The document discusses the role of internal audit in fraud prevention and detection. It covers relevant standards, fraud awareness, fraud risks and types of fraud. It describes the roles and responsibilities of management, external auditors, internal auditors in preventing and detecting fraud. It provides facts about typical fraud cases and profiles of fraudsters based on reports by the Association of Certified Fraud Examiners. The document emphasizes the importance of professional skepticism, communication with the board, and fraud risk assessments for internal auditors."
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
Role of Internal Audit in fraud prevention and detection
1. Role of Internal Audit in
Fraud Prevention and Detection
(with fraud investigation
process)
ZEESHAN SHAHID
AUGUST 20, 2021
This Photo by Thoufeeq Ahamed is licensed under CC BY-SA-NC
2. Zeeshan Shahid
• Chartered Accountant; Certified Fraud Examiner;
>18y experience; served as partner in Deloitte
and Yousuf Adil
• >10y running country’s first dedicated Forensic
practice in Deloitte; Experience of investigating
allegations of fraud, abuse, bribery, corruption
and misconduct in public (federal, provincial and
corporate), private (domestic and MNCs for
FCPA/UKBA), non-profit (foreign government
and NGO)
3. Overview
• Fraud and internal audit – Relevant
standards
• Fraud awareness
• Roles and responsibilities
• Fraud risk assessments
• Fraud prevention and detection
• Fraud audit / investigation process
• Fraud interviews
• Report writing
• Legal considerations during
investigations
• Nuances of modern fraud investigations
• Selected specific fraud and corruption
scenarios
Photo by John Fowler on Unsplash
4. “[An auditor] is a
watchdog, not a
bloodhound”
- Lord Justice Lopes, Kingston Cotton Mills
Co. (1896)
Photo by Chris Lynch on Unsplash
A view, arguably no longer valid.
6. 1200: Proficiency and Due Professional
Care
• 1210.A2 – Internal Auditors must have
sufficient knowledge to evaluate the
risk of fraud and the manner in which
it is managed by the organization, but
not expected to have the expertise of a
person whose primary responsibility is
detecting and investigating fraud.
1220: Due Professional Care
• 1220.A1 – Internal Auditors must
exercise due professional care by
considering the:
• Extent of work needed to achieve
the engagement’s objectives.
• Related complexity, materiality or
significance of matters to which
assurance procedures are applied.
• Adequacy and effectiveness of
governance, risk management, and
control processes.
• Probability of significant errors,
fraud, or non-compliance.
• Cost of assurance in relation to
potential benefits.
2060: Reporting to Senior Management
and the Board
• The CAE must report periodically to
senior management and the board on
the internal audit activity’s purpose,
authority, responsibility and
performance relative to its plan.
Reporting must also include significant
risk exposures and control issues,
including fraud risks, governance
issues, and other matters needed or
requested by senior management and
the board.
Requirements of various standards
7. 2120: Risk Management
• 2120.A2 – The internal audit
activity must evaluate the
potential for the occurrence of
fraud and how the organization
manages fraud risk.
2210: Engagement Objectives
• 2210.A2 – Internal auditors
must consider the probability
of significant errors, fraud,
noncompliance, and other
exposures when developing the
engagement objectives.
Selected Other Reference
Material
• IIA Practice Advisories
• AICPA and other professional
services regulatory bodies’
literature regarding fraud.
• ACFE and COSO publication
in connection with Fraud Risk
Assessment
• Other ACFE publications and
tools
• Joint papers by IIA and ACFE
with AICPA and other
organizations.
Requirements of various standards (cont’d)
9. • “Fraud is an intentional or deliberate act to deprive another of property or money by deception or
other unfair means.” – The Association of Certified Fraud Examiners
• “Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not
dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by
parties and organizations to obtain money, property or services; to avoid payment or loss of services;
or to secure personal or business advantage.” – The Institute of Internal Auditors
• Occupational fraud and abuse is “the use of one’s occupation for personal enrichment through
the deliberate misuse or misapplication of the employing organization’s resources or assets”. –
The Association of Certified Fraud Examiners
Definition of fraud
10. Internal fraud (or
occupational
fraud and abuse)
Corruption
Asset misappropriation
Financial statements fraud
External fraud Customer frauds
Vendor frauds
Security breaches
IP theft
Fraud against
individuals
ID theft
Ponzi schemes; MLM schemes
Phishing scams
Types of frauds
11. Corruption
Conflicts of
interest
Purchasing /
Sales schemes
Bribery
Invoice
kickbacks / Bid
rigging
Illegal gratuities
Economic
Extortion
Asset
Misappropriation
Cash
Theft of cash
on hand
Theft of cash
receipts (skimming
/ larceny)
