering. A number of tools were created during the early 1990s to address the
problem.
The need for such software was first recognized in 1989 at the Federal Law Enforcement
Training Centre, resulting in the creation of IMDUMP (by Michael White) and in 1990,
SafeBack (developed by Sydex). Similar software was developed in other countries; DIBS
(a hardware and software solution) was released commercially in the UK in 1991, and Rob
McKemmish released Fixed Disk Image free to Australian law enforcement. These tools
allowed examiners to create an exact copy of a piece of digital media to work on, leaving the
original disk intact for verification. By the end of the ‘90s, as demand for digital evidence
grew more advanced commercial tools such as En Case and FTK were developed, allowing
analysts to examine copies of media without using any live forensics. More recently, a trend
towards “live memory forensics” has grown resulting in the availability of tools such as
Windows SCOPE.
More recently the same progression of tool development has occurred for mobile devices;
initially investigators accessed data directly on the device, but soon specialist tools such as
XRY or Radio Tactics Aceso appeared.
Forensic Process
A digital forensic investigation commonly consists of 3 stages: acquisition or exhibits,
analysis, and reporting. Ideally acquisition involves capturing an image of the computer’s
volatile memory (RAM) and creating an exact sector level duplicate (or “forensic duplicate”)
of the media, often using a write blocking device to prevent modification of the original.
However, the growth in size of storage media and developments such as cloud computing
have led to more use of ‘live’ acquisitions whereby a ‘logical’ copy of the data is acquired
rather than a complete image of the physical storage device. Both acquired image (or logical
copy) and original media/data are hashed (using an algorithm such as SHA-1 or MD5) and
the values compared to verify the copy is accurate.
93
There are four stages of forensics Process: -

1. Identification of Digital Evidence
2. Preservation of Digital Evidence
3. Analysis of Digital Evidence
4. Presentation of Digital Evidence
During the analysis phase an investigator recovers evidence material using a number of
different methodologies and tools. In 2002, an article in the International Journal of Digital
Evidence referred to this step as “an in-depth systematic search of evidence related to
the suspected crime.” In 2006, forensics researcher Brian Carrier described an “intuitive
procedure” in which obvious evidence is first identified and then “exhaustive searches are
conducted to start filling in the holes.”
The actual process of analysis can vary between investigations, but common methodologies
include conducting keyword searches across the digital media (within files as well as
unallocated and slack space), recovering deleted files and extraction of registry information
(for example to list user accounts, or attached USB devices).
The evidence recovered is analysed to reconstruct events or actions and to reach conclusions,
work that can often be performed by less specialised staff. When an investigation is complete
the data is presented, usually in the form of a written report, in lay persons’ terms.
Application
Digital forensics is commonly used in both criminal law and private investigation.
Traditionally it has been associated with criminal law, where evidence is collected to support
or oppose a hypothesis before the courts. As with other areas of forensics this is often as
part of a wider investigation spanning a number of disciplines. In some cases, the collected
evidence is used as a form of intelligence gathering, used for other purposes than court
proceedings (for example to locate, identify or halt other crimes). As a result, intelligence
gathering is sometimes held to a less strict forensic standard.
In civil litigation or corporate matters digital forensics forms part of the electronic discovery
(or e Discovery) process. Forensic procedures are similar to those used in criminal
investigations, often with different legal requirements and limitations. Outside of the courts
digital forensics can form a part of internal corporate investigations.
A common example might be following unauthorized network intrusion. A specialist forensic
examination into the nature and extent of the attack is performed as a damage limitation
exercise. Both to establish the extent of any intrusion and in an attempt to identify the
attacker. Such attacks were commonly conducted over phone lines during the 1980s, but in
the modern era are usually propagated over the Internet.
The main focus of digital forensics investigations is to recover objective held in digital
devices can help with other areas of inquiry.
94
Attribution
Meta data and other logs can be used to attribute actions to an individual. For example,
personal documents on a computer drive might identify its owner.
Alibis and statements

Information provided by those involved can be cross checked with digital evidence. For
example, during the investigation into the Soham murders the offender’s alibi was disproved
when mobile phone records of the person he claimed to be with showed she was out of town
at the time.
Intent
As well as finding objective evidence of a crime being committed, investigations can also
be used to prove the intent (known by the legal term men’s rea). For example, the Internet
history of convicted killer Neil Entwistle included references to a site discussing How to kill
people.
Evaluation of source
File artefacts and meta-data can be used to identify the origin of a particular piece of data;
for example, older versions of Microsoft Word embedded a Global Unique Identifier into files
which identified the computer it had been created on. Proving whether a file was produced
on the digital device being examined or obtained from elsewhere (e.g., the Internet) can be
very important.
Document authentication
Related to “Evaluation of source,” meta data associated with digital documents can be easily
modified (for example, by changing the computer clock you can affect the creation date of a
file). Document authentication relates to detecting and identifying falsification of such details.
Limitations
One major limitation to a forensic investigation is the use of encryption; this disrupts initial
examination where pertinent evidence might be located using keywords. Laws to compel
individuals to disclose encryption keys are still relatively new and controversial.
Legal Considerations
The examination of digital media is covered by national and international legislation.
For civil investigations, in particular, laws may restrict the abilities of analysts to
undertake examinations. Restrictions against network monitoring, or reading of personal
communications often exist. During criminal investigation, national laws restrict how much
information can be seized. For example, in the United Kingdom seizure of evidence by
law enforcement is governed by the PACE act. During its existence early in the field, the
“International Organization on Computer Evidence” (IOCE) was one agency that worked to
establish compatible international standards for the seizure of evidence.
95
In the UK the same laws covering computer crime can also affect forensic investigators. The
1990 computer misuse act legislates against unauthorized access to computer material; this is
a particular concern for civil investigators who have more limitations than law enforcement.
An individual’s right to privacy is one area of digital forensics which is still largely
undecided by courts. The US Electronic Communications Privacy Act places limitations on
the ability of law enforcement or civil investigators to intercept and access evidence. The
act makes a distinction between stored communication (e.g. email archives) and transmitted
communication (such as VOIP). The latter, being considered more of a privacy invasion, is
harder to obtain a warrant for. The ECPA also affects the ability of companies to investigate
the computers and communications of their employees, an aspect that is still under debate
as to the extent to which a company can perform such monitoring.
Article 5 of the European Convention on Human Rights asserts similar privacy limitations
to the ECPA and limits the processing and sharing of personal data both within the EU
and with external countries. The ability of UK law enforcement to conduct digital forensics
investigations is legislated by the Regulation of Investigatory Powers Act.
Digital evidence
When used in a court of law digital evidence falls under the same legal guidelines as other
forms of evidence; courts do not usually require more stringent guidelines. In the United
States the Federal Rules of Evidence are used to evaluate the admissibility of digital evidence,
the United Kingdom PACE and Civil Evidence acts have similar guidelines and many other
countries have their own laws. US federal laws restrict seizures to items with only obvious
evidential value. This is acknowledged as not always being possible to establish with digital
media prior to an examination
Laws dealing with digital evidence are concerned with two issues: integrity and authenticity.
Integrity is ensuring that the act of seizing and acquiring digital media does not modify the
evidence (either the original or the copy). Authenticity refers to the ability to confirm the
integrity of information; for example, that the imaged media matches the original evidence.
The ease with which digital media can be modified means that documenting the chain of
custody from the crime scene, through analysis and, ultimately, to the court, (a form of audit
trail) is important to establish the authenticity of evidence.
Digital investigators, particularly in criminal investigations, have to ensure that conclusions
are based upon factual evidence and their own expert knowledge. In the US, for example,
Federal Rules of Evidence state that a qualified expert may testify “in the form of an opinion
or otherwise” so long as:
(1) The testimony is based upon sufficient facts or data, (2) the testimony is the product
of reliable principles and methods, and (3) the witness has applied the principles and
methods reliably to the facts of the case.
The sub-branches of digital forensics may each have their own specific guidelines for the
conduct of investigations and the handling of evidence. In the UK forensic examination of
computers in criminal matters is subject to ACPO guidelines. There are also international
96
approaches to providing guidance on how to handle electronic evidence. The “Electronic

Evidence Guide” by the Council of Europe offers a framework for law enforcement and
judicial authorities in countries who seek to set up or enhance their own guidelines for the
identification and handling of electronic evidence.
Investigative tools
The admissibility of digital evidence relies on the tools used to extract it. In the US, forensic
tools are subjected to the Daubert standard, where the judge is responsible for ensuring that
the processes and software used were acceptable. In a 2003 paper Brian Carrier argued that
the Daubert guidelines required the code of forensic tools to be published and peer reviewed.
He concluded that “open source tools may more clearly and comprehensively meet the
guideline requirements than would close source tools.”
Branches
Digital forensics includes several sub-branches relating to the investigation of various types
of devices, media or artefacts.
Mobile device forensics

Mobile device forensics is a sub-branch of digital forensics relating to recovery of digital
evidence or data from a mobile device. It differs from Computer forensics in that a mobile
device will have an inbuilt communication system (e.g. GSM) and, usually, proprietary
storage mechanisms. Investigations usually focus on simple data such as call data and
communications (SMS/Email) rather than in-depth recovery of deleted data. Mobile devices
are also useful for providing location information; either from inbuilt gps/location tracking
or via cell site logs, which track the devices within their range.
Network forensics
Network forensics is concerned with the monitoring and analysis of computer network traffic,
both local and WAN/internet, for the purposes of information gathering, evidence collection,
or intrusion detection. Traffic is usually intercepted at the packet level, and either stored for
later analysis or filtered in real-time. Unlike other areas of digital forensics network data is
often volatile and rarely logged, making the discipline often reactionary.
Process Models
There have been many attempts to develop a process model but so far none have been
universally accepted. Part of the reason for this may be due to the fact that many of the
process models were designed for a specific environment, such as law enforcement, and they
therefore could not be readily applied in other environments such as incident response. This
is a list of the main models since 2001 in chronological order:
1. The Abstract Digital Forensic Model (Reith, et al., 2002)
2. The Integrated Digital Investigative Process (Carrier & Spafford, 2003)
3. An Extended Model of Cybercrime Investigations (Ciardhuain, 2004)
97
4. The Enhanced Digital Investigation Process Model (Baryamureeba & Tushabe, 2004)
5. The Digital Crime Scene Analysis Model (Rogers, 2004)
6. A Hierarchical, Objectives-Based Framework for the Digital Investigations Process (Beebe
& Clark, 2004)
7. Framework for a Digital Investigation (Kohn, et al., 2006)
8. The Four Step Forensic Process (Kent, et al., 2006)
9. FORZA - Digital forensics investigation framework (Ieong, 2006)
10. Process Flows for Cyber Forensics Training and Operations (Venter, 2006)
11. The Common Process Model (Freiling & Schwittay, (2007)
12. The Two-Dimensional Evidence Reliability Amplification Process Model (Khatir, et al.,
2008)
13. The Digital Forensic Investigations Framework (Selamat, et al., 2008)
14. The Systematic Digital Forensic Investigation Model (SRDFIM) (Agarwal, et al., 2011)
Seizure
Prior to the actual examination digital media will be seized. In criminal cases this will often
be performed by law enforcement personnel trained as technicians to ensure the preservation
of evidence. In civil matters it will usually be a company officer, often untrained. Various
laws cover the seizure of material. In criminal matters law related to search warrants is
applicable. In civil proceedings the assumption is that a company is able to investigate their
own equipment without a warrant, so long as the privacy and human rights of employees
are observed.
Acquisition
Once exhibits have been seized an exact sector level duplicate (or “forensic duplicate”) of
the media is created, usually via a write blocking device, a process referred to as Imaging or
Acquisition. The duplicate is created using a hard-drive duplicator or software imaging tools
such as DCFLdd, IXimager, Guymager, TrueBack, EnCase, FTK Imager or FDAS. The original
drive is then returned to secure storage to prevent tampering.
The acquired image is verified by using the SHA-1 or MD5 hash functions. At critical points
throughout the analysis, the media is verified again, known as “hashing”, to ensure that the
evidence is still in its original state.
Analysis
After acquisition the contents of (the HDD) image files are analysed to identify evidence that
either supports or contradicts a hypothesis or for signs of tampering (to hide data). During
the analysis an investigator usually recovers evidence material using a number of different
methodologies (and tools), often beginning with recovery of deleted material. Examiners use
98
specialist tools (EnCase, ILOOKIX, FTK, etc.) to aid with viewing and recovering data. The
type of data recovered varies depending on the investigation; but examples include email,
chat logs, images, internet history or documents. The data can be recovered from accessible
disk space, deleted (unallocated) space or from within operating system cache files.
Various types of techniques are used to recover evidence, usually involving some form of
keyword searching within the acquired image file; either to identify matches to relevant
phrases or to parse out known file types. Certain files (such as graphic images) have a
specific set of bytes which identify the start and end of a file, if identified a deleted file
can be reconstructed. Many forensic tools use hash signatures to identify notable files or to
exclude known (benign) ones; acquired data is hashed and compared to pre-compiled lists
such as the Reference Data Set (RDS) from the National Software Reference Library
On most media types including standard magnetic hard disks, once data has been securely
deleted it can never be recovered. SSD Drives are specifically of interest from a forensics
viewpoint, because even after a secure-erase operation some of the data that was intended
to be secure-erased persists on the drive.
Once evidence is recovered the information is analysed to reconstruct events or actions
and to reach conclusions, work that can often be performed by less specialist staff. Digital
investigators, particularly in criminal investigations, have to ensure that conclusions are
based upon data and their own expert knowledge. In the US, for example, Federal Rules of
Evidence state that a qualified expert may testify “in the form of an opinion or otherwise”
so long as:
(1) The testimony is based upon sufficient facts or data,
(2) the testimony is the product of reliable principles and methods, and
(3) the witness has applied the principles and methods reliably to the facts of the case.
Reporting
When an investigation is completed the information is often reported in a form suitable
for non-technical individuals. Reports may also include audit information and other meta-
documentation.
When completed reports are usually passed to those commissioning the investigation, such
as law enforcement (for criminal cases) or the employing company (in civil cases), who will
then decide whether to use the evidence in court. Generally, for a criminal court, the report
package will consist of a written expert conclusion of the evidence as well as the evidence
itself (often presented on digital media).
Software of digital Forensics

1. Digital Intelligence Software
2. Access data
3. Guidance Software
99
4. Paraben Forensic Tools

5. Passware
6. Belkasoft
7. Susteen
8. Hot Pepper Technology
Digital Forensic Tools

During the 1980s, most digital forensic investigations consisted of “live analysis”, examining
digital media directly using non-specialist tools. In the 1990s, several freeware and other
proprietary tools (both hardware and software) were created to allow investigations to take
place without modifying media. This first set of tools mainly focused on computer forensics,
although in recent years similar tools have evolved for the field of mobile device forensics.
Forensic accounting software

Name Platform Description
EnCase Windows Multi-purpose forensic tool
Wireshark cross-platform Open-source packet capture/analyser, backend
library used is [win]pcap.
SANS Investigative Ubuntu Multi-purpose forensic operating system
Forensics Toolkit - SIFT
Registry Recon Windows Forensics tool that rebuilds Windows registries
from anywhere on a hard drive and parses
them for deep analysis.
EPRB Windows Set of tools for encrypted systems & data
decryption and password recovery
Digital Forensics Unix-like/ Framework and user interfaces dedicated to
Framework Windows Digital Forensics
FTK Windows Multi-purpose tool, FTK is a court-cited
digital investigations platform built for speed,
stability and ease of use.
PTK Forensics LAMP GUI for The Sleuth Kit
The Coroner’s Toolkit Unix-like A suite of programs for Unix analysis
COFEE Windows A suite of tools for Windows developed by
Microsoft
The Sleuth Kit Unix-like/ A library of tools for both Unix and Windows
Windows
Categoriser 4 Pictures Windows Image categorization tool develop, available to
law enforcement
100

Open Computer Forensics Linux Computer forensics framework for CF-Lab
Architecture environment
Safe Back N/a Digital media (evidence) acquisition and
backup
Windows to Go n/a Bootable operating system
Netherlands Forensic n/a Computer-forensic online service.
Institute / Xiraf
Memory Forensics
Memory forensics tools are used to acquire and/or analyse a computer’s volatile memory
(RAM). They are often used in incident response situations to preserve evidence in memory
that would be lost when a system is shutdown, and to quickly detect stealthy malware by
directly examining the operating system and other running software in memory.
Name Vendor/Sponsor Platform

Windows SCOPE Blue RISC Windows
Volatility Volatile Systems Windows & Linux
Mobile Device Forensics

Mobile forensics tools tend to consist of both a hardware and software component. Mobile
phones come with a diverse range of connectors; the hardware devices support a number of
different cables and perform the same role as a write blocker in computer devices.

Micro Systemation Windows Hardware/Software package, specializes in deleted
XRY/XACT data
Other
HashKeeper Windows Database application for storing file hash signatures
Evidence Windows Anti-forensics software, claims to delete files securely
Eliminator
DECAF Windows Tool which automatically executes a set of user defined
actions on detecting Microsoft’s COFEE tool
Techniques used for detection of fraud

