Fraud and Forensic Auditing

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Now that we have a basic understanding of what fraud and forensic auditing is, it is important for us to examine the history of the field. Fraud and forensic auditing emerged during the 1970s and 1980s with the explosion of technology based business functions. As we know all too well, technology can increase efficiency, while also increasing risks to security and fraud. Also during this time, concerns about fraud, government waste, and crime (white-collar and blue-collar) were being plastered on the news. Therefore, it was quickly apparent that business needed some form of intrusion detection monitoring systems to manage the risks of inappropriate activities, thus leading to the discipline of fraud/forensic auditing. This new form of auditing goes beyond government regulations and is designed to be used in litigation for claims of insurance, bankruptcy, embezzlement, computer fraud, etc. Computer crimes and financial fraud are carefully calculated, intuitive attacks by criminals. Therefore, fraud and forensic auditing requires more than just a basic set of standards; it requires intuition. Because fraud is often detected by accident, fraud auditors have developed a set of "scenarios" to learn to be proactive and think like a criminal. Jack Bologna, president of Computer Protection Systems, Inc. in 1984, stated that the best training for fraud auditors was on-the-job training. Bologna went on to say that because of the great degree of variability in fraud there is no clear way to learn everything in the classroom, although fraud auditors must have a basic understanding of accounting and auditing. Thus, the best experience comes from working in the field [8].

Fraud and forensic auditing is a dynamic and ever changing discipline. The first fraud and forensic auditing tools (referred to as intrusion detection systems) involved systems administrators watching a computer console to monitor user's actions. The goal of these intrusion detection systems was to detect unauthorized or illegal use of the systems. Systems administrators looked for "red-flags" on the system, such as, vacationing employees remotely logging in to the system or a seldom-used computer component suddenly being turned on for no apparent reason. The results of these early intrusion detection devices were logged on sheets of folded computer paper that were subsequently stacked several feet high by the end of each week. The systems administrators were then faced with the daunting task of filtering through these stacks of information to find potential fraud. Although the goal of this system was to detect fraud and improper/illegal use of the systems, it was more reactive than proactive. The approach was slow and complex with the detection system logs run at night and not examined until the next day. Therefore, most intrusions were not detected until after they had already occurred. However, in the 1990s, real-time intrusion detection scanners were introduced allowing systems administrators a better opportunity to review systems information as it was produced and the ability to respond in real-time. This much more proactive approach increased the effectiveness of the intrusion detection systems and in some cases allowed administrators the ability to attack preemption [9].

However, as the intrusion detection systems evolved, so have the types of fraud. Currently, the Securities and Exchange Commission hear over 100 cases of financial fraud/accounting cases per year, which is a stark increase before the explosion of technology in business before the 1970s. In some cases, big named companies, such as, Bausch and Lomb, Sunbeam, and Knowledgeware have had to restate financial reports due to fraud. This in turn affects stock prices, often leads to bankruptcy, changes in ownership, and layoffs, among other problems. In terms of financial fraud cases, however, only about 2% make it to trial, 20% are dismissed; the remainder are settled out of court. Prosecution is costly both to the government and to investors and company employees. Nevertheless, as economic times worsen, as we have seen in recent years, the number and variety of fraud cases increases. Financial fraud is a dynamic, ever changing market that changes every day with increases in new technologies [10].

In order to keep pace with the demand for fraud detection systems, fraud/forensic auditors are being held responsible for the increase in the detection of fraud. However, as Jack Bologna discussed in 1984, most fraud detection systems cannot be learned in a classroom, but rather must be learned on-the-job [8]. Following this concept, most universities today still lack curriculum in financial fraud detection. Although, the demand for auditors trained in fraud detection is increasing at a rapid pace as the incidence and variety of fraud increases. With the dynamic fraud environment, accountants and auditors alike must stay up-to-date on fraud detection so that auditing programs are adequately designed to meet the changing needs of forensic auditing. Therefore, as most would agree, auditors must balance education and training to provide the best defense to combat financial fraud [10].

How is a Fraud and Forensic Auditing Different from a Traditional Audit?

With the development of the Sarbanes-Oxley Act of 2002, the auditing and accounting world was turned on its head. The Sarbanes-Oxley Act was a game-changer in fraud detection. Prior to the Act, auditing firms were primarily self-regulated, which proved to be problematic [11]. Firms, such as Arthur Anderson, threw integrity out the window and conspired to commit fraud right along with the fraudulent companies. Therefore, Sarbanes-Oxley created the Public Company Oversight Board (PCAOB) to provide more oversight and regulation to the accounting profession. In 2004, fraud cost the United States economy $684 billion, 20 times the cost of standard street crime, further illustrating the importance of a strong fraud detection system.

Although it may seem that fraud and forensic auditing are virtually the same, there are some differences. Both fraud and forensic audits and regular financial audits share the goal of detecting material misrepresentation of the financial statements; however, fraud and forensic auditing take auditing a step further. Fraud/forensic audits are subject to stricter guidelines and rules and are primarily concerned with internal controls. They examine audit trails for variances or deviations in strong internal control. Fraud/forensic auditors are often described as one part accountant, one part lawyer, one part detective, and entirely professional. These auditors must be able to prove all their findings. Fraud/forensic auditors rely on the use of methodology tables to show flows of transactions and examine deviations. They must have so much detail, because they have the burden of proof to provide evidence to juries of non-accountants. Therefore, the evidence must be outlined in lay terms and be beyond a reasonable doubt.

Even though there are differences between a traditional audit and a fraud or forensic audit, the fraud/forensic auditor's work can greatly help financial accountants and auditors with their tasks. Sarbanes-Oxley Section 404 requires top management to sign-off and be responsible for all financial information, including internal control for their company. To the benefit of traditional auditors, fraud/forensic audits guarantee the application of Section 404. Because fraud/forensic auditors guarantee such levels of detail in internal controls, financial auditors can more easily understand the entity's internal control structure and better design audit procedures to detect risk of material misstatement of the financial statements. This greatly decreases the amount of time in planning the audit and allows the financial auditors more time to design further audit procedures that are more responsible to the assess the risk of material misstatement [11].