Fraudulent
disbursements
Billing schemes / Payroll
schemes / Expense
reimbursement schemes
/ Check and payment
tempering / Register
disbursements
Inventory and
all other assets
Misuse /
Larceny
Financial
Statement Fraud
Net worth/Net
income
overstatement
Net worth/Net
income
understatement
Occupational fraud and abuse classification
system (the Fraud Tree) - Extract
acfe.com/fraudtree
12. Why does fraud occur?
The best and most widely accepted model for
explaining why people commit fraud is the fraud
triangle. Developed by Dr. Donald Cressey, a
criminologist whose research focused on
embezzlers—people he called “trust violators.
13. “Trusted persons become trust violators
when they conceive of themselves as
having a financial problem which is non-
shareable, are aware this problem can be
secretly resolved by violation of the
position of financial trust, and are able to
apply to their own conduct in that situation
verbalizations which enable them to adjust
their conceptions of themselves as trusted
persons with their conceptions of
themselves as users of the entrusted funds
or property.
- DONALD R. CRESSEY, Other People's
Money (Montclair: Patterson Smith, 1973)
p. 30
14. • Motivates crime
• Financial problem (personal /
professional) unable to be solved by
legitimate means
• Examples: Inability to pay bills/debt;
Need to meet earnings / productivity
targets; materialistic desires
Pressure
• Defines the way crime can be
committed
• Control weakness or some other
opportunity allows abusing a position
of trust without perceived risk of
getting caught
Opportunity
• Vast majority of fraudsters are first time
offenders. They perceive themselves as
ordinary, honest people caught in bad
set of circumstances
• Consequently, fraudster must justify the
crime to himself in a way that makes it
an acceptable or justifiable act
• “I was only borrowing money”; “I was
underpaid, my employer cheated me”;
“My employer deserves it.
Rationalization
The fraud triangle
15. • Cressey’s fraud triangle demonstrates certain characteristics that increase the likelihood for fraud to occur, but it does not
provide perfect guidance.
• Although the fraud triangle helps explain the nature of many occupational offenders, it does not explain the nature of all
occupational offenders.
• Cressey’s study is nearly half a century old, and there has been considerable social change in the interim.
• Now many anti-fraud professionals believe there is a new breed of occupational offender—one who simply lacks a
conscience sufficient to overcome temptation.
• Moreover, some experts believe that the fraud triangle could be enhanced by considering a fourth element.
• In their article “The Fraud Diamond: Considering the Four Elements of Fraud,” David Wolfe and Dana Hermanson
incorporated the element of capability—personal traits and abilities that play a major role in whether fraud will actually
occur—into Cressey’s model, transforming it from a triangle into a diamond
• Source: ACFE
The fraud triangle enhanced
16. Fraud triangle revisited…
The fraud triangle
The three-pronged
framework
Rationalization
Frame of mind that allows one to justify their dishonesty.
17. “Opportunity opens the doorway to fraud,
and incentive and rationalization can draw
the person toward it. But the person must
have the capability to recognize the open
doorway as an opportunity and to take
advantage of it by walking through, not just
once, but time and time again. Accordingly,
the critical question is, ‘Who could turn an
opportunity for fraud into reality?’”
- DAVID T. WOLFE AND DANA R.