Data Mining
In 2002, Gene Morse found around $500 million debit to a PP&E account at WorldCom. He
discovered the anomaly through searches in a custom data warehouse he had developed
101
in the Essbase multidimensional database. WorldCom would not give Morse access to full
financial systems, so he created his own warehouse and used basic data mining techniques
to search it. Using a small script and Microsoft Access, Morse followed the account through
the financial reporting system and ultimately discovered a $1.7 billion entry of capitalized
line costs in 2001.
The WorldCom fraud discovery is one example of using computer technology to search full
populations of data for anomalies, trends, and fraud. Traditional auditing uses techniques like
discovery, stratified, or random sampling to determine whether a population contains errors
(Albrecht and Albrecht, 2002). This approach works well when auditors are searching for
anomalies—unintentional errors usually caused by weaknesses in controls because anomalies
occur at regular intervals throughout the data set. In contrast, fraud intentional errors
caused by intelligent human being can occur in only a few transactions. While a sample
of a population containing anomalies should be representative, a sample of a population
containing fraud may not be representative.
Assuming a fraud is recorded in only a few transactions, a sampling rate of 5 percent results
in a 95 percent risk the fraud will not be sampled and will be missed. Fraud detection
methods should use full populations whenever possible, and since full populations can be
voluminous, they almost always require computers and data mining techniques.
Methodology
One of the assumptions that underlie traditional auditing methods is the presence of an
intelligent human being. When an auditor checks items in a sample, he or she is able to
apply human reason and common sense to transactions. Fraud investigations often start with
the auditor conducting a routine audit task, looking at a transaction, and saying, “that doesn’t
make sense.” This approach can be seen as an inductive approach; the auditor investigates
further when anomalies are found.
Data mining routines—run by computer—do not have this innate sense of normality. Queries
and scripts do exactly what they are programmed to do. They do not “dig deeper” unless
the user specifically programs them to do so. To accommodate this limitation, the fraud
hypothesis testing approach has been proposed (Albrecht, et. al., 2000). This approach has
also been labelled the deductive or proactive approach to fraud detection; it involves the
following six step approach.
Auditors gain a solid understanding of the business processes, controls, and environment.
This understanding allows them to proactively predict the frauds that might be occurring.
The team brainstorms the possible frauds that could exist in the environment they are
auditing. This might result in 50 potential schemes.
Once potential schemes are identified, the team outlines the ways these schemes would show
up in data. These indicators, or red flags, are the primary indicators that the fraud may be
occurring.
102
For each indicator, the team searches corporate databases using queries, scripts, and data
mining techniques. Any anomalous transactions are pulled for further investigation. This
could be seen as a “sample” (albeit not in the traditional sense) that should be looked at
more closely.
Auditors analyse the query results to determine possible explanations for the anomalies,
which could be fraud, weak controls, or other reasons.
The team follows up on those indicators that may be caused by fraud. These further
investigations employ additional queries or traditional means to determine the true cause of
the anomalies.
Continuous Auditing
Once computer queries and scripts are written, continuous auditing is possible. Rather than
testing on historical data (the normal audit process), tests can be programmed into live
corporate systems to provide continuous monitoring of transactions. Continuous monitoring
using information technology has been successfully used at a number of companies.
Digital Analysis
Benford’s Law works because nature produces more small things than large things. There
are more insects than large mammals, more small houses than large ones, and more small
lakes than large bodies of water. Similarly, businesses produce more transactions with small
amounts than with large amounts. Benford’s Law predicts that amounts will start with the
digit 1 more often than the digit 9, and it even provides a mathematical formula describing
the law and percentages. The digit 1 should show up about 30 percent of the time, while
the digit 9 should occur less than 5 percent of the time.
The primary limitation to Benford’s Law is business data do not always follow natural
patterns; there exist a large number of reasons that transactions may not match Benford’s
Law. Explanations like recurring fixed expenses, unusual business cycles, and assigned
amounts are often found. The author has taught digital analysis to thousands of professional
auditors; in ten years of asking participants about their success with digital analysis, only
three individuals have reported finding fraud with Benford’s Law (others have reported that
digital analysis could have been used to find already discovered frauds, but hind sight is not
prediction). In some ways, the audit field may have overestimated the usefulness of digital
analysis. But despite its limitations, Benford’s Law remains one of the most popular data
mining techniques for fraud.
Outlier Detection
One of the primary methods of detecting fraud is discovering data values that are outside the
normal course of business. For example, a kickback scheme might be the reason purchases
from one vendor are twice as high as similar purchases from another vendor.
The simplest method of outlier detection is the statistical z-score calculation. This formula,
given as (value mean)/ standard deviation, provides a simple and compact method
103
of measuring outliers. The numerator shifts each point to a zero-based scale, and the
denominator adjusts the distribution to a standard deviation of one. Once the data are
transformed into this standardized scale, generalized statements can be made. In the author’s
experience, outlier scores of 5, 8, or even 12 are often found in real world data.
At times these may be the result of non-normal distributions, but even in those cases, the
score provides an indicator to potential problems.
More advanced techniques have been used in specialized areas. For example, credit
card fraud can be discovered by identifying transactions through both unsupervised and
supervised learning. Bolton and Hand (2001) used behavioural outlier detection with
unsupervised learning to detect abnormal spending behaviour as well as increased frequency
of use. Others have used regression models, Discrete Gaussian Exponential, depth-based
techniques, distance-based techniques, and a number of other techniques to identify outliers.
Trending
In addition to comparing same period numbers from different vendors, employees, or
customers, fraud can be discovered by comparing numbers over time. Because almost all
perpetrators are greedy (Albrecht, 2008), fraud increases exponentially over time. Auditors
can easily spot an increasing trend on a line chart computer are not needed if only one
item is being audited (one employee, one vendor, etc.). The need for automation is during
the initial phase of a fraud investigation. If auditors do not know which item is increasing,
they must look through thousands of graphs to determine which item requires additional
investigation. Trending methods allow the computer to determine which trends are increasing
so the auditor can focus on those items.
One of the most basic methods of determining an increasing trend is linear regression. Once
the computer fits a line to the data, the slope and goodness of fit provide a simple measure
of trend.
2
104
18. Behavior of Fraudsters & Criminals
18. BEHAVIOR OF FRAUDSTERS & CRIMINALS

(An important tool in detecting fraud)
What is behaviour?
Behaviour or behaviour is the range of actions and mannerisms made by individuals,
organisms, systems, or artificial entities in conjunction with themselves or their environment,
which includes the other systems or organisms around as well as the (inanimate) physical
environment. It is the response of the system or organism to various stimuli or inputs,
whether internal or external, conscious or subconscious, overt or covert, and voluntary or
involuntary.
UNDERSTANDING HUMAN BEHAVIOR

Human behaviour refers to the array of every physical action and observable emotion
associated with individuals, as well as the human race as a whole. While specific traits of
one’s personality and temperament may be more consistent, other behaviours will change as
one moves from birth through adulthood. In addition to being dictated by age and genetics,
behaviour, driven in part by thoughts and feelings, is an insight into individual psyche,
revealing among other things attitudes and values. Social behaviour, a subset of human
behaviour, study the considerable influence of social interaction and culture. Additional
influences include ethics, encircling, authority, rapport, hypnosis, persuasion and coercion.
105
The behaviour of humans (and other organisms or even mechanisms) falls within a range
with some behaviour being common, some unusual, some acceptable, and some outside
acceptable limits. In sociology, behaviour in general includes actions having no meaning,
being not directed at other people, and thus all basic human actions. Behaviour in this
general sense should not be mistaken with social behaviour, which is a more advanced social
action, specifically directed at other people. The acceptability of behaviour depends heavily
upon social norms and is regulated by various means of social control. Human behaviour
is studied by the specialized academic disciplines of psychiatry, psychology, social work,
sociology, economics, and anthropology.
Human behaviour is experienced throughout an individual’s entire lifetime. It includes
the way they act based on different factors such as genetics, social norms, core faith, and
attitude. Behaviour is impacted by certain traits each individual has. The traits vary from
person to person and can produce different actions or behaviour from each person. Social
norms also impact behaviour. Due to the inherently conformist nature of human society in
general, humans are pressured into following certain rules and displaying certain behaviours
in society, which conditions the way people behave. Different behaviours are deemed to
be either acceptable or unacceptable in different societies and cultures. Core faith can be
perceived through the religion and philosophy of that individual. It shapes the way a person
thinks and this in turn results in different human behaviours. Attitude can be defined as “the
degree to which the person has a favourable or unfavourable evaluation of the behaviour in
question.” One’s attitude is essentially a reflection of the behaviour he or she will portray
in specific situations. Thus, human behaviour is greatly influenced by the attitudes we use
on a daily basis.
Factors
1. Genetics
Long before Charles Darwin published his book On the Origin of Species in 1859,
animal breeders knew that patterns of behaviour are somehow influenced by
inheritance from parents. Studies of identical twins as compared to less closely related
human beings, and of children brought up in adoptive homes, have helped scientists
understand the influence of genetics on human behaviour. The study of human
behaviour genetics is still developing steadily with new methods such as genome-wide
association studies.
2. Social norms
Social norms, the often-unspoken rules of a group, shape not just our behaviours but
also our attitudes. An individual’s behaviour varies depending on the group(s) they
are a part of, a characteristic of society that allows to norms heavily impact society.
Without social norms, human society would not function as it currently does; humans
would have to be more abstract in their behaviour, as there would not be a pre-tested
‘normal’ standardised lifestyle, and individuals would have to make many more choices
for themselves. The institutionalization of norms is, however, inherent in human
society perhaps as a direct result of the desire to be accepted by others, which leads
106
humans to manipulate their own behaviour in order to ‘fit in’ with others. Depending
on their nature and upon one’s perspective, norms can impact different sections of
society both positively (e.g. eating, dressing warm in the winter) and negatively (e.g.
racism, drug use).
3. Creativity
Creativity is assumed to be present within every individual. Without creative minds,
we would not live in a modern world like today. Creativity pushes people past
their comfort zone. For example, the Wright Brother’s invention of the first practical
fixed- wing aircraft. The aircraft first took flight in 1903, and fifty years later the
first passenger jet airliner was introduced. Creativity is what defines human beings.
Creativity has kept people alive during harsh conditions, and it has also made certain
individuals wealthy. We use creativity in our daily lives as well, such as finding a
shortcut to a destination.
4. Core faith and culture

Another important aspect of human behaviour is their “core faith”. This faith can be
manifested in the forms of religion, philosophy, culture, and/or personal belief and
often affects the way a person can behave. 80% of the United States public claims some
sort of belief in a higher power, which makes religion a large importance in society. It
is only natural for something that plays such a large role in society to have an effect
on human behaviour. Morals are another factor of core faith that affects the way a
person behaves. Emotions connected to morals including shame, pride, and discomfort
and these can change the way a person acts. Most importantly, shame and guilt have a
large impact on behaviour. Lastly, culture highly affects human behaviour. The beliefs
of certain cultures are taught to children from such a young age that they are greatly
affected as they grow up. These beliefs are taken into consideration throughout daily
life, which leads to people from different cultures acting differently. These differences
are able to alter the way different cultures and areas of the world interact and act.
5. Attitude
An attitude is an expression of favour or disfavour toward a person, place, thing,
or event. The interesting thing about an attitude and human beings is that it alters
between each individual. Everyone has a different attitude towards different things. A
main factor that determines attitude is likes and dislikes. The more one likes something
or someone the more one is willing to open up and accept what they have to offer.
When one doesn’t like something, one is more likely to get defensive and shut down.
An example of how one’s attitude affects one’s human behaviour could be as simple as
taking a child to the park or to the doctor. Children know they have fun at the park so
their attitude becomes willing and positive, but when a doctor is mentioned, they shut
down and become upset with the thought of pain. Attitudes can sculpt personalities
and the way people view who we are. People with similar attitudes tend to stick
together as interests and hobbies are common. This does not mean that people with
different attitudes do not interact, the fact is they do. What it means is that specific
107
attitudes can bring people together (e.g., religious groups). Attitudes have a lot to do
with the mind which highly relates to human behaviour. The way a human behaves
depends a lot on how they look at the situation and what they expect to gain from
it. Positive attitudes are better than negative ones as negativity can bring on negative
emotions that most of the time can be avoided. It is up to humans to make sure their
attitudes positively reflect the behaviours they want to show. This can be done by
assessing their attitudes and properly presenting them in society.
BEHAVIORAL SCIENCE
Behavioural science is the systematic analysis and investigation of human and animal
behaviour through controlled and naturalistic observation, and disciplined scientific
experimentation. It attempts to accomplish legitimate, objective conclusions through
rigorous formulations and observation. Examples of behavioural sciences include psychology,
psychobiology, criminology and cognitive science.
Categories of behavioural sciences

Behavioural sciences can be divided into two academic fields: neural (information sciences)
and social (relational sciences).
Information processing sciences deal with information processing of stimuli from the social
environment by cognitive entities, to engage in decision making, social judgment and social
perception for individual functioning and survival of organism in a social environment.
Psychology, cognitive science, psychobiology, neural networks, social cognition, social
psychology, semantic networks, ethology and social neuroscience are classified as information
processing sciences.
On the other hand, relational sciences deals with relationships, interaction, communication
networks, associations and relational strategies or dynamics among organisms or cognitive
entities in a social system. Sociological social psychology, social networks, dynamic network
analysis, agent-based model and microsimulation are classified as relational sciences.
BEHAVIORAL ROOT CAUSES OF FRAUD

Behavioural scientists have failed thus far to identify a well-defined and well-understood
psychological characteristic or a set of characteristics that are diagnostic about fraud
perpetrator propensity. At the same time, to say that ‘‘greed and dishonesty’’—a commonly
heard refrain—can account for all that went on during the ‘‘irrational exuberance’’ of the
1990s and the early 2000s or earlier eras would be overly simplistic. After all, most people in
the business world are fully law-abiding market participants—they do not necessarily resort
to fraud to achieve their stretch goals. From a criminology perspective, white collar crime,
like other crime, can best be explained by three factors: a supply of motivated offenders,
the availability of suitable targets, and the absence of capable guardians—control systems or
someone ‘‘to mind the store’’ so to speak
Criminal opportunities are presented by those vulnerable environments and opportunistically
interpretable scenarios that individuals and groups see as offering attractive potential for
108
criminal reward with little apparent risk of detection or penalty. The aggregate rate of
white-collar crime varies directly with the supply of criminal opportunities and with the
supply of individuals and organizations predisposed or motivated to exploit them; the rate
and incidence of crime varies inversely with the intensity and severity of rule enforcement.
In general, fluctuations in business cycles, and criminogenic cultures that conflict with
accepted social, ethical, and legal norms of behaviour, are correlated with increases in the
rate of white-collar crime. For instance, when there is a widespread belief that ‘‘everyone
is getting rich’’ many come to believe that to pass up any opportunity is to miss the boat.
Similarly, after noting the illegitimate earnings management misdeeds of companies such as
Enron, Nortel, and Cisco, Fuller and Jensen (2002) have commented ruefully, ‘‘Companies
do not grow in a constant fashion with each quarter’s results better than last. In the long
run conforming to pressures to satisfy the market’s desire for impossible predictability and
unwise growth leads to the destruction of corporate value, shortened careers, humiliation,
and damaged companies.’’ Along the way, it also leads otherwise honest executives to turn
to the dark side. They lie, cheat, and steal in order to relieve the immense pressure to meet
analyst expectations of unattainable performance, just to keep their jobs and, thus, for self-
preservation. It should be noted that other countries, cultures, and languages provide a
context that allows fraud to flourish in perhaps different stripes, shapes, and forms. This
is why it is necessary to bring in perspectives from economic/cultural anthropology to
understand how white-collar crime might manifest itself in other contexts.
THE FRAUD TRIANGLE

An important conceptual framework in understanding fraud is the so-called ‘‘fraud triangle,’’
loosely based on what policemen and detectives have referred to as ‘‘means, motives,
and opportunity.’’ Widely disseminated by the Association of Certified Fraud Examiners
(ACFE), the fraud triangle has three elements, viz., Perceived Incentives/Pressures, Perceived
Opportunities, and Rationalization of Fraudulent Behaviour. Not surprisingly, all three
elements of the fraud triangle are influenced by the fraud perpetrators’ psychology. After
all, personal incentives and perceived pressure drive human behaviour, and the need to
rationalize wrongdoing as being somehow defensible is very much psychologically rooted
in the notion of cognitive dissonance. To some extent, even the assessment of opportunity
including the relatively low likelihood of being caught—depends on the perpetrator’s
personal, behavioural calculus. Accordingly, when trying to understand the root causes of
fraud, it behoves us to seek psychological answers and explanations, not just logical ones.
109
• Everyone’s getting rich, so why shouldn’t I?

• Taking money is just a temporary ‘‘borrowing,’’ it will be returned when the gambling/
betting winnings materialize.
• I deserve these ‘‘perks’’ as reasonable compensation, and the company can certainly
afford it.
• This is a victimless crime, if anything, and I am not hurting anyone; in fact, what I am
doing is for a good cause!
• It is not really a serious matter.
Although the fraud triangle is a powerful conceptual tool, there are other factors such as
the basic greed and acquisitiveness, a ‘‘revenge motive’’ to make the organization pay for
perceived inequities, or a ‘‘catch me if you can’’ attitude that some white-collar criminals
exhibit, and these personality characteristics do not easily fit within the fraud triangle
framework. Similarly, the white-collar criminal’s assessment of the organization’s attitude
toward fraud even if the perpetrator is identified (e.g., organizational inertia and reluctance
to take any action, turning a blind eye, being content with a slap on the wrist, poor track
record in vigorously prosecuting fraud) gets factored into the behavioural calculus but is
not obvious as a separate descriptive category. White collar crime is notoriously difficult to
prosecute because the offenders are well connected and often are first-time offenders. Such
fraud perpetrators take extreme care to conceal their activities, destroy evidence, and disrupt
the audit trail. For all these reasons, many corporate and economic crimes are not prosecuted
despite their significant financial consequences, and white-collar crime remains a largely
unmanaged risk in organizations. When undertaking prosecution of white collar crime cases,
it is important to consider the ‘‘other fraud triangle’’ consisting of the vertices of ‘‘the act, the
concealment, and the conversion’’ to ferret out and reconstruct how the fraudulent act was
committed, what actions were taken by the fraudster to hide the audit trail or conceal his/
110
her tracks, and eventually how s/he (as well as potential others) unlawfully benefited from
the act.
(1) PRESSURE
Fraud is perpetrated to benefit oneself or to benefit an organization, or both. Employee
fraud, in which individuals embezzle from their employers, usually benefits the perpetrator.
Management fraud, in which an organization’s officers deceive investors and creditors
(usually by manipulating financial statements), is most often perpetrated to benefit an
organization and its officers. In this section we will discuss the different pressures that
motivate individuals to perpetrate fraud on their own behalf. Most experts on fraud believe
these pressures can be divided into four types
(1) Financial pressures,
(2) Vices,
(3) work- related pressures, and
(4) Other pressures.
Financial Pressures
Studies conducted by the author show that approximately 95 percent of all frauds involve
either financial or vice-related pressures. Here are the six most common financial pressures
associated with fraud that benefits perpetrators directly:
1. Greed.
2. Living beyond one’s means.
3. High bills or personal debt.
4. Poor credit.
5. Personal financial losses.
6. Unexpected financial needs.
This list is not exhaustive, and these pressures are not mutually exclusive. However, each
pressure in this list has been associated with numerous frauds. We know of individuals
who committed fraud because they were destitute. We know of perpetrators who were
living lifestyles far beyond that of their peers. When one perpetrator was caught embezzling
over $1.3 million from his employer, investigators discovered that he spent the money on
monogrammed shirts and gold cuff links, two Mercedes Benz cars, an expensive suburban
home, a beachfront condominium, furs, rings, and other jewellery for his wife, a new car
for his father-in-law, and a country club membership. Most people would say he didn’t have
real financial pressures. But to him, the pressures from his desire to acquire these luxuries
were enough to motivate him to commit fraud.
Financial pressures can occur suddenly or can be long-term. Unfortunately, very few fraud
perpetrators inform others when they are having financial problems.
111
Vice
Closely related to financial pressures are “vices” addictions such as gambling, drugs, and
alcohol and expensive extramarital relationships. Vices are the worst kind of pressure out-
of- control lifestyles are frequently cited as the trigger that drives previously honest people
to commit fraud. We know of female employees who embezzled because their children were
on drugs and they couldn’t stand to see them go through withdrawal pains. We also know
of “successful” managers who, in addition to embezzling from their companies, burglarized
homes and engaged in other types of theft to support their drug habits.
Work related pressure

Whereas financial pressures and vices motivate most frauds, some people commit fraud to
get even with their employer. Factors such as not enough recognition for job performance,
dissatisfaction with the job, fear of losing one’s job, being overlooked for a promotion, and
feeling underpaid motivate many frauds.
(2) OPPORTUNITY
A perceived opportunity to commit fraud, to conceal it, or to avoid being punished is the
second element in the fraud triangle. In this section we discuss opportunity. First, we
examine controls that increase opportunities for individuals to commit fraud in organizations.
At least six major factors increase opportunities for individuals to commit fraud in
organizations. The following list is not exhaustive, but it does show system weaknesses that
create opportunity.
1. Lack of or circumvention of controls that prevent and/or detect fraudulent behaviour.
2. Inability to judge quality of performance.
3. Failure to discipline fraud perpetrators.
4. Lack of access to information.
5. Ignorance, apathy, and incapacity.
6. Lack of an audit trail.
(3) RATIONALIZATION
Rationalization is a crucial component in most frauds. Rationalization involves a person
reconciling his/her behaviour (stealing) with the commonly accepted notions of decency and
trust. Some common rationalizations for committing fraud are:
• The person believes committing fraud is justified to save a family member or loved one;
• The person believes they will lose everything – family, home, car, etc. if they don’t take
the money;
• The person believes that no help is available from outside;
112
• The person labels the theft as “borrowing”, and fully intends to pay the stolen money
back at Some point;
• The person, because of job dissatisfaction (salaries, job environment, treatment by
managers, etc.), believes that something is owed to him/her;
• The person is unable to understand or does not care about the consequence of their
actions or of accepted notions of decency and trust.
Managers and employees responsible for stewardship of school district and charter school
resources should be aware of red flags of fraud. These are only warning signs that may
indicate the fraud risk is higher, they are not evidence that fraud is actually occurring.
Also, the existence of one or two flags is not something to be overly concerned about. Many
employees demonstrate one or more of flags on the list.
Common Personality • Wheeler and Dealer Domineering/Controlling

