IIA ACFE Conference April 17, 2015

Transcription

1 IIA ACFE Conference April 17, 2015

2 Summary of Presentation Forensic Audit / Internal Audit Forensic Audit Role Forensic Audit Methodology Pragmatic examples of how forensic audit can benefit the risk assessment process Questions

3 Definition of Internal Audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (source: The institute of Internal Auditors)

4 Definition of Forensic Audit Forensic Accountants combine their accounting knowledge with investigative skills, using this unique combination in litigation support and investigative accounting settings. (Source: ACFE)

5 Role The role of internal audit is to provide independent assurance that an organization s risk management, governance and internal control processes are operating effectively. (source: iia.org) The role of forensic audit is to conduct internal investigations of potential violations of the code of conduct, or the law.

6 COSO Risk Assessment Process Identify Risks Develop Assessment Criteria Assess Risks Assess Risk Interactions Prioritize Risks Respond to Risks To be effective: Simple Practical Easy to understand

7 Forensic Audit Role To conduct internal corporate investigations Allegation Office of the Ombudsman / Internal Audit / Legal Compliance Assign the investigation according to the nature of the allegation HR Legal Legal Compliance Forensic Audit Corporate Security Depending on the size of the organization a matrix may summarize how investigations will be assigned depending on the allegation and areas of expertise (discuss overlap).

8 Investigation Sources Hotline/ Fortuitous Tips Behavioral Observations Data Mining Internal Control Exceptions Regulatory Enforcements Financial Statement Analysis

9 Anti-Fraud Framework Assess Risk of Fraud Analyze Control Structure Monitor Fraud Controls Report Findings From Monitoring Investigate Exceptions Or Explicit Reports of Fraud

10 Forensic Audit Methodology Identifying, Selecting or Recruiting Skill set, experience, knowledge, awareness, Training and Awareness Investigative training, Privacy laws, Do s and Do not's, Identity, Interviews, Addl. Support, Working with legal counsel (in-house / outside) Development of an Investigations Manual Alignment within forensic audit & others Culture, Code of Ethics, Investigations Manual

11 Forensic Audit Methodology (Cont.) Monitoring Monitoring progress/ outcome / results Sharing of information Trends, nature, relevance, disciplinary actions Assessing Effectiveness of investigations Allocation of resources Adequacy of resources Integration with Internal Audit / Legal Compliance

12 Forensic Audit Manager Profile Conduct and lead investigations of alleged fraud, financial abuse, or violations of the code of conduct or code of ethics. Prepare reports and communicate outcome to executive management. Recommend corrective measures of internal controls. Assist in the development, training, and fraud awareness. Participate in fraud risk assessments.

13 FA Investigations Manual Developed in accordance with the organization s code of conduct/ ethics Purpose and goals Fraud prevention and fraud detection Occupational fraud Forensic investigations Responsibilities Conducting investigations Guidelines Expectations To do and not to do Interviews Gathering evidence e-discovery (privacy laws)

14 FA Investigations Manual Conducting Investigations Sample selection Judgmental samples Statistical concepts (precision accuracy) Tasks and responsibilities of the investigator Outcomes of an investigation Report of findings Report on control weakness Disciplinary actions

15 Internal Audit / Forensic Audit Prevention Risk Assessment Fraud Risk Response Communication Control Environment Tone at the Top Education & Awareness Detection Hotline/ Fortuitous Tip Behavioral Observations Pro-active Data Mining Monitoring Internal Control Exceptions Regulatory Enforcements Financial Statement Analysis Investigation Gathering of Evidence Re-active Data Mining Quantification of the Fraud Analysis and Testing Findings & observations of control weakness Asset Recovery Resolution Implementing and testing revised controls Risk evaluation to prevent occurrences in other high risk areas Refine/Enhance data mining techniques

16 Investigative Life Cycle Identify Parties Determine Investigative Roles Electronic Data Review Interview Witnesses Investigative Due Diligence Financial Data Review Interview Subjects Report Findings

17 Risk Assessment Profile Discuss materiality and tolerance Critical > $10 million 5 # Risk 1 FCPA Violation Severity of Impact High Moderate Low $2.5 million to 10 million $1 million to 2.5 million $100,000 to 1 million Unlawfully obtaining business 3 Inadequate controls over outsourced relationships Minor 1-100, Inappropriate procurement activities <10% 10-30% 30-60% 60-90% >90% Slight Not Likely Likely Highly Likely Expected Probability of Occurrence 5 Improper revenue recognition / earnings management

18 Questions Thank You!