HERMANSON, “The Fraud Diamond:
Considering the Four Elements of Fraud,”
The CPA Journal 74, December 2004
The fraud
diamond
The three-
pronged
framework
expanded by
capability
18. • Typical fraud case:
• Lasts 14 months before detection
• Causes a loss of $8300 per month
• Organizations lose an estimate of 5% of revenue to fraud each year
• Median loss per case: $125,000; Average loss per case: $1.5 million
• Corruption most common in every global region
• Asset misappropriation: Most common; least costly (86% cases; $100k median loss)
• Financial statements fraud schemes: Least common; most costly (10% cases; $954k median loss)
• Owners / executives caused only 20% of occupational frauds but with largest losses (median losses by
owner / executive: $600k; Manager: $150k; Employee: $60k)
Facts about fraud – Key findings from ACFE’s
Report to the Nations 2020
19. • 43% schemes detected by Tip; 50% tips from employees
• Whistleblowers used Telephone hotline and email in 33% of cases
• Organizations with Fraud Awareness Training more likely to gather tips through Formal Reporting
Mechanisms (56% of tips with training; 37% of tips without training)
• Certain fraud risks more likely in small businesses than in large organizations (2x in billing fraud,
payroll, check and payment tempering)
• A lack of internal controls contributed to 1 out of 3 frauds; presence of Anti-fraud controls
associated with lower fraud losses and quicker detections
• Use of targeted Anti-Fraud controls increased (Hotline, Anti-fraud policy, Fraud trainings)
Facts about fraud – Key findings from ACFE’s
Report to the Nations 2020 (continued)
20. • More than half of all occupational fraud came from four departments: Operations 15%; Accounting
14%; Executive / Upper management: 12%; Sales: 11%
• 80% of fraudsters faced internal discipline from organization; 46% victim organizations declined to
refer cases to law enforcement considering internal discipline as sufficient
• 42% of fraudsters lived beyond means; 26% of fraudsters faced financial difficulties
Facts about fraud – Key findings from ACFE’s
Report to the Nations 2020 (continued)
21. • Tenure: Occupational fraudsters who had been with their organizations at least 6 years caused TWICE
the loss of less-tenured employees
• Gender: Men caused 72% of all occupational fraud, and also caused larger losses than women.
• Education: 64% of occupational fraudsters had a university degree or higher and caused 2x median
loss compared to non-degree holder fraudsters
• Age: Older fraudsters cause much larger median loss (55+: $425k; 40-54: $150k; <40: $75k)
• Collusion of 3 or more fraudsters triples the median loss.
• 89% of fraudsters are first-time offenders with no criminal conviction; 86% were never
punished or terminated in prior employment
Facts about fraud – Profile of fraudsters from
ACFE’s Report to the Nations 2020 (continued)
22. • Seven most common behavioral red-flags:
• living beyond means (globally noticed in 42% of
cases;
• financial difficulties;
• unusually close association with a vendor or
customer;
• excessive control issues or unwillingness to
share duties;
• unusual irritability, suspiciousness, or
defensiveness;
• a general “wheeler-dealer” attitude involving
shrewd or unscrupulous behavior; and
• recent divorce or family problems.
• Source: https://www.acfe.com/report-to-the-
nations/2020/
• Red-flags 3-6 are more common in Pakistan
environment.
• Other red-flags less common globally but more
relevant in Pakistan:
• Complained about inadequate pay;
• Refusal to take vacations;
• Excessive pressure from within organization;
• Complained about lack of authority;
Facts about fraud – Profile of fraudsters from
ACFE’s Report to the Nations 2020 (continued)
24. • Primary responsibility for fraud prevention
• Responsible for ensuring appropriate policies and procedures are implemented in the organization.
• Developing and maintaining an adequate system of internal control as well as maintaining accounts,
records, and books that accurately and fairly record and represent company transactions are statutory
obligations.
• COSO principle: The organization considers the potential for fraud in assessing risks to the
achievement of objectives.
Board and management
25. • ISA 240: ‘The Auditor’s Responsibility To Consider Fraud in an Audit of Financial Statements’, an auditor conducting an
audit in accordance with ISAs is responsible for obtaining reasonable assurance that the financial statements taken as a
whole are free from material misstatement, whether caused by fraud or error.
• In planning and performing the audit to reduce audit risk to an acceptably low level, the auditor should consider the
risks of material misstatements in the financial statements due to fraud; if risk is high; involve expert.
• Only two types of misstatements concern the auditor: misstatements resulting from fraudulent financial reporting
and misstatements resulting from misappropriation of assets.
• Due to significant inherent limitations in case of misstatement from fraud, particularly management fraud, auditor is
responsible for maintaining professional skepticism throughout the audit, considering the potential for management
override of controls. A subsequent discovery of fraud does not necessarily imply non-compliance with ISAs.
• Auditor is expected to identify and assess the risks of material misstatement due to fraud and design procedures to
detect such misstatement.
• Source: https://www.ifac.org/system/files/downloads/2008_Auditing_Handbook_A080_ISA_240.pdf
(please check for updates)
External auditor
26. • International Standards for the Professional Practice of Internal Auditing (IPPF Standards) require:
• 1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in
which it is managed by the organization, but are not expected to have the expertise of a person whose
primary responsibility is detecting and investigating fraud.