Traits of Fraudsters • Don’t like people reviewing their work
• Strong desire for personal gain
• Have a “Beat the System Attitude”
• Live beyond their means
• Close relationship with customers or vendors
• Unable to Relax
• Often have a “too good to be true” work performance
• Don’t take vacation or sick time or only take leave in small
amounts
• Often work excessive overtime
• Outwardly appear to be very trustworthy
• Often display some sort of drastic change in personality or
behaviour
Common Sources of • Medical Problems – Especially for a loved one
Pressure • Unreasonable performance goals
• Spouse loses a job
• Divorce
• Starting a new business or current business is struggling
• Criminal conviction
• Civil lawsuit
• Purchase of a new home, a second home, or a home remodel
• Need to maintain a certain lifestyle (‘champagne tastes’ or
‘keep up with the Jones’)
113
• person (or spouse) either likes expensive things or feels

pressure to “Keep up with” or “out-do” others in regards to
material positions Excessive Gambling
• Drug or alcohol addiction
Changes in • Suddenly appears to be buying more material items – houses,
Behaviour cars, boats, clothes, jewellery, electronics, etc. Brags about
new purchases
• Starts to carry unusual amounts of cash
• Creditors/bill collectors show up at work o call frequently
• Borrows money from co-workers
• Becomes more irritable or moody
• Becomes unreasonably upset when questioned
• Becomes territorial over their area of responsibility
• Won’t take vacation or sick time or only takes it in small
increments
• Works unneeded overtime
• Turns down promotions
• Start coming in early or staying late
• Redo or rewrite work to “make it neat”
• May start or mention family or financial problems
• Exhibits signs of drug or gambling addiction (absenteeism,
become manipulative, look ill,
• Inconsistent or illogical behaviour, loss of sleep or
appetite, etc.) Exhibits signs of dissatisfaction (decrease in
productivity, change attire, irregular
• schedules, frequent complaining about inequities or work
issues)
CRIMINAL BEHAVIOR & THEORIES

The focus of Criminal behaviour study is to understand offender better and answer
questions like: who criminals are, why do they commit an offence (In order to define ways
of preventing criminal), how do they think, what do they do (in order to predict their future
actions and assist investigation in catching offenders).
• The reasons behind criminal behaviour can vary a lot in each particular case, but still
they can be grouped in two main categories – genetics and environment.
• When in the mid-19th century the question about the causes of criminal behaviour
was raised, a lot of psychologists were insisting that the only reason is genetics. They
even considered that a person’s inclination to criminal could be measured according to
the parent’s mental condition, i.e. if they had some even minor mental problems their
114
son/daughter was more likely to become a criminal. The scientists had their versions
of solving a problem, but is it fair if the people with higher risk of committing a crime
would not be allowed by the state and society to live normally and have children?
• As the time passed more and more researches and experiments were held and modern
approach to this question is that of course genetics is really important reason behind
criminal behaviour, but the environment is also as important as it. This includes the
family the child is born and raised in, the example parents and family can give them,
the social status they have, education, etc.
• Nowadays the psychologists and criminalists agree that what drives a person to
criminal behaviour is really complex and complicated mechanism, involving a lot
of factors. We can imagine a child, who was born in a “criminal” family (mother is
schizophrenic, father is rapist and murderer) but after he got an education and a
job there is nothing antisocial in his behaviours. It proves that solely genetics can’t
determine one’s inclination to the criminal.
• So, it is impossible to predict a person’s “criminality” according to some specific factors,
but we can still highlight some circumstances and apply a person to a “relatively higher
criminal risk group”.
¾ Financial problems, or starvation – this is especially common problem in third
world countries. When a person has to struggle every day just to get food to
survive, the probability that they become thieves is high.
¾ Low social status – when one is bullied because of it, they may easily become
aggressors and fight back against the whole society.
¾ Genetics – some genetical mental disorders, itself, includes increased aggression.
Andrews & Bonta, 1998 offered four general definitions of criminal behaviour that will fit all
the types of it. These four areas include the following types of act:
1. Prohibited by law and are punished by the state
2. Considered to be violation moral or religious code and is believed to be punishable by
a Supreme Spiritual being such as God
3. Violate norms of society or traditions and are believed to be punishable by community
4. Acts causing serious psychological stress or mental damage to a victim, but is somewhat
affordable for offender (referred as “Psychological criminal behaviour”).
From the all stated above a general definition of criminal behaviour can be stated as “Any
kind of antisocial behaviour, which is punishable by law or norms, stated by community,”
therefore, it is very difficult to define it, because the acts, being considered as violation at
one point of time now is accepted by community.
115
It is important to distinguish Delinquency from criminal act. The first one refers to acts that
are prohibited by social norms, while the second one is violation of existing laws defined
by a state.
A risk factor in criminality is anything in a person’s psychology, what will somewhat increase
possibility, that he/she will get involved in a criminal activity. These may include behaviour
disorder, lack of education, media influence, poor personal temperament, low IQ, antisocial
beliefs, influence of society or a poor integration in it, poor parenting, etc.
Criminal behaviour usually is measured by arrests and charges, self-reported offences (which
is believed by some to be more accurate), actual crime rates, which are usually obtained by
governmental organs. By using this kind of information crime reports are generated, which
helps to generally categorize crimes by type and offender characteristics such as gender, age,
race and location.
CAUSES OF CRIMINAL BEHAVIOR

The reasons behind criminal behaviour can vary a lot in each particular case, but still they
can be grouped in two main categories – genetics and environment.
When in the mid-19th century the question about the causes of criminal behaviour was
raised, a lot of psychologists were insisting that the only reason is genetics. They even
considered that a person’s inclination to criminal could be measured according to the parents’
mental condition, i.e. if they had some even minor mental problems ttheirson/daughter was
more likely to become a criminal. The scientists had their versions of solving a problem, but
is it fair if the people with higher risk of committing a crime would not be allowed by the
state and society to live normally and have children?
As the time passed more and more researches and experiments were held and modern
approach to this question is that of course genetics is really important reason behind criminal
behaviour, but the environment is also as important as it. This includes the family the child
is born and raised in, the example parents and family can give them, the social status they
have, education, etc.
Nowadays the psychologists and criminalists agree that what drives a person to criminal
behaviour is really complex and complicated mechanism, involving a lot of factors. We can
imagine a child, who was born in a “criminal” family (mother is schizophrenic, father is
rapist and murderer) but after he got an education and a job there is nothing antisocial in
his behaviours. It proves that solely genetics can’t determine one’s inclination to the criminal.
So, it is impossible to predict a person’s “criminality” according to some specific factors, but
we can still highlight some circumstances and apply a person to a “relatively higher criminal
risk group”.
• Financial problems, or starvation – this is especially common problem in third world
countries. When a person has to struggle every day just to get food to survive, the
probability that they become thieves is high.
116
• Low social status – when one is bullied because of it, they may easily become
aggressors and fight back against the whole society.
• Genetics – some genetical mental disorders, itself, includes increased aggression.
THEORIES OF CRIMINAL BEHAVIOR

In order to find the best ways to handle and prevent crime, examining why do people
commit crime is very important. Many theories have appeared and are appearing since
beginning of this study seeking to find the best solutions for this problem. Those theories
are continuing and will always influence forensic/criminal psychologist’s work. I will write a
brief review of basic and other more or less popular theories of criminal behaviour. Though
these theories are eventually modified, I will try to be as accurate as possible.
Three broad models of criminal behaviours are the following: psychological, sociological
and biological models. Actually, it is difficult to completely separate them and it is generally
accepted, that all of them play a role in the interpretation of behaviour. Though psychological
principles can be applied across all the three models, they all have some specific ones, which
would help in implementing across different crime control policies.
PSYCHOLOGICAL APPROACHES
There are several fundamental assumptions that are common for all the psychological
approaches to criminal behaviour. These are the following:
• The individual is the primary unit of analysis. (Individual human being is considered
to be responsible for acts he/she conducted)
• Personality drives behaviour within individuals, because it is the major motivational
element.
• Crimes can result from abnormal, dysfunctional or inappropriate mental processes
within the individual’s personality.
• An individual may have purpose of criminal behaviour if it addresses certain felt needs.
• Normality is generally defined by social consensus, that is, what is considered as
“typical,” “normal,” or “acceptable” by the majority of individuals in a certain social
group.
• Defective or abnormal, mental processes may be caused by a variety of factors such
as diseased mind, inappropriate learning or improper conditioning, the emulation of
inappropriate role models, and adjustment to inner conflicts.
In short, crime control policy based on psychological principles targets individuals and tries
to prevent criminal behaviour from this point. Any policy aimed at preventing crime by
targeting persons such as training, education, promotion of self-awareness, rehabilitation,
resocialization or identification risks of criminal behaviour are psychological in nature. In
addition, psychologists have long recognized that the best predictor of future behaviour is
past behaviour of the individual.
117
SOCIOLOGICAL APPROACHES
In this approach scientists are examining criminal behaviour from a sociological point of
view. The majority of sociological theories believe, that the criminal behaviour mainly is
influenced by combination of social surrounding, political and economic factors.
Offenders are not necessarily viewed as bad people, these theories trend to look at social
context of a person’s situation, examining his race, neighbourhood, intelligence, education,
family, political and media influence, income level, job and career, childhood history to
determine why did he/she become criminal. There are many different theories seeking to
explain criminal behaviour such as: Social Structure Theory (which itself consists of Social
disorganization, Strain and Cultural deviance theories) differential association, theory of
anomie, neutralization theory, Social Control Theory and many others.
The key idea of Differential association theory, created by Edwin H. Sutherland is, that
criminal behaviour is learned through communication with other people. Though that
interaction Values, techniques and attitude to things is learned, that motivates future
behaviour and in the following case it is criminal act. Indeed, the more a person sees
delinquent acts, which are not criticized by the surrounding community, the higher is the
chance of him/her committing such act.
According to social control theory, if social bounds of a person is weak, he/she will more
likely conduct a criminal act, because people care what others thinks of them and try to
conform with social expectations because of their attachment to others.
BIOLOGICAL APPROACHES
Biological theories purport, that criminal behaviour is caused by some flaw in individual’s
biological makeup. There are several types of crime control, which involve artificial
interference in human biology such as Psychosurgery, chemical methods of control, brain
stimulation and others.
Psychodynamic therapy was developed by Sigmund Freud in the late 1800’s and has then
become a significant theory in the history of criminality (Siegel, 2005). Freud believed,
that every individual carry “residue of the most significant emotional attachments of our
childhood, which then guides our future interpersonal relationships” (Siegel, 2005) The
theory is a three-part structure consisting of the id, the ego and the super ego. The id is
considered the underdeveloped of primitive part of our mark-up. It controls our need for
food, sleep and other basic instinct. This part is purely focused on instant gratification. The
ego controls the id by setting up boundaries. Psychodynamic theorists believe that personality
of offenders is id- dominated. Which means, that when they lose control of the ago their id
of instant gratification takes over. Other problems causing control of the ego are poor social
skills, excessive dependence on others, immaturity, etc.
Others believe, that offenders are moved by unconscious need to be punished by their
previous sins. Consequently, crime is a manifestation of feelings of oppression and people’s
inability to develop the proper psychological defence and rationales to keep these feelings
under control.
2
118
19. Common Fraud Techniques in Banking & Insurance Sector
19. COMMON FRAUD TECHNIQUES IN BANKING &

INSURANCE SECTOR
India ranked 78 among the 180 countries included in Transparency International’s Corruption
Perceptions Index - 2018. This ranking has gone up by 3 points as compared to the country’s
rank of 2017. Some of the key reasons for high corruption in India are the lack of a strong
legal framework and enforcement of anticorruption laws, red-tapism and a result- oriented
approach.
o Terrorist financing: It involves the raising and processing of assets to supply terrorists
with resources to pursue their activities. While money laundering and terrorist
financing differ in many ways, they often exploit the same vulnerabilities in financial
systems that allow for an inappropriate level of anonymity and non-transparency in
the execution of financial transactions.
o Money laundering: The goal of a large number of criminal acts is to generate a profit
for the individual or group that commits the act. Money laundering is the processing
of these criminal proceeds to disguise their illegal origin. This process enables the
criminal to enjoy profits without jeopardising their source.
o Cybercrime: A majority of the banks in India offer online and mobile banking services.
Most of the transactions are conducted via payment cards, debit and credit cards, and
electronic channels such as ATMs. Consequently, both private and public banks as
well as other financial institutions in India are becoming increasingly vulnerable to
sophisticated cyber-attacks.
o Black money: According to the Global Financial Integrity Report,5 the total amount of
illicit money moving out of India rose to 439.59 billion USD (28 lakh crore INR) from
2003 to 2012. In 2012, India ranked third globally, with an estimated 94.76 billion
USD (nearly 6 lakh crore INR) in illicit wealth outflows. With the passing of the new
Black Money (Undisclosed Foreign Income and Assets) and Imposition of Tax Act, 2015,
financial institutions are under growing pressure to eliminate this malignancy.
o Loan loss: The risk of loan loss is high in India. Due to lack of appropriate due
diligence and monitoring of loans, the number of loan defaults has increased in recent
years. The non-performing assets are growing in last few years while the GDP has been
declining.
 Fraudulent Documentation
Fraudulent documentation involves altering, changing or modifying a document to deceive
another person. It can also involve approving incorrect information provided in documents
119
knowingly. Deposit accounts in banks with lax KYC drills/ inoperative accounts are
vulnerable to fraudulent documentation. Some examples:
♦ An individual illegally obtains personal information/ documents of another person and
takes a loan in the name of that person.
♦ He/she provides false information about his/her financial status, such as salary and
other assets, and takes a loan for an amount that exceeds his eligible limits with the
motive of non-repayment.
♦ A person takes a loan using a fictitious name and there is a lack of a strong framework
pertaining to spot verifications of address, due diligence of directors/promoters, pre-
sanction surveys and identification of faulty/incomplete applications and negative/
criminal records in client history.
♦ Fake documentation is used to grant excess overdraft facility and withdraw money.
♦ A person may forge export documents such as airway bills, bills of lading, Export Credit
Guarantee Cover and customs purged numbers/orders issued by the customs authority
 Multiple Funding/Diversion/Siphoning of Funds

Siphoning of funds takes place when funds borrowed from financial institutions are utilised
for purposes unrelated to the operations of the borrower, to the detriment of the financial
health of the entity or of the lender. Diversion of funds, on the other hand, can include any
one of the following occurrences:
♦ Use of short-term working capital funds for long-term commitments not in conformity
with the terms of sanction
♦ Using borrowed funds for creation of assets other than those for which the loan was
sanctioned
♦ Transferring funds to group companies
♦ Investment in other companies by acquiring shares without the approval of lenders
♦ Shortage in the usage of funds as compared to the amounts disbursed/ drawn, with the
difference not being accounted for
 Identity Theft
Fraudsters are devising new ways to exploit loopholes in technology systems and processes.
In case of frauds involving lower amounts, they employ hostile software programs or malware
attacks, phishing, SMSishing and whaling (phishing targeting high net worth individuals)
apart from stealing confidential data. In February 2013, the RBI advised banks to introduce
certain minimum checks and balances such as the introduction of two factor authentication
in case of ‘card not present’ transactions. Some examples:
120
♦ Unauthorised emails asking for account information for updating bank records are sent
by fraudsters. The customer information is then misused for misappropriating funds.
♦ Access rights for making entries are given to unauthorised people
♦ Bank employees keep original Fixed Deposit (FD) receipts with themselves and hand
over phony FD receipts to customers. They then revoke FDs by forging signatures.
♦ Lost/stolen card: It refers to the use of a card lost by a legitimate account holder for
unauthorised/illegal purposes.
♦ Account takeover fraud: An individual illegally obtains personal information of valid
customers and takes control of the card account.
♦ Theft of valuables: Fraudsters open bank lockers to take key impressions of other
lockers and then use duplicate keys to steal assets.
 Internet Banking and Related Frauds

Around 65% of the total fraud cases reported by banks were technology-related frauds
(covering frauds committed through/ at an internet banking channel, ATMs and other
payment channels like credit / debit/prepaid cards), whereas advance-related fraud accounted
for a major proportion (64%) of the total amount involved in fraud. Some examples:
♦ Triangulation/site cloning: Customers enter their card details on fraudulent shopping
sites. These details are then misused.
♦ Hacking: Hackers/fraudsters obtain unauthorised access to the card management
platform of banking system. Counterfeit cards are then issued for the purpose of money
laundering.
♦ Online fraud: Card information is stolen at the time of an online transaction. Fraudsters
then use the card information to make online purchases or assume an individual’s
identity.
♦ Lost/stolen card: It refers to the use of a card lost by a legitimate account holder for
unauthorised/illegal purposes.
♦ Debit card skimming: A machine or camera is installed at an ATM in order to pick up
card information and PIN numbers when customers use their cards.
♦ ATM fraud: A fraudster acquires a customer’s card and/or PIN and withdraws money
from the machine.
♦ Social engineering: A thief can convince an employee that he is supposed to be let into
the office building, or he can convince someone over the phone or via e-mail that he’s
supposed to receive certain information.
♦ Dumpster diving: Employees who aren’t careful when throwing away papers containing
sensitive information may make secret data available to those who check the company’s
trash.
121
♦ False pretences: Someone with the intent to steal corporate information can get a job
with a cleaning company or other vendor specifically to gain legitimate access to the
office building.
♦ Computer viruses: With every click on the internet, a company’s systems are open to
the risk of being infected with nefarious software that is set up to harvest information
from the company servers.
 Incorrect Sanctioning or External Vendor Induced Fraud

Financial institutions are prime targets for external frauds, given the amount of money
fraudsters can potentially obtain as well as the sensitivity of data held by these organisations
(credit card and personal identity details, for example). The financial services sector also
tends to be more strictly regulated and as a result, many business processes and functions
have corporate controls in place. This makes it more difficult for frauds to be internally
perpetrated without discovery. The absence of a proactive and robust monitoring framework,
however, does not allow the entity to identify conflict of interest issues such as employees
or agents having a close relationship with other entities. Some examples:
♦ Falsified Valuations: External consultants advising loan borrowers to fabricate their
valuation report and inflate the amount of funds that can be borrowed
♦ Corporate espionage: Sharing trade secrets or confidential customer information with
the competitor for commercial benefits
♦ Merchant collusion: Merchant owners and/or their employees conspiring to commit
frauds using their customers’ accounts and/or personal information
♦ Ponzi scheme: A type of pyramid scheme, where money from new investors is used to
provide returns to previous investors
♦ Off shore investing: External vendors convincing investors to invest in outside
companies by showing higher returns when the companies don’t exist in reality
♦ Bogus offerings: Investing in a bogus company (no operations, earnings or audited
financial statements)
♦ Misappropriation of loan disbursements: Loans of lesser value being disbursed
to farmers and funds being misappropriated by intermediators through false
documentation.
 Overvaluation or Absence of Collaterals

Absence of stringent guidelines on the due diligence of professionals assisting borrowers at
the time of disbursement of loans may result in valuation agencies or advocates facilitating
the perpetration of frauds by colluding with the borrowers to inflate security valuation
reports. Some examples:
♦ Concealing liabilities: Borrowers concealing obligations such as mortgage loans on
other properties or newly acquired credit card debts in order to reduce the amount of
monthly debt declared on the loan application
122
♦ Misstatement: Deliberately overstating or understating the property’s appraised value;

when overstated, more money can be obtained by the borrower in the form of a cash-
out refinance, by the seller in a purchase transaction, or by the organisers of a for-profit
mortgage fraud scheme
♦ Cash back schemes: The true price of a property illegally being inflated to provide
cash-back to transaction participants, most often the borrowers, who receive a ‘rebate’
that is not disclosed to the lender
♦ Shot gunning: Multiple loans for the same home being obtained simultaneously for a
total amount greatly in excess of the actual value of the property
Fraud areas & techniques in Insurance Sector

