GUIDELINES: CONDUCTING A FORENSIC AUDIT
FROM: Dr John Vong
I know that you are anxious for some notes on this subject. Parts of the write-up were obtained from a technical paper published in Sept 2008 by ACCA UK, a very established accounting body.
The process of conducting a forensic audit is, in many ways, similar to the process of conducting a normal financial audit, but with some additional considerations. The main stages are described in brief below.
Accepting the audit
A forensic accountant must initially consider whether his/her firm has the necessary skills and experience to accept the work. Forensic audits are highly specialized, and the work requires detailed knowledge of fraud investigation techniques and the legal framework. Investigators must also have received training in interview and interrogation techniques, and in how to maintain the safe custody of evidence gathered.
Additional considerations include whether or not the investigation is being requested by an audit client. If it is, there is a possible conflict of interest and pose a risk to achieve objectivity.
A high fee level should be negotiated to compensate for the specialist nature of the work, and the likely involvement of senior and experienced members of the firm in the investigation.
Planning the audit
The forensic audit team must carefully consider what they have been asked to achieve and plan their work accordingly. The objectives of the investigation will include:
identifying the type of fraud that has been operating,
how long it has been operating for,
how the fraud was concealed for the duration
identifying the fraudster(s) involved
quantifying the financial loss suffered
gathering evidence to be used in court proceedings
providing advice to prevent the re-occurrence of the fraud.
The investigators should also consider the best way to gather evidence, through data-mining, checking the transaction log systems, SWIFT for financial transaction,
In order to gather detailed evidence, the investigator must understand the specific type of fraud that has been carried out, and how the fraud has been committed. The evidence should be sufficient to ultimately prove the identity of the fraudster(s), the mechanics of the fraud scheme.
SAMPLE TABLE OF CONTENTS (FORENSIC AUDIT REPORT)
1.1 Origin of the Audit
1.2 Audit Objective
1.3 Proposed Audit Outputs
1.4 Audit Implementation Approach
2.0 RISK ANALYSIS
2.1 Internal Environment Risk
2.1.1 Financial Management
2.1.2 Customers, Products and Competitors
2.1.3 Information technology
2.1.4 Business Process
2.1.5 Human Resource Management
2.2 External Environment Forces
2.2.1 Influence of Economics and Loans Market
2.2.2 Political and Legal Scenario
2.2.3 Technology in Banking
3.0 EVIDENCE OF RISK EVENTS
3.1 Conflicts of interest
3.4 Cash theft
3.5 Fraudulent disbursements
3.6 Inventory frauds
3.7 Misuse of assets
3.8 Financial Statement fraud
4.0 AUDIT RECOMMENDATIONS
4.1 Logical Framework Approach
4.2 Preconditions and Risks
5.0 GOVERNANCE ON RECOMMENDATION IMPLEMENTATION
5.2 Budget Considerations
List of Annexes
Annex 1: Members of the Interviews
Annex 2: Organization Chart of Bank
Annex 3: Financial Performance (YYYY to YYYY)
Annex 4: Audit Recommendation Logical Framework
Annex 5: Analysis of Key Risk Events
(Source of information: ACCA, UK Technical Paper, pg 58, September 2009)