• 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the
organization manages fraud risk.
• 2210.A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and
other exposures when developing the engagement objectives.
• Additionally other IPPF Standards also include fraud, including standards relating to role of internal
audit in evaluating organization’s ethics and values.
• Source: https://na.theiia.org/standards-guidance/public%20documents/ippf-standards-2017.pdf
(please check for updates)
Internal auditor
27. • Consider fraud risks in the assessment of internal control design and determination of audit steps to perform.
• Not expected to detect fraud; but expected to:
• obtain reasonable assurance that business objectives achieved
• material control deficiencies (intentional or erroneous) are detected
• Have sufficient knowledge of fraud to identify red flags.
• Characteristics; techniques; schemes and scenarios related to audit areas
• Be alert to opportunities that could allow fraud, such as control deficiencies.
• If significant control deficiencies are detected, additional tests should be conducted.
• Evaluate whether fraud risk management program actively and completely implemented.
• Evaluate fraud risk indicators and decide further action or commission investigation
• Recommend investigation when appropriate.
• Refer Handout 1.
Internal auditor: Implementation of standards in
audit engagements
28. • Do not assume that management or employees are dishonest nor assume unquestioned honesty.
• Inadequate professional skepticism often cited as a significant reason of non-detection of material fraud.
• Only an adequate level of professional skepticism can actually question the implementation of the fraud
risk management program.
• Standards that allow internal auditors to exercise skepticism (please refer original standards for latest text):
• IIA Standard 1111: Direct Interaction with the Board:
• CAE must communicate and interact directly with the Board.
• Standard 1120: Individual Objectivity
• Internal auditors must have an impartial and unbiased attitude.
• Audit Committee’s oversight and support helps the internal auditor maintain independence and objectivity
as well as keep an attitude of skepticism.
Internal auditor: Implementation of standards in
audit engagements (Skepticism)
29. • Relationship with board includes both reporting and oversight.
• CAE may include following in discussions with Board:
• Fraud audits performed
• Fraud risk assessment process
• Fraud or conflicts of interests and results of monitoring programs concerning compliance with law, code of conduct and/or ethics.
• IA organizational structure to address fraud
• Coordination of fraud audit activity with external audiotrs
• Overall assessment of control environment
• Productivity and budgetary measures of IA’s fraud activities
• Benchmarking comparisons of IA’s fraud activities with other organizations
• Role of IA in fraud investigations.
• Timing of communications of serious issues should be discussed in advance and documented. See next slide for
illustration.
Internal auditor: Implementation of standards in
audit engagements (Communicating with Board)
31. • Evaluate risks faced by organizations based on audit plans with appropriate testing.
• Be alert to signs and possibilities of fraud within an organization.
• In comparison with external auditors, internal auditors are in better position to detect the symptoms
that accompany fraud. This leverage is owing to:
• Continual presence in the organization, resulting in better understanding of organization and its controls
• Ability to assist in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of
internal controls.
• Ability to assist in establishing effective fraud prevention measures and providing consulting expertise.
Internal auditor: Role as per Practice Guide
32. • If in relation to fraud risk management, internal auditors’ role are assigned the following roles, they
should obtain sufficient skills and competencies, including knowledge of fraud schemes, investigation
techniques and laws:
• Initial or full investigation of suspected fraud
• Root cause analysis and control improvement recommendations
• Monitoring of a reporting/whistleblower hotline
• Providing ethics training sessions
• Internal auditors can perform proactive auditing techniques such as data mining, analytics and other
procedures to find unusual items and perform detailed analyses of high-risk accounts.
• The Practice Guide distinguishes an Internal Auditor from a Fraud Investigator.
Internal auditor: Role as per Practice Guide
(cont’d)
34. • A fraud risk assessment (FRA) is often a critical component of an organization’s larger enterprise risk
management program.
• FRA is a tool to assist management and internal auditors to systematically identify where and how
fraud may occur and who may be in a position to commit fraud.
• FRA concentrates on fraud schemes and scenarios to determine presence of internal controls and
whether or not the controls can be circumvented.
• Not all fraud risks may be mitigated or eliminated, the cost vs. benefit equation needs to apply (Refer
bank’s example of utility bill fraud).