Large accumulations of liquid assets make insurance companies attractive for loot schemes.
These companies are under great pressure to maximize the returns on investing the reserve
funds, making them vulnerable to high-yielding investment schemes. The insurance industry
has witnessed an increase in the number of fraud cases over the last couple of years. A
growing number of organisations are realising that frauds are driving up the overall costs of
insurers and premiums for policyholders, which may threaten their viability and also have
a bearing on their profitability.
♦ Policy holder and claims fraud: Policy holder committing fraud against the insurer at
the time of purchase and/or execution of an insurance product
♦ Intermediary fraud: Intermediaries committing frauds against the insurer and/or
policyholders
♦ Internal fraud: Employees commit fraud Suo moto or in collusion with external parties
or amongst themselves against the insurer.
♦ Broad Categories of Fraud Risks in The Insurance Sector
♦ Misrepresentation: Misrepresenting critical information relating to a profile (incorrect
income, educational qualification, occupation, etc)
Example: The proposal form mentioned that the client had a shop in the market,
whereas investigations revealed that the client was a small-time vendor sitting on a
footpath.
♦ Forgery or tampering documents: Forging the customer’s signature in any document,
proposal or any supporting document
Example: The client (staying in one city) and working as a surgeon was required to
countersign the application form for some corrections. The form came back and it was
found that the signatures were forged by the advisor, who was the client’s brother.
♦ Bogus business: Proposal forms submitted for non-existent customers
Example: A sales manager or broker logs in the proposal of a non-existing client
123
♦ Cash defalcation: Agent collecting the premium but not remitting the cheque to the
insurance company, owing to which the insured has no coverage
Example: The advisor had collected the premiums from the customer and had not
deposited the same for almost a month; it came to the insurer’s notice when the
customer was sent the lapsed letter.
♦ Mis-selling: A selling practice wherein the complete, detailed and factual information
of a product is not given to the customer (also called product misinformation); can
include incomplete or incorrect representation of the terms and conditions such as
guaranteed returns, rider features, charges, linked product vs endowment, facility of
top-up vs regular premium, premium holiday, etc
Example: The customer was given a cover of 1 lakh INR and the premium was 5
lakh INR. This was a clear case of mis-selling as even the facility of a top-up was not
explained to the client.
♦ Pre-signed forms: Obtaining pre-signed blank forms and filling the address change
request (ACR)/contact number change (CCR) without actually physically seeing the
client or satisfying oneself about the client
Example: While the proposal form mentioned that the customers were working in an
electronic agency, in reality they were working in some other business.
♦ Doctor’s nexus: Doctor being involved with the perpetrators in committing life
insurance fraud
Example: A doctor gave clean medical reports, while the fraudster influenced the doctor
to conceal the information.
2
124
20. Common Fraud Techniques in Manufacturing Industry
20. COMMON FRAUD TECHNIQUES

IN MANUFACTURING INDUSTRY
The manufacturing sector is one of the top three most victimized industries for fraud
according to the 2014 Report to the Nations published by the Association of Certified Fraud
Examiners. Privately held companies are the most susceptible to fraud due to their relative
lack of fraud fighting resources. By extension, every privately held manufacturing company
should be actively engaged in preventing fraud in their organization.
1. Asset Misappropriation
According to the Association of Certified Fraud Examiners, asset misappropriation is the most
common type of fraud that occurs within small businesses. Asset misappropriation occurs
when an employee or contractor devises a scheme to steal or misuse company resources,
such as cash or inventory.
Pay careful attention to how your business collects cash from customers. If the right measures
aren’t in place, an individual can intercept the cash and hide it from the owner.
2. Skimming
Skimming, a popular way to steal cash, involves stealing an incoming payment before it can
be fully recorded in the company’s financial records. For example, say that a customer wants
to buy a product at a brick-and-mortar store. A scheming sales employee could accept the
payment for the goods but pocket the cash instead of recording the transaction.
With skimming, an employee can either record only part of the payment – for example,
recording only $50 paid when $100 was given – or fail to record the payment altogether.
Since the sales transaction isn’t recorded, the store’s inventory isn’t updated either. That
means that the actual business inventory will in reality be smaller than what’s reflected in
the accounting records.
It’s not just in-person transactions that are susceptible to skimming. An accounting or clerical
employee who receives customer payments can also pocket incoming cash. The employee
can then falsify a credit memo or write off the account as uncollectible so that the business
doesn’t notice that the payment is missing.
A complex but fairly common accounts receivable skimming fraud involves lapping customer
payments. In a lapping scheme, a bookkeeper or accountant pockets the cash payment a
customer makes toward that customer’s account. To cover up the shortage, the accountant
uses a payment received from a second customer toward the first customer’s account. If the
second customer notices an incorrect account balance, the accountant uses a payment from
a third customer to cover the deficit – and so on.
125
Because payments are so mismanaged, someone invariably catches onto the scheme
eventually. Still, fraudsters can keep up lapping schemes for months or even years without
being caught.
3. Cash Larceny
Cash larceny is similar to skimming in the sense that an employee or contractor is stealing
incoming cash. The difference with cash larceny is that the employee steals the cash after it
has been recorded on the business’s books.
For example, an employee might steal money from the cash register after a transaction has
been recorded. The employee can record a fraudulent cash register disbursement to conceal
the fact that cash is missing. For example, an employee might void the previous sale or issue
a refund and take the corresponding cash out of the register.
Signs That Cash Is Being Stolen

Skimming schemes that involve intercepting cash before it’s recorded can be tricky to detect.
You may notice these warning signs:
Low Inventory. If actual inventory in the store is lower than what it should be according to
the books, it’s possible an employee isn’t recording all sales.
Gaps in Numbered Documents. For restaurants and other businesses that use pre-numbered
vouchers, a gap in the vouchers might mean an employee threw away a receipt and kept
the cash.
Customer Complaints. If an employee is lapping payments, customers tend to call in and
complain that their statement balances aren’t right.
Low Revenue during Certain Shifts. If cash collections are lower whenever one particular
employee is working, that might indicate cash theft.
4. Fraudulent Cash Disbursements

Rather than lifting money as it comes into the business, other fraudsters steal outgoing cash
disbursements. Of all the ways that employees and contractors misappropriate company
assets, stealing cash by fabricating fraudulent cash disbursements is the most commonly
used tactic.
5. Billing Schemes
Employees can bill for goods and services that the company never received and pocket the
cash. The employee falsifies invoices with made-up services or products and, when the
check is disbursed, the fraudster cashes it himself. The employee has payment issued to a
non-existent vendor, using the name of a shell company that the employee or a friend or
family member owns.
Employees can also collude with an existing vendor to overcharge the company for products.
In exchange for pushing through an inflated invoice, the vendor gives the employee a cut
of the profits.
126
20. Common Fraud Techniques in Manufacturing Industry
Signs of a Billing Scheme

A Vendor’s Rates Have Risen Substantially. When one vendor’s rates have increased at a
higher percentage than the industry norm, it could be that you’re not getting a fair deal.
Employee Preference for a Certain Vendor. An employee who insists on a certain vendor or
isn’t open to receiving bids from other contractors may be getting a kickback.
6. Expense Reimbursement Schemes

Another way to get cash out of a company is to fudge expense reports. Employees can get an
artificially large reimbursement check by adding personal expenses, non-existent expenses,
or otherwise inflating expenses on an expense reimbursement request.
Signs of an Expense Reimbursement Scheme

Extravagant Expense Reports. If a certain employee expense reports are higher than historical
averages or other employees’ reports, it’s signed the employee is spending too much.
Employee Doesn’t Submit Receipts. When original receipts aren’t attached to the expense
report, you never know whether the employee actually incurred the cost.
7. Check Tampering Schemes

Employees or contractors who have access to outgoing company checks may tamper with
them for their own benefit. If blank checks aren’t kept secure, someone can steal a few
and make them out to themselves or to a friend. A bookkeeper who draws up checks for a
business owner to sign may later alter the name on a check, intercept it, and cash it himself.
Signs of Check Tampering

Gaps in Check Numbers. If there’s a sequential gap in your numbered blank checks, it’s
possible that someone lifted a few.
Vendor Complaints. When a vendor informs you that it hasn’t received payments even
though you cut the check, the payment may have been intercepted.
8. Theft of Inventory and Other Assets

Even if your cash is secure, employees can find ways to steal or misuse physical assets such
as computers, company products, and inventory.
Receiving Schemes
Employees involved with the receiving process can steal inventory or products at the
point of delivery. The scheming employees may modify the incoming shipping report
and the company receiving report to hide the fraud. If those employees also have access
to purchasing records, they can alter the purchase requisition to match the fake shipping
reports.
127
9. Asset Larceny
If there aren’t many physical controls in place to monitor assets, employees and contractors
can simply take company property off of the premises and never return it.
Signs that Assets Are Being Stolen

Low Inventory If inventory per the books is higher than actual inventory levels, someone
could be stealing.
Poor Quality Inventory Documentation. If supporting purchasing and receiving documents
aren’t the originals or appear to have been altered, you may be dealing with the work of a
thief.
128
21. Fraud Prevention measures including internal financial control, COSO ERM & COBIT 2019
PART IV
21. FRAUD PREVENTION MEASURES INCLUDING INTERNAL
FINANCIAL CONTROL, COSO ERM & COBIT 2019
Fraud and white-collar crime have increased considerably over the last two decades, and
professionals believe this trend is likely to continue. The cost to business and the public can
only be estimated, as many crimes go unreported. However, the statistics we currently have
shown the astronomical values associated with fraud. Also, the expansion of computers into
businesses may make organizations more vulnerable to fraud and abuse.
So the question is can frauds be prevented? As the popular saying goes “Prevention is Better
than Cure”. Frauds can definitely be prevented. As the cost that an organization has to pay on
account of fraud is generally quite high it is better to put in place techniques that would help
the management of the organization to be better equipped to prevent frauds.
How can frauds be prevented?
The Management and Auditor of an organization both have roles to play in the prevention and
detection of fraud. Effective Internal control measures are a key to prevent frauds. However
they alone are not sufficient. Corporate culture, the attitudes of senior management and all
employees, must be such that the company is fraud resistant.
Audit, can take steps to ensure that senior management is aware of the risk and materiality of
fraud and that all instances of fraud are made known to all employees.
Effective Internal Controls-
Internal controls are the plans and/or programs implemented to safeguard a company’s assets,
ensure the integrity of its accounting records, and deter and detect fraud and theft. Segregation
of duties is an important component of internal control that can reduce the risk of fraud from
occurring.
Internal control Framework- for Fraud Prevention

1. Use a system of checks and balances to ensure no one person has control over all
parts of a financial transaction.
o Require purchases, payroll, and disbursements to be authorized by a designat-
ed person.
o Separate handling (receipt and deposit) functions from record keeping func-
tions (recording transactions and reconciling accounts).
o Separate purchasing functions from payables functions.
129
o Ensure that the same person isn’t authorized to write and sign a cheque.
o When opening mail, endorse or stamp cheques “For Deposit Only” and list
cheques on a log before turning them over to the person responsible for depos-
iting receipts. Periodically reconcile the incoming cheque log against deposits.
o Require supervisors to approve employees’ time sheets before payroll is pre-
pared.
o Require paycheques to be distributed by a person other than the one authoriz-
ing or recording payroll transactions or preparing payroll cheques.
o If the agency is so small that you can’t separate duties, require an independent
check of work being done, for example, by a board member.
o Require accounting department employees to take vacations.
o For transactions of higher value, make authorization of more than one person
mandatory.
2. Reconcile agency bank accounts every month.
o Require the reconciliation to be completed by an independent person who
doesn’t have bookkeeping responsibilities or cheque signing responsibilities or
require supervisory review of the reconciliation.
o Examine cancelled cheques to make sure vendors are recognized, expenditures
are related to agency business, signatures are by authorized signers, and en-
dorsements are appropriate.
o Examine bank statements and cancelled cheques to make sure cheques are not
issued out of sequence.
o Initial and date the bank statements or reconciliation report to document that
a review and reconciliation was performed and file the bank statements and
reconciliations.
3. Restrict use of agency credit cards and verify all charges made to credit cards or ac-
counts to ensure they were business-related.
o Limit the number of agency credit cards and users.
o Establish a policy that credit cards are for business use only; prohibit use of
cards for personal purposes with subsequent reimbursement.
o Set account limits with credit card companies or vendors.
o Inform employees of appropriate use of the cards and purchases that are not
allowed.
o Require employees to submit itemized, original receipts for all purchases.
130
o Examine credit card statements and corresponding receipts each month, inde-
pendently, to determine whether charges are appropriate and related to agency
business.
4. Provide Board of Directors oversight of agency operations and management.
o Monitor the agency’s financial activity on a regular basis, comparing actual to
budgeted revenues and expenses.
o Require an explanation of any significant variations from budgeted amounts.
o Periodically review the cheque register or general ledger to determine whether
payroll taxes are paid promptly.
o Document approval of financial procedures and policies and major expendi-
tures in the board meeting minutes.
o Require independent auditors to present and explain the annual financial state-
ments to the Board of Directors and to provide management letters to the Board.
o Evaluate the Executive Director’s performance annually against a written job
description.
o Participate in the hiring/approval to hire consultants including the indepen-
dent auditors.
5. Prepare all fiscal policies and procedures in writing and obtain Board of Directors
approval. Include policies and/or procedures for the following:
o cash disbursements
o attendance and leave
o expense and travel reimbursements
o use of agency assets
o purchasing guidelines
o debt collection period and types of incentives to be offered
o petty cash
o conflicts of interest
6. Ensure that agency assets such as vehicles, cell phones, equipment, and other agency
resources are used only for official business.
o Examine expense reports, credit card charges, and telephone bills periodically
to determine whether charges are appropriate and related to agency business.
o Maintain vehicle logs, listing the dates, times, mileage or odometer readings,
purpose of the trip, and name of the employee using the vehicle. Periodically
131
compare the vehicle logs to the fuel bill to check the consistency of fuel usage
average to the trips and distance recorded.
o Periodically review the logs to determine whether usage is appropriate and
related to agency business.
o Maintain an equipment list and periodically complete an equipment inventory.
7. Protect petty cash funds and other cash funds.
o Limit access to petty cash funds. Keep funds in a locked box or drawer and
restrict the number of employees who have access to the key.
o Require receipts for all petty cash disbursements with the date, amount re-
ceived, purpose or use for the funds, and name of the employee receiving the
funds listed on the receipt.
o Reconcile the petty cash fund before replenishing it.
o Limit the petty cash replenishment amount to a total that will require replen-
ishment at least monthly.
o Verify the petty cash with the balance as per the ledger at the start and close of
each day.
o Keep patient funds separate from petty cash funds.
8. Protect cheques against fraudulent use.
o Prohibit writing cheques payable to cash.
o Deface and retain voided cheques.
o Store blank cheques in a locked drawer or cabinet, and limit access to the
cheques.
o Require that cheques are to be signed only when all required information is
entered on them and the documents to support them (invoices, approval) are
attached.
o Require two signatures on cheques above a specified limit. Require board mem-
ber signature for the second signature above a higher specified limit. (Ensure
that blank cheques are not pre-signed.)
o Mark invoices “Paid” with the cheque number when cheques are issued.
o Enable hidden flags or audit trails on accounting software.
9. Protect cash and cheque collections.
o Ensure that all cash and cheques received are promptly recorded and deposited
in the form originally received.
o Issue receipts for cash, using a pre-numbered receipt book.
132
o Conduct unannounced cash counts.

o Reconcile cash receipts daily with appropriate documentation (cash reports,
receipt books, mail tabulations, etc.)
o Centralize cash receipts whenever possible.
10. Avoid or discourage related party transactions.
o Require that a written conflict of interest and code of ethics policy is in place
and that it is updated annually.
o Require that related party transactions be disclosed and be approved by the
Board.
o Require competitive bidding for major purchases and contracts.
o Discourage the hiring of relatives and business transactions with Board mem-
bers and employees.
o In case, where related party transaction has to be entered into, make a policy
to conduct adequate market research to decide the arm’s length price for the
transaction. Document the research alongwith the documents/contracts of the
related party transaction.
There is little doubt that digitalization is changing almost every business process in every in-
dustry. It is already making a huge difference to established leaders in the hospitality, banking,
and transportation sectors. It is also helping market entrants with new business models rap-
idly gain market share. Even traditional sectors such as automotive and utilities, historically
protected by heavy asset investments, are beginning to see major disruptions to their business
models and their positions in the market. With digitization there is a very strong need for
having proper systems in place that would help in preventing and detecting frauds in a cyber
environment.
Depending on the level of the assessed risk, IT auditors may choose to increase the depth of
testing in areas that are deemed especially susceptible to fraud In reviewing the nature of
access to key assets, one cannot help but return to the basics of IT audit. Who holds the keys
(privileged users, temps, contractors or business partners), where the keys are located (un-
known backdoor accounts), when the keys are changed (password changes), what keys are
available to an individual at any given time (pervasive access across systems) and how the
keys are used (collusion either with another insider or an external party) are some of the ques-
tions that need to be tackled. In a highly outsourced IT environment, IT auditors may choose
to prioritize the testing of third-party controls such as account provisioning and service-level
monitoring. In a smaller company environment in which root access to key systems is held
by one or selected administrative users, more attention may be required of generic system ac-
counts and frequency of password changes. In a larger organization, a single sign-on solution
may come under scrutiny for its potential to unlock excessive system access with a single
unauthorized account.
133
A robust business process possesses the requisite checks and balances (or segregation of du-
ties) that precludes any one individual from taking a transaction from start to finish without
an additional pair of eyes. In assessing risks associated with transaction processing, auditors
invariably perform an end-to-end review of key classes of transactions, examining the mix of
upstream vs. downstream, automated vs. manual controls that impact accuracy, completeness
and validity. Opportunities for fraud arise in part from the absence of these business controls.
The COSO Internal Control – Integrated Framework

The COSO Internal Control – Integrated Framework has become the generally accepted stan-
dard for designing and implementing systems of internal control and assessing the effective-
ness of internal control.
While the COSO Framework was updated in 2013, its definition of internal control and the
components of internal control have remained unchanged from the original framework:
Definition of internal control:
• Internal control is a process, effected by an entity’s board of directors, management

and other personnel, designed to provide reasonable assurance regarding the achieve-
ment of objectives relating to operations, reporting and compliance.
Components of internal control:
• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring activities
Internal control is not unidimensional. A deficiency or a change in one of the components can
have repercussions throughout all the components, which should be appropriately addressed
by management. For example, risk assessment not only influences the control environment
and control activities but also may highlight a need to reconsider the entity’s requirements for
information and communication or for its monitoring activities.
Addressing Fraud with a Strong Control Environment

