Forensics Data Analysis

Engagement Area Examples

Money laundering
Insurance claims
Employee fraud investigations
GAAP violations
GAAS violations
Telemarketing fraud
Check kiting
Contract and procurement fraud
Asset misappropriation
Securities fraud
Financial statement fraud
Bankruptcy fraud
Credit card fraud
Embezzlement
 Why Fraud Occurs

Opportunity

Fraud Triangle

Pressure Rationalization
 Digital Analysis:
Benford’s Law

Computer Assisted Audit Tools and

Techniques (CAATTs)
 Topics Addressed in Lecture 8
 Categories of CAATTs
 Productivity Tools
 Generalized Audit Software Tools
 CAATs and CAATTs
 CAATs: Computer Assisted Audit Techniques
 CAATTs: Computer Assisted Audit Tools and
Techniques
– Software used to increase an auditor’s personal
productivity and to perform data extraction and
analysis
– Techniques to increase the efficiency and
effectiveness of the audit functions
Categories of CAATTs
 Productivity Tools

 E-workpapers
– Automatically generate audit programs and internal control
questionnaires
 Groupware
– Facilitate sharing of information across firms and between
the auditor and the client
 Time and Billing Software
– Ease the process of accounting for chargeable hours, and
compile and prepare bills, e.g. fx Practive, Timeslips, Bill
Central Time and Billing
 Productivity Tools

 Reference Libraries
– Locate company-specific policies and procedures
– Search for authority when researching a
particularly thorny problem
 Document Management
– Make document storage readily available and
practical and enhance the auditor’s productivity
Generalized Audit Software Tools

 Audit Expert Systems

– Have been used since the late 1980s for everything from
audit planning, setting materiality, and performing risk
analysis to evaluating internal controls
– All Big Four accounting firms use expert systems for audit
and/or tax applications
 Utility Software
 Statistical Software
 CAATs to Verify Data Integrity

 Use computer audit techniques to uncover anomalies.

 After import the data into ACL (Audit Command
Language), we can perform:
– Counting
– Verifying
– Statistics
– Stratify
– Age
– Gaps and Duplicates
 CAATs to Detect Fraud

 Two special CAATs for fraud detection:

– Digital analysis: use the statistical properties of a series of
naturally occurring numbers through the use of Benford’s
Law.
– Data query model: determine if the evidence obtained from
the CAAT fits within the context of that obtained during
auditing, including tests of controls, substantive testing,
interviews with client personnel, risk assessment performed
during audit planning, and the environment in which the
business operates.
 Benford’s Law
 Common Sense (False):
– The first digit of a series of naturally occurring
numbers follows a uniform distribution
– Each digit has an equal probability of occurring

 Benford’s Law (True):

– The expected frequency of first digits follows
exponential distribution
– The data size should be large enough to support the
test
 Continuous Auditing Techniques

 Continuous auditing refers to the auditor’s

daily online access to client’s data.

 Embedded audit routines screen data and run

batch programs to detect anomalous data as
they occur.
 Continuous Auditing
 According to The Institute of Internal Auditors' (The IIA) Global
Technology Audit Guide (GTAG) Continuous Auditing:
Implications for Assurance, Monitoring, and Risk Assessment,
continuous auditing is defined as the automatic method used to
perform control and risk assessments on a more frequent
basis. As the guide states, technology plays a key role in
continuous audit activities by helping to automate the
identification of exceptions or anomalies, analyze patterns within
the digits of key numeric fields, review trends, and test controls,
among other activities.

– Dynamic in nature: an auditor can turn continuous audit processes on or off based
on current system demands
 Continuous Auditing vs
Traditional Auditing
 Continuous auditing provides
– a more proactive approach
– Increased efficiency and effectiveness
» Increased automation levels
» Enables direction of auditor focus based on
immediate, real-time data
– Potential expansion of the audit scope
 Continuous Monitoring vs
Continuous Auditing
 Continuous monitoring: a management function to ensure
that company policies, procedures, and business processes
are operating effectively and addresses management’s
responsibility to assess the adequacy and effectiveness of
internal controls
– Involves automated testing of all transactions and system
activities within a given business process area against
control rules
 Continuous Auditing: enables auditors to evaluate the
adequacy of management’s monitoring function and identify
and assess risk areas.
Taken from http://www.theiia.org/intAuditor/itaudit/archives/2008/february/six-steps-to-
an-effective-continuous-audit-process/
ACL RESOURCES
ACL Demos:
https://www.youtube.com/watch?v=UorMkZ3j6T8
https://www.youtube.com/watch?v=Ui2A0AWUjO8
https://www.youtube.com/watch?v=o5jzjY9K6m4

ACL Add a Field:

https://www.youtube.com/watch?v=GtZFPzcN5HA

ACL Duplicates:
https://www.youtube.com/watch?v=RAxEtOsocQ0
https://www.youtube.com/watch?v=-dSTZp_ctSE

Benfords Law:
https://www.youtube.com/watch?v=vIsDjbhbADY

ACL and SAP:

https://www.youtube.com/watch?v=TSJQZq40zps