Fraud risk assessment
35. Identify relevant
fraud risk factors
Identify potential
fraud schemes
and prioritize
them based on
risk.
Map controls to
fraud schemes
and identify gaps
Test operating
effectiveness of
fraud prevention
and detection
controls.
Document and
report the fraud
risk assessment
The Fraud Risk Assessment Process
Brainstorming stage Assessment stage
Refer Handouts 2 and 2a.
37. • Prevention and detection are not the same.
• Fraud prevention entails:
• Implementing policies and procedures
• Employee trainings
• Management communication to educate about fraudulent activities.
• Fraud detection entails:
• Activities and programs designed to identify fraud or misconduct
• See next slide for interrelationship of the two.
Fraud prevention and detection
39. • Remember:
• Risk of fraud can never be eliminated.
• It is not cost-effective to try to eliminate all fraud risk.
• Some overarching considerations:
• Strong ethical corporate culture
• Training and education
• Strong policies and procedures to implement and monitor internal controls
• Procedures to detect fraud risk indicators on a timely basis to investigate fraud
• Prosecution when appropriate.
Fraud prevention and detection (cont’d)
40. Training Fraud reporting mechanism
Tone at the top / Code of
conduct
Internal audit / Surprise audit
Data mining (proactively
looking for anomalies)
Anti-fraud controls
•Segregation of duties
•Safeguard of assets
•Management authorization and review
•Job rotation
•Mandatory vacation
•Background checks / Due diligence
Disciplinary actions
Anti-fraud better practices
41. Visible and rigorous fraud governance
process
Effective fraud control processes and
procedures
Periodic Fraud Risk Assessment
Swift allegation response and appropriate
action against wrong-doers
Attributes of a deterrence
creating FRM process
Fraud risk management
42. • Fraud prevention involves those actions taken:
• to discourage the commission of fraud and
• limit fraud exposure when it occurs.
• Instilling a strong ethical culture and setting the correct tone at the top are essential elements in
preventing fraud.
• Strong principal mechanism for preventing fraud is effective and efficient internal controls, including
controls related to screening customers, vendors, and external business relationship partners.
• COSO presented a framework for assessing and improving internal control systems to fight fraud.
Fraud prevention
43. Control environment
• Code of conduct,
ethics policy, fraud
policy to set tone at
the top.
• Hotline programs
• Hiring and
promotion guidelines
and practices
• Oversight by AC,
Board or other.
Risk assessment
• Establishing a FRA
process that
considers fraud risk
factors and fraud
schemes
• Involving
appropriate
personnel
• Performing FRA
on regular basis.
Control activities
• Policies and
procedures
• Appropriate
authority limits
• Segregation of
incompatible
duties.
Information and
communication
• Promoting FRM
program and
position on fraud
risk both internally
and externally
through corporate
communications
program
• Fraud awareness
training
• Confirmation of
policies and their
compliance.
Monitoring
• Providing periodic
evaluation of anti-
fraud controls.
• Independent
evaluation of fraud
risk management
program by
internal auditors or
experts.
• Implementing tech
to aid in
continuous
monitoring and
detection.
Fraud prevention
44. • Detective controls are designed to provide warnings or evidence that fraud is occurring or has
occurred.
• Fraud detection methods need to be flexible, adaptable and continuously changing to meet the
changes in the risk environment.
• Detective controls may not be as apparent or readily identifiable as preventive controls.
• Organizations often rely on employees to report suspicious activity through an anonymous
whistleblower hotline. An effective way for an organization to learn about existing fraud is to provide
employees, suppliers, and other stakeholders with a variety of methods for reporting their concerns
about illegal or unethical behaviour.
Fraud detection
45. • Code of conduct confirmation: Employees can be asked to report known violations as part of sign-
offs
• Whistleblower hotline: Most effective; must allow anonymity option.
• Exit interviews: In addition to helping in identifying fraud schemes, exit interviews of terminated or
resigning employees can highlight management integrity issues which may provide conditions
conducive to fraud.
• Proactive employee survey: to solicit knowledge of fraud and unethical behaviour within the
organization. Again, anonymity should be ensured.
Fraud detection (ways to collect information)
46. • Surprise audits in high fraud risk areas: Could be by internal auditors, external auditors,
management or external experts.
• Continuous monitoring: of critical data and related trends to identify unusual situations or variances.