In establishing a control environment, management must consider the potential for fraud in
assessing risks to the achievement of an entity’s objectives and be knowledgeable about the
various ways that fraud can occur. As part of the process for identifying and analyzing fraud
risks, management forms a basis for determining how such risks should be managed and es-
tablishes control and monitoring activities, formalized in policies and procedures, to help
ensure that management directives to mitigate fraud risks to the achievement of objectives are
communicated and carried out.
134
While no control activity can stop a person who is determined to commit a fraud from doing
so, a strong control environment, combined with an understanding of the incentives to commit
fraud, acts as a form of preventive control against fraud by making the potential perpetrator as-
sess the high risk of getting caught. Conversely, a weak control environment provides opportu-
nity to those thinking of committing a fraudulent act because the risk of getting caught is low.
In this regard, a variety of transaction control activities can be selected and developed to
address fraud risk, which in its basic form includes such actions as authorizations and ap-
provals, verifications, reconciliations, and restrictions (physical controls and technology ac-
cess controls). Segregation of duties and job rotation are typically built into the selection and
development of such control activities. Additionally, variance analysis can be used to manage
operations and identify possible areas of fraud by directing attention to areas that appear un-
usual; the preventive control being the establishment of budgeting and standard cost account-
ing systems that compare actual results to budgets or standards and the detective control being
management follow-up in investigating the reasons for a variance from the budget or standard,
which may be indicative of fraud, or at the very least require a management response to correct
an apparent operational problem.
Pre-Emptive Fraud Auditing
The primary factor that distinguishes fraud from error is whether the underlying action is in-
tentional or unintentional. Moreover, attempts are made to conceal fraud. This makes looking
for fraud a lot like looking for the proverbial needle in a haystack, or as a recent U.S. Secretary
of Defense put it, “We don’t know [what] we don’t know.”
EisnerAmper’s pre-emptive fraud auditing approach addresses the “unknown unknowns” by
proactively anticipating scenarios where fraud may occur and designing monitoring activi-
ties,using data-mining techniques combined with statistical and other quantitative analysis, to
identify possible instances of fraud.
Data Mining and Statistical Analysis
Business transactions generate data to accomplish the primary purpose for which it was col-
lected; for example, the preparation of financial statements and various types of management
reports. When this primary data is accumulated entity-wide, however, it becomes a stand-
alone island of unrelated information, or secondary data.
The objective of data mining is to take disparate data and convert it into relevant information,
transforming an organization from an accumulator of unrelated data into a proactive responder
to risk.
Data-mining techniques can be developed to look for patterns and trends not evident in large
amounts of secondary data, looking for the unknown unknowns in an attempt to draw in-
ferences from such patterns and trends. For example, a database may include data that does
not conform to the general rule derived for the data set or the general behavior of other data
elements.
135
No single professional discipline possesses the knowledge and expertise needed to identi-
fy data anomalies that require further investigation. A combination of experts – such as in-
formation-technology professionals, corporate and compliance attorneys, subject matter and
industry experts, internal and external accountants and auditors, Forensic Investigators, and
financial analysts – and those with quantitative data analysis and correlation skills, such as
statisticians, are needed.
Data anomalies are referred to as outliers, and while outliers are usually discounted when
making a statistical inference regarding a population taken from a sample, outliers should be
examined closely when looking for the unknown unknowns in secondary data. Outliers can be
identified by measuring the way data are dispersed around the mean.
Points of Focus COSO Principle 8

An organization must consider the potential for fraud when assessing risks to the achievement
of objectives.
First, consider the various ways that fraud and misconduct can occur.
1. Fraudulent reporting: When an entity’s reports, financial and nonfinancial, do not
achieve financial reporting objectives because such reports are willfully prepared with
omissions or misstatements.
1. Fraudulent financial reporting: An intentional act designed to deceive users of
external financial reports that may result in a material omission from or mis-
statement of such financial reports.
1. Includes misappropriation of assets where the effect may cause a ma-
terial omission or misstatement in the external financial reports.
2. Fraudulent nonfinancial reporting: An intentional act designed to deceive us-
ers of nonfinancial reporting – including sustainability reporting, health and
safety, or employment activity – that may result in reporting with less than the
intended level of precision.
3. Illegal acts: Violations of laws or governmental regulations that could have a
direct or indirect material impact on the external financial reports.
2. Loss of assets: Protecting and safeguarding assets against unauthorized and willful
acquisition, use or disposal, including
1. Theft of assets
2. Theft of intellectual property
3. Illegal marketing
4. Late trading
5. Money laundering
136
6. Other related risks:

1. Waste
2. Abuse
3. Neglect
3. Corruption:
1. By entity personnel
2. By outsourced service providers directly impacting the entity’s ability to
achieve its objectives
4. Management override: Acts taken by management to override an entity›s controls for

an illegitimate purpose including personal gain or an enhanced presentation of an en-
tity›s financial condition or compliance status.
Second, assess incentives and pressures, opportunities, and attitudes and rationalizations.
Work incentives may not be aligned with business goals and objectives that, by their nature,
create pressures within the organization. Or there are excessive pressures put on employees to
achieve unrealistic performance targets, particularly in the short-term, which may be coupled
with a weak control environment that creates opportunities for fraudulent behavior, along
with attitudes and rationalizations that claim to justify such actions.
Changes to the COSO ERM Framework

The seemingly simple act of changing the title of the COSO framework from 2004’s “Enterprise
Risk Management—Integrated Framework” to the new “Enterprise Risk Management—Inte-
grating with Strategy and Performance” represents a significant shift in approach. COSO rec-
ognizes the “dynamic, integrated nature of ERM that begins with the mission, vision and core
values of the organization through to the creation of enhanced value.”
The updated COSO Enterprise Risk Management Framework is described as:
• More clearly connecting enterprise risk management with a range of stakeholder

expectations;
• Positioning risk in the context of an organization’s performance, rather than as the
subject of an isolated exercise;
• Enabling organizations to better anticipate risk so they can get ahead of it, with an
understanding that change creates opportunities, not simply the potential for crisis;
• Emphasizing how ERM informs strategy and performance.
Since the 2017 version of the COSO ERM framework was a dramatic shift from the 2004 ver-
sion, direct comparisons are difficult to make. That said, there are a number of specific differ-
ences worth noting:
137
1. The updated version states that the purpose of effective enterprise risk management
is to help boards and management optimize outcomes to best create, preserve and
ultimately realize value.
2. COSO’s definition of “risk” changed to reflect its evolved viewpoint that the focus of
enterprise risk management is no longer principally on preventing the erosion of value
and minimizing risk to an acceptable level. In the 2004 version, the definition read,
“Risk is the possibility that an event will occur and adversely affect the achievement
of objectives” [emphasis added]. The 2017 version reads, “Risk is the possibility that
events will occur and affect the achievement of objectives.”
3. Rather than simply viewing risk management as an extension of COSO’s Internal
Controls Framework (the basis for the 2004 version) with a primary focus on the
environment within an organization, the updated version explores enterprise risk
management by evaluating a particular strategy, considering the possibility that strategy
and business objectives may be misaligned, and looking at the risk to implementing the
strategy and business objectives.
4. The 2004 version focused on how the risk management process (objective-setting,
identification, assessment, control activities, information, communication and
monitoring) was implemented at each level of an organization (entity, division, business
unit and subsidiary). The 2017 version, on the other hand, consists of five interrelated
components of ERM. Three are related to common organizational processes (strategy
and objective-setting; performance; and review and revision) and two are supporting
factors (governance, culture and information; communication and reporting). Within
these five components are 20 principles that represent the fundamental activities that
organizations should engage in as part of their ERM practices.
5. As with the ISO update, the COSO revision discusses the important influences that
culture and biases carry in decision-making and risk management practices.
6. The revision includes appendices that outline common roles and responsibilities for
ERM (such as modifying “lines of defense” to “lines of accountability”) and provides
illustrations as a guide for developing risk profiles.
What is COBIT
COBIT stands for Control Objectives for Information and Related Technology. It is a framework
created by the ISACA (Information Systems Audit and Control Association) for IT governance
and management. It was designed to be a supportive tool for managers—and allows bridging
the crucial gap between technical issues, business risks, and control requirements. COBIT is
a thoroughly recognized guideline that can be applied to any organization in any industry.
Overall, COBIT ensures quality, control, and reliability of information systems in organization,
which is also the most important aspect of every modern business.
Today, COBIT is used globally by all IT business process managers to equip them with a model
to deliver value to the organization and practice better risk management practices associated
138
with the IT processes. The COBIT control model guarantees the integrity of the information
system.
History of COBIT
ISACA first released COBIT in 1996, originally as a set of control objectives to help the finan-
cial audit community better maneuver in the IT-related environment. Seeing value in expand-
ing the framework beyond just the auditing realm, ISACA released a broader version 2 in 1998
and expanded it even further by adding management guidelines in 2000’s version 3. The devel-
opment of both the AS 8015: Australian Standard for Corporate Governance of Information and
Communication Technology in January 2005 and the more international draft standard ISO/IEC
DIS 29382 (which soon after became ISO/IEC 38500) in January 2007 increased awareness of
the need for more information and communication technology (ICT) governance components.
ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and
2007 respectively, “addressing the IT-related business processes and responsibilities in value
creation (Val IT) and risk management (Risk IT).
In April 2012, COBIT 5 was released. Several drivers were responsible for the transition from
version 4.1 to version 5.
• need for a more coherent understanding of how existing standards, best practices, and
other tools relate and augment each other;
• need for a more end-to-end business/organization scope that covers all business and IT
functions;
• need for improved guidance on hot-topic items such as enterprise architecture and
emerging technologies;
• need for tighter integration among COBIT and other ISACA research, recommendations,
and frameworks;
• need for tighter integration with external standards, recommendations, and frameworks;
and
• need for improved information organization and dissemination concerning the
framework.
An add-on for COBIT 5 related to information security was released in December 2012, and
one related to assurance was released in June 2013.
In November and December of 2018, the next version of COBIT, COBIT 2019, was released.
This updated version of COBIT is designed to constantly evolve with “more frequent and fluid
updates,” according to the ISACA. COBIT 2019 was introduced to build governance strategies
that are more flexible, collaborative and address new and changing technology.
COBIT 2019
With a focus on risk, COBIT 2019 worked across many of the most used standards to create a
universal “best practices” for building controls. ISACA recognized the way businesses increas-
139
ingly incorporate vendors into their data ecosystems. As such, they aligned COBIT 5 to ITIL,
ISO 2000 and 27000 series, and Project Management Institute (PMI) frameworks to ease the
burden of working with multiple standards.
With COBIT 2019, you’re focusing on both IT and enterprise level risks. At its core, COBIT
2019 updates COBIT 5 to make it more flexible and focus on individual, organizational needs.
What is new to COBIT 2019

While COBIT 5 focused on five core principles that appeared to be distinct from one another,
COBIT 2019 looks at the way these principles integrate. Each component, now called “Core
Processes,” incorporate how to set up the controls as well as the different governance needs.
Thus, rather than having two separate sections that users need to integrate on their own, CO-
BIT 2019 focuses on providing a list that starts with objectives and then drills down to how to
set those up within the IT environment as well as how to align them to skill and culture within
your company.
Terminology Changes
COBIT 2019 changes several terms while keeping the fundamental principles in place. “En-
ablers” are now “Components of the Governance System.” “IT Related Goals” are now called
“Alignment Goals.” “Process Guidance” is changed to “Governance/Management Objectives” to
reinforce the integration of the various components.
New Management Objectives

COBIT 2019 added APO14- Managed Data, BAI11 – Managed Projects, and MEA04 – Managed
Assurance
Integration of governance and management

1. COBIT 2019 establishes a “goals cascade” that starts with stakeholder drivers and
needs and ends with governance and management objectives.
2. Objectives increased from 37 to 40
3. Changes the term “enablers” to “components.”
4. Clearly relates components to both governance and management
Additional guidance for governance components

By promoting integration between governance and management, the alignments for processes
now incorporate guidance for each governance component which focuses on establishing “ca-
pability levels” for each activity.
Four Focus Areas

Cobit 5 created “enabling” processes. COBIT 2019 changes these to create four focus areas:
DevOps, Small and Medium Enterprises, Risk, Information Security.
140
Increased communication
To effectively govern an IT program, you need to know how information flows across the en-
terprise. COBIT 2019 enables this by providing you with a clear list of what needs to be done
and how that needs to be communicated using the terms “input” and “output.”
Tailored Agile Approach

COBIT 2019 recognizes organizations’ continuous monitoring needs. Thus, it created a new
process for ongoing improvements. While governance continues to ask business operations
and enablement questions, management must not only design and execute plans but review
effectiveness to determine benefits. As part of this, change enablement takes on a stronger role,
incorporating a continuous improvement cycle.
A COBIT 2019 Audit Checklist

Board Governance
• Define stakeholder (internal and external)
• Define stakeholder needs
o Create a defined organizational structure
 Ensure appropriate responsibility and accountability listed within the
structure
o Review people, skills, and competencies
 Update access and authorization based on role, skills, and need
• Define enterprise goals
o Create a code of culture, ethics, and behavior
• Define alignment goals for management of IT
o Establish a list of processes
o Determine lines of communication between internal and external stakeholder
• Establish governance and management objectives
o Set principles, policies, and procedures for management to follow
o Engage in risk analysis over services, infrastructure, and applications
Senior Management
• Determine drivers
o Initiate program
o Define internal controls
141
• Review the current risk profile and controls

o Establish an implementation team across enterprise stakeholders
o Determine effective controls
o Review weak controls
• Determine future
o Identify key stakeholders and define roles
o Determine vendor service levels and create service level agreements that define
controls
o Communicate outcome
• Determine next steps
o Plan program
o Execute plan
o Operate and use
• Review performance
o Establish key performance indicators
o Review performance and adjust accordingly
IT Department
• Continuously monitor control effectiveness
o Recognize the need for changes
• Assess current and changing risks to IT environment
• Define controls
• Build improvements
• Implement improvements
• Measure control effectiveness
• Evaluate IT security risk based on monitoring
IFC-Internal Financial Controls

• As enumerated under Sec 134(5) of Companies Act, 2013(“Act”), the Directors Respon-
sibility Statement shall include a declaration from Director that internal financial con-
trols to be followed by the company and that such internal financial controls are ade-
quate and were operating effectively.
142
• Thus as stated in the explanation under the said section: IFC “means the policies and
procedures adopted by the company for ensuring the orderly and efficient conduct of
its business, including adherence to company’s policies, the safeguarding of its assets,
the prevention and detection of frauds and errors, the accuracy and completeness of
the accounting records, and the timely preparation of reliable financial information”
Why IFC?
• Since the Act, envisages significant changes in the provisions related to governance,
e-management, compliance and enforcement, disclosure norms, auditors and mergers.
The Internal Control will enhance the applicability of provisions of the Act. It would
give more power in the hands of shareholders and the Government.
• IFC gained its importance after Satyam imbroglio which erupted in 2009. Internal fi-
nancial controls are designed to provide reasonable assurance that a company’s finan-
cial statements are reliable and prepared in accordance with the law.
Provisions under Act for IFC

1. Section 134 of the Act
In case of Listed Companies the Directors responsibility statement states that IFC
shall be followed by the company and all the IFC are adequate and were operating
effectively.
Pursuant to Sec 143(3) (i) has stated that the Auditors report shall state whether the
company has adequate IFC system in place and the operating effectiveness of such
controls
As per Sec 177(5) the Audit Committee shall call for the Comments of the Auditors
about Internal Control system before submission to the Board.
Pursuant to Sec 177(4) (vii), the Audit Committee shall act in accordance with the terms
of reference specified in writing by the Board pertaining to evaluation of IFC
4. Section 149(8) of the Act
Section 149(8) states the company and Independent Directors have to abide by
Schedule IV. The said schedule has put the onus on Independent Directors to statisfy
themselves that the financial control and risk management are robust and defensible.
New Provisions in the Act for Internal Control
5. Inclusive definition of KMP (Key Management Personnel) has made them liable in the
event of default. As defined in Sec 2(51) of the Act, KMP would include the Chief
Executive Officer or the managing director or the manager; the company secretary;
the whole-time director; the Chief Financial Officer; and such other officer as may be
143
prescribed. In case of Sec 2(60) of the Act the Officer in Default includes KMP thus
the onus on KMP has increased to maintain the compliance of Internal Controls.
6. Precisely defining Independent Director under Sec 2(47) of the Act, setting up criteria
under Sec 149(6) for appointment of Independent Director and a specific composition
of Board has enhanced the involvement of all Directors has envisaged prompt and
transparent decision making.
7. According to Sec 245 of the Act, Class Action Suits can be filed against Company,
Directors, Audit Firms, Expert, Advisor, Consultant or any other person and
appointment of small shareholder director has enhanced the participation and
accountability of stakeholders.
Whistle Blower Policy under Sec 177(9)
8. Setting up of NCLT/NCLAT a specialized quasi-judicial body to faster and prompt
resolution of corporate issues.
Disclosures
1. Directors Responsibility Statement
2. Maintenance of Electronic Records
3. Disclosure as per Clause 55 of Listing Agreement
4. Tenure of Auditors and not refrain then for rendering certain services
5. Secretarial Audit as per Sec 204 of the Act
144
22. Recent Developments in the Cyber Environment and Data Protection
PART V
22. Recent Developments in the
Cyber Environment and Data Protection
History
As computer have evolved from 1st Generation Computers to 5th Generation Computers , they
have taken the entire world into their stride from high to low. On one hand it has opened up in-
finite possibilities and opportunities and at the other they have created threats. The internet is
spinning the web deeper and deeper and is creating more and more information. The personal
information is quickly become public and is exposing itself to be manipulated. The law makers
and law abiders are faced with new challenges posed by the ever changing digital world. On
one had they have to promote business which make use of this personal information to deliver
customised goods and services and at the same time safe guard the personal information like
a fiduciary. This article discusses about the cyber space, threat posed to personal data, social
media, responsibility of intermediaries through whom this data on social media is shared liked
and forwarded. The article also speaks about the remedy our law makers have brought forward
by enacting The Draft personal data Protection Bill, 2018 and the amendments made to the
Information Technology (Intermediary Guidelines) Rules 2011.
In 1850s, Charles Darwin, a British naturalist proposed the theory of biological evolution
through natural selection. He called evolution as “descent with modification,” the idea that
species change over time, give rise to new species, and share a common ancestor. And the
term “survival of the fittest” as mechanism of natural selection. Modern science is amazed
to see how human beings have evolved with modification. The theory of evolution seems to
be omnipresent at all levels from humans to computers from farming to industries and from
the generations of computers. Therefore the term evolution is used to define something that
has witnessed and has undergone change or modification. The 150 year old theory makes its
foothold stronger with the way “Ages” have been modified from stone age to information age.
At the dawn of 21st century the computers evolved to create various “generation” of comput-
ers. With computers silently seeping into the lives of people and information floating around
everywhere, 21st century soon transformed to information age. With computers and internet
being the integral part of life of humans in this century, it has connected the world like never
before. The individuals in general and the business in particular have benefited from the geog-
raphy less environment where only the best can be purchased and only the best can be sold.
When the economies became digital the physical boundaries of markets vanished and the
business became global. In initial years the internet was used for mundane jobs and to perform
repetitive task. Since birth, computers and the internet itself have gone through major chang-
es. Computers evolved from very large size machines to now being palm size. What started as
a network for military operations has become worldwide web. With these changes information
145
is exchanged like never before. With every new generation of computers, their capacity to
perform tasks has undergone a wider change. The 4th Generation computer which used mi-
croprocessors has created breakthrough in the way computers became available to commoners
and are used to develop business. The 5th Generation of computers with Artificial Intelligence
are advanced versions of their earlier versions and are used in defence and some specific in-
dustries where precision is utmost required.
A gamut of various activities on the internet is called as cyber space. A cyber space is the space
created by computer networks. Humongous amount of activities could be performed in this cy-
ber space. E-Commerce is one of the areas which has contributed largely in changing the land-
scape of doing business. E commerce is the platform for doing business through the medium
of cyber space. E-commerce has created virtual markets beyong the boundaries of the nation.
The businesses have benefited through ecommerce as they are able to reach larger customers,
enter new markets without then actual need to enter the territory of other country. E commerce
can take place through various from like B2B where the transaction takes place between two
businesses, b2C where transactions take place between business and consumers, C2C where
the customers use the e commerce platform for sale to other consumers. The number and na-
ture of transactions through web portals has evolved through years. One can sell from pin to
pen, provide services and in recent times even borrow and lend money.
The 5th generation of computer have introduced us to the field of Artificial intelligence, Robot-
ics, data mining and such other concepts some of them are discussed here
Artificial Intelligence
Artificial intelligence (AI) is an area of computer science that emphasizes the creation of in-
telligent machines that work and reacts like humans. Some of the activities computers with
artificial intelligence are designed for include:
• Speech recognition
• Learning
• Planning
• Problem solving
Artificial intelligence (AI) makes it possible for machines to learn from experience, adjust to
new inputs and perform human-like tasks. Most AI examples that we hear about today from
chess-playing computers to self-driving cars – rely heavily on deep learning and natural lan-
guage processing. Using these technologies, computers can be trained to accomplish specific
tasks by processing large amounts of data and recognizing patterns in the data.
Data Mining
Data mining is the process of finding anomalies, patterns and correlations within large data
sets to predict outcomes. Using a broad range of techniques, you can use this information to
increase revenues, cut costs, improve customer relationships, reduce risks and more. It is the
146
process of digging through data to discover hidden connections and predict future trends. It
comprises of three intertwined scientific disciplines: statistics (the numeric study of data re-
lationships), artificial intelligence (human-like intelligence displayed by software and/or ma-
chines) and machine learning (algorithms that can learn from data to make predictions).
The complex the data sets are collected that help to uncover relevant insights. Data mining
is used by Retailers, banks, manufacturers, telecommunications providers and insurers, to
discover relationships among everything from pricing, promotions and demographics to how
the economy, risk, competition and social media are affecting their business models, revenues,
operations and customer relationships.
Big data
Big data is a term that describes the large volume of data – both structured and unstructured –.
Big data can be analyzed for insights that lead to better decisions and strategic business moves.
The importance of big data lies in the fact that what we do with the data that you have. Data
can be taken from any source and analyze it to find answers that enable cost reductions, time
reductions, new product development and optimized offerings, and smart decision making.
When big data is combined with high-powered analytics, it helps accomplish the business-re-
lated tasks such as:
• Determining root causes of failures, issues and defects in near-real time.
• Generating coupons at the point of sale based on the customer’s buying habits.
• Recalculating entire risk portfolios in minutes.
• Detecting fraudulent behavior before it affects your organization.
Robotics:
Robotics is an interdisciplinary branch of engineering and science that includes mechanical
engineering, electronics engineering, computer science, and others. Robotics deals with the
design, construction, operation, and use of robots, as well as computer systems for their con-
trol, sensory feedback, and information processing.
These technologies are used to develop machines that can substitute for humans and replicate
human actions. Robots can be used in any situation and for any purpose. They are used in
dangerous environments such as bomb detection and deactivation, manufacturing processes,
or where humans cannot survive.
Robots can take on any form but some are made to resemble humans in appearance. Such ro-
bots attempt to replicate walking, lifting, speech, cognition, and basically anything a human
can do.
Internet of Things (IoT)