• Routine and/or ad hoc matching of public data and/or proprietary data: against relevant
transactions, vendor lists, employee rosters, and other data.
Fraud detection (other methods)
48. • A fraud investigator needs solid business operations insight as well as accounting expertise.
• In fraud investigations, perpetrator's identity is often suspected / known. The job of the fraud auditor
is to prove that the perpetrator's actions resulted in fraud.
• There usually are no transaction trails for the actual activity perpetrated (no smoking guns) and clues
to fraud cases usually come from small, seemingly insignificant inconsistencies in records, data,
suspect's speech or actions.
Key points
49. • Fraud investigator needs to gather and analyze necessary evidence required by a management and/or
legal authorities to determine the facts and circumstances surrounding the fraud / suspected fraud.
The investigation may include legal advisors.
• A fraud investigation seeks to answer the following questions:
• Who did it?
• Why did he/she did it?
• How did they gain from the fraud? What assets were taken and how were they converted into benefits?
• How, when and where was the fraud perpetrated and concealed?
• What is the extent of losses?
• Were any laws broken?
Objective of fraud investigation
50. Brainstorming
• Identify parties,
investigation
parameters and risks as
input to the plan.
Planning:
• Thorough planning
determines focus and
helps manage the
investigation
Collection phase:
• Information gathering
in a forensically sound
manner
Evidence gathering
through analyses:
• issue-tailored analyses
performed to obtain
evidence
Reporting and
closure:
• Reporting of findings
The Fraud Audit / Investigation Process
Problem recognition and definition
Refine and amend
hypothesis
Analyze data;
create and test
hypothesis
51. • Objective:
• To identify relevant parties,
• Understand and confirm scope, and
• Initiate the investigation based on initial understanding.
• Refer Handout 3 for details
Brainstorming
52. • Planning is essential to help ensure that the investigation has clear objectives and that the strategy aligns with the objectives. Investigations, by
nature, can grow rapidly and lead an investigation team in many directions - therefore it is important that each step in the investigation process is
properly considered in terms of what is going to be completed and what will be achieved.
• Planning enables the investigation team to answer critical questions:
• What are the engagement’s objectives?
• What are the fraud hypotheses which are to be tested?
• What is the engagement strategy (i.e., what actions must be taken to achieve the objectives)?
• What is the progress towards achieving our objectives during the engagement?
• Have we achieved our objectives at the conclusion of the engagement?
• What other service providers may we be working with on this engagement (e.g., Counsel, discovery service providers, etc.) and have we defined the roles
and responsibilities of each party (and evaluated related direct and indirect marketplace business relationships)?
• The work plan needs to be cognizant of specific jurisdictional issues, as well as specific limitations or requirements that are unique to the area.
• Consider Forensic Accounting and Benford Analysis. Forensic accounting is the application of investigative and analytical skills for the purpose of
resolving financial issues in a manner that meets standards required by courts of law.
• Refer Handout 4 for details
Planning
53. • Establish project management
• Identify and obtain necessary skills and resources
• Use of non-forensic professionals
• Manage data preservation and retention
• Communication
Planning
54. “A poorly planned
project will take three
times longer than the
original plan. A well-
planned project will only
take twice as long.”
- ANONYMOUS; on
a lighter note!
55. • Objective: To assemble relevant evidence in order to focus the investigation, and readily identify issues with
respect to information gathering.
• Refer handout for details
Collection phase
Electronic
information
Physical information Human information
56. • Consider Chain of Custody
• According to ACFE Fraud Examiner’s Manual, the Chain of custody is both a process and a document
that memorializes:
• Who has had possession of an object and
• What they have done with it
It is simply a means of establishing that there has not been a material change or alteration to a piece of
evidence.
Collection phase
Other parties
Investigation
team
Investigation
team main
liaison
Departmental
liaison for
investigation
Archive
custodian
Departmental
custodian
Originator of
information
57. • Collect third party information
Collection phase
Publicly available information
Government
sources
Social media
Surface web
60. Triangulation of
information
Evaluation for forensic
soundness
Manipulate
information
for
triangulation
Triangulate
information
for analysis
Financial
analysis
Non-
financial
analysis
Evaluate
work
performed
and findings
identified
Information (data)
anlayses
Evidence gathering through analysis
Refer Handout for details
63. • Consider government, regulator and/or other third party requirements.
• Prepare for potential litigation
• Perform RCA, if required
• Follow project closure protocols
Reporting and closure
64. • Fraud investigator gather and analyze the necessary evidence required by management and legal
authorities.
• Fraud investigator answers the questions like extent of fraud and monetary value, when & where the
fraud take place along with violation of specific laws.
• Fraud investigations follow a sequence of activities that initiate with brainstorming and planning,
follow through with information collection and analysis and concludes with identification of findings
and giving recommendations.
• The process can be iterative and may lead to additional findings.
• The information collected and used need to be obtained, stored and released based on strict traceable
protocols to ensure the report withstands scrutiny
Investigation process Wrap-up
65. • After fraud investigation and communication, management and internal audit should step back and
consider lessons learned:
• How did the fraud occur?
• What controls failed?
• What controls were overridden?
• Why wasn’t the fraud detected earlier?
• What red flags were missed by management?
• What red flags did internal audit miss?
• How can future frauds be prevented or more easily detected?
• What controls need strengthening?
• What internal audit plans and audit steps need to be enhanced?
• What additional training is needed?
Analysis of lessons learned (Source: IIA)
67. Admission-seeking stage
Interview of suspect
Confirmation phase
Corroborative interviews with withnesses Interviews of co-conspirators
Evidence-gathering phase
Collection and evidence gathering through
anlaysis (excl. human info)
Preliminary observation drafting
Corroborative or information seeking
interviews with neutral persons
Fraud interviews
68. Types of communications
Chronemic; use of
time to convey
meaning, attitudes and
desires (respondent
late in keeping
appointments or
delaying; potentially
avoiding
Proxemic; use of
interpersonal space to
convey meaning
Paralinguistic; using
volume, pitch and
voice quality to
convey meaning
Kinetic; use of body
movements to convey
meaning
Overarching considerations
69. Preparation
• Review case files
• Have clear objectives
• Determine order of interviews
• Determine type of information expected to be received
• Select a comfortable and secure venue
• Select members of investigation team as interviewers
• Formulate a brief outline of key points to discuss
70. Types of questions
• Introductory; used to provide intro, establish rapport, set theme and baselining behaviour; do not use
sensitive questions or emotive words at this stage
• Informational; used to gather unbiased facts; could be open, closed or leading; however, questioning should
be general to specific
• Closing; used to reconfirm facts gathered; see if additional information can be gathered; and to achieve a
pleasant end to the process
• Assessment; used to evaluate credibility
• Admission seeking; only used for individuals whose culpability is reasonably certain; designed to obtain legal
admission of wrongdoing; reasonable certainty is achieved when there is reasonable probability about the
culpability of suspect and reasonable investigation steps already taken; convey absolute confidence with
accusation, do not become a moral judge, be firm with empathy; offer a moral excuse; diffuse defenses.
71. Mechanics and other considerations
• Do not react to difficult persons or conversations
• Prepare the room appropriately; privacy; door closed but not locked and easily reachable by
interviewee; communicate that they’re free to leave anytime; keep interviewer chairs apart; interviewee
should not be behind any physical barrier
• At least two interviewers in an admission seeking interviews
72. Things to cover in verbal confessions
• Knowledge of action being wrong; demonstrating intent
• Facts known only to perpetrator
• Motive; may need to dig further
• Facts about offense (timing, continuing or stopped, others involved, evidences, location of any assets
misappropriated)
73. Things to cover in signed confessions
• Statement that the confession is voluntary
• Intent
• Facts about fraud (dates, amount of loss, instances, etc)
• Willingness to cooperate
• Confessor’s rationalization
• Acknowledgement that confessor has read the statement
• Truthfulness of the statement
• Witness signatures (HR and/or Legal Counsel should be included)
Consult your lawyer for your
jurisdiction’s requirements
with respect to confession
statements.
75. • Background
• The background section is generally about two paragraphs. It should state very briefly why the fraud
examination was conducted.
• Executive Summary
• In this section the reporter summarizes what actions were performed during the fraud investigation, such as
reviewing documents, interrogating witnesses, conducting analyses or tests, etc. Doing so provides the reader
with an overview of what was done during the examination process. At the end of this section, you should
summarize the outcome of the examination. For example, “PKR 500,000 in checks was deposited into an
account owned by YZ. When confronted with this information, Ya stated that he had only borrowed the money
and meant to pay it back.