The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances, and
other items embedded with electronics, software, sensors, actuators, and connectivity which
147
enables these things to connect and exchange data, creating opportunities for more direct in-
tegration of the physical world into computer-based systems, resulting in efficiency improve-
ments, economic benefits, and reduced human exertion.
Legal Challenges faced by technological advancement

Although e-transactions became very popular, they did not have legal validity until the same
could be included in the laws that governed the transactions on the internet. One of the most
important issues faced by legal professionals in the early days of e- commerce was to enforce
contracts. One of the elements of a valid contract is the acceptance. In case of web transactions
the acceptance is indirect. It happens when a user clicks on “pay” button or clicks “Accept”
button on the web. To integrate the concepts of law , various existing statutes were required to
be amended and new once had to be introduced.
Cyber laws had to be introduced to put a check on the malicious activities on the internet. The
laws prevailing in the area of cyber space area are called as cyber laws. They bring within their
ambit all the users of cyber space worldwide.
The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory
mechanisms which would further strengthen the legal infrastructure, so crucial to the success
of Electronic Commerce. All these governing mechanisms and legal structures come within
the domain of Cyber law.
Cyber law is important because it touches almost all aspects of transactions and activities and
on involving the internet, World Wide Web and cyberspace. Every action and reaction in cy-
berspace has some legal and cyber legal angles.
In India the Information technology Act, 2000 was incorporated and Reserve Bank of India Act
and Indian Evidence Act was amended o include evidence in electronic format. The objective
of Information technology law in India is
- To protect the legal recognition to E-transactions
- To provide legal recognition to digital signature as a valid signature to accept
agreements online
- To protect online privacy and stopping cyber crimes
- To give legal recognition to keeping accounting books in electronic form by bankers as
well as other organizations
Data Privacy-A challenge of new generation

With transactions going digital, a lot of data was being exchanged over the internet. In initial
years business used this information only as data bases and were very passive in processing
the information. They were mainly used for statistical purposes. But in recent times the infor-
mation is being converted into data (ie into a format which can be used for a specific purpose)
into a matter of seconds. In fact these days an individual gives away data even without his own
knowledge.
148
An act as simple as eating at restaurants, buying goods online or even hailing a taxi gives out
precious data about oneself. All the transactions that we enter into using either smartphones
or the computers require individual to fill in personal data about date of birth, age sex, resi-
dential address, phone numbers and financial information. This gives away information about
individual choices about what colour one likes to wear, what size fits him/her, what food he/
she like to eat etc etc. In other words an individual gives away his privacy even without his
knowledge.
Businesses on the other hand are using this data for commercial purposes. The bombarding of
advertisements about a product or services which you would have clicked upon while surfing
through the internet hound you everywhere. Not just this there are websites, where if you have
entered your date of birth and the size of dress that fits you, the website runs an algorithm by
which it puts before you analysis about what your age is, your ideal weight, if you are near
or far away from your healthy weight, what nutrition should you follow, exercise plan. It also
would give you addresses of nutritionists and Gymnasiums near your area of residence.
Such kind of bombarding of information may not seem harmful in first instance but it definite-
ly affects an individual’s privacy. That is why economies all over the world are increasingly
moving towards making laws that protect the privacy of individuals.
How is data collected

Most of the information that is collected is given away by the individual by filling forms either
online or offline. It can take form of registration forms, KYC documents while you purchase,
feedback forms, online surveys, downloading of various apps. Then with the help of comput-
ers vast quantity of information is processed in order to identify correlations and discover
patterns in all fields of human activity.
What happens to the information that is collected

The information is stored in vast data bases and can be mined using technology. Algorithms
are being used to comb data. Enterprises around the world are using technology for its proper
mining and the use of data is evolving every day. Proprietary algorithms are being developed
to comb this data and analyse the trends, patterns and hidden nuances by businesses.
Many of these activities are beneficial to individuals, allowing their problems to be addressed
with greater accuracy. For instance, the analysis of very large and complex sets of data is done
today through Big Data analytics. The results of these analysis can enable businesses and
government to gain insights into areas such as health, transport system, farming ,rural devel-
opment, weather forecasts food security etc..
The reality of the digital environment today, is that almost every single activity undertaken by
an individual involves some sort of data transaction or the other. The Internet has given birth
to entirely new markets: those dealing in the collection, organisation, and processing of per-
sonal information, whether directly, or as a critical component of their business model.
There are a large number of benefits to be gained by collecting and analysing personal data
from individuals. Pooled datasets allow quicker detection of trends and accurate targeting.
149
For instance, an individual‘s personal locational data could be used for monitoring traffic and
improving driving conditions on the road; banks can use Big Data techniques to improve fraud
detection; insurers can make the process of applying for insurance easier by using valuable
data from pooled data sets.
Huge data is processed by government as well. In fact the state is the largest processor of data.
Such personal data is used by government for such purposes as targeted deliver of social ben-
efits, effective planning and implementation, counter terrorism operations etc..
Need to protect Personal data

Sharing data may bring benefits, the products and services are tailor made thus reducing the
time and effort one spends in identifying what suits them. In todays world often one cannot
transact even simple tasks without giving away your personal information in one or the other
form. But sharing of data it is not without risks. Your personal data reveals a lot about you,
your thoughts, and your life. These data can easily be exploited to harm you, and that’s espe-
cially dangerous for vulnerable individuals and communities, such as journalists, activists,
human rights defenders, and members of oppressed and marginalized groups. That is why
these data must be strictly protected.
When data that should be kept private gets in the wrong hands, bad things can happen. A data
breach at a government agency can, for example, put top secret information in the hands of an
enemy state. A breach at a corporation can put proprietary data in the hands of a competitor.
Major sources of information which are compromised and are most prone to breaches are:
• Healthcare records
• Criminal justice investigations and proceedings
• Financial institutions and transactions
• Biological traits, such as genetic material
• Residence and geographic records
• Social media profiles and information
• Location-based services
• Web surfing behavior or user preferences using persistent cookies
In the light of challenges faced by many countries across the globe, the countries have started
to bring in laws that ensure that the personal data of its citizens is protected. In some coun-
tries like the European Union the personal data protection is viewed as the fundamental right
stemming from the right to protect dignity. In countries like United States of America, data
protection is meant to stop the government from barging into the lives of its citizens.
150
India’s Stance on Personal Data Protection

The Indian constitution works on two planks one it states that “state” is facilitator of human
progress and second that state is prone to excess. Hence it is checked by effectuating by verti-
cal and horizontal separation of powers. Also the constitution of India grants every individual
fundamental right which it can exercise against the state.
Right to privacy had not been recognized as fundamental right until the Supreme Court gave
its decision in Justice K. S. Puttaswamy (Retd.) v. Union of India. The article 21 of the constitu-
tion states that “No person shall be deprived of his life or personal liberty except according to
the procedure given by law. It means that even the state while exercising its right has to follow
certain procedure as laid down by law. Right to privacy stems from right to personal liberty.
Liberty of every citizen within the frame of being lawful and constitutional.
Hence India has followed an approach of being facilitator to businesses and at the same time
protecting the rights of its citizens. Thus businesses have to process data only for the purpose
and only to the extent required for a particular act. Hence the terms Data Fiduciary and Data
Principal have been used in the draft Personal Data Protection Bill 2018.
The challenge for regulators is to frame mechanisms wherein it is possible to utilize data while
simultaneously protecting an individual’s privacy preferences and their personally identifi-
able information. Hence, the laws and regulations related to Privacy and Data Protection are
constantly changing, as lawmakers endeavor strict and diligent compliance with data privacy
and security regulations.
DATA PROTECTION COMMITTEE AND THE DRAFT PERSONAL DATA PROTECTION BILL
2018
Although India has passed Information technology Act in 2000, yet it did not completely cov-
er the aspects of Personal data protection. To address this issue, Government of India had
constituted a Committee of Experts under the Chairmanship of former Supreme Court Justice
Shri B N Srikrishna in August 2017 to study various issues relating to data protection in India
and make specific suggestions on principles to be considered for data protection in India. The
Committee released a White Paper in November 2017 and the Government proposed the draft
The draft personal data protection Bill 2018 Bill on 27th July 2018 to protect citizens’ data and
privacy. The Bill provides for regulations of users’ personal data that is collected by various
third parties, including the state.
The proposed bill contains provisions with respect to grounds for processing of personal data,
sensitive personal data and personal and sensitive personal data of children. Transparency and
accountability measures have been laid down and restrictions have been placed on transfer of
personal data outside India. The Bill envisages establishment of a Data Protection Authority
that would function as India’s privacy regulator.
It also lays out provisions on data storage, making it mandatory for a copy of personal data
to be stored in India, and called for amendments to other laws, including the Right to Infor-
mation. Though the bill does not mention it directly, the report also suggests changes to the
Aadhaar Act.
151
Proposed Amendment To the Information technology(Intermediary Guidelines)(Amendment)

Rules 2018
Social media has been a platform where massive information is exchanges every minute.
These platform have acted as an effective means of expressing opinins and creating consensus
in public. It has been credited to some of the important movements in the country like An-
ti-corruption movement by Anna Hazare. Byt at the same time we have also seen increase in
lynching incidents. Under the name of freedom of speech social media has stirred communal
tensions, attacked innocent people and spread hateredness. Since social media is the fastest
means of communication today, its has the immense power to make or breal any situation or
for forming a public opinion. However it should be used responsibily. A great responsibility
has to be borne by all the intermediaries involved in running social media websites.
In order to combat this unique challenge of controlling the free social media, the Central gov-
ernment has proposed amendment to The Information technology(intermediary Guidelines)
Rules 2011.The proposed amendment was also in response to the judgment by The supreme
court in Tehseen Ponawalla case and Parjwala Letter case. The supreme court in its judgment
on 17 July 2018 in Tehseen Ponawalla case held that It shall be the duty of the Central govern-
ment as well as State governments to take steps to curb and stop dissemination of irresponsible
and explosive messages, videos and other material on various social media platforms which
have a tendency to incite mob violence and lynching of any kind.
The Supreme court in Prajawala letter case on December 11 2018,held that The Government
of India may frame necessary guidelines/SOP and implement them within two weeks so as to
eliminate child pornography, rape and gang rape imagery, videos, sites, content hosting plat-
forms and other applications.
• The draft Rules have been prepared keeping in mind the judgements given by SC.
• Highlights of the rules:
a. Draft Rule 3 requires for due diligence to be exercised by the Intermediaries it
requires the intermediary to publish the rules and regulations, privacy policy
and user agreement to ali its users and the users shall not host, display, upload,
modify, publish, transmit, update or share any information that
i. is harmful, harassing, blasphemous, defamatory, obscene, pornographic,
paedophilic, libellous, invasive of another’s privacy, hateful, or racially,
ethnically objectionable, disparaging, relating or encouraging money
laundering or gambling, or unlawful in any way
ii. which harms minors
iii. infringes Intellectual property rights
iv. violates any law for the time being in force
v. impersonates the other person
vi. contains computer virus that can destroy or limit the functionality of any
computer
152
vii. threatens the unity, integrity, defence, security or sovereignty of India,

friendly relations with foreign states,
viii. threatens public health or safety; promotion of cigarettes or any other
tobacco products or consumption of intoxicant including alcohol and
Electronic Nicotine Delivery System (ENDS) & like products that enable
nicotine delivery
Electronic Nicotine Deliver System(ENDS) also called e-cigarettes, personal
vaporizers, vape pens, e-cigars, e-hookah, or vaping devices, are products
that produce an aerosolized mixture containing flavored liquids and
nicotine that is inhaled by the user. ENDS can resemble traditional tobacco
products like cigarettes, cigars, pipes, or common gadgets like flashlights,
flash drives, or pens.
b. The intermediary shall not knowingly host or publish any information or shall not
initiate the transmission, select the receiver of transmission, and select or modify
the information contained in the transmission
c. The intermediary shall inform its users that in case of non compliance with the
rules and regulations , or violation of privacy policy or user agreement, the shall
have the right to terminate the user access and usage rights.
d. Where the intermediary has received a lawful order from the government agencies
it shall provide such information and assistance within 72 hours from the receipt
of such order.
The request has to me made in writing or through electronic means and shall
specify the purpose of seeking such information.
The intermediaries shall trace the originator of unlawful information for the
government agencies seeking such information.
e. Rule 7 of the draft rules states that the intermediary who has more than 50 lakh
users in India shall be a company incorporated under the companies Act 2013,
shall have a permanent address in india and shall appoint a person in India who
shall be a nodal person o for 24x7 coordination with law enforcement agencies
and officers to ensure compliance to their orders/requisitions made in accordance
with provisions of law or rules.
f. when an intermediary receives actual knowledge in the form of a court order
or is notified by a government agency under Section 79(3)(b) of the Information
Technology Act, it shall remove or disable access to unlawful acts.
g. the intermediary shall deploy technology based automated tools or appropriate
mechanisms, with appropriate controls, for proactively identifying and removing
or disabling public access to unlawful information or contents.
2
153
PART VI
23. EXPERT OPINION AND REPORT WRITING
Documenting an investigation is as important as performing it. A poorly documented case

file can lead to a disappointing conclusion, can result in a dissatisfied client, and can even
damage the financial accounting investigator’s reputation and that of the investigator’s firm.
Various means by which the Forensic Investigator may report his findings are discussed in
greater detail in this chapter.
Depending on the professional affiliations, one will be required to follow the reporting
standards of their profession.
TYPES OF REPORTS
The following types of reports are relevant.
Written reports
Report of investigation. This form of written report is given directly to the client, which
may be the company’s management, board, audit committee of the board, in-house counsel
or outside counsel. The report should stand on its own; that is, it should identify all of the
relevant evidence that was used in concluding on the allegations under investigation. This is
important because the client may rely on the report for various purposes such as corporate
filings, lawsuits, employment actions, or alterations to procedures and controls.
Expert report filed in civil court proceedings
Affidavits. These are voluntary declarations of facts and are communicated in written form
and sworn to by the witness (declarant) before an officer authorized by the court.
Informal reports. These consist of memos to file, summary outlines used in delivery of
an oral report, interview notes, spreadsheets listing transactions along with explanatory
annotations, and other, less-formal written material prepared by the investigation team.
Oral reports
Oral reports are usually given by the forensic investigation engagement leader to those
overseeing an investigation, such as a company’s board, or to those who represent the
company’s interests, such as outside counsel.
Oral reports involve giving a deposition—as a fact witness or expert witness—during which
everything that is said, by all parties to the deposition is transcribed by a court reporter.
BASIC ELEMENTS TO CONSIDER FOR INCLUSION IN A REPORT

• Identify your client
154
23. Expert Opinion and Report Writing
• In the case of a lawsuit, identify the parties

• State in broad terms what you were asked to do
• Describe your scope, including the time period examined
• Include mention of any restriction as to distribution and use of the report
• Identify the professional standards under which the work was conducted
• Identify exclusions in the reliance on your report
• State that your work should not be relied on to detect fraud
• Include the procedures you performed, technical pronouncements relied upon, and
findings
• Conclusions Based on Work Performed
• Summarizing your findings
A summary can be helpful to the reader but may be perilous for the report writer in terms
of keeping critical information and perspectives intact. Caution is advised when preparing
two types of summary sections: executive summary and conclusion.
It is not recommended to write a summary conclusion. If for any reason one nonetheless does
so, one should be careful not to offer an opinion on the factual findings
SAMPLE TABLE OF CONTENTS (FORENSIC INVESTIGATION REPORT)

EXECUTIVE SUMMARY
1.0 BACKGROUND
1.1 Origin of the Audit
1.2 Audit Objective
1.3 Proposed Audit Outputs
1.4 Audit Implementation Approach
2.0 RISK ANALYSIS
2.1 Internal Environment Risk
2.1.1 Financial Management
2.1.2 Customers, Products and Competitors
2.1.3 Information technology
2.1.4 Business Process
2.1.5 Human Resource Management
2.2 External Environment Forces
2.2.1 Influence of Economics and Loans Market
155
2.2.2 Political and Legal Scenario

2.2.3 Technology in Banking
3.0 EVIDENCE OF RISK EVENTS
3.1 Conflicts of interest
3.2 Bribery
3.3 Extortion
3.4 Cash theft
3.5 Fraudulent disbursements
3.6 Inventory frauds
3.7 Misuse of assets
3.8 Financial Statement fraud
4.0 AUDIT RECOMMENDATIONS
4.1 Logical Framework Approach
4.2 Preconditions and Risks
5.0 GOVERNANCE ON RECOMMENDATION IMPLEMENTATION
5.1 Stakeholders
5.2 Budget Considerations
List of Annexes
Annex 1: Members of the Interviews
Annex 2: Organization Chart of Bank
Annex 3: Financial Performance (YYYY to YYYY)
Annex 4: Audit Recommendation Logical Framework
Annex 5: Analysis of Key Risk Events
Many Others:
WORKING PAPERS
A forensic investigator, once engaged, needs to take certain internal steps to document
procedures, findings, and in some cases, recommendations. These elements of the
investigation process are documented in a collection of evidence termed working papers,
which divide into two broad categories: internal/administrative and substantive work product.
Depending on the assignment, substantive working papers in either hard copy or electronic
form may include many different items.
Any working papers created by the engagement team should be clearly marked to indicate
the name of the creator, the date, the source of information, the information’s classification,
156
23. Expert Opinion and Report Writing
and the issue addressed. Such working papers should also be secured so as to ensure that
only members of the immediate engagement team have access to them. Certain matters will
require the forensic investigators to prove that they have used reasonable means to secure
from others the working papers and other evidence. In such matters, custody can be proved
by ensuring that working papers be kept in a secure room with a sign-in sheet for all who
have access to the room.
MISTAKES TO AVOID IN REPORTING

Avoid Overstatement
The closer one sticks to the facts, all the facts, and just the facts, without embellishment, the
better the report. The facts should speak for themselves. This is not to say that all facts are
created equal: some facts are smoking-gun discoveries—for example, memos demonstrating
both knowledge and intent. However, even in respect of obviously important facts, one
should be careful not to overstate them.
Use Simple, straight forward language focused on the Facts

The task of the forensic investigator is to take a complex situation, properly investigate it to
determine the relevant facts, and then report those facts in a simple, straightforward manner
so that the reader or person hearing the report understands the facts and how they should
be interpreted for resolution of the allegations. Who was involved? How much damage was
caused? How did the events occur? Why did the company not catch the problem earlier? In
reporting the answers to these questions, there is no room for speculation.
RELATIONSHIP REVIEW
Most firms that provide Forensic Investigation services have their own procedures for
performing a relationship review, or conflicts check, that is, identifying relationships that
the firm may have had or now has with any of the parties involved.
The points reviewed and documented may well include the following:
• The date on which the relationship review was cleared
• The individual who cleared it
• Notations of pertinent discussions in clearing current and prior relationships
• The date on which the assignment was accepted
In order for Forensic Investigation to become familiar with a specific company or situation,
they may perform some background research such as checking the Internet, performing a
public records search, and searching various fee-based data bases. However, no investigative
work of substance should begin before the relationship check has cleared. Identifying a
conflicting relationship that may preclude a firm from accepting the assignment after work
has begun reflects negatively on the practitioner, the firm, and even the client, especially if
court-imposed deadlines—such as deadlines for naming experts—have passed.
2
157
24. MAJOR SCAMS/ FRAUDS THAT OCCURRED IN INDIA
1) Indian Coal Allocation Scam – 2012 – Size 1.86 L Crore

While many think that 2G scam remains the biggest one in size in India. But this coal
allocation scam dwarfs it by the amount involved. This scam is in regards to Indian
Government’s allocation of nation’s coal deposit to PSU’s and private companies. The scam
happened under Manmohan Singh government and came out in 2012.
The basic premise of this scam was the wrongful allocation of Coal deposits by Government
without resorting to competitive bidding, which would have made huge amounts to the
Government (to the tune of 1.86 Lakh crore). However, the coal deposits were allocated
arbitrarily.
2) 2G Spectrum Scam – 2008 – 1.76 L Crore

We have had a number of scams in India; but none bigger than the scam involving the
process of allocating unified access service licenses. At the heart of this Rs.1.76-lakh crore
worth of scam is the former Telecom minister A Raja – who according to the CAG, has
evaded norms at every level as he carried out the dubious 2G license awards in 2008 at a
throw-away price which were pegged at 2001 prices.
In some respects, this remains the biggest scam in India if you consider the inflation. The
2G spectrum allocation happened 5 years earlier than Coal Scam which came out in 2012.
The cases are still going on against many people including A. Raja, M. K. Kanimozhi and
many telecommunication companies as well.
3) Wakf Board Land Scam – 2012 – 1.52L Crore

In March of 2012, Anwar Maniapddy, the chairman of Karnataka State Minorities
Commission submitted a sensational report which alleged 27,000 acres of land, which was
controlled by Karnataka Wakf Board had been allocated illegally or misappropriated. The
value of land which was misappropriated was in tune of 1.5 to 2 lakh crore rupees.
The land managed by Wakf board, a Muslim charitable trust, is typically donated to under-
privileged and poor people of Muslim community. However, the report alleged that nearly
50 percent of the land owned by Wakf board was misappropriated by Politicians and Board
members in conjunction with real estate mafia at fraction of actual land cost.
The investigations for this are currently ongoing.
158
24. Major Scams/ Frauds that Occurred in India
4) Commonwealth Games Scam – 2010 – 70,000 Crore

Another feather in the cap of Indian scandal list is Commonwealth Games loot. Yes, literally
a loot! Even before the long-awaited sporting bonanza could see the day of light, the grand
event was soaked in the allegations of corruption.
It is estimated that out of Rs. 70000 crores spent on the Games, only half the said amount
was spent on Indian sportspersons. The Central Vigilance Commission, involved in probing
the alleged corruption in various Commonwealth Games-related projects, has found
discrepancies in tenders – like payment to non-existent parties, wilful delays in execution
of contracts, over- inflated price and bungling in purchase of equipment through tendering
and misappropriation of funds.
5) Telgi Scam – 2002 20,000 Crore

As they say, every scam must have something unique in it to make money out of it in an
unscrupulous manner- and Telgi scam had all the suspense and drama that the scandal
needed to thrive and be busted. Abdul Karim Telgihad mastered the art of forgery in printing
duplicate stamp papers and sold them to banks and other institutions. The tentacles of the
fake stamp and stamp paper case had penetrated 12 states and was estimated at a whooping
Rs. 20000 crores plus. The Telgi clearly had a lot of support from government departments
that were responsible for the production and sale of high security stamps.
6) Satyam Scam – 2009 – 14,000 Crore

The scam at Satyam Computer Services is something that will shatter the peace and
tranquillity of Indian investors and shareholder community beyond repair. Satyam is the
biggest fraud in the corporate history to the tune of Rs. 14000 crores.
The company’s disgraced former chairman Ramalinga Raju kept everyone in the dark for a
decade by fudging the books of accounts for several years and inflating revenues and profit
figures of Satyam. Finally, the company was taken over by Tech Mahindra which has done
wonderfully well to revive the brand Satyam.
7) The Fodder Scam – 1990s 1,000 Crore

You haven’t heard of Bihar’s fodder scam of 1996, you might still be able to recognize it by
the name of “CharaGhotala,” as it is popularly known in the vernacular language. In this
corruption scandal worth Rs.900 crore, an unholy nexus was traced involved in fabrication
of “vast herds of fictitious livestock” for which fodder, medicine and animal husbandry
equipment was supposedly procured.
8) Bofors Scam – 1980s & 90s – 100 to 200 Crore

The Bofors scandal is known as the hallmark of Indian corruption. The Bofors scam was a
major corruption scandal in India in the 1980s; when the then PM Rajiv Gandhi and several
others including a powerful NRI family named the Hindujas, were accused of receiving
kickbacks from Bofors AB for winning a bid to supply India’s 155 mm field howitzer.
159
The Swedish State Radio had broadcast a startling report about an undercover operation
carried out by Bofors, Sweden’s biggest arms manufacturer, whereby $16 million were
allegedly paid to members of PM Rajiv Gandhi’s Congress.
Most of all, the Bofors scam had a strong emotional appeal because it was a scam related to
the defence services and India’s security interests.
9) The Hawala Scandal – 199091 – 100 Crore

The Hawala case to the tune of $18 million bribery scandal, which came in the open in
1996, involved payments allegedly received by country’s leading politicians through hawala
brokers. From the list of those accused also included Lal Krishna Advani who was then the
Leader of Opposition. Thus, for the first time in Indian politics, it gave a feeling of open
loot all around the public, involving all the major political players being accused of having
accepted bribes and also alleged connections about payments being channelled to Hizbul
Mujahedeen militants in Kashmir.
10) Harshad Mehta & Ketan Parekh Stock Market Scam–1992–5000 Crore combined
Although not corruption scams, these have affected many people. There is no way that the
investor community could forget the unfortunate Rs. 4000 crore Harshad Mehta scam and
over Rs. 1000 crore Ketan Parekh scam which eroded the shareholders wealth in form of big
market jolt.
2
160
25. Forensic Investigation Report Format
25. FORENSIC INVESTIGATION REPORT FORMAT
TO:
FROM:
SUBJECT:
REF:
DATE:
I. Background
The background section should generally be about two paragraphs. It should state very
succinctly why the fraud examination was conducted (e.g., an anonymous tip was received,
an anomaly was discovered during an audit, money or property was missing).
You may also state who called for the examination and who assembled the examination team.
II. Executive Summary

For a simple fraud examination, the executive summary should be no more than four or
five paragraphs. For a more complex case, the summary may reach a page in length. In
this section, you should also summarize what actions you performed during the fraud
examination, such as reviewing documents, interviewing witnesses, conducting analyses or
tests, etc. It provides the reader with an overview of what you did during the examination
process. At the end of this section, you should summarize the outcome of the examination.
III. Scope
This section should consist of just one paragraph explaining what the scope of the fraud
examination was. For example, “Determine whether or not inventory was misappropriated
from the warehouse,” or “Determine why money is missing from the bank account.”]
For Example:
The objective of the Fraud Examination Team was as follows:
Determine the existence of a possible misappropriation of assets of XYZ Ltd, Incorporated.
The examination is predicated upon an anonymous telephone call alleging improprieties on
the part of Linda Reed Collins, Bailey’s purchasing manager.
IV. Audit Approach

This section gives a brief description of the following items:
a) Fraud examination team members
161
b) Procedures (generally what documents were reviewed or what tests were conducted)
c) Individuals interviewed It provides a handy reference as to who was involved in the
fraud examination, what the team reviewed, what tests or analyses were conducted,
and what individuals the team interviewed.
V. Audit Findings
This section contains the details of the fraud examination. It will generally consist of several
pages. In this section you should describe what tasks you performed and what you found.
Provide enough detail so that the reader understands what occurred, but not so much detail
that the reader begins to lose interest or becomes bogged down in the details. The reader
wants to know how many invoices were forged, who was involved, how did they do it, what
proof do you have, etc. If the findings section is long, you may wish to use subheadings
for particular topics or individuals to make it easier for the reader to stay organized. The
information can be presented either chronologically or by topic — whatever makes it easier
for the reader to follow.
VI. Summary
This section should be one or two paragraphs and should succinctly summarize the results of
the fraud examination. It should be similar to the outcome stated at the end of the Executive
Summary section.
VII. Disclaimer
In this section auditor should write report disclaimer and limitations to the assignment if
any to safeguard himself on accuracy of the data or information gathered including audit
evidence and/or provided by the client.
2
162
26. Formats for Various Undertakings/Certificates
26. FORMATS FOR VARIOUS UNDERTAKINGS/CERTIFICATES
CONSENT TO RECORD
____________(Date)
_________(Location)
I,__________________________________(Name)_________________________________________
_______________________ __________________________________________(Address), Hereby
authorize ______________________________________and_________________________________
__________,
Representative of_____________________________(Company Name), to place a Body Recorder
on my person for the purpose of recording any conversation with______________________
___________ _____________________________(Name of subject (s)) which I might have on
or____________(Date)
I have given this permission voluntarily and without threats or promises of any kind.
___________________
(Signature)
Witness:
1.______________
2______________
CONSENT TO SEARCH
______________ (Date)
___________ (Location)
I, ____________________________________________________ (Name), having been informed
of my constitutional right not to have a search made of the premises hereinafter mentioned
without a search warrant and of my right to refuse to consent to such a search, hereby
authorize _________________ ______________________________________, and ____________
_______________________ to conduct a complete search of my premise located at________
_____________________________________________________________. The above-mentioned
individuals are authorized by me to take from my premises any letter, papers, materials or
other property which they might desire.
163
This written permission is being given by me voluntarily and without threat or promises of
any kind.
_______________________
(Signature)
Witnesses:
1.__________________
2.__________________
This is to certify that on ________________at____________________________________
___________________________, the individual described above, conducted a search of ________
_____________________________________________________________.
I certify that nothing was removed from my custody.
________________________
(Signature)
Witnessed:
1._________________
2.__________________
CONSENT TO SEARCH
On (date)________________________________________________________item (s) listed below
were:
_______Received from
_________Returned to
_________Released to
(Name)_______________________________________________________________________________
(Street Address) _______________________________________________________________________
(City)_________________________________________________________________________________
Description of item (s):
1. _____________________________________________________________________________
2. _____________________________________________________________________________
3. _____________________________________________________________________________
4. _____________________________________________________________________________
164
5. _____________________________________________________________________________
6. _____________________________________________________________________________
7. _____________________________________________________________________________
8. _____________________________________________________________________________
Received by: __________________________________________________________________________
Received from: _______________________________________________________________________
CUSTOMER CONSENT AND AUTHORIZATION FOR ACCESS TO FINANCIAL RECORDS

I, ________________________________ (Name of customer), having read the explanation of
my rights which is attached to this form, hereby authorize the _________________________
_______________________________________________________________ (Name and address of
Financial Institution) to disclose these financial records:
To, _______________________________________________________________ (Name of person (s))
For the following purpose (s):
_____________________________________________________________________________________
I understand that this authorization can be revoked by me in writing at any time before my
records, as described above, are disclosed, and that this authorization is valid for not more
than three months from the date of my signature.
_____________ (Date) __________________________
(Signature of Customer)
__________________________
(Address of Customer)
___________________
(Witness)
EVIDENCE CONTROL LOGS

Bank Safe Deposit Box: ___________ (Name of Bank)
Evidence control centre location________________ ____________________ (Address of Bank)
REPOSITORY
Office safe/ Vault Location________________ others: ________________ (Files Cabinet, etc.)
Location: ______________________________
165
(1) (2) (3) Entered Departed

Signature of person(s), placing Reasons File case
evidence in or removing from No.
repository. If entry to facility for
other reasons, briefly state in
cola 2.
Time Date Time Date
166
APPENDIX A
FRAUD EXAMINATION CHECKLIST
Case Name: ___________________ Case No.: ____________
Synod. Particulars Yes No

1. Fully debriefed all informants and Witnesses?
2. Documented the allegation in writing?
3. Identified all possible Schemes or indicators of fraud?
4. Developed Fraud Theory?
5. Notified legal counsel and discussed whether to proceed?
6. Obtained, Recorded and filed all pertinent information and
documents in the files?
7. Determined the potential loss?
8. Identified potential witnesses?
9. Determined if error or mistake made?
10. Reviewed Internal controls?
11. Developed an investigative plan?
12. Determined the type of evidence needed to pursue?
13. Identified indicators showing intent?
14. Reviewed payroll records and cancelled cheques?
– Identified all bank accounts
– Identified number of exemptions
– Identified who might be endorsing cheques
15. Reviewed personal expense reports?
– Identified unusually high expenses
– Identified credit card used
– Identified where suspect entertains clients
– Identified duplicate submissions
16. Performed background/ asset check?
– Driver’s license violations
– Motor vehicle registration records
– Regulatory licenses
– Vital statistics
– Building permits
167

– Business filings
• Fictitious names Indices
• Business licenses
• Corporate records
• Limited partnerships
• SEC filings
– Country and State records
• Criminal
• Civil
• Domestic
• Probate
• Real estate records
– Federal court filings
• Criminal
• Civil
• Bankruptcy
– Consumer credit records
– Business reporting services
17. Determined who should be interviewed?
18. Developed interview approach?
19. Preformed Financial Analysis
– Vertical Analysis
– Horizontal Analysis
– Ratio Analysis
– Rationalizations
– Industry Analysis
– Net Worth Analysis
20. Will undercover operation be used?
– Plan developed
– Approval received
– Operation completed
168

21. Will Surveillance be used?
– Plan developed
– Personnel set up
– Surveillance curtailed
22. Developed other informants?
23. Use Mail covers?
24. Performed link Analysis?
25. Identified computers that might be linked to investigation?
– Identify expertise needed
– Data downloaded
– Data printed
26. Performed Forensic Analysis
– Handwriting
– Typewriter
– Reviewed altered documents
– Ink analysis
– Document restoration
27. Interview conducted?
– Interview documented
– Signed statements received
– Identified other witnesses to interview
– Interviewee knows how to get in touch with one
28. Completed documentation and report to management?
29. Notified Management?
30. Employee(s) terminated?
– Received identification badge or deleted from system
– Notified security not to allow access to corporate
premises
– Personal belongings identified and arrangements made for
employee to collect
169

31. Report written?
– Heading
– Summary
– Memorandum
– Pertinent correspondence
– Documentation of interviews
– Pertinent evidence included
– Index
– Cover page
– Report approved by supervisor
32. Appointment made with law enforcement agency?
33. Follow-up contract made with investigators?
170
APPENDIX A
Case Name: ________________________ Case No.: ______________

S. Documents to be Examined To Do Date

No. Received
1. ACCOUNTING RECORDS:
• Balance Sheet
• Income Statement
• Statement of cash flows
• Bank statement
• Expense account
• Computer password
• others
2. PERSONNEL RECORDS:
• Date of Employment
• Signed ethics agreement (conflict of interest
statement)
• Current address
• Prior address
• Spouse’s Name
• Maiden Name
• Children’s Name
• Prior Employment
• Prior supervisor
• Insurance information (covered dependents)
• Employee evaluation (performance reviews)
• Garnishments
• Vacation schedule
• Other
171

No. Received
3. PERSONAL RECORDS
• Bank statements
• Tax returns
• Insurance policies
• Mortgage records
• Brokerage statements
• Credit card statements
• Telephone records
• Other business records
• Investments
• Vehicle information
• Diaries (calendars)
4. PUBLIC RECORDSPERSONAL
• Civil filing:
State
Federal
• Criminal Filings: State Federal
• Property Tax Records:
By Name
By Address
Tax Liens
Financing
Other
• Judgments: Garnishments
• Domestic Relations
Records Divorce
Property statement
Financial Statement
172

No. Received
Tax Returns
Depositions Probate
Records
• U.S. Bankruptcy Filings: Financial Statements
Bank Statements Property ownership
• Education Verification: University/ College
Professional Licenses UCC Filings
• Corporate Records:
Company Name
Individual (Incorporators)
Assumed Name Index
• Vehicle owned: Lien holder
• Boats Owned: Lien holder
• Aircraft Owned: Lien holder
5. PUBLIC RECORDS – BUSINESS
– Utility records
– UCC Filings
– Tax Receipts
• Tax liens
• Who actually pays the taxes?
– Post Office Box Application
– Civil Filings
• State
• Federal
– Assumed Name Index
– Corporate Charter (Bylaws)
– Business Credit History
• Dun & Bradstreet
• Better Business Bureau
– others
173
APPENDIX A
Case Name: ______________________ Case No.: __________________
Neutral Witnesses:
Name Phone Date Contacted Interview Report Date

Completed
174
APPENDIX A
Case Name: ______________________ Case No.: __________________
Adverse Witnesses:

Completed
175
APPENDIX A
Case Name: ______________________ Case No.: __________________
Co-conspirators:

Completed
176
APPENDIX A
Case Name: ______________________ Case No.: __________________
Suspects:

Completed
177
SAMPLE DOCUMENT RETENTION POLICY

This is only a SAMPLE DOCUMENT RETENTION POLICY (“DRP”), and is NOT LEGAL
ADVICE. It is only an example of a general DRP and should not be used without revision
to meet the particular administrative and legal needs of your organisation. There are many
federal, state and local laws that require organizations to retain documents for a certain
period of time that may not represented in this sample policy. All companies should counsel
licensed to practice law in their state before implementing a DRP
1. Purpose:
To ensure the most efficient and effective operation of ORGANIZATION (“organization”),
we are implementing this document retention policy (“DRP” or “Policy”). The records of
organization and its subsidiaries are important to the proper functioning of organization. Our
records include virtually all of the records you produce as an organisation employee. Such
records can be in electronic or paper form. Thus, items that you may not consider important
such as interoffice emails, desktop calendars and printed memoranda are records that are
considered important under this policy (e.g. what records to retain or destroy, when to do so,
or how) it is your responsibility to seek answers from organization’s DRP manager.
The goals of this DRP are to:
1. Retain important documents for reference and future use;
2. Delete documents that are no longer necessary for the proper functioning of
organization;
3. Organize important documents for efficient retrieval; and
4. Ensure that you, as an organisation employee, know what documents should be
retained, the length of their retention, means of storage, and when and how they should
be destroyed.
Federal and state law requires organization to maintain certain types of records for particular
periods. Failure to maintain such records could subject you and organization to penalties and
fines, obstruct justice, spoil legal evidence, and / or seriously harm organizations position
in litigation. Thus, it is imperative that you fully understand and comply with this, and
any future records retention or destruction policies and schedules UNLESS you have been
notified by organisation, or if you believe that:
1. Such records are or could be relevant to any future litigation,
2. There is a dispute that could lead to litigation, or
3. Organization is a party to a lawsuit; in which case you MUST PRESERVE such records
until organization are legal counsel determines that the records are no longer needed.
“Records” discussed herein refers to all business records of Organization (and is used
interchangeably with documents), including written, printed and recorded materials as
well as electronic records (i.e. emails, and documents saved electronically). All business
178
records shall be retained for a period no longer that necessary for the purpose conduct and
functioning of organization. No business records shall be retained longer than five years,
except those that;
1. Have periods provided for herein,
2. are in the document retention schedule, found at Appendix “A” or
3. are specifically exempted by organization’s DRP Manager
II. Management
To ensure compliance with this DRP, Organization’s DRP manager is responsible for the
following oversight functions:
• Implementing the DRP
• Ensuring the employees are properly educated, understand, and follow the DRP’s
purpose;
• Providing oversight on actual retention and destruction of documents;
• Ensuring the proper storage of documents
• Periodically following up with the counsel to ensure proper retention period are in
place;
• Ensuring the proper storage of documents;
• Suspending the destruction of documents upon foreseeable litigation; and
• Keeping corporate officers, directors, and employees apprised of changes in relation to
the DRP.
Organization’s DRP manager shall annually review the DRP, modify it accordingly and
inform and educate all organization employees on any such changes. All Questions relating
to document retention and/or destruction should be directly addressed to organizations DRP
manager
III. Types of Records

Appendix “A”, Attached at the end of this DRP, Lists several categories of records, as well as
specific records that certain specific retention periods. Document retention schedule (“DRS”).
All records not provided for in the DRS or described herein, shall be classified into three
types,
1. Temporary records
2. Final records
3. Permanent records.
179
Temporary Records
Temporary records include all business documents that have not been completed. Such
include, but are not limited to written memoranda and dictation to be typed in the
future, reminders, to do lists, report, case study, and calculation drafts, and interoffice
correspondence regarding a client or business transaction and running logs. Temporary
records can be destroyed, or permanently deleted if in electronic form (see protocol below for
the proper destruction of data in electronic form) when a project/ case/ file, gather and review
all such temporary records. Before you destroy or permanently delete these documents, make
sure you have duplicates of all the final records pertaining to the project/case/ file. Upon
destruction of deletion organize the final records (and duplicates) in a file marked “FINAL”
and store them appropriately.
Final Records
Final records include all business documents that are not superseded by modification or
addition. Such include, but are not limited to: documents given (or sent via electronic form)
to any third party not employed by organisation, or government agency; final memoranda
and reports; design/ plan specifications; journal entries; cost estimates; etc. all accounting
records shall be deemed final.
Except as provided for in the DRS, all final documents are to be discarded 10 years after the
close of a project/ case/ file.
Permanent Records
Permanent records include all business documents that define organization’s scope of work,
Expression of professional opinions, research and reference materials. Such include, but are
not limited to contracts, proposals, and materials referencing expert opinions annual financial
statements, federal tax return, payroll registers, copyright registrations, patents, etc.
Except as provided for in the DRS (Appendix “A”) all permanent documents are to be retained
indefinitely
Accounting and Corporate Tax Records

Accounting and corporate tax records include, but are not limited to: financial statements;
ledgers; audit records; invoices and expense records; federal, state, and property tax returns;
payroll; accounting procedures; gross receipts; customer records; purchase; etc.
Unless otherwise specified in the DRS. Such records should be retained for the minimum
of 6 years or until the statute of limitations for a particular record expires (please consult
organization’s counsel for time periods if you manage/ control such records.)
Workplace Records
Workplace records include, but are not limited to article of incorporation, bylaws, meeting
minutes, deed and titles, leases, policy statements contracts and agreements, patents and
trademark records, etc.
180
Unless otherwise specified in the DRS, such records should be retained in perpetuity
Employment, Employee, and Payroll Records

Employment records include, but are not limited to job announcements and advertisements;
employment applications, background investigations, resumes, and letters of recommendation
of persons not hired; etc.
Unless otherwise specified in the DRS. Such records should be retained for the minimum
of 1 year
Employee records include, but are not limited to employment applications, background
investigations, resumes and letter of recommendation of current and past employees’ records
relating to current and past employee’s performance review and complaints, etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of
3 years following unemployment with organization.
Payroll records include, but are not limited to wage rate tables; salary history; current rate
of pay; payroll deductions; time cards; w-2 and w-4 forms; bonuses; etc
Unless otherwise specified in the DRS, such records should be retained for the minimum of
6 (six) years.
Bank Records
Bank records include, but not limited to bank deposits; check copies; stop payment orders;
bank statements, cheque signature authorizations, bank reconciliations etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum
of 3 years.
Legal Records
Legal records include, but are not limited to all contracts, legal records, statements and
correspondence, trademark and copyright registrations patent, personal injury records and
statement, press releases, public findings etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum
of 10 years.
Historical Records
Historical records are those records that are no longer of use to organization but by virtues
of their age or research value may be of historical interest or significance to organization.
Historical records should be retained indefinitely.
181
IV. Storage
Tangible Records
Tangible records are those in which you must physically move to store, such as paper records
(including records printed version of electronically saved documents), photographs, audio
recordings, advertisements and promotional items. Active records and records that need to be
easily accessible may be stored in organization’s office space or equipment. Inactive records
can be sent to organizations offsite storage facility.
Electronic Records
Electronic mail should be either printed and stored as tangible evidence, or downloaded to
a computer file and kept electronically or on a disk.
Organization has computer software that duplicate file, which are then backed up on
central servers. If you have a notebook computer from organization that you work on out
of the office, your computer contains synchronization software that duplicates and back
up files when you long into the network. However, it is important that all employees take
precautionary measures to save work and records on organization’s network drive.
If you save sensitive or important records on computer disks, you should duplicate the
information in an alternate format because disks are easily lost or damaged.
V. Destruction/ Deletion Tangible records

Tangible Records should be destroyed by shredding or some other means that will render
them unreadable. If you have a record that you do not know how to destroy, such as a
photograph, compact disk, or tape recording, ask the advice of organization’s DRP manager.
Electronic Records
E-Mails records that you delete remain in organizations system. Thus, organization’s
information technology department will be responsible for permanently removing delete
emails from the computer system.
Deleting files and emptying the recycle bin is usually sufficient in most circumstances to
get rid of a record. However, because electronic records can be stored in many locations,
organization’s IT department will be responsible for permanently removing deleted files from
the computer system.
Keep in mind, where duplicate records are involved, both copies must be destroyed/ deleted
where proper.
VI. Cessation of record Destruction/ Deletion

If a lawsuit is filed or imminent, or a legal document request has been made upon
organization, ALL RECORD DESTRUCTION MUST CEASE IMMEDIATELY. Organization’s DRP
manager may suspend this DRP to require that documents relating to the lawsuit or potential
legal issue(s) be retained and organized. A critical understanding of this section is imperative.
182
Should you fail to follow this protocol, you and/ or organization may be subject to fines and
penalties, among other sanctions.
VII. Acknowledgement
I have read and understand the purpose of DRP. I understand that strict adherence to
this DRP is a condition of my employment with the organization. If I do not understand
something regarding this DRP, I will contact Organization’s DRP Manager immediately for
clarification. I Agree to Abide by Organization’s DRP.
_____________________________ ___________________________
Employee’s Signature Date
_____________________________
Employee’s Name (Print)
183
27. USEFUL WEBSITES
Sr. Description Website

No.
1 Association of Certified Fraud Examiners http://www.acfe.com/
2 Serious Fraud Investigation Office, India http://sfio.nic.in/websitenew/main2.asp
3 The Central Bureau of Investigation http://cbi.nic.in/
4 Enforcement Directorate www.enforcementdirectorate.gov.in
5 The Reserve Bank of India https://www.rbi.org.in
6 Insurance Regulatory and Development https://www.irda.gov.in/
Authority
7 Financial Intelligence Unit - India (FIU- http://fiuindia.gov.in/
IND)
8 The Securities and Exchange Board of www.sebi.com
India (SEBI)
9 Financial Intelligence Unit of http://www.imf.org/external/pubs/ft/FIU/
International Monetary Fund
10 Ministry of Corporate Affairs http://www.mca.gov.in/
11 Supreme Court of India http://supremecourtofindia.nic.in/
12 Telecom Disputes Settlement and Appellate www.tdsat.nic.in
Tribunal
184
9mm 180mm
Classic Publications Classic Publications
2019 2019 2019
Dr. Adukia’s Dr. Adukia’s Dr. Adukia’s

Dr. Adukia’s Dr. Adukia’s Dr. Adukia’s Best Selling Series
Complete Guide To Insight into New
Genius is Universal How To Be A Super Self Empowerment: of Model Test
Valuation Examination Insolvency Regime
Recognising your Super Successful Taking Control Papers on Valuation in India
Potential through Time Professional! of our Life Examinations
and Mind Management
2019 2019 2019
240mm
CMA
Legal and Practical How To Pass Limited Practical Guide for

Dr. Adukia’s How To Be A Super Super Blockchain Aspects of Alternative Insolvency Examination Valuation including
Zooming Your Business Successful Person In The – The Technology 3rd Edition
Dispute Resolution (ADR) Legal Framework in India
& Professional Growth Boundaryless World…!!! of Today
2019
Dr. Adukia’s In-Depth Analysis of the Magic Formulas

Dr. Adukia’s - The Role of State Reinvent Your Mind Strike Gold!! Ideal Corporate Insolvency and for Success
Co.op Soc. & Multistate Co.op Soc – And Change (The A To Z Dictionary 4th Edition
Governance Framework Bankruptcy Code, 2016
in Econommic Development of Nation Your Life of Becoming Rich) and the FRDI Bill, 2017
9mm 180mm
Author's Prole
2019
Price: ` 799/-
Dr. Rajkumar Adukia is an eminent Forensic Investigator who has He has undertaken more than 1000 individual development seminars,
2019
created mark for himself in the eld of Forensic investigations. His minute both for professionals and students across faculties, and have motivated
detail oriented approach and analytical mind has helped his clients more than 1,00,000 people.
detect frauds at the very grassroot level.
Encyclopedia on
Eminent Faculty
Dr. Adukia has addressed the CBI ofcers, ofcers of Serious Fraud Dr. Adukia is an eminent faculty and an authoritative speaker. He has
Investigation Ofce (SFIO), and various State Police Academies. He has addressed more than 5000 national seminars and 40 International
also addressed a global seminar at ACFE. seminars, across the globe. Some of the signicant addresses include:
Dr. Adukia possesses professional expertise gained and polished in a • Insolvency and Bankruptcy Board of India • Institute of Cost
career span of more than 36 years. He has dealt with all sorts of subjects Accountants of India • Institute of Company Secretaries of India •
and topics and complications and provided professional services to Institute of Chartered Accountants of India • Chamber of Indian Micro,
Banks, Financial Institutions, Corporates, Government Departments, Small & Medium Enterprises • Speaker in IIA’s 2013 International
and Regulators. Conference in Orlando on Green Audit. • Speaker in IIA’s 2018
He has been a faculty to various professional institutions like ICAI, ICSI, International Conference at Dubai on Sustainability. • Faculty in Indian
ICAI(Cost Accountant), Advocates, and other institutions like Institute of Corporate Affairs(IICA) for courses on Insolvency Laws and
Management, Banking etc. He has addressed various professional Corporate laws. • Faculty Speaker in Workshop on Commodity Risk
bodies and trade associations on subjects like Law, Taxation, Business Management for Bankers organized by CAFRAL (Centre for Advanced
Consultancy, Corporate Restructuring, Insolvency and bankruptcy Financial Research and Learning) • Faculty at National Institute of

Laws, Real Estate, Valuation, Intellectual Property Laws, Anti-Trust Laws, Securities Management (NISM) • Addressed the Programme for
Alternative Dispute Resolution, etc. at different points of time. Principal Inspecting Ofcers & Inspecting Ofcers by Reserve Bank of
Signicant Professional Achievements: India- Department of Non-Banking Supervision. • Addressed the
He is Chairman of Association of Indian Investors, a Section 8 National apex Chamber of Commerce and State apex Chamber of
Company wherein its main thrust is to educate the layman about the Commerce including his address to ASSOCHAM, Confederation of
principles of safe investment, the complexity of capital market, changing Indian Industry (CII), Federation of Indian Chamber of Commerce and
rules of market operations, design and implement effective Internal Industry (FICCI), and All India Manufacturers Organization (AIMO). •
Financial Control framework and provide Corporate Governance Addressed the SCOPE- Standing Conference of Public Enterprises
Services.
He is also Vice President of All India Insolvency Professional
Association. It is providing services in the eld of insolvency and
which is an apex professional organization representing the Central
Government Public Enterprises. It has also some State Enterprises,
Banks and other Institutions as its members. • Addressed the National
Academy of Audit and Accounts (NAAA) • Dena Bank • Central Bank
Forensic
bankruptcy, corporate restructuring etc. The Organization is currently
Investigation and
having 200 professionals all over India as its members. Education
Current& Past Memberships& Positions Held: Having graduated from Sydenham College of Commerce & Economics
in 1980 as 5th rank holder in Bombay University and he has also
240mm
• International Financial Reporting Standards (IFRS) Foundation SME received a Gold Medal for highest marks in Accountancy & Auditing. He
Group • INSOL India National Committee for Regional Affairs and •
Fraud Prevention
cleared the Chartered Accountancy Examination with 1st Rank in
Member of International Bar Association(IBA) and the following Intermediate and 6th Rank in Final. He also secured 3rd Rank in the Final
committees of IBA • Asia Pacic Regional Forum • Forum for Barristers Cost Accountancy Course. He has been awarded G.P. Kapadia prize for
and Advocates • Arbitration Committee • Bar Issues Commission (BIC) best student of the year 1981. He also holds a Degree in law, PhD in
• CAG Advisory Committee • Quality Review Board of ICAI
His long and dedicated service and contribution to the profession
Corporate Governance in Mutual Funds, MBA, Diploma in IFRS (UK),
and Diploma in Labour law and Labour welfare, Diploma in IPR, Diploma (Including Cyber Security
include: in Criminology.
• International Member of Professional Accountants in Business
Committee (PAIB) of International Federation of Accountants (IFAC)
He has done Master in Business Finance, a one year post qualication
course by ICAI. He has also done Certicate Courses conducted by ICAI
and Digital Forensics)
from 2001 to 2004. • Member of Inspection Panel of Reserve Bank of on
India. • Member of J.J. Irani Committee (which drafted Companies Bill, • Arbitration • Forensic Audit and Fraud prevention • Concurrent Audit
2008, which later became the Companies Act, 2013). • Member of
Secretarial Standards Board of ICSI. • Member of Cost Accounting Awards and Accolades
Standards Board of The Institute of Cost Accountants of India. • Member He has been felicitated with awards like
of Working Group of Competition Commission of India, National • The Jeejeebhoy Cup for prociency and character, • State Trainer by
Housing Bank, NABARD, RBI, CBI etc. • Independent Director of Mutual the Indian Junior Chamber, • “Rajasthan Shree” by Rajasthan Udgosh, a
Fund Company and Asset Management Company. • Worked closely noted Social Organization of Rajasthan and • Several other awards as a
with the Ministry of Corporate Affairs on the drafting of various successful leader in various elds. • National Book Honors Award 2018
enactments. Dr. Adukia continuously endeavors to help the clients achieve the
Sharing of Knowledge desired results through customized and innovative solutions which
Dr. Adukia rmly believes in Knowledge shared is knowledge gained. involve focusing on exploring opportunities and leveraging them to Dr. Rajkumar S. Adukia
Just like happiness, knowledge increases by sharing. He has enhance the growth and expansion of his clients. Author of 300 plus books | Winner of National Book Honour Award 2018
contributed articles to Management Journal, Chartered Secretary, Sharing the knowledge is enhancing the knowledge. Dr. Adukia
Business India, Business Analyst, Financial Express, Economic Times, encourages the precise energies in research, training, seminars, and
B.Com. (Hons.), FCMA, FCA, FCS, LL.B., MBA, M.Com. (Part-I),
The Views Journal, Accommodation Times, The Global Analyst and books writing in the eld, the one has passion. Dip IFRS (UK), DLL&LW, DIPR, Dip in Criminology, Ph.D.
many professional magazines and newspapers.
Mobile: 098200 61049
E-mail ID: drrajkumar@globalforensic.in
Author of 300 plus books | Winner of National Book Honour Award 2018
B.Com (Hons.), FCMA, FCA, FCS, LL.B., MBA, M.Com. (Part-I),

Mobile: 098200 61049 E-mail ID: drrajkumar@globalforensic.in
© by DR. RAJKUMAR S. ADUKIA

Dr. Adukia Forensic

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Dr. Adukia Forensic

Uploaded by

Copyright:

Available Formats

9mm 180mm

Encyclopedia on Forensic Investigation and Fraud Prevention

B.Com (Hons.), FCMA, FCA, FCS, LL.B., MBA, M.Com. (Part-I),

Classic Publications Classic Publications

2019 2019 2019

Dr. Adukia’s Dr. Adukia’s Dr. Adukia’s

Legal and Practical How To Pass Limited Practical Guide for

Dr. Adukia’s In-Depth Analysis of the Magic Formulas

Dr. Rajkumar S. Adukia

4th Edition: April, 2019

Encyclopedia on Forensic Investigation and Fraud Prevention

Dr. Rajkumar S. Adukia

ABOUT PRECISE CYBER AND FORENSIC SERVICES PRIVATE LIMITED

Office- 6, Building No.1, ground Floor, Meridien Apartment,

PRECISE CYBER AND FORENSIC SERVICES PRIVATE LIMITED is providing consultancy

Forensic Audit Business Intelligence IT Forensic Advisory

Industry Expertise • Our Values & Commitments

RISHABH ACADEMY PRIVATE LIMITED

Services provided by Rishabh Academy Private Limited::

 Providing consultancy services on various complex issues

 Training on international subjects like International Public-Sector Accounting Standards,

 Organises workshops, trainings and guidance/seminar programs for transferring

 Conducting self-development programmes on topics like time management, managing

 Providing opportunities in co-authoring of books

 Business related training

From Gaining Expertise to Authoring Books

“In the long history of humankind those who learn to

I take this opportunity to invite both budding and established professionals/entrepreneurs/

You may feel free to contact me at rajkumar@drrajkumaradukia.com or reach me on my

To receive regular updates kindly send test e-mail to rajkumarfca+subscribe@googlegroups.

Dr. Rajkumar S. Adukia

Emergence of Computer Forensics

unauthorised or unethical IT activities. It is undeniable that this is the fastest growing

Financial Sector Frauds

Typical Approach to a Forensic Investigation

Difference between Forensic Investigation and Other Audits

Sr. Particulars Other Audits Forensic Investigation

Sr. Particulars Other Audits Forensic Investigation

2. ADVANTAGES OF FORENSIC INVESTIGATION

Forensic Investigation involves examination of legalities by blending the techniques of

Why engage a Forensic Investigator?

Uses of Forensic Investigation:

Key Benefits of Using Forensic Investigators

3. EVOLUTION OF FORENSIC INVESTIGATION

developing auditing standards, conducting investigations and ensuring corporate compliance.

4. EVOLUTION OF FORENSIC INVESTIGATION IN INDIA

5. STEPS / CONDUCT OF FORENSIC INVESTIGATIONS

Fraud is considered to involve misrepresentation with the intent to deceive. If a company

Broad Stages of Forensic Investigation:

1. Accepting the investigation:

2. Planning or Objectives of the investigation:

3. Gathering Evidence or Technique:

4. Reporting: Report contains

6. FRAUD RISK ASSESSMENT

What is Fraud Risk Assessment?

• A likelihood assessment of the fraud risk occurring.

Purpose of Risk Assessment

Types of Risk Assessments

Fraud Risk Assessment

Importance of Fraud Risk Assessment

Preparing a Fraud Risk Assessment

7. FORENSIC INVESTIGATION TECHNIQUES

3. Digital Forensic Examinations

4. Face to Face Interviews

Categorization of Fraud Detection Methods

Strategic Fraud Detection Approach

Fraud Symptoms for Kickbacks

OECD ANTIBRIBERY CONVENTION