Report writing
76. • Scope
• This section consists of just one paragraph explaining the scope of the fraud examination. For example,
“Determine whether accounts receivables were manipulated in the books record,” or “Determine why cash
inventory recorded is not matching with actual quantity in the warehouse.
• Approach and methodology
• This section gives a brief description of the following items:
• Fraud examination team members
• Procedures performed (generally what documents were reviewed or what tests were conducted)
• Individuals interviewed
• Any limitations
• It provides a handy reference as to who was involved in the fraud examination, what the team reviewed, what
tests or analyses were conducted, and what individuals the team interviewed.
Report writing (cont’d)
77. • Findings
• This section contains the details of the fraud examination. It will generally consist of several pages. In this
section, you should describe what actions or duties the reporter performed and what was found. Provide enough
detail so that the reader understands what occurred, but not so much detail that the reader begins to lose interest
or becomes bogged down in the details.
• The reader wants to know how many instances occurred, who was involved, how they did it, what proof you
have, etc. If the findings section is long, you might use subheadings for particular topics or individuals to make
it easier for the reader to stay organized. The information can be presented either chronologically or by topic—
whatever makes it easier for the reader to follow.
• Approach
• This section should be one or two paragraphs and should briefly summarize the results of the fraud
investigation. It should be similar to the outcome stated at the end of the Executive Summary section
Report writing (cont’d)
78. • Impact
• This section consists of how the fraud impacted the overall business. The reporter can provide an estimate amount of
loss or any other tangible or intangible damage suffered by the victim and also which might affect in future.
• Recommendation
• The organizations mainly look for the recommendations as they are willing to implement the changes. However, this
section is optional. There might be instances where fraud investigator wish to discuss remedial measures or specific
recommendations in a separate document. If investigator do wish to include this section, then should state what
follow-up action is necessary or recommended, including remedial measures such as a review of internal controls,
introduction of a whistle blower - hotline, increased security, etc.
• Limitations and caveats
• Standard caveats
• Identify any matter outstanding
Report writing (cont’d)
79. • Opinions and conclusions:
• Conclusions need to be self-evident, not requiring to be pointed out
• Opinions regarding guilt or innocence are not allowed
• Fraud examiner should not include any statement of opinion as to the integrity or veracity of any witness.
• Refer IIA’s Practice Advisories on expression of opinion on internal control and other
considerations.
Report writing (cont’d)
81. • Collection sensitivities; what can and cannot be examined
• Labor laws sensitivities; will the investigation be challenged subsequently in the court?
• Evidence admissibility; are there any conjecture in the report rather than facts? Are the facts
sufficiently establishing beyond reasonable doubt the culpability of suspect?
• Interviews; what is the admissibility of the interview process?
• Disciplinary options in light of laws
• Any statutory reporting responsibility?
• Consult legal counsel throughout the process
Legal considerations during investigations
83. • Mobile devices
• Personal data on official machines
• BYOD
• Cloud and network forensic
• OSINT (external sources, public records, court records, property records, tax records, business filings
with regulators); Social Catfish (or use programming skills to build your own VM)
• WayBackMachine (notable mention!)
• Privacy issues when collecting social media; best practices (screen capture; print; PDF etc.)
• Email headers
Nuances of modern fraud investigations
85. Financial services sector
• Islamic bank private lending scheme
• Large commercial bank trade finance fraud investigation
• Microfinance bank (investigations; methodology; AML/CFT)
• AMC – Fraud against customers
• SWIFT fraud
• Service provider to large commercial bank making improper arrangements
Government and WorldBank
• Review of program with branchless banking nuances
• Pakistan Railways (draft)
Selected investigations
86. Tech / Startup:
• Investigation of procurement fraud
• Staff’s Anti-Corruption due diligence
Pharma
• Frauds in Hardship cases
• Vaccine fraud
• Compliance audit of distributors
• ABAC DD
• Medical devices company distributor FCPA
NPO
• Forensic of Pakistan operations
• Afghanistan foreign government charity (Head investigation; Ops investigation)
Selected investigations
87. HNW fraud
• Trading PPP platform scam
Oil and gas
• Foreign company investigation of conflict of interest
FMCG
• ABAC / FCPA DD
• Trust fraud
Hospitality
• Multinational fast-food chain; senior management fraud
Selected investigations
89. Become certified, get
access to leading
resources and part of an
expert community of
fraud fighters around the
globe.
Stay away from
‘Diploma